@ug.software/opposer 3.0.10

package/lib/esm/server/security/controller/auth.d.ts

@@ -0,0 +1,76 @@
+import { PayloadAuthChangePassword, PayloadAuthForgetPassword, PayloadAuthLogin, PayloadAuthRegister, PayloadSocialLogin } from '../../../interfaces/security.js';
+import { PayloadRequest } from '../../../interfaces/controller.js';
+export default class Auth {
+    private get db();
+    register(payload: PayloadRequest<PayloadAuthRegister>): Promise<{
+        readonly success: true;
+        readonly data: any;
+    } | {
+        readonly success: false;
+        readonly error: {
+            name: string;
+            code: number;
+            message: any;
+        };
+    }>;
+    login(payload: PayloadRequest<PayloadAuthLogin>): Promise<{
+        readonly success: true;
+        readonly data: any;
+    } | {
+        readonly success: false;
+        readonly error: {
+            name: string;
+            code: number;
+            message: any;
+        };
+    }>;
+    refresh(payload: PayloadRequest<string>): Promise<{
+        readonly success: true;
+        readonly data: any;
+    } | {
+        readonly success: false;
+        readonly error: {
+            name: string;
+            code: number;
+            message: any;
+        };
+    }>;
+    logout(payload: PayloadRequest<string>): Promise<{
+        readonly success: false;
+        readonly error: {
+            name: string;
+            code: number;
+            message: any;
+        };
+    } | undefined>;
+    me(payload: PayloadRequest<any>): Promise<{
+        readonly success: true;
+        readonly data: any;
+    } | null>;
+    changePassword(payload: PayloadRequest<PayloadAuthChangePassword>): Promise<{
+        readonly success: true;
+        readonly data: any;
+    } | {
+        readonly success: false;
+        readonly error: {
+            name: string;
+            code: number;
+            message: any;
+        };
+    }>;
+    forgotPassword(payload: PayloadRequest<PayloadAuthForgetPassword>): Promise<{
+        readonly success: true;
+        readonly data: any;
+    } | {
+        readonly success: false;
+        readonly error: {
+            name: string;
+            code: number;
+            message: any;
+        };
+    }>;
+    static social(payload: PayloadRequest<PayloadSocialLogin>): Promise<{
+        readonly success: true;
+        readonly data: any;
+    }>;
+}

