aaspai-authx 0.0.2 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/express/index.cjs +87 -69
- package/dist/express/index.cjs.map +1 -1
- package/dist/express/index.js +87 -69
- package/dist/express/index.js.map +1 -1
- package/dist/index.cjs +121 -87
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +20 -20
- package/dist/index.d.ts +20 -20
- package/dist/index.js +121 -87
- package/dist/index.js.map +1 -1
- package/dist/nest/index.cjs +87 -69
- package/dist/nest/index.cjs.map +1 -1
- package/dist/nest/index.js +87 -69
- package/dist/nest/index.js.map +1 -1
- package/package.json +1 -1
package/dist/express/index.cjs
CHANGED
|
@@ -111,26 +111,15 @@ function isPlainObject(value) {
|
|
|
111
111
|
var PLATFORM_ROLES = [
|
|
112
112
|
{
|
|
113
113
|
role: "platform_admin",
|
|
114
|
-
permissions: [
|
|
115
|
-
"projects.create",
|
|
116
|
-
"projects.read",
|
|
117
|
-
"projects.update",
|
|
118
|
-
"projects.delete",
|
|
119
|
-
"users.manage",
|
|
120
|
-
"api.manage"
|
|
121
|
-
]
|
|
114
|
+
permissions: []
|
|
122
115
|
},
|
|
123
116
|
{
|
|
124
117
|
role: "platform_manager",
|
|
125
|
-
permissions: [
|
|
126
|
-
"projects.read",
|
|
127
|
-
"projects.update",
|
|
128
|
-
"users.read"
|
|
129
|
-
]
|
|
118
|
+
permissions: []
|
|
130
119
|
},
|
|
131
120
|
{
|
|
132
121
|
role: "platform_user",
|
|
133
|
-
permissions: [
|
|
122
|
+
permissions: []
|
|
134
123
|
}
|
|
135
124
|
];
|
|
136
125
|
function getPermissionsForRoles(roles) {
|
|
@@ -188,17 +177,36 @@ function buildSession(payload) {
|
|
|
188
177
|
return session;
|
|
189
178
|
}
|
|
190
179
|
|
|
191
|
-
// src/models/
|
|
180
|
+
// src/models/rolePermission.model.ts
|
|
192
181
|
var import_mongoose = __toESM(require("mongoose"), 1);
|
|
182
|
+
var RolePermissionSchema = new import_mongoose.Schema(
|
|
183
|
+
{
|
|
184
|
+
orgId: { type: String, default: null, index: true },
|
|
185
|
+
role: { type: String, required: true },
|
|
186
|
+
permissions: { type: [String], default: [] }
|
|
187
|
+
},
|
|
188
|
+
{
|
|
189
|
+
timestamps: true
|
|
190
|
+
}
|
|
191
|
+
);
|
|
192
|
+
RolePermissionSchema.index({ orgId: 1, role: 1 }, { unique: true });
|
|
193
|
+
var RolePermissionModel = import_mongoose.default.model(
|
|
194
|
+
"RolePermission",
|
|
195
|
+
RolePermissionSchema,
|
|
196
|
+
"role_permissions"
|
|
197
|
+
);
|
|
198
|
+
|
|
199
|
+
// src/models/user.model.ts
|
|
200
|
+
var import_mongoose2 = __toESM(require("mongoose"), 1);
|
|
193
201
|
var import_uuid = require("uuid");
|
|
194
|
-
var MetadataSchema = new
|
|
202
|
+
var MetadataSchema = new import_mongoose2.default.Schema(
|
|
195
203
|
{
|
|
196
204
|
key: { type: String, required: true },
|
|
197
|
-
value: { type:
|
|
205
|
+
value: { type: import_mongoose2.default.Schema.Types.Mixed, required: true }
|
|
198
206
|
},
|
|
199
207
|
{ _id: false }
|
|
200
208
|
);
|
|
201
|
-
var OrgUserSchema = new
|
|
209
|
+
var OrgUserSchema = new import_mongoose2.default.Schema(
|
|
202
210
|
{
|
|
203
211
|
id: { type: String, default: (0, import_uuid.v4)(), index: true },
|
|
204
212
|
email: { type: String, required: true, unique: true },
|
|
@@ -215,7 +223,7 @@ var OrgUserSchema = new import_mongoose.default.Schema(
|
|
|
215
223
|
},
|
|
216
224
|
{ timestamps: true, collection: "users" }
|
|
217
225
|
);
|
|
218
|
-
