mvc-common-toolkit 1.43.10 → 1.43.11

package/dist/src/services/security-service.js

@@ -0,0 +1,68 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecurityService = void 0;
+class SecurityService {
+    constructor(cacheService, userService) {
+        this.cacheService = cacheService;
+        this.userService = userService;
+    }
+    static genLockUserCacheKey(userId) {
+        return `user:${userId}:lock`;
+    }
+    addFailureCount(userId, cacheKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const finalCacheKey = cacheKey || SecurityService.genLockUserCacheKey(userId);
+            yield this.cacheService.incrBy(finalCacheKey);
+            return this.cacheService.get(finalCacheKey);
+        });
+    }
+    clearFailureCount(userId, cacheKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const finalCacheKey = cacheKey || SecurityService.genLockUserCacheKey(userId);
+            yield this.cacheService.del(finalCacheKey);
+        });
+    }
+    shouldLockUser(userId, cacheKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const incrementedAttemptsCount = yield this.addFailureCount(userId, cacheKey);
+                if (incrementedAttemptsCount >= SecurityService.LIMIT_TO_LOCK_USER) {
+                    yield this.clearFailureCount(userId);
+                    return {
+                        success: true,
+                        data: {
+                            isLocked: true,
+                            attemptsLeft: 0,
+                        },
+                    };
+                }
+                return {
+                    success: true,
+                    data: {
+                        isLocked: false,
+                        attemptsLeft: Math.max(0, SecurityService.LIMIT_TO_LOCK_USER - incrementedAttemptsCount),
+                    },
+                };
+            }
+            catch (error) {
+                return {
+                    success: false,
+                    message: error.message,
+                    metadata: error.stack,
+                };
+            }
+        });
+    }
+}
+SecurityService.LIMIT_TO_LOCK_USER = 5;
+exports.SecurityService = SecurityService;
+//# sourceMappingURL=security-service.js.map

package/dist/src/services/security-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-service.js","sourceRoot":"","sources":["../../../src/services/security-service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAOA,MAAa,eAAe;IAC1B,YACY,YAA0B,EAC1B,WAAwB;QADxB,iBAAY,GAAZ,YAAY,CAAc;QAC1B,gBAAW,GAAX,WAAW,CAAa;IACjC,CAAC;IAIG,MAAM,CAAC,mBAAmB,CAAC,MAAc;QAC9C,OAAO,QAAQ,MAAM,OAAO,CAAC;IAC/B,CAAC;IAEY,eAAe,CAC1B,MAAc,EACd,QAAiB;;YAEjB,MAAM,aAAa,GACjB,QAAQ,IAAI,eAAe,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAE1D,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAE9C,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC9C,CAAC;KAAA;IAEY,iBAAiB,CAAC,MAAc,EAAE,QAAiB;;YAC9D,MAAM,aAAa,GACjB,QAAQ,IAAI,eAAe,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAE1D,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC7C,CAAC;KAAA;IAEK,cAAc,CAClB,MAAc,EACd,QAAiB;;YAEjB,IAAI;gBACF,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,eAAe,CACzD,MAAM,EACN,QAAQ,CACT,CAAC;gBAGF,IAAI,wBAAwB,IAAI,eAAe,CAAC,kBAAkB,EAAE;oBAClE,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;oBAErC,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,IAAI,EAAE;4BACJ,QAAQ,EAAE,IAAI;4BACd,YAAY,EAAE,CAAC;yBAChB;qBACF,CAAC;iBACH;gBAED,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE;wBACJ,QAAQ,EAAE,KAAK;wBACf,YAAY,EAAE,IAAI,CAAC,GAAG,CACpB,CAAC,EACD,eAAe,CAAC,kBAAkB,GAAG,wBAAwB,CAC9D;qBACF;iBACF,CAAC;aACH;YAAC,OAAO,KAAU,EAAE;gBACnB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,QAAQ,EAAE,KAAK,CAAC,KAAK;iBACtB,CAAC;aACH;QACH,CAAC;KAAA;;AAjEa,kCAAkB,GAAG,CAAC,CAAC;AAN1B,0CAAe"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mvc-common-toolkit",
-  "version": "1.43.10",
+  "version": "1.43.11",
   "description": "This package contains common toolkits like query string parser, filter parser,... and other reusable patterns for any web projects",
   "main": "dist/index.js",
   "scripts": {

