eh-commons 0.0.1-testing.97 → 0.0.2-testing.78

package/src/modules/iam/models/interfaces/index.ts

@@ -0,0 +1,114 @@
+import { Types } from 'mongoose';
+import { IAddress, IBase, IContact, IDictionaryEmbedded, II18n, IUserScope } from '../../../..';
+
+export interface IRole extends IBase {
+  keyword: string;
+  name?: II18n;
+  description?: II18n;
+  permissions: IPermission[];
+  default?: boolean;
+  initial?: boolean;
+}
+
+export interface ICredentials {
+  username: string;
+  password: string;
+}
+
+export interface IPermission extends IBase {
+  name?: II18n;
+  description?: II18n;
+  keyword: string;
+}
+
+export interface IProfInfo {
+  subjects: IDictionaryEmbedded[];
+}
+
+export interface ICompleteRole {
+  _id: Types.ObjectId | string;
+  keyword: string;
+  name?: any;
+  description?: any;
+  permissions: IPermission[];
+  default?: boolean;
+  initial?: boolean;
+}
+
+export interface IClient extends IBase {
+  originId: Types.ObjectId | string;
+  type: IDictionaryEmbedded;
+  parent: Types.ObjectId | IClient;
+  name: II18n;
+  address: IAddress;
+  highland: boolean;
+  code: string;
+  contacts: IContact[];
+  region: IDictionaryEmbedded;
+  district: IDictionaryEmbedded;
+  languageSectors: IDictionaryEmbedded[];
+  levels: IDictionaryEmbedded[];
+}
+
+export interface IClientThin {
+  _id: Types.ObjectId | string;
+  originId: Types.ObjectId | string;
+  type: IDictionaryEmbedded;
+  parent: Types.ObjectId | IClient;
+  name: II18n;
+  address: IAddress;
+  highland: boolean;
+  code: string;
+  contacts: IContact[];
+  region: IDictionaryEmbedded;
+  district: IDictionaryEmbedded;
+  languageSectors: IDictionaryEmbedded[];
+  levels: IDictionaryEmbedded[];
+}
+
+export interface ICompleteUserData {
+  _id: Types.ObjectId | string;
+  person: IPerson;
+  contacts: IContact[];
+  clients: ICompleteUserClient[];
+  credentials: ICredentials;
+  scope: IUserScope;
+  address: string;
+}
+
+export interface IUser extends IBase {
+  person: IPerson;
+  contacts: IContact[];
+  clients: IUserClient[];
+  profInfo: IProfInfo;
+  credentials: ICredentials;
+  level: IDictionaryEmbedded;
+  address?: string;
+}
+
+export interface ICompleteUserClient {
+  client: IClient;
+  roles: ICompleteRole[];
+  subjects: IDictionaryEmbedded[];
+  languageSectors: IDictionaryEmbedded[];
+}
+
+export interface IUserClient {
+  client: Types.ObjectId | IClient;
+  roles: Types.ObjectId[] | IRole[];
+  subjects: IDictionaryEmbedded[];
+  languageSectors: IDictionaryEmbedded[];
+}
+
+export interface IUserPersonInfo {
+  _id: Types.ObjectId | string;
+  person: IPerson;
+}
+
+export interface IPerson {
+  pid: string;
+  firstName: string;
+  lastName: string;
+  gender: number;
+  birthDate: Date;
+}

package/src/{models/util → modules/iam/models/schemas}/embedded/person.embedded.ts

@@ -1,17 +1,21 @@
 import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose';
 import { HydratedDocument } from 'mongoose';
-import { IPerson } from '../interfaces/person.interface';
+import { IPerson } from '../../interfaces';
 
 @Schema({ _id: false })
 export class Person implements IPerson {
   @Prop({ type: String, required: false })
   pid: string;
+
   @Prop({ type: String, required: false })
   firstName: string;
+  
   @Prop({ type: String, required: false })
   lastName: string;
+  
   @Prop({ type: Number, required: false })
   gender: number;
+  
   @Prop({ type: Date, required: false })
   birthDate: Date;
 }

package/src/modules/iam/models/schemas/embedded/user-person-info.embedded.ts

@@ -0,0 +1,16 @@
+import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose';
+import { HydratedDocument, SchemaTypes, Types } from 'mongoose';
+import { IUserPersonInfo } from '../../interfaces';
+import { Person, PersonSchema } from './person.embedded';
+
+@Schema({ _id: false })
+export class UserPersonInfo implements IUserPersonInfo {
+  @Prop({ type: SchemaTypes.ObjectId, required: true })
+  _id: string | Types.ObjectId;
+
+  @Prop({ type: PersonSchema, required: true })
+  person: Person;
+}
+
+export const UserPersonInfoSchema = SchemaFactory.createForClass(UserPersonInfo);
+export type UserPersonInfoDocument = HydratedDocument<UserPersonInfo>;

