npm - wabe - Versions diffs - 0.6.9 → 0.6.10 - Mend

wabe 0.6.9 → 0.6.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (158) hide show

package/README.md +138 -32
package/bucket/b.txt +1 -0
package/dev/index.ts +215 -0
package/dist/authentication/Session.d.ts +4 -1
package/dist/authentication/interface.d.ts +16 -0
package/dist/email/interface.d.ts +1 -1
package/dist/graphql/resolvers.d.ts +4 -2
package/dist/hooks/index.d.ts +1 -0
package/dist/index.d.ts +0 -1
package/dist/index.js +8713 -8867
package/dist/server/index.d.ts +4 -2
package/dist/utils/crypto.d.ts +7 -0
package/dist/utils/helper.d.ts +4 -1
package/generated/schema.graphql +16 -14
package/generated/wabe.ts +4 -4
package/package.json +15 -15
package/src/authentication/OTP.test.ts +69 -0
package/src/authentication/OTP.ts +66 -0
package/src/authentication/Session.test.ts +665 -0
package/src/authentication/Session.ts +529 -0
package/src/authentication/defaultAuthentication.ts +214 -0
package/src/authentication/index.ts +3 -0
package/src/authentication/interface.ts +157 -0
package/src/authentication/oauth/GitHub.test.ts +105 -0
package/src/authentication/oauth/GitHub.ts +133 -0
package/src/authentication/oauth/Google.test.ts +105 -0
package/src/authentication/oauth/Google.ts +110 -0
package/src/authentication/oauth/Oauth2Client.test.ts +225 -0
package/src/authentication/oauth/Oauth2Client.ts +140 -0
package/src/authentication/oauth/index.ts +2 -0
package/src/authentication/oauth/utils.test.ts +35 -0
package/src/authentication/oauth/utils.ts +28 -0
package/src/authentication/providers/EmailOTP.test.ts +138 -0
package/src/authentication/providers/EmailOTP.ts +93 -0
package/src/authentication/providers/EmailPassword.test.ts +187 -0
package/src/authentication/providers/EmailPassword.ts +130 -0
package/src/authentication/providers/EmailPasswordSRP.test.ts +206 -0
package/src/authentication/providers/EmailPasswordSRP.ts +184 -0
package/src/authentication/providers/GitHub.ts +30 -0
package/src/authentication/providers/Google.ts +30 -0
package/src/authentication/providers/OAuth.test.ts +185 -0
package/src/authentication/providers/OAuth.ts +112 -0
package/src/authentication/providers/PhonePassword.test.ts +187 -0
package/src/authentication/providers/PhonePassword.ts +129 -0
package/src/authentication/providers/QRCodeOTP.test.ts +79 -0
package/src/authentication/providers/QRCodeOTP.ts +65 -0
package/src/authentication/providers/index.ts +6 -0
package/src/authentication/resolvers/refreshResolver.test.ts +37 -0
package/src/authentication/resolvers/refreshResolver.ts +20 -0
package/src/authentication/resolvers/signInWithResolver.inte.test.ts +59 -0
package/src/authentication/resolvers/signInWithResolver.test.ts +307 -0
package/src/authentication/resolvers/signInWithResolver.ts +102 -0
package/src/authentication/resolvers/signOutResolver.test.ts +41 -0
package/src/authentication/resolvers/signOutResolver.ts +22 -0
package/src/authentication/resolvers/signUpWithResolver.test.ts +186 -0
package/src/authentication/resolvers/signUpWithResolver.ts +69 -0
package/src/authentication/resolvers/verifyChallenge.test.ts +136 -0
package/src/authentication/resolvers/verifyChallenge.ts +69 -0
package/src/authentication/roles.test.ts +59 -0
package/src/authentication/roles.ts +40 -0
package/src/authentication/utils.test.ts +99 -0
package/src/authentication/utils.ts +43 -0
