sumba 2.0.0 → 2.0.1

package/docs/index.js.html

@@ -0,0 +1,526 @@
+<!DOCTYPE html><html lang="en" style="font-size:16px"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Source: index.js</title><!--[if lt IE 9]>
+      <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
+    <![endif]--><script src="scripts/third-party/hljs.js" defer="defer"></script><script src="scripts/third-party/hljs-line-num.js" defer="defer"></script><script src="scripts/third-party/popper.js" defer="defer"></script><script src="scripts/third-party/tippy.js" defer="defer"></script><script src="scripts/third-party/tocbot.min.js"></script><script>var baseURL="/",locationPathname="";baseURL=(locationPathname=document.location.pathname).substr(0,locationPathname.lastIndexOf("/")+1)</script><link rel="stylesheet" href="styles/clean-jsdoc-theme.min.css"><svg aria-hidden="true" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="display:none"><defs><symbol id="copy-icon" viewbox="0 0 488.3 488.3"><g><path d="M314.25,85.4h-227c-21.3,0-38.6,17.3-38.6,38.6v325.7c0,21.3,17.3,38.6,38.6,38.6h227c21.3,0,38.6-17.3,38.6-38.6V124    C352.75,102.7,335.45,85.4,314.25,85.4z M325.75,449.6c0,6.4-5.2,11.6-11.6,11.6h-227c-6.4,0-11.6-5.2-11.6-11.6V124    c0-6.4,5.2-11.6,11.6-11.6h227c6.4,0,11.6,5.2,11.6,11.6V449.6z"/><path d="M401.05,0h-227c-21.3,0-38.6,17.3-38.6,38.6c0,7.5,6,13.5,13.5,13.5s13.5-6,13.5-13.5c0-6.4,5.2-11.6,11.6-11.6h227    c6.4,0,11.6,5.2,11.6,11.6v325.7c0,6.4-5.2,11.6-11.6,11.6c-7.5,0-13.5,6-13.5,13.5s6,13.5,13.5,13.5c21.3,0,38.6-17.3,38.6-38.6    V38.6C439.65,17.3,422.35,0,401.05,0z"/></g></symbol><symbol id="search-icon" viewBox="0 0 512 512"><g><g><path d="M225.474,0C101.151,0,0,101.151,0,225.474c0,124.33,101.151,225.474,225.474,225.474    c124.33,0,225.474-101.144,225.474-225.474C450.948,101.151,349.804,0,225.474,0z M225.474,409.323    c-101.373,0-183.848-82.475-183.848-183.848S124.101,41.626,225.474,41.626s183.848,82.475,183.848,183.848    S326.847,409.323,225.474,409.323z"/></g></g><g><g><path d="M505.902,476.472L386.574,357.144c-8.131-8.131-21.299-8.131-29.43,0c-8.131,8.124-8.131,21.306,0,29.43l119.328,119.328    c4.065,4.065,9.387,6.098,14.715,6.098c5.321,0,10.649-2.033,14.715-6.098C514.033,497.778,514.033,484.596,505.902,476.472z"/></g></g></symbol><symbol id="font-size-icon" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0z"/><path d="M11.246 15H4.754l-2 5H.6L7 4h2l6.4 16h-2.154l-2-5zm-.8-2L8 6.885 5.554 13h4.892zM21 12.535V12h2v8h-2v-.535a4 4 0 1 1 0-6.93zM19 18a2 2 0 1 0 0-4 2 2 0 0 0 0 4z"/></symbol><symbol id="add-icon" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0z"/><path d="M11 11V5h2v6h6v2h-6v6h-2v-6H5v-2z"/></symbol><symbol id="minus-icon" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0z"/><path d="M5 11h14v2H5z"/></symbol><symbol id="dark-theme-icon" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0z"/><path d="M10 7a7 7 0 0 0 12 4.9v.1c0 5.523-4.477 10-10 10S2 17.523 2 12 6.477 2 12 2h.1A6.979 6.979 0 0 0 10 7zm-6 5a8 8 0 0 0 15.062 3.762A9 9 0 0 1 8.238 4.938 7.999 7.999 0 0 0 4 12z"/></symbol><symbol id="light-theme-icon" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0z"/><path d="M12 18a6 6 0 1 1 0-12 6 6 0 0 1 0 12zm0-2a4 4 0 1 0 0-8 4 4 0 0 0 0 8zM11 1h2v3h-2V1zm0 19h2v3h-2v-3zM3.515 4.929l1.414-1.414L7.05 5.636 5.636 7.05 3.515 4.93zM16.95 18.364l1.414-1.414 2.121 2.121-1.414 1.414-2.121-2.121zm2.121-14.85l1.414 1.415-2.121 2.121-1.414-1.414 2.121-2.121zM5.636 16.95l1.414 1.414-2.121 2.121-1.414-1.414 2.121-2.121zM23 11v2h-3v-2h3zM4 11v2H1v-2h3z"/></symbol><symbol id="reset-icon" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0z"/><path d="M18.537 19.567A9.961 9.961 0 0 1 12 22C6.477 22 2 17.523 2 12S6.477 2 12 2s10 