npm - @vtecx/vtecxnext - Versions diffs - 1.0.4 → 1.0.5 - Mend

@vtecx/vtecxnext 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/vtecxnext.d.ts CHANGED Viewed

@@ -695,6 +695,18 @@ export declare const addalias: (req: IncomingMessage, res: ServerResponse, feed:
  * @return message
  */
 export declare const removealias: (req: IncomingMessage, res: ServerResponse, feed: any) => Promise<any>;
+/**
+ * OAuth authorization request to LINE
+ * @param req request (for authentication)
+ * @param res response (for authentication)
+ */
+export declare const oauthLine: (req: IncomingMessage, res: ServerResponse) => Promise<boolean>;
+/**
+ * OAuth authorization request to LINE
+ * @param req request (for authentication)
+ * @param res response (for authentication)
+ */
+export declare const oauthCallbackLine: (req: IncomingMessage, res: ServerResponse) => Promise<boolean>;
 /**
  * Error returned from vte.cx
  */

package/dist/vtecxnext.js CHANGED Viewed

@@ -1,13 +1,37 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.deleteSignature = exports.putSignatures = exports.putSignature = exports.toPdf = exports.getBQCsv = exports.getBQ = exports.deleteBQ = exports.postBQ = exports.getPage = exports.pagination = exports.getSessionLong = exports.getSessionString = exports.getSessionEntry = exports.getSessionFeed = exports.deleteSessionLong = exports.deleteSessionString = exports.deleteSessionEntry = exports.deleteSessionFeed = exports.incrementSession = exports.setSessionLong = exports.setSessionString = exports.setSessionEntry = exports.setSessionFeed = exports.getRangeids = exports.rangeids = exports.setids = exports.getids = exports.addids = exports.allocids = exports.deleteFolder = exports.deleteEntry = exports.put = exports.post = exports.count = exports.getFeed = exports.getEntry = exports.log = exports.rxid = exports.service = exports.isLoggedin = exports.whoami = exports.account = exports.uid = exports.now = exports.logout = exports.loginWithRxid = exports.login = exports.sendMessage = exports.checkXRequestedWith = exports.hello = void 0;
-exports.VtecxNextError = exports.removealias = exports.addalias = exports.removeacl = exports.addacl = exports.getcontent = exports.deletecontent = exports.putcontent = exports.savefiles = exports.deleteusers = exports.deleteuser = exports.canceluser = exports.activateusers = exports.activateuser = exports.revokeusers = exports.revokeuser = exports.userstatus = exports.changeaccount_verify = exports.changeaccount = exports.changepassByAdmin = exports.changepass = exports.passreset = exports.adduserByAdmin = exports.adduser = exports.noGroupMember = exports.leaveGroup = exports.joinGroup = exports.getMessageQueue = exports.setMessageQueue = exports.setMessageQueueStatus = exports.pushNotification = exports.sendMail = exports.checkSignature = void 0;
+exports.VtecxNextError = exports.oauthCallbackLine = exports.oauthLine = exports.removealias = exports.addalias = exports.removeacl = exports.addacl = exports.getcontent = exports.deletecontent = exports.putcontent = exports.savefiles = exports.deleteusers = exports.deleteuser = exports.canceluser = exports.activateusers = exports.activateuser = exports.revokeusers = exports.revokeuser = exports.userstatus = exports.changeaccount_verify = exports.changeaccount = exports.changepassByAdmin = exports.changepass = exports.passreset = exports.adduserByAdmin = exports.adduser = exports.noGroupMember = exports.leaveGroup = exports.joinGroup = exports.getMessageQueue = exports.setMessageQueue = exports.setMessageQueueStatus = exports.pushNotification = exports.sendMail = exports.checkSignature = void 0;
 const sqlstring_1 = __importDefault(require("sqlstring"));
 const formidable_1 = __importDefault(require("formidable"));
 const fs_1 = __importDefault(require("fs"));
+const url_1 = __importStar(require("url"));
 /**
  * Hello world.
