data-primals-engine 1.3.4 → 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +72 -2
- package/client/README.md +20 -0
- package/client/package-lock.json +712 -147
- package/client/package.json +38 -37
- package/client/src/App.jsx +9 -10
- package/client/src/App.scss +7 -1
- package/client/src/Dashboard.jsx +349 -208
- package/client/src/DashboardView.jsx +569 -547
- package/client/src/DataEditor.jsx +20 -2
- package/client/src/DataLayout.jsx +24 -12
- package/client/src/DataTable.jsx +807 -760
- package/client/src/DataTable.scss +187 -90
- package/client/src/Field.jsx +1783 -1656
- package/client/src/ModelCreator.jsx +2 -2
- package/client/src/ModelCreatorField.jsx +906 -804
- package/client/src/ModelList.jsx +2 -2
- package/client/src/PackGallery.jsx +391 -290
- package/client/src/PackGallery.scss +231 -210
- package/client/src/constants.js +16 -4
- package/client/src/translations.js +16750 -16392
- package/package.json +14 -11
- package/src/core.js +9 -0
- package/src/defaultModels.js +18 -10
- package/src/email.js +2 -1
- package/src/gameObject.js +1 -1
- package/src/i18n.js +501 -28
- package/src/modules/auth-google/index.js +51 -0
- package/src/modules/auth-microsoft/index.js +82 -0
- package/src/modules/auth-saml/index.js +90 -0
- package/src/modules/data/data.core.js +5 -1
- package/src/modules/data/data.history.js +489 -489
- package/src/modules/data/data.js +86 -12
- package/src/modules/data/data.routes.js +1691 -1663
- package/src/modules/user.js +19 -0
- package/src/modules/workflow.js +2 -12
- package/src/providers.js +110 -1
- package/src/sso.js +194 -0
- package/test/data.integration.test.js +3 -0
- package/test/user.test.js +1 -1
- package/client/public/demo/26899917-d1ba-4df4-bb33-48d09a8778da.jpg +0 -0
- package/client/public/demo/4b9894c7-12cd-466d-8fd3-a2757b09ec96.jpg +0 -0
- package/client/public/demo/7ed369ac-a1a2-4b45-b0cd-4fd5bcf5a75a.jpg +0 -0
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
|
|
2
|
+
import { Sso, SSOUserProvider } from '../../sso.js';
|
|
3
|
+
import {Logger} from "../../gameObject.js";
|
|
4
|
+
|
|
5
|
+
let logger;
|
|
6
|
+
|
|
7
|
+
export async function onInit(engine) {
|
|
8
|
+
logger = engine.getComponent(Logger);
|
|
9
|
+
|
|
10
|
+
// Le SSOUserProvider est nécessaire pour l'initialisation et pour la stratégie.
|
|
11
|
+
// On le crée donc en premier.
|
|
12
|
+
const ssoUserProvider = new SSOUserProvider(engine);
|
|
13
|
+
|
|
14
|
+
// 1. Récupérer le composant PassportAuth central.
|
|
15
|
+
let passportAuth = engine.getComponent(Sso);
|
|
16
|
+
if (!passportAuth) {
|
|
17
|
+
passportAuth = engine.addComponent(Sso);
|
|
18
|
+
// C'EST ICI QUE L'INITIALISATION DOIT AVOIR LIEU, UNE SEULE FOIS.
|
|
19
|
+
passportAuth.initialize({ ssoUserProvider });
|
|
20
|
+
passportAuth.addLogoutRoute();
|
|
21
|
+
logger.info("[auth-google] Sso component was not found, created and initialized a new one.");
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
// 2. Vérifier que les variables d'environnement nécessaires sont présentes.
|
|
25
|
+
if (!process.env.GOOGLE_CLIENT_ID || !process.env.GOOGLE_CLIENT_SECRET) {
|
|
26
|
+
logger.warn("[auth-google] GOOGLE_CLIENT_ID or GOOGLE_CLIENT_SECRET are not set. Google SSO will be disabled.");
|
|
27
|
+
return;
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
// 3. Créer l'instance de la stratégie Google.
|
|
31
|
+
const googleStrategy = new GoogleStrategy({
|
|
32
|
+
clientID: process.env.GOOGLE_CLIENT_ID,
|
|
33
|
+
clientSecret: process.env.GOOGLE_CLIENT_SECRET,
|
|
34
|
+
callbackURL: "/api/auth/google/callback"
|
|
35
|
+
},
|
|
36
|
+
async (accessToken, refreshToken, profile, done) => {
|
|
37
|
+
try {
|
|
38
|
+
// On utilise le SSOUserProvider pour trouver ou créer l'utilisateur.
