@yimingliao/cms 0.0.26 → 0.0.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/index.d.ts +63 -8
- package/dist/server/index.js +129 -22
- package/package.json +1 -1
package/dist/server/index.d.ts
CHANGED
|
@@ -629,15 +629,20 @@ interface CreateAuthUseCases {
|
|
|
629
629
|
jwtService: ReturnType<typeof createJwtService>;
|
|
630
630
|
argon2Service: ReturnType<typeof createArgon2Service>;
|
|
631
631
|
cryptoService: ReturnType<typeof createCryptoService>;
|
|
632
|
+
cookieService: ReturnType<typeof createCookieService>;
|
|
632
633
|
config: {
|
|
634
|
+
refreshTokenName: string;
|
|
635
|
+
refreshTokenTtl: number;
|
|
636
|
+
accessTokenName: string;
|
|
637
|
+
accessTokenSecret: string;
|
|
638
|
+
accessTokenTtl: number;
|
|
633
639
|
resetPasswordSecret: string;
|
|
634
640
|
resetPasswordTtl: number;
|
|
635
641
|
verifyEmailSecret: string;
|
|
636
642
|
verifyEmailTtl: number;
|
|
637
|
-
refreshTokenTtl: number;
|
|
638
643
|
};
|
|
639
644
|
}
|
|
640
|
-
declare function createAuthUseCases({ prisma, adminQueryRepository, adminRefreshTokenCommandRepository, jwtService, argon2Service, cryptoService, config, }: CreateAuthUseCases): {
|
|
645
|
+
declare function createAuthUseCases({ prisma, adminQueryRepository, adminRefreshTokenCommandRepository, jwtService, argon2Service, cryptoService, cookieService, config, }: CreateAuthUseCases): {
|
|
641
646
|
verifyCredentials: ({ email, password, }: {
|
|
642
647
|
email: string;
|
|
643
648
|
password: string;
|
|
@@ -646,6 +651,22 @@ declare function createAuthUseCases({ prisma, adminQueryRepository, adminRefresh
|
|
|
646
651
|
email: string;
|
|
647
652
|
password: string;
|
|
648
653
|
}) => Promise<Admin>;
|
|
654
|
+
createRefreshToken: ({ admin, deviceInfo, ip, }: {
|
|
655
|
+
admin: {
|
|
656
|
+
id: string;
|
|
657
|
+
email: string;
|
|
658
|
+
};
|
|
659
|
+
deviceInfo: DeviceInfo;
|
|
660
|
+
ip: string;
|
|
661
|
+
}) => Promise<string>;
|
|
662
|
+
refreshTokens: ({ admin, deviceInfo, ip, }: {
|
|
663
|
+
admin: {
|
|
664
|
+
id: string;
|
|
665
|
+
email: string;
|
|
666
|
+
};
|
|
667
|
+
deviceInfo: DeviceInfo;
|
|
668
|
+
ip: string;
|
|
669
|
+
}) => Promise<void>;
|
|
649
670
|
signPasswordResetToken: ({ admin }: {
|
|
650
671
|
admin: AdminSafe;
|
|
651
672
|
}) => string;
|
|
@@ -659,13 +680,47 @@ declare function createAuthUseCases({ prisma, adminQueryRepository, adminRefresh
|
|
|
659
680
|
token: string;
|
|
660
681
|
admin: AdminSafe;
|
|
661
682
|
}) => Promise<AdminSafe>;
|
|
662
|
-
createRefreshToken: ({ admin, deviceInfo, ip, }: {
|
|
663
|
-
admin: AdminSafe;
|
|
664
|
-
deviceInfo: DeviceInfo;
|
|
665
|
-
ip: string;
|
|
666
|
-
}) => Promise<string>;
|
|
667
683
|
};
|
|
668
684
|
|
|
685
|
+
interface CreateVerifyAccessTokenOptions {
|
|
686
|
+
adminQueryRepository: ReturnType<typeof createAdminQueryRepository>;
|
|
687
|
+
jwtService: ReturnType<typeof createJwtService>;
|
|
688
|
+
cryptoService: ReturnType<typeof createCryptoService>;
|
|
689
|
+
cookieService: ReturnType<typeof createCookieService>;
|
|
690
|
+
config: {
