cnpmcore 3.13.2 → 3.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/core/entity/Token.d.ts +28 -4
- package/dist/app/core/entity/Token.js +31 -5
- package/dist/app/core/service/TokenService.d.ts +9 -0
- package/dist/app/core/service/TokenService.js +76 -0
- package/dist/app/core/service/UserService.d.ts +14 -3
- package/dist/app/core/service/UserService.js +3 -4
- package/dist/app/port/UserRoleManager.d.ts +1 -0
- package/dist/app/port/UserRoleManager.js +15 -6
- package/dist/app/port/controller/TokenController.d.ts +44 -0
- package/dist/app/port/controller/TokenController.js +140 -2
- package/dist/app/repository/UserRepository.d.ts +2 -0
- package/dist/app/repository/UserRepository.js +39 -6
- package/dist/app/repository/model/Token.d.ts +5 -0
- package/dist/app/repository/model/Token.js +21 -1
- package/dist/app/repository/model/TokenPackage.d.ts +8 -0
- package/dist/app/repository/model/TokenPackage.js +44 -0
- package/package.json +1 -1
|
@@ -1,14 +1,31 @@
|
|
|
1
1
|
import { Entity, EntityData } from './Entity';
|
|
2
2
|
import { EasyData } from '../util/EntityUtil';
|
|
3
|
-
|
|
3
|
+
export declare enum TokenType {
|
|
4
|
+
granular = "granular",
|
|
5
|
+
classic = "classic"
|
|
6
|
+
}
|
|
7
|
+
interface BaseTokenData extends EntityData {
|
|
4
8
|
tokenId: string;
|
|
5
9
|
tokenMark: string;
|
|
6
10
|
tokenKey: string;
|
|
7
|
-
cidrWhitelist
|
|
11
|
+
cidrWhitelist?: string[];
|
|
8
12
|
userId: string;
|
|
9
|
-
isReadonly
|
|
10
|
-
|
|
13
|
+
isReadonly?: boolean;
|
|
14
|
+
type?: TokenType;
|
|
15
|
+
}
|
|
16
|
+
interface ClassicTokenData extends BaseTokenData {
|
|
17
|
+
isAutomation?: boolean;
|
|
18
|
+
}
|
|
19
|
+
interface GranularTokenData extends BaseTokenData {
|
|
20
|
+
name: string;
|
|
21
|
+
description?: string;
|
|
22
|
+
allowedScopes?: string[];
|
|
23
|
+
allowedPackages?: string[];
|
|
24
|
+
expires: number;
|
|
25
|
+
expiredAt: Date;
|
|
11
26
|
}
|
|
27
|
+
type TokenData = ClassicTokenData | GranularTokenData;
|
|
28
|
+
export declare function isGranularToken(data: TokenData): data is GranularTokenData;
|
|
12
29
|
export declare class Token extends Entity {
|
|
13
30
|
readonly tokenId: string;
|
|
14
31
|
readonly tokenMark: string;
|
|
@@ -17,6 +34,13 @@ export declare class Token extends Entity {
|
|
|
17
34
|
readonly userId: string;
|
|
18
35
|
readonly isReadonly: boolean;
|
|
19
36
|
readonly isAutomation: boolean;
|
|
37
|
+
readonly type?: TokenType;
|
|
38
|
+
readonly name?: string;
|
|
39
|
+
readonly description?: string;
|
|
40
|
+
readonly allowedScopes?: string[];
|
|
41
|
+
readonly expiredAt?: Date;
|
|
42
|
+
readonly expires?: number;
|
|
43
|
+
allowedPackages?: string[];
|
|
20
44
|
token?: string;
|
|
21
45
|
constructor(data: TokenData);
|
|
22
46
|
static create(data: EasyData<TokenData, 'tokenId'>): Token;
|
|
@@ -1,8 +1,21 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.Token = void 0;
|
|
6
|
+
exports.Token = exports.isGranularToken = exports.TokenType = void 0;
|
|
7
|
+
const dayjs_1 = __importDefault(require("dayjs"));
|
|
4
8
|
const Entity_1 = require("./Entity");
|
|
5
9
|
const EntityUtil_1 = require("../util/EntityUtil");
|
|
10
|
+
var TokenType;
|
|
11
|
+
(function (TokenType) {
|
|
12
|
+
TokenType["granular"] = "granular";
|
|
13
|
+
TokenType["classic"] = "classic";
|
|
14
|
+
})(TokenType = exports.TokenType || (exports.TokenType = {}));
|
|
15
|
+
function isGranularToken(data) {
|
|
16
|
+
return data.type === TokenType.granular;
|
|
17
|
+
}
|
|
18
|
+
exports.isGranularToken = isGranularToken;
|
|
6
19
|
class Token extends Entity_1.Entity {
|
|
7
20
|
constructor(data) {
|
|
8
21
|
super(data);
|
|
@@ -10,14 +23,27 @@ class Token extends Entity_1.Entity {
|
|
|
10
23
|
this.tokenId = data.tokenId;
|
|
11
24
|
this.tokenMark = data.tokenMark;
|
|
12
25
|
this.tokenKey = data.tokenKey;
|
|
13
|
-
this.cidrWhitelist = data.cidrWhitelist;
|
|
14
|
-
this.isReadonly = data.isReadonly;
|
|
15
|
-
this.
|
|
26
|
+
this.cidrWhitelist = data.cidrWhitelist || [];
|
|
27
|
+
this.isReadonly = data.isReadonly || false;
|
|
28
|
+
this.type = data.type || TokenType.classic;
|
|
29
|
+
if (isGranularToken(data)) {
|
|
30
|
+
this.name = data.name;
|
|
31
|
+
this.description = data.description;
|
|
32
|
+
this.allowedScopes = data.allowedScopes;
|
|
33
|
+
this.expiredAt = data.expiredAt;
|
|
34
|
+
this.allowedPackages = data.allowedPackages;
|
|
35
|
+
}
|
|
36
|
+
else {
|
|
37
|
+
this.isAutomation = data.isAutomation || false;
|
|
38
|
+
}
|
|
16
39
|
}
|
|
17
40
|
static create(data) {
|
|
18
41
|
const newData = EntityUtil_1.EntityUtil.defaultData(data, 'tokenId');
|
|
42
|
+
if (isGranularToken(newData) && !newData.expiredAt) {
|
|
43
|
+
newData.expiredAt = (0, dayjs_1.default)(newData.createdAt).add(newData.expires, 'days').toDate();
|
|
44
|
+
}
|
|
19
45
|
return new Token(newData);
|
|
20
46
|
}
|
|
21
47
|
}
|
|
22
48
|
exports.Token = Token;
|
|
23
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
49
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVG9rZW4uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9hcHAvY29yZS9lbnRpdHkvVG9rZW4udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsa0RBQTBCO0FBQzFCLHFDQUE4QztBQUM5QyxtREFBMEQ7QUFFMUQsSUFBWSxTQUdYO0FBSEQsV0FBWSxTQUFTO0lBQ25CLGtDQUFxQixDQUFBO0lBQ3JCLGdDQUFtQixDQUFBO0FBQ3JCLENBQUMsRUFIVyxTQUFTLEdBQVQsaUJBQVMsS0FBVCxpQkFBUyxRQUdwQjtBQXlCRCxTQUFnQixlQUFlLENBQUMsSUFBZTtJQUM3QyxPQUFPLElBQUksQ0FBQyxJQUFJLEtBQUssU0FBUyxDQUFDLFFBQVEsQ0FBQztBQUMxQyxDQUFDO0FBRkQsMENBRUM7QUFFRCxNQUFhLEtBQU0sU0FBUSxlQUFNO0lBaUIvQixZQUFZLElBQWU7UUFDekIsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ1osSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDO1FBQzFCLElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQztRQUM1QixJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUM7UUFDaEMsSUFBSSxDQUFDLFFBQVEsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQzlCLElBQUksQ0FBQyxhQUFhLEdBQUcsSUFBSSxDQUFDLGFBQWEsSUFBSSxFQUFFLENBQUM7UUFDOUMsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxJQUFJLEtBQUssQ0FBQztRQUMzQyxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLElBQUksU0FBUyxDQUFDLE9BQU8sQ0FBQztRQUUzQyxJQUFJLGVBQWUsQ0FBQyxJQUFJLENBQUMsRUFBRTtZQUN6QixJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7WUFDdEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDO1lBQ3BDLElBQUksQ0FBQyxhQUFhLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQztZQUN4QyxJQUFJLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUM7WUFDaEMsSUFBSSxDQUFDLGVBQWUsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDO1NBQzdDO2FBQU07WUFDTCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksQ0FBQyxZQUFZLElBQUksS0FBSyxDQUFDO1NBQ2hEO0lBQ0gsQ0FBQztJQUVELE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBb0M7UUFDaEQsTUFBTSxPQUFPLEdBQUcsdUJBQVUsQ0FBQyxXQUFXLENBQUMsSUFBSSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQ3hELElBQUksZUFBZSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRTtZQUNsRCxPQUFPLENBQUMsU0FBUyxHQUFHLElBQUEsZUFBSyxFQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQztTQUNwRjtRQUNELE9BQU8sSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDNUIsQ0FBQztDQUVGO0FBOUNELHNCQThDQyJ9
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { AbstractService } from '../../common/AbstractService';
|
|
2
|
+
import { Token } from '../entity/Token';
|
|
3
|
+
import { Package as PackageEntity } from '../entity/Package';
|
|
4
|
+
export declare class TokenService extends AbstractService {
|
|
5
|
+
private readonly TokenPackage;
|
|
6
|
+
private readonly Package;
|
|
7
|
+
listTokenPackages(token: Token): Promise<PackageEntity[] | null>;
|
|
8
|
+
checkGranularTokenAccess(token: Token, fullname: string): Promise<boolean>;
|
|
9
|
+
}
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.TokenService = void 0;
|
|
16
|
+
const dayjs_1 = __importDefault(require("dayjs"));
|
|
17
|
+
const tegg_1 = require("@eggjs/tegg");
|
|
18
|
+
const lodash_1 = require("lodash");
|
|
19
|
+
const AbstractService_1 = require("../../common/AbstractService");
|
|
20
|
+
const Token_1 = require("../entity/Token");
|
|
21
|
+
const ModelConvertor_1 = require("../../../app/repository/util/ModelConvertor");
|
|
22
|
+
const Package_1 = require("../entity/Package");
|
|
23
|
+
const egg_errors_1 = require("egg-errors");
|
|
24
|
+
const PackageUtil_1 = require("../../../app/common/PackageUtil");
|
|
25
|
+
let TokenService = class TokenService extends AbstractService_1.AbstractService {
|
|
26
|
+
async listTokenPackages(token) {
|
|
27
|
+
if ((0, Token_1.isGranularToken)(token)) {
|
|
28
|
+
const models = await this.TokenPackage.find({ tokenId: token.tokenId });
|
|
29
|
+
const packages = await this.Package.find({ packageId: models.map(m => m.packageId) });
|
|
30
|
+
return packages.map(pkg => ModelConvertor_1.ModelConvertor.convertModelToEntity(pkg, Package_1.Package));
|
|
31
|
+
}
|
|
32
|
+
return null;
|
|
33
|
+
}
|
|
34
|
+
async checkGranularTokenAccess(token, fullname) {
|
|
35
|
+
// skip classic token
|
|
36
|
+
if (!(0, Token_1.isGranularToken)(token)) {
|
|
37
|
+
return true;
|
|
38
|
+
}
|
|
39
|
+
// check for expires
|
|
40
|
+
if ((0, dayjs_1.default)(token.expiredAt).isBefore(new Date())) {
|
|
41
|
+
throw new egg_errors_1.UnauthorizedError('Token expired');
|
|
42
|
+
}
|
|
43
|
+
// check for scope whitelist
|
|
44
|
+
const [scope, name] = (0, PackageUtil_1.getScopeAndName)(fullname);
|
|
45
|
+
// check for packages whitelist
|
|
46
|
+
const allowedPackages = await this.listTokenPackages(token);
|
|
47
|
+
// check for scope & packages access
|
|
48
|
+
if ((0, lodash_1.isEmpty)(allowedPackages) && (0, lodash_1.isEmpty)(token.allowedScopes)) {
|
|