|
|
39
|
+
const user = await ssoUserProvider.findOrCreate(profile);
|
|
40
|
+
return done(null, user);
|
|
41
|
+
} catch (err) {
|
|
42
|
+
return done(err);
|
|
43
|
+
}
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
// 4. Enregistrer la stratégie auprès du composant PassportAuth.
|
|
47
|
+
passportAuth.addStrategy('google', googleStrategy,
|
|
48
|
+
{ authPath: '/api/auth/google', callbackPath: '/api/auth/google/callback' },
|
|
49
|
+
{ scope: ['profile', 'email'] }
|
|
50
|
+
);
|
|
51
|
+
}
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
import { Sso, SSOUserProvider } from '../../sso.js';
|
|
2
|
+
import { Logger } from "../../gameObject.js";
|
|
3
|
+
|
|
4
|
+
let logger;
|
|
5
|
+
|
|
6
|
+
export async function onInit(engine) {
|
|
7
|
+
logger = engine.getComponent(Logger);
|
|
8
|
+
|
|
9
|
+
try {
|
|
10
|
+
// 1. Tenter d'importer dynamiquement la stratégie Azure AD.
|
|
11
|
+
// L'utilisateur devra exécuter `npm install passport-azure-ad`.
|
|
12
|
+
const { OIDCStrategy } = await import('passport-azure-ad');
|
|
13
|
+
|
|
14
|
+
const ssoUserProvider = new SSOUserProvider(engine);
|
|
15
|
+
|
|
16
|
+
// 2. Récupérer ou créer le composant SSO central.
|
|
17
|
+
let ssoComponent = engine.getComponent(Sso);
|
|
18
|
+
if (!ssoComponent) {
|
|
19
|
+
ssoComponent = engine.addComponent(Sso);
|
|
20
|
+
ssoComponent.initialize({ ssoUserProvider });
|
|
21
|
+
ssoComponent.addLogoutRoute();
|
|
22
|
+
logger.info("[auth-microsoft] Sso component was not found, created and initialized a new one.");
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
// 3. Vérifier les variables d'environnement critiques pour Azure AD.
|
|
26
|
+
const { MICROSOFT_CLIENT_ID, MICROSOFT_CLIENT_SECRET, MICROSOFT_TENANT_ID } = process.env;
|
|
27
|
+
if (!MICROSOFT_CLIENT_ID || !MICROSOFT_CLIENT_SECRET || !MICROSOFT_TENANT_ID) {
|
|
28
|
+
logger.warn("[auth-microsoft] Microsoft environment variables are not fully set. Microsoft SSO will be disabled.");
|
|
29
|
+
return;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
const callbackUrl = process.env.MICROSOFT_CALLBACK_URL || '/api/auth/microsoft/callback';
|
|
33
|
+
|
|
34
|
+
// 4. Créer l'instance de la stratégie OIDC pour Microsoft.
|
|
35
|
+
const microsoftStrategy = new OIDCStrategy({
|
|
36
|
+
identityMetadata: `https://login.microsoftonline.com/${MICROSOFT_TENANT_ID}/v2.0/.well-known/openid-configuration`,
|
|
37
|
+
clientID: MICROSOFT_CLIENT_ID,
|
|
38
|
+
responseType: 'code id_token',
|
|
39
|
+
responseMode: 'form_post',
|
|
40
|
+
redirectUrl: callbackUrl,
|
|
41
|
+
allowHttpForRedirectUrl: process.env.NODE_ENV !== 'production',
|
|
42
|
+
clientSecret: MICROSOFT_CLIENT_SECRET,
|
|
43
|
+
validateIssuer: false, // Important pour les tenants multiples
|
|
44
|
+
passReqToCallback: false,
|
|
45
|
+
scope: ['profile', 'email', 'openid']
|
|
46
|
+
},
|
|
47
|
+
async (iss, sub, profile, accessToken, refreshToken, done) => {
|
|
48
|
+
try {
|
|
49
|
+
// Le profil Azure AD est différent. On l'adapte à notre format standard.
