sumba 1.0.18 → 1.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bajo/hook/dobo@before-record-get.js +1 -1
- package/bajo/hook/waibu@after-app-boot.js +5 -5
- package/bajo/intl/en-US.json +5 -0
- package/bajo/intl/id.json +5 -0
- package/bajo/method/verify/api-key.js +2 -2
- package/bajo/method/verify/jwt.js +2 -2
- package/bajo/method/verify/session.js +1 -1
- package/lib/check-site-id.js +2 -2
- package/lib/check-user-id.js +4 -4
- package/package.json +1 -1
- package/waibuRestApi/route/user/access-token/@type/create.js +1 -1
|
@@ -11,7 +11,7 @@ export async function checker (model, id, options = {}) {
|
|
|
11
11
|
const filter = { query: { id }, limit: 1 }
|
|
12
12
|
filter.query[i] = rec
|
|
13
13
|
const rows = await recordFind(model, filter)
|
|
14
|
-
if (rows.length === 0) throw this.error('
|
|
14
|
+
if (rows.length === 0) throw this.error('recordNotFound%s%s', id, model, { statusCode: 404 })
|
|
15
15
|
}
|
|
16
16
|
}
|
|
17
17
|
}
|
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
import collectRoutes from '../../lib/collect-routes.js'
|
|
2
2
|
|
|
3
3
|
async function afterAppBoot () {
|
|
4
|
-
this.log.trace('
|
|
4
|
+
this.log.trace('collectingRouteGuards')
|
|
5
5
|
await collectRoutes.call(this, 'secure')
|
|
6
6
|
await collectRoutes.call(this, 'anonymous')
|
|
7
|
-
this.log.trace('
|
|
8
|
-
this.log.trace('
|
|
9
|
-
this.log.trace('
|
|
10
|
-
this.log.trace('
|
|
7
|
+
this.log.trace('secureRoutes%d', this.secureRoutes.length)
|
|
8
|
+
this.log.trace('secureInvRoutes%d', this.secureInvRoutes.length)
|
|
9
|
+
this.log.trace('anonRoutes%d', this.anonymousRoutes.length)
|
|
10
|
+
this.log.trace('anonInvRoutes%d', this.anonymousInvRoutes.length)
|
|
11
11
|
}
|
|
12
12
|
|
|
13
13
|
export default afterAppBoot
|
package/bajo/intl/en-US.json
CHANGED
|
@@ -62,6 +62,11 @@
|
|
|
62
62
|
"formSubmittedInfo": "Please allow us to read your submission thoroughly and we'll get back to you rightaway",
|
|
63
63
|
"thankYou": "Thank you!",
|
|
64
64
|
"warningMemberOnly%s": "Please authenticate yourself first, because the <a href=\"%s\">page<a> your're trying to access is a member only page",
|
|
65
|
+
"collectingRouteGuards": "Collecting route guards:",
|
|
66
|
+
"secureRoutes%d": "- Secure routes: %d",
|
|
67
|
+
"secureInvRoutes%d": "- Secure, inverted routes: %d",
|
|
68
|
+
"anonRoutes%d": "- Anonymous routes: %d",
|
|
69
|
+
"anonInvRoutes%d": "- Anonymous, inverted routes: %d",
|
|
65
70
|
"field": {
|
|
66
71
|
"currentPassword": "Current Password",
|
|
67
72
|
"newPassword": "New Password",
|
package/bajo/intl/id.json
CHANGED
|
@@ -62,6 +62,11 @@
|
|
|
62
62
|
"formSubmittedInfo": "Kami akan mereview sebentar kiriman Anda dan akan menghubungi Anda kembali secepatnya",
|
|
63
63
|
"thankYou": "Thank you!",
|
|
64
64
|
"warningMemberOnly%s": "Silahkan melalukan otentikasi terlebih dahulu karena <a href=\"%s\">halaman<a> yang akan Anda akses adalah salah satu halaman khusus anggota saja",
|
|
65
|
+
"collectingRouteGuards": "Mengoleksi pertahanan jalur:",
|
|
66
|
+
"secureRoutes%d": "- Jalur aman: %d",
|
|
67
|
+
"secureInvRoutes%d": "- Jalur aman, terbalik: %d",
|
|
68
|
+
"anonRoutes%d": "- Jalur anonim: %d",
|
|
69
|
+
"anonInvRoutes%d": "- Jalur anonim, terbalik: %d",
|
|
65
70
|
"field": {
|
|
66
71
|
"currentPassword": "Kata Sandi Saat Ini",
|
|
67
72
|
"newPassword": "Kata Sandi Baru",
|
|
@@ -31,8 +31,8 @@ async function verifyApiKey (req, reply, source) {
|
|
|
31
31
|
token = await hash(token)
|
|
32
32
|
const query = { token }
|
|
33
33
|
const rows = await recordFind('SumbaUser', { query }, { req, noHook: true })
|
|
34
|
-
if (rows.length === 0) throw this.error('
|
|
35
|
-
if (rows[0].status !== 'ACTIVE') throw this.error('
|
|
34
|
+
if (rows.length === 0) throw this.error('invalidKey', { statusCode: 401 })
|
|
35
|
+