49
|
+
return true;
|
|
50
|
+
}
|
|
51
|
+
const existPkgConfig = allowedPackages?.find(pkg => pkg.scope === scope && pkg.name === name);
|
|
52
|
+
if (existPkgConfig) {
|
|
53
|
+
return true;
|
|
54
|
+
}
|
|
55
|
+
const existScopeConfig = token.allowedScopes?.find(s => s === scope);
|
|
56
|
+
if (existScopeConfig) {
|
|
57
|
+
return true;
|
|
58
|
+
}
|
|
59
|
+
throw new egg_errors_1.ForbiddenError(`can't access package "${fullname}"`);
|
|
60
|
+
}
|
|
61
|
+
};
|
|
62
|
+
__decorate([
|
|
63
|
+
(0, tegg_1.Inject)(),
|
|
64
|
+
__metadata("design:type", Object)
|
|
65
|
+
], TokenService.prototype, "TokenPackage", void 0);
|
|
66
|
+
__decorate([
|
|
67
|
+
(0, tegg_1.Inject)(),
|
|
68
|
+
__metadata("design:type", Object)
|
|
69
|
+
], TokenService.prototype, "Package", void 0);
|
|
70
|
+
TokenService = __decorate([
|
|
71
|
+
(0, tegg_1.SingletonProto)({
|
|
72
|
+
accessLevel: tegg_1.AccessLevel.PUBLIC,
|
|
73
|
+
})
|
|
74
|
+
], TokenService);
|
|
75
|
+
exports.TokenService = TokenService;
|
|
76
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVG9rZW5TZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vYXBwL2NvcmUvc2VydmljZS9Ub2tlblNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsa0RBQTBCO0FBQzFCLHNDQUlxQjtBQUNyQixtQ0FBaUM7QUFDakMsa0VBQStEO0FBQy9ELDJDQUF5RDtBQUd6RCxnRkFBNkU7QUFDN0UsK0NBQTZEO0FBQzdELDJDQUErRDtBQUMvRCxpRUFBa0U7QUFLM0QsSUFBTSxZQUFZLEdBQWxCLE1BQU0sWUFBYSxTQUFRLGlDQUFlO0lBTXhDLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxLQUFZO1FBQ3pDLElBQUksSUFBQSx1QkFBZSxFQUFDLEtBQUssQ0FBQyxFQUFFO1lBQzFCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDeEUsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxFQUFFLFNBQVMsRUFBRSxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN0RixPQUFPLFFBQVEsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQywrQkFBYyxDQUFDLG9CQUFvQixDQUFDLEdBQUcsRUFBRSxpQkFBYSxDQUFDLENBQUMsQ0FBQztTQUNyRjtRQUNELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVNLEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxLQUFZLEVBQUUsUUFBZ0I7UUFDbEUscUJBQXFCO1FBQ3JCLElBQUksQ0FBQyxJQUFBLHVCQUFlLEVBQUMsS0FBSyxDQUFDLEVBQUU7WUFDM0IsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELG9CQUFvQjtRQUNwQixJQUFJLElBQUEsZUFBSyxFQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxJQUFJLEVBQUUsQ0FBQyxFQUFFO1lBQy9DLE1BQU0sSUFBSSw4QkFBaUIsQ0FBQyxlQUFlLENBQUMsQ0FBQztTQUM5QztRQUVELDRCQUE0QjtRQUM1QixNQUFNLENBQUUsS0FBSyxFQUFFLElBQUksQ0FBRSxHQUFHLElBQUEsNkJBQWUsRUFBQyxRQUFRLENBQUMsQ0FBQztRQUNsRCwrQkFBK0I7UUFDL0IsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFFNUQsb0NBQW9DO1FBQ3BDLElBQUksSUFBQSxnQkFBTyxFQUFDLGVBQWUsQ0FBQyxJQUFJLElBQUEsZ0JBQU8sRUFBQyxLQUFLLENBQUMsYUFBYSxDQUFDLEVBQUU7WUFDNUQsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELE1BQU0sY0FBYyxHQUFHLGVBQWUsRUFBRSxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsS0FBSyxLQUFLLEtBQUssSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLElBQUksQ0FBQyxDQUFDO1FBQzlGLElBQUksY0FBYyxFQUFFO1lBQ2xCLE9BQU8sSUFBSSxDQUFDO1NBQ2I7UUFFRCxNQUFNLGdCQUFnQixHQUFHLEtBQUssQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxLQUFLLEtBQUssQ0FBQyxDQUFDO1FBQ3JFLElBQUksZ0JBQWdCLEVBQUU7WUFDcEIsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELE1BQU0sSUFBSSwyQkFBYyxDQUFDLHlCQUF5QixRQUFRLEdBQUcsQ0FBQyxDQUFDO0lBRWpFLENBQUM7Q0FFRixDQUFBO0FBakRDO0lBQUMsSUFBQSxhQUFNLEdBQUU7O2tEQUMrQztBQUN4RDtJQUFDLElBQUEsYUFBTSxHQUFFOzs2Q0FDcUM7QUFKbkMsWUFBWTtJQUh4QixJQUFBLHFCQUFjLEVBQUM7UUFDZCxXQUFXLEVBQUUsa0JBQVcsQ0FBQyxNQUFNO0tBQ2hDLENBQUM7R0FDVyxZQUFZLENBa0R4QjtBQWxEWSxvQ0FBWSJ9
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { User as UserEntity } from '../entity/User';
|
|
2
|
-
import { Token as TokenEntity } from '../entity/Token';
|
|
2
|
+
import { Token as TokenEntity, TokenType } from '../entity/Token';
|
|
3
3
|
import { WebauthnCredential as WebauthnCredentialEntity } from '../entity/WebauthnCredential';
|
|
4
4
|
import { LoginResultCode } from '../../common/enum/User';
|
|
5
5
|
import { AbstractService } from '../../common/AbstractService';
|
|
@@ -15,7 +15,18 @@ type LoginResult = {
|
|
|
15
15
|
user?: UserEntity;
|
|
16
16
|
token?: TokenEntity;
|
|
17
17
|
};
|
|
18
|
-
type
|
|
18
|
+
type CreateTokenOption = CreateClassicTokenOptions | CreateGranularTokenOptions;
|
|
19
|
+
type CreateGranularTokenOptions = {
|
|
20
|
+
type: TokenType.granular;
|
|
21
|
+
name: string;
|
|
22
|
+
description?: string;
|
|
23
|
+
allowedScopes?: string[];
|
|
24
|
+
allowedPackages?: string[];
|
|
25
|
+
isReadonly?: boolean;
|
|
26
|
+
cidrWhitelist?: string[];
|
|
27
|
+
expires: number;
|
|
28
|
+
};
|
|
29
|
+
type CreateClassicTokenOptions = {
|
|
19
30
|
isReadonly?: boolean;
|
|
20
31
|
isAutomation?: boolean;
|
|
21
32
|
cidrWhitelist?: string[];
|
|
@@ -42,7 +53,7 @@ export declare class UserService extends AbstractService {
|
|
|
42
53
|
changed: boolean;
|
|
43
54
|
user: UserEntity;
|
|
44
55
|
}>;
|
|
45
|
-
createToken(userId: string, options?:
|
|
56
|
+
createToken(userId: string, options?: CreateTokenOption): Promise<TokenEntity>;
|
|
46
57
|
removeToken(userId: string, tokenKeyOrTokenValue: string): Promise<void>;
|
|
47
58
|
findWebauthnCredential(userId: string, browserType?: string): Promise<WebauthnCredentialEntity | null>;
|
|
48
59
|
createWebauthnCredential(userId: string, options: CreateWebauthnCredentialOptions): Promise<WebauthnCredentialEntity>;
|
|
@@ -101,6 +101,7 @@ let UserService = class UserService extends AbstractService_1.AbstractService {
|
|
|
101
101
|
async createToken(userId, options = {}) {
|
|
102
102
|
// https://github.blog/2021-09-23-announcing-npms-new-access-token-format/
|
|
103
103
|
// https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
|
|
104
|
+
// https://github.blog/changelog/2022-12-06-limit-scope-of-npm-tokens-with-the-new-granular-access-tokens/
|
|
104
105
|
const token = (0, UserUtil_1.randomToken)(this.config.cnpmcore.name);
|
|
105
106
|
const tokenKey = (0, UserUtil_1.sha512)(token);
|
|
106
107
|
const tokenMark = token.substring(0, token.indexOf('_') + 4);
|
|
@@ -108,9 +109,7 @@ let UserService = class UserService extends AbstractService_1.AbstractService {
|
|
|
108
109
|
tokenKey,
|
|
109
110
|
tokenMark,
|
|
110
111
|
userId,
|
|
111
|
-
|
|
112
|
-
isReadonly: options.isReadonly ?? false,
|
|
113
|
-
isAutomation: options.isAutomation ?? false,
|
|
112
|
+
...options,
|
|
114
113
|
});
|
|
115
114
|
await this.userRepository.saveToken(tokenEntity);
|
|
116
115
|
tokenEntity.token = token;
|
|
@@ -161,4 +160,4 @@ UserService = __decorate([
|
|
|
161
160
|
})
|
|
162
161
|
], UserService);
|
|
163
162
|
exports.UserService = UserService;
|
|
164
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
163
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVXNlclNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9hcHAvY29yZS9zZXJ2aWNlL1VzZXJTZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG9EQUE0QjtBQUM1QixzQ0FJcUI7QUFDckIsMkNBQTJEO0FBQzNELG9FQUFpRTtBQUNqRSx5Q0FBb0Q7QUFDcEQsMkNBQWtFO0FBQ2xFLHFFQUE4RjtBQUM5RixpREFBeUQ7QUFDekQsb0RBQXVGO0FBQ3ZGLGtFQUErRDtBQTZDeEQsSUFBTSxXQUFXLEdBQWpCLE1BQU0sV0FBWSxTQUFRLGlDQUFlO0lBSTlDLGFBQWEsQ0FBQyxJQUFnQixFQUFFLFFBQWdCO1FBQzlDLE1BQU0sS0FBSyxHQUFHLEdBQUcsSUFBSSxDQUFDLFlBQVksR0FBRyxRQUFRLEVBQUUsQ0FBQztRQUNoRCxPQUFPLElBQUEseUJBQWMsRUFBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVELEtBQUssQ0FBQyxjQUFjLENBQUMsSUFBWTtRQUMvQixPQUFPLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDeEQsQ0FBQztJQUVELEtBQUssQ0FBQyxLQUFLLENBQUMsSUFBWSxFQUFFLFFBQWdCO1FBQ3hDLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDNUQsSUFBSSxDQUFDLElBQUk7WUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLHNCQUFlLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDekQsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxFQUFFO1lBQ3ZDLE9BQU8sRUFBRSxJQUFJLEVBQUUsc0JBQWUsQ0FBQyxJQUFJLEVBQUUsQ0FBQztTQUN2QztRQUNELE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbEQsT0FBTyxFQUFFLElBQUksRUFBRSxzQkFBZSxDQUFDLE9BQU8sRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDeEQsQ0FBQztJQUVELEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsUUFBUSxHQUFHLGdCQUFNLENBQUMsVUFBVSxFQUFFLEVBQUUsRUFBRSxFQUFvQztRQUMzRyxJQUFJLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzFELElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDVCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUM7Z0JBQ2xDLElBQUk7Z0JBQ0osS0FBSztnQkFDTCx5QkFBeUI7Z0JBQ3pCLHVDQUF1QztnQkFDdkMsUUFBUTtnQkFDUixFQUFFO2FBQ0gsQ0FBQyxDQUFDO1lBQ0gsSUFBSSxHQUFHLFNBQVMsQ0FBQyxJQUFJLENBQUM7U0FDdkI7UUFDRCxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2xELE9BQU8sRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVELEtBQUssQ0FBQyxNQUFNLENBQUMsVUFBc0I7UUFDakMsTUFBTSxZQUFZLEdBQUcsZ0JBQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzVELE1BQU0sS0FBSyxHQUFHLEdBQUcsWUFBWSxHQUFHLFVBQVUsQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUN0RCxNQUFNLGlCQUFpQixHQUFHLElBQUEsb0JBQVMsRUFBQyxLQUFLLENBQUMsQ0FBQztRQUMzQyxNQUFNLFVBQVUsR0FBRyxXQUFVLENBQUMsTUFBTSxDQUFDO1lBQ25DLElBQUksRUFBRSxVQUFVLENBQUMsSUFBSTtZQUNyQixLQUFLLEVBQUUsVUFBVSxDQUFDLEtBQUs7WUFDdkIsRUFBRSxFQUFFLFVBQVUsQ0FBQyxFQUFFO1lBQ2pCLFlBQVk7WUFDWixpQkFBaUI7WUFDakIsU0FBUyxFQUFFLElBQUk7U0FDaEIsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUMvQyxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3hELE9BQU8sRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLEtBQUssRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxLQUFLLENBQUMsUUFBUSxDQUFDLFVBQVUsR0FBRyxNQUFNLEVBQUUsSUFBWSxFQUFFLEtBQWE7UUFDN0QsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxHQUFHLFVBQVUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUMzRSxJQUFJLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQy9ELElBQUksQ0FBQyxJQUFJLEVBQUU7WUFDVCxNQUFNLFlBQVksR0FBRyxnQkFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDNUQsTUFBTSxpQkFBaUIsR0FBRyxJQUFBLG9CQUFTLEVBQUMsWUFBWSxDQUFDLENBQUM7WUFDbEQsSUFBSSxHQUFHLFdBQVUsQ0FBQyxNQUFNLENBQUM7Z0JBQ3ZCLElBQUksRUFBRSxTQUFTO2dCQUNmLEtBQUs7Z0JBQ0wsRUFBRSxFQUFFLEVBQUU7Z0JBQ04sWUFBWTtnQkFDWixpQkFBaUI7Z0JBQ2pCLFNBQVMsRUFBRSxLQUFLO2FBQ2pCLENBQUMsQ0FBQztZQUNILE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDekMsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLENBQUM7U0FDaEM7UUFDRCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssS0FBSyxFQUFFO1lBQ3hCLE9BQU87WUFDUCxPQUFPLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsQ0FBQztTQUNqQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDO1FBQ25CLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDekMsT0FBTyxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDakMsQ0FBQztJQUVELEtBQUssQ0FBQyxXQUFXLENBQUMsTUFBYyxFQUFFLFVBQTZCLEVBQUU7UUFDL0QsMEVBQTBFO1FBQzFFLGtGQUFrRjtRQUNsRiwwR0FBMEc7UUFDMUcsTUFBTSxLQUFLLEdBQUcsSUFBQSxzQkFBVyxFQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3JELE1BQU0sUUFBUSxHQUFHLElBQUEsaUJBQU0sRUFBQyxLQUFLLENBQUMsQ0FBQztRQUMvQixNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO1FBQzdELE1BQU0sV0FBVyxHQUFHLGFBQVcsQ0FBQyxNQUFNLENBQUM7WUFDckMsUUFBUTtZQUNSLFNBQVM7WUFDVCxNQUFNO1lBQ04sR0FBRyxPQUFPO1NBQ1gsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUNqRCxXQUFXLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztRQUMxQixPQUFPLFdBQVcsQ0FBQztJQUNyQixDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVcsQ0FBQyxNQUFjLEVBQUUsb0JBQTRCO1FBQzVELElBQUksS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxtQkFBbUIsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO1FBQ2hGLElBQUksQ0FBQyxLQUFLLEVBQUU7WUFDViw2REFBNkQ7WUFDN0QsS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxtQkFBbUIsQ0FBQyxJQUFBLGlCQUFNLEVBQUMsb0JBQW9CLENBQUMsQ0FBQyxDQUFDO1NBQ3JGO1FBQ0QsSUFBSSxDQUFDLEtBQUssRUFBRTtZQUNWLE1BQU0sSUFBSSwwQkFBYSxDQUFDLFVBQVUsb0JBQW9CLGNBQWMsQ0FBQyxDQUFDO1NBQ3ZFO1FBQ0QsSUFBSSxLQUFLLENBQUMsTUFBTSxLQUFLLE1BQU0sRUFBRTtZQUMzQixNQUFNLElBQUksMkJBQWMsQ0FBQyxtQ0FBbUMsb0JBQW9CLEdBQUcsQ0FBQyxDQUFDO1NBQ3RGO1FBQ0QsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVELEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFjLEVBQUUsV0FBb0I7UUFDL0QsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLG9DQUFvQyxDQUFDLE1BQU0sRUFBRSxXQUFXLElBQUksSUFBSSxDQUFDLENBQUM7UUFDL0csT0FBTyxVQUFVLENBQUM7SUFDcEIsQ0FBQztJQUVELEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxNQUFjLEVBQUUsT0FBd0M7UUFDckYsTUFBTSxnQkFBZ0IsR0FBRyx1Q0FBd0IsQ0FBQyxNQUFNLENBQUM7WUFDdkQsTUFBTTtZQUNOLFlBQVksRUFBRSxPQUFPLENBQUMsWUFBWTtZQUNsQyxTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7WUFDNUIsV0FBVyxFQUFFLE9BQU8sQ0FBQyxXQUFXO1NBQ2pDLENBQUMsQ0FBQztRQUNILE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUMzRCxPQUFPLGdCQUFnQixDQUFDO0lBQzFCLENBQUM7SUFFRCxLQUFLLENBQUMsd0JBQXdCLENBQUMsTUFBYyxFQUFFLFdBQW9CO1FBQ2pFLE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxvQ0FBb0MsQ0FBQyxNQUFNLEVBQUUsV0FBVyxJQUFJLElBQUksQ0FBQyxDQUFDO1FBQy9HLElBQUksVUFBVSxFQUFFO1lBQ2QsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLGdCQUFnQixDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztTQUMvRDtJQUNILENBQUM7Q0FDRixDQUFBO0FBeklDO0lBQUMsSUFBQSxhQUFNLEdBQUU7OEJBQ3dCLCtCQUFjO21EQUFDO0FBRnJDLFdBQVc7SUFIdkIsSUFBQSxxQkFBYyxFQUFDO1FBQ2QsV0FBVyxFQUFFLGtCQUFXLENBQUMsTUFBTTtLQUNoQyxDQUFDO0dBQ1csV0FBVyxDQTBJdkI7QUExSVksa0NBQVcifQ==
|
|
@@ -10,6 +10,7 @@ export declare class UserRoleManager {
|
|
|
10
10
|
private readonly config;
|
|
11
11
|
protected logger: EggLogger;
|
|
12
12
|
private readonly registryManagerService;
|
|
13
|
+
private readonly tokenService;
|
|
13
14
|
private handleAuthorized;
|
|
14
15
|
private currentAuthorizedUser;
|
|
15
16
|
private currentAuthorizedToken;
|
|
@@ -17,6 +17,7 @@ const PackageRepository_1 = require("../repository/PackageRepository");
|
|
|
17
17
|
const UserUtil_1 = require("../common/UserUtil");
|
|
18
18
|
const PackageUtil_1 = require("../common/PackageUtil");
|
|
19
19
|
const RegistryManagerService_1 = require("../core/service/RegistryManagerService");
|
|
20
|
+
const TokenService_1 = require("../core/service/TokenService");
|
|
20
21
|
let UserRoleManager = class UserRoleManager {
|
|
21
22
|
constructor() {
|
|
22
23
|
this.handleAuthorized = false;
|
|
@@ -28,28 +29,32 @@ let UserRoleManager = class UserRoleManager {
|
|
|
28
29
|
// use AbstractController#ensurePublishAccess ensure pkg exists;
|
|
29
30
|
async checkPublishAccess(ctx, fullname) {
|
|
30
31
|
const user = await this.requiredAuthorizedUser(ctx, 'publish');
|
|
31
|
-
// 1. admin
|
|
32
|
+
// 1. admin has all access
|
|
32
33
|
const isAdmin = await this.isAdmin(ctx);
|
|
33
34
|
if (isAdmin) {
|
|
34
35
|
return user;
|
|
35
36
|
}
|
|
36
|
-
// 2.
|
|
37
|
+
// 2. check for checkGranularTokenAccess
|
|
38
|
+
const authorizedUserAndToken = await this.getAuthorizedUserAndToken(ctx);
|
|
39
|
+
const { token } = authorizedUserAndToken;
|
|
40
|
+
await this.tokenService.checkGranularTokenAccess(token, fullname);
|
|
41
|
+
// 3. has published in current registry
|
|
37
42
|
const [scope, name] = (0, PackageUtil_1.getScopeAndName)(fullname);
|
|
38
43
|
const pkg = await this.packageRepository.findPackage(scope, name);
|
|
39
44
|
const selfRegistry = await this.registryManagerService.ensureSelfRegistry();
|
|
40
45
|
const inSelfRegistry = pkg?.registryId === selfRegistry.registryId;
|
|
41
46
|
if (inSelfRegistry) {
|
|
42
|
-
//
|
|
47
|
+
// 3.1 check in Maintainers table
|
|
43
48
|
// Higher priority than scope check
|
|
44
49
|
await this.requiredPackageMaintainer(pkg, user);
|
|
45
50
|
return user;
|
|
46
51
|
}
|
|
47
52
|
if (pkg && !scope && !inSelfRegistry) {
|
|
48
|
-
//
|
|
53
|
+
// 3.2 public package can't publish in other registry
|
|
49
54
|
// scope package can be migrated into self registry
|
|
50
55
|
throw new egg_errors_1.ForbiddenError(`Can\'t modify npm public package "${fullname}"`);
|
|
51
56
|
}
|
|
52
|
-
//
|
|
57
|
+
// 4 check scope is allowed to publish
|
|
53
58
|
await this.requiredPackageScope(scope, user);
|
|
54
59
|
if (pkg) {
|
|
55
60
|
// published scoped package
|
|
@@ -179,6 +184,10 @@ __decorate([
|
|
|
179
184
|
(0, tegg_1.Inject)(),
|
|
180
185
|
__metadata("design:type", RegistryManagerService_1.RegistryManagerService)
|
|
181
186
|
], UserRoleManager.prototype, "registryManagerService", void 0);
|
|
187
|
+
__decorate([
|
|
188
|
+
(0, tegg_1.Inject)(),
|
|
189
|
+
__metadata("design:type", TokenService_1.TokenService)
|
|
190
|
+
], UserRoleManager.prototype, "tokenService", void 0);
|
|
182
191
|
UserRoleManager = __decorate([
|
|
183
192
|
(0, tegg_1.ContextProto)({
|
|
184
193
|
// only inject on port module
|
|
@@ -186,4 +195,4 @@ UserRoleManager = __decorate([
|
|
|
186
195
|
})
|
|
187
196
|
], UserRoleManager);
|
|
188
197
|
exports.UserRoleManager = UserRoleManager;
|
|
189
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
198
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVXNlclJvbGVNYW5hZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vYXBwL3BvcnQvVXNlclJvbGVNYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7OztBQUFBLHNDQUtxQjtBQUVyQiwyQ0FBK0Q7QUFDL0QsaUVBQThEO0FBQzlELHVFQUFvRTtBQUlwRSxpREFBNEM7QUFDNUMsdURBQXdEO0FBQ3hELG1GQUFnRjtBQUNoRiwrREFBNEQ7QUFTckQsSUFBTSxlQUFlLEdBQXJCLE1BQU0sZUFBZTtJQUFyQjtRQWNHLHFCQUFnQixHQUFHLEtBQUssQ0FBQztJQTBKbkMsQ0FBQztJQXRKQyx1QkFBdUI7SUFDdkIsMEJBQTBCO0lBQzFCLHVDQUF1QztJQUN2QyxxQ0FBcUM7SUFDckMsZ0VBQWdFO0lBQ3pELEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxHQUFlLEVBQUUsUUFBZ0I7UUFFL0QsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsc0JBQXNCLENBQUMsR0FBRyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBRS9ELDBCQUEwQjtRQUMxQixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDeEMsSUFBSSxPQUFPLEVBQUU7WUFDWCxPQUFPLElBQUksQ0FBQztTQUNiO1FBRUQsd0NBQXdDO1FBQ3hDLE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxJQUFJLENBQUMseUJBQXlCLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDekUsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLHNCQUF1QixDQUFDO1FBQzFDLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyx3QkFBd0IsQ0FBQyxLQUFLLEVBQUUsUUFBUSxDQUFDLENBQUM7UUFFbEUsdUNBQXVDO1FBQ3ZDLE1BQU0sQ0FBRSxLQUFLLEVBQUUsSUFBSSxDQUFFLEdBQUcsSUFBQSw2QkFBZSxFQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ2xELE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDbEUsTUFBTSxZQUFZLEdBQUcsTUFBTSxJQUFJLENBQUMsc0JBQXNCLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUM1RSxNQUFNLGNBQWMsR0FBRyxHQUFHLEVBQUUsVUFBVSxLQUFLLFlBQVksQ0FBQyxVQUFVLENBQUM7UUFDbkUsSUFBSSxjQUFjLEVBQUU7WUFDbEIsaUNBQWlDO1lBQ2pDLG1DQUFtQztZQUNuQyxNQUFNLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFDaEQsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELElBQUksR0FBRyxJQUFJLENBQUMsS0FBSyxJQUFJLENBQUMsY0FBYyxFQUFFO1lBQ3BDLHFEQUFxRDtZQUNyRCxtREFBbUQ7WUFDbkQsTUFBTSxJQUFJLDJCQUFjLENBQUMscUNBQXFDLFFBQVEsR0FBRyxDQUFDLENBQUM7U0FDNUU7UUFFRCxzQ0FBc0M7UUFDdEMsTUFBTSxJQUFJLENBQUMsb0JBQW9CLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQzdDLElBQUksR0FBRyxFQUFFO1lBQ1AsMkJBQTJCO1lBQzNCLE1BQU0sSUFBSSxDQUFDLHlCQUF5QixDQUFDLEdBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztTQUNsRDtRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVELElBQUk7SUFDSiwyRUFBMkU7SUFDM0UsOEJBQThCO0lBQzlCLGtFQUFrRTtJQUNsRSx3Q0FBd0M7SUFDeEMsbUJBQW1CO0lBQ25CLDZCQUE2QjtJQUM3Qix1Q0FBdUM7SUFDdkMsNEJBQTRCO0lBQzVCLDZCQUE2QjtJQUM3QixJQUFJO0lBQ0csS0FBSyxDQUFDLHlCQUF5QixDQUFDLEdBQWU7UUFDcEQsSUFBSSxJQUFJLENBQUMsZ0JBQWdCLEVBQUU7WUFDekIsSUFBSSxDQUFDLElBQUksQ0FBQyxxQkFBcUI7Z0JBQUUsT0FBTyxJQUFJLENBQUM7WUFDN0MsT0FBTztnQkFDTCxLQUFLLEVBQUUsSUFBSSxDQUFDLHNCQUFzQjtnQkFDbEMsSUFBSSxFQUFFLElBQUksQ0FBQyxxQkFBcUI7YUFDakMsQ0FBQztTQUNIO1FBRUQsSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksQ0FBQztRQUM3QixNQUFNLGFBQWEsR0FBRyxHQUFHLENBQUMsR0FBRyxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQy9DLElBQUksQ0FBQyxhQUFhO1lBQUUsT0FBTyxJQUFJLENBQUM7UUFDaEMsTUFBTSxNQUFNLEdBQUcscUJBQXFCLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3pELElBQUksQ0FBQyxNQUFNO1lBQUUsT0FBTyxJQUFJLENBQUM7UUFDekIsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzdCLE1BQU0sUUFBUSxHQUFHLElBQUEsaUJBQU0sRUFBQyxVQUFVLENBQUMsQ0FBQztRQUNwQyxNQUFNLHNCQUFzQixHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQywwQkFBMEIsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM5RixJQUFJLHNCQUFzQixFQUFFO1lBQzFCLElBQUksQ0FBQyxzQkFBc0IsR0FBRyxzQkFBc0IsQ0FBQyxLQUFLLENBQUM7WUFDM0QsSUFBSSxDQUFDLHFCQUFxQixHQUFHLHNCQUFzQixDQUFDLElBQUksQ0FBQztZQUN6RCxHQUFHLENBQUMsTUFBTSxHQUFHLHNCQUFzQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7U0FDakQ7UUFDRCxPQUFPLHNCQUFzQixDQUFDO0lBQ2hDLENBQUM7SUFFTSxLQUFLLENBQUMsc0JBQXNCLENBQUMsR0FBZSxFQUFFLElBQWU7UUFDbEUsTUFBTSxzQkFBc0IsR0FBRyxNQUFNLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN6RSxJQUFJLENBQUMsc0JBQXNCLEVBQUU7WUFDM0IsTUFBTSxhQUFhLEdBQUcsR0FBRyxDQUFDLEdBQUcsQ0FBQyxlQUFlLENBQUMsQ0FBQztZQUMvQyxNQUFNLE9BQU8sR0FBRyxhQUFhLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDO1lBQ2hFLE1BQU0sSUFBSSw4QkFBaUIsQ0FBQyxPQUFPLENBQUMsQ0FBQztTQUN0QztRQUNELE1BQU0sRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLEdBQUcsc0JBQXNCLENBQUM7UUFDL0MsK0VBQStFO1FBQy9FLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsOEJBQThCLElBQUksSUFBSSxLQUFLLFNBQVMsRUFBRTtZQUM3RSxJQUFJLEtBQUssQ0FBQyxVQUFVLEVBQUU7Z0JBQ3BCLE1BQU0sSUFBSSwyQkFBYyxDQUFDLG9CQUFvQixLQUFLLENBQUMsU0FBUyxpQkFBaUIsQ0FBQyxDQUFDO2FBQ2hGO1lBQ0QsaURBQWlEO1lBQ2pELHFEQUFxRDtZQUNyRCxNQUFNLENBQUMsR0FBRyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDO1lBQzNELElBQUksQ0FBQyxDQUFDLEVBQUU7Z0JBQ04sTUFBTSxJQUFJLDJCQUFjLENBQUMsaUNBQWlDLENBQUMsQ0FBQzthQUM3RDtZQUNELE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUM3QixJQUFJLEtBQUssR0FBRyxDQUFDLEVBQUU7Z0JBQ2IsTUFBTSxJQUFJLDJCQUFjLENBQUMseUNBQXlDLENBQUMsQ0FBQzthQUNyRTtTQUNGO1FBQ0QsSUFBSSxJQUFJLEtBQUssU0FBUyxFQUFFO1lBQ3RCLElBQUksS0FBSyxDQUFDLFVBQVUsRUFBRTtnQkFDcEIsTUFBTSxJQUFJLDJCQUFjLENBQUMsb0JBQW9CLEtBQUssQ0FBQyxTQUFTLGlCQUFpQixDQUFDLENBQUM7YUFDaEY7WUFDRCxJQUFJLEtBQUssQ0FBQyxZQUFZLEVBQUU7Z0JBQ3RCLE1BQU0sSUFBSSwyQkFBYyxDQUFDLHFCQUFxQixLQUFLLENBQUMsU0FBUyxpQkFBaUIsQ0FBQyxDQUFDO2FBQ2pGO1NBQ0Y7UUFDRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTSxLQUFLLENBQUMseUJBQXlCLENBQUMsR0FBa0IsRUFBRSxJQUFnQjtRQUV6RSxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxzQkFBc0IsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDdkYsTUFBTSxVQUFVLEdBQUcsV0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLEtBQUssSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25FLElBQUksQ0FBQyxVQUFVLEVBQUU7WUFDZixNQUFNLEtBQUssR0FBRyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUN0RCxNQUFNLElBQUksMkJBQWMsQ0FBQyxJQUFJLElBQUksQ0FBQyxJQUFJLDhCQUE4QixHQUFHLENBQUMsUUFBUSxrQ0FBa0MsS0FBSyxHQUFHLENBQUMsQ0FBQztTQUM3SDtJQUNILENBQUM7SUFFTSxLQUFLLENBQUMsb0JBQW9CLENBQUMsS0FBYSxFQUFFLElBQWdCO1FBQy9ELE1BQU0sY0FBYyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBQzVDLElBQUksY0FBYyxDQUFDLDJCQUEyQixFQUFFO1lBQzlDLE9BQU87U0FDUjtRQUNELE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxNQUFNLElBQUksY0FBYyxDQUFDLFdBQVcsQ0FBQztRQUM5RCxJQUFJLENBQUMsS0FBSyxFQUFFO1lBQ1YsTUFBTSxJQUFJLDJCQUFjLENBQUMsMENBQTBDLFdBQVcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1NBQy9GO1FBQ0QsSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEVBQUU7WUFDaEMsTUFBTSxJQUFJLDJCQUFjLENBQUMsVUFBVSxLQUFLLDhCQUE4QixXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztTQUNsRztJQUNILENBQUM7SUFFTSxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQWU7UUFDbEMsTUFBTSxzQkFBc0IsR0FBRyxNQUFNLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN6RSxJQUFJLENBQUMsc0JBQXNCO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFDMUMsTUFBTSxFQUFFLElBQUksRUFBRSxLQUFLLEVBQUUsR0FBRyxzQkFBc0IsQ0FBQztRQUMvQyxJQUFJLEtBQUssQ0FBQyxVQUFVO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFDbkMsT0FBTyxJQUFJLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQztJQUNsRCxDQUFDO0NBQ0YsQ0FBQTtBQXZLQztJQUFDLElBQUEsYUFBTSxHQUFFOzhCQUN3QiwrQkFBYzt1REFBQztBQUNoRDtJQUFDLElBQUEsYUFBTSxHQUFFOzhCQUMyQixxQ0FBaUI7MERBQUM7QUFDdEQ7SUFBQyxJQUFBLGFBQU0sR0FBRTs7K0NBQzZCO0FBQ3RDO0lBQUMsSUFBQSxhQUFNLEdBQUU7OytDQUNtQjtBQUM1QjtJQUFDLElBQUEsYUFBTSxHQUFFOzhCQUNnQywrQ0FBc0I7K0RBQUM7QUFDaEU7SUFBQyxJQUFBLGFBQU0sR0FBRTs4QkFDc0IsMkJBQVk7cURBQUM7QUFaakMsZUFBZTtJQUozQixJQUFBLG1CQUFZLEVBQUM7UUFDWiw2QkFBNkI7UUFDN0IsV0FBVyxFQUFFLGtCQUFXLENBQUMsT0FBTztLQUNqQyxDQUFDO0dBQ1csZUFBZSxDQXdLM0I7QUF4S1ksMENBQWUifQ==
|
|
@@ -8,7 +8,20 @@ declare const TokenOptionsRule: import("@sinclair/typebox").TObject<{
|
|
|
8
8
|
cidr_whitelist: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
9
9
|
}>;
|
|
10
10
|
type TokenOptions = Static<typeof TokenOptionsRule>;
|
|
11
|
+
declare const GranularTokenOptionsRule: import("@sinclair/typebox").TObject<{
|
|
12
|
+
automation: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
|
|
13
|
+
readonly: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
|
|
14
|
+
cidr_whitelist: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
15
|
+
name: import("@sinclair/typebox").TString;
|
|
16
|
+
description: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
17
|
+
allowedScopes: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
18
|
+
allowedPackages: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
19
|
+
expires: import("@sinclair/typebox").TNumber;
|
|
20
|
+
}>;
|
|
21
|
+
type GranularTokenOptions = Static<typeof GranularTokenOptionsRule>;
|
|
11
22
|
export declare class TokenController extends AbstractController {
|
|
23
|
+
private readonly authAdapter;
|
|
24
|
+
private readonly tokenService;
|
|
12
25
|
createToken(ctx: EggContext, tokenOptions: TokenOptions): Promise<{
|
|
13
26
|
token: string | undefined;
|
|
14
27
|
key: string;
|
|
@@ -34,5 +47,36 @@ export declare class TokenController extends AbstractController {
|
|
|
34
47
|
total: number;
|
|
35
48
|
urls: {};
|
|
36
49
|
}>;
|
|
50
|
+
private ensureWebUser;
|
|
51
|
+
createGranularToken(ctx: EggContext, tokenOptions: GranularTokenOptions): Promise<{
|
|
52
|
+
name: string | undefined;
|
|
53
|
+
token: string | undefined;
|
|
54
|
+
key: string;
|
|
55
|
+
cidr_whitelist: string[];
|
|
56
|
+
readonly: boolean;
|
|
57
|
+
automation: boolean;
|
|
58
|
+
allowedPackages: string[] | undefined;
|
|
59
|
+
allowedScopes: string[] | undefined;
|
|
60
|
+
created: Date;
|
|
61
|
+
updated: Date;
|
|
62
|
+
}>;
|
|
63
|
+
listGranularTokens(): Promise<{
|
|
64
|
+
objects: {
|
|
65
|
+
name: string | undefined;
|
|
66
|
+
description: string | undefined;
|
|
67
|
+
allowedPackages: string[] | undefined;
|
|
68
|
+
allowedScopes: string[] | undefined;
|
|
69
|
+
expiredAt: Date | undefined;
|
|
70
|
+
token: string;
|
|
71
|
+
key: string;
|
|
72
|
+
cidr_whitelist: string[];
|
|
73
|
+
readonly: boolean;
|
|
74
|
+
created: Date;
|
|
75
|
+
updated: Date;
|
|
76
|
+
}[];
|
|
77
|
+
total: number;
|
|
78
|
+
urls: {};
|
|
79
|
+
}>;
|
|
80
|
+
removeGranularToken(tokenKey: string): Promise<void>;
|
|
37
81
|
}
|
|
38
82
|
export {};
|
|
@@ -14,9 +14,13 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.TokenController = void 0;
|
|
16
16
|
const egg_errors_1 = require("egg-errors");
|
|
17
|
+
const AuthAdapter_1 = require("../../infra/AuthAdapter");
|
|
17
18
|
const tegg_1 = require("@eggjs/tegg");
|
|
18
19
|
const typebox_1 = require("@sinclair/typebox");
|
|
19
20
|
const AbstractController_1 = require("./AbstractController");
|
|
21
|
+
const Token_1 = require("../../core/entity/Token");
|
|
22
|
+
const TokenService_1 = require("../../../app/core/service/TokenService");
|
|
23
|
+
const PackageUtil_1 = require("../../../app/common/PackageUtil");
|
|
20
24
|
// Creating and viewing access tokens
|
|
21
25
|
// https://docs.npmjs.com/creating-and-viewing-access-tokens#viewing-access-tokens
|
|
22
26
|
const TokenOptionsRule = typebox_1.Type.Object({
|
|
@@ -26,6 +30,16 @@ const TokenOptionsRule = typebox_1.Type.Object({
|
|
|
26
30
|
// only allow 10 ip for now
|
|
27
31
|
cidr_whitelist: typebox_1.Type.Optional(typebox_1.Type.Array(typebox_1.Type.String({ maxLength: 100 }), { maxItems: 10 })),
|
|
28
32
|
});
|
|
33
|
+
const GranularTokenOptionsRule = typebox_1.Type.Object({
|
|
34
|
+
automation: typebox_1.Type.Optional(typebox_1.Type.Boolean()),
|
|
35
|
+
readonly: typebox_1.Type.Optional(typebox_1.Type.Boolean()),
|
|
36
|
+
cidr_whitelist: typebox_1.Type.Optional(typebox_1.Type.Array(typebox_1.Type.String({ maxLength: 100 }), { maxItems: 10 })),
|
|
37
|
+
name: typebox_1.Type.String({ maxLength: 255 }),
|
|
38
|
+
description: typebox_1.Type.Optional(typebox_1.Type.String({ maxLength: 255 })),
|
|
39
|
+
allowedScopes: typebox_1.Type.Optional(typebox_1.Type.Array(typebox_1.Type.String({ maxLength: 100 }), { maxItems: 50 })),
|
|
40
|
+
allowedPackages: typebox_1.Type.Optional(typebox_1.Type.Array(typebox_1.Type.String({ maxLength: 100 }), { maxItems: 50 })),
|
|
41
|
+
expires: typebox_1.Type.Number({ minimum: 1, maximum: 365 }),
|
|
42
|
+
});
|
|
29
43
|
let TokenController = class TokenController extends AbstractController_1.AbstractController {
|
|
30
44
|
// https://github.com/npm/npm-profile/blob/main/lib/index.js#L233
|
|
31
45
|
async createToken(ctx, tokenOptions) {
|
|
@@ -83,7 +97,8 @@ let TokenController = class TokenController extends AbstractController_1.Abstrac
|
|
|
83
97
|
// "total": 2,
|
|
84
98
|
// "urls": {}
|
|
85
99
|
// }
|
|
86
|
-
const objects = tokens.