package/src/constants.ts

@@ -0,0 +1,47 @@
+export enum LOG_LEVEL {
+  INFO = "info",
+  ERROR = "error",
+  DEBUG = "debug",
+  FATAL = "fatal",
+}
+
+export type HttpMethod = "get" | "post" | "put" | "patch" | "delete";
+
+export enum APP_ERROR {
+  HTTP_REQ_TIMEOUT = "ECONNABORTED",
+}
+
+export enum SET_CACHE_POLICY {
+  KEEP_TTL,
+  WITH_TTL,
+  IF_EXISTS,
+  IF_NOT_EXISTS,
+}
+
+export enum APP_ENV {
+  DEVELOPMENT = "development",
+  STAGING = "staging",
+  PRODUCTION = "production",
+}
+
+export enum FILTER_OPERATOR {
+  NOT = "not",
+  EQUAL = "eq",
+  LIKE = "like",
+  INS_LIKE = "ins_like", // case-insensitive
+  STARTS_WITH = "starts_with",
+  ENDS_WITH = "ends_with",
+  INS_STARTS_WITH = "ins_starts_with", // case-insensitive
+  INS_ENDS_WITH = "ins_ends_with", // case-insensitive
+  LESS_THAN = "lt",
+  LESS_THAN_OR_EQUAL = "lte",
+  GREATER_THAN = "gt",
+  GREATER_THAN_OR_EQUAL = "gte",
+  IN = "in",
+  NOT_IN = "nin",
+  OR = "or",
+  NOR = "nor",
+  AND = "and",
+  IS = "is",
+  NOT_EQUAL = "ne",
+}

