sumba 2.11.1 → 2.13.0

package/extend/bajo/hook/waibu-mpa@pre-parsing.js

@@ -1,7 +1,4 @@
-import checkUserId from '../../../lib/check-user-id.js'
-import checkTheme from '../../../lib/check-theme.js'
-import checkIconset from '../../../lib/check-iconset.js'
-import checkTeam from '../../../lib/check-team.js'
+import { checkUserId, checkTeam, checkTheme, checkIconset } from '../../../lib/util.js'
 
 const preParsing = {
   level: 10,

package/extend/bajo/hook/waibu-rest-api@pre-parsing.js

@@ -1,5 +1,4 @@
-import checkUserId from '../../../lib/check-user-id.js'
-import checkTeam from '../../../lib/check-team.js'
+import { checkUserId, checkTeam } from '../../../lib/util.js'
 
 const preParsing = {
   level: 10,

package/extend/bajo/hook/waibu-static@pre-parsing.js

@@ -1,5 +1,4 @@
-import checkUserId from '../../../lib/check-user-id.js'
-import checkTeam from '../../../lib/check-team.js'
+import { checkUserId, checkTeam } from '../../../lib/util.js'
 
 const preParsing = {
   level: 10,

package/extend/bajo/hook/waibu@after-app-boot.js

@@ -1,5 +1,4 @@
-import collectRoutes from '../../../lib/collect-routes.js'
-import collectTeam from '../../../lib/collect-team.js'
+import { collectRoutes, collectTeam } from '../../../lib/collect.js'
 
 async function afterAppBoot () {
   const { runHook } = this.app.bajo

package/extend/bajo/hook/waibu@pre-parsing.js

@@ -1,7 +1,13 @@
+import { checkNoRouteSetting, checkNoRouteSettingKey } from '../../../lib/util.js'
+
 const preParsing = {
   level: 10,
   handler: async function (req, reply) {
-    req.site = await this.getSite(req)
+    const { get } = this.app.lib._
+    const { getHostname } = this.app.waibu
+    req.site = await this.getSite(getHostname(req))
+    const routes = get(req.site, checkNoRouteSettingKey)
+    checkNoRouteSetting.call(this, req, routes)
   }
 }
 

package/extend/masohiSocketIo/middleware/server/auth.js

@@ -8,7 +8,7 @@ const auth = {
     socket.join(camelCase(`site ${site.alias}`))
     let user
     if (session.userId) {
-      user = await this.getUser(session.userId)
+      user = await this.getUserById(session.userId)
       if (user) {
         socket.join(camelCase(`user ${user.username}`))
         for (const team of user.teams) {

package/extend/waibuMpa/route/signin.js

@@ -7,7 +7,7 @@ const signin = {
     let error
     if (req.method === 'POST') {
       try {
-        const user = await this.getUserFromUsernamePassword(username, password, req)
+        const user = await this.getUserByUsernamePassword(username, password, req)
         return await this.signin({ user, req, reply })
       } catch (err) {
         error = err

package/extend/waibuRestApi/route/user/access-token/@type/create.js

@@ -14,12 +14,11 @@ async function create () {
 
   const handler = async function (req, reply) {
     const { hash } = this.app.bajoExtra
-    const { getUserFromUsernamePassword, createJwtFromUserRecord } = this
 
     if (!['api-key', 'jwt', 'apiKey'].includes(req.params.type)) throw this.error('invalidTokenType')
-    const rec = await getUserFromUsernamePassword(req.body.username, req.body.password, req)
+    const rec = await this.getUserByUsernamePassword(req.body.username, req.body.password, req)
     if (req.params.type === 'jwt') {
-      const jwt = await createJwtFromUserRecord(rec)
+      const jwt = await this.createJwtFromUserRecord(rec)
       return { data: jwt }
     }
     return { data: { token: await hash(rec.salt) } }

package/index.js

@@ -2,7 +2,7 @@ import path from 'path'
 import createNewSite from './lib/create-new-site.js'
 import removeSite from './lib/remove-site.js'
 import getSite from './lib/get-site.js'
-import getUser from './lib/get-user.js'
+import { getUserById, getUserByToken, getUserByUsernamePassword } from './lib/get-user.js'
 