package/lib/esm/server/security/controller/auth.js

@@ -0,0 +1,341 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { Method, Controller, IsPublicMethod } from '../../decorators/index.js';
+import User from '../models/usr.js';
+import Role from '../models/rl.js';
+import { Exception, Success, validateData } from '../../helpers/index.js';
+import { HttpStatus } from '../../constants/index.js';
+import jwt from '../jwt/index.js';
+import Session from '../models/se.js';
+import ChangeRequestPassword from '../models/crp.js';
+import { Context } from '../../index.js';
+let Auth = class Auth {
+    get db() {
+        return Context.get('db');
+    }
+    async register(payload) {
+        var errors = validateData(User, payload.data);
+        if (Object.keys(errors).length > 0) {
+            return Exception({
+                ...HttpStatus[400],
+                message: errors,
+            });
+        }
+        var userRepository = this.db.getRepository(User);
+        if (await userRepository.findOne({ where: { lg: payload.data.lg } })) {
+            return Exception({
+                ...HttpStatus[400],
+                message: 'User with this login already exists.',
+            });
+        }
+        const result = await userRepository.insert(payload.data);
+        return Success(result);
+    }
+    async login(payload) {
+        if (!payload.data.lg) {
+            return Exception({
+                ...HttpStatus[400],
+                message: 'Login is required',
+            });
+        }
+        if (!payload.data.ps) {
+            return Exception({
+                ...HttpStatus[400],
+                message: 'Password is required',
+            });
+        }
+        var userRepository = this.db.getRepository(User);
+        var sessionRepository = this.db.getRepository(Session);
+        var usr = await userRepository.findOne({
+            where: { lg: payload.data.lg },
+        });
+        if (!usr) {
+            return Exception({
+                ...HttpStatus[400],
+                message: 'Invalid login or password, check the data and try again.',
+            });
+        }
+        if (!(await usr.comparePassword(payload.data.ps))) {
+            return Exception({
+                ...HttpStatus[400],
+                message: 'Invalid login or password, check the data and try again.',
+            });
+        }
+        var roleRepository = this.db.getRepository(Role);
+        var roles = await roleRepository.find({
+            where: { usr: usr.id },
+        });
+        var { token, refresh } = await jwt.sign({
+            fn: usr.fn,
+            id: usr.id,
+            lg: usr.lg,
+            ln: usr.ln,
+            exp: 0,
+            rl: roles.map(({ sm, mt }) => ({ sm, mt })),
+        });
+        // register new session init
+        await sessionRepository.insert({
+            ac: true,
+            ag: payload.headers.userAgent,
+            ip: payload.headers.ip,
+            loi: new Date(),
+            rt: refresh,
+            usr: usr.id,
+        });
+        const current = new Date();
+        payload.headers.cookies.set('access_token', token, {
+            httpOnly: true,
+            secure: true,
+            sameSite: 'none',
+            path: '/',
+            expires: new Date(current.getTime() + 15 * 60 * 1000), // 15 mim
+        });
+        payload.headers.cookies.set('refresh_token', refresh, {
+            httpOnly: true,
+            secure: true,
+            sameSite: 'none',
+            path: '/',
+            expires: new Date(current.getTime() + 15 * 24 * 60 * 60 * 1000), // 15 dias
+        });
+        return Success({
+            token,
+            refresh,
+            usr: {
+                id: usr.id,
+                fn: usr.fn,
+                ln: usr.ln,
+                lg: usr.lg,
+                rl: roles.map(({ sm, mt }) => ({ sm, mt })),
+            },
+        });
+    }
+    async refresh(payload) {
+        if (!payload.data) {
+            return Exception({
+                ...HttpStatus[400],
+                message: 'Refresh token is required.',
+            });
+        }
+        var sessionRepository = this.db.getRepository(Session);
+        var last = await sessionRepository.findOne({
+            where: { rt: payload.data },
+        });
+        if (!last) {
+            return Exception({
+                ...HttpStatus[401],
+                message: "Don't find session.",
+            });
+        }
+        if (!last.ac) {
+            return Exception({
+                ...HttpStatus[401],
+                message: 'Refresh expired.',
+            });
+        }
+        var usr = await jwt.validate.refresh(payload.data);
+        if (!usr || typeof usr === 'string') {
+            return Exception({
+                ...HttpStatus[401],
+                message: 'Invalid token.',
+            });
+        }
+        //cancel last session and update in database;
+        await sessionRepository.update({ rt: last.rt }, {
+            ac: false,
+            lou: new Date(),
+        });
+        var { token, refresh } = await jwt.sign(usr);
+        await sessionRepository.insert({
+            ac: true,
+            ag: last.ag,
+            ip: last.ip,
+            loi: new Date(),
+            rt: refresh,
+            usr: usr.id,
+        });
+        const current = new Date();
+        payload.headers.cookies.set('access_token', token, {
+            httpOnly: true,
+            secure: true,
+            sameSite: 'none',
+            path: '/',
+            expires: new Date(current.getTime() + 15 * 60 * 1000), // 15 mim
+        });
+        payload.headers.cookies.set('refresh_token', refresh, {
+            httpOnly: true,
+            secure: true,
+            sameSite: 'none',
+            path: '/',
+            expires: new Date(current.getTime() + 15 * 24 * 60 * 60 * 1000), // 15 dias
+        });
+        return Success({
+            token,
+            refresh,
+            ...usr,
+        });
+    }
+    async logout(payload) {
+        const token = payload.data || payload.headers.cookies.data.refresh_token;
+        if (!token) {
+            return Exception({
+                ...HttpStatus[400],
+                message: 'Token is required for logout user.',
+            });
+        }
+        payload.headers.cookies.remove('access_token');
+        payload.headers.cookies.remove('refresh_token');
+        var sessionRepository = this.db.getRepository(Session);
+        await sessionRepository.update({ rt: token }, {
+            ac: false,
+            lou: new Date(),
+        });
+    }
+    async me(payload) {
+        const token = payload.headers.cookies.data.refresh_token;
+        if (!token) {
+            return null;
+        }
+        var usr = await jwt.validate.refresh(token);
+        if (typeof usr === 'string') {
+            return null;
+        }
+        return Success(usr);
+    }
+    async changePassword(payload) {
+        var errors = validateData(User, { ps: payload.data.ps });
+        if (Object.keys(errors).length > 0) {
+            return Exception({
+                ...HttpStatus[400],
+                message: errors,
+            });
+        }
+        if (!payload.data.tk) {
+            return Exception({
+                ...HttpStatus[400],
+                message: 'Ticket is required for change password.',
+            });
+        }
+        var ticket = await jwt.validate.recover(payload.data.tk);
+        if (typeof ticket === 'string' || !ticket) {
+            return Exception({
+                ...HttpStatus[401],
+                message: 'Invalid token.',
+            });
+        }
+        var changePasswordRepository = this.db.getRepository(ChangeRequestPassword);
+        var userRepository = this.db.getRepository(User);
+        var usr = await userRepository.findOne({
+            where: { lg: ticket.lg },
+        });
+        if (!usr) {
+            return Exception({
+                ...HttpStatus[401],
+                message: "Don't find user, verify payload and try again.",
+            });
+        }
+        // finaly update password...
+        await userRepository.update({ lg: ticket.lg }, { ps: payload.data.ps });
+        await changePasswordRepository.update({ tk: payload.data.tk }, {
+            ud: true,
+        });
+        return Success({ message: 'Success for change password.' });
+    }
+    async forgotPassword(payload) {
+        if (!payload.data.lg) {
+            return Exception({
+                ...HttpStatus[400],
+                message: 'Login is required.',
+            });
+        }
+        var { token } = await jwt.forget(payload.data);
+        var changePasswordRepository = this.db.getRepository(ChangeRequestPassword);
+        await changePasswordRepository.insert({
+            ...payload.data,
+            tk: token,
+            ex: new Date(new Date().getTime() + 5 * 60 * 1000), // five min
+        });
+        return Success({ token });
+    }
+    static async social(payload) {
+        const usr = payload.data;
+        const db = Context.get('db');
+        var sessionRepository = db.getRepository(Session);
+        var { token, refresh } = await jwt.sign({
+            ...usr,
+            exp: 0,
+        });
+        // register new session init
+        await sessionRepository.insert({
+            ac: true,
+            ag: payload.headers.userAgent,
+            ip: payload.headers.ip,
+            loi: new Date(),
+            rt: refresh,
+            usr: usr.id,
+        });
+        return Success({
+            token,
+            refresh,
+            usr: {
+                id: usr.id,
+                fn: usr.fn,
+                ln: usr.ln,
+                lg: usr.lg,
+            },
+        });
+    }
+};
+__decorate([
+    Method(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], Auth.prototype, "register", null);
+__decorate([
+    Method(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], Auth.prototype, "login", null);
+__decorate([
+    Method(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], Auth.prototype, "refresh", null);
+__decorate([
+    Method(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], Auth.prototype, "logout", null);
+__decorate([
+    Method(),
+    IsPublicMethod(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], Auth.prototype, "me", null);
+__decorate([
+    Method(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], Auth.prototype, "changePassword", null);
+__decorate([
+    Method(),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], Auth.prototype, "forgotPassword", null);
+Auth = __decorate([
+    Controller('auth')
+], Auth);
+export default Auth;