  */
@@ -66,7 +90,7 @@ const login = async (req, res, wsse, reCaptchaToken) => {
     const url = `/d/?_login${param}`;
     const headers = { 'X-WSSE': `${wsse}` };
     const response = await fetchVtecx(method, url, headers);
-    const feed = await response.json();
+    //const feed = await response.json()
     // vte.cxからのset-cookieを転記
     setCookie(response, res);
     // レスポンスのエラーチェック
@@ -2185,6 +2209,34 @@ const removealias = async (req, res, feed) => {
     return await getJson(response);
 };
 exports.removealias = removealias;
+/**
+ * OAuth authorization request to LINE
+ * @param req request (for authentication)
+ * @param res response (for authentication)
+ */
+const oauthLine = async (req, res) => {
+    const provider = 'line';
+    const oauthUrl = 'https://access.line.me/oauth2/v2.1/authorize';
+    return await oauth(req, res, provider, oauthUrl);
+};
+exports.oauthLine = oauthLine;
+/**
+ * OAuth authorization request to LINE
+ * @param req request (for authentication)
+ * @param res response (for authentication)
+ */
+const oauthCallbackLine = async (req, res) => {
+    // OAuthアクセストークン、OAuth情報を取得
+    const provider = 'line';
+    const accesstokenUrl = 'https://api.line.me/oauth2/v2.1/token';
+    const oauthInfo = await oauthGetAccesstoken(req, res, provider, accesstokenUrl);
+    // ユーザ識別情報を取得
+    const userInfo = await oauthGetUserinfoLine(req, res, oauthInfo);
+    // vte.cxユーザと連携・ログイン
+    await oauthLink(req, res, provider, userInfo);
+    return true;
+};
+exports.oauthCallbackLine = oauthCallbackLine;
 //---------------------------------------------
 /**
  * Error returned from vte.cx
@@ -2205,10 +2257,12 @@ exports.VtecxNextError = VtecxNextError;
  * @param url サーブレットパス以降のURL
  * @param req リクエスト。認証情報設定に使用。
  * @param body リクエストデータ
+ * @param additionalHeaders リクエストヘッダ追加分
  * @param targetService 連携サービス名
+ * @param mode RequestMode ("cors" | "navigate" | "no-cors" | "same-origin")
  * @returns promise
  */
-const requestVtecx = async (method, url, req, body, additionalHeaders, targetService) => {
+const requestVtecx = async (method, url, req, body, additionalHeaders, targetService, mode) => {
     // cookieの値をvte.cxへのリクエストヘッダに設定
     const cookie = req ? req.headers['cookie'] : undefined;
     const headers = cookie ? { 'Cookie': cookie } : {};
@@ -2226,7 +2280,7 @@ const requestVtecx = async (method, url, req, body, additionalHeaders, targetSer
             headers['X-SERVICEKEY'] = servicekey;
         }
     }
-    return fetchVtecx(method, url, headers, body);
+    return fetchVtecx(method, url, headers, body, mode);
 };
 /**
  * vte.cxへリクエスト
@@ -2234,9 +2288,10 @@ const requestVtecx = async (method, url, req, body, additionalHeaders, targetSer
  * @param url サーブレットパス以降のURL
  * @param headers リクエストヘッダ。連想配列で指定。
  * @param body リクエストデータ
+ * @param mode RequestMode ("cors" | "navigate" | "no-cors" | "same-origin")
  * @returns promise
  */
-const fetchVtecx = async (method, url, headers, body) => {
+const fetchVtecx = async (method, url, headers, body, mode) => {
     //console.log(`[vtecxnext fetchVtecx] url=${process.env.VTECX_URL}${url}`)
     headers['X-Requested-With'] = 'XMLHttpRequest';
     const apiKey = process.env.VTECX_APIKEY;
@@ -2248,6 +2303,9 @@ const fetchVtecx = async (method, url, headers, body) => {
         method: method,
         headers: headers
     };
+    if (mode) {
+        requestInit['mode'] = mode;
