@yimingliao/cms 0.0.25 → 0.0.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/index.d.ts +62 -2
- package/dist/server/index.js +129 -5
- package/package.json +1 -1
package/dist/server/index.d.ts
CHANGED
|
@@ -27,7 +27,7 @@ declare function createJwtService({ defaultSecret, ...options }: CreateJwtServic
|
|
|
27
27
|
|
|
28
28
|
declare function createArgon2Service(): {
|
|
29
29
|
hash: (password: string) => Promise<string>;
|
|
30
|
-
verify: (
|
|
30
|
+
verify: (digest: string, password: string) => Promise<boolean>;
|
|
31
31
|
};
|
|
32
32
|
|
|
33
33
|
interface CreateCryptoServiceOptions {
|
|
@@ -622,6 +622,66 @@ interface CreateExecuteApiOptions {
|
|
|
622
622
|
}
|
|
623
623
|
declare function createExecuteApi({ initI18n, logger, }: CreateExecuteApiOptions): (fn: Api) => Promise<NextResponse<unknown>>;
|
|
624
624
|
|
|
625
|
+
interface CreateAuthUseCases {
|
|
626
|
+
prisma: any;
|
|
627
|
+
adminQueryRepository: ReturnType<typeof createAdminQueryRepository>;
|
|
628
|
+
adminRefreshTokenCommandRepository: ReturnType<typeof createAdminRefreshTokenCommandRepository>;
|
|
629
|
+
jwtService: ReturnType<typeof createJwtService>;
|
|
630
|
+
argon2Service: ReturnType<typeof createArgon2Service>;
|
|
631
|
+
cryptoService: ReturnType<typeof createCryptoService>;
|
|
632
|
+
cookieService: ReturnType<typeof createCookieService>;
|
|
633
|
+
config: {
|
|
634
|
+
refreshTokenName: string;
|
|
635
|
+
refreshTokenTtl: number;
|
|
636
|
+
accessTokenName: string;
|
|
637
|
+
accessTokenSecret: string;
|
|
638
|
+
accessTokenTtl: number;
|
|
639
|
+
resetPasswordSecret: string;
|
|
640
|
+
resetPasswordTtl: number;
|
|
641
|
+
verifyEmailSecret: string;
|
|
642
|
+
verifyEmailTtl: number;
|
|
643
|
+
};
|
|
644
|
+
}
|
|
645
|
+
declare function createAuthUseCases({ prisma, adminQueryRepository, adminRefreshTokenCommandRepository, jwtService, argon2Service, cryptoService, cookieService, config, }: CreateAuthUseCases): {
|
|
646
|
+
verifyCredentials: ({ email, password, }: {
|
|
647
|
+
email: string;
|
|
648
|
+
password: string;
|
|
649
|
+
}) => Promise<Admin>;
|
|
650
|
+
updatePassword: ({ email, password, }: {
|
|
651
|
+
email: string;
|
|
652
|
+
password: string;
|
|
653
|
+
}) => Promise<Admin>;
|
|
654
|
+
createRefreshToken: ({ admin, deviceInfo, ip, }: {
|
|
655
|
+
admin: {
|
|
656
|
+
id: string;
|
|
657
|
+
email: string;
|
|
658
|
+
};
|
|
659
|
+
deviceInfo: DeviceInfo;
|
|
660
|
+
ip: string;
|
|
661
|
+
}) => Promise<string>;
|
|
662
|
+
refreshTokens: ({ admin, deviceInfo, ip, }: {
|
|
663
|
+
admin: {
|
|
664
|
+
id: string;
|
|
665
|
+
email: string;
|
|
666
|
+
};
|
|
667
|
+
deviceInfo: DeviceInfo;
|
|
668
|
+
ip: string;
|
|
669
|
+
}) => Promise<void>;
|
|
670
|
+
signPasswordResetToken: ({ admin }: {
|
|
671
|
+
admin: AdminSafe;
|
|
672
|
+
}) => string;
|
|
673
|
+
verifyPasswordResetToken: ({ token }: {
|
|
674
|
+
token: string;
|
|
675
|
+
}) => {
|
|
676
|
+
email: string;
|
|
677
|
+
};
|
|
678
|
+
signEmailVerificationToken: () => string;
|
|
679
|
+
verifyEmailAndUpdate: ({ token, admin, }: {
|
|
680
|
+
token: string;
|
|
681
|
+
admin: AdminSafe;
|
|
682
|
+
}) => Promise<AdminSafe>;
|
|
683
|
+
};
|
|
684
|
+
|
|
625
685
|
declare class ServerError extends Error {
|
|
626
686
|
readonly i18nKey?: string;
|
|
627
687
|
readonly statusCode?: number;
|
|
@@ -640,4 +700,4 @@ declare class ServerError extends Error {
|
|
|
640
700
|
static internalServerError(): ServerError;
|
|
641
701
|
}
|
|
642
702
|
|
|
643
|
-
