aaspai-authx 0.1.5 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/express/index.cjs +71 -16
- package/dist/express/index.cjs.map +1 -1
- package/dist/express/index.js +74 -19
- package/dist/express/index.js.map +1 -1
- package/dist/index.cjs +71 -16
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +74 -19
- package/dist/index.js.map +1 -1
- package/dist/nest/index.cjs +71 -16
- package/dist/nest/index.cjs.map +1 -1
- package/dist/nest/index.js +74 -19
- package/dist/nest/index.js.map +1 -1
- package/package.json +1 -1
package/dist/nest/index.js
CHANGED
|
@@ -23,8 +23,8 @@ function loadConfig() {
|
|
|
23
23
|
cookies: {
|
|
24
24
|
domain: process.env.COOKIE_DOMAIN,
|
|
25
25
|
secure: (process.env.COOKIE_SECURE || "true") === "true",
|
|
26
|
-
accessTtlMs: 24 * 60 * 60 * 1e3,
|
|
27
|
-
refreshTtlMs:
|
|
26
|
+
accessTtlMs: 7 * 24 * 60 * 60 * 1e3,
|
|
27
|
+
refreshTtlMs: 30 * 24 * 60 * 60 * 1e3
|
|
28
28
|
},
|
|
29
29
|
oidc: {
|
|
30
30
|
jwtSecret: process.env.JWT_SECRET
|
|
@@ -539,11 +539,11 @@ var AuthAdminService = class {
|
|
|
539
539
|
system: true
|
|
540
540
|
};
|
|
541
541
|
const accessToken = jwt2.sign(payload, process.env.JWT_SECRET, {
|
|
542
|
-
expiresIn: "
|
|
542
|
+
expiresIn: "1d"
|
|
543
543
|
});
|
|
544
544
|
this.token = {
|
|
545
545
|
accessToken,
|
|
546
|
-
exp: now +
|
|
546
|
+
exp: now + 84800
|
|
547
547
|
};
|
|
548
548
|
return this.token.accessToken;
|
|
549
549
|
}
|
|
@@ -568,7 +568,7 @@ var EmailService = class {
|
|
|
568
568
|
}
|
|
569
569
|
});
|
|
570
570
|
}
|
|
571
|
-
sign(payload, ttlSec = 60 * 60 * 24) {
|
|
571
|
+
sign(payload, ttlSec = 60 * 60 * 24 * 30) {
|
|
572
572
|
return jwt3.sign(payload, process.env.EMAIL_JWT_SECRET, {
|
|
573
573
|
expiresIn: ttlSec
|
|
574
574
|
});
|
|
@@ -576,10 +576,10 @@ var EmailService = class {
|
|
|
576
576
|
verify(token) {
|
|
577
577
|
return jwt3.verify(token, process.env.EMAIL_JWT_SECRET);
|
|
578
578
|
}
|
|
579
|
-
async send(to, subject, html) {
|
|
579
|
+
async send(to, subject, html, from) {
|
|
580
580
|
try {
|
|
581
581
|
const info = await this.transporter.sendMail({
|
|
582
|
-
from: process.env.EMAIL_FROM,
|
|
582
|
+
from: from ? `${from} ` + process.env.EMAIL_FROM : process.env.EMAIL_FROM,
|
|
583
583
|
to,
|
|
584
584
|
subject,
|
|
585
585
|
html
|
|
@@ -1018,7 +1018,7 @@ function createAuthRouter(options = {}) {
|
|
|
1018
1018
|
// default: secure in prod
|
|
1019
1019
|
domain: options.cookie?.domain ?? void 0,
|
|
1020
1020
|
path: options.cookie?.path ?? "/",
|
|
1021
|
-
maxAgeMs: options.cookie?.maxAgeMs ?? 24 * 60 * 60 * 1e3
|
|
1021
|
+
maxAgeMs: options.cookie?.maxAgeMs ?? 30 * 24 * 60 * 60 * 1e3
|
|
1022
1022
|
};
|
|
1023
1023
|
r.use(express.json());
|
|
1024
1024
|
r.use(express.urlencoded({ extended: true }));
|
|
@@ -1075,6 +1075,7 @@ function createAuthRouter(options = {}) {
|
|
|
1075
1075
|
projectId,
|
|
1076
1076
|
metadata
|
|
1077
1077
|
} = req.body || {};
|
|
1078
|
+
const COMPANY_NAME = process.env.COMPANY_NAME;
|
|
1078
1079
|
try {
|
|
1079
1080
|
const kcUser = await authAdmin.createUserInRealm({
|
|
1080
1081
|
username: emailAddress,
|
|
@@ -1116,7 +1117,8 @@ function createAuthRouter(options = {}) {
|
