casualos 3.3.11-alpha.11060020867 → 3.3.11-alpha.11349749950

package/dist/cli.js

@@ -96760,7 +96760,7 @@ var trace = TraceAPI.getInstance();
 function hashLowEntropyPasswordWithSalt2(password, salt) {
   const tracer = trace.getTracer(
     "InstrumentedHashHelpers",
-    false ? void 0 : "v3.3.11-alpha.11060020867"
+    false ? void 0 : "v3.3.11-alpha.11349749950"
   );
   return tracer.startActiveSpan(
     "hashLowEntropyPasswordWithSalt",
@@ -96778,7 +96778,7 @@ function hashLowEntropyPasswordWithSalt2(password, salt) {
 function hashHighEntropyPasswordWithSalt2(password, salt) {
   const tracer = trace.getTracer(
     "InstrumentedHashHelpers",
-    false ? void 0 : "v3.3.11-alpha.11060020867"
+    false ? void 0 : "v3.3.11-alpha.11349749950"
   );
   return tracer.startActiveSpan(
     "hashHighEntropyPasswordWithSalt",
@@ -96796,7 +96796,7 @@ function hashHighEntropyPasswordWithSalt2(password, salt) {
 function verifyPasswordAgainstHashes2(password, salt, hashes) {
   const tracer = trace.getTracer(
     "InstrumentedHashHelpers",
-    false ? void 0 : "v3.3.11-alpha.11060020867"
+    false ? void 0 : "v3.3.11-alpha.11349749950"
   );
   return tracer.startActiveSpan(
     "verifyPasswordAgainstHashes",
@@ -103397,7 +103397,7 @@ var import_semantic_conventions = __toESM(require_src3());
 function traced(tracerName, options = {}, metricOptions = {}) {
   const tracer = trace.getTracer(
     tracerName,
-    false ? void 0 : "v3.3.11-alpha.11060020867"
+    false ? void 0 : "v3.3.11-alpha.11349749950"
   );
   return function(target, propertyKey, descriptor) {
     const originalMethod = descriptor.value;
@@ -103475,7 +103475,7 @@ function getHistogram(meter) {
   }
   return metrics.getMeter(
     meter.meter,
-    false ? void 0 : "v3.3.11-alpha.11060020867"
+    false ? void 0 : "v3.3.11-alpha.11349749950"
   ).createHistogram(meter.name, meter.options);
 }
 function getCounter(meter) {
@@ -103484,7 +103484,7 @@ function getCounter(meter) {
   }
   return metrics.getMeter(
     meter.meter,
-    false ? void 0 : "v3.3.11-alpha.11060020867"
+    false ? void 0 : "v3.3.11-alpha.11349749950"
   ).createCounter(meter.name, meter.options);
 }
 function traceHttpResponse(options = {}) {
@@ -103534,6 +103534,7 @@ var AuthController = class {
     this._forceAllowSubscriptionFeatures = forceAllowSubscriptionFeatures;
     this._privoClient = privoClient;
     this._webAuthNRelyingParties = relyingParties;
+    this._privoEnabled = this._privoClient !== null;
   }
   get relyingParties() {
     return this._webAuthNRelyingParties;
@@ -103541,6 +103542,18 @@ var AuthController = class {
   set relyingParties(value) {
     this._webAuthNRelyingParties = value;
   }
+  /**
+   * Gets whether Privo-features are enabled.
+   */
+  get privoEnabled() {
+    return this._privoEnabled;
+  }
+  /**
+   * Sets whether Privo-features are enabled.
+   */
+  set privoEnabled(value) {
+    this._privoEnabled = value;
+  }
   async createAccount(request2) {
     try {
       const createSession = request2.createSession ?? true;
@@ -104139,6 +104152,13 @@ var AuthController = class {
       );
       const serviceId = result.userInfo.serviceId;
       const email = result.userInfo.email;
+      if (result.userInfo.roleIdentifier !== config2.roleIds.adult && result.userInfo.roleIdentifier !== config2.roleIds.child) {
+        return {
+          success: false,
+          errorCode: "invalid_request",
+          errorMessage: "The login request is invalid. You attempted to sign into an account that is associated with a parent email address. This is not allowed because we don't ask consent for parent accounts, but all accounts must have consent. Please sign up with a new account instead."