export { ADMIN_ORDER_BY, ORDER_BY, POST_ORDER_BY, type RawCacheKey, ServerError, createAdminCommandRepository, createAdminQueryRepository, createAdminRefreshTokenCommandRepository, createAdminRefreshTokenQueryRepository, createArgon2Service, createCache, createCacheResult, createCookieService, createCryptoService, createExecuteAction, createExecuteApi, createFileCommandRepository, createFileQueryRepository, createFolderCommandRepository, createFolderQueryRepository, createIpRateLimiter, createJwtService, createPostCommandRepository, createPostQueryRepository, createSeoMetadataCommandRepository, normalizeCacheKey };
|
|
703
|
+
export { ADMIN_ORDER_BY, ORDER_BY, POST_ORDER_BY, type RawCacheKey, ServerError, createAdminCommandRepository, createAdminQueryRepository, createAdminRefreshTokenCommandRepository, createAdminRefreshTokenQueryRepository, createArgon2Service, createAuthUseCases, createCache, createCacheResult, createCookieService, createCryptoService, createExecuteAction, createExecuteApi, createFileCommandRepository, createFileQueryRepository, createFolderCommandRepository, createFolderQueryRepository, createIpRateLimiter, createJwtService, createPostCommandRepository, createPostQueryRepository, createSeoMetadataCommandRepository, normalizeCacheKey };
|
package/dist/server/index.js
CHANGED
|
@@ -54,8 +54,8 @@ function createArgon2Service() {
|
|
|
54
54
|
async function hash(password) {
|
|
55
55
|
return await argon2.hash(password, DEFAULT_OPTIONS);
|
|
56
56
|
}
|
|
57
|
-
async function verify(
|
|
58
|
-
return await argon2.verify(
|
|
57
|
+
async function verify(digest, password) {
|
|
58
|
+
return await argon2.verify(digest, password);
|
|
59
59
|
}
|
|
60
60
|
return {
|
|
61
61
|
hash,
|
|
@@ -1497,7 +1497,7 @@ function createExecuteAction({
|
|
|
1497
1497
|
}) {
|
|
1498
1498
|
return async function executeAction(fn, options = {}) {
|
|
1499
1499
|
const translator = await initI18n();
|
|
1500
|
-
const withCache = options.
|
|
1500
|
+
const withCache = options.type === "query" && options.key;
|
|
1501
1501
|
try {
|
|
1502
1502
|
const { data, i18nKey, message, meta } = withCache ? await cacheResult({
|
|
1503
1503
|
key: options.key,
|
|
@@ -1508,7 +1508,7 @@ function createExecuteAction({
|
|
|
1508
1508
|
const finalMessage = i18nKey ? translator.t(i18nKey) : message;
|
|
1509
1509
|
return result.success({
|
|
1510
1510
|
...finalMessage ? { message: finalMessage } : {},
|
|
1511
|
-
...data ? { data
|
|
1511
|
+
...data !== void 0 ? { data } : {},
|
|
1512
1512
|
...meta ? { meta } : {}
|
|
1513
1513
|
});
|
|
1514
1514
|
} catch (error) {
|
|
@@ -1546,4 +1546,128 @@ function createExecuteApi({
|
|
|
1546
1546
|
};
|
|
1547
1547
|
}
|
|
1548
1548
|
|
|
1549
|
-
|
|
1549
|
+
// src/server/applications/auth/create-auth-use-cases.ts
|
|
1550
|
+
function createAuthUseCases({
|
|
1551
|
+
prisma,
|
|
1552
|
+
adminQueryRepository,
|
|
1553
|
+
adminRefreshTokenCommandRepository,
|
|
1554
|
+
jwtService,
|
|
1555
|
+
argon2Service,
|
|
1556
|
+
cryptoService,
|
|
1557
|
+
cookieService,
|
|
1558
|
+
config
|
|
1559
|
+
}) {
|
|
1560
|
+
async function verifyCredentials({
|
|
1561
|
+
email,
|
|
1562
|
+
password
|
|
1563
|
+
}) {
|
|
1564
|
+
const found = await adminQueryRepository.findWithPasswordHash({ email });
|
|
1565
|
+
if (found) {
|
|
1566
|
+
const isValid = await argon2Service.verify(found.passwordHash, password);
|
|
1567
|
+
if (isValid) return found;
|
|
1568
|
+
}
|
|
1569
|
+
throw new ServerError({ i18nKey: "error.credentials-incorrect" });
|
|
1570
|
+
}
|
|
1571
|
+
async function updatePassword({
|
|
1572
|
+
email,
|
|
1573
|
+
password
|
|
1574
|
+
}) {
|
|
1575
|
+
const updatedAdmin = await prisma.admin.update({
|
|
1576
|
+
where: { email },
|
|
1577
|
+
data: { passwordHash: await argon2Service.hash(password) }
|
|
1578
|
+
});
|
|
1579
|
+
return updatedAdmin;
|
|
1580
|
+
}
|
|
1581
|
+
async function createRefreshToken({
|
|
1582
|
+
admin,
|
|
1583
|
+