package/src/gateways/alibaba-cloud-gateway.ts

@@ -0,0 +1,127 @@
+import OSS from "ali-oss";
+import axios, { HttpStatusCode } from "axios";
+import Core from "@alicloud/pop-core";
+
+import {
+  CloudStorageClient,
+  PutObjectOption,
+  STSResponse,
+} from "../interfaces";
+
+export interface AlibabaCloudGatewayConfig {
+  accessKey: string;
+  secret: string;
+  apiVersion?: string;
+  endpoint: string;
+  timeout?: number;
+  oss: {
+    bucketName: string;
+    region: string;
+  };
+  sts: {
+    roleArn: string;
+  };
+}
+
+export class AlibabaCloudGateway implements CloudStorageClient {
+  protected coreClient: Core;
+  protected ossClient: OSS;
+
+  constructor(protected config: AlibabaCloudGatewayConfig) {
+    this.coreClient = new Core({
+      accessKeyId: config.accessKey,
+      accessKeySecret: config.secret,
+      apiVersion: config.apiVersion || "2015-04-01",
+      endpoint: config.endpoint,
+    });
+
+    this.ossClient = new OSS({
+      accessKeyId: config.accessKey,
+      accessKeySecret: config.secret,
+      region: config.oss.region,
+      bucket: config.oss.bucketName,
+      timeout: config.timeout || 3000,
+    });
+  }
+
+  public async generateTmpCredentials(
+    sessionID: string
+  ): Promise<STSResponse["Credentials"]> {
+    const requestResponse: STSResponse = await this.coreClient.request(
+      "AssumeRole",
+      {
+        RoleArn: this.config.sts.roleArn,
+        RoleSessionName: sessionID,
+        DurationSeconds: this.config.timeout || 900,
+      },
+      {
+        method: "POST",
+        contentType: "application/json",
+      }
+    );
+
+    return requestResponse.Credentials;
+  }
+
+  public async uploadLocalToBucket(
+    fileName: string,
+    fileData: Buffer,
+    options?: PutObjectOption
+  ): Promise<string> {
+    const putResult = await this.ossClient.put(fileName, fileData, {
+      timeout: options?.timeout || 15000, // 15s
+    });
+
+    if (options?.domain) {
+      return `${options.domain}/${fileName}`;
+    }
+
+    if (putResult?.url?.includes("http://")) {
+      return putResult.url.replace("http://", "https://");
+    }
+
+    return putResult.url;
+  }
+
+  public async deleteObject(filePath: string): Promise<void> {
+    await this.ossClient.delete(filePath);
+  }
+
+  public async uploadRemoteObjectToBucket(
+    fileName: string,
+    remoteUrl: string,
+    options?: PutObjectOption
+  ): Promise<string> {
+    const response = await axios.get(remoteUrl, { responseType: "stream" });
+    if (response.status !== HttpStatusCode.Ok) {
+      throw new Error("failed to fetch from remote url");
+    }
+
+    const { data } = response;
+
+    const putResult = await this.ossClient.put(fileName, data, {
+      timeout: options.timeout || 15000, // 15s
+    });
+
+    if (options?.domain) {
+      return `${options.domain}/${fileName}`;
+    }
+
+    if (putResult?.url?.includes("http://")) {
+      return putResult.url.replace("http://", "https://");
+    }
+
+    return putResult.url;
+  }
+
+  public getObjectReadStream(fileName: string): Promise<OSS.GetStreamResult> {
+    return this.ossClient.getStream(fileName);
+  }
+
+  public writeFileToDestination(
+    fileName: string,
+    destination: string | WritableStream
+  ): Promise<OSS.GetObjectResult> {
+    return this.ossClient.get(fileName, destination);
+  }
+}

package/src/gateways/http-audit-gateway.ts

@@ -0,0 +1,104 @@
+import axios, { AxiosRequestConfig, AxiosResponse } from "axios";
+
+import { LOG_LEVEL } from "../constants";
+import { AuditGateway } from "../interfaces";
+import { maskFn } from "../pkg/string-utils";
+
+export interface HttpAuditGatewayConfig {
+  baseUrl: string;
+  appName?: string;
+  auth: {
+    username: string;
+    password: string;
+  };
+}
+
+export class HttpAuditGateway implements AuditGateway {
+  protected baseURL: string;
+  protected access_token: string;
+
+  constructor(protected config: HttpAuditGatewayConfig) {
+    if (!config.baseUrl) {
+      throw new Error("Missing base url config");
+    }
+
+    this.baseURL = config.baseUrl;
+  }
+
+  public async publish(
+    logId: string,
+    level: LOG_LEVEL,
+    content: Record<string, any>
+  ) {
+    if (!this.access_token) {
+      await this.auth();
+    }
+
+    const response = await this.send(logId, {
+      method: "POST",
+      url: "/event/create",
+      data: {
+        ...content,
+        level,
+      },
+    });
+
+    return response?.data;
+  }
+
+  private async auth(logId = "system", forceReAuth = false) {
+    if (this.access_token || forceReAuth) {
+      return;
+    }
+
+    const authResponse = await this.send<{ access_token: string }>(
+      logId,
+      {
+        method: "POST",
+        url: "/auth/login",
+        data: this.config.auth,
+      },
+      false,
+      false
+    ); // not retry, not use token
+
+    this.access_token = authResponse?.data?.access_token;
+
+    return !!this.access_token;
+  }
+
+  protected async send<T>(
+    logId: string,
+    options: AxiosRequestConfig,
+    is_retry = false,
+    use_access_token = true
+  ): Promise<AxiosResponse<T>> {
+    console.log(
+      `[${logId}] ${
+        is_retry ? "Resend" : "Send"
+      } to Audit Service: ${JSON.stringify(options, maskFn)}`
+    );
+
+    options.baseURL = this.baseURL;
+    if (use_access_token) {
+      options.headers = {
+        Authorization: `Bearer ${this.access_token}`,
+      };
+    }
+
+    const response = await axios.request(options);
+
+    // use token, status 401, not retry => auth & retry
+    if (response?.status == 401 && use_access_token && !is_retry) {
+      console.log(`[${logId}] Retrying...`);
+
+      const isAuthSuccess = await this.auth(logId, true);
+
+      if (isAuthSuccess) {
+        return this.send(logId, options, true);
+      }
+    }
+
+    return response;
+  }
+}