|
|
691
|
+
accessTokenName: string;
|
|
692
|
+
accessTokenSecret: string;
|
|
693
|
+
};
|
|
694
|
+
}
|
|
695
|
+
declare function createVerifyAccessToken({ adminQueryRepository, jwtService, cryptoService, cookieService, config, }: CreateVerifyAccessTokenOptions): () => Promise<{
|
|
696
|
+
admin: AdminFull;
|
|
697
|
+
} | null>;
|
|
698
|
+
|
|
699
|
+
interface CreateVerifyRefreshTokenOptions {
|
|
700
|
+
adminQueryRepository: ReturnType<typeof createAdminQueryRepository>;
|
|
701
|
+
adminRefreshTokenQueryRepository: ReturnType<typeof createAdminRefreshTokenQueryRepository>;
|
|
702
|
+
cryptoService: ReturnType<typeof createCryptoService>;
|
|
703
|
+
cookieService: ReturnType<typeof createCookieService>;
|
|
704
|
+
config: {
|
|
705
|
+
refreshTokenName: string;
|
|
706
|
+
};
|
|
707
|
+
}
|
|
708
|
+
declare function createVerifyRefreshToken({ adminQueryRepository, adminRefreshTokenQueryRepository, cryptoService, cookieService, config, }: CreateVerifyRefreshTokenOptions): () => Promise<{
|
|
709
|
+
adminRefreshToken: AdminRefreshToken;
|
|
710
|
+
admin: AdminFull;
|
|
711
|
+
} | null>;
|
|
712
|
+
|
|
713
|
+
interface CreateAuthMiddlewareOptions {
|
|
714
|
+
adminRefreshTokenCommandRepository: ReturnType<typeof createAdminRefreshTokenCommandRepository>;
|
|
715
|
+
authUseCases: ReturnType<typeof createAuthUseCases>;
|
|
716
|
+
verifyAccessToken: ReturnType<typeof createVerifyAccessToken>;
|
|
717
|
+
verifyRefreshToken: ReturnType<typeof createVerifyRefreshToken>;
|
|
718
|
+
headers: () => Promise<Headers>;
|
|
719
|
+
}
|
|
720
|
+
declare function createAuthMiddleware({ adminRefreshTokenCommandRepository, authUseCases, verifyAccessToken, verifyRefreshToken, headers, }: CreateAuthMiddlewareOptions): Promise<{
|
|
721
|
+
authenticate(): Promise<AdminFull>;
|
|
722
|
+
}>;
|
|
723
|
+
|
|
669
724
|
declare class ServerError extends Error {
|
|
670
725
|
readonly i18nKey?: string;
|
|
671
726
|
readonly statusCode?: number;
|
|
@@ -684,4 +739,4 @@ declare class ServerError extends Error {
|
|
|
684
739
|
static internalServerError(): ServerError;
|
|
685
740
|
}
|
|
686
741
|
|
|
687
|
-
export { ADMIN_ORDER_BY, ORDER_BY, POST_ORDER_BY, type RawCacheKey, ServerError, createAdminCommandRepository, createAdminQueryRepository, createAdminRefreshTokenCommandRepository, createAdminRefreshTokenQueryRepository, createArgon2Service, createAuthUseCases, createCache, createCacheResult, createCookieService, createCryptoService, createExecuteAction, createExecuteApi, createFileCommandRepository, createFileQueryRepository, createFolderCommandRepository, createFolderQueryRepository, createIpRateLimiter, createJwtService, createPostCommandRepository, createPostQueryRepository, createSeoMetadataCommandRepository, normalizeCacheKey };
|
|
742
|
+