deviceInfo,
|
|
1584
|
+
ip
|
|
1585
|
+
}) {
|
|
1586
|
+
const token = cryptoService.generateToken();
|
|
1587
|
+
const tokenHash = cryptoService.hash(token);
|
|
1588
|
+
await adminRefreshTokenCommandRepository.create({
|
|
1589
|
+
tokenHash,
|
|
1590
|
+
ip,
|
|
1591
|
+
deviceInfo,
|
|
1592
|
+
expiresAt: new Date(Date.now() + config.refreshTokenTtl * 1e3),
|
|
1593
|
+
adminId: admin.id,
|
|
1594
|
+
email: admin.email
|
|
1595
|
+
});
|
|
1596
|
+
return token;
|
|
1597
|
+
}
|
|
1598
|
+
async function refreshTokens({
|
|
1599
|
+
admin,
|
|
1600
|
+
deviceInfo,
|
|
1601
|
+
ip
|
|
1602
|
+
}) {
|
|
1603
|
+
const token = await createRefreshToken({ admin, deviceInfo, ip });
|
|
1604
|
+
await cookieService.setSignedCookie({
|
|
1605
|
+
name: config.refreshTokenName,
|
|
1606
|
+
value: token,
|
|
1607
|
+
expireSeconds: config.refreshTokenTtl
|
|
1608
|
+
});
|
|
1609
|
+
const accessToken = jwtService.sign({
|
|
1610
|
+
payload: { id: admin.id },
|
|
1611
|
+
secret: cryptoService.hash(config.accessTokenSecret),
|
|
1612
|
+
expiresIn: config.accessTokenTtl
|
|
1613
|
+
});
|
|
1614
|
+
await cookieService.setSignedCookie({
|
|
1615
|
+
name: config.accessTokenName,
|
|
1616
|
+
value: accessToken,
|
|
1617
|
+
expireSeconds: config.accessTokenTtl
|
|
1618
|
+
});
|
|
1619
|
+
}
|
|
1620
|
+
function signPasswordResetToken({ admin }) {
|
|
1621
|
+
const payload = { email: admin.email };
|
|
1622
|
+
const passwordResetToken = jwtService.sign({
|
|
1623
|
+
payload,
|
|
1624
|
+
secret: config.resetPasswordSecret,
|
|
1625
|
+
expiresIn: config.resetPasswordTtl
|
|
1626
|
+
});
|
|
1627
|
+
return passwordResetToken;
|
|
1628
|
+
}
|
|
1629
|
+
function verifyPasswordResetToken({ token }) {
|
|
1630
|
+
const payload = jwtService.verify({
|
|
1631
|
+
token,
|
|
1632
|
+
secret: config.resetPasswordSecret
|
|
1633
|
+
});
|
|
1634
|
+
return payload;
|
|
1635
|
+
}
|
|
1636
|
+
function signEmailVerificationToken() {
|
|
1637
|
+
const emailVerificationToken = jwtService.sign({
|
|
1638
|
+
payload: {},
|
|
1639
|
+
secret: config.verifyEmailSecret,
|
|
1640
|
+
expiresIn: config.verifyEmailTtl
|
|
1641
|
+
});
|
|
1642
|
+
return emailVerificationToken;
|
|
1643
|
+
}
|
|
1644
|
+
async function verifyEmailAndUpdate({
|
|
1645
|
+
token,
|
|
1646
|
+
admin
|
|
1647
|
+
}) {
|
|
1648
|
+
let updatedAdmin = admin;
|
|
1649
|
+
jwtService.verify({
|
|
1650
|
+
token,
|
|
1651
|
+
secret: config.verifyEmailSecret
|
|
1652
|
+
});
|
|
1653
|
+
updatedAdmin = await prisma.admin.update({
|
|
1654
|
+
where: { email: admin.email },
|
|
1655
|
+
data: { emailVerifiedAt: /* @__PURE__ */ new Date() }
|
|
1656
|
+
});
|
|
1657
|
+
return updatedAdmin;
|
|
1658
|
+
}
|
|
1659
|
+
return {
|
|
1660
|
+
verifyCredentials,
|
|
1661
|
+
updatePassword,
|
|
1662
|
+
createRefreshToken,
|
|
1663
|
+
refreshTokens,
|
|
1664
|
+
// reset password
|
|
1665
|
+
signPasswordResetToken,
|
|
1666
|
+
verifyPasswordResetToken,
|
|
1667
|
+
// verify email
|
|
1668
|
+
signEmailVerificationToken,
|
|
1669
|
+
verifyEmailAndUpdate
|
|
1670
|
+
};
|
|
1671
|
+
}
|
|
1672
|
+
|
|
1673
|
+
export { ADMIN_ORDER_BY, ORDER_BY, POST_ORDER_BY, ServerError, createAdminCommandRepository, createAdminQueryRepository, createAdminRefreshTokenCommandRepository, createAdminRefreshTokenQueryRepository, createArgon2Service, createAuthUseCases, createCache, createCacheResult, createCookieService, createCryptoService, createExecuteAction, createExecuteApi, createFileCommandRepository, createFileQueryRepository, createFolderCommandRepository, createFolderQueryRepository, createIpRateLimiter, createJwtService, createPostCommandRepository, createPostQueryRepository, createSeoMetadataCommandRepository, normalizeCacheKey };
|