package/src/cache/InMemoryCache.test.ts +62 -0
package/src/cache/InMemoryCache.ts +45 -0
package/src/cron/index.test.ts +17 -0
package/src/cron/index.ts +46 -0
package/src/database/DatabaseController.test.ts +625 -0
package/src/database/DatabaseController.ts +983 -0
package/src/database/index.test.ts +1230 -0
package/src/database/index.ts +9 -0
package/src/database/interface.ts +312 -0
package/src/email/DevAdapter.ts +8 -0
package/src/email/EmailController.test.ts +29 -0
package/src/email/EmailController.ts +13 -0
package/src/email/index.ts +2 -0
package/src/email/interface.ts +36 -0
package/src/email/templates/sendOtpCode.ts +120 -0
package/src/file/FileController.ts +28 -0
package/src/file/FileDevAdapter.ts +54 -0
package/src/file/hookDeleteFile.ts +27 -0
package/src/file/hookReadFile.ts +70 -0
package/src/file/hookUploadFile.ts +53 -0
package/src/file/index.test.ts +979 -0
package/src/file/index.ts +2 -0
package/src/file/interface.ts +42 -0
package/src/graphql/GraphQLSchema.test.ts +4399 -0
package/src/graphql/GraphQLSchema.ts +928 -0
package/src/graphql/index.ts +2 -0
package/src/graphql/parseGraphqlSchema.ts +94 -0
package/src/graphql/parser.test.ts +217 -0
package/src/graphql/parser.ts +566 -0
package/src/graphql/pointerAndRelationFunction.ts +200 -0
package/src/graphql/resolvers.ts +467 -0
package/src/graphql/tests/aggregation.test.ts +1123 -0
package/src/graphql/tests/e2e.test.ts +596 -0
package/src/graphql/tests/scalars.test.ts +250 -0
package/src/graphql/types.ts +219 -0
package/src/hooks/HookObject.test.ts +122 -0
package/src/hooks/HookObject.ts +168 -0
package/src/hooks/authentication.ts +76 -0
package/src/hooks/createUser.test.ts +77 -0
package/src/hooks/createUser.ts +10 -0
package/src/hooks/defaultFields.test.ts +187 -0
package/src/hooks/defaultFields.ts +40 -0
package/src/hooks/deleteSession.test.ts +181 -0
package/src/hooks/deleteSession.ts +20 -0
package/src/hooks/hashFieldHook.test.ts +163 -0
package/src/hooks/hashFieldHook.ts +97 -0
package/src/hooks/index.test.ts +207 -0
package/src/hooks/index.ts +430 -0
package/src/hooks/permissions.test.ts +424 -0
package/src/hooks/permissions.ts +113 -0
package/src/hooks/protected.test.ts +551 -0
package/src/hooks/protected.ts +72 -0
package/src/hooks/searchableFields.test.ts +166 -0
package/src/hooks/searchableFields.ts +98 -0
package/src/hooks/session.test.ts +138 -0
package/src/hooks/session.ts +78 -0
package/src/hooks/setEmail.test.ts +216 -0
package/src/hooks/setEmail.ts +35 -0
package/src/hooks/setupAcl.test.ts +589 -0
package/src/hooks/setupAcl.ts +29 -0
package/src/index.ts +9 -0
package/src/schema/Schema.test.ts +484 -0
package/src/schema/Schema.ts +795 -0
package/src/schema/defaultResolvers.ts +94 -0
package/src/schema/index.ts +1 -0
package/src/schema/resolvers/meResolver.test.ts +62 -0
package/src/schema/resolvers/meResolver.ts +14 -0
package/src/schema/resolvers/newFile.ts +0 -0
package/src/schema/resolvers/resetPassword.test.ts +345 -0
package/src/schema/resolvers/resetPassword.ts +64 -0
package/src/schema/resolvers/sendEmail.test.ts +118 -0
package/src/schema/resolvers/sendEmail.ts +21 -0
package/src/schema/resolvers/sendOtpCode.test.ts +153 -0
package/src/schema/resolvers/sendOtpCode.ts +52 -0
package/src/security.test.ts +3461 -0
package/src/server/defaultSessionHandler.test.ts +66 -0
package/src/server/defaultSessionHandler.ts +115 -0
package/src/server/generateCodegen.ts +476 -0