4.477 10 10c0 2.136-.67 4.116-1.81 5.74L17 12h3a8 8 0 1 0-2.46 5.772l.997 1.795z"/></symbol><symbol id="down-icon" viewBox="0 0 16 16"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.7803 6.21967C13.0732 6.51256 13.0732 6.98744 12.7803 7.28033L8.53033 11.5303C8.23744 11.8232 7.76256 11.8232 7.46967 11.5303L3.21967 7.28033C2.92678 6.98744 2.92678 6.51256 3.21967 6.21967C3.51256 5.92678 3.98744 5.92678 4.28033 6.21967L8 9.93934L11.7197 6.21967C12.0126 5.92678 12.4874 5.92678 12.7803 6.21967Z"></path></symbol><symbol id="codepen-icon" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0z"/><path d="M16.5 13.202L13 15.535v3.596L19.197 15 16.5 13.202zM14.697 12L12 10.202 9.303 12 12 13.798 14.697 12zM20 10.869L18.303 12 20 13.131V10.87zM19.197 9L13 4.869v3.596l3.5 2.333L19.197 9zM7.5 10.798L11 8.465V4.869L4.803 9 7.5 10.798zM4.803 15L11 19.131v-3.596l-3.5-2.333L4.803 15zM4 13.131L5.697 12 4 10.869v2.262zM2 9a1 1 0 0 1 .445-.832l9-6a1 1 0 0 1 1.11 0l9 6A1 1 0 0 1 22 9v6a1 1 0 0 1-.445.832l-9 6a1 1 0 0 1-1.11 0l-9-6A1 1 0 0 1 2 15V9z"/></symbol><symbol id="close-icon" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0z"/><path d="M12 10.586l4.95-4.95 1.414 1.414-4.95 4.95 4.95 4.95-1.414 1.414-4.95-4.95-4.95 4.95-1.414-1.414 4.95-4.95-4.95-4.95L7.05 5.636z"/></symbol><symbol id="menu-icon" viewBox="0 0 24 24"><path fill="none" d="M0 0h24v24H0z"/><path d="M3 4h18v2H3V4zm0 7h18v2H3v-2zm0 7h18v2H3v-2z"/></symbol></defs></svg></head><body data-theme="light"><div class="sidebar-container"><div class="sidebar" id="sidebar"><a href="/" class="sidebar-title sidebar-title-anchor">Sumba API</a><div class="sidebar-items-container"><div class="sidebar-section-title with-arrow" data-isopen="false" id="sidebar-classes"><div>Classes</div><svg><use xlink:href="#down-icon"></use></svg></div><div class="sidebar-section-children-container"><div class="sidebar-section-children"><a href="Sumba.html">Sumba</a></div></div><div class="sidebar-section-title with-arrow" data-isopen="false" id="sidebar-global"><div>Global</div><svg><use xlink:href="#down-icon"></use></svg></div><div class="sidebar-section-children-container"><div class="sidebar-section-children"><a href="global.html#factory">factory</a></div></div></div></div></div><div class="navbar-container" id="VuAckcnZhf"><nav class="navbar"><div class="navbar-left-items"><div class="navbar-item"><a id="" href="https://www.npmjs.com/package/sumba" target="">NPM</a></div><div class="navbar-item"><a id="" href="https://github.com/ardhi/sumba" target="">Github</a></div><div class="navbar-item"><a id="" href="https://sumba.bajo.app/" target="">Sumba</a></div><div class="navbar-item"><a id="" href="https://bajo.app/" target="">Bajo</a></div></div><div class="navbar-right-items"><div class="navbar-right-item"><button class="icon-button search-button" aria-label="open-search"><svg><use xlink:href="#search-icon"></use></svg></button></div><div class="navbar-right-item"><button class="icon-button theme-toggle" aria-label="toggle-theme"><svg><use class="theme-svg-use" xlink:href="#dark-theme-icon"></use></svg></button></div><div class="navbar-right-item"><button class="icon-button font-size" aria-label="change-font-size"><svg><use xlink:href="#font-size-icon"></use></svg></button></div></div><nav></nav></nav></div><div class="toc-container"><div class="toc-content"><span class="bold">On this page</span><div id="eed4d2a0bfd64539bb9df78095dec881"></div></div></div><div class="body-wrapper"><div class="main-content"><div class="main-wrapper"><section id="source-page" class="source-page"><header><h1 id="title" class="has-anchor">index.js</h1></header><article><pre class="prettyprint source lang-js"><code>import path from 'path'
+
+/**