|
|
1116
1117
|
}
|
|
1117
1118
|
)}`,
|
|
1118
1119
|
expiresIn: "1 hour"
|
|
1119
|
-
})
|
|
1120
|
+
}),
|
|
1121
|
+
from: COMPANY_NAME
|
|
1120
1122
|
});
|
|
1121
1123
|
if (emailResult.rateLimited) {
|
|
1122
1124
|
return res.status(429).json({
|
|
@@ -1158,7 +1160,7 @@ function createAuthRouter(options = {}) {
|
|
|
1158
1160
|
value
|
|
1159
1161
|
}));
|
|
1160
1162
|
await user.save();
|
|
1161
|
-
res.json({ ok: true,
|
|
1163
|
+
res.json({ ok: true, user });
|
|
1162
1164
|
});
|
|
1163
1165
|
r.get("/verify-email", async (req, res) => {
|
|
1164
1166
|
const token = String(req.query.token || "");
|
|
@@ -1181,6 +1183,7 @@ function createAuthRouter(options = {}) {
|
|
|
1181
1183
|
"/resend-verification-email",
|
|
1182
1184
|
validateResendEmail,
|
|
1183
1185
|
async (req, res) => {
|
|
1186
|
+
const COMPANY_NAME = process.env.COMPANY_NAME;
|
|
1184
1187
|
const user = await OrgUser.findOne({ email: req.body.email });
|
|
1185
1188
|
if (!user)
|
|
1186
1189
|
return res.status(404).json({ ok: false, error: "User not found" });
|
|
@@ -1206,7 +1209,8 @@ function createAuthRouter(options = {}) {
|
|
|
1206
1209
|
}
|
|
1207
1210
|
)}`,
|
|
1208
1211
|
expiresIn: "1 hour"
|
|
1209
|
-
})
|
|
1212
|
+
}),
|
|
1213
|
+
from: COMPANY_NAME
|
|
1210
1214
|
});
|
|
1211
1215
|
if (resendResult.rateLimited) {
|
|
1212
1216
|
return res.status(429).json({
|
|
@@ -1219,6 +1223,7 @@ function createAuthRouter(options = {}) {
|
|
|
1219
1223
|
}
|
|
1220
1224
|
);
|
|
1221
1225
|
r.post("/forgot-password", validateResendEmail, async (req, res) => {
|
|
1226
|
+
const COMPANY_NAME = process.env.COMPANY_NAME;
|
|
1222
1227
|
const user = await OrgUser.findOne({ email: req.body.email });
|
|
1223
1228
|
if (!user)
|
|
1224
1229
|
return res.status(404).json({ ok: false, error: "User not found" });
|
|
@@ -1245,7 +1250,8 @@ function createAuthRouter(options = {}) {
|
|
|
1245
1250
|
}
|
|
1246
1251
|
)}`,
|
|
1247
1252
|
expiresIn: "1 hour"
|
|
1248
|
-
})
|
|
1253
|
+
}),
|
|
1254
|
+
from: COMPANY_NAME
|
|
1249
1255
|
});
|
|
1250
1256
|
if (resetResult.rateLimited) {
|
|
1251
1257
|
return res.status(429).json({
|
|
@@ -1669,13 +1675,14 @@ async function sendRateLimitedEmail({
|
|
|
1669
1675
|
emailService,
|
|
1670
1676
|
user,
|
|
1671
1677
|
subject,
|
|
1672
|
-
html
|
|
1678
|
+
html,
|
|
1679
|
+
from
|
|
1673
1680
|
}) {
|
|
1674
1681
|
const can = emailService.canSend(user?.lastEmailSent || []);
|
|
1675
1682
|
if (!can.ok) {
|
|
1676
1683
|
return { rateLimited: true, waitMs: can.waitMs };
|
|
1677
1684
|
}
|
|
1678
|
-
await emailService.send(user.email, subject, html);
|
|
1685
|
+
await emailService.send(user.email, subject, html, from);
|
|
1679
1686
|
user.lastEmailSent = [...user.lastEmailSent || [], /* @__PURE__ */ new Date()];
|
|
1680
1687
|
await user.save();
|
|
1681
1688
|
return { rateLimited: false };
|
|
@@ -1696,7 +1703,7 @@ function generateTokens(user) {
|
|
|
1696
1703
|
type: "user"
|
|
1697
1704
|
};
|
|
1698
1705
|
const accessToken = jwt4.sign(accessPayload, process.env.JWT_SECRET, {
|
|
1699
|
-
expiresIn: "
|
|
1706
|
+
expiresIn: "1d"
|
|
1700
1707
|
});
|
|
1701
1708
|
const refreshToken = jwt4.sign(
|
|
1702
1709
|