package/src/server/index.test.ts +552 -0
package/src/server/index.ts +354 -0
package/src/server/interface.ts +11 -0
package/src/server/routes/authHandler.ts +187 -0
package/src/server/routes/index.ts +40 -0
package/src/utils/crypto.test.ts +41 -0
package/src/utils/crypto.ts +121 -0
package/src/utils/export.ts +13 -0
package/src/utils/helper.ts +195 -0
package/src/utils/index.test.ts +11 -0
package/src/utils/index.ts +201 -0
package/src/utils/preload.ts +8 -0
package/src/utils/testHelper.ts +117 -0
package/tsconfig.json +32 -0
package/bunfig.toml +0 -4
package/dist/ai/index.d.ts +0 -1
package/dist/ai/interface.d.ts +0 -9
/package/dist/server/{defaultHandlers.d.ts → defaultSessionHandler.d.ts} +0 -0

package/src/authentication/providers/EmailPasswordSRP.ts ADDED Viewed

@@ -0,0 +1,184 @@
+import type {
+	AuthenticationEventsOptions,
+	OnVerifyChallengeOptions,
+	ProviderInterface,
+	SecondaryProviderInterface,
+} from '../interface'
+import { contextWithRoot } from '../../utils/export'
+import type { DevWabeTypes } from '../../utils/helper'
+import { createSRPServer, type Ephemeral, type Session } from 'js-srp6a'
+// 🛡 Valeurs factices pour mitigation des timing attacks
+const DUMMY_SALT = 'deadbeefdeadbeefdeadbeefdeadbeef'
+const DUMMY_VERIFIER =
+	'94c8f9b69f44fa0453a8a65129a7865ea2d70b21e645cf185d6fd42a679e524c394d4f02bba2032b10517be8c80f0f58e94302cb57cce7ce1e0a21906b6d22020b84a473d8ef58ea1f53e5204f8b83f05dc334b781fda309ad7cb8fa5c91dc81f64c114b671688b22e0f693a9c97ad2f43e6f1954c83d73e81e3dc8a963b7cbce'
+type EmailPasswordSRPInterface = {
+	clientPublic: string
+	email: string
+	salt?: string
+	verifier?: string
+}
+export class EmailPasswordSRP
+	implements ProviderInterface<DevWabeTypes, EmailPasswordSRPInterface>
+{
+	async onSignIn({
+		input,
+		context,
+	}: AuthenticationEventsOptions<DevWabeTypes, EmailPasswordSRPInterface>) {
+		const server = createSRPServer('SHA-256', 3072)
+		const users = await context.wabe.controllers.database.getObjects({
+			className: 'User',
+			context: contextWithRoot(context),
+			where: {
+				email: { equalTo: input.email },
+			},
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+			first: 1,
+		})
+		const user = users[0]
+		const salt = user?.authentication?.emailPasswordSRP?.salt ?? DUMMY_SALT
+		const verifier =
+			user?.authentication?.emailPasswordSRP?.verifier ?? DUMMY_VERIFIER
+		let ephemeral: Ephemeral
+		try {
+			ephemeral = await server.generateEphemeral(verifier)
+		} catch {
+			throw new Error('Invalid authentication credentials')
+		}
+		if (!user || !user?.id) {
+			// Simulation d'opération pour garder le même temps
+			await new Promise((resolve) => setTimeout(resolve, 10))
+			throw new Error('Invalid authentication credentials')
+		}
+		await context.wabe.controllers.database.updateObject({
+			className: 'User',
+			context: contextWithRoot(context),
+			id: user.id,
+			data: {
+				authentication: {
+					emailPasswordSRP: {
+						...user.authentication?.emailPasswordSRP,
+						serverSecret: ephemeral.secret,
+					},
+				},
+			},
+			select: {},
+		})
+		return { srp: { salt, serverPublic: ephemeral.public }, user }
+	}
+	async onSignUp({
+		input,
+		context,
+	}: AuthenticationEventsOptions<DevWabeTypes, EmailPasswordSRPInterface>) {
+		const users = await context.wabe.controllers.database.count({
+			className: 'User',
