alp-node-auth 5.2.0 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.eslintrc.json +1 -1
- package/CHANGELOG.md +51 -0
- package/dist/MongoUsersManager.d.ts.map +1 -1
- package/dist/authSocketIO.d.ts.map +1 -1
- package/dist/{index-node12-dev.mjs → index-node14.mjs} +43 -30
- package/dist/index-node14.mjs.map +1 -0
- package/dist/index.d.ts +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/services/authentification/AuthenticationService.d.ts.map +1 -1
- package/dist/services/user/UserAccountGoogleService.d.ts.map +1 -1
- package/dist/services/user/UserAccountSlackService.d.ts.map +1 -1
- package/dist/services/user/UserAccountsService.d.ts.map +1 -1
- package/dist/utils/cookies.d.ts.map +1 -1
- package/dist/utils/createFindConnectedAndUser.d.ts +2 -2
- package/dist/utils/createFindConnectedAndUser.d.ts.map +1 -1
- package/package.json +18 -24
- package/rollup.config.mjs +3 -0
- package/src/.eslintrc.json +19 -2
- package/src/MongoUsersManager.ts +2 -1
- package/src/authApolloContext.ts +4 -4
- package/src/authSocketIO.ts +5 -4
- package/src/createAuthController.ts +2 -2
- package/src/index.ts +17 -6
- package/src/services/authentification/AuthenticationService.ts +5 -3
- package/src/services/user/UserAccountGoogleService.ts +8 -5
- package/src/services/user/UserAccountSlackService.ts +7 -5
- package/src/services/user/UserAccountsService.ts +10 -9
- package/src/utils/cookies.ts +2 -1
- package/src/utils/createFindConnectedAndUser.ts +15 -16
- package/strategies/dropbox.js +4 -6
- package/strategies/facebook.js +4 -6
- package/strategies/foursquare.js +4 -6
- package/strategies/github.js +4 -6
- package/strategies/google.js +4 -6
- package/strategies/slack.js +4 -6
- package/dist/index-node12-dev.cjs.js +0 -847
- package/dist/index-node12-dev.cjs.js.map +0 -1
- package/dist/index-node12-dev.mjs.map +0 -1
- package/dist/index-node12.cjs.js +0 -847
- package/dist/index-node12.cjs.js.map +0 -1
- package/dist/index-node12.mjs +0 -831
- package/dist/index-node12.mjs.map +0 -1
- package/index.js +0 -6
- package/strategies/dropbox.mjs +0 -18
- package/strategies/facebook.mjs +0 -18
- package/strategies/foursquare.mjs +0 -18
- package/strategies/github.mjs +0 -18
- package/strategies/google.mjs +0 -18
- package/strategies/slack.mjs +0 -18
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "alp-node-auth",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "6.0.0",
|
|
4
4
|
"description": "authentication with alp",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"alp"
|
|
@@ -13,10 +13,11 @@
|
|
|
13
13
|
"directory": "packages/alp-node-auth"
|
|
14
14
|
},
|
|
15
15
|
"homepage": "https://github.com/christophehurpeau/alp",
|
|
16
|
+
"type": "module",
|
|
16
17
|
"engines": {
|
|
17
|
-
"node": ">=
|
|
18
|
+
"node": "^14.13.1 || >=16.0.0"
|
|
18
19
|
},
|
|
19
|
-
"main": "./index.