+        };
+      }
       let user;
       if (serviceId) {
         user = await this._store.findUserByPrivoServiceId(
@@ -104262,6 +104282,7 @@ var AuthController = class {
       let updatePasswordUrl;
       let serviceId;
       let parentServiceId;
+      let consentUrl;
       if (years < 0) {
         return {
           success: false,
@@ -104298,6 +104319,7 @@ var AuthController = class {
         serviceId = result.childServiceId;
         parentServiceId = result.parentServiceId;
         updatePasswordUrl = result.updatePasswordLink;
+        consentUrl = result.consentUrl;
         privacyFeatures = getPrivacyFeaturesFromPermissions(
           config2.featureIds,
           result.features
@@ -104328,6 +104350,7 @@ var AuthController = class {
         }
         serviceId = result.adultServiceId;
         updatePasswordUrl = result.updatePasswordLink;
+        consentUrl = result.consentUrl;
         privacyFeatures = getPrivacyFeaturesFromPermissions(
           config2.featureIds,
           result.features
@@ -104344,6 +104367,7 @@ var AuthController = class {
         currentLoginRequestId: null,
         privoServiceId: serviceId,
         privoParentServiceId: parentServiceId,
+        privoConsentUrl: consentUrl,
         privacyFeatures
       };
       const saveUserResult = await this._store.saveNewUser(user);
@@ -105589,6 +105613,77 @@ var AuthController = class {
       };
     }
   }
+  async requestPrivacyFeaturesChange(request2) {
+    try {
+      if (!this._privoClient) {
+        return {
+          success: false,
+          errorCode: "not_supported",
+          errorMessage: "Privo features are not supported on this server."
+        };
+      }
+      const config2 = await this._config.getPrivoConfiguration();
+      if (!config2) {
+        return {
+          success: false,
+          errorCode: "not_supported",
+          errorMessage: "Privo features are not supported on this server."
+        };
+      }
+      const keyResult = await this.validateSessionKey(request2.sessionKey);
+      if (keyResult.success === false) {
+        return keyResult;
+      } else if (keyResult.userId !== request2.userId && keyResult.role !== "superUser") {
+        console.log(
+          "[AuthController] [requestPrivacyFeaturesChange] Request User ID doesnt match session key User ID!"
+        );
+        return {
+          success: false,
+          errorCode: "invalid_key",
+          errorMessage: INVALID_KEY_ERROR_MESSAGE
+        };
+      }
+      const user = await this._store.findUser(request2.userId);
+      if (!user) {
+        throw new Error(
+          "Unable to find user even though a valid session key was presented!"
+        );
+      }
+      if (!user.privoServiceId) {
+        return {
+          success: false,
+          errorCode: "not_supported",
+          errorMessage: "Privo features are not supported on this server."
+        };
+      }
+      const result = await this._privoClient.resendConsentRequest(
+        user.privoServiceId,
+        user.privoParentServiceId ?? user.privoServiceId
+      );
+      if (result.success === false) {
+        return result;
+      }
+      console.log(
+        `[AuthController] [requestPrivacyFeaturesChange] [userId: ${request2.userId}] Requested privacy features change.`
+      );
+      return {
+        success: true
+      };
+    } catch (err) {
+      const span = trace.getActiveSpan();
+      span?.recordException(err);
+      span?.setStatus({ code: SpanStatusCode.ERROR });
+      console.error(
+        "[AuthController] Error ocurred while requesting a change in privacy features",
+        err
+      );
+      return {
+        success: false,
+        errorCode: "server_error",
+        errorMessage: "A server error occurred."
+      };
+    }
+  }
   async listEmailRules() {
     try {
       const rules = await this._store.listEmailRules();
@@ -105879,6 +105974,9 @@ __decorateClass([
 __decorateClass([
   traced(TRACE_NAME)
 ], AuthController.prototype, "updateUserInfo", 1);
+__decorateClass([
+  traced(TRACE_NAME)
+], AuthController.prototype, "requestPrivacyFeaturesChange", 1);
 __decorateClass([
   traced(TRACE_NAME)
 ], AuthController.prototype, "listEmailRules", 1);
@@ -110645,12 +110743,21 @@ var PolicyController = class {
       recordOwnerPrivacyFeatures = await this._policies.getUserPrivacyFeatures(ownerId);
     }
     if (!recordOwnerPrivacyFeatures) {
-      recordOwnerPrivacyFeatures = {
-        allowAI: true,
-        allowPublicData: true,
-        allowPublicInsts: true,
-        publishData: true
-      };
+      if (this._auth.privoEnabled) {
+        recordOwnerPrivacyFeatures = {
+          allowAI: false,
+          allowPublicData: false,
+          allowPublicInsts: false,
+          publishData: false
+        };
+      } else {
+        recordOwnerPrivacyFeatures = {
+          allowAI: true,
+          allowPublicData: true,
+          allowPublicInsts: true,
+          publishData: true
+        };
+      }
     }
     if (request2.userId) {
       userPrivacyFeatures = await this._policies.getUserPrivacyFeatures(
@@ -110658,12 +110765,21 @@ var PolicyController = class {