+    }
     return fetch(`${process.env.VTECX_URL}${url}`, requestInit);
 };
 /**
@@ -2261,6 +2319,21 @@ const setCookie = (response, res) => {
         res.setHeader('set-cookie', setCookieVal);
     }
 };
+/**
+ * vte.cxからのallow-originを、ブラウザへレスポンスする。
+ * @param response vte.cxからのレスポンス
+ * @param res ブラウザへのレスポンス
+ */
+const setAllowOrigin = (response, res) => {
+    let val = response.headers.get('access-control-allow-origin');
+    val ? res.setHeader('access-control-allow-origin', val) : '';
+    val = response.headers.get('access-control-allow-methods');
+    val ? res.setHeader('access-control-allow-methods', val) : '';
+    val = response.headers.get('access-control-allow-headers');
+    val ? res.setHeader('access-control-allow-headers', val) : '';
+    val = response.headers.get('access-control-allow-credentials');
+    val ? res.setHeader('access-control-allow-credentials', val) : '';
+};
 /**
  * vte.cxからのレスポンスヘッダを、ブラウザへレスポンスする。
  * コンテンツの戻し時に使用。
@@ -2429,3 +2502,217 @@ const buffer = async (readable) => {
     }
     return Buffer.concat(chunks);
 };
+/**
+ * OAuth authorization request
+ * @param req request (for authentication)
+ * @param res response (for authentication)
+ * @param provider OAuth provider name
+ * @param oauthUrl OAuth authorization request url
+ * @return true
+ */
+const oauth = async (req, res, provider, oauthUrl) => {
+    //console.log(`[vtecxnext oauth] start. provider=${provider} oauthUrl=${oauthUrl}`)
+    // TODO reCAPTCHAを必須とすべき。
+    // 入力チェック
+    checkNotNull(provider, 'OAuth provider');
+    // vte.cxへリクエスト (state取得)
+    const method = 'POST';
+    const url = `/o/${provider}/create_state`;
+    const response = await requestVtecx(method, url, req);
+    // レスポンスのエラーチェック
+    await checkVtecxResponse(response);
+    // 戻り値
+    const data = await getJson(response);
+    // state生成
+    if (!data || !data.feed || !data.feed.title) {
+        throw new VtecxNextError(401, `Could not generate state.`);
+    }
+    //console.log(`[vtecxnext oauth] response data=${JSON.stringify(data)}`)
+    const state = data.feed.title;
+    const client_id = data.feed.subtitle;
+    const redirect_uri = data.feed.link[0].___href;
+    const origin = getOrigin(oauthUrl);
+    // 認可リクエストリダイレクトURL生成
+    //console.log(`[vtecxnext oauth] redirect_uri=${redirect_uri}`)
+    //console.log(`[vtecxnext oauth] origin=${origin}`)
+    const authorizationUrl = `${oauthUrl}?response_type=code&client_id=${client_id}&redirect_uri=${encodeURI(redirect_uri)}&state=${state}&scope=profile`;
+    //console.log(`[vtecxnext oauth] authorizationUrl=${authorizationUrl}`)
+    res.setHeader('Location', authorizationUrl);
+    //res.setHeader('Access-Control-Allow-Origin', origin)
+    //res.setHeader('Access-Control-Allow-Method', 'GET, OPTIONS')
+    //console.log(`[vtecxnext oauth] response headers=${JSON.stringify(res.getHeaders())}`)
+    res.writeHead(302);
+    res.end();
+    return true;
+};
+/**
+ * OAuth authorization request
+ * @param req request (for authentication)
+ * @param res response (for authentication)
+ * @param provider OAuth provider name
+ * @param oauthUrl OAuth get accesstoken request url
+ * @return {'client_id', 'client_secret', 'redirect_uri', 'state', 'access_token'}
+ */
+const oauthGetAccesstoken = async (req, res, provider, accesstokenUrl) => {
+    //console.log(`[vtecxnext oauthGetAccesstoken] start. provider=${provider} oauthUrl=${accesstokenUrl}`)