|
|
20
|
+
"main": "./dist/index-node14.mjs",
|
|
20
21
|
"types": "./dist/index.d.ts",
|
|
21
22
|
"typesVersions": {
|
|
22
23
|
">=3.1": {
|
|
@@ -26,14 +27,10 @@
|
|
|
26
27
|
}
|
|
27
28
|
},
|
|
28
29
|
"exports": {
|
|
30
|
+
"./package.json": "./package.json",
|
|
29
31
|
".": {
|
|
30
32
|
"node": {
|
|
31
|
-
"
|
|
32
|
-
"import": "./dist/index-node12-dev.mjs",
|
|
33
|
-
"require": "./dist/index-node12-dev.cjs.js"
|
|
34
|
-
},
|
|
35
|
-
"import": "./dist/index-node12.mjs",
|
|
36
|
-
"require": "./dist/index-node12.cjs.js"
|
|
33
|
+
"import": "./dist/index-node14.mjs"
|
|
37
34
|
}
|
|
38
35
|
},
|
|
39
36
|
"./strategies/dropbox": {
|
|
@@ -61,15 +58,14 @@
|
|
|
61
58
|
"require": "./strategies/slack.js"
|
|
62
59
|
}
|
|
63
60
|
},
|
|
64
|
-
"module:node": "./dist/index-
|
|
65
|
-
"module:node-dev": "./dist/index-node12-dev.mjs",
|
|
61
|
+
"module:node": "./dist/index-node14.mjs",
|
|
66
62
|
"sideEffects": false,
|
|
67
63
|
"scripts": {
|
|
68
64
|
"build": "pob-build && yarn run build:definitions",
|
|
69
65
|
"build:definitions": "tsc -p tsconfig.build.json",
|
|
70
|
-
"clean": "rm -Rf
|
|
66
|
+
"clean": "rm -Rf dist",
|
|
71
67
|
"lint": "yarn run lint:eslint",
|
|
72
|
-
"lint:eslint": "
|
|
68
|
+
"lint:eslint": "cd ../.. && yarn run eslint --report-unused-disable-directives --resolve-plugins-relative-to . --quiet packages/alp-node-auth",
|
|
73
69
|
"watch": "pob-watch"
|
|
74
70
|
},
|
|
75
71
|
"prettier": {
|
|
@@ -81,9 +77,8 @@
|
|
|
81
77
|
"babelEnvs": [
|
|
82
78
|
{
|
|
83
79
|
"target": "node",
|
|
84
|
-
"version": "
|
|
80
|
+
"version": "14",
|
|
85
81
|
"formats": [
|
|
86
|
-
"cjs",
|
|
87
82
|
"es"
|
|
88
83
|
]
|
|
89
84
|
}
|
|
@@ -111,17 +106,16 @@
|
|
|
111
106
|
"alp-types": "^3.0.0",
|
|
112
107
|
"cookies": "^0.8.0",
|
|
113
108
|
"jsonwebtoken": "^8.5.1",
|
|
114
|
-
"nightingale-logger": "^
|
|
109
|
+
"nightingale-logger": "^12.1.2",
|
|
115
110
|
"simple-oauth2": "^2.2.1"
|
|
116
111
|
},
|
|
117
112
|
"devDependencies": {
|
|
118
|
-
"@babel/core": "7.
|
|
119
|
-
"alp-node": "
|
|
120
|
-
"alp-router": "
|
|
121
|
-
"
|
|
122
|
-
"
|
|
123
|
-
"
|
|
124
|
-
"rollup": "2.43.1"
|
|
113
|
+
"@babel/core": "7.16.7",
|
|
114
|
+
"alp-node": "4.0.0",
|
|
115
|
+
"alp-router": "5.0.0",
|
|
116
|
+
"liwi-mongo": "8.3.1",
|
|
117
|
+
"pob-babel": "29.6.1",
|
|
118
|
+
"typescript": "4.5.4"
|
|
125
119
|
},
|
|
126
|
-
"gitHead": "
|
|
120
|
+
"gitHead": "854189ce2307f42363e81bcf7862c5f1deced54a"
|
|
127
121
|
}
|
package/src/.eslintrc.json
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
"plugins": ["@typescript-eslint"],
|
|
8
8
|
"extends": [
|
|
9
9
|
"@pob/eslint-config-typescript",
|
|
10
|
-
"@pob/eslint-config-typescript
|
|
10
|
+
"@pob/eslint-config-typescript/node"
|
|
11
11
|
],
|
|
12
12
|
"ignorePatterns": ["*.d.ts"],
|
|
13
13
|
"rules": {
|
|
@@ -15,5 +15,22 @@
|
|
|
15
15
|
"@typescript-eslint/no-unsafe-assignment": "warn",
|
|
16
16
|
"@typescript-eslint/no-unsafe-call": "warn",
|
|
17
17
|
"@typescript-eslint/no-unsafe-member-access": "warn"
|
|
18
|
-
}
|
|
18
|
+
},
|
|
19
|
+
"overrides": [
|
|
20
|
+
{
|
|
21
|
+
"files": ["**/*.test.ts", "__tests__/**/*.ts"],
|
|
22
|
+
"extends": ["@pob/eslint-config-typescript/test"],
|
|
23
|
+
"env": {
|
|
24
|
+
"jest": true
|
|
25
|
+
},
|
|
26
|
+
"rules": {
|
|
27
|
+
"import/no-extraneous-dependencies": [
|
|
28
|
+
"error",
|
|
29
|
+
{
|
|
30
|
+
"devDependencies": true
|
|
31
|
+
}
|
|
32
|
+
]