package/src/modules/iam/models/schemas/index.ts

@@ -0,0 +1,2 @@
+export * from './embedded/user-person-info.embedded';
+export * from './embedded/person.embedded';

package/src/modules/iam/services/iam.service.ts

@@ -0,0 +1,35 @@
+import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { RestClient } from '../../../clients';
+import { ICompleteUserData, IUserPersonInfo } from '../models/interfaces';
+import * as qs from 'qs';
+
+@Injectable()
+export class IAMService {
+  //#region Private Members
+  private readonly _client: RestClient;
+  //#endregion
+
+  //#region Constructor
+  constructor(private readonly _configService: ConfigService) {
+    this._client = new RestClient({
+      name: 'IAM_SERVICE',
+      baseUrl: this._configService.get('EH_UM__REST__BASE_URL', ''),
+      timeout: 30000,
+      accessToken: this._configService.get('EH_UM__REST__ACCESS_TOKEN', ''),
+    });
+  }
+  //#endregion
+
+  //#region Public APIs
+  public async fetchByEmail(email: string): Promise<ICompleteUserData> {
+    const query = qs.stringify({ email });
+    return await this._client.get<ICompleteUserData>(`/internals/v1/users/init/private?${query}`);
+  }
+
+  public async fetchById(userId: string): Promise<IUserPersonInfo> {
+    return await this._client.get<IUserPersonInfo>(`/internals/v1/users/${userId}/profile`);
+  }
+
+  //#endregion
+}

package/src/modules/otp/index.ts

@@ -0,0 +1,3 @@
+export * from './services/otp.service';
+export * from './models/interfaces';
+export * from './otp.module';

package/src/modules/otp/models/interfaces/index.ts

@@ -0,0 +1,20 @@
+export interface IOTPMetaData {
+  duration: number;
+  type: string;
+  appKeyword: string;
+  email: string;
+  senderName: string;
+  createAt: Date;
+  token: string;
+  expirationDuration: number;
+}
+
+export interface IOTPTokenState {
+  valid: boolean;
+}
+
+export interface IOTPCodeState extends IOTPTokenState {}
+
+export interface IOTPTokenExists {
+  exists: boolean;
+}

package/src/modules/otp/otp.module.ts

@@ -0,0 +1,11 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { OTPService } from './services/otp.service';
+
+@Module({
+  imports: [ConfigModule],
+  controllers: [],
+  providers: [OTPService],
+  exports: [OTPService],
+})
+export class OTPModule {}

package/src/modules/otp/services/otp.service.ts

@@ -0,0 +1,48 @@
+import { Injectable } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
+import { RestClient } from '../../../clients';
+import { IOTPCodeState, IOTPMetaData, IOTPTokenExists, IOTPTokenState } from '../models/interfaces';
+
+/**
+ * Crap API designed by Clite Ogiashvili
+ */
+
+@Injectable()
+export class OTPService {
+  //#region Private Members
+  private readonly _client: RestClient;
+  //#endregion
+
+  //#region Constructor
+  constructor(private _configService: ConfigService) {
+    this._client = new RestClient({
+      name: 'OTP_SERVICE',
+      baseUrl: this._configService.get('EH_OTPS__REST__BASE_URL', ''),
+      timeout: 30000,
+      accessToken: this._configService.get('EH_OTPS__REST__ACCESS_TOKEN', ''),
+    });
+  }
+  //#endregion
+
+  //#region Public APIs
+  public async init(senderName: string, email: string, appKeyword: string) {
+    const requestBody = { data: { senderName, email, appKeyword } };
+    return this._client.post<IOTPMetaData>(`/otp/email`, requestBody);
+  }
+
+  public async validateCode(token: string, code: string, email: string, appKeyword: string) {
+    const requestBody = { data: { email, code, appKeyword, token } };
+    return this._client.post<IOTPCodeState>(`/otp/email/validate`, requestBody);
+  }
+
+  public async validateToken(token: string, email: string, appKeyword: string) {
+    const requestBody = { data: { email, appKeyword, token } };
+    return this._client.post<IOTPTokenState>(`/otp/check`, requestBody);
+  }
+
+  public async validateTokenForResend(token: string, email: string, appKeyword: string) {
+    const requestBody = { data: { email, appKeyword, token } };
+    return this._client.post<IOTPTokenExists>(`/otp/resend/check`, requestBody);
+  }
+  //#endregion
+}