+    // stateチェック
+    const parseUrl = url_1.default.parse(req.url ? req.url : '', true);
+    const state = parseUrl.query.state;
+    const code = parseUrl.query.code;
+    if (!state) {
+        throw new VtecxNextError(401, `Could not get state on redirect.`);
+    }
+    if (!code) {
+        throw new VtecxNextError(401, `Could not get code on redirect.`);
+    }
+    // vte.cxへリクエスト (stateチェック)
+    const vtecxMethod = 'POST';
+    const vtecxUrl = `/o/${provider}/check_state?state=${state}`;
+    //console.log(`[vtecxnext oauthGetAccesstoken] vtecxUrl=${vtecxUrl}`)
+    const vtecxResponse = await requestVtecx(vtecxMethod, vtecxUrl, req);
+    //console.log(`[vtecxnext oauthGetAccesstoken] check_state response status=${vtecxResponse.status}`)
+    // vte.cxからのset-cookieを転記
+    setCookie(vtecxResponse, res);
+    // レスポンスのエラーチェック
+    await checkVtecxResponse(vtecxResponse);
+    // 戻り値
+    const data = await getJson(vtecxResponse);
+    // stateチェック
+    if (!data || !data.feed || !data.feed.title) {
+        throw new VtecxNextError(401, `Invalid state.`);
+    }
+    const client_id = data.feed.subtitle;
+    const client_secret = data.feed.rights;
+    const redirect_uri = data.feed.link[0].___href;
+    //console.log(`[vtecxnext oauthGetAccesstoken] client_id=${client_id}`)
+    //console.log(`[vtecxnext oauthGetAccesstoken] client_secret=${client_secret}`)
+    //console.log(`[vtecxnext oauthGetAccesstoken] redirect_uri=${redirect_uri}`)
+    const encodeRedirect_uri = encodeURIComponent(redirect_uri);
+    //console.log(`[vtecxnext oauthGetAccesstoken] encode redirect_uri=${encodeRedirect_uri}`)
+    // アクセストークン取得URL生成
+    const accesstokenMethod = 'POST';
+    const accessTokenData = {
+        'grant_type': 'authorization_code',
+        'code': code,
+        'redirect_uri': redirect_uri,
+        'client_id': client_id,
+        'client_secret': client_secret
+    };
+    const accesstokenBody = createURLSearchParams(accessTokenData);
+    //const accesstokenBodyStr = `grant_type=authorization_code&code=${code}&redirect_uri=${encodeRedirect_uri}&client_id=${client_id}&client_secret=${client_secret}`
+    //console.log(`[vtecxnext oauthGetAccesstoken] accesstokenUrl=${accesstokenUrl}`)
+    //console.log(`[vtecxnext oauthGetAccesstoken] accesstokenBodyStr=${accesstokenBodyStr}`)
+    //const accesstokenBody = Buffer.from(accesstokenBodyStr, 'utf-8')
+    const requestInit = {
+        body: accesstokenBody,
+        method: accesstokenMethod
+    };
+    const accesstokenResponse = await fetch(accesstokenUrl, requestInit);
+    if (accesstokenResponse.status !== 200) {
+        const errorInfo = await accesstokenResponse.json();
+        //console.log(`[vtecxnext oauthGetAccesstoken] Get accesstoken failed. ${JSON.stringify(errorInfo)}`)
+        const errMsg = `${'error' in errorInfo ? errorInfo.error + '. ' : ''} ${'error_description' in errorInfo ? errorInfo.error_description : ''}`;
+        throw new VtecxNextError(401, `Get accesstoken failed. status=${accesstokenResponse.status} ${errMsg}`);
+    }
+    const accesstokenInfo = await accesstokenResponse.json();
+    const access_token = accesstokenInfo.access_token;
+    if (!access_token) {
+        throw new VtecxNextError(401, `Get accesstoken failed.`);
+    }
+    return {
+        'client_id': client_id,
+        'client_secret': client_secret,