export { ADMIN_ORDER_BY, ORDER_BY, POST_ORDER_BY, type RawCacheKey, ServerError, createAdminCommandRepository, createAdminQueryRepository, createAdminRefreshTokenCommandRepository, createAdminRefreshTokenQueryRepository, createArgon2Service, createAuthMiddleware, createAuthUseCases, createCache, createCacheResult, createCookieService, createCryptoService, createExecuteAction, createExecuteApi, createFileCommandRepository, createFileQueryRepository, createFolderCommandRepository, createFolderQueryRepository, createIpRateLimiter, createJwtService, createPostCommandRepository, createPostQueryRepository, createSeoMetadataCommandRepository, createVerifyAccessToken, createVerifyRefreshToken, normalizeCacheKey };
|
package/dist/server/index.js
CHANGED
|
@@ -1458,7 +1458,7 @@ var ServerError = class _ServerError extends Error {
|
|
|
1458
1458
|
}
|
|
1459
1459
|
};
|
|
1460
1460
|
|
|
1461
|
-
// src/server/interfaces/normalize-error.ts
|
|
1461
|
+
// src/server/interfaces/execution/normalize-error.ts
|
|
1462
1462
|
var normalizeError = (error, translator) => {
|
|
1463
1463
|
if (error instanceof ZodError) {
|
|
1464
1464
|
const errors = error.issues.map((issue) => {
|
|
@@ -1488,7 +1488,7 @@ var normalizeError = (error, translator) => {
|
|
|
1488
1488
|
};
|
|
1489
1489
|
};
|
|
1490
1490
|
|
|
1491
|
-
// src/server/interfaces/execute-action/create-execute-action.ts
|
|
1491
|
+
// src/server/interfaces/execution/execute-action/create-execute-action.ts
|
|
1492
1492
|
function createExecuteAction({
|
|
1493
1493
|
initI18n,
|
|
1494
1494
|
cacheResult,
|
|
@@ -1546,6 +1546,89 @@ function createExecuteApi({
|
|
|
1546
1546
|
};
|
|
1547
1547
|
}
|
|
1548
1548
|
|
|
1549
|
+
// src/server/interfaces/middlewares/auth/create-auth-middleware.ts
|
|
1550
|
+
async function createAuthMiddleware({
|
|
1551
|
+
adminRefreshTokenCommandRepository,
|
|
1552
|
+
authUseCases,
|
|
1553
|
+
verifyAccessToken,
|
|
1554
|
+
verifyRefreshToken,
|
|
1555
|
+
headers: headers2
|
|
1556
|
+
}) {
|
|
1557
|
+
const authMiddleware = {
|
|
1558
|
+
async authenticate() {
|
|
1559
|
+
const verifiedAccessToken = await verifyAccessToken();
|
|
1560
|
+
if (verifiedAccessToken) return verifiedAccessToken.admin;
|
|
1561
|
+
const verifiedRefreshToken = await verifyRefreshToken();
|
|
1562
|
+
if (!verifiedRefreshToken) throw ServerError.unauthorized();
|
|
1563
|
+
const { adminRefreshToken, admin } = verifiedRefreshToken;
|
|
1564
|
+
await adminRefreshTokenCommandRepository.delete({
|
|
1565
|
+
id: adminRefreshToken.id
|
|
1566
|
+
});
|
|
1567
|
+
await authUseCases.refreshTokens({
|
|
1568
|
+
admin,
|
|
1569
|
+
deviceInfo: adminRefreshToken.deviceInfo,
|
|
1570
|
+
ip: (await headers2()).get("x-forwarded-for") || "unknown"
|
|
1571
|
+
});
|
|
1572
|
+
return admin;
|
|
1573
|
+
}
|
|
1574
|
+
};
|
|
1575
|
+
return authMiddleware;
|
|
1576
|
+
}
|
|
1577
|
+
|
|
1578
|
+
// src/server/interfaces/middlewares/auth/create-verify-access-token.ts
|
|
1579
|
+
function createVerifyAccessToken({
|
|
1580
|
+
adminQueryRepository,
|
|
1581
|
+
jwtService,
|
|
1582
|
+
cryptoService,
|
|
1583
|
+
cookieService,
|
|
1584
|
+
config
|
|
1585
|
+
}) {
|
|
1586
|
+
return async function verifyAccessToken() {
|
|
1587
|
+
try {
|
|
1588
|
+
const token = await cookieService.getSignedCookie({
|
|
1589
|
+