       );
     }
     if (!userPrivacyFeatures) {
-      userPrivacyFeatures = {
-        allowAI: true,
-        allowPublicData: true,
-        allowPublicInsts: true,
-        publishData: true
-      };
+      if (this._auth.privoEnabled) {
+        userPrivacyFeatures = {
+          allowAI: false,
+          allowPublicData: false,
+          allowPublicInsts: false,
+          publishData: false
+        };
+      } else {
+        userPrivacyFeatures = {
+          allowAI: true,
+          allowPublicData: true,
+          allowPublicInsts: true,
+          publishData: true
+        };
+      }
     }
     const context = {
       recordName,
@@ -114143,7 +114259,7 @@ var RecordsServer = class {
     this._webhooksController = webhooksController;
     this._tracer = trace.getTracer(
       "RecordsServer",
-      false ? void 0 : "v3.3.11-alpha.11060020867"
+      false ? void 0 : "v3.3.11-alpha.11349749950"
     );
     this._procedures = this._createProcedures();
     this._setupRoutes();
@@ -114383,6 +114499,21 @@ var RecordsServer = class {
           return result;
         }
       ),
+      requestPrivacyFeaturesChange: procedure().origins("account").http("POST", "/api/v2/privacyFeatures/change").inputs(
+        z.object({
+          userId: z.string()
+        })
+      ).handler(async ({ userId }, context) => {
+        const sessionKey = context.sessionKey;
+        if (!sessionKey) {
+          return NOT_LOGGED_IN_RESULT;
+        }
+        const result = await this._auth.requestPrivacyFeaturesChange({
+          userId,
+          sessionKey
+        });
+        return result;
+      }),
       getWebAuthnRegistrationOptions: procedure().origins(true).http("GET", "/api/v2/webauthn/register/options").handler(async (_3, context) => {
         const validation = await this._validateSessionKey(
           context.sessionKey
@@ -116222,8 +116353,8 @@ var RecordsServer = class {
         return {
           success: true,
           ...metadata,
-          version: true ? "v3.3.11-alpha.11060020867" : void 0,
-          versionHash: true ? "7781de97502b390b36df63d2cbcc1ab149e0dc90" : void 0
+          version: true ? "v3.3.11-alpha.11349749950" : void 0,
+          versionHash: true ? "619e0c7640cc4279dc1423c3bc0025ab5716b398" : void 0
         };
       })
     };
@@ -131568,6 +131699,7 @@ var WebhookRecordsController = class extends CrudRecordsController {
           errorMessage: "Invalid webhook target. The targeted record does not contain a valid AUX."
         };
       }
+      let sessionUserId;
       let sessionKey;
       let connectionKey;
       if (webhook.userId) {
@@ -131579,6 +131711,7 @@ var WebhookRecordsController = class extends CrudRecordsController {
           lifetimeMs: checkMetrics.features.tokenLifetimeMs ?? 5 * 60 * 1e3
         });
         if (issueSessionResult.success === true) {
+          sessionUserId = issueSessionResult.userId;
           sessionKey = issueSessionResult.sessionKey;
           connectionKey = issueSessionResult.connectionKey;
         } else {
@@ -131599,6 +131732,8 @@ var WebhookRecordsController = class extends CrudRecordsController {
         recordName: stateRecordName,
         inst: stateInstName,
         request: request2.request,
+        requestUserId: request2.userId,
+        sessionUserId,
         sessionKey,
         connectionKey,
         options
@@ -131614,6 +131749,7 @@ var WebhookRecordsController = class extends CrudRecordsController {
           runId,
           version: 1,
           request: request2.request,
+          requestUserId: request2.userId,
           response: result.success === true ? result.response : null,
           logs: result.success === true ? result.logs : [],
           state,
@@ -144036,7 +144172,7 @@ var config = new Conf({
   projectName: "casualos-cli"
 });
 var program2 = new Command();
-program2.name("casualos").description("A CLI for CasualOS").version("v3.3.11-alpha.11060020867").option(
+program2.name("casualos").description("A CLI for CasualOS").version("v3.3.11-alpha.11349749950").option(
   "-e, --endpoint <url>",
   "The endpoint to use for queries. Can be used to override the current endpoint."
 );

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "casualos",
-    "version": "3.3.11-alpha.11060020867",
+    "version": "3.3.11-alpha.11349749950",
     "description": "Command line interface for CasualOS.",
     "main": "./dist/index.js",
     "types": "index.d.ts",
@@ -35,8 +35,8 @@
         "access": "public"
     },
     "dependencies": {
-        "@casual-simulation/aux-common": "^3.3.11-alpha.11060020867",
-        "@casual-simulation/aux-records": "^3.3.11-alpha.11060020867",
+        "@casual-simulation/aux-common": "^3.3.11-alpha.11349749950",
+        "@casual-simulation/aux-records": "^3.3.11-alpha.11349749950",
         "@octokit/app": "^15.1.0",
         "@octokit/auth-oauth-device": "^7.1.1",
         "@octokit/core": "^6.1.2",
@@ -63,5 +63,5 @@
         "**/*.def",
         "templates/**"
     ],
-    "gitHead": "7781de97502b390b36df63d2cbcc1ab149e0dc90"
+    "gitHead": "619e0c7640cc4279dc1423c3bc0025ab5716b398"
 }