 /**
  * Plugin factory
@@ -132,10 +132,15 @@ async function factory (pkgName) {
             noWhitespace: false,
             latinOnlyChars: false
           }
+        },
+        cacheTtl: {
+          getSiteDur: '1m',
+          getUserByIdDur: '1m',
+          getUserByTokenDur: '1m'
         }
       }
       this.unsafeUserFields = ['password']
-      this.selfBind(['createNewSite', 'removeSite', 'getSite', 'getUser'])
+      this.selfBind(['createNewSite', 'removeSite', 'getSite', 'getUserById', 'getUserByToken', 'getUserByUsernamePassword'])
     }
 
     init = async () => {
@@ -204,22 +209,6 @@ async function factory (pkgName) {
       }]
     }
 
-    getUserFromUsernamePassword = async (username = '', password = '', req) => {
-      const { importPkg } = this.app.bajo
-      const model = getModel('SumbaUser')
-      await model.validate({ username, password }, null, { partial: true, ns: ['sumba', 'dobo'], fields: ['username', 'password'] })
-      const bcrypt = await importPkg('bajoExtra:bcrypt')
-
-      const query = { username, provider: 'local', siteId: req.site.id }
-      const rows = await model.findRecord({ query }, { req, forceNoHidden: true, noHook: true })
-      if (rows.length === 0) throw this.error('validationError', { details: [{ field: 'username', error: 'Unknown username' }], statusCode: 401 })
-      const rec = rows[0]
-      if (rec.status !== 'ACTIVE') throw this.error('validationError', { details: ['User is inactive or temporarily disabled'], statusCode: 401 })
-      const verified = await bcrypt.compare(password, rec.password)
-      if (!verified) throw this.error('validationError', { details: [{ field: 'password', error: 'invalidPassword' }], statusCode: 401 })
-      return rec
-    }
-
     createJwtFromUserRecord = async (rec) => {
       const { importPkg } = this.app.bajo
       const { dayjs } = this.app.lib
@@ -240,12 +229,11 @@ async function factory (pkgName) {
     }
 
     verifySession = async (req, reply, source, payload) => {
-      const { getUser } = this
       const { routePath } = this.app.waibu
 
       if (!req.session) return false
       if (req.session.userId) {
-        req.user = await getUser(req.session.userId)
+        req.user = await this.getUserById(req.session.userId, req)
         return true
       }
       const redir = routePath(this.config.redirect.signin, req)
@@ -256,22 +244,18 @@ async function factory (pkgName) {
     verifyApiKey = async (req, reply, source, payload) => {
       const { merge } = this.app.lib._
       const { isMd5, hash } = this.app.bajoExtra
-      const { getUser } = this
 
       let token = await this._getToken('apiKey', req, source)
       if (!isMd5(token)) return false
       token = await hash(token)
-      const query = { token }
-      const rows = await getModel('SumbaUser').findRecord({ query }, { req, noHook: true })
-      if (rows.length === 0) throw this.error('invalidKey', merge({ statusCode: 401 }, payload))
-      if (rows[0].status !== 'ACTIVE') throw this.error('userInactive', merge({ details: [{ field: 'status', error: 'inactive' }], statusCode: 401 }, payload))
-      req.user = await getUser(rows[0])
+      const user = await this.getUserByToken(token, req)
+      if (!user) throw this.error('invalidKey', merge({ statusCode: 401 }, payload))
+      if (user.status !== 'ACTIVE') throw this.error('userInactive', merge({ details: [{ field: 'status', error: 'inactive' }], statusCode: 401 }, payload))
+      req.user = user
       return true
     }
 