+ * Plugin factory
+ *
+ * @param {string} pkgName - NPM package name
+ * @returns {class}
+ */
+async function factory (pkgName) {
+  const me = this
+
+  /**
+   * Sumba class
+   *
+   * @class
+   */
+  class Sumba extends this.app.pluginClass.base {
+    static alias = 'sumba'
+    static dependencies = ['bajo-extra', 'bajo-common-db', 'bajo-config']
+
+    constructor () {
+      super(pkgName, me.app)
+      this.config = {
+        multiSite: false,
+        waibu: {
+          title: 'site',
+          prefix: 'site'
+        },
+        waibuMpa: {
+          home: 'sumba:/your-stuff/profile',
+          icon: 'globe',
+          redirect: {
+            '/': 'sumba:/your-stuff/profile',
+            '/your-stuff': 'sumba:/your-stuff/profile',
+            '/info': 'sumba:/info/about-us',
+            '/user': 'sumba:/your-stuff/profile',
+            '/db/export': 'sumba:/db/export/list',
+            '/help': 'sumba:/help/contact-form',
+            '/help/trouble-tickets': 'sumba:/help/trouble-tickets/list'
+          },
+          menuHandler: [{
+            title: 'account',
+            level: 9998,
+            children: [
+              // anonymous only
+              { title: 'signin', href: 'sumba:/signin', visible: 'anon' },
+              { title: 'forgotPassword', href: 'sumba:/user/forgot-password', visible: 'anon' },
+              { title: 'newUserSignup', href: 'sumba:/user/signup', visible: 'anon' },
+              { title: '-', visible: 'anon' },
+              { title: 'activation', href: 'sumba:/user/activation', visible: 'anon' },
+              // authenticated only
+              { title: 'yourProfile', href: 'sumba:/your-stuff/profile', visible: 'auth' },
+              { title: 'changePassword', href: 'sumba:/your-stuff/change-password', visible: 'auth' },
+              { title: 'downloadList', href: 'sumba:/your-stuff/download/list', visible: 'auth' },
+              { title: '-', visible: 'auth' },
+              { title: 'signout', href: 'sumba:/signout', visible: 'auth' }
+            ]
+          }, {
+            title: 'help',
+            level: 9999,
+            children: [
+              { title: 'contactForm', href: 'sumba:/help/contact-form' },
+              { title: 'troubleTickets', href: 'sumba:/help/trouble-tickets', visible: 'auth' },
+              { title: '-' },
+              { title: 'cookiePolicy', href: 'sumba:/info/cookie-policy' },
+              { title: 'privacy', href: 'sumba:/info/privacy' },
+              { title: 'termsConditions', href: 'sumba:/info/terms-conditions' }
+            ]
+          }]
+        },
+        waibuAdmin: {
+          menuHandler: 'sumba:adminMenu',
+          menuCollapsible: true,
+          modelDisabled: 'all'
+        },
+        auth: {
+          common: {
+            apiKey: {
+              type: 'Bearer',
+              qsKey: 'apiKey',
+              headerKey: 'X-Sumba-ApiKey'
+            },
+            basic: {
+            },
+            jwt: {
+              type: 'Bearer',
+              qsKey: 'token',
+              headerKey: 'X-Sumba-Token',
+              secret: '668de9cf57316c7dbf52f7ff7611c299',
+              expiresIn: 604800000
+            }
+          },
+          waibuRestApi: {
+            methods: ['basic', 'apiKey', 'jwt'],
+            silentOnError: false
+          },
+          waibuMpa: {
+            methods: ['session'],
+            silentOnError: false
+          },
+          waibuStatic: {
+            methods: ['basic', 'apiKey', 'jwt'],
+            basic: {
+              useUtf8: true,
+              realm: 'Protected Area',
+              warningMessage: 'Please authenticate yourself, thank you!'