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
]
|
|
19
36
|
}
|
package/src/MongoUsersManager.ts
CHANGED
|
@@ -3,7 +3,7 @@ import type { User, Account, UserSanitized } from '../types.d';
|
|
|
3
3
|
|
|
4
4
|
export default class MongoUsersManager<
|
|
5
5
|
U extends User = User,
|
|
6
|
-
USanitized extends UserSanitized = UserSanitized
|
|
6
|
+
USanitized extends UserSanitized = UserSanitized,
|
|
7
7
|
> {
|
|
8
8
|
store: MongoStore<U>;
|
|
9
9
|
|
|
@@ -52,6 +52,7 @@ export default class MongoUsersManager<
|
|
|
52
52
|
};
|
|
53
53
|
}
|
|
54
54
|
|
|
55
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
|
|
55
56
|
return this.store.findOne(query);
|
|
56
57
|
}
|
|
57
58
|
|
package/src/authApolloContext.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { IncomingMessage } from 'http';
|
|
2
2
|
import type { NodeConfig } from 'alp-types';
|
|
3
|
-
import Logger from 'nightingale-logger';
|
|
3
|
+
import { Logger } from 'nightingale-logger';
|
|
4
4
|
import type { User } from '../types.d';
|
|
5
5
|
import type MongoUsersManager from './MongoUsersManager';
|
|
6
6
|
import { getTokenFromRequest, COOKIE_NAME } from './utils/cookies';
|
|
@@ -24,9 +24,7 @@ export const createAuthApolloContext = <U extends User = User>(
|
|
|
24
24
|
usersManager: MongoUsersManager<U>,
|
|
25
25
|
): any => {
|
|
26
26
|
const findConnectedAndUser = createFindConnectedAndUser(
|
|
27
|
-
config
|
|
28
|
-
.get<Map<string, string>>('authentication')
|
|
29
|
-
.get('secretKey') as string,
|
|
27
|
+
config.get<Map<string, string>>('authentication').get('secretKey')!,
|
|
30
28
|
usersManager,
|
|
31
29
|
logger,
|
|
32
30
|
);
|
|
@@ -38,11 +36,13 @@ export const createAuthApolloContext = <U extends User = User>(
|
|
|
38
36
|
|
|
39
37
|
if (!req) return null;
|
|
40
38
|
|
|
39
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
|
|
41
40
|
const token = getTokenFromReq(req);
|
|
42
41
|
|
|
43
42
|
if (!token) return { user: undefined };
|
|
44
43
|
|
|
45
44
|
const [, user] = await findConnectedAndUser(
|
|
45
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
|
|
46
46
|
req.headers['user-agent'],
|
|
47
47
|
token,
|
|
48
48
|
);
|
package/src/authSocketIO.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { NodeApplication } from 'alp-types';
|
|
2
2
|
import type { Option } from 'cookies';
|
|
3
|
-
import Logger from 'nightingale-logger';
|
|
3
|
+
import { Logger } from 'nightingale-logger';
|
|
4
4
|
import type { User } from '../types.d';
|
|
5
5
|
import type MongoUsersManager from './MongoUsersManager';
|
|
6
6
|
import { getTokenFromRequest } from './utils/cookies';
|
|
@@ -11,13 +11,12 @@ const logger = new Logger('alp:auth');
|
|
|
11
11
|
export const authSocketIO = <U extends User = User>(
|
|
12
12
|
app: NodeApplication,
|
|
13
13
|
usersManager: MongoUsersManager<U>,
|
|
14
|
+
// eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
|
|
14
15
|
io: any,
|
|
15
16
|
options?: Pick<Option, Exclude<keyof Option, 'secure'>>,
|
|
16
17
|
): void => {
|
|
17
18
|
const findConnectedAndUser = createFindConnectedAndUser(
|
|
18
|
-
app.config
|
|
19
|
-
.get<Map<string, string>>('authentication')
|
|
20
|
-
.get('secretKey') as string,
|
|
19
|
+
app.config.get<Map<string, string>>('authentication').get('secretKey')!,
|
|
21
20
|
usersManager,
|
|
22
21
|
logger,
|
|
23
22
|
);
|
|
@@ -27,11 +26,13 @@ export const authSocketIO = <U extends User = User>(
|
|
|
27
26
|
|
|
28
27
|
io.use(async (socket: any, next: any) => {