|
|
100
|
+
const objects = tokens.filter(token => !(0, Token_1.isGranularToken)(token))
|
|
101
|
+
.map(token => {
|
|
87
102
|
return {
|
|
88
103
|
token: token.tokenMark,
|
|
89
104
|
key: token.tokenKey,
|
|
@@ -97,7 +112,93 @@ let TokenController = class TokenController extends AbstractController_1.Abstrac
|
|
|
97
112
|
// TODO: paging, urls: { next: string }
|
|
98
113
|
return { objects, total: objects.length, urls: {} };
|
|
99
114
|
}
|
|
115
|
+
async ensureWebUser() {
|
|
116
|
+
const userRes = await this.authAdapter.ensureCurrentUser();
|
|
117
|
+
if (!userRes?.name || !userRes?.email) {
|
|
118
|
+
throw new egg_errors_1.ForbiddenError('need login first');
|
|
119
|
+
}
|
|
120
|
+
const user = await this.userService.findUserByName(userRes.name);
|
|
121
|
+
if (!user?.userId) {
|
|
122
|
+
throw new egg_errors_1.ForbiddenError('invalid user info');
|
|
123
|
+
}
|
|
124
|
+
return user;
|
|
125
|
+
}
|
|
126
|
+
// Create granular access token through HTTP interface
|
|
127
|
+
// https://docs.npmjs.com/about-access-tokens#about-granular-access-tokens
|
|
128
|
+
// Mainly has the following limitations:
|
|
129
|
+
// 1. Need to submit token name and expires
|
|
130
|
+
// 2. Optional to submit description, allowScopes, allowPackages information
|
|
131
|
+
// 3. Need to implement ensureCurrentUser method in AuthAdapter, or pass in this.user
|
|
132
|
+
async createGranularToken(ctx, tokenOptions) {
|
|
133
|
+
ctx.tValidate(GranularTokenOptionsRule, tokenOptions);
|
|
134
|
+
const user = await this.ensureWebUser();
|
|
135
|
+
// 生成 Token
|
|
136
|
+
const { name, description, allowedPackages, allowedScopes, cidr_whitelist, automation, readonly, expires } = tokenOptions;
|
|
137
|
+
const token = await this.userService.createToken(user.userId, {
|
|
138
|
+
name,
|
|
139
|
+
type: Token_1.TokenType.granular,
|
|
140
|
+
description,
|
|
141
|
+
allowedPackages,
|
|
142
|
+
allowedScopes,
|
|
143
|
+
isAutomation: automation,
|
|
144
|
+
isReadonly: readonly,
|
|
145
|
+
cidrWhitelist: cidr_whitelist,
|
|
146
|
+
expires,
|
|
147
|
+
});
|
|
148
|
+
return {
|
|
149
|
+
name: token.name,
|
|
150
|
+
token: token.token,
|
|
151
|
+
key: token.tokenKey,
|
|
152
|
+
cidr_whitelist: token.cidrWhitelist,
|
|
153
|
+
readonly: token.isReadonly,
|
|
154
|
+
automation: token.isAutomation,
|
|
155
|
+
allowedPackages: token.allowedPackages,
|
|
156
|
+
allowedScopes: token.allowedScopes,
|
|
157
|
+
created: token.createdAt,
|
|
158
|
+
updated: token.updatedAt,
|
|
159
|
+
};
|
|
160
|
+
}
|
|
161
|
+
async listGranularTokens() {
|
|
162
|
+
const user = await this.ensureWebUser();
|
|
163
|
+
const tokens = await this.userRepository.listTokens(user.userId);
|
|
164
|
+
const granularTokens = tokens.filter(token => (0, Token_1.isGranularToken)(token));
|
|
165
|
+
for (const token of granularTokens) {
|
|
166
|
+
const packages = await this.tokenService.listTokenPackages(token);
|
|
167
|
+
if (Array.isArray(packages)) {
|
|
168
|
+
token.allowedPackages = packages.map(p => (0, PackageUtil_1.getFullname)(p.scope, p.name));
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
const objects = granularTokens.map(token => {
|
|
172
|
+
const { name, description, expiredAt, allowedPackages, allowedScopes } = token;
|
|
173
|
+
return {
|
|
174
|
+
name,
|
|
175
|
+
description,
|
|
176
|
+
allowedPackages,
|
|
177
|
+
allowedScopes,
|
|
178
|
+
expiredAt,
|
|
179
|
+
token: token.tokenMark,
|
|
180
|
+
key: token.tokenKey,
|
|
181
|
+
cidr_whitelist: token.cidrWhitelist,
|
|
182
|
+
readonly: token.isReadonly,
|
|
183
|
+
created: token.createdAt,
|
|
184
|
+
updated: token.updatedAt,
|
|
185
|
+
};
|
|
186
|
+
});
|
|
187
|
+
return { objects, total: granularTokens.length, urls: {} };
|
|
188
|
+
}
|
|
189
|
+
async removeGranularToken(tokenKey) {
|
|
190
|
+
const user = await this.ensureWebUser();
|
|
191
|
+
await this.userService.removeToken(user.userId, tokenKey);
|
|
192
|
+
}
|
|
100
193
|
};
|
|
194
|
+
__decorate([
|
|
195
|
+
(0, tegg_1.Inject)(),
|
|
196
|
+
__metadata("design:type", AuthAdapter_1.AuthAdapter)
|
|
197
|
+
], TokenController.prototype, "authAdapter", void 0);
|
|
198
|
+
__decorate([
|
|
199
|
+
(0, tegg_1.Inject)(),
|
|
200
|
+
__metadata("design:type", TokenService_1.TokenService)
|
|
201
|
+
], TokenController.prototype, "tokenService", void 0);
|
|
101
202
|
__decorate([
|
|
102
203
|
(0, tegg_1.HTTPMethod)({
|
|
103
204
|
path: '/-/npm/v1/tokens',
|
|
@@ -130,8 +231,45 @@ __decorate([
|
|
|
130
231
|
__metadata("design:paramtypes", [Object]),
|
|
131
232
|
__metadata("design:returntype", Promise)
|
|
132
233
|
], TokenController.prototype, "listTokens", null);
|
|
234
|
+
__decorate([
|
|
235
|
+
(0, tegg_1.HTTPMethod)({
|
|
236
|
+
path: '/-/npm/v1/tokens/gat',
|
|
237
|
+
method: tegg_1.HTTPMethodEnum.POST,
|
|
238
|
+
})
|
|
239
|
+
// Create granular access token through HTTP interface
|
|
240
|
+
// https://docs.npmjs.com/about-access-tokens#about-granular-access-tokens
|
|
241
|
+
// Mainly has the following limitations:
|
|
242
|
+
// 1. Need to submit token name and expires
|
|
243
|
+
// 2. Optional to submit description, allowScopes, allowPackages information
|
|
244
|
+
// 3. Need to implement ensureCurrentUser method in AuthAdapter, or pass in this.user
|
|
245
|
+
,
|
|
246
|
+
__param(0, (0, tegg_1.Context)()),
|
|
247
|
+
__param(1, (0, tegg_1.HTTPBody)()),
|
|
248
|
+
__metadata("design:type", Function),
|
|
249
|
+
__metadata("design:paramtypes", [Object, Object]),
|
|
250
|
+
__metadata("design:returntype", Promise)
|
|
251
|
+
], TokenController.prototype, "createGranularToken", null);
|
|
252
|
+
__decorate([
|
|
253
|
+
(0, tegg_1.HTTPMethod)({
|
|
254
|
+
path: '/-/npm/v1/tokens/gat',
|
|
255
|
+
method: tegg_1.HTTPMethodEnum.GET,
|
|
256
|
+
}),
|
|
257
|
+
__metadata("design:type", Function),
|
|
258
|
+
__metadata("design:paramtypes", []),
|
|
259
|
+
__metadata("design:returntype", Promise)
|
|
260
|
+
], TokenController.prototype, "listGranularTokens", null);
|
|
261
|
+
__decorate([
|
|
262
|
+
(0, tegg_1.HTTPMethod)({
|
|
263
|
+
path: '/-/npm/v1/tokens/gat/:tokenKey',
|
|
264
|
+
method: tegg_1.HTTPMethodEnum.DELETE,
|
|
265
|
+
}),
|
|
266
|
+
__param(0, (0, tegg_1.HTTPParam)()),
|
|
267
|
+
__metadata("design:type", Function),
|
|
268
|
+
__metadata("design:paramtypes", [String]),
|
|
269
|
+
__metadata("design:returntype", Promise)
|
|
270
|
+
], TokenController.prototype, "removeGranularToken", null);
|
|
133
271
|
TokenController = __decorate([
|
|
134
272
|
(0, tegg_1.HTTPController)()
|
|
135
273
|
], TokenController);
|
|
136
274
|
exports.TokenController = TokenController;
|
|
137
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
275
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVG9rZW5Db250cm9sbGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vYXBwL3BvcnQvY29udHJvbGxlci9Ub2tlbkNvbnRyb2xsZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMkNBQStEO0FBQy9ELHlEQUFzRDtBQUN0RCxzQ0FTcUI7QUFDckIsK0NBQWlEO0FBQ2pELDZEQUEwRDtBQUMxRCxtREFBcUU7QUFDckUseUVBQXNFO0FBQ3RFLGlFQUE4RDtBQUU5RCxxQ0FBcUM7QUFDckMsa0ZBQWtGO0FBRWxGLE1BQU0sZ0JBQWdCLEdBQUcsY0FBSSxDQUFDLE1BQU0sQ0FBQztJQUNuQyxRQUFRLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxDQUFDLEVBQUUsU0FBUyxFQUFFLEdBQUcsRUFBRSxDQUFDO0lBQ3ZELFFBQVEsRUFBRSxjQUFJLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztJQUN2QyxVQUFVLEVBQUUsY0FBSSxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDekMsMkJBQTJCO0lBQzNCLGNBQWMsRUFBRSxjQUFJLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxLQUFLLENBQUMsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsQ0FBQyxFQUFFLEVBQUUsUUFBUSxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7Q0FDN0YsQ0FBQyxDQUFDO0FBR0gsTUFBTSx3QkFBd0IsR0FBRyxjQUFJLENBQUMsTUFBTSxDQUFDO0lBQzNDLFVBQVUsRUFBRSxjQUFJLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztJQUN6QyxRQUFRLEVBQUUsY0FBSSxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDdkMsY0FBYyxFQUFFLGNBQUksQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLEtBQUssQ0FBQyxjQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsU0FBUyxFQUFFLEdBQUcsRUFBRSxDQUFDLEVBQUUsRUFBRSxRQUFRLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM1RixJQUFJLEVBQUUsY0FBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsQ0FBQztJQUNyQyxXQUFXLEVBQUUsY0FBSSxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsU0FBUyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7SUFDM0QsYUFBYSxFQUFFLGNBQUksQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLEtBQUssQ0FBQyxjQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsU0FBUyxFQUFFLEdBQUcsRUFBRSxDQUFDLEVBQUUsRUFBRSxRQUFRLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUMzRixlQUFlLEVBQUUsY0FBSSxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsS0FBSyxDQUFDLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLENBQUMsRUFBRSxFQUFFLFFBQVEsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQzdGLE9BQU8sRUFBRSxjQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsT0FBTyxFQUFFLENBQUMsRUFBRSxPQUFPLEVBQUUsR0FBRyxFQUFFLENBQUM7Q0FDbkQsQ0FBQyxDQUFDO0FBSUksSUFBTSxlQUFlLEdBQXJCLE1BQU0sZUFBZ0IsU0FBUSx1Q0FBa0I7SUFLckQsaUVBQWlFO0lBSzNELEFBQU4sS0FBSyxDQUFDLFdBQVcsQ0FBWSxHQUFlLEVBQWMsWUFBMEI7UUFDbEYsTUFBTSxjQUFjLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLHNCQUFzQixDQUFDLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUN6RixHQUFHLENBQUMsU0FBUyxDQUFDLGdCQUFnQixFQUFFLFlBQVksQ0FBQyxDQUFDO1FBRTlDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLGFBQWEsQ0FBQyxjQUFjLEVBQUUsWUFBWSxDQUFDLFFBQVEsQ0FBQyxFQUFFO1lBQzFFLE1BQU0sSUFBSSw4QkFBaUIsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1NBQ2pEO1FBRUQsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFO1lBQ3RFLFVBQVUsRUFBRSxZQUFZLENBQUMsUUFBUTtZQUNqQyxZQUFZLEVBQUUsWUFBWSxDQUFDLFVBQVU7WUFDckMsYUFBYSxFQUFFLFlBQVksQ0FBQyxjQUFjO1NBQzNDLENBQUMsQ0FBQztRQUNILE9BQU87WUFDTCxLQUFLLEVBQUUsS0FBSyxDQUFDLEtBQUs7WUFDbEIsR0FBRyxFQUFFLEtBQUssQ0FBQyxRQUFRO1lBQ25CLGNBQWMsRUFBRSxLQUFLLENBQUMsYUFBYTtZQUNuQyxRQUFRLEVBQUUsS0FBSyxDQUFDLFVBQVU7WUFDMUIsVUFBVSxFQUFFLEtBQUssQ0FBQyxZQUFZO1lBQzlCLE9BQU8sRUFBRSxLQUFLLENBQUMsU0FBUztZQUN4QixPQUFPLEVBQUUsS0FBSyxDQUFDLFNBQVM7U0FDekIsQ0FBQztJQUNKLENBQUM7SUFFRCxpRUFBaUU7SUFLM0QsQUFBTixLQUFLLENBQUMsV0FBVyxDQUFZLEdBQWUsRUFBZSxRQUFnQjtRQUN6RSxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsc0JBQXNCLENBQUMsR0FBRyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQ3pGLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FBQztRQUNwRSxPQUFPLEVBQUUsRUFBRSxFQUFFLElBQUksRUFBRSxDQUFDO0lBQ3RCLENBQUM7SUFFRCxpRUFBaUU7SUFLM0QsQUFBTixLQUFLLENBQUMsVUFBVSxDQUFZLEdBQWU7UUFDekMsSUFBSTtRQUNKLDJFQUEyRTtRQUMzRSw0QkFBNEI7UUFDNUIseUNBQXlDO1FBQ3pDLG1CQUFtQjtRQUNuQix1Q0FBdUM7UUFDdkMsNEJBQTRCO1FBQzVCLDZCQUE2QjtRQUM3QixJQUFJO1FBQ0osTUFBTSxjQUFjLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLHNCQUFzQixDQUFDLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUN6RixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMzRSxJQUFJO1FBQ0osaUJBQWlCO1FBQ2pCLFFBQVE7UUFDUiwyQkFBMkI7UUFDM0IsbUpBQW1KO1FBQ25KLGdDQUFnQztRQUNoQywyQkFBMkI7UUFDM0IsNkJBQTZCO1FBQzdCLCtDQUErQztRQUMvQyw4Q0FBOEM7UUFDOUMsUUFBUTtRQUNSLE9BQU87UUFDUCxnQkFBZ0I7UUFDaEIsZUFBZTtRQUNmLElBQUk7UUFDSixNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQyxJQUFBLHVCQUFlLEVBQUMsS0FBSyxDQUFDLENBQUM7YUFDNUQsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFO1lBQ1gsT0FBTztnQkFDTCxLQUFLLEVBQUUsS0FBSyxDQUFDLFNBQVM7Z0JBQ3RCLEdBQUcsRUFBRSxLQUFLLENBQUMsUUFBUTtnQkFDbkIsY0FBYyxFQUFFLEtBQUssQ0FBQyxhQUFhO2dCQUNuQyxRQUFRLEVBQUUsS0FBSyxDQUFDLFVBQVU7Z0JBQzFCLFVBQVUsRUFBRSxLQUFLLENBQUMsWUFBWTtnQkFDOUIsT0FBTyxFQUFFLEtBQUssQ0FBQyxTQUFTO2dCQUN4QixPQUFPLEVBQUUsS0FBSyxDQUFDLFNBQVM7YUFDekIsQ0FBQztRQUNKLENBQUMsQ0FBQyxDQUFDO1FBQ0wsdUNBQXVDO1FBQ3ZDLE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLE9BQU8sQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBQ3RELENBQUM7SUFFTyxLQUFLLENBQUMsYUFBYTtRQUN6QixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztRQUMzRCxJQUFJLENBQUMsT0FBTyxFQUFFLElBQUksSUFBSSxDQUFDLE9BQU8sRUFBRSxLQUFLLEVBQUU7WUFDckMsTUFBTSxJQUFJLDJCQUFjLENBQUMsa0JBQWtCLENBQUMsQ0FBQztTQUM5QztRQUNELE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ2pFLElBQUksQ0FBQyxJQUFJLEVBQUUsTUFBTSxFQUFFO1lBQ2pCLE1BQU0sSUFBSSwyQkFBYyxDQUFDLG1CQUFtQixDQUFDLENBQUM7U0FDL0M7UUFDRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFZSyxBQU5OLHNEQUFzRDtJQUN0RCwwRUFBMEU7SUFDMUUsd0NBQXdDO0lBQ3hDLDJDQUEyQztJQUMzQyw0RUFBNEU7SUFDNUUscUZBQXFGO0lBQ3JGLEtBQUssQ0FBQyxtQkFBbUIsQ0FBWSxHQUFlLEVBQWMsWUFBa0M7UUFDbEcsR0FBRyxDQUFDLFNBQVMsQ0FBQyx3QkFBd0IsRUFBRSxZQUFZLENBQUMsQ0FBQztRQUN0RCxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUV4QyxXQUFXO1FBQ1gsTUFBTSxFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsZUFBZSxFQUFFLGFBQWEsRUFBRSxjQUFjLEVBQUUsVUFBVSxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsR0FBRyxZQUFZLENBQUM7UUFDMUgsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO1lBQzVELElBQUk7WUFDSixJQUFJLEVBQUUsaUJBQVMsQ0FBQyxRQUFRO1lBQ3hCLFdBQVc7WUFDWCxlQUFlO1lBQ2YsYUFBYTtZQUNiLFlBQVksRUFBRSxVQUFVO1lBQ3hCLFVBQVUsRUFBRSxRQUFRO1lBQ3BCLGFBQWEsRUFBRSxjQUFjO1lBQzdCLE9BQU87U0FDUixDQUFDLENBQUM7UUFFSCxPQUFPO1lBQ0wsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO1lBQ2hCLEtBQUssRUFBRSxLQUFLLENBQUMsS0FBSztZQUNsQixHQUFHLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDbkIsY0FBYyxFQUFFLEtBQUssQ0FBQyxhQUFhO1lBQ25DLFFBQVEsRUFBRSxLQUFLLENBQUMsVUFBVTtZQUMxQixVQUFVLEVBQUUsS0FBSyxDQUFDLFlBQVk7WUFDOUIsZUFBZSxFQUFFLEtBQUssQ0FBQyxlQUFlO1lBQ3RDLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYTtZQUNsQyxPQUFPLEVBQUUsS0FBSyxDQUFDLFNBQVM7WUFDeEIsT0FBTyxFQUFFLEtBQUssQ0FBQyxTQUFTO1NBQ3pCLENBQUM7SUFDSixDQUFDO0lBTUssQUFBTixLQUFLLENBQUMsa0JBQWtCO1FBQ3RCLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ3hDLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2pFLE1BQU0sY0FBYyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFBLHVCQUFlLEVBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUV0RSxLQUFLLE1BQU0sS0FBSyxJQUFJLGNBQWMsRUFBRTtZQUNsQyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsaUJBQWlCLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDbEUsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxFQUFFO2dCQUMzQixLQUFLLENBQUMsZUFBZSxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxJQUFBLHlCQUFXLEVBQUMsQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQzthQUN6RTtTQUNGO1FBQ0QsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRTtZQUN6QyxNQUFNLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxTQUFTLEVBQUUsZUFBZSxFQUFFLGFBQWEsRUFBRSxHQUFHLEtBQUssQ0FBQztZQUMvRSxPQUFPO2dCQUNMLElBQUk7Z0JBQ0osV0FBVztnQkFDWCxlQUFlO2dCQUNmLGFBQWE7Z0JBQ2IsU0FBUztnQkFDVCxLQUFLLEVBQUUsS0FBSyxDQUFDLFNBQVM7Z0JBQ3RCLEdBQUcsRUFBRSxLQUFLLENBQUMsUUFBUTtnQkFDbkIsY0FBYyxFQUFFLEtBQUssQ0FBQyxhQUFhO2dCQUNuQyxRQUFRLEVBQUUsS0FBSyxDQUFDLFVBQVU7Z0JBQzFCLE9BQU8sRUFBRSxLQUFLLENBQUMsU0FBUztnQkFDeEIsT0FBTyxFQUFFLEtBQUssQ0FBQyxTQUFTO2FBQ3pCLENBQUM7UUFDSixDQUFDLENBQUMsQ0FBQztRQUNILE9BQU8sRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLGNBQWMsQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBQzdELENBQUM7SUFNSyxBQUFOLEtBQUssQ0FBQyxtQkFBbUIsQ0FBYyxRQUFnQjtRQUNyRCxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUN4QyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDNUQsQ0FBQztDQUNGLENBQUE7QUE1TEM7SUFBQyxJQUFBLGFBQU0sR0FBRTs4QkFDcUIseUJBQVc7b0RBQUM7QUFDMUM7SUFBQyxJQUFBLGFBQU0sR0FBRTs4QkFDc0IsMkJBQVk7cURBQUM7QUFNdEM7SUFKTCxJQUFBLGlCQUFVLEVBQUM7UUFDVixJQUFJLEVBQUUsa0JBQWtCO1FBQ3hCLE1BQU0sRUFBRSxxQkFBYyxDQUFDLElBQUk7S0FDNUIsQ0FBQztJQUNpQixXQUFBLElBQUEsY0FBTyxHQUFFLENBQUE7SUFBbUIsV0FBQSxJQUFBLGVBQVEsR0FBRSxDQUFBOzs7O2tEQXNCeEQ7QUFPSztJQUpMLElBQUEsaUJBQVUsRUFBQztRQUNWLElBQUksRUFBRSxrQ0FBa0M7UUFDeEMsTUFBTSxFQUFFLHFCQUFjLENBQUMsTUFBTTtLQUM5QixDQUFDO0lBQ2lCLFdBQUEsSUFBQSxjQUFPLEdBQUUsQ0FBQTtJQUFtQixXQUFBLElBQUEsZ0JBQVMsR0FBRSxDQUFBOzs7O2tEQUl6RDtBQU9LO0lBSkwsSUFBQSxpQkFBVSxFQUFDO1FBQ1YsSUFBSSxFQUFFLGtCQUFrQjtRQUN4QixNQUFNLEVBQUUscUJBQWMsQ0FBQyxHQUFHO0tBQzNCLENBQUM7SUFDZ0IsV0FBQSxJQUFBLGNBQU8sR0FBRSxDQUFBOzs7O2lEQXlDMUI7QUF3Qks7SUFWTCxJQUFBLGlCQUFVLEVBQUM7UUFDVixJQUFJLEVBQUUsc0JBQXNCO1FBQzVCLE1BQU0sRUFBRSxxQkFBYyxDQUFDLElBQUk7S0FDNUIsQ0FBQztJQUNGLHNEQUFzRDtJQUN0RCwwRUFBMEU7SUFDMUUsd0NBQXdDO0lBQ3hDLDJDQUEyQztJQUMzQyw0RUFBNEU7SUFDNUUscUZBQXFGOztJQUMxRCxXQUFBLElBQUEsY0FBTyxHQUFFLENBQUE7SUFBbUIsV0FBQSxJQUFBLGVBQVEsR0FBRSxDQUFBOzs7OzBEQThCaEU7QUFNSztJQUpMLElBQUEsaUJBQVUsRUFBQztRQUNWLElBQUksRUFBRSxzQkFBc0I7UUFDNUIsTUFBTSxFQUFFLHFCQUFjLENBQUMsR0FBRztLQUMzQixDQUFDOzs7O3lEQTZCRDtBQU1LO0lBSkwsSUFBQSxpQkFBVSxFQUFDO1FBQ1YsSUFBSSxFQUFFLGdDQUFnQztRQUN0QyxNQUFNLEVBQUUscUJBQWMsQ0FBQyxNQUFNO0tBQzlCLENBQUM7SUFDeUIsV0FBQSxJQUFBLGdCQUFTLEdBQUUsQ0FBQTs7OzswREFHckM7QUE1TFUsZUFBZTtJQUQzQixJQUFBLHFCQUFjLEdBQUU7R0FDSixlQUFlLENBNkwzQjtBQTdMWSwwQ0FBZSJ9
