aloux-iam 0.0.6 → 0.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/auth.js +91 -0
- package/lib/models/User.js +1 -1
- package/lib/router.js +1 -1
- package/lib/swagger.yaml +1 -1
- package/package.json +1 -1
package/lib/auth.js
ADDED
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
const jwt = require('jsonwebtoken')
|
|
2
|
+
const User = require('./models/User')
|
|
3
|
+
const Permission = require('./models/Permission')
|
|
4
|
+
|
|
5
|
+
const getAccess = (user, resource) => {
|
|
6
|
+
for(let i in user._functions){
|
|
7
|
+
for(let j in user._functions[i]._permissions){
|
|
8
|
+
if(user._functions[i]._permissions[j].status === 'Activo'){
|
|
9
|
+
const permissionBack = user._functions[i]._permissions[j].method + ' ' + user._functions[i]._permissions[j].endpoint
|
|
10
|
+
if(permissionBack === resource.method + ' ' + resource.endpoint){
|
|
11
|
+
return true
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
return false
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
const auth = async(req, res, next) => {
|
|
20
|
+
|
|
21
|
+
try {
|
|
22
|
+
|
|
23
|
+
let token = req.cookies.token || req.header('Authorization')
|
|
24
|
+
|
|
25
|
+
if (!token) {
|
|
26
|
+
throw {
|
|
27
|
+
code: 401,
|
|
28
|
+
title: 'Error de autenticación',
|
|
29
|
+
detail: 'Endpoint requiere token',
|
|
30
|
+
suggestion: 'Vuelve a iniciar sesion',
|
|
31
|
+
error: new Error()
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
token = token.replace('Bearer ', '')
|
|
36
|
+
|
|
37
|
+
const data = jwt.verify(token, process.env.AUTH_SECRET)
|
|
38
|
+
const user = await User.findOne({ _id: data._id, 'tokens.token': token, status: 'Activo' }, {"tokens":0,pwd:0}).populate({ path: "_functions", populate: [{ path: "_permissions"}] }).lean()
|
|
39
|
+
|
|
40
|
+
if (!user) {
|
|
41
|
+
throw {
|
|
42
|
+
code: 401,
|
|
43
|
+
title: 'Error de autenticación',
|
|
44
|
+
detail: 'No se encontró el usuario',
|
|
45
|
+
suggestion: 'Vuelve a iniciar sesion',
|
|
46
|
+
error: new Error()
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
const resource = await Permission.findOne({ method: req.originalMethod, endpoint: req.route.path }).lean()
|
|
51
|
+
if(!resource){
|
|
52
|
+
throw {
|
|
53
|
+
code: 403,
|
|
54
|
+
title: 'Error de recurso',
|
|
55
|
+
detail: 'No se encontro dado de alta el privilegio del endpoint: [' + req.route.path + ']',
|
|
56
|
+
suggestion: 'Contacta con el administrador',
|
|
57
|
+
error: new Error()
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
if(!resource.default){
|
|
62
|
+
const access = getAccess(user, resource)
|
|
63
|
+
if (!access) {
|
|
64
|
+
throw {
|
|
65
|
+
code: 403,
|
|
66
|
+
title: 'Error de permisos',
|
|
67
|
+
detail: 'No cuentas con permisos para el recurso [' + resource.api +'] que: ' + (resource ? resource.description : 'Recurso indefinido' ),
|
|
68
|
+
suggestion: 'Contacta con el administrador',
|
|
69
|
+
error: new Error()
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
req.user = user
|
|
75
|
+
req.token = token
|
|
76
|
+
next()
|
|
77
|
+
} catch (error) {
|
|
78
|
+
let obj = error
|
|
79
|
+
if(!error.code){
|
|
80
|
+
obj = {
|
|
81
|
+
code: 401,
|
|
82
|
+
title: 'Error de autenticación',
|
|
83
|
+
detail: error.message,
|
|
84
|
+
suggestion: 'Vuelve a iniciar sesion'
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
res.status(obj.code).send(obj)
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
module.exports = auth
|
package/lib/models/User.js
CHANGED
|
@@ -5,7 +5,7 @@ const ObjectId = mongoose.Schema.Types.ObjectId
|
|
|
5
5
|
|
|
6
6
|
const adminSchema = mongoose.Schema({
|
|
7
7
|
name: { type: String, required: true, trim: true },
|
|
8
|
-
lastName: { type: String, required:
|
|
8
|
+
lastName: { type: String, required: false, trim: true },
|
|
9
9
|
email: { type: String, required: true, trim: true, unique: true, lowercase: true },
|
|
10
10
|
pwd: { type: String, required: true, trim: true, minLength: 8 },
|
|
11
11
|
phone: { type: String, trim: true, maxLength: 13 },
|
package/lib/router.js
CHANGED
|
@@ -13,7 +13,7 @@ router.post('/iam/auth/email', auth.email)
|
|
|
13
13
|
router.post('/iam/auth/login', auth.login)
|
|
14
14
|
router.post('/iam/auth/forgot/password', auth.recoverpassword)
|
|
15
15
|
router.post('/iam/auth/validate/code', auth.verifyCode)
|
|
16
|
-
router.post('/iam/auth/verify/mail', auth.sendVerifyMailAccount)
|
|
16
|
+
router.post('/iam/auth/verify/mail', auth.sendVerifyMailAccount)
|
|
17
17
|
router.get('/iam/auth/verify/mail/token/:token', auth.verifyMailTokenAccount)
|
|
18
18
|
router.post('/iam/auth/reset/password', auth.resetPassword)
|
|
19
19
|
router.post('/iam/auth/signup', auth.createCustomer)
|
package/lib/swagger.yaml
CHANGED