+            },
+            silentOnError: false
+          }
+        },
+        redirect: {
+          signin: 'sumba:/signin',
+          afterSignin: '/',
+          signout: 'sumba:/signout',
+          afterSignout: '/'
+        },
+        siteSetting: {
+          forgotPasswordExpDur: '5m',
+          userPassword: {
+            minUppercase: 1,
+            minLowercase: 1,
+            minSpecialChar: 1,
+            minNumeric: 1,
+            noWhitespace: false,
+            latinOnlyChars: false
+          }
+        }
+      }
+      this.unsafeUserFields = ['password']
+    }
+
+    init = async () => {
+      const { getPluginDataDir } = this.app.bajo
+      this.downloadDir = `${getPluginDataDir(this.ns)}/download`
+      this.app.lib.fs.ensureDirSync(this.downloadDir)
+      for (const type of ['secure', 'anonymous', 'team']) {
+        this[`${type}Routes`] = this[`${type}Routes`] ?? []
+        this[`${type}NegRoutes`] = this[`${type}NegRoutes`] ?? []
+      }
+    }
+
+    _getSetting = async (type, source) => {
+      const { defaultsDeep } = this.app.lib.aneka
+      const { get } = this.app.lib._
+
+      const setting = defaultsDeep(get(this.config, `auth.${source}.${type}`, {}), get(this.config, `auth.common.${type}`, {}))
+      if (type === 'basic') setting.type = 'Basic'
+      return setting
+    }
+
+    _getToken = async (type, req, source) => {
+      const { isEmpty } = this.app.lib._
+
+      const setting = await this._getSetting(type, source)
+      let token = req.headers[setting.headerKey.toLowerCase()]
+      if (!['basic'].includes(type) &amp;&amp; isEmpty(token)) token = req.query[setting.qsKey]
+      if (isEmpty(token)) {
+        const parts = (req.headers.authorization || '').split(' ')
+        if (parts[0] === setting.type) token = parts[1]
+      }
+      if (isEmpty(token)) return false
+      return token
+    }
+
+    adminMenu = async (locals, req) => {
+      if (!this.app.waibuAdmin) return
+      const { getPluginPrefix } = this.app.waibu
+      const prefix = getPluginPrefix(this.ns)
+      return [{
+        title: 'supportSystem',
+        children: [
+          { title: 'contactForm', href: `waibuAdmin:/${prefix}/contact-form/list` },
+          { title: 'contactFormCat', href: `waibuAdmin:/${prefix}/contact-form-cat/list` },
+          { title: 'ticket', href: `waibuAdmin:/${prefix}/ticket/list` },
+          { title: 'ticketCat', href: `waibuAdmin:/${prefix}/ticket-cat/list` }
+        ]
+      }, {
+        title: 'management',
+        children: [
+          { title: 'manageSite', href: `waibuAdmin:/${prefix}/site` },
+          { title: 'manageUser', href: `waibuAdmin:/${prefix}/user/list` },
+          { title: 'manageTeam', href: `waibuAdmin:/${prefix}/team/list` },
+          { title: 'manageTeamUser', href: `waibuAdmin:/${prefix}/team-user/list` },
+          { title: 'manageDownload', href: `waibuAdmin:/${prefix}/download/list` },
+          { title: 'resetUserPassword', href: `waibuAdmin:/${prefix}/reset-user-password` }
+        ]
+      }, {
+        title: 'misc',
+        children: [
+          { title: 'userSession', href: `waibuAdmin:/${prefix}/session/list` }
+        ]
+      }]
+    }
+
+    getUser = async (rec, safe = true) => {
+      const { recordGet } = this.app.dobo
+      const { omit, isPlainObject } = this.app.lib._
+      let user
+      if (isPlainObject(rec)) user = rec
+      else user = await recordGet('SumbaUser', rec, { noHook: true })
+      return safe ? omit(user, this.unsafeUserFields) : user
+    }
+
+    mergeTeam = async (user, site) => {
+      if (!user) return
+      const { map, pick } = this.app.lib._
+      const { recordFindAll } = this.app.dobo
+      user.teams = []
+      const query = { userId: user.id, siteId: site.id }
+      const userTeam = await recordFindAll('SumbaTeamUser', { query })