package/lib/esm/server/security/index.d.ts

@@ -0,0 +1,2 @@
+export { default as User } from "./models/usr.js";
+export { default as Role } from "./models/rl.js";

package/lib/esm/server/security/index.js

@@ -0,0 +1,2 @@
+export { default as User } from "./models/usr.js";
+export { default as Role } from "./models/rl.js";

package/lib/esm/server/security/jwt/index.d.ts

@@ -0,0 +1,23 @@
+import { ForgetJwt, SignJwt } from "../../../interfaces/jwt.js";
+declare function access(token: string): Promise<string | SignJwt | undefined>;
+declare function refresh(token: string): Promise<string | SignJwt | undefined>;
+declare function sign({ exp, ...payload }: SignJwt): Promise<{
+    token: any;
+    refresh: any;
+}>;
+declare function forget(payload: ForgetJwt): Promise<{
+    token: any;
+}>;
+declare function recover(token: string): Promise<string | ForgetJwt | undefined>;
+declare function verify(token: string): Promise<string | true | undefined>;
+declare const _default: {
+    verify: typeof verify;
+    sign: typeof sign;
+    forget: typeof forget;
+    validate: {
+        access: typeof access;
+        refresh: typeof refresh;
+        recover: typeof recover;
+    };
+};
+export default _default;