var OrgUser =
|
|
226
|
+
var OrgUser = import_mongoose2.default.model("OrgUser", OrgUserSchema);
|
|
219
227
|
|
|
220
228
|
// src/utils/extract.ts
|
|
221
229
|
var import_cookie = require("cookie");
|
|
@@ -280,6 +288,27 @@ function verifyJwt(token) {
|
|
|
280
288
|
}
|
|
281
289
|
|
|
282
290
|
// src/middlewares/auth.middleware.ts
|
|
291
|
+
async function mergeRolePermissions(session) {
|
|
292
|
+
const roles = Array.isArray(session.roles) ? session.roles : [];
|
|
293
|
+
if (!roles.length) return;
|
|
294
|
+
const orgContexts = /* @__PURE__ */ new Set();
|
|
295
|
+
if (session.orgId) orgContexts.add(session.orgId);
|
|
296
|
+
if (session.org_id) orgContexts.add(session.org_id);
|
|
297
|
+
if (session.projectId) orgContexts.add(session.projectId);
|
|
298
|
+
orgContexts.add(null);
|
|
299
|
+
const docs = await RolePermissionModel.find({
|
|
300
|
+
orgId: { $in: Array.from(orgContexts) },
|
|
301
|
+
role: { $in: roles }
|
|
302
|
+
}).lean().exec();
|
|
303
|
+
const dynamic = /* @__PURE__ */ new Set();
|
|
304
|
+
for (const doc of docs) {
|
|
305
|
+
for (const perm of doc.permissions || []) {
|
|
306
|
+
if (perm) dynamic.add(perm);
|
|
307
|
+
}
|
|
308
|
+
}
|
|
309
|
+
const existing = Array.isArray(session.permissions) ? session.permissions : [];
|
|
310
|
+
session.permissions = Array.from(/* @__PURE__ */ new Set([...existing, ...dynamic]));
|
|
311
|
+
}
|
|
283
312
|
function requireAuth() {
|
|
284
313
|
return async (req, res, next) => {
|
|
285
314
|
try {
|
|
@@ -296,26 +325,32 @@ function requireAuth() {
|
|
|
296
325
|
if (!user) {
|
|
297
326
|
return res.status(401).json({ error: "User not found" });
|
|
298
327
|
}
|
|
299
|
-
const
|
|
328
|
+
const session = buildSession({
|
|
300
329
|
sub: user.id.toString(),
|
|
301
330
|
email: user.email,
|
|
302
|
-
roles: user.roles || []
|
|
331
|
+
roles: user.roles || [],
|
|
332
|
+
orgId: user.orgId,
|
|
333
|
+
org_id: user.orgId,
|
|
334
|
+
projectId: user.projectId
|
|
303
335
|
});
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
336
|
+
session.authType = "api-key";
|
|
337
|
+
session.projectId = readProjectId(req) || user.projectId || void 0;
|
|
338
|
+
await mergeRolePermissions(session);
|
|
339
|
+
req.user = session;
|
|
307
340
|
return next();
|
|
341
|
+
} else {
|
|
342
|
+
const token = extractToken(req);
|
|
343
|
+
if (!token) {
|
|
344
|
+
return res.status(401).json({ error: "Missing token" });
|
|
345
|
+
}
|
|
346
|
+
const claims = await verifyJwt(token);
|
|
347
|
+
const session = buildSession(claims);
|
|
348
|
+
const pid = readProjectId(req);
|
|
349
|
+
if (pid) session.projectId = pid;
|
|
350
|
+
await mergeRolePermissions(session);
|
|
351
|
+
req.user = session;
|
|
352
|
+
next();
|
|
308
353
|
}
|
|
309
|
-
const token = extractToken(req);
|
|
310
|
-
if (!token) {
|
|
311
|
-
return res.status(401).json({ error: "Missing token" });
|
|
312
|
-
}
|
|
313
|
-
const claims = await verifyJwt(token);
|
|
314
|
-
const session = buildSession(claims);
|
|
315
|
-
const pid = readProjectId(req);
|
|
316
|
-
if (pid) session.projectId = pid;
|
|
317
|
-
req.user = session;
|
|
318
|
-
next();
|
|
319
354
|
} catch (e) {
|
|
320
355
|
res.status(401).json({ error: e?.message || "Unauthorized" });
|
|
321
356
|
}
|
|
@@ -369,8 +404,8 @@ function validateSendInvite(req, res, next) {