+      if (userTeam.length === 0) return
+      delete query.userId
+      query.id = { $in: map(userTeam, 'id'), status: 'ENABLED' }
+      const team = await recordFindAll('SumbaTeam', { query })
+      if (team.length > 0) user.teams.push(...map(team, t => pick(t, ['id', 'alias'])))
+    }
+
+    getUserFromUsernamePassword = async (username = '', password = '', req) => {
+      const { importPkg } = this.app.bajo
+      const { recordFind, validate } = this.app.dobo
+      const model = 'SumbaUser'
+      await validate({ username, password }, model, { ns: ['sumba', 'dobo'], fields: ['username', 'password'] })
+      const bcrypt = await importPkg('bajoExtra:bcrypt')
+
+      const query = { username, provider: 'local' }
+      const rows = await recordFind(model, { query }, { req, forceNoHidden: true, noHook: true })
+      if (rows.length === 0) throw this.error('validationError', { details: [{ field: 'username', error: 'Unknown username' }], statusCode: 401 })
+      const rec = rows[0]
+      if (rec.status !== 'ACTIVE') throw this.error('validationError', { details: ['User is inactive or temporarily disabled'], statusCode: 401 })
+      const verified = await bcrypt.compare(password, rec.password)
+      if (!verified) throw this.error('validationError', { details: [{ field: 'password', error: 'invalidPassword' }], statusCode: 401 })
+      return rec
+    }
+
+    createJwtFromUserRecord = async (rec) => {
+      const { importPkg } = this.app.bajo
+      const { dayjs } = this.app.lib
+      const { hash } = this.app.bajoExtra
+      const { get, pick } = this.app.lib._
+
+      const fastJwt = await importPkg('bajoExtra:fast-jwt')
+      const { createSigner } = fastJwt
+
+      const opts = pick(this.config.auth.common.jwt, ['expiresIn'])
+      opts.key = get(this.config, 'auth.common.jwt.secret')
+      const sign = createSigner(opts)
+      const apiKey = await hash(rec.password)
+      const payload = { uid: rec.id, apiKey }
+      const token = await sign(payload)
+      const expiresAt = dayjs().add(opts.expiresIn).toDate()
+      return { token, expiresAt }
+    }
+
+    verifySession = async (req, reply, source, payload) => {
+      const { getUser } = this
+      const { routePath } = this.app.waibu
+
+      if (!req.session) return false
+      if (req.session.userId) {
+        req.user = await getUser(req.session.userId)
+        return true
+      }
+      const redir = routePath(this.config.redirect.signin, req)
+      req.session.ref = req.url
+      throw this.error('_redirect', { redirect: redir })
+    }
+
+    verifyApiKey = async (req, reply, source, payload) => {
+      const { merge } = this.app.lib._
+      const { isMd5, hash } = this.app.bajoExtra
+      const { getUser } = this
+      const { recordFind } = this.app.dobo
+
+      let token = await this._getToken('apiKey', req, source)
+      if (!isMd5(token)) return false
+      token = await hash(token)
+      const query = { token }
+      const rows = await recordFind('SumbaUser', { query }, { req, noHook: true })
+      if (rows.length === 0) throw this.error('invalidKey', merge({ statusCode: 401 }, payload))
+      if (rows[0].status !== 'ACTIVE') throw this.error('userInactive', merge({ details: [{ field: 'status', error: 'inactive' }], statusCode: 401 }, payload))
+      req.user = await getUser(rows[0])
+      return true
+    }
+
+    verifyBasic = async (req, reply, source, payload) => {
+      const { getUserFromUsernamePassword } = this
+      const { getUser } = this
+      const { isEmpty, merge } = this.app.lib._
+
+      const setHeader = async (setting, reply) => {
+        const { isString } = this.app.lib._
+
+        let header = setting.type
+        const exts = []
+        if (isString(setting.realm)) exts.push(`realm="${setting.realm}"`)