name: config.accessTokenName
|
|
1590
|
+
});
|
|
1591
|
+
const payload = jwtService.verify({
|
|
1592
|
+
token,
|
|
1593
|
+
secret: cryptoService.hash(config.accessTokenSecret)
|
|
1594
|
+
});
|
|
1595
|
+
const admin = await adminQueryRepository.findFull({
|
|
1596
|
+
id: payload["id"]
|
|
1597
|
+
});
|
|
1598
|
+
return admin ? { admin } : null;
|
|
1599
|
+
} catch {
|
|
1600
|
+
return null;
|
|
1601
|
+
}
|
|
1602
|
+
};
|
|
1603
|
+
}
|
|
1604
|
+
|
|
1605
|
+
// src/server/interfaces/middlewares/auth/create-verify-refresh-token.ts
|
|
1606
|
+
function createVerifyRefreshToken({
|
|
1607
|
+
adminQueryRepository,
|
|
1608
|
+
adminRefreshTokenQueryRepository,
|
|
1609
|
+
cryptoService,
|
|
1610
|
+
cookieService,
|
|
1611
|
+
config
|
|
1612
|
+
}) {
|
|
1613
|
+
return async function verifyRefreshToken() {
|
|
1614
|
+
try {
|
|
1615
|
+
const token = await cookieService.getSignedCookie({
|
|
1616
|
+
name: config.refreshTokenName
|
|
1617
|
+
});
|
|
1618
|
+
const adminRefreshToken = await adminRefreshTokenQueryRepository.findByToken({
|
|
1619
|
+
tokenHash: cryptoService.hash(token)
|
|
1620
|
+
});
|
|
1621
|
+
if (!adminRefreshToken) return null;
|
|
1622
|
+
const admin = await adminQueryRepository.findFull({
|
|
1623
|
+
id: adminRefreshToken.adminId
|
|
1624
|
+
});
|
|
1625
|
+
return admin ? { adminRefreshToken, admin } : null;
|
|
1626
|
+
} catch {
|
|
1627
|
+
return null;
|
|
1628
|
+
}
|
|
1629
|
+
};
|
|
1630
|
+
}
|
|
1631
|
+
|
|
1549
1632
|
// src/server/applications/auth/create-auth-use-cases.ts
|
|
1550
1633
|
function createAuthUseCases({
|
|
1551
1634
|
prisma,
|
|
@@ -1554,6 +1637,7 @@ function createAuthUseCases({
|
|
|
1554
1637
|
jwtService,
|
|
1555
1638
|
argon2Service,
|
|
1556
1639
|
cryptoService,
|
|
1640
|
+
cookieService,
|
|
1557
1641
|
config
|
|
1558
1642
|
}) {
|
|
1559
1643
|
async function verifyCredentials({
|
|
@@ -1577,6 +1661,45 @@ function createAuthUseCases({
|
|
|
1577
1661
|
});
|
|
1578
1662
|
return updatedAdmin;
|
|
1579
1663
|
}
|
|
1664
|
+
async function createRefreshToken({
|
|
1665
|
+
admin,
|
|
1666
|
+
deviceInfo,
|
|
1667
|
+
ip
|
|
1668
|
+
}) {
|
|
1669
|
+
const token = cryptoService.generateToken();
|
|
1670
|
+
const tokenHash = cryptoService.hash(token);
|
|
1671
|
+
await adminRefreshTokenCommandRepository.create({
|
|
1672
|
+
tokenHash,
|
|
1673
|
+
ip,
|
|
1674
|
+
deviceInfo,
|
|
1675
|
+
expiresAt: new Date(Date.now() + config.refreshTokenTtl * 1e3),
|
|
1676
|
+
adminId: admin.id,
|
|
1677
|
+
email: admin.email
|
|
1678
|
+
});
|
|
1679
|
+
return token;
|
|
1680
|
+
}
|
|
1681
|
+
async function refreshTokens({
|
|
1682
|
+
admin,
|
|
1683
|
+
deviceInfo,
|
|
1684
|
+
ip
|
|
1685
|
+
}) {
|
|
1686
|
+
const token = await createRefreshToken({ admin, deviceInfo, ip });
|
|
1687
|
+
await cookieService.setSignedCookie({
|
|
1688
|
+
name: config.refreshTokenName,
|
|
1689
|
+
value: token,
|
|
1690
|
+
expireSeconds: config.refreshTokenTtl
|
|
1691
|
+
});
|
|
1692
|
+
const accessToken = jwtService.sign({
|
|
1693
|
+
payload: { id: admin.id },