+			where: {
+				email: { equalTo: input.email },
+			},
+			context: contextWithRoot(context),
+		})
+		if (users > 0) throw new Error('Not authorized to create user')
+		return {
+			authenticationDataToSave: {
+				salt: input.salt,
+				verifier: input.verifier,
+				email: input.email,
+				serverSecret: null,
+			},
+		}
+	}
+}
+export interface EmailPasswordSRPChallengeInterface {
+	email: string
+	clientPublic: string
+	clientSessionProof: string
+}
+export class EmailPasswordSRPChallenge
+	implements
+		SecondaryProviderInterface<DevWabeTypes, EmailPasswordSRPChallengeInterface>
+{
+	async onVerifyChallenge({
+		context,
+		input,
+	}: OnVerifyChallengeOptions<
+		DevWabeTypes,
+		EmailPasswordSRPChallengeInterface
+	>) {
+		const server = createSRPServer('SHA-256', 3072)
+		const users = await context.wabe.controllers.database.getObjects({
+			className: 'User',
+			context: contextWithRoot(context),
+			where: {
+				authentication: {
+					emailPasswordSRP: {
+						email: { equalTo: input.email },
+					},
+				},
+			},
+			select: {
+				id: true,
+				authentication: true,
+			},
+		})
+		const user = users[0]
+		const salt = user?.authentication?.emailPasswordSRP?.salt ?? DUMMY_SALT
+		const verifier =
+			user?.authentication?.emailPasswordSRP?.verifier ?? DUMMY_VERIFIER
+		const serverSecret =
+			user?.authentication?.emailPasswordSRP?.serverSecret ?? 'deadbeef'
+		let serverSession: Session
+		try {
+			serverSession = await server.deriveSession(
+				serverSecret,
+				input.clientPublic,
+				salt,
+				'', // no username
+				verifier,
+				input.clientSessionProof,
+			)
+		} catch {
+			throw new Error('Invalid authentication credentials')
+		}
+		if (!user || !user?.id) {
+			// Simulation pour garder un timing constant
+			await new Promise((resolve) => setTimeout(resolve, 10))
+			throw new Error('Invalid authentication credentials')
+		}
+		return {
+			userId: user.id,
+			srp: {
+				serverSessionProof: serverSession.proof,
+			},
+		}
+	}
+}

package/src/authentication/providers/GitHub.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import type { DevWabeTypes } from '../../utils/helper'
+import {
+	AuthenticationProvider,
+	type AuthenticationEventsOptions,
+	type ProviderInterface,
+} from '../interface'
+import { oAuthAuthentication } from './OAuth'
+type GitHubInterface = {
+	authorizationCode: string
+	codeVerifier: string
+}
+export class GitHub
+	implements ProviderInterface<DevWabeTypes, GitHubInterface>
+{
+	name = 'github'
+	onSignIn(
+		options: AuthenticationEventsOptions<DevWabeTypes, GitHubInterface>,
+	) {
+		return oAuthAuthentication(AuthenticationProvider.GitHub)(options)
+	}
+	// @ts-expect-error
+	onSignUp() {
+		throw new Error(
+			'SignUp is not implemented for Oauth provider, you should use signIn instead.',
+		)
+	}
+}

package/src/authentication/providers/Google.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import type { DevWabeTypes } from '../../utils/helper'
+import {
+	AuthenticationProvider,
+	type AuthenticationEventsOptions,
+	type ProviderInterface,
+} from '../interface'
+import { oAuthAuthentication } from './OAuth'
+type GoogleInterface = {
+	authorizationCode: string
+	codeVerifier: string
+}
+export class Google
+	implements ProviderInterface<DevWabeTypes, GoogleInterface>
+{
+	name = 'google'
+	onSignIn(
+		options: AuthenticationEventsOptions<DevWabeTypes, GoogleInterface>,
