mirror of
https://github.com/standardnotes/server
synced 2026-02-17 17:01:14 -05:00
Compare commits
23 Commits
@standardn
...
@standardn
| Author | SHA1 | Date | |
|---|---|---|---|
|
f9183b4c62 | ||
|
|
c7d575a0ff | ||
|
|
a575e62519 | ||
|
|
3761d60f41 | ||
|
|
fd629d43ba | ||
|
|
76b1cb0f5a | ||
|
|
2f94abc9f7 | ||
|
|
c70040fe5d | ||
|
|
4b8a9e448a | ||
|
|
1e4c7d0f31 | ||
|
|
ec75795a02 | ||
|
|
ad26b64b28 | ||
|
|
9e4715ebbd | ||
|
|
cc612296d0 | ||
|
|
1148b3948c | ||
|
|
c7e605fd60 | ||
|
|
4ab32c670e | ||
|
|
2d810568a8 | ||
|
|
b8353aa817 | ||
|
|
7924f63e28 | ||
|
|
b3b617ea0b | ||
|
|
18a5071618 | ||
|
|
fea58029b9 |
11
.github/workflows/common-e2e.yml
vendored
11
.github/workflows/common-e2e.yml
vendored
@@ -50,7 +50,7 @@ jobs:
|
||||
run: yarn dlx mocha-headless-chrome --timeout 1200000 -f http://localhost:9001/mocha/test.html
|
||||
|
||||
e2e-home-server:
|
||||
name: (WIP - Home Server) E2E Test Suite
|
||||
name: (Home Server) E2E Test Suite
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
services:
|
||||
@@ -83,6 +83,10 @@ jobs:
|
||||
sed -i "s/AUTH_JWT_SECRET=/AUTH_JWT_SECRET=$(openssl rand -hex 32)/g" packages/home-server/.env
|
||||
sed -i "s/ENCRYPTION_SERVER_KEY=/ENCRYPTION_SERVER_KEY=$(openssl rand -hex 32)/g" packages/home-server/.env
|
||||
sed -i "s/PSEUDO_KEY_PARAMS_KEY=/PSEUDO_KEY_PARAMS_KEY=$(openssl rand -hex 32)/g" packages/home-server/.env
|
||||
sed -i "s/VALET_TOKEN_SECRET=/VALET_TOKEN_SECRET=$(openssl rand -hex 32)/g" packages/home-server/.env
|
||||
echo "ACCESS_TOKEN_AGE=4" >> packages/home-server/.env
|
||||
echo "REFRESH_TOKEN_AGE=7" >> packages/home-server/.env
|
||||
echo "REVISIONS_FREQUENCY=5" >> packages/home-server/.env
|
||||
|
||||
- name: Run Server
|
||||
run: nohup yarn workspace @standardnotes/home-server start &
|
||||
@@ -90,8 +94,7 @@ jobs:
|
||||
PORT: 3123
|
||||
|
||||
- name: Wait for server to start
|
||||
run: docker/is-available.sh http://localhost:3123 $(pwd)/logs
|
||||
run: for i in {1..30}; do curl -s http://localhost:3123/healthcheck && break || sleep 1; done
|
||||
|
||||
- name: Run E2E Test Suite
|
||||
continue-on-error: true
|
||||
run: yarn dlx mocha-headless-chrome --timeout 1200000 -f http://localhost:9001/mocha/test.html
|
||||
run: yarn dlx mocha-headless-chrome --timeout 1200000 -f http://localhost:9001/mocha/test.html?skip_paid_features=true
|
||||
|
||||
15
.pnp.cjs
generated
15
.pnp.cjs
generated
@@ -4626,6 +4626,9 @@ const RAW_RUNTIME_STATE =
|
||||
["@standardnotes/auth-server", "workspace:packages/auth"],\
|
||||
["@standardnotes/domain-core", "workspace:packages/domain-core"],\
|
||||
["@standardnotes/domain-events-infra", "workspace:packages/domain-events-infra"],\
|
||||
["@standardnotes/files-server", "workspace:packages/files"],\
|
||||
["@standardnotes/revisions-server", "workspace:packages/revisions"],\
|
||||
["@standardnotes/syncing-server", "workspace:packages/syncing-server"],\
|
||||
["@types/cors", "npm:2.8.13"],\
|
||||
["@types/express", "npm:4.17.17"],\
|
||||
["@types/prettyjson", "npm:0.0.30"],\
|
||||
@@ -4713,7 +4716,6 @@ const RAW_RUNTIME_STATE =
|
||||
["@types/cors", "npm:2.8.13"],\
|
||||
["@types/dotenv", "npm:8.2.0"],\
|
||||
["@types/express", "npm:4.17.17"],\
|
||||
["@types/inversify-express-utils", "npm:2.0.0"],\
|
||||
["@types/jest", "npm:29.5.1"],\
|
||||
["@types/newrelic", "npm:9.13.0"],\
|
||||
["@typescript-eslint/eslint-plugin", "virtual:fd909b174d079e30b336c4ce72c38a88c1e447767b1a8dd7655e07719a1e31b97807f0931368724fc78897ff15e6a6d00b83316c0f76d11f85111f342e08bb79#npm:5.59.2"],\
|
||||
@@ -4897,7 +4899,6 @@ const RAW_RUNTIME_STATE =
|
||||
["@types/cors", "npm:2.8.13"],\
|
||||
["@types/dotenv", "npm:8.2.0"],\
|
||||
["@types/express", "npm:4.17.17"],\
|
||||