{ sub: user._id.toString() },
|
|
@@ -1732,13 +1739,61 @@ function createDashboardRouter(options) {
|
|
|
1732
1739
|
}
|
|
1733
1740
|
|
|
1734
1741
|
// src/express/email.routes.ts
|
|
1735
|
-
import { Router as Router3 } from "express";
|
|
1742
|
+
import express3, { Router as Router3 } from "express";
|
|
1736
1743
|
function createEmailRouter(options) {
|
|
1737
1744
|
const r = Router3();
|
|
1745
|
+
const emailService = new EmailService();
|
|
1746
|
+
r.use(express3.json());
|
|
1747
|
+
r.use(express3.urlencoded({ extended: true }));
|
|
1738
1748
|
r.get(
|
|
1739
1749
|
"/verify",
|
|
1740
1750
|
(req, res) => res.json({ ok: true, token: req.query.token })
|
|
1741
1751
|
);
|
|
1752
|
+
r.post("/send", async (req, res) => {
|
|
1753
|
+
try {
|
|
1754
|
+
const { userId, to, subject, html, from } = req.body ?? {};
|
|
1755
|
+
if (!to || !subject || !html) {
|
|
1756
|
+
return res.status(400).json({
|
|
1757
|
+
ok: false,
|
|
1758
|
+
error: "BAD_REQUEST",
|
|
1759
|
+
message: "`to`, `subject`, and `html` are required."
|
|
1760
|
+
});
|
|
1761
|
+
}
|
|
1762
|
+
if (userId) {
|
|
1763
|
+
const user = await OrgUser.findOne({ id: userId }).lean();
|
|
1764
|
+
if (!user) {
|
|
1765
|
+
return res.status(404).json({
|
|
1766
|
+
ok: false,
|
|
1767
|
+
error: "NOT_FOUND",
|
|
1768
|
+
message: "User not found."
|
|
1769
|
+
});
|
|
1770
|
+
}
|
|
1771
|
+
const can = emailService.canSend(user?.lastEmailSent || []);
|
|
1772
|
+
if (!can.ok) {
|
|
1773
|
+
return res.status(429).json({
|
|
1774
|
+
ok: false,
|
|
1775
|
+
error: can.reason,
|
|
1776
|
+
waitMs: can.waitMs,
|
|
1777
|
+
message: "Too many emails sent recently. Please retry later."
|
|
1778
|
+
});
|
|
1779
|
+
}
|
|
1780
|
+
}
|
|
1781
|
+
await emailService.send(to, subject, html, from);
|
|
1782
|
+
if (userId) {
|
|
1783
|
+
await OrgUser.updateOne(
|
|
1784
|
+
{ id: userId },
|
|
1785
|
+
{ $push: { lastEmailSent: /* @__PURE__ */ new Date() } }
|
|
1786
|
+
);
|
|
1787
|
+
}
|
|
1788
|
+
return res.json({ ok: true });
|
|
1789
|
+
} catch (err) {
|
|
1790
|
+
return res.status(500).json({
|
|
1791
|
+
ok: false,
|
|
1792
|
+
error: "INTERNAL",
|
|
1793
|
+
message: err?.message ?? "Error"
|
|
1794
|
+
});
|
|
1795
|
+
}
|
|
1796
|
+
});
|
|
1742
1797
|
return r;
|
|
1743
1798
|
}
|
|
1744
1799
|
|
|
@@ -1845,7 +1900,7 @@ function createProjectsRouter(options) {
|
|
|
1845
1900
|
// src/express/admin/admin.routes.ts
|
|
1846
1901
|
import bcrypt3 from "bcryptjs";
|
|
1847
1902
|
import { randomUUID as randomUUID3 } from "crypto";
|
|
1848
|
-
import
|
|
1903
|
+
import express4, { Router as Router5 } from "express";
|
|
1849
1904
|
|
|
1850
1905
|
// src/middlewares/requireRole.ts
|
|
1851
1906
|
function requireRole(...roles) {
|
|
@@ -1908,8 +1963,8 @@ function resolveProjectId(req) {
|
|
|
1908
1963
|
}
|
|
1909
1964
|
function createAdminRouter(_options = {}) {
|
|
1910
1965
|
const r = Router5();
|
|
1911
|
-
r.use(
|
|
1912
|
-
r.use(
|
|
1966
|
+
r.use(express4.json());
|
|
1967
|
+
r.use(express4.urlencoded({ extended: true }));
|
|
1913
1968
|
const adminGuards = [requireAuth(), requireRole("platform_admin")];
|
|
1914
1969
|
r.post(
|
|
1915
1970
|
"/users",
|