|
|
29
28
|
const handshakeData = socket.request;
|
|
29
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
|
|
30
30
|
const token = getTokenFromRequest(handshakeData);
|
|
31
31
|
|
|
32
32
|
if (!token) return next();
|
|
33
33
|
|
|
34
34
|
const [connected, user] = await findConnectedAndUser(
|
|
35
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
|
|
35
36
|
handshakeData.headers['user-agent'],
|
|
36
37
|
token,
|
|
37
38
|
);
|
|
@@ -14,7 +14,7 @@ import type {
|
|
|
14
14
|
export interface CreateAuthControllerParams<
|
|
15
15
|
StrategyKeys extends AllowedStrategyKeys,
|
|
16
16
|
U extends User = User,
|
|
17
|
-
USanitized extends UserSanitized = UserSanitized
|
|
17
|
+
USanitized extends UserSanitized = UserSanitized,
|
|
18
18
|
> {
|
|
19
19
|
authenticationService: AuthenticationService<StrategyKeys, U, UserSanitized>;
|
|
20
20
|
homeRouterKey?: string;
|
|
@@ -47,7 +47,7 @@ export interface AuthHooks<StrategyKeys extends AllowedStrategyKeys>
|
|
|
47
47
|
export function createAuthController<
|
|
48
48
|
StrategyKeys extends AllowedStrategyKeys,
|
|
49
49
|
U extends User = User,
|
|
50
|
-
USanitized extends UserSanitized = UserSanitized
|
|
50
|
+
USanitized extends UserSanitized = UserSanitized,
|
|
51
51
|
>({
|
|
52
52
|
usersManager,
|
|
53
53
|
authenticationService,
|
package/src/index.ts
CHANGED
|
@@ -3,7 +3,7 @@ import { promisify } from 'util';
|
|
|
3
3
|
import type { Context } from 'alp-node';
|
|
4
4
|
import type { ContextState, NodeApplication } from 'alp-types';
|
|
5
5
|
import jsonwebtoken from 'jsonwebtoken';
|
|
6
|
-
import Logger from 'nightingale-logger';
|
|
6
|
+
import { Logger } from 'nightingale-logger';
|
|
7
7
|
import type { User, UserSanitized } from '../types.d';
|
|
8
8
|
import type MongoUsersManager from './MongoUsersManager';
|
|
9
9
|
import type {
|
|
@@ -21,7 +21,6 @@ import type { AccountService } from './services/user/types';
|
|
|
21
21
|
import { getTokenFromRequest, COOKIE_NAME } from './utils/cookies';
|
|
22
22
|
import { createFindConnectedAndUser } from './utils/createFindConnectedAndUser';
|
|
23
23
|
|
|
24
|
-
export { AuthenticationService };
|
|
25
24
|
export { default as MongoUsersManager } from './MongoUsersManager';
|
|
26
25
|
export { default as UserAccountGoogleService } from './services/user/UserAccountGoogleService';
|
|
27
26
|
export { default as UserAccountSlackService } from './services/user/UserAccountSlackService';
|
|
@@ -30,6 +29,7 @@ export { createAuthApolloContext } from './authApolloContext';
|
|
|
30
29
|
export { STATUSES } from './services/user/UserAccountsService';
|
|
31
30
|
|
|
32
31
|
declare module 'alp-types' {
|
|
32
|
+
// eslint-disable-next-line @typescript-eslint/no-shadow
|
|
33
33
|
interface ContextState {
|
|
34
34
|
connected: NonNullable<ContextState['user']>['_id'] | null | undefined;
|
|
35
35
|
user: User | null | undefined;
|
|
@@ -58,11 +58,12 @@ const signPromisified: any = promisify(jsonwebtoken.sign);
|
|
|
58
58
|
|
|
59
59
|
export type AuthController = AuthControllerType;
|
|
60
60
|
export type AuthRoutes = AuthRoutesType;
|
|
61
|
+
export { AuthenticationService } from './services/authentification/AuthenticationService';
|
|
61
62
|
|
|
62
63
|
export default function init<
|
|
63
64
|
StrategyKeys extends AllowedStrategyKeys = 'google',
|
|
64
65
|
U extends User = User,
|
|
65
|
-
USanitized extends UserSanitized = UserSanitized
|
|
66
|
+
USanitized extends UserSanitized = UserSanitized,