["@types/inversify-express-utils", "npm:2.0.0"],\
|
||||
["@types/jest", "npm:29.5.1"],\
|
||||
["@types/jsonwebtoken", "npm:9.0.2"],\
|
||||
["@types/newrelic", "npm:9.13.0"],\
|
||||
@@ -5299,16 +5300,6 @@ const RAW_RUNTIME_STATE =
|
||||
"linkType": "HARD"\
|
||||
}]\
|
||||
]],\
|
||||
["@types/inversify-express-utils", [\
|
||||
["npm:2.0.0", {\
|
||||
"packageLocation": "./.yarn/cache/@types-inversify-express-utils-npm-2.0.0-e78182955d-9841bfddff.zip/node_modules/@types/inversify-express-utils/",\
|
||||
"packageDependencies": [\
|
||||
["@types/inversify-express-utils", "npm:2.0.0"],\
|
||||
["inversify-express-utils", "npm:6.4.3"]\
|
||||
],\
|
||||
"linkType": "HARD"\
|
||||
}]\
|
||||
]],\
|
||||
["@types/ioredis", [\
|
||||
["npm:5.0.0", {\
|
||||
"packageLocation": "./.yarn/cache/@types-ioredis-npm-5.0.0-6efa70abfa-439770c9da.zip/node_modules/@types/ioredis/",\
|
||||
|
||||
Binary file not shown.
@@ -3,6 +3,10 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [2.22.5](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.22.4...@standardnotes/analytics@2.22.5) (2023-05-29)
|
||||
|
||||
**Note:** Version bump only for package @standardnotes/analytics
|
||||
|
||||
## [2.22.4](https://github.com/standardnotes/server/compare/@standardnotes/analytics@2.22.3...@standardnotes/analytics@2.22.4) (2023-05-17)
|
||||
|
||||
**Note:** Version bump only for package @standardnotes/analytics
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@standardnotes/analytics",
|
||||
"version": "2.22.4",
|
||||
"version": "2.22.5",
|
||||
"engines": {
|
||||
"node": ">=18.0.0 <21.0.0"
|
||||
},
|
||||
|
||||
@@ -3,6 +3,41 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
# [1.59.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.58.0...@standardnotes/api-gateway@1.59.0) (2023-05-29)
|
||||
|
||||
### Features
|
||||
|
||||
* add files server as a service to home-server ([#614](https://github.com/standardnotes/api-gateway/issues/614)) ([c7d575a](https://github.com/standardnotes/api-gateway/commit/c7d575a0ffc7eb3e8799c3835da5727584f4f67b))
|
||||
|
||||
# [1.58.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.57.0...@standardnotes/api-gateway@1.58.0) (2023-05-25)
|
||||
|
||||
### Features
|
||||
|
||||
* add revisions service to home server ([#613](https://github.com/standardnotes/api-gateway/issues/613)) ([c70040f](https://github.com/standardnotes/api-gateway/commit/c70040fe5dfd35663b9811fbbaa9370bd0298482))
|
||||
|
||||
# [1.57.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.56.2...@standardnotes/api-gateway@1.57.0) (2023-05-25)
|
||||
|
||||
### Features
|
||||
|
||||
* refactor auth middleware to handle required and optional cross service token scenarios ([#612](https://github.com/standardnotes/api-gateway/issues/612)) ([1e4c7d0](https://github.com/standardnotes/api-gateway/commit/1e4c7d0f317d5c2d98065da12ffeb950b10ee5dc))
|
||||
|
||||
## [1.56.2](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.56.1...@standardnotes/api-gateway@1.56.2) (2023-05-18)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **api-gateway:** decorating responses for direct call proxy ([4ab32c6](https://github.com/standardnotes/api-gateway/commit/4ab32c670eedcfc64611a191bc25566d43372b23))
|
||||
* **api-gateway:** pkce endpoints resolution for direct code calls ([c7e605f](https://github.com/standardnotes/api-gateway/commit/c7e605fd6046e8476c493658c6feaed365e82e5d))
|
||||
|
||||
## [1.56.1](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.56.0...@standardnotes/api-gateway@1.56.1) (2023-05-18)
|
||||
|
||||
**Note:** Version bump only for package @standardnotes/api-gateway
|
||||
|
||||
# [1.56.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.55.0...@standardnotes/api-gateway@1.56.0) (2023-05-17)
|