package/src/modules/session/functions/index.ts

@@ -0,0 +1,24 @@
+export function generateSessionKeyword(token: string) {
+  return `sessions::${token}`;
+}
+
+export function generateUserClientsKeyword(userId: string) {
+  return `user::${userId}::clients`;
+}
+
+export function generateUserClientPermissionKeyword(userId: string, clientId: string) {
+  return `user::${userId}::clients::${clientId}`;
+}
+
+export function generateUserSessionTokenKeyword(userId: string) {
+  return `user::${userId}::token`;
+}
+
+export function getSessionTokenFromHeader(headers: any) {
+  let token = headers.authorization;
+  if (token) {
+    token = token.replace('bearer ', '');
+    token = token.replace('Bearer ', '');
+  }
+  return token;
+}

package/src/modules/session/guards/permission.guard.ts

@@ -0,0 +1,122 @@
+import { Injectable, CanActivate, ExecutionContext, HttpStatus } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Permission } from '../reflectors/permission.reflector';
+import { RESTError } from '../../../models/wrappers/rest-wrapper.class';
+import { Observable, map, mergeMap } from 'rxjs';
+import { IClient, IPermission } from '../../iam';
+import { IUserSessionData, IUserScope } from '../../session/models/interfaces';
+import { SessionV1Service } from '../services/session-v1.service';
+import { getSessionTokenFromHeader } from '../functions';
+
+@Injectable()
+export class PermissionGuard implements CanActivate {
+  //#region Constructor
+  constructor(
+    private readonly _sessionV1Service: SessionV1Service,
+    private readonly _reflector: Reflector,
+  ) {}
+  //#endregion
+
+  //#region Lifecycle Events
+  public canActivate(context: ExecutionContext): Observable<boolean> {
+    const config = this._reflector.get(Permission, context.getHandler());
+    const request = context.switchToHttp().getRequest();
+    const queryParameters = request.query;
+    const headers = request.headers;
+    const token: string = getSessionTokenFromHeader(headers);
+    if (!token) {
+      throw new RESTError('unauthorized', null, HttpStatus.UNAUTHORIZED);
+    }
+
+    const clientId: string = this._getClientIdFromQuery(queryParameters);
+    const userData$ = this._sessionV1Service.getUserData(token);
+    const result$ = userData$.pipe(
+      map(this._validateUserData),
+      mergeMap((userData) => {
+        return this._sessionV1Service.getUserClientPermissions(userData.userId, clientId).pipe(
+          map((data) => {
+            return {
+              user: userData,
+              client: data?.client,
+              permissions: data?.permissions,
+            };
+          }),
+        );
+      }),
+      mergeMap((data) => {
+        if (data?.user && !data.user.scope && data.client) {
+          return this._sessionV1Service.getClientData(data.user.userId).pipe(
+            map((clientsMap: any) => {
+              const clientData = clientsMap?.[data.client._id?.toString()];
+              if (clientData) {
+                data.user.scope = this._buildScopeFromClient(clientData);
+              }
+              return data;
+            }),
+          );
+        }
+        return new Observable<typeof data>((subscriber) => {
+          subscriber.next(data);
+          subscriber.complete();
+        });
+      }),
+      map((data) => {
+        this._setUserData(data?.user, data?.client, data?.permissions, request);
+        return this._checkPermission(data?.permissions, config.keyword);
+      }),
+    );
+    return result$;
+  }
+  //#endregion
+
+  //#region Private APIs
+  private _getClientIdFromQuery(queryParameters: any) {
+    return queryParameters.clientId;
+  }
+
+  private _checkPermission(userPermissions: IPermission[], allowedPermission: string): boolean {
+    if (allowedPermission) {
+      if (!userPermissions || !userPermissions.length) {
+        throw new RESTError('forbidden', null, HttpStatus.FORBIDDEN);
+      }
+      const check = userPermissions.some((item) => item.keyword === allowedPermission);
+      if (check) {
+        return true;
+      } else {
+        throw new RESTError('forbidden', null, HttpStatus.FORBIDDEN);
+      }
+    } else {
+      return true;
+    }
+  }
+
+  private _setUserData(userData: IUserSessionData, client: IClient, permissions: IPermission[], request: Request) {
+    const userInfo = {
+      user: userData,
+      client,
+      permissions,
+    };
+    request['session'] = userInfo;
+  }
+
+  private _validateUserData(userData: IUserSessionData) {
+    if (!userData) {
+      throw new RESTError('unauthorized', null, HttpStatus.UNAUTHORIZED);
+    }
+    return userData;
+  }
+
+  private _buildScopeFromClient(clientData: any): IUserScope {
+    return {
+      levels: clientData.levels || [],
+      subjects: clientData.subjects || [],
+      schoolTypes: [],
+      languageSectors: clientData.languageSectors || [],
+      districts: clientData.district ? [clientData.district] : [],
+      gender: null,
+      birthDate: null,
+      highland: clientData.highland || false,
+    };
+  }
+  //#endregion
+}