|
|
66
67
|
>({
|
|
67
68
|
homeRouterKey,
|
|
68
69
|
usersManager,
|
|
@@ -70,6 +71,7 @@ export default function init<
|
|
|
70
71
|
defaultStrategy,
|
|
71
72
|
strategyToService,
|
|
72
73
|
authHooks,
|
|
74
|
+
jwtAudience,
|
|
73
75
|
}: {
|
|
74
76
|
homeRouterKey?: string;
|
|
75
77
|
usersManager: MongoUsersManager<U, USanitized>;
|
|
@@ -77,7 +79,9 @@ export default function init<
|
|
|
77
79
|
defaultStrategy?: StrategyKeys;
|
|
78
80
|
strategyToService: Record<StrategyKeys, AccountService<any>>;
|
|
79
81
|
authHooks?: AuthHooks<StrategyKeys>;
|
|
82
|
+
jwtAudience?: string;
|
|
80
83
|
}) {
|
|
84
|
+
// eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
|
|
81
85
|
return (app: NodeApplication) => {
|
|
82
86
|
const userAccountsService = new UserAccountsService(
|
|
83
87
|
usersManager,
|
|
@@ -118,11 +122,12 @@ export default function init<
|
|
|
118
122
|
.get('secretKey'),
|
|
119
123
|
{
|
|
120
124
|
algorithm: 'HS512',
|
|
121
|
-
audience: this.request.headers['user-agent'],
|
|
125
|
+
audience: jwtAudience || this.request.headers['user-agent'],
|
|
122
126
|
expiresIn: '30 days',
|
|
123
127
|
},
|
|
124
128
|
);
|
|
125
129
|
|
|
130
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
|
|
126
131
|
this.cookies.set(COOKIE_NAME, token, {
|
|
127
132
|
httpOnly: true,
|
|
128
133
|
secure: this.config.get('allowHttps'),
|
|
@@ -150,7 +155,10 @@ export default function init<
|
|
|
150
155
|
req: IncomingMessage,
|
|
151
156
|
): ReturnType<typeof getConnectedAndUser> => {
|
|
152
157
|
const token = getTokenFromRequest(req);
|
|
153
|
-
return getConnectedAndUser(
|
|
158
|
+
return getConnectedAndUser(
|
|
159
|
+
jwtAudience || req.headers['user-agent'],
|
|
160
|
+
token,
|
|
161
|
+
);
|
|
154
162
|
},
|
|
155
163
|
getConnectedAndUser,
|
|
156
164
|
|
|
@@ -172,7 +180,10 @@ export default function init<
|
|
|
172
180
|
ctx.sanitizedState.user = user && usersManager.sanitize(user);
|
|
173
181
|
};
|
|
174
182
|
|
|
175
|
-
const [connected, user] = await getConnectedAndUser(
|
|
183
|
+
const [connected, user] = await getConnectedAndUser(
|
|
184
|
+
jwtAudience || userAgent,
|
|
185
|
+
token,
|
|
186
|
+
);
|
|
176
187
|
logger.debug('middleware', { connected });
|
|
177
188
|
|
|
178
189
|
if (connected == null || user == null) {
|
|
@@ -1,9 +1,11 @@
|
|
|
1
|
+
/* eslint-disable @typescript-eslint/no-unsafe-argument */
|
|
2
|
+
/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
|
|
1
3
|
/* eslint-disable @typescript-eslint/no-unsafe-assignment */
|
|
2
4
|
/* eslint-disable camelcase, max-lines */
|
|
3
5
|
import { EventEmitter } from 'events';
|
|
4
6
|
import 'alp-router';
|
|
5
7
|
import type { Context, NodeConfig } from 'alp-types';
|
|
6
|
-
import Logger from 'nightingale-logger';
|
|
8
|
+
import { Logger } from 'nightingale-logger';
|
|
7
9
|
import type { OAuthClient } from 'simple-oauth2';
|
|
8
10
|
import type { AccountId, User, Account, UserSanitized } from '../../../types.d';
|
|
9
11
|
import { randomHex } from '../../utils/generators';
|
|
@@ -58,7 +60,7 @@ export interface AccessResponseHooks<StrategyKeys, U extends User = User> {
|
|
|
58
60
|
export class AuthenticationService<
|
|
59
61
|
StrategyKeys extends AllowedStrategyKeys,
|
|
60
62
|
U extends User = User,
|
|
61
|
-
USanitized extends UserSanitized = UserSanitized
|
|
63
|
+
USanitized extends UserSanitized = UserSanitized,
|
|
62
64
|
> extends EventEmitter {
|
|
63
65
|