||||
|
||||
### Features
|
||||
|
||||
* bundle syncing server into home server setup ([#611](https://github.com/standardnotes/api-gateway/issues/611)) ([b3b617e](https://github.com/standardnotes/api-gateway/commit/b3b617ea0b4f4574f6aa7cfae0e9fa8f868f1f4c))
|
||||
|
||||
# [1.55.0](https://github.com/standardnotes/api-gateway/compare/@standardnotes/api-gateway@1.54.0...@standardnotes/api-gateway@1.55.0) (2023-05-17)
|
||||
|
||||
### Features
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@standardnotes/api-gateway",
|
||||
"version": "1.55.0",
|
||||
"version": "1.59.0",
|
||||
"engines": {
|
||||
"node": ">=18.0.0 <21.0.0"
|
||||
},
|
||||
|
||||
@@ -8,7 +8,6 @@ import { Timer, TimerInterface } from '@standardnotes/time'
|
||||
|
||||
import { Env } from './Env'
|
||||
import { TYPES } from './Types'
|
||||
import { AuthMiddleware } from '../Controller/AuthMiddleware'
|
||||
import { ServiceProxyInterface } from '../Service/Http/ServiceProxyInterface'
|
||||
import { HttpServiceProxy } from '../Service/Http/HttpServiceProxy'
|
||||
import { SubscriptionTokenAuthMiddleware } from '../Controller/SubscriptionTokenAuthMiddleware'
|
||||
@@ -20,6 +19,8 @@ import { DirectCallServiceProxy } from '../Service/Proxy/DirectCallServiceProxy'
|
||||
import { ServiceContainerInterface } from '@standardnotes/domain-core'
|
||||
import { EndpointResolverInterface } from '../Service/Resolver/EndpointResolverInterface'
|
||||
import { EndpointResolver } from '../Service/Resolver/EndpointResolver'
|
||||
import { RequiredCrossServiceTokenMiddleware } from '../Controller/RequiredCrossServiceTokenMiddleware'
|
||||
import { OptionalCrossServiceTokenMiddleware } from '../Controller/OptionalCrossServiceTokenMiddleware'
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
||||
const newrelicFormatter = require('@newrelic/winston-enricher')
|
||||
@@ -43,6 +44,7 @@ export class ContainerConfigLoader {
|
||||
level: env.get('LOG_LEVEL') || 'info',
|
||||
format: winston.format.combine(...winstonFormatters),
|
||||
transports: [new winston.transports.Console({ level: env.get('LOG_LEVEL') || 'info' })],
|
||||
defaultMeta: { service: 'api-gateway' },
|
||||
})
|
||||
container.bind<winston.Logger>(TYPES.Logger).toConstantValue(logger)
|
||||
|
||||
@@ -76,7 +78,12 @@ export class ContainerConfigLoader {
|
||||
container.bind(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL).toConstantValue(+env.get('CROSS_SERVICE_TOKEN_CACHE_TTL', true))
|
||||
|
||||
// Middleware
|
||||
container.bind<AuthMiddleware>(TYPES.AuthMiddleware).to(AuthMiddleware)
|
||||
container
|
||||
.bind<RequiredCrossServiceTokenMiddleware>(TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
.to(RequiredCrossServiceTokenMiddleware)
|
||||
container
|
||||
.bind<OptionalCrossServiceTokenMiddleware>(TYPES.OptionalCrossServiceTokenMiddleware)
|
||||
.to(OptionalCrossServiceTokenMiddleware)
|
||||
container.bind<WebSocketAuthMiddleware>(TYPES.WebSocketAuthMiddleware).to(WebSocketAuthMiddleware)
|
||||
container
|
||||
.bind<SubscriptionTokenAuthMiddleware>(TYPES.SubscriptionTokenAuthMiddleware)
|
||||
@@ -89,7 +96,7 @@ export class ContainerConfigLoader {
|
||||
}
|
||||
container
|
||||
.bind<ServiceProxyInterface>(TYPES.ServiceProxy)
|
||||
.toConstantValue(new DirectCallServiceProxy(serviceContainer))
|
||||
.toConstantValue(new DirectCallServiceProxy(serviceContainer, container.get(TYPES.FILES_SERVER_URL)))
|
||||
} else {
|
||||
container.bind<ServiceProxyInterface>(TYPES.ServiceProxy).to(HttpServiceProxy)
|
||||
}
|
||||
|
||||
@@ -1,28 +1,14 @@
|
||||
import {
|
||||
ControllerContainerInterface,
|
||||
ServiceContainerInterface,
|
||||
ServiceIdentifier,
|
||||
ServiceInterface,
|
||||
} from '@standardnotes/domain-core'