+        if (setting.useUtf8) exts.push('charset="UTF-8"')
+        if (exts.length > 0) header += ` ${exts.join(', ')}`
+        reply.header('WWW-Authenticate', header)
+        reply.code(401)
+      }
+
+      const setting = await this._getSetting('basic', source)
+      let authInfo
+      const parts = (req.headers.authorization ?? '').split(' ')
+      if (parts[0] === setting.type) authInfo = parts[1]
+      if (isEmpty(authInfo)) {
+        if (setting.realm) {
+          await setHeader(setting, reply)
+          throw this.error(setting.warningMessage)
+        } else return false
+      }
+      const decoded = Buffer.from(authInfo, 'base64').toString()
+      const [username, password] = decoded.split(':')
+      try {
+        const user = await getUserFromUsernamePassword(username, password, req)
+        req.user = await getUser(user)
+      } catch (err) {
+        if (err.statusCode === 401 &amp;&amp; setting.realm) {
+          await setHeader(setting, reply)
+          return err.message
+        }
+        throw merge(err, payload)
+      }
+      return true
+    }
+
+    verifyJwt = async (req, reply, source, payload) => {
+      const { importPkg } = this.app.bajo
+      const { recordGet } = this.app.dobo
+      const { getUser } = this
+      const { isEmpty, merge } = this.app.lib._
+
+      const fastJwt = await importPkg('bajoExtra:fast-jwt')
+      const { createVerifier } = fastJwt
+      const setting = await this._getSetting('jwt', source)
+      const token = await this._getToken('jwt', req, source)
+      if (isEmpty(token)) return false
+      const verifier = createVerifier({
+        key: setting.secret,
+        complete: true
+      })
+      const decoded = await verifier(token)
+      const id = decoded.payload.uid
+      try {
+        const rec = await recordGet('SumbaUser', id, { req, noHook: true })
+        if (!rec) throw this.error('invalidToken', { statusCode: 401 })
+        if (rec.status !== 'ACTIVE') throw this.error('userInactive', { details: [{ field: 'status', error: 'inactive' }], statusCode: 401 })
+        req.user = await getUser(rec)
+      } catch (err) {
+        merge(err, payload)
+        throw err
+      }
+      return true
+    }
+
+    checkPathsByTeam = ({ paths = [], method = 'GET', teams = [], guards = [] }) => {
+      const { includes } = this.app.lib.aneka
+      const { outmatch } = this.app.lib
+
+      for (const item of guards) {
+        const matchPath = outmatch(item.path)
+        for (const path of paths) {
+          if (matchPath(path)) {
+            const matchMethods = outmatch(item.methods, { separator: false })
+            if (matchMethods(method)) {
+              if (item.teams.length === 0) return item
+              if (includes(teams, item.teams)) return item
+            }
+          }
+        }
+      }
+    }
+
+    checkPathsByRoute = ({ paths = [], method = 'GET', guards = [] }) => {
+      const { outmatch } = this.app.lib
+
+      for (const item of guards) {
+        const matchPath = outmatch(item.path)
+        for (const path of paths) {
+          if (matchPath(path)) {
+            const matchMethods = outmatch(item.methods, { separator: false })
+            if (matchMethods(method)) return item
+          }
+        }
+      }
+    }
+
+    checkPathsByGuard = ({ guards, paths }) => {
+      const { outmatch } = this.app.lib
+      const matcher = outmatch(guards)
+      let guarded
+      for (const path of paths) {
+        if (!guarded) guarded = matcher(path)
+      }
+      return guarded
+    }
+
+    getSite = async (hostname, useId) => {
+      const { omit } = this.app.lib._
+      const { recordFind } = this.app.dobo
+      const omitted = ['status']
+
+      const mergeSetting = async (site) => {
+        const { defaultsDeep } = this.app.lib.aneka
+        const { parseObject } = this.app.bajo