package/src/modules/session/guards/user.guard.ts

@@ -0,0 +1,88 @@
+import { Injectable, CanActivate, ExecutionContext, HttpStatus } from '@nestjs/common';
+import { RESTError } from '../../../models/wrappers/rest-wrapper.class';
+import { Observable, map, mergeMap, of } from 'rxjs';
+import { IClient, IPermission } from '../../iam';
+import { IUserSessionData } from '../models/interfaces';
+import { SessionV1Service } from '../services/session-v1.service';
+import { getSessionTokenFromHeader } from '../functions';
+
+@Injectable()
+export class UserGuard implements CanActivate {
+  //#region Constructor
+  constructor(private readonly _sessionV1Service: SessionV1Service) {}
+  //#endregion
+
+  //#region Lifecycle Events
+  public canActivate(context: ExecutionContext): Observable<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const queryParameters = request.query;
+    const headers = request.headers;
+    const token: string = getSessionTokenFromHeader(headers);
+    if (!token) {
+      return of(true);
+    }
+
+    const clientId: string = this._getClientIdFromQuery(queryParameters);
+    const userData$ = this._sessionV1Service.getUserData(token);
+    const result$ = userData$.pipe(
+      map(this._validateUserData),
+      mergeMap((userData) => {
+        if (!userData) return of(null);
+        return this._sessionV1Service.getUserClientPermissions(userData.userId, clientId).pipe(
+          map((data) => {
+            return {
+              user: userData,
+              client: data?.client,
+              permissions: data?.permissions,
+            };
+          }),
+        );
+      }),
+      map((data) => {
+        if (!data) {
+          return true;
+        }
+
+        this._setUserData(data?.user, data?.client, data?.permissions, request);
+        return true;
+      }),
+    );
+    return result$;
+  }
+  //#endregion
+
+  //#region Private APIs
+  private _getClientIdFromQuery(queryParameters: any) {
+    return queryParameters.clientId;
+  }
+
+  private _checkPermission(userPermissions: IPermission[], allowedPermission: string): boolean {
+    if (allowedPermission) {
+      if (!userPermissions || !userPermissions.length) {
+        throw new RESTError('forbidden', HttpStatus.FORBIDDEN);
+      }
+      const check = userPermissions.some((item) => item.keyword === allowedPermission);
+      if (check) {
+        return true;
+      } else {
+        throw new RESTError('forbidden', HttpStatus.FORBIDDEN);
+      }
+    } else {
+      return true;
+    }
+  }
+
+  private _setUserData(userData: IUserSessionData, client: IClient, permissions: IPermission[], request: Request) {
+    const userInfo = {
+      user: userData,
+      client,
+      permissions,
+    };
+    request['session'] = userInfo;
+  }
+
+  private _validateUserData(userData: IUserSessionData) {
+    return userData;
+  }
+  //#endregion
+}

package/src/modules/session/index.ts

@@ -0,0 +1,9 @@
+export * from './services/session-v1.service';
+export * from './services/session-v2.service';
+export * from './models/interfaces';
+export * from './models/classes';
+export * from './functions';
+export * from './reflectors/permission.reflector';
+export * from './guards/permission.guard';
+export * from './guards/user.guard';
+export * from './session.module';