     verifyBasic = async (req, reply, source, payload) => {
-      const { getUserFromUsernamePassword } = this
-      const { getUser } = this
       const { isEmpty, merge } = this.app.lib._
 
       const setHeader = async (setting, reply) => {
@@ -299,8 +283,7 @@ async function factory (pkgName) {
       const decoded = Buffer.from(authInfo, 'base64').toString()
       const [username, password] = decoded.split(':')
       try {
-        const user = await getUserFromUsernamePassword(username, password, req)
-        req.user = await getUser(user)
+        req.user = await this.getUserByUsernamePassword(username, password, req)
       } catch (err) {
         if (err.statusCode === 401 && setting.realm) {
           await setHeader(setting, reply)
@@ -313,7 +296,6 @@ async function factory (pkgName) {
 
     verifyJwt = async (req, reply, source, payload) => {
       const { importPkg } = this.app.bajo
-      const { getUser } = this
       const { isEmpty, merge } = this.app.lib._
 
       const fastJwt = await importPkg('bajoExtra:fast-jwt')
@@ -328,10 +310,10 @@ async function factory (pkgName) {
       const decoded = await verifier(token)
       const id = decoded.payload.uid
       try {
-        const rec = await getModel('SumbaUser').getRecord(id, { req, noHook: true })
-        if (!rec) throw this.error('invalidToken', { statusCode: 401 })
-        if (rec.status !== 'ACTIVE') throw this.error('userInactive', { details: [{ field: 'status', error: 'inactive' }], statusCode: 401 })
-        req.user = await getUser(rec)
+        const user = await this.getUserById(id, req)
+        if (!user) throw this.error('invalidToken', { statusCode: 401 })
+        if (user.status !== 'ACTIVE') throw this.error('userInactive', { details: [{ field: 'status', error: 'inactive' }], statusCode: 401 })
+        req.user = user
       } catch (err) {
         merge(err, payload)
         throw err
@@ -494,7 +476,9 @@ async function factory (pkgName) {
     createNewSite = createNewSite
     removeSite = removeSite
     getSite = getSite
-    getUser = getUser
+    getUserById = getUserById
+    getUserByToken = getUserByToken
+    getUserByUsernamePassword = getUserByUsernamePassword
   }
 
   return Sumba

package/lib/{collect-routes.js → collect.js}

@@ -23,21 +23,38 @@ export async function collect ({ type = '', handler, container, file, ns, dir })
   }
 }
 
-function handler (item) {
+function collectHandler (item, keys = []) {
   const { isString } = this.app.lib._
-  for (const k of ['methods']) {
+  for (const k of keys) {
     item[k] = item[k] ?? []
     if (isString(item[k])) item[k] = item[k].split(',')
   }
 }
 
-async function collectRoutes (type) {
+export async function collectRoutes (type) {
   const { eachPlugins } = this.app.bajo
   const me = this
+
+  function handler (item) {
+    collectHandler.call(this, item, ['methods'])
+  }
+
   await eachPlugins(async function ({ file, dir }) {
     const { ns } = this
     await collect.call(me, { type, container: 'Routes', handler, file, ns, dir })
   }, { glob: `route/${type}.*`, prefix: this.ns })
 }
 
-export default collectRoutes
+export async function collectTeam () {
+  const { eachPlugins } = this.app.bajo
+  const me = this
+
+  function handler (item) {
+    collectHandler.call(this, item, ['methods', 'teams', 'features'])
+  }
+
+  await eachPlugins(async function ({ file, dir }) {
+    const { ns } = this
+    await collect.call(me, { type: 'team', container: 'Routes', handler, file, ns, dir })
+  }, { glob: 'route/team.*', prefix: this.ns })
+}

package/lib/get-site.js

@@ -1,12 +1,11 @@
 import { parseNsSettings } from './util.js'
 
