kuzzle 2.19.12 → 2.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +1 -1
- package/index.js +1 -1
- package/lib/api/controllers/authController.d.ts +164 -0
- package/lib/api/controllers/authController.js +469 -654
- package/lib/api/controllers/baseController.d.ts +74 -0
- package/lib/api/controllers/baseController.js +169 -221
- package/lib/api/httpRoutes.js +6 -0
- package/lib/api/openapi/openApiGenerator.js +2 -2
- package/lib/api/request/kuzzleRequest.d.ts +1 -1
- package/lib/core/backend/backendController.js +2 -2
- package/lib/core/backend/backendPlugin.js +2 -2
- package/lib/core/plugin/pluginRepository.js +1 -1
- package/lib/core/plugin/pluginsManager.js +1 -1
- package/lib/core/security/index.js +1 -1
- package/lib/core/security/profileRepository.d.ts +14 -4
- package/lib/core/security/profileRepository.js +2 -2
- package/lib/core/security/roleRepository.js +1 -1
- package/lib/core/security/tokenRepository.d.ts +73 -0
- package/lib/core/security/tokenRepository.js +359 -460
- package/lib/core/security/userRepository.js +1 -1
- package/lib/core/shared/repository.d.ts +178 -0
- package/lib/core/shared/repository.js +365 -450
- package/lib/kerror/codes/7-security.json +6 -0
- package/lib/model/security/token.d.ts +2 -0
- package/lib/model/security/token.js +1 -0
- package/lib/service/storage/elasticsearch.js +4 -0
- package/lib/util/{inflector.d.ts → Inflector.d.ts} +5 -0
- package/lib/util/{inflector.js → Inflector.js} +12 -1
- package/package.json +3 -2
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
import { JSONObject } from "kuzzle-sdk";
|
|
2
|
+
import { Token } from "../../model/security/token";
|
|
3
|
+
import { Repository } from "../shared/repository";
|
|
4
|
+
import { User } from "../../model/security/user";
|
|
5
|
+
export declare class TokenRepository extends Repository<Token> {
|
|
6
|
+
private tokenGracePeriod;
|
|
7
|
+
private anonymousToken;
|
|
8
|
+
constructor(opts?: JSONObject);
|
|
9
|
+
init(): Promise<void>;
|
|
10
|
+
/**
|
|
11
|
+
* Expires the given token immediately
|
|
12
|
+
*/
|
|
13
|
+
expire(token: Token): Promise<void>;
|
|
14
|
+
/**
|
|
15
|
+
* We allow a grace period before expiring the token to allow
|
|
16
|
+
* queued requests to execute, but we mark the token as "refreshed" to forbid
|
|
17
|
+
* any refreshes on that token, to prevent token bombing
|
|
18
|
+
*
|
|
19
|
+
* @param user
|
|
20
|
+
* @param requestToken
|
|
21
|
+
* @param expiresIn - new token expiration delay
|
|
22
|
+
*/
|
|
23
|
+
refresh(user: User, token: Token, expiresIn: string): Promise<Token>;
|
|
24
|
+
/**
|
|
25
|
+
* @param user
|
|
26
|
+
* @param options - { algorithm, expiresIn, bypassMaxTTL (false), type (authToken) }
|
|
27
|
+
*
|
|
28
|
+
* @returns {Promise.<Object>} { _id, jwt, userId, ttl, expiresAt }
|
|
29
|
+
*/
|
|
30
|
+
generateToken(user: User, { algorithm, expiresIn, bypassMaxTTL, type, singleUse, }?: {
|
|
31
|
+
algorithm?: string;
|
|
32
|
+
expiresIn?: string;
|
|
33
|
+
bypassMaxTTL?: boolean;
|
|
34
|
+
type?: string;
|
|
35
|
+
singleUse?: boolean;
|
|
36
|
+
}): Promise<Token>;
|
|
37
|
+
/**
|
|
38
|
+
* Persists a token in the cache
|
|
39
|
+
*
|
|
40
|
+
* @param encodedToken - Encoded token
|
|
41
|
+
* @param userId - User ID
|
|
42
|
+
* @param ttl - TTL in ms (-1 for infinite duration)
|
|
43
|
+
*/
|
|
44
|
+
persistForUser(encodedToken: string, userId: string, { ttl, singleUse, }: {
|
|
45
|
+
ttl: number;
|
|
46
|
+
singleUse: boolean;
|
|
47
|
+
}): Promise<Token>;
|
|
48
|
+
verifyToken(token: string): Promise<Token>;
|
|
49
|
+
removeTokenPrefix(token: string): string;
|
|
50
|
+
loadForUser(userId: string, encodedToken: string): Promise<Token>;
|
|
51
|
+
hydrate(userToken: any, data: any): Promise<any>;
|
|
52
|
+
serializeToDatabase(token: any): any;
|
|
53
|
+
/**
|
|
54
|
+
* Deletes tokens affiliated to the provided user identifier
|
|
55
|
+
*/
|
|
56
|
+
deleteByKuid(kuid: string, { keepApiKeys }?: {
|
|
57
|
+
keepApiKeys?: boolean;
|
|
58
|
+
}): Promise<void>;
|
|
59
|
+
/**
|
|
60
|
+
* Loads authentication token from API key into Redis
|
|
61
|
+
*/
|
|
62
|
+
private loadApiKeys;
|
|
63
|
+
/**
|
|
64
|
+
* The repository main class refreshes automatically the TTL
|
|
65
|
+
* of accessed entries, letting only unaccessed entries expire
|
|
66
|
+
*
|
|
67
|
+
* But tokens' TTL must remain the same than their expiration time,
|
|
68
|
+
* refreshing a token entry has no meaning.
|
|
69
|
+
*
|
|
70
|
+
* So we need to override the TTL auto-refresh function to disable it
|
|
71
|
+
*/
|
|
72
|
+
refreshCacheTTL(): void;
|
|
73
|
+
}
|