+        'redirect_uri': redirect_uri,
+        'state': state,
+        'access_token': access_token
+    };
+};
+/**
+ * OAuth get userinfo request
+ * @param req request (for authentication)
+ * @param res response (for authentication)
+ * @param oauthInfo OAuth info {'client_id', 'client_secret', 'redirect_uri', 'state', 'access_token'}
+ * @return userinfo {'guid', 'nickname', 'state'}
+ */
+const oauthGetUserinfoLine = async (req, res, oauthInfo) => {
+    //console.log(`[vtecxnext oauthGetUserinfoLine] start. oauthInfo=${JSON.stringify(oauthInfo)}`)
+    // LINEユーザ識別情報取得リクエスト
+    const url = 'https://api.line.me/v2/profile';
+    const method = 'GET';
+    const headers = { 'Authorization': `Bearer ${oauthInfo.access_token}` };
+    //console.log(`[vtecxnext oauthGetUserinfoLine] url=${url}`)
+    const requestInit = {
+        headers: headers,
+        method: method
+    };
+    const response = await fetch(url, requestInit);
+    if (response.status !== 200) {
+        throw new VtecxNextError(401, `Get user information failed. status=${response.status}`);
+    }
+    const userInfo = await response.json();
+    const guid = 'userId' in userInfo ? userInfo.userId : undefined;
+    const nickname = 'displayName' in userInfo ? userInfo.displayName : '';
+    if (!guid) {
+        throw new VtecxNextError(401, `Get user information failed. `);
+    }
+    return {
+        'guid': guid,
+        'nickname': nickname,
+        'state': oauthInfo.state
+    };
+};
+/**
+ * OAuth user link.
+ * @param req request
+ * @param res response
+ * @param provider OAuth provider name
+ * @param userInfo user info
+ * @return true if log in has been successful.
+ */
+const oauthLink = async (req, res, provider, userInfo) => {
+    //console.log(`[vtecxnext oauthLink] start. userInfo=${JSON.stringify(userInfo)}`)
+    // OAuthリンク・ログイン
+    // reCAPTCHA tokenは任意
+    //const param = reCaptchaToken ? `&g-recaptcha-token=${reCaptchaToken}` : ''
+    const param = '';
+    const method = 'POST';
+    const url = `/o/${provider}/link?state=${userInfo.state}${param}`;
+    const reqFeed = [{ 'title': userInfo.guid, 'subtitle': userInfo.nickname }];
+    const response = await fetchVtecx(method, url, {}, JSON.stringify(reqFeed));
+    const feed = await response.json();
+    // vte.cxからのset-cookieを転記
+    setCookie(response, res);
+    // レスポンスのエラーチェック
+    let isLoggedin;
+    if (response.status < 400) {
+        isLoggedin = true;
+    }
+    else {
+        isLoggedin = false;
+    }
+    //console.log(`[vtecxnext oauthLink] end. status=${response.status} message=${feed.feed.title}`)
+    return isLoggedin;
+};
+/**
+ * URLからOriginを取得
+ * @param oauthUrl URL
+ * @returns Origin
+ */
+const getOrigin = (oauthUrl) => {
+    const tmpIdx = oauthUrl.indexOf('://') + 3;
+    let idx = oauthUrl.indexOf('/', tmpIdx);
+    if (idx < 0) {
+        idx = oauthUrl.length;
+    }
+    return oauthUrl.substring(0, idx);
+};
+/**
+ * URLSearchParamsを生成.
+ * @param data JSON
+ * @returns URLSearchParams
+ */
+const createURLSearchParams = (data) => {
+    const params = new url_1.URLSearchParams();
+    Object.keys(data).forEach(key => params.append(key, data[key]));
+    return params;
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vtecx/vtecxnext",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "vte.cx Next.js api",
   "main": "dist/index.js",
   "files": [