config: NodeConfig;
|
|
64
66
|
|
|
@@ -296,7 +298,7 @@ export class AuthenticationService<
|
|
|
296
298
|
}
|
|
297
299
|
return this.refreshToken(account.provider as StrategyKeys, {
|
|
298
300
|
// accessToken: account.accessToken,
|
|
299
|
-
refreshToken: account.refreshToken
|
|
301
|
+
refreshToken: account.refreshToken!,
|
|
300
302
|
}).then((tokens: Tokens) => {
|
|
301
303
|
if (!tokens) {
|
|
302
304
|
// serviceGoogle.updateFields({ accessToken:null, refreshToken:null, status: .OUTDATED });
|
|
@@ -1,9 +1,12 @@
|
|
|
1
|
-
/*
|
|
1
|
+
/* eslint-disable @typescript-eslint/no-unsafe-argument */
|
|
2
|
+
/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
|
|
3
|
+
import { fetch } from 'alp-node';
|
|
2
4
|
import type { Tokens } from '../authentification/types';
|
|
3
5
|
import type { AccountService, FullName } from './types';
|
|
4
6
|
|
|
5
7
|
export default class UserAccountGoogleService<ScopeKeys extends 'login'>
|
|
6
|
-
implements AccountService<ScopeKeys>
|
|
8
|
+
implements AccountService<ScopeKeys>
|
|
9
|
+
{
|
|
7
10
|
scopeKeyToScope: Record<ScopeKeys, string>;
|
|
8
11
|
|
|
9
12
|
constructor(scopeKeyToScope: Record<Exclude<'login', ScopeKeys>, string>) {
|
|
@@ -57,8 +60,8 @@ export default class UserAccountGoogleService<ScopeKeys extends 'login'>
|
|
|
57
60
|
getScope(oldScope: string[] | undefined, newScope: string): string[] {
|
|
58
61
|
return !oldScope
|
|
59
62
|
? newScope.split(' ')
|
|
60
|
-
: oldScope
|
|
61
|
-
|
|
62
|
-
|
|
63
|
+
: [...oldScope, ...newScope.split(' ')].filter(
|
|
64
|
+
(item, i, ar) => ar.indexOf(item) === i,
|
|
65
|
+
);
|
|
63
66
|
}
|
|
64
67
|
}
|
|
@@ -1,11 +1,13 @@
|
|
|
1
|
-
/*
|
|
1
|
+
/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
|
|
2
|
+
import { fetch } from 'alp-node';
|
|
2
3
|
import type { Tokens } from '../authentification/types';
|
|
3
4
|
import type { AccountService, FullName } from './types';
|
|
4
5
|
|
|
5
6
|
// https://api.slack.com/methods/users.identity
|
|
6
7
|
|
|
7
8
|
export default class UserAccountSlackService<ScopeKeys extends 'login'>
|
|
8
|
-
implements AccountService<ScopeKeys>
|
|
9
|
+
implements AccountService<ScopeKeys>
|
|
10
|
+
{
|
|
9
11
|
scopeKeyToScope: Record<ScopeKeys, string>;
|
|
10
12
|
|
|
11
13
|
constructor(scopeKeyToScope: Record<Exclude<'login', ScopeKeys>, string>) {
|
|
@@ -61,8 +63,8 @@ export default class UserAccountSlackService<ScopeKeys extends 'login'>
|
|
|
61
63
|
getScope(oldScope: string[] | undefined, newScope: string): string[] {
|
|
62
64
|
return !oldScope
|
|
63
65
|
? newScope.split(' ')
|
|
64
|
-
: oldScope
|
|
65
|
-
|
|
66
|
-
|
|
66
|
+
: [...oldScope, ...newScope.split(' ')].filter(
|
|
67
|
+
(item, i, ar) => ar.indexOf(item) === i,
|
|
68
|
+
);
|
|
67
69
|
}
|
|
68
70
|
}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
+
/* eslint-disable @typescript-eslint/no-shadow */
|
|
1
2
|
import { EventEmitter } from 'events';
|
|
2
|
-
import Logger from 'nightingale-logger';
|
|
3
|
+
import { Logger } from 'nightingale-logger';
|
|
3
4
|
import type { AccountId, User, Account, UserSanitized } from '../../../types.d';
|
|
4
5
|
import type MongoUsersManager from '../../MongoUsersManager';
|
|
5
6
|
import type { AllowedStrategyKeys } from '../authentification/types';
|
|
@@ -15,7 +16,7 @@ export const STATUSES = {
|
|
|
15
16
|
export default class UserAccountsService<
|
|
16
17
|
StrategyKeys extends AllowedStrategyKeys,
|
|
17
18
|
U extends User = User,
|
|
18
|
-