|
|
50
|
+
const email = profile.upn || profile._json.email;
|
|
51
|
+
if (!email) {
|
|
52
|
+
return done(new Error("Microsoft profile is missing an email (upn)."));
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
const adaptedProfile = {
|
|
56
|
+
provider: 'azuread',
|
|
57
|
+
id: profile.oid, // Object ID de l'utilisateur dans Azure
|
|
58
|
+
displayName: profile.displayName,
|
|
59
|
+
emails: [{ value: email }]
|
|
60
|
+
};
|
|
61
|
+
|
|
62
|
+
const user = await ssoUserProvider.findOrCreate(adaptedProfile);
|
|
63
|
+
return done(null, user);
|
|
64
|
+
} catch (err) {
|
|
65
|
+
return done(err);
|
|
66
|
+
}
|
|
67
|
+
});
|
|
68
|
+
|
|
69
|
+
// 5. Enregistrer la stratégie auprès du composant SSO.
|
|
70
|
+
ssoComponent.addStrategy('azuread-openidconnect', microsoftStrategy, {
|
|
71
|
+
authPath: '/api/auth/microsoft',
|
|
72
|
+
callbackPath: callbackUrl
|
|
73
|
+
});
|
|
74
|
+
|
|
75
|
+
} catch (e) {
|
|
76
|
+
if (e.code === 'ERR_MODULE_NOT_FOUND') {
|
|
77
|
+
logger.info("[auth-microsoft] Module désactivé. Pour l'activer, exécutez 'npm install passport-azure-ad'");
|
|
78
|
+
} else {
|
|
79
|
+
logger.error("[auth-microsoft] Une erreur inattendue a empêché le chargement du module :", e);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
import { Sso, SSOUserProvider } from '../../sso.js';
|
|
2
|
+
import { Logger } from "../../gameObject.js";
|
|
3
|
+
|
|
4
|
+
let logger;
|
|
5
|
+
|
|
6
|
+
export async function onInit(engine) {
|
|
7
|
+
logger = engine.getComponent(Logger);
|
|
8
|
+
|
|
9
|
+
try {
|
|
10
|
+
// 1. Tenter d'importer dynamiquement la stratégie SAML.
|
|
11
|
+
// Cela ne fonctionnera que si l'utilisateur a exécuté `npm install passport-saml-encrypted`.
|
|
12
|
+
const { Strategy: SamlStrategy } = await import('passport-saml-encrypted');
|
|
13
|
+
|
|
14
|
+
const ssoUserProvider = new SSOUserProvider(engine);
|
|
15
|
+
|
|
16
|
+
// 2. Récupérer le composant SSO central.
|
|
17
|
+
let ssoComponent = engine.getComponent(Sso);
|
|
18
|
+
if (!ssoComponent) {
|
|
19
|
+
// S'il n'existe pas, on l'ajoute. C'est le premier module SSO à se charger.
|
|
20
|
+
ssoComponent = engine.addComponent(Sso);
|
|
21
|
+
ssoComponent.initialize({ ssoUserProvider });
|
|
22
|
+
ssoComponent.addLogoutRoute();
|
|
23
|
+
logger.info("[auth-saml] Sso component was not found, created and initialized a new one.");
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
// 3. Vérifier les variables d'environnement critiques pour SAML.
|
|
27
|
+
const { SAML_ENTRY_POINT, SAML_ISSUER, SAML_CERT, SAML_CALLBACK_URL, SAML_DECRYPTION_KEY } = process.env;
|
|
28
|
+
if (!SAML_ENTRY_POINT || !SAML_ISSUER || !SAML_CERT || !SAML_DECRYPTION_KEY) {
|
|
29
|
+
logger.warn("[auth-saml] SAML environment variables (SAML_ENTRY_POINT, SAML_ISSUER, SAML_CERT, SAML_DECRYPTION_KEY) are not fully set. SAML SSO will be disabled.");
|
|
30
|
+
return;
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
const callbackUrl = SAML_CALLBACK_URL || '/api/auth/saml/callback';
|
|
34
|
+
|
|
35
|
+
// 4. Créer l'instance de la stratégie SAML.
|
|
36
|
+
// La configuration SAML est plus complexe que OAuth2.
|
|
37
|
+
const samlStrategy = new SamlStrategy(
|
|
38
|
+
{
|
|
39
|
+
path: callbackUrl, // Le chemin où l'IdP (Identity Provider) enverra la réponse POST.
|
|
40
|
+
entryPoint: SAML_ENTRY_POINT, // L'URL de connexion de l'IdP.
|
|
41
|
+
issuer: SAML_ISSUER, // L'identifiant de votre application (Service Provider).