-async function getSite (req) {
-  const { runHook } = this.app.bajo
-  const { omit, isPlainObject } = this.app.lib._
-  const { getHostname } = this.app.waibu
+async function getSite (input, byId = false) {
+  const { omit } = this.app.lib._
+  const { set: setCache, get: getCache } = this.app.bajoCache ?? {}
   const omitted = ['status']
 
-  await runHook(`${this.ns}:beforeGetSite`, req)
+  let site = {}
   const mergeSetting = async (site) => {
     const { defaultsDeep, isSet } = this.app.lib.aneka
     const { get, filter } = this.app.lib._
@@ -28,21 +27,32 @@ async function getSite (req) {
     // additional fields
     const country = await this.app.dobo.getModel('CdbCountry').getRecord(site.country, { noHook: true })
     site.countryName = (country ?? {}).name ?? site.country
-    await runHook(`${this.ns}:afterGetSite`, req, site)
   }
 
-  let site = {}
-
   const multiSite = this.config.multiSite === true ? { enabled: true, catchAll: 'default' } : this.config.multiSite
   if (!multiSite.enabled) {
-    const resp = await this.app.dobo.getModel('SumbaSite').findOneRecord({ query: { alias: 'default' } }, { noHook: true })
+    const filter = { query: { alias: 'default' } }
+    const key = 'getSite:default'
+    if (getCache) {
+      site = await getCache({ key })
+      if (site) return site
+    }
+    const resp = await this.app.dobo.getModel('SumbaSite').findOneRecord(filter, { noHook: true })
     site = omit(resp, omitted)
     await mergeSetting(site)
+    if (setCache) {
+      await setCache({ key, value: site, ttl: this.config.cacheTtl.getSiteDur })
+    }
     return site
   }
   let query
-  if (!isPlainObject(req)) query = { id: req }
-  else query = { hostname: getHostname(req) }
+  if (byId) query = { id: input }
+  else query = { hostname: input }
+  const key = `getSite:multiSite:${input}`
+  if (getCache) {
+    site = await getCache({ key })
+    if (site) return JSON.parse(site)
+  }
   let row = await this.app.dobo.getModel('SumbaSite').findOneRecord({ query }, { noHook: true })
   if (!row) {
     if (multiSite.catchAll) {
@@ -54,6 +64,9 @@ async function getSite (req) {
   if (row.status !== 'ACTIVE') throw this.error('siteInactiveInfo')
   site = omit(row, omitted)
   await mergeSetting(site)
+  if (setCache) {
+    await setCache({ key, value: JSON.stringify(site), ttl: this.config.cacheTtl.getSiteDur })
+  }
   return site
 }
 

package/lib/get-user.js

@@ -1,19 +1,8 @@
 import { parseNsSettings } from './util.js'
 