USanitized extends UserSanitized = UserSanitized
|
|
19
|
+
USanitized extends UserSanitized = UserSanitized,
|
|
19
20
|
> extends EventEmitter {
|
|
20
21
|
private readonly strategyToService: Record<StrategyKeys, AccountService<any>>;
|
|
21
22
|
|
|
@@ -109,13 +110,12 @@ export default class UserAccountsService<
|
|
|
109
110
|
|
|
110
111
|
const emails = service.getEmails(profile);
|
|
111
112
|
|
|
112
|
-
let user:
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
});
|
|
113
|
+
let user: Partial<U> | undefined =
|
|
114
|
+
await this.usersManager.findOneByAccountOrEmails({
|
|
115
|
+
provider: service.providerKey,
|
|
116
|
+
accountId,
|
|
117
|
+
emails,
|
|
118
|
+
});
|
|
119
119
|
|
|
120
120
|
logger.info(!user ? 'create user' : 'existing user', { emails, user });
|
|
121
121
|
|
|
@@ -168,6 +168,7 @@ export default class UserAccountsService<
|
|
|
168
168
|
});
|
|
169
169
|
|
|
170
170
|
user.emailDomains = [
|
|
171
|
+
// eslint-disable-next-line unicorn/no-array-reduce
|
|
171
172
|
...user.emails.reduce(
|
|
172
173
|
(domains: Set<string>, email: string) =>
|
|
173
174
|
domains.add(email.split('@', 2)[1]),
|
package/src/utils/cookies.ts
CHANGED
|
@@ -8,7 +8,8 @@ export const getTokenFromRequest = (
|
|
|
8
8
|
req: IncomingMessage,
|
|
9
9
|
options?: Pick<Option, Exclude<keyof Option, 'secure'>>,
|
|
10
10
|
): string | undefined => {
|
|
11
|
-
|
|
11
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
|
|
12
|
+
const cookies = new Cookies(req, null as unknown as any, {
|
|
12
13
|
...options,
|
|
13
14
|
secure: true,
|
|
14
15
|
});
|
|
@@ -6,7 +6,7 @@ import type {
|
|
|
6
6
|
VerifyOptions,
|
|
7
7
|
} from 'jsonwebtoken';
|
|
8
8
|
import jsonwebtoken from 'jsonwebtoken';
|
|
9
|
-
import type Logger from 'nightingale-logger';
|
|
9
|
+
import type { Logger } from 'nightingale-logger';
|
|
10
10
|
import type { User, UserSanitized } from '../../types.d';
|
|
11
11
|
import type MongoUsersManager from '../MongoUsersManager';
|
|
12
12
|
|
|
@@ -24,25 +24,24 @@ const verifyPromisified = promisify<
|
|
|
24
24
|
Parameters<VerifyCallback>[1]
|
|
25
25
|
>(jsonwebtoken.verify as Verify);
|
|
26
26
|
|
|
27
|
-
const createDecodeJWT =
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
};
|
|
27
|
+
const createDecodeJWT =
|
|
28
|
+
(secretKey: string) =>
|
|
29
|
+
async (token: string, jwtAudience: string): Promise<string | undefined> => {
|
|
30
|
+
const result = await verifyPromisified(token, secretKey, {
|
|
31
|
+
algorithms: ['HS512'],
|
|
32
|
+
audience: jwtAudience,
|
|
33
|
+
});
|
|
34
|
+
return (result as any)?.connected as string | undefined;
|
|
35
|
+
};
|
|
37
36
|
|
|
38
37
|
export type FindConnectedAndUser<U extends User> = (
|
|
39
|
-
|
|
38
|
+
jwtAudience?: string,
|
|
40
39
|
token?: string,
|
|
41
40
|
) => Promise<[null | undefined | U['_id'], null | undefined | U]>;
|
|
42
41
|
|
|
43
42
|
export const createFindConnectedAndUser = <
|
|
44
43
|
U extends User,
|
|
45
|
-
USanitized extends UserSanitized
|
|
44
|
+
USanitized extends UserSanitized,
|
|
46
45
|
>(
|
|
47
46
|
secretKey: string,
|
|
48
47
|
usersManager: MongoUsersManager<U, USanitized>,
|
|
@@ -51,14 +50,14 @@ export const createFindConnectedAndUser = <
|
|
|
51
50
|
const decodeJwt = createDecodeJWT(secretKey);
|
|
52
51
|
|
|
53
52
|
const findConnectedAndUser: FindConnectedAndUser<U> = async (
|
|
54
|
-
|
|
53
|
+
jwtAudience,
|
|
55
54
|
token,
|
|
56
55
|
) => {
|
|
57
|
-
if (!token || !