+	) {
+		return oAuthAuthentication(AuthenticationProvider.Google)(options)
+	}
+	// @ts-expect-error
+	onSignUp() {
+		throw new Error(
+			'SignUp is not implemented for Oauth provider, you should use signIn instead.',
+		)
+	}
+}

package/src/authentication/providers/OAuth.test.ts ADDED Viewed

@@ -0,0 +1,185 @@
+import { afterEach, describe, expect, it, mock, spyOn } from 'bun:test'
+import { GitHub } from './GitHub'
+import * as OAuth from './OAuth'
+import { AuthenticationProvider } from '../interface'
+// Use GitHub test as use case
+describe('OAuth', () => {
+	const mockGetObjects = mock(() => Promise.resolve([]))
+	const mockCount = mock(() => Promise.resolve(0)) as any
+	const mockCreateObject = mock(() => Promise.resolve({ id: 'userId' })) as any
+	const mockGetUserInfo = mock().mockResolvedValue({
+		email: 'email@test.fr',
+		avatarUrl: 'avatarUrl',
+		username: 'username',
+	})
+	const mockValidateAuthorizationCode = mock().mockResolvedValue({
+		accessToken: 'accessToken',
+		refreshToken: 'refreshToken',
+		accessTokenExpiresAt: new Date(0),
+	})
+	spyOn(OAuth, 'getProvider').mockReturnValue({
+		validateAuthorizationCode: mockValidateAuthorizationCode,
+		getUserInfo: mockGetUserInfo,
+	} as never)
+	const context = {
+		wabe: {
+			controllers: {
+				database: {
+					getObjects: mockGetObjects,
+					createObject: mockCreateObject,
+					count: mockCount,
+				},
+			},
+			config: {
+				authentication: {
+					providers: {
+						github: {
+							clientId: 'clientId',
+							clientSecret: 'clientSecret',
+						},
+					},
+				},
+			},
+		},
+	} as any
+	afterEach(() => {
+		mockGetObjects.mockClear()
+		mockCreateObject.mockClear()
+		mockCount.mockClear()
+		mockValidateAuthorizationCode.mockClear()
+		mockGetUserInfo.mockClear()
+	})
+	it('should sign up with GitHub Provider if there is no user found', async () => {
+		const github = new GitHub()
+		await github.onSignIn({
+			context,
+			input: {
+				authorizationCode: 'authorizationCode',
+				codeVerifier: 'codeVerifier',
+			},
+		})
+		expect(mockValidateAuthorizationCode).toHaveBeenCalledTimes(1)
+		expect(mockGetUserInfo).toHaveBeenCalledTimes(1)
+		expect(mockGetObjects).toHaveBeenCalledTimes(1)
+		expect(mockGetObjects).toHaveBeenCalledWith({
+			className: 'User',
+			where: {
+				authentication: {
+					github: {
+						email: { equalTo: 'email@test.fr' },
+					},
+				},
+			},
+			first: 1,
+			context: expect.any(Object),
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+		})
+		expect(mockCreateObject).toHaveBeenCalledTimes(1)
+		expect(mockCreateObject).toHaveBeenCalledWith({
+			className: 'User',
+			data: {
+				provider: AuthenticationProvider.GitHub,
+				isOauth: true,
+				authentication: {
+					github: {
+						email: 'email@test.fr',
+						username: 'username',
+						avatarUrl: 'avatarUrl',
+					},
+				},
+			},
+			context: expect.any(Object),
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+		})
+	})
+	it('should sign in with GitHub Provider if there is no user found', async () => {
+		mockGetObjects.mockResolvedValue([
+			{
+				id: 'userId',
+				authentication: {
+					github: {
+						email: 'email@test.fr',
+						verifiedEmail: true,
+						idToken: 'idToken',
+					},
+				},
+				provider: AuthenticationProvider.Google,
+				isOauth: true,
+			} as any,