-async function getUser (rec, safe = true) {
-  const { runHook } = this.app.bajo
-  const { map, pick, omit, isPlainObject } = this.app.lib._
+export async function mergeTeam (user) {
+  const { map, pick } = this.app.lib._
   const { getModel } = this.app.dobo
-  await runHook(`${this.ns}:beforeGetUser`, rec, safe)
-  let user
-  if (!isPlainObject(rec)) {
-    const mdl = getModel('SumbaUser')
-    user = await mdl.getRecord(rec, { noHook: true, throwNotFound: false })
-  } else {
-    user = rec
-  }
-  if (!user) return null
-  // merge teams
   user.teams = []
   const query = { userId: user.id, siteId: user.siteId }
   let mdl = getModel('SumbaTeamUser')
@@ -25,7 +14,6 @@ async function getUser (rec, safe = true) {
   mdl = getModel('SumbaTeam')
   const teams = await mdl.findAllRecord({ query })
   if (teams.length > 0) {
-    // setting
     delete query.id
     delete query.status
     query.siteId = user.siteId
@@ -42,9 +30,60 @@ async function getUser (rec, safe = true) {
       user.teams.push(item)
     }
   }
-  user = safe ? omit(user, this.unsafeUserFields) : user
-  await runHook(`${this.ns}:afterGetUser`, rec, safe, user)
+  for (const field of this.unsafeUserFields) {
+    delete user[field]
+  }
+}
+
+export async function getUserById (id, req) {
+  const { getModel } = this.app.dobo
+  const { set: setCache, get: getCache } = this.app.bajoCache ?? {}
+  const key = `getUserById:${id}`
+  let user
+  if (getCache) {
+    user = await getCache({ key })
+    if (user) return JSON.parse(user)
+  }
+  user = await getModel('SumbaUser').getRecord(id, { noHook: true, throwNotFound: false, req })
+  if (!user) return
+  await mergeTeam.call(this, user)
+  if (setCache) {
+    await setCache({ key, value: JSON.stringify(user), ttl: this.config.cacheTtl.getUserByIdDur })
+  }
+  return user
+}
+
+export async function getUserByToken (token, req) {
+  const { getModel } = this.app.dobo
+  const { set: setCache, get: getCache } = this.app.bajoCache ?? {}
+  const key = `getUserByToken:${token}`
+  let user
+  if (getCache) {
+    user = await getCache({ key })
+    if (user) return JSON.parse(user)
+  }
+  user = await getModel('SumbaUser').findOneRecord({ query: { token } }, { noHook: true, throwNotFound: false, req })
+  if (!user) return
+  await mergeTeam.call(this, user)
+  if (setCache) {
+    await setCache({ key, value: JSON.stringify(user), ttl: this.config.cacheTtl.getUserByTokenDur })
+  }
   return user
 }
 
-export default getUser
+export async function getUserByUsernamePassword (username = '', password = '', req) {
+  const { getModel } = this.app.dobo
+  const { importPkg } = this.app.bajo
+  const model = getModel('SumbaUser')
+  await model.validate({ username, password }, null, { partial: true, ns: ['sumba', 'dobo'], fields: ['username', 'password'] })
+  const bcrypt = await importPkg('bajoExtra:bcrypt')
+
+  const query = { username, provider: 'local', siteId: req.site.id }
+  const user = await model.findOneRecord({ query }, { req, forceNoHidden: true, noHook: true })
+  if (!user) throw this.error('validationError', { details: [{ field: 'username', error: 'Unknown username' }], statusCode: 401 })
+  if (user.status !== 'ACTIVE') throw this.error('validationError', { details: ['User is inactive or temporarily disabled'], statusCode: 401 })
+  const verified = await bcrypt.compare(password, user.password)
+  if (!verified) throw this.error('validationError', { details: [{ field: 'password', error: 'invalidPassword' }], statusCode: 401 })
+  await mergeTeam.call(this, user)
+  return user
+}

package/lib/util.js

@@ -1,6 +1,9 @@
+export const checkNoRouteSettingKey = 'setting.waibu.noRoutes.$in'
+
 export function parseNsSettings (ns, setting, items) {
-  const { trim, set, isPlainObject, isArray, isEmpty, find } = this.app.lib._
+  const { trim, set, isPlainObject, isArray, isEmpty, find, get, isString } = this.app.lib._
   const { parseObject, dayjs } = this.app.lib
+  const { routePath } = this.app.waibu
 