if (rows[0].status !== 'ACTIVE') throw this.error('userInactive', { details: [{ field: 'status', error: 'inactive' }], statusCode: 401 })
|
|
36
36
|
req.user = await getUser(rows[0])
|
|
37
37
|
return true
|
|
38
38
|
}
|
|
@@ -19,8 +19,8 @@ async function verifyJwt (req, reply, source) {
|
|
|
19
19
|
const id = decoded.payload.uid
|
|
20
20
|
try {
|
|
21
21
|
const rec = await recordGet('SumbaUser', id, { req, noHook: true })
|
|
22
|
-
if (!rec) throw this.error('
|
|
23
|
-
if (rec.status !== 'ACTIVE') throw this.error('
|
|
22
|
+
if (!rec) throw this.error('invalidToken', { statusCode: 401 })
|
|
23
|
+
if (rec.status !== 'ACTIVE') throw this.error('userInactive', { details: [{ field: 'status', error: 'inactive' }], statusCode: 401 })
|
|
24
24
|
req.user = await getUser(rec)
|
|
25
25
|
return true
|
|
26
26
|
} catch (err) {
|
|
@@ -9,7 +9,7 @@ async function verifySession (req, reply, source) {
|
|
|
9
9
|
}
|
|
10
10
|
const redir = routePath(this.config.redirect.signin, req)
|
|
11
11
|
req.session.ref = req.url
|
|
12
|
-
throw this.error('
|
|
12
|
+
throw this.error('_redirect', { redirect: redir })
|
|
13
13
|
}
|
|
14
14
|
|
|
15
15
|
export default verifySession
|
package/lib/check-site-id.js
CHANGED
|
@@ -44,9 +44,9 @@ async function checkSiteId (req, reply) {
|
|
|
44
44
|
}
|
|
45
45
|
const filter = { query }
|
|
46
46
|
const rows = await recordFind('SumbaSite', filter, { noHook: true })
|
|
47
|
-
if (rows.length === 0) throw this.error('
|
|
47
|
+
if (rows.length === 0) throw this.error('unknownSite')
|
|
48
48
|
const row = omit(rows[0], omitted)
|
|
49
|
-
if (row.status !== 'ACTIVE') throw this.error('
|
|
49
|
+
if (row.status !== 'ACTIVE') throw this.error('siteInactiveInfo')
|
|
50
50
|
req.site = row
|
|
51
51
|
await mergeSetting.call(this, req)
|
|
52
52
|
}
|
package/lib/check-user-id.js
CHANGED
|
@@ -34,7 +34,7 @@ async function anonymous (req) {
|
|
|
34
34
|
if (match) {
|
|
35
35
|
const redir = routePath(this.config.redirect.signout, req)
|
|
36
36
|
req.session.ref = req.url
|
|
37
|
-
throw this.error('
|
|
37
|
+
throw this.error('_redirect', { redirect: redir })
|
|
38
38
|
}
|
|
39
39
|
req.user = omit(await getUser(req.session.user.id), ['password', 'token'])
|
|
40
40
|
}
|
|
@@ -73,18 +73,18 @@ async function checkUserId (req, reply, source) {
|
|
|
73
73
|
return
|
|
74
74
|
}
|
|
75
75
|
const authMethods = this.config.auth[match.source].methods ?? []
|
|
76
|
-
if (isEmpty(authMethods)) throw this.error('
|
|
76
|
+
if (isEmpty(authMethods)) throw this.error('noAuthMethod', { statusCode: 500 })
|
|
77
77
|
let success
|
|
78
78
|
for (const m of authMethods) {
|
|
79
79
|
const handler = this[camelCase(`verify ${m}`)]
|
|
80
|
-
if (!handler) throw this.error('
|
|
80
|
+
if (!handler) throw this.error('invalidAuthMethod%s', m, { statusCode: 500 })
|
|
81
81
|
const check = await handler(req, reply, source, ctx)
|
|
82
82
|
if (check) {
|
|
83
83
|
success = check
|
|
84
84
|
break
|
|
85
85
|
}
|
|
86
86
|
}
|
|
87
|
-
if (!success) throw this.error('
|
|
87
|
+
if (!success) throw this.error('accessDenied', { statusCode: 401 })
|
|
88
88
|
await mergeSetting.call(this, req)
|
|
89
89
|
return success
|
|
90
90
|
}
|
package/package.json
CHANGED
|
@@ -16,7 +16,7 @@ async function create () {
|
|
|
16
16
|
const { hash } = this.app.bajoExtra
|
|
17
17
|
const { getUserFromUsernamePassword, createJwtFromUserRecord } = this
|
|
18
18
|
|
|
19
|
-
if (!['api-key', 'jwt', 'apiKey'].includes(req.params.type)) throw this.error('
|
|
19
|
+
if (!['api-key', 'jwt', 'apiKey'].includes(req.params.type)) throw this.error('invalidTokenType')
|
|
20
20
|
const rec = await getUserFromUsernamePassword(req.body.username, req.body.password, req)
|
|
21
21
|
if (req.params.type === 'jwt') {
|
|
22
22
|
const jwt = await createJwtFromUserRecord(rec)
|