package/src/modules/session/models/classes/index.ts

@@ -0,0 +1,3 @@
+export class PermissionGuardConfig {
+  keyword: string;
+}

package/src/modules/session/models/interfaces/index.ts

@@ -0,0 +1,57 @@
+import { IAddress } from '../../../../models/util/interfaces/address.interface';
+import { IContact } from '../../../../models/util/interfaces/contact.interface';
+import { II18n } from '../../../../models/util/interfaces/i18n.interface';
+import { IDictionaryEmbedded } from '../../../dictionary';
+import { IResult } from 'ua-parser-js';
+import { IClient, IPermission } from '../../../iam';
+
+export class ISessionClientData {
+  clientId: string;
+  type: IDictionaryEmbedded;
+  name: II18n;
+  address: IAddress;
+  highland: boolean;
+  code: string;
+  contacts: IContact[];
+  region: IDictionaryEmbedded;
+  district: IDictionaryEmbedded;
+  languageSectors: IDictionaryEmbedded[];
+  levels: IDictionaryEmbedded[];
+  subjects: IDictionaryEmbedded[];
+  permissions: IPermission[];
+}
+
+export interface ISessionData {
+  sessionToken: string;
+  userInfo: IUserSessionData;
+  userClients: { [key: string]: ISessionClientData };
+}
+
+export interface IUserScope {
+  levels: IDictionaryEmbedded[];
+  subjects: IDictionaryEmbedded[];
+  schoolTypes: IDictionaryEmbedded[];
+  languageSectors: IDictionaryEmbedded[];
+  districts: IDictionaryEmbedded[];
+  gender: number;
+  birthDate: Date;
+  highland: boolean;
+}
+
+export interface IUserSessionData {
+  userId: string;
+  username: string;
+  fistName: string;
+  lastName: string;
+  contacts: IContact[];
+  pid: string;
+  scope: IUserScope;
+  address: string;
+  ua: IResult;
+}
+
+export interface IUserSession {
+  user: IUserSessionData;
+  client: IClient;
+  permissions: IPermission[];
+}

package/src/modules/{cache/reflector → session/reflectors}/permission.reflector.ts

@@ -1,4 +1,4 @@
 import { Reflector } from '@nestjs/core';
-import { PermissionGuardConfig } from '../../../models/wrappers/permission-guard-config.wrapper';
+import { PermissionGuardConfig } from '../models/classes';
 
 export const Permission = Reflector.createDecorator<PermissionGuardConfig>();

package/src/modules/{cache → session}/services/redis.service.ts

@@ -5,26 +5,32 @@ import { AppLogger } from '../../core/services/app-logger.service';
 
 @Injectable()
 export class RedisService {
-  private client: IORedis.Redis;
-  private clusterClient: IORedis.Cluster;
-  private _isCluster: boolean;
+  //#region Private Members
+  private readonly _client: IORedis.Redis;
+  private readonly _clusterClient: IORedis.Cluster;
+  private readonly _isCluster: boolean;
+  //#endregion
 
-  constructor(private readonly _logger: AppLogger,) {
+  //#region Constructor
+  constructor(private readonly _logger: AppLogger) {
     const redisConnectionString = this._getString('REDIS__CS', null);
     this._isCluster = this._getBoolean('REDIS__CLUSTER', false);
-    _logger.log('########## REDIS__CLUSTER:' + this._isCluster)
-    _logger.log('########## REDIS__CS:' + redisConnectionString)
+
+    _logger.log('########## REDIS__CLUSTER:' + this._isCluster);
+    _logger.log('########## REDIS__CS:' + redisConnectionString);
 
     if (this._isCluster === true) {
       const nodes = this._parseRedisClusterUrl(redisConnectionString);
-      _logger.log('########## NODES:' + JSON.stringify(nodes))
-      this.clusterClient = new IORedis.Cluster(nodes);
+      _logger.log('########## NODES:' + JSON.stringify(nodes));
+      this._clusterClient = new IORedis.Cluster(nodes);
     } else {
-      _logger.log('########## REDIS__SINGLE_NODE')
-      this.client = new IORedis.Redis(redisConnectionString);
+      _logger.log('########## REDIS__SINGLE_NODE');
+      this._client = new IORedis.Redis(redisConnectionString);
     }
   }
+  //#endregion
 
+  //#region Public APIs
   async set(key: string, value: string, ttl?: number): Promise<string> {
     let result: string | PromiseLike<string>;
     if (ttl) {
@@ -45,18 +51,17 @@ export class RedisService {
 
   public getRedisClient() {
     if (!this._isCluster) {
-      return this.client;
+      return this._client;
     } else {
-      return this.clusterClient;
+      return this._clusterClient;
     }
   }
+  //#endregion
 
+  //#region Private APIs
   private _parseRedisClusterUrl(connectionString: string) {
     if (!connectionString.startsWith('redis://')) {
-      throw new RESTError(
-        'invalid_connection_string',
-        'Invalid connection string format',
-      );
+      throw new RESTError('invalid_connection_string', 'Invalid connection string format');
     }
 
     return connectionString
@@ -67,10 +72,7 @@ export class RedisService {
         const port = parseInt(portStr, 10);
 
         if (!host || isNaN(port)) {
-          throw new RESTError(
-            'invalid_redis_host_port',
-            `Invalid host:port entry: ${entry}`,
-          );
+          throw new RESTError('invalid_redis_host_port', `Invalid host:port entry: ${entry}`);
         }
 
         return { host, port };
@@ -92,4 +94,5 @@ export class RedisService {
     }
     return value.toLowerCase() === 'true';
   }
+  //#endregion
 }