   for (const item of items) {
     if (item.ns === '_var' || ns === '_var') continue
@@ -16,7 +19,7 @@ export function parseNsSettings (ns, setting, items) {
       } catch (err) {}
     } else if (Number(value)) value = Number(value)
     else if (['true', 'false'].includes(value)) value = value === 'true'
-    else if (item.key.endsWith('$in')) value = value.split(',').map(v => v.trim())
+    else if (item.key.endsWith('$in')) value = value.split('\n').map(v => v.trim())
     else {
       const dt = dayjs(value)
       if (dt.isValid()) value = dt.toDate()
@@ -24,4 +27,149 @@ export function parseNsSettings (ns, setting, items) {
     if ((isPlainObject(value) || isArray(value)) && isEmpty(value)) continue
     set(setting, `${ns}.${item.key}`, value)
   }
+  const key = checkNoRouteSettingKey.slice(checkNoRouteSettingKey.indexOf('.') + 1)
+  let noRoutes = get(setting, key, [])
+  if (noRoutes.length > 0) {
+    noRoutes = noRoutes.map(item => {
+      if (!isString(item)) return item
+      let [url, methods] = item.split('|')
+      if (methods === '*' || !methods) methods = 'GET,POST,PUT,DELETE'
+      methods = methods.split(',').map(m => m.trim().toUpperCase())
+      return { url: routePath(url), methods }
+    })
+    set(setting, key, noRoutes)
+  }
+}
+
+export function checkNoRouteSetting (req, routes) {
+  const { isEmpty } = this.app.lib._
+  const { outmatch } = this.app.lib
+  if (isEmpty(routes)) return
+  for (const route of routes) {
+    const isMatchUrl = outmatch(route.url)
+    if (isMatchUrl(req.url) || isMatchUrl(req.routeOptions.url)) {
+      if (route.methods.includes(req.method)) throw this.error('accessDenied', { statusCode: 403 })
+    }
+  }
+}
+
+export function pathsToCheck (req, withHome) {
+  const { uniq, without } = this.app.lib._
+  return uniq(without([req.routeOptions.url, req.url], undefined, null))
+}
+
+export async function checkIconset (req, reply) {
+  const { get, isString } = this.app.lib._
+  const mpa = this.app.waibuMpa
+
+  if (!req.site) return
+  const siteIconset = get(req, 'site.setting.waibuMpa.iconset')
+  req.iconset = siteIconset ?? get(mpa, 'config.iconset.set', 'default')
+  const hiconset = req.headers['x-iconset']
+  if (isString(hiconset) && mpa.getIconset(hiconset)) req.iconset = hiconset
+  req.iconset = req.iconset ?? 'default'
+}
+
+export async function checkTheme (req, reply) {
+  const { get, isString } = this.app.lib._
+  const mpa = this.app.waibuMpa
+
+  if (!req.site) return
+  const siteTheme = get(req, 'site.setting.waibuMpa.theme')
+  req.theme = siteTheme ?? get(mpa, 'config.theme.set', 'default')
+  const htheme = req.headers['x-theme']
+  if (isString(htheme) && mpa.getTheme(htheme)) req.theme = htheme
+  req.theme = req.theme ?? 'default'
+}
+
+export async function checkTeam (req, reply, source) {
+  const { get, isEmpty } = this.app.lib._
+  if (!req.user) return
+  const { map } = this.app.lib._
+  const paths = pathsToCheck.call(this, req, true)
+  const teams = map(req.user.teams, 'alias')
+  let match = this.checkPathsByTeam({ paths, method: req.method, teams, guards: this.teamRoutes })
+  if (!match) match = this.checkPathsByTeam({ paths, method: req.method, teams, guards: this.teamNegRoutes })
+  if (!match) {
+    const guards = map(this.teamRoutes, 'path')
+    match = !this.checkPathsByGuard({ paths, guards })
+  }
+  if (!match) throw this.error('accessDenied', { statusCode: 403 })
+  const routes = []
+  for (const team of (req.user.teams ?? [])) {
+    const items = get(team, checkNoRouteSettingKey, [])
+    if (isEmpty(items)) continue
+    routes.push(...items)
+  }
+  checkNoRouteSetting.call(this, req, routes)
+}
+
+export async function checkUserId (req, reply, source) {
+  const { merge, isEmpty, camelCase, get } = this.app.lib._
+  const { routePath } = this.app.waibu
+  const userId = get(req, 'session.userId')
+
+  const setUser = async () => {
+    const id = get(req, 'session.userId')
+    if (!id) return
+    try {
+      const user = await this.getUserById(id, req)
+      if (user) req.user = user
+      else req.session.userId = null
+    } catch (err) {
+      console.log(err)
+      req.session.userId = null
+    }
+  }
+
+  if (req.session) req.session.siteId = req.site.id
+
+  const webApp = get(req, 'routeOptions.config.webApp', 'waibu')
+  if (!req.routeOptions.url) {
+    if (!req.session) return
+    await setUser()
+    return
+  }
+
+  const paths = pathsToCheck.call(this, req)
+  let securePath = await this.checkPathsByRoute({ paths, method: req.method, guards: this.secureRoutes })
+  if (securePath) {
+    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: this.secureNegRoutes })
+    if (neg) securePath = undefined
+  }
+  let anonymousPath = await this.checkPathsByRoute({ paths, method: req.method, guards: this.anonymousRoutes })
+  if (anonymousPath) {
+    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: this.anonymousNegRoutes })
+    if (neg) anonymousPath = undefined
+  }
+  if (!securePath && !anonymousPath) {
+    if (userId) await setUser()
+    return
+  }
+  if (anonymousPath) {
+    if (!userId) return
+    req.session.ref = req.url
+    return reply.redirectTo(routePath(this.config.redirect.signout))
+  }
+  if (securePath) {
+    if (userId) {
+      await setUser()
+      return
+    }
+    const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
+    const payload = silentOnError ? { noContent: true } : undefined
+    const authMethods = this.config.auth[webApp].methods ?? []
+    if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
+    let success
+    for (const m of authMethods) {
+      const handler = this[camelCase(`verify ${m}`)]
+      if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
+      const check = await handler(req, reply, source, payload)
+      if (check) {
+        success = check
+        break
+      }
+    }
+    if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
+  }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sumba",
-  "version": "2.11.1",
+  "version": "2.13.0",
   "description": "Biz Suite for Bajo Framework",
   "main": "index.js",
   "scripts": {