|
|
42
|
+
cert: SAML_CERT, // Le certificat public de l'IdP pour vérifier la signature.
|
|
43
|
+
decryptionPvk: SAML_DECRYPTION_KEY, // Clé privée pour déchiffrer les assertions.
|
|
44
|
+
encryptedSAML: true, // Indique que nous attendons des assertions chiffrées.
|
|
45
|
+
acceptedClockSkewMs: -1 // Optionnel mais recommandé: pour les problèmes de synchronisation d'horloge.
|
|
46
|
+
},
|
|
47
|
+
async (profile, done) => {
|
|
48
|
+
try {
|
|
49
|
+
// Normaliser les clés du profil en minuscules pour une correspondance insensible à la casse.
|
|
50
|
+
const normalizedProfile = Object.keys(profile).reduce((acc, key) => {
|
|
51
|
+
acc[key.toLowerCase()] = profile[key];
|
|
52
|
+
return acc;
|
|
53
|
+
}, {});
|
|
54
|
+
|
|
55
|
+
// Le profil SAML est différent du profil Google. Nous devons l'adapter.
|
|
56
|
+
// `nameID` est souvent l'email. Les autres attributs dépendent de la configuration de l'IdP.
|
|
57
|
+
const email = normalizedProfile.email || normalizedProfile.nameid;
|
|
58
|
+
if (!email) {
|
|
59
|
+
return done(new Error("SAML profile is missing an email or nameID."));
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
const adaptedProfile = {
|
|
63
|
+
provider: 'saml',
|
|
64
|
+
id: normalizedProfile.nameid,
|
|
65
|
+
displayName: normalizedProfile.displayname || normalizedProfile.cn || `${normalizedProfile.firstname || ''} ${normalizedProfile.lastname || ''}`.trim() || email,
|
|
66
|
+
emails: [{ value: email }]
|
|
67
|
+
};
|
|
68
|
+
|
|
69
|
+
const user = await ssoUserProvider.findOrCreate(adaptedProfile);
|
|
70
|
+
return done(null, user);
|
|
71
|
+
} catch (err) {
|
|
72
|
+
return done(err);
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
);
|
|
76
|
+
|
|
77
|
+
// 5. Enregistrer la stratégie auprès du composant SSO.
|
|
78
|
+
ssoComponent.addStrategy('saml', samlStrategy, {
|
|
79
|
+
authPath: '/api/auth/saml',
|
|
80
|
+
callbackPath: callbackUrl
|
|
81
|
+
});
|
|
82
|
+
|
|
83
|
+
} catch (e) {
|
|
84
|
+
if (e.code === 'ERR_MODULE_NOT_FOUND') {
|
|
85
|
+
logger.info("[auth-saml] Module désactivé. Pour l'activer, exécutez 'npm install passport-saml-encrypted'");
|
|
86
|
+
} else {
|
|
87
|
+
logger.error("[auth-saml] Une erreur inattendue a empêché le chargement du module :", e);
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
}
|
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
import NodeCache from "node-cache";
|
|
2
2
|
import path from "node:path";
|
|
3
3
|
import {Worker} from 'worker_threads';
|
|
4
|
+
import {fileURLToPath} from "node:url";
|
|
4
5
|
export const modelsCache = new NodeCache( { stdTTL: 100, checkperiod: 120 } );
|
|
5
6
|
|
|
7
|
+
const __filename = fileURLToPath(import.meta.url);
|
|
8
|
+
const __dirname = path.dirname(__filename);
|
|
9
|
+
|
|
6
10
|
export const mongoDBWhitelist = [
|
|
7
11
|
"$$NOW", "$in", "$eq", "$gt", "$gte", "$in", "$lt", "$lte", "$ne", "$nin", "$type", "$size",
|
|
8
12
|
"$and", "$not", "$nor", "$or", "$regexMatch", "$find", "$elemMatch", "$filter", "$toString", "$toObjectId",
|
|
@@ -60,7 +64,7 @@ export function runImportExportWorker(action, payload) {
|
|
|
60
64
|
*/
|
|
61
65
|
export function runCryptoWorkerTask(action, payload) {
|
|
62
66
|
return new Promise((resolve, reject) => {
|
|
63
|
-
const workerPath = path.resolve(
|
|
67
|
+
const workerPath = path.resolve(__dirname, '../../workers/crypto-worker.js');
|
|
64
68
|
const worker = new Worker(workerPath);
|
|
65
69
|
|
|
66
70
|
worker.postMessage({ action, payload });
|