package/src/gateways/index.ts

@@ -0,0 +1,5 @@
+export * from "./alibaba-cloud-gateway";
+export * from "./http-audit-gateway";
+export * from "./stdout-audit-gateway";
+export * from "./internal-auth-gateway";
+export * from "./webhook-audit-gateway";

package/src/gateways/internal-auth-gateway.ts

@@ -0,0 +1,42 @@
+import {
+  HttpService,
+  InternalAuthGatewayOptions,
+  InternalAuthLoginResult,
+  InternalServiceAuthResult,
+  OperationResult,
+} from "../interfaces";
+
+export class InternalAuthGateway {
+  constructor(
+    protected httpService: HttpService,
+    protected options: InternalAuthGatewayOptions
+  ) {}
+
+  public async login(): Promise<OperationResult<InternalAuthLoginResult>> {
+    return this.httpService.send(
+      "post",
+      `${this.options.endpointURL}/actors/login`,
+      {
+        body: {
+          secret: this.options.secret,
+        },
+        serviceName: this.options.serviceName,
+      }
+    );
+  }
+
+  public async verify(
+    accessToken: string
+  ): Promise<OperationResult<InternalServiceAuthResult>> {
+    return this.httpService.send(
+      "post",
+      `${this.options.endpointURL}/actors/verify`,
+      {
+        body: {
+          accessToken,
+        },
+        serviceName: this.options.serviceName,
+      }
+    );
+  }
+}

package/src/gateways/stdout-audit-gateway.ts

@@ -0,0 +1,23 @@
+import { LOG_LEVEL } from "../constants";
+import { loggers } from "../pkg";
+import { AuditGateway, Logger } from "../interfaces";
+
+export class StdOutAuditGateway implements AuditGateway {
+  protected logger: Logger;
+
+  constructor() {
+    this.logger = new loggers.PinoLogger();
+  }
+
+  public async publish(
+    logId: string,
+    level: LOG_LEVEL,
+    content: any
+  ): Promise<any> {
+    return this.logger.info(
+      `[LogId ${logId}]`,
+      `[${level.toUpperCase}]`,
+      content
+    );
+  }
+}

package/src/gateways/webhook-audit-gateway.ts

@@ -0,0 +1,33 @@
+import { LOG_LEVEL } from "../constants";
+import { AuditGateway, HttpService } from "../interfaces";
+
+interface WebhookAuditGatewayConfig {
+  projectName: string;
+}
+
+export class WebhookAuditGateway implements AuditGateway {
+  public static contentField = "content";
+
+  constructor(
+    protected webhookURL: string,
+    protected httpService: HttpService,
+    protected config: WebhookAuditGatewayConfig
+  ) {}
+
+  public publish(logId: string, level: LOG_LEVEL, content: any): Promise<any> {
+    const logContent =
+      content && typeof content === "object"
+        ? JSON.stringify(content)
+        : content;
+    const msg = `[${this.config.projectName}] | [${level}] | [${logId}]: ${logContent}`;
+
+    return this.httpService.send("post", this.webhookURL, {
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: {
+        [WebhookAuditGateway.contentField]: msg,
+      },
+    });
+  }
+}