package/wiki/CHANGES.md

@@ -1,5 +1,15 @@
 # Changes
 
+## 2026-03-25
+
+- [2.13.0] Add bajo cache handling for ```getUser*()``` and ```getSite()```
+
+## 2026-03-22
+
+- [2.12.0] Add no route settings sitewise
+- [2.12.0] Add no route settings for teams
+- [2.12.0] Some organizatorial changes in module files
+
 ## 2026-03-22
 
 - [2.11.0] Add ```Team Setting``` feature

package/lib/check-iconset.js

@@ -1,13 +0,0 @@
-async function checkIconset (req, reply) {
-  const { get, isString } = this.app.lib._
-  const mpa = this.app.waibuMpa
-
-  if (!req.site) return
-  const siteIconset = get(req, 'site.setting.waibuMpa.iconset')
-  req.iconset = siteIconset ?? get(mpa, 'config.iconset.set', 'default')
-  const hiconset = req.headers['x-iconset']
-  if (isString(hiconset) && mpa.getIconset(hiconset)) req.iconset = hiconset
-  req.iconset = req.iconset ?? 'default'
-}
-
-export default checkIconset

package/lib/check-team.js

@@ -1,19 +0,0 @@
-import { pathsToCheck } from './check-user-id.js'
-
-async function checkTeam (req, reply, source) {
-  if (!req.user) return
-  const { map } = this.app.lib._
-  const paths = pathsToCheck.call(this, req, true)
-  const teams = map(req.user.teams, 'alias')
-  const match = this.checkPathsByTeam({ paths, method: req.method, teams, guards: this.teamRoutes })
-  if (match) return
-  const negMatch = this.checkPathsByTeam({ paths, method: req.method, teams, guards: this.teamNegRoutes })
-  if (negMatch) return
-  const guards = map(this.teamRoutes, 'path')
-  // fallback
-  const guarded = this.checkPathsByGuard({ paths, guards })
-  if (!guarded) return
-  throw this.error('accessDenied', { statusCode: 403 })
-}
-
-export default checkTeam