+		] as never)
+		const github = new GitHub()
+		await github.onSignIn({
+			context,
+			input: {
+				authorizationCode: 'authorizationCode',
+				codeVerifier: 'codeVerifier',
+			},
+		})
+		expect(mockValidateAuthorizationCode).toHaveBeenCalledTimes(1)
+		expect(mockGetUserInfo).toHaveBeenCalledTimes(1)
+		expect(mockGetObjects).toHaveBeenCalledTimes(1)
+		expect(mockGetObjects).toHaveBeenCalledWith({
+			className: 'User',
+			where: {
+				authentication: {
+					github: {
+						email: { equalTo: 'email@test.fr' },
+					},
+				},
+			},
+			first: 1,
+			context: expect.any(Object),
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+		})
+		expect(mockCreateObject).toHaveBeenCalledTimes(0)
+		mockValidateAuthorizationCode.mockRestore()
+	})
+})

package/src/authentication/providers/OAuth.ts ADDED Viewed

@@ -0,0 +1,112 @@
+import type { WabeContext } from '../../server/interface'
+import { contextWithRoot } from '../../utils/export'
+import type { DevWabeTypes } from '../../utils/helper'
+import {
+	type AuthenticationEventsOptions,
+	AuthenticationProvider,
+} from '../interface'
+import { Google } from '../oauth'
+import { GitHub } from '../oauth/GitHub'
+export type OAuthAuthenticationInterface = {
+	authorizationCode: string
+	codeVerifier: string
+}
+export const getProvider = (
+	context: WabeContext<DevWabeTypes>,
+	provider: AuthenticationProvider,
+) => {
+	const config = context.wabe.config
+	switch (provider) {
+		case AuthenticationProvider.Google:
+			return new Google(config)
+		case AuthenticationProvider.GitHub:
+			return new GitHub(config)
+		default:
+			throw new Error(`Provider ${provider} not found`)
+	}
+}
+export const oAuthAuthentication =
+	(oAuthProvider: AuthenticationProvider) =>
+	async ({
+		context,
+		input,
+	}: AuthenticationEventsOptions<
+		DevWabeTypes,
+		OAuthAuthenticationInterface
+	>) => {
+		const { authorizationCode, codeVerifier } = input
+		const provider = getProvider(context, oAuthProvider)
+		const { accessToken } = await provider.validateAuthorizationCode(
+			authorizationCode,
+			codeVerifier,
+		)
+		const userInfoToSave = await provider.getUserInfo(accessToken)
+		const user = await context.wabe.controllers.database.getObjects({
+			className: 'User',
+			where: {
+				authentication: {
+					[oAuthProvider]: {
+						email: { equalTo: userInfoToSave.email },
+					},
+				},
+			},
+			context: contextWithRoot(context),
+			first: 1,
+			select: {
+				authentication: true,
+				role: true,
+				secondFA: true,
+				email: true,
+				id: true,
+				provider: true,
+				isOauth: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+		})
+		if (user.length === 0) {
+			const createdUser = await context.wabe.controllers.database.createObject({
+				className: 'User',
+				data: {
+					provider: oAuthProvider,
+					isOauth: true,
+					authentication: {
+						[oAuthProvider]: userInfoToSave,
+					},
+				},
+				context: contextWithRoot(context),
+				select: {
+					authentication: true,
+					role: true,
+					secondFA: true,
+					email: true,
+					id: true,
+					provider: true,
+					isOauth: true,
+					createdAt: true,
+					updatedAt: true,
+				},
+			})
+			if (!createdUser) throw new Error('User not found')
+			return {
+				user: createdUser,
+			}
+		}
+		if (!user[0]) throw new Error('User not found')
+		return {
+			user: user[0],
+		}
+	}