package/lib/esm/server/security/jwt/index.js

@@ -0,0 +1,103 @@
+//@ts-ignore
+import jwt from "jsonwebtoken";
+import system from "../../../system/index.js";
+const settings = system.getSettingsFile();
+const accessJwt = process.env.ACCESS_JWT
+    ? process.env.ACCESS_JWT
+    : settings.jwt.access;
+const refreshJwt = process.env.REFRESH_JWT
+    ? process.env.REFRESH_JWT
+    : settings.jwt.refresh;
+const recoverJwt = process.env.RECOVER_JWT
+    ? process.env.RECOVER_JWT
+    : settings.jwt.recover;
+async function access(token) {
+    if (!accessJwt) {
+        throw new Error("[jwt] - Don't finded token for access jwt, generate running 'npx @ug.software/opposer jwt generate' or consulting documentation.");
+    }
+    try {
+        const user = jwt.verify(token, accessJwt);
+        return user;
+    }
+    catch (err) {
+        var erro = err;
+        if (erro.name === "TokenExpiredError") {
+            return erro.message;
+        }
+        if (erro.name === "JsonWebTokenError") {
+            return "Check your data and try again.";
+        }
+    }
+}
+async function refresh(token) {
+    if (!refreshJwt) {
+        throw new Error("[jwt] - Don't finded token for refresh jwt, generate running 'npx @ug.software/opposer jwt generate' or consulting documentation.");
+    }
+    try {
+        const user = jwt.verify(token, refreshJwt);
+        return user;
+    }
+    catch (err) {
+        var erro = err;
+        if (erro.name === "TokenExpiredError") {
+            return erro.message;
+        }
+        if (erro.name === "JsonWebTokenError") {
+            return "Check your data and try again.";
+        }
+    }
+}
+async function sign({ exp, ...payload }) {
+    if (!accessJwt) {
+        throw new Error("[jwt] - Don't finded token secret, generate running 'npx @ug.software/opposer jwt generate' or consulting documentation.");
+    }
+    const token = jwt.sign({ ...payload }, accessJwt, { expiresIn: "15m" });
+    const refresh = jwt.sign({ ...payload }, refreshJwt, {
+        expiresIn: "15d",
+    });
+    return { token, refresh };
+}
+async function forget(payload) {
+    if (!recoverJwt) {
+        throw new Error("[jwt] - Don't finded token secret for recover password, generate running 'npx @ug.software/opposer jwt generate' or consulting documentation.");
+    }
+    const token = jwt.sign(payload, accessJwt, { expiresIn: "5m" });
+    return { token };
+}
+async function recover(token) {
+    if (!recoverJwt) {
+        throw new Error("[jwt] - Don't finded token secret for recover password, generate running 'npx @ug.software/opposer jwt generate' or consulting documentation.");
+    }
+    try {
+        const user = jwt.verify(token, recoverJwt);
+        return user;
+    }
+    catch (err) {
+        var erro = err;
+        if (erro.name === "TokenExpiredError") {
+            return erro.message;
+        }
+        if (erro.name === "JsonWebTokenError") {
+            return "Check your data and try again.";
+        }
+    }
+}
+async function verify(token) {
+    try {
+        const secret = process.env.ACCESS_JWT
+            ? process.env.ACCESS_JWT
+            : settings.jwt;
+        jwt.verify(token, secret);
+        return true;
+    }
+    catch (err) {
+        var erro = err;
+        if (erro.name === "TokenExpiredError") {
+            return erro.message;
+        }
+        if (erro.name === "JsonWebTokenError") {
+            return "Check your data and try again.";
+        }
+    }
+}
+export default { verify, sign, forget, validate: { access, refresh, recover } };

package/lib/esm/server/security/middleware/autorization.d.ts

@@ -0,0 +1,3 @@
+import { Request, Response, NextFunction } from "../../core/index.js";
+declare const _default: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+export default _default;

package/lib/esm/server/security/middleware/autorization.js

@@ -0,0 +1,41 @@
+import { Exception } from "../../helpers/index.js";
+import { HttpStatus } from "../../constants/index.js";
+import ke from "../models/ke.js";
+import { Context } from "../../index.js";
+export default async (req, res, next) => {
+    const host = req.headers.host;
+    const referer = req.headers.referer;
+    // Bypass for playground or same domain requests
+    if (referer && host && referer.includes(host)) {
+        return next();
+    }
+    var api = (req.headers["opposer-key"] || req.cookies.opposer_key);
+    if (!api) {
+        return res.status(HttpStatus[401].code).send(Exception({
+            ...HttpStatus[401],
+            message: "[autorization] - Unauthorized in system.",
+        }));
+    }
+    const db = Context.get("db");
+    if (!db) {
+        return res.status(HttpStatus[403].code).send(Exception({
+            ...HttpStatus[403],
+            message: "[database] - Database connection not found.",
+        }));
+    }
+    var keRepository = db.getRepository(ke);
+    var authorization = await keRepository.findOne({ where: { hs: api } });
+    if (!authorization) {
+        return res.status(HttpStatus[403].code).send(Exception({
+            ...HttpStatus[403],
+            message: "[autorization] - Unauthorized in system.",
+        }));
+    }
+    if (new Date() > new Date(authorization.ex)) {
+        return res.status(HttpStatus[403].code).send(Exception({
+            ...HttpStatus[403],
+            message: "[autorization] - Unauthorized in system.",
+        }));
+    }
+    next();
+};

package/lib/esm/server/security/middleware/permission.d.ts

@@ -0,0 +1,3 @@
+import { Request, Response, NextFunction } from '../../core/index.js';
+declare const _default: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+export default _default;