|
|
1694
|
+
secret: cryptoService.hash(config.accessTokenSecret),
|
|
1695
|
+
expiresIn: config.accessTokenTtl
|
|
1696
|
+
});
|
|
1697
|
+
await cookieService.setSignedCookie({
|
|
1698
|
+
name: config.accessTokenName,
|
|
1699
|
+
value: accessToken,
|
|
1700
|
+
expireSeconds: config.accessTokenTtl
|
|
1701
|
+
});
|
|
1702
|
+
}
|
|
1580
1703
|
function signPasswordResetToken({ admin }) {
|
|
1581
1704
|
const payload = { email: admin.email };
|
|
1582
1705
|
const passwordResetToken = jwtService.sign({
|
|
@@ -1616,34 +1739,18 @@ function createAuthUseCases({
|
|
|
1616
1739
|
});
|
|
1617
1740
|
return updatedAdmin;
|
|
1618
1741
|
}
|
|
1619
|
-
async function createRefreshToken({
|
|
1620
|
-
admin,
|
|
1621
|
-
deviceInfo,
|
|
1622
|
-
ip
|
|
1623
|
-
}) {
|
|
1624
|
-
const token = cryptoService.generateToken();
|
|
1625
|
-
const tokenHash = cryptoService.hash(token);
|
|
1626
|
-
await adminRefreshTokenCommandRepository.create({
|
|
1627
|
-
tokenHash,
|
|
1628
|
-
ip,
|
|
1629
|
-
deviceInfo,
|
|
1630
|
-
expiresAt: new Date(Date.now() + config.refreshTokenTtl * 1e3),
|
|
1631
|
-
adminId: admin.id,
|
|
1632
|
-
email: admin.email
|
|
1633
|
-
});
|
|
1634
|
-
return token;
|
|
1635
|
-
}
|
|
1636
1742
|
return {
|
|
1637
1743
|
verifyCredentials,
|
|
1638
1744
|
updatePassword,
|
|
1745
|
+
createRefreshToken,
|
|
1746
|
+
refreshTokens,
|
|
1639
1747
|
// reset password
|
|
1640
1748
|
signPasswordResetToken,
|
|
1641
1749
|
verifyPasswordResetToken,
|
|
1642
1750
|
// verify email
|
|
1643
1751
|
signEmailVerificationToken,
|
|
1644
|
-
verifyEmailAndUpdate
|
|
1645
|
-
createRefreshToken
|
|
1752
|
+
verifyEmailAndUpdate
|
|
1646
1753
|
};
|
|
1647
1754
|
}
|
|
1648
1755
|
|
|
1649
|
-
export { ADMIN_ORDER_BY, ORDER_BY, POST_ORDER_BY, ServerError, createAdminCommandRepository, createAdminQueryRepository, createAdminRefreshTokenCommandRepository, createAdminRefreshTokenQueryRepository, createArgon2Service, createAuthUseCases, createCache, createCacheResult, createCookieService, createCryptoService, createExecuteAction, createExecuteApi, createFileCommandRepository, createFileQueryRepository, createFolderCommandRepository, createFolderQueryRepository, createIpRateLimiter, createJwtService, createPostCommandRepository, createPostQueryRepository, createSeoMetadataCommandRepository, normalizeCacheKey };
|
|
1756
|
+
export { ADMIN_ORDER_BY, ORDER_BY, POST_ORDER_BY, ServerError, createAdminCommandRepository, createAdminQueryRepository, createAdminRefreshTokenCommandRepository, createAdminRefreshTokenQueryRepository, createArgon2Service, createAuthMiddleware, createAuthUseCases, createCache, createCacheResult, createCookieService, createCryptoService, createExecuteAction, createExecuteApi, createFileCommandRepository, createFileQueryRepository, createFolderCommandRepository, createFolderQueryRepository, createIpRateLimiter, createJwtService, createPostCommandRepository, createPostQueryRepository, createSeoMetadataCommandRepository, createVerifyAccessToken, createVerifyRefreshToken, normalizeCacheKey };
|