package/lib/check-theme.js

@@ -1,13 +0,0 @@
-async function checkTheme (req, reply) {
-  const { get, isString } = this.app.lib._
-  const mpa = this.app.waibuMpa
-
-  if (!req.site) return
-  const siteTheme = get(req, 'site.setting.waibuMpa.theme')
-  req.theme = siteTheme ?? get(mpa, 'config.theme.set', 'default')
-  const htheme = req.headers['x-theme']
-  if (isString(htheme) && mpa.getTheme(htheme)) req.theme = htheme
-  req.theme = req.theme ?? 'default'
-}
-
-export default checkTheme

package/lib/check-user-id.js

@@ -1,76 +0,0 @@
-export function pathsToCheck (req, withHome) {
-  const { uniq, without } = this.app.lib._
-  return uniq(without([req.routeOptions.url, req.url], undefined, null))
-}
-
-async function setUser (req) {
-  const { get } = this.app.lib._
-  const id = get(req, 'session.userId')
-  if (!id) return
-  try {
-    const user = await this.getUser(id)
-    if (user) req.user = user
-    else req.session.userId = null
-  } catch (err) {
-    console.log(err)
-    req.session.userId = null
-  }
-}
-
-async function checkUserId (req, reply, source) {
-  const { merge, isEmpty, camelCase, get } = this.app.lib._
-  const { routePath } = this.app.waibu
-  const userId = get(req, 'session.userId')
-  if (req.session) req.session.siteId = req.site.id
-
-  const webApp = get(req, 'routeOptions.config.webApp', 'waibu')
-  if (!req.routeOptions.url) {
-    if (!req.session) return
-    await setUser.call(this, req)
-    return
-  }
-
-  const paths = pathsToCheck.call(this, req)
-  let securePath = await this.checkPathsByRoute({ paths, method: req.method, guards: this.secureRoutes })
-  if (securePath) {
-    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: this.secureNegRoutes })
-    if (neg) securePath = undefined
-  }
-  let anonymousPath = await this.checkPathsByRoute({ paths, method: req.method, guards: this.anonymousRoutes })
-  if (anonymousPath) {
-    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: this.anonymousNegRoutes })
-    if (neg) anonymousPath = undefined
-  }
-  if (!securePath && !anonymousPath) {
-    if (userId) await setUser.call(this, req)
-    return
-  }
-  if (anonymousPath) {
-    if (!userId) return
-    req.session.ref = req.url
-    return reply.redirectTo(routePath(this.config.redirect.signout))
-  }
-  if (securePath) {
-    if (userId) {
-      await setUser.call(this, req)
-      return
-    }
-    const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
-    const payload = silentOnError ? { noContent: true } : undefined
-    const authMethods = this.config.auth[webApp].methods ?? []
-    if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
-    let success
-    for (const m of authMethods) {
-      const handler = this[camelCase(`verify ${m}`)]
-      if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
-      const check = await handler(req, reply, source, payload)
-      if (check) {
-        success = check
-        break
-      }
-    }
-    if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
-  }
-}
-
-export default checkUserId

package/lib/collect-redirects.js

@@ -1,5 +0,0 @@
-async function collectRedirects () {
-  this.redirects = []
-}
-
-export default collectRedirects

package/lib/collect-team.js

@@ -1,20 +0,0 @@
-import { collect } from './collect-routes.js'
-
-function handler (item) {
-  const { isString } = this.app.lib._
-  for (const k of ['methods', 'teams', 'features']) {
-    item[k] = item[k] ?? []
-    if (isString(item[k])) item[k] = item[k].split(',')
-  }
-}
-
-async function collectTeam () {
-  const { eachPlugins } = this.app.bajo
-  const me = this
-  await eachPlugins(async function ({ file, dir }) {
-    const { ns } = this
-    await collect.call(me, { type: 'team', container: 'Routes', handler, file, ns, dir })
-  }, { glob: 'route/team.*', prefix: this.ns })
-}
-
-export default collectTeam