|
|
|
369
404
|
}
|
|
370
405
|
|
|
371
406
|
// src/models/invite.model.ts
|
|
372
|
-
var
|
|
373
|
-
var InviteSchema = new
|
|
407
|
+
var import_mongoose3 = __toESM(require("mongoose"), 1);
|
|
408
|
+
var InviteSchema = new import_mongoose3.default.Schema(
|
|
374
409
|
{
|
|
375
410
|
id: { type: String, required: true, index: true },
|
|
376
411
|
email: { type: String, required: true },
|
|
@@ -388,15 +423,15 @@ var InviteSchema = new import_mongoose2.default.Schema(
|
|
|
388
423
|
},
|
|
389
424
|
{ timestamps: true, collection: "invites" }
|
|
390
425
|
);
|
|
391
|
-
var Invite =
|
|
426
|
+
var Invite = import_mongoose3.default.model("Invite", InviteSchema);
|
|
392
427
|
|
|
393
428
|
// src/services/auth-admin.service.ts
|
|
394
429
|
var import_bcrypt = __toESM(require("bcrypt"), 1);
|
|
395
430
|
var import_jsonwebtoken2 = __toESM(require("jsonwebtoken"), 1);
|
|
396
431
|
|
|
397
432
|
// src/models/client.model.ts
|
|
398
|
-
var
|
|
399
|
-
var ClientSchema = new
|
|
433
|
+
var import_mongoose4 = __toESM(require("mongoose"), 1);
|
|
434
|
+
var ClientSchema = new import_mongoose4.Schema(
|
|
400
435
|
{
|
|
401
436
|
clientId: {
|
|
402
437
|
type: String,
|
|
@@ -424,26 +459,7 @@ var ClientSchema = new import_mongoose3.Schema(
|
|
|
424
459
|
timestamps: true
|
|
425
460
|
}
|
|
426
461
|
);
|
|
427
|
-
var ClientModel =
|
|
428
|
-
|
|
429
|
-
// src/models/rolePermission.model.ts
|
|
430
|
-
var import_mongoose4 = __toESM(require("mongoose"), 1);
|
|
431
|
-
var RolePermissionSchema = new import_mongoose4.Schema(
|
|
432
|
-
{
|
|
433
|
-
orgId: { type: String, default: null, index: true },
|
|
434
|
-
role: { type: String, required: true },
|
|
435
|
-
permissions: { type: [String], default: [] }
|
|
436
|
-
},
|
|
437
|
-
{
|
|
438
|
-
timestamps: true
|
|
439
|
-
}
|
|
440
|
-
);
|
|
441
|
-
RolePermissionSchema.index({ orgId: 1, role: 1 }, { unique: true });
|
|
442
|
-
var RolePermissionModel = import_mongoose4.default.model(
|
|
443
|
-
"RolePermission",
|
|
444
|
-
RolePermissionSchema,
|
|
445
|
-
"role_permissions"
|
|
446
|
-
);
|
|
462
|
+
var ClientModel = import_mongoose4.default.models.Client || import_mongoose4.default.model("Client", ClientSchema);
|
|
447
463
|
|
|
448
464
|
// src/services/auth-admin.service.ts
|
|
449
465
|
var AuthAdminService = class {
|
|
@@ -1037,16 +1053,18 @@ async function sendRateLimitedEmail({
|
|
|
1037
1053
|
return { rateLimited: false };
|
|
1038
1054
|
}
|
|
1039
1055
|
function generateTokens(user) {
|
|
1040
|
-
const
|
|
1041
|
-
|
|
1042
|
-
|
|
1043
|
-
|
|
1044
|
-
|
|
1045
|
-
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
|
|
1049
|
-
|
|
1056
|
+
const accessPayload = {
|
|
1057
|
+
sub: user.id.toString(),
|
|
1058
|
+
email: user.email,
|
|
1059
|
+
roles: user.roles || [],
|
|
1060
|
+
orgId: user.orgId || null,
|
|
1061
|
+
org_id: user.orgId || null,
|
|
1062
|
+
projectId: user.projectId || null,
|
|
1063
|
+
type: "user"
|
|
1064
|
+
};
|
|
1065
|
+
const accessToken = import_jsonwebtoken4.default.sign(accessPayload, process.env.JWT_SECRET, {
|
|
1066
|
+
expiresIn: "1h"
|
|
1067
|
+
});
|
|
1050
1068
|
const refreshToken = import_jsonwebtoken4.default.sign(
|
|
1051
1069
|
{ sub: user._id.toString() },
|
|
1052
1070
|
process.env.JWT_SECRET,
|