+        const { trim, get, filter } = this.app.lib._
+        const { recordFind, recordGet } = this.app.dobo
+        const defSetting = {}
+        const nsSetting = {}
+        const names = this.app.getAllNs()
+        const query = {
+          ns: { $in: names },
+          siteId: site.id
+        }
+        const all = await recordFind('SumbaSiteSetting', { query, limit: -1 })
+        for (const ns of names) {
+          nsSetting[ns] = {}
+          defSetting[ns] = get(this, `app.${ns}.config.siteSetting`, {})
+          const items = filter(all, { ns })
+          for (const item of items) {
+            let value = trim([item.value] ?? '')
+            if (['[', '{'].includes(value[0])) value = JSON.parse(value)
+            else if (Number(value)) value = Number(value)
+            else if (['true', 'false'].includes(value)) value = value === 'true'
+            nsSetting[ns][item.key] = value
+          }
+        }
+        site.setting = parseObject(defaultsDeep({}, nsSetting, defSetting))
+        // additional fields
+        const country = await recordGet('CdbCountry', site.country, { noHook: true })
+        site.countryName = (country ?? {}).name ?? site.country
+      }
+
+      let site = {}
+
+      if (!this.config.multiSite) {
+        const resp = await recordFind('SumbaSite', { query: { alias: 'default' } }, { noHook: true })
+        site = omit(resp[0], omitted)
+        await mergeSetting(site)
+        return site
+      }
+      let query
+      if (useId) query = { id: hostname }
+      else {
+        query = {
+          $or: [
+            { hostname },
+            { alias: hostname }
+          ]
+        }
+      }
+      const filter = { query, limit: 1 }
+      const rows = await recordFind('SumbaSite', filter, { noHook: true })
+      if (rows.length === 0) throw this.error('unknownSite')
+      const row = omit(rows[0], omitted)
+      if (row.status !== 'ACTIVE') throw this.error('siteInactiveInfo')
+      site = row
+      await mergeSetting(site)
+      return site
+    }
+
+    signin = async ({ user, req, reply }) => {
+      const { getSessionId } = this.app.waibuMpa
+      const { runHook } = this.app.bajo
+      const { isEmpty, omit } = this.app.lib._
+      let { referer } = req.body || {}
+      if (req.session.ref) referer = req.session.ref
+      req.session.ref = null
+      const _user = omit(user, ['password', 'token'])
+      req.session.userId = _user.id
+      const sid = await getSessionId(req.headers.cookie)
+      await runHook(`${this.ns}:afterSignin`, _user, sid, req)
+      const { query, params } = req
+      const url = !isEmpty(referer) ? referer : this.config.redirect.afterSignin
+      req.flash('notify', req.t('signinSuccessfully'))
+      return reply.redirectTo(url, { query, params })
+    }
+
+    generatePassword = (req) => {
+      const { generateId } = this.app.bajo
+      const cfg = req ? req.site.setting.sumba.userPassword : this.config.siteSetting.userPassword
+      let passwd = generateId()
+      if (cfg.minLowercase) passwd += generateId({ pattern: 'abcdefghijklmnopqrstuvwxyz', length: cfg.minLowercase })
+      if (cfg.minUppercase) passwd += generateId({ pattern: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', length: cfg.minUppercase })
+      if (cfg.minSpecialChar) passwd += generateId({ pattern: '!@#$%*', length: cfg.minSpecialChar })
+      if (cfg.minNumeric) passwd += generateId({ pattern: '0123456789', length: cfg.minNumeric })
+      return passwd
+    }
+
+    pushDownload = async ({ description, worker, data, source, req, file, type }) => {
+      const { getPlugin } = this.app.bajo
+      const { recordCreate } = getPlugin('waibuDb')
+      const { push } = getPlugin('bajoQueue')
+      description = description ?? file
+      const jobQueue = {
+        worker,
+        source,