|
|
56
|
+
if (!token || !jwtAudience) return [null, null];
|
|
58
57
|
|
|
59
58
|
let connected;
|
|
60
59
|
try {
|
|
61
|
-
connected = await decodeJwt(token,
|
|
60
|
+
connected = await decodeJwt(token, jwtAudience);
|
|
62
61
|
} catch (err: unknown) {
|
|
63
62
|
logger.debug('failed to verify authentification', { err });
|
|
64
63
|
}
|
package/strategies/dropbox.js
CHANGED
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
|
|
1
|
+
import { create } from 'simple-oauth2';
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
module.exports = function dropboxStrategy(config) {
|
|
3
|
+
export default function dropboxStrategy(config) {
|
|
6
4
|
return {
|
|
7
5
|
type: 'oauth2',
|
|
8
|
-
oauth2:
|
|
6
|
+
oauth2: create({
|
|
9
7
|
client: {
|
|
10
8
|
id: config.get('dropbox').get('clientId'),
|
|
11
9
|
secret: config.get('dropbox').get('clientSecret'),
|
|
@@ -17,4 +15,4 @@ module.exports = function dropboxStrategy(config) {
|
|
|
17
15
|
},
|
|
18
16
|
}),
|
|
19
17
|
};
|
|
20
|
-
}
|
|
18
|
+
}
|
package/strategies/facebook.js
CHANGED
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
|
|
1
|
+
import { create } from 'simple-oauth2';
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
module.exports = function facebookStrategy(config) {
|
|
3
|
+
export default function facebookStrategy(config) {
|
|
6
4
|
return {
|
|
7
5
|
type: 'oauth2',
|
|
8
|
-
oauth2:
|
|
6
|
+
oauth2: create({
|
|
9
7
|
client: {
|
|
10
8
|
id: config.get('facebook').get('clientId'),
|
|
11
9
|
secret: config.get('facebook').get('clientSecret'),
|
|
@@ -17,4 +15,4 @@ module.exports = function facebookStrategy(config) {
|
|
|
17
15
|
},
|
|
18
16
|
}),
|
|
19
17
|
};
|
|
20
|
-
}
|
|
18
|
+
}
|
package/strategies/foursquare.js
CHANGED
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
|
|
1
|
+
import { create } from 'simple-oauth2';
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
module.exports = function foursquareStrategy(config) {
|
|
3
|
+
export default function foursquareStrategy(config) {
|
|
6
4
|
return {
|
|
7
5
|
type: 'oauth2',
|
|
8
|
-
oauth2:
|
|
6
|
+
oauth2: create({
|
|
9
7
|
client: {
|
|
10
8
|
id: config.get('foursquare').get('clientId'),
|
|
11
9
|
secret: config.get('foursquare').get('clientSecret'),
|
|
@@ -17,4 +15,4 @@ module.exports = function foursquareStrategy(config) {
|
|
|
17
15
|
},
|
|
18
16
|
}),
|
|
19
17
|
};
|
|
20
|
-
}
|
|
18
|
+
}
|
package/strategies/github.js
CHANGED
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
|
|
1
|
+
import { create } from 'simple-oauth2';
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
module.exports = function githubStrategy(config) {
|
|
3
|
+
export default function githubStrategy(config) {
|
|
6
4
|
return {
|
|
7
5
|
type: 'oauth2',
|
|
8
|
-
oauth2:
|
|
6
|
+
oauth2: create({
|
|
9
7
|
client: {
|
|
10
8
|
id: config.get('github').get('clientId'),
|
|
11
9
|
secret: config.get('github').get('clientSecret'),
|
|
@@ -17,4 +15,4 @@ module.exports = function githubStrategy(config) {
|
|
|
17
15
|
},
|
|
18
16
|
}),
|
|
19
17
|
};
|
|
20
|
-
}
|
|
18
|
+
}
|
package/strategies/google.js
CHANGED
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
|
|
1
|
+
import { create } from 'simple-oauth2';
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
module.exports = function googleStrategy(config) {
|
|
3
|
+
export default function googleStrategy(config) {
|
|
6
4
|
return {
|
|
7
5
|
type: 'oauth2',
|
|
8
|
-
oauth2:
|
|
6
|
+
oauth2: create({
|
|
9
7
|
client: {
|
|
10
8
|
id: config.get('google').get('clientId'),
|
|
11
9
|
secret: config.get('google').get('clientSecret'),
|
|
@@ -17,4 +15,4 @@ module.exports = function googleStrategy(config) {
|
|
|
17
15
|
},
|
|
18
16
|
}),
|
|
19
17
|
};
|
|
20
|
-
}
|
|
18
|
+
}
|