|
|
@@ -5,6 +5,8 @@ import { AbstractRepository } from './AbstractRepository';
|
|
|
5
5
|
export declare class UserRepository extends AbstractRepository {
|
|
6
6
|
private readonly User;
|
|
7
7
|
private readonly Token;
|
|
8
|
+
private readonly TokenPackage;
|
|
9
|
+
private readonly packageRepository;
|
|
8
10
|
private readonly WebauthnCredential;
|
|
9
11
|
saveUser(user: UserEntity): Promise<void>;
|
|
10
12
|
findUserByName(name: string): Promise<UserEntity | null>;
|
|
@@ -16,6 +16,8 @@ const User_1 = require("../core/entity/User");
|
|
|
16
16
|
const Token_1 = require("../core/entity/Token");
|
|
17
17
|
const WebauthnCredential_1 = require("../core/entity/WebauthnCredential");
|
|
18
18
|
const AbstractRepository_1 = require("./AbstractRepository");
|
|
19
|
+
const PackageUtil_1 = require("../common/PackageUtil");
|
|
20
|
+
const PackageRepository_1 = require("./PackageRepository");
|
|
19
21
|
let UserRepository = class UserRepository extends AbstractRepository_1.AbstractRepository {
|
|
20
22
|
async saveUser(user) {
|
|
21
23
|
if (user.id) {
|
|
@@ -60,20 +62,43 @@ let UserRepository = class UserRepository extends AbstractRepository_1.AbstractR
|
|
|
60
62
|
return ModelConvertor_1.ModelConvertor.convertModelToEntity(model, Token_1.Token);
|
|
61
63
|
}
|
|
62
64
|
async saveToken(token) {
|
|
65
|
+
// create
|
|
66
|
+
let model;
|
|
67
|
+
// update
|
|
63
68
|
if (token.id) {
|
|
64
|
-
const
|
|
65
|
-
if (!
|
|
69
|
+
const res = await this.Token.findOne({ id: token.id });
|
|
70
|
+
if (!res)
|
|
66
71
|
return;
|
|
72
|
+
model = res;
|
|
67
73
|
await ModelConvertor_1.ModelConvertor.saveEntityToModel(token, model);
|
|
68
74
|
}
|
|
69
75
|
else {
|
|
70
|
-
|
|
76
|
+
if ((0, Token_1.isGranularToken)(token)) {
|
|
77
|
+
await this.TokenPackage.transaction(async (transaction) => {
|
|
78
|
+
model = await ModelConvertor_1.ModelConvertor.convertEntityToModel(token, this.Token, transaction);
|
|
79
|
+
if (Array.isArray(token.allowedPackages)) {
|
|
80
|
+
for (const packageName of token.allowedPackages) {
|
|
81
|
+
const [scope, name] = (0, PackageUtil_1.getScopeAndName)(packageName);
|
|
82
|
+
const packageId = await this.packageRepository.findPackageId(scope, name);
|
|
83
|
+
if (packageId) {
|
|
84
|
+
await this.TokenPackage.create({ packageId, tokenId: token.tokenId }, transaction);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
});
|
|
89
|
+
}
|
|
90
|
+
else {
|
|
91
|
+
model = await ModelConvertor_1.ModelConvertor.convertEntityToModel(token, this.Token);
|
|
92
|
+
}
|
|
71
93
|
this.logger.info('[UserRepository:saveToken:new] id: %s, tokenId: %s', model.id, model.tokenId);
|
|
72
94
|
}
|
|
73
95
|
}
|
|
74
96
|
async removeToken(tokenId) {
|
|
75
|
-
|
|
76
|
-
|
|
97
|
+
await this.Token.transaction(async (transaction) => {
|
|
98
|
+
const removeCount = await this.Token.remove({ tokenId }, true, transaction);
|
|
99
|
+
await this.TokenPackage.remove({ tokenId }, true, transaction);
|
|
100
|
+
this.logger.info('[UserRepository:removeToken:remove] %d rows, tokenId: %s', removeCount, tokenId);
|
|
101
|
+
});
|
|
77
102
|
}
|
|
78
103
|
async listTokens(userId) {
|
|
79
104
|
const models = await this.Token.find({ userId });
|
|
@@ -113,6 +138,14 @@ __decorate([
|
|
|
113
138
|
(0, tegg_1.Inject)(),
|
|
114
139
|
__metadata("design:type", Object)
|
|
115
140
|
], UserRepository.prototype, "Token", void 0);
|
|
141
|
+
__decorate([
|
|
142
|
+
(0, tegg_1.Inject)(),
|
|
143
|
+
__metadata("design:type", Object)
|
|
144
|
+
], UserRepository.prototype, "TokenPackage", void 0);
|
|
145
|
+
__decorate([
|
|
146
|
+
(0, tegg_1.Inject)(),
|
|
147
|
+
__metadata("design:type", PackageRepository_1.PackageRepository)
|
|
148
|
+
], UserRepository.prototype, "packageRepository", void 0);
|
|
116
149
|
__decorate([
|
|
117
150
|
(0, tegg_1.Inject)(),
|
|
118
151
|
__metadata("design:type", Object)
|
|
@@ -123,4 +156,4 @@ UserRepository = __decorate([
|
|
|
123
156
|
})
|
|
124
157
|
], UserRepository);
|
|
125
158
|
exports.UserRepository = UserRepository;
|
|
126
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
159
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVXNlclJlcG9zaXRvcnkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9hcHAvcmVwb3NpdG9yeS9Vc2VyUmVwb3NpdG9yeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7QUFBQSxzQ0FBa0U7QUFDbEUsMERBQXVEO0FBSXZELDhDQUF5RDtBQUN6RCxnREFBNkU7QUFDN0UsMEVBQW1HO0FBQ25HLDZEQUEwRDtBQUUxRCx1REFBd0Q7QUFDeEQsMkRBQXdEO0FBS2pELElBQU0sY0FBYyxHQUFwQixNQUFNLGNBQWUsU0FBUSx1Q0FBa0I7SUFnQnBELEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBZ0I7UUFDN0IsSUFBSSxJQUFJLENBQUMsRUFBRSxFQUFFO1lBQ1gsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUUsRUFBRSxJQUFJLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUN2RCxJQUFJLENBQUMsS0FBSztnQkFBRSxPQUFPO1lBQ25CLE1BQU0sK0JBQWMsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLEVBQUUsS0FBSyxDQUFDLENBQUM7U0FDckQ7YUFBTTtZQUNMLE1BQU0sS0FBSyxHQUFHLE1BQU0sK0JBQWMsQ0FBQyxvQkFBb0IsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ3pFLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGtEQUFrRCxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUUsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1NBQzlGO0lBQ0gsQ0FBQztJQUVELEtBQUssQ0FBQyxjQUFjLENBQUMsSUFBWTtRQUMvQixNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUNoRCxJQUFJLENBQUMsS0FBSztZQUFFLE9BQU8sSUFBSSxDQUFDO1FBQ3hCLE9BQU8sK0JBQWMsQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLEVBQUUsV0FBVSxDQUFDLENBQUM7SUFDaEUsQ0FBQztJQUVELEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFjO1FBQ25DLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsRUFBRSxNQUFNLEVBQUUsQ0FBQyxDQUFDO1FBQ2xELElBQUksQ0FBQyxLQUFLO1lBQUUsT0FBTyxJQUFJLENBQUM7UUFDeEIsT0FBTywrQkFBYyxDQUFDLG9CQUFvQixDQUFDLEtBQUssRUFBRSxXQUFVLENBQUMsQ0FBQztJQUNoRSxDQUFDO0lBRUQsS0FBSyxDQUFDLDBCQUEwQixDQUFDLFFBQWdCO1FBQy9DLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3ZELElBQUksQ0FBQyxLQUFLO1lBQUUsT0FBTyxJQUFJLENBQUM7UUFDeEIsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLE1BQU0sRUFBRSxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsU0FBUztZQUFFLE9BQU8sSUFBSSxDQUFDO1FBQzVCLE9BQU87WUFDTCxLQUFLO1lBQ0wsSUFBSSxFQUFFLCtCQUFjLENBQUMsb0JBQW9CLENBQUMsU0FBUyxFQUFFLFdBQVUsQ0FBQztTQUNqRSxDQUFDO0lBQ0osQ0FBQztJQUVELEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxRQUFnQjtRQUN4QyxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEVBQUUsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUNyRCxJQUFJLENBQUMsS0FBSztZQUFFLE9BQU8sSUFBSSxDQUFDO1FBQ3hCLE9BQU8sK0JBQWMsQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLEVBQUUsYUFBVyxDQUFDLENBQUM7SUFDakUsQ0FBQztJQUVELEtBQUssQ0FBQyxTQUFTLENBQUMsS0FBa0I7UUFDaEMsU0FBUztRQUNULElBQUksS0FBaUIsQ0FBQztRQUN0QixTQUFTO1FBQ1QsSUFBSSxLQUFLLENBQUMsRUFBRSxFQUFFO1lBQ1osTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUN2RCxJQUFJLENBQUMsR0FBRztnQkFBRSxPQUFPO1lBQ2pCLEtBQUssR0FBRyxHQUFHLENBQUM7WUFDWixNQUFNLCtCQUFjLENBQUMsaUJBQWlCLENBQUMsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1NBQ3REO2FBQU07WUFDTCxJQUFJLElBQUEsdUJBQWUsRUFBQyxLQUFLLENBQUMsRUFBRTtnQkFDMUIsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxLQUFLLEVBQUMsV0FBVyxFQUFDLEVBQUU7b0JBQ3RELEtBQUssR0FBRyxNQUFNLCtCQUFjLENBQUMsb0JBQW9CLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxLQUFLLEVBQUUsV0FBVyxDQUFDLENBQUM7b0JBQ2xGLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQUU7d0JBQ3hDLEtBQUssTUFBTSxXQUFXLElBQUksS0FBSyxDQUFDLGVBQWUsRUFBRTs0QkFDL0MsTUFBTSxDQUFFLEtBQUssRUFBRSxJQUFJLENBQUUsR0FBRyxJQUFBLDZCQUFlLEVBQUMsV0FBVyxDQUFDLENBQUM7NEJBQ3JELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7NEJBQzFFLElBQUksU0FBUyxFQUFFO2dDQUNiLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFBRSxXQUFXLENBQUMsQ0FBQzs2QkFDcEY7eUJBQ0Y7cUJBQ0Y7Z0JBQ0gsQ0FBQyxDQUFDLENBQUM7YUFDSjtpQkFBTTtnQkFDTCxLQUFLLEdBQUcsTUFBTSwrQkFBYyxDQUFDLG9CQUFvQixDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7YUFDdEU7WUFDRCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxvREFBb0QsRUFBRSxLQUFNLENBQUMsRUFBRSxFQUFFLEtBQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztTQUNuRztJQUNILENBQUM7SUFFRCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQWU7UUFDL0IsTUFBTSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxLQUFLLEVBQUMsV0FBVyxFQUFDLEVBQUU7WUFDL0MsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxFQUFFLE9BQU8sRUFBRSxFQUFFLElBQUksRUFBRSxXQUFXLENBQUMsQ0FBQztZQUM1RSxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLEVBQUUsT0FBTyxFQUFFLEVBQUUsSUFBSSxFQUFFLFdBQVcsQ0FBQyxDQUFDO1lBQy9ELElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDBEQUEwRCxFQUN6RSxXQUFXLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDMUIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFVBQVUsQ0FBQyxNQUFjO1FBQzdCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsRUFBRSxNQUFNLEVBQUUsQ0FBQyxDQUFDO1FBQ2pELE9BQU8sTUFBTSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLCtCQUFjLENBQUMsb0JBQW9CLENBQUMsS0FBSyxFQUFFLGFBQVcsQ0FBQyxDQUFDLENBQUM7SUFDdEYsQ0FBQztJQUVELEtBQUssQ0FBQyxjQUFjLENBQUMsVUFBb0M7UUFDdkQsSUFBSSxVQUFVLENBQUMsRUFBRSxFQUFFO1lBQ2pCLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQUUsRUFBRSxVQUFVLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUMzRSxJQUFJLENBQUMsS0FBSztnQkFBRSxPQUFPO1lBQ25CLE1BQU0sK0JBQWMsQ0FBQyxpQkFBaUIsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUM7U0FDM0Q7YUFBTTtZQUNMLE1BQU0sS0FBSyxHQUFHLE1BQU0sK0JBQWMsQ0FBQyxvQkFBb0IsQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUM7WUFDN0YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsd0RBQXdELEVBQUUsS0FBSyxDQUFDLEVBQUUsRUFBRSxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7U0FDcEc7SUFDSCxDQUFDO0lBRUQsS0FBSyxDQUFDLG9DQUFvQyxDQUFDLE1BQWMsRUFBRSxXQUEwQjtRQUNuRixNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUM7WUFDbEQsTUFBTTtZQUNOLFdBQVc7U0FDWixDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsS0FBSztZQUFFLE9BQU8sSUFBSSxDQUFDO1FBQ3hCLE9BQU8sK0JBQWMsQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLLEVBQUUsdUNBQXdCLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLE1BQWM7UUFDbkMsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxDQUFDLEVBQUUsTUFBTSxFQUFFLENBQUMsQ0FBQztRQUNyRSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyw4REFBOEQsRUFBRSxXQUFXLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDeEcsQ0FBQztDQUNGLENBQUE7QUEzSEM7SUFBQyxJQUFBLGFBQU0sR0FBRTs7NENBQytCO0FBRXhDO0lBQUMsSUFBQSxhQUFNLEdBQUU7OzZDQUNpQztBQUUxQztJQUFDLElBQUEsYUFBTSxHQUFFOztvREFDK0M7QUFFeEQ7SUFBQyxJQUFBLGFBQU0sR0FBRTs4QkFDMkIscUNBQWlCO3lEQUFDO0FBRXREO0lBQUMsSUFBQSxhQUFNLEdBQUU7OzBEQUMyRDtBQWR6RCxjQUFjO0lBSDFCLElBQUEscUJBQWMsRUFBQztRQUNkLFdBQVcsRUFBRSxrQkFBVyxDQUFDLE1BQU07S0FDaEMsQ0FBQztHQUNXLGNBQWMsQ0E0SDFCO0FBNUhZLHdDQUFjIn0=
|
|
@@ -61,8 +61,28 @@ __decorate([
|
|
|
61
61
|
(0, orm_1.Attribute)(leoric_1.DataTypes.BOOLEAN),
|
|
62
62
|
__metadata("design:type", Boolean)
|
|
63
63
|
], Token.prototype, "isAutomation", void 0);
|
|
64
|
+
__decorate([
|
|
65
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.STRING(255)),
|
|
66
|
+
__metadata("design:type", String)
|
|
67
|
+
], Token.prototype, "type", void 0);
|
|
68
|
+
__decorate([
|
|
69
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.STRING(255)),
|
|
70
|
+
__metadata("design:type", String)
|
|
71
|
+
], Token.prototype, "name", void 0);
|
|
72
|
+
__decorate([
|
|
73
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.STRING(255)),
|
|
74
|
+
__metadata("design:type", String)
|
|
75
|
+
], Token.prototype, "description", void 0);
|
|
76
|
+
__decorate([
|
|
77
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.JSONB),
|
|
78
|
+
__metadata("design:type", Array)
|
|
79
|
+
], Token.prototype, "allowedScopes", void 0);
|
|
80
|
+
__decorate([
|
|
81
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.DATE),
|
|
82
|
+
__metadata("design:type", Date)
|
|
83
|
+
], Token.prototype, "expiredAt", void 0);
|
|
64
84
|
Token = __decorate([
|
|
65
85
|
(0, orm_1.Model)()
|
|
66
86
|
], Token);
|
|
67
87
|
exports.Token = Token;
|
|
68
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
88
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVG9rZW4uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9hcHAvcmVwb3NpdG9yeS9tb2RlbC9Ub2tlbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7QUFBQSx5Q0FBbUQ7QUFDbkQsbUNBQXlDO0FBR2xDLElBQU0sS0FBSyxHQUFYLE1BQU0sS0FBTSxTQUFRLGFBQUk7Q0FvRDlCLENBQUE7QUFuREM7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLE1BQU0sRUFBRTtRQUMzQixPQUFPLEVBQUUsSUFBSTtRQUNiLGFBQWEsRUFBRSxJQUFJO0tBQ3BCLENBQUM7O2lDQUNTO0FBRVg7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLElBQUksRUFBRSxFQUFFLElBQUksRUFBRSxZQUFZLEVBQUUsQ0FBQzs4QkFDdkMsSUFBSTt3Q0FBQztBQUVoQjtJQUFDLElBQUEsZUFBUyxFQUFDLGtCQUFTLENBQUMsSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLGNBQWMsRUFBRSxDQUFDOzhCQUN6QyxJQUFJO3dDQUFDO0FBRWhCO0lBQUMsSUFBQSxlQUFTLEVBQUMsa0JBQVMsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLEVBQUU7UUFDL0IsTUFBTSxFQUFFLElBQUk7S0FDYixDQUFDOztzQ0FDYztBQUVoQjtJQUFDLElBQUEsZUFBUyxFQUFDLGtCQUFTLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDOzt3Q0FDZDtBQUVsQjtJQUFDLElBQUEsZUFBUyxFQUFDLGtCQUFTLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxFQUFFO1FBQ2hDLE1BQU0sRUFBRSxJQUFJO0tBQ2IsQ0FBQzs7dUNBQ2U7QUFFakI7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsQ0FBQzs7cUNBQ2pCO0FBRWY7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLEtBQUssQ0FBQzs7NENBQ0g7QUFFeEI7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLE9BQU8sQ0FBQzs7eUNBQ1Q7QUFFcEI7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLE9BQU8sQ0FBQzs7MkNBQ1A7QUFFdEI7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQzs7bUNBQ3BCO0FBRWI7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQzs7bUNBQ3BCO0FBRWI7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQzs7MENBQ2I7QUFFcEI7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLEtBQUssQ0FBQzs7NENBQ0g7QUFFeEI7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLElBQUksQ0FBQzs4QkFDZixJQUFJO3dDQUFDO0FBbkRMLEtBQUs7SUFEakIsSUFBQSxXQUFLLEdBQUU7R0FDSyxLQUFLLENBb0RqQjtBQXBEWSxzQkFBSyJ9
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.TokenPackage = void 0;
|
|
13
|
+
const orm_1 = require("@eggjs/tegg/orm");
|
|
14
|
+
const leoric_1 = require("leoric");
|
|
15
|
+
let TokenPackage = class TokenPackage extends leoric_1.Bone {
|
|
16
|
+
};
|
|
17
|
+
__decorate([
|
|
18
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.BIGINT, {
|
|
19
|
+
primary: true,
|
|
20
|
+
autoIncrement: true,
|
|
21
|
+
}),
|
|
22
|
+
__metadata("design:type", BigInt)
|
|
23
|
+
], TokenPackage.prototype, "id", void 0);
|
|
24
|
+
__decorate([
|
|
25
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.DATE, { name: 'gmt_create' }),
|
|
26
|
+
__metadata("design:type", Date)
|
|
27
|
+
], TokenPackage.prototype, "createdAt", void 0);
|
|
28
|
+
__decorate([
|
|
29
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.DATE, { name: 'gmt_modified' }),
|
|
30
|
+
__metadata("design:type", Date)
|
|
31
|
+
], TokenPackage.prototype, "updatedAt", void 0);
|
|
32
|
+
__decorate([
|
|
33
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.STRING(24)),
|
|
34
|
+
__metadata("design:type", String)
|
|
35
|
+
], TokenPackage.prototype, "tokenId", void 0);
|
|
36
|
+
__decorate([
|
|
37
|
+
(0, orm_1.Attribute)(leoric_1.DataTypes.STRING(24)),
|
|
38
|
+
__metadata("design:type", String)
|
|
39
|
+
], TokenPackage.prototype, "packageId", void 0);
|
|
40
|
+
TokenPackage = __decorate([
|
|
41
|
+
(0, orm_1.Model)()
|
|
42
|
+
], TokenPackage);
|
|
43
|
+
exports.TokenPackage = TokenPackage;
|
|
44
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVG9rZW5QYWNrYWdlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vYXBwL3JlcG9zaXRvcnkvbW9kZWwvVG9rZW5QYWNrYWdlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7OztBQUFBLHlDQUFtRDtBQUNuRCxtQ0FBeUM7QUFHbEMsSUFBTSxZQUFZLEdBQWxCLE1BQU0sWUFBYSxTQUFRLGFBQUk7Q0FrQnJDLENBQUE7QUFqQkM7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLE1BQU0sRUFBRTtRQUMzQixPQUFPLEVBQUUsSUFBSTtRQUNiLGFBQWEsRUFBRSxJQUFJO0tBQ3BCLENBQUM7O3dDQUNTO0FBRVg7SUFBQyxJQUFBLGVBQVMsRUFBQyxrQkFBUyxDQUFDLElBQUksRUFBRSxFQUFFLElBQUksRUFBRSxZQUFZLEVBQUUsQ0FBQzs4QkFDdkMsSUFBSTsrQ0FBQztBQUVoQjtJQUFDLElBQUEsZUFBUyxFQUFDLGtCQUFTLENBQUMsSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLGNBQWMsRUFBRSxDQUFDOzhCQUN6QyxJQUFJOytDQUFDO0FBRWhCO0lBQUMsSUFBQSxlQUFTLEVBQUMsa0JBQVMsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUM7OzZDQUNoQjtBQUVoQjtJQUFDLElBQUEsZUFBUyxFQUFDLGtCQUFTLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDOzsrQ0FDZDtBQWpCUCxZQUFZO0lBRHhCLElBQUEsV0FBSyxHQUFFO0dBQ0ssWUFBWSxDQWtCeEI7QUFsQlksb0NBQVkifQ==
|