+        payload: {
+          type: 'object',
+          data
+        }
+      }
+      if (!type) type = path.extname(file)
+      if (type[0] === '.') type = type.slice(1)
+      const body = { file, description, jobQueue, type }
+      const rec = await recordCreate({ model: 'SumbaDownload', body, req, options: { noFlash: true } })
+      jobQueue.payload.data.download = { id: rec.data.id, file }
+      await push(jobQueue)
+    }
+
+    getApiKeyFromUserId = async id => {
+      const { hash } = this.app.bajoExtra
+      const { recordGet } = this.app.dobo
+      const options = { forceNoHidden: true, noHook: true, noCache: true, attachment: true, mimeType: true }
+      const resp = await recordGet('SumbaUser', id, options)
+      return await hash(resp.salt)
+    }
+  }
+
+  return Sumba
+}
+
+export default factory
+</code></pre></article></section></div></div></div><div class="search-container" id="PkfLWpAbet" style="display:none"><div class="wrapper" id="iCxFxjkHbP"><button class="icon-button search-close-button" id="VjLlGakifb" aria-label="close search"><svg><use xlink:href="#close-icon"></use></svg></button><div class="search-box-c"><svg><use xlink:href="#search-icon"></use></svg> <input type="text" id="vpcKVYIppa" class="search-input" placeholder="Search..." autofocus></div><div class="search-result-c" id="fWwVHRuDuN"><span class="search-result-c-text">Type anything to view search result</span></div></div></div><div class="mobile-menu-icon-container"><button class="icon-button" id="mobile-menu" data-isopen="false" aria-label="menu"><svg><use xlink:href="#menu-icon"></use></svg></button></div><div id="mobile-sidebar" class="mobile-sidebar-container"><div class="mobile-sidebar-wrapper"><a href="/" class="sidebar-title sidebar-title-anchor">Sumba API</a><div class="mobile-nav-links"><div class="navbar-item"><a id="" href="https://www.npmjs.com/package/sumba" target="">NPM</a></div><div class="navbar-item"><a id="" href="https://github.com/ardhi/sumba" target="">Github</a></div><div class="navbar-item"><a id="" href="https://sumba.bajo.app/" target="">Sumba</a></div><div class="navbar-item"><a id="" href="https://bajo.app/" target="">Bajo</a></div></div><div class="mobile-sidebar-items-c"><div class="sidebar-section-title with-arrow" data-isopen="false" id="sidebar-classes"><div>Classes</div><svg><use xlink:href="#down-icon"></use></svg></div><div class="sidebar-section-children-container"><div class="sidebar-section-children"><a href="Sumba.html">Sumba</a></div></div><div class="sidebar-section-title with-arrow" data-isopen="false" id="sidebar-global"><div>Global</div><svg><use xlink:href="#down-icon"></use></svg></div><div class="sidebar-section-children-container"><div class="sidebar-section-children"><a href="global.html#factory">factory</a></div></div></div><div class="mobile-navbar-actions"><div class="navbar-right-item"><button class="icon-button search-button" aria-label="open-search"><svg><use xlink:href="#search-icon"></use></svg></button></div><div class="navbar-right-item"><button class="icon-button theme-toggle" aria-label="toggle-theme"><svg><use class="theme-svg-use" xlink:href="#dark-theme-icon"></use></svg></button></div><div class="navbar-right-item"><button class="icon-button font-size" aria-label="change-font-size"><svg><use xlink:href="#font-size-icon"></use></svg></button></div></div></div></div><script type="text/javascript" src="scripts/core.min.js"></script><script src="scripts/search.min.js" defer="defer"></script><script src="scripts/third-party/fuse.js" defer="defer"></script><script type="text/javascript">var tocbotInstance=tocbot.init({tocSelector:"#eed4d2a0bfd64539bb9df78095dec881",contentSelector:".main-content",headingSelector:"h1, h2, h3",hasInnerContainers:!0,scrollContainer:".main-content",headingsOffset:130,onClick:bringLinkToView})</script></body></html>