|
||||
import { ServiceContainerInterface, ServiceIdentifier, ServiceInterface } from '@standardnotes/domain-core'
|
||||
|
||||
import { ContainerConfigLoader } from './Container'
|
||||
|
||||
export class Service implements ServiceInterface {
|
||||
constructor(
|
||||
private serviceContainer: ServiceContainerInterface,
|
||||
private controllerContainer: ControllerContainerInterface,
|
||||
) {
|
||||
this.serviceContainer.register(ServiceIdentifier.create(ServiceIdentifier.NAMES.ApiGateway).getValue(), this)
|
||||
constructor(private serviceContainer: ServiceContainerInterface) {
|
||||
this.serviceContainer.register(this.getId(), this)
|
||||
}
|
||||
|
||||
async handleRequest(request: never, response: never, endpointOrMethodIdentifier: string): Promise<unknown> {
|
||||
const method = this.controllerContainer.get(endpointOrMethodIdentifier)
|
||||
|
||||
if (!method) {
|
||||
throw new Error(`Method ${endpointOrMethodIdentifier} not found`)
|
||||
}
|
||||
|
||||
return method(request, response)
|
||||
async handleRequest(_request: never, _response: never, _endpointOrMethodIdentifier: string): Promise<unknown> {
|
||||
throw new Error('Requests are handled via inversify-express at ApiGateway level')
|
||||
}
|
||||
|
||||
async getContainer(): Promise<unknown> {
|
||||
|
||||
@@ -15,7 +15,8 @@ export const TYPES = {
|
||||
VERSION: Symbol.for('VERSION'),
|
||||
CROSS_SERVICE_TOKEN_CACHE_TTL: Symbol.for('CROSS_SERVICE_TOKEN_CACHE_TTL'),
|
||||
// Middleware
|
||||
AuthMiddleware: Symbol.for('AuthMiddleware'),
|
||||
RequiredCrossServiceTokenMiddleware: Symbol.for('RequiredCrossServiceTokenMiddleware'),
|
||||
OptionalCrossServiceTokenMiddleware: Symbol.for('OptionalCrossServiceTokenMiddleware'),
|
||||
WebSocketAuthMiddleware: Symbol.for('WebSocketAuthMiddleware'),
|
||||
SubscriptionTokenAuthMiddleware: Symbol.for('SubscriptionTokenAuthMiddleware'),
|
||||
// Services
|
||||
|
||||
@@ -1,3 +1,2 @@
|
||||
export * from './Container'
|
||||
export * from './Service'
|
||||
export * from './Types'
|
||||
|
||||
@@ -2,43 +2,33 @@ import { CrossServiceTokenData } from '@standardnotes/security'
|
||||
import { RoleName } from '@standardnotes/domain-core'
|
||||
import { TimerInterface } from '@standardnotes/time'
|
||||
import { NextFunction, Request, Response } from 'express'
|
||||
import { inject, injectable } from 'inversify'
|
||||
import { BaseMiddleware } from 'inversify-express-utils'
|
||||
import { verify } from 'jsonwebtoken'
|
||||
import { AxiosError } from 'axios'
|
||||
import { Logger } from 'winston'
|
||||
|
||||
import { TYPES } from '../Bootstrap/Types'
|
||||
import { CrossServiceTokenCacheInterface } from '../Service/Cache/CrossServiceTokenCacheInterface'
|
||||
import { ServiceProxyInterface } from '../Service/Http/ServiceProxyInterface'
|
||||
|
||||
@injectable()
|
||||
export class AuthMiddleware extends BaseMiddleware {
|
||||
export abstract class AuthMiddleware extends BaseMiddleware {
|
||||
constructor(
|
||||
@inject(TYPES.ServiceProxy) private serviceProxy: ServiceProxyInterface,
|
||||
@inject(TYPES.AUTH_JWT_SECRET) private jwtSecret: string,
|
||||
@inject(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL) private crossServiceTokenCacheTTL: number,
|
||||
@inject(TYPES.CrossServiceTokenCache) private crossServiceTokenCache: CrossServiceTokenCacheInterface,
|
||||
@inject(TYPES.Timer) private timer: TimerInterface,
|
||||
@inject(TYPES.Logger) private logger: Logger,
|
||||
private serviceProxy: ServiceProxyInterface,
|
||||
private jwtSecret: string,
|
||||
private crossServiceTokenCacheTTL: number,
|
||||
private crossServiceTokenCache: CrossServiceTokenCacheInterface,
|
||||
private timer: TimerInterface,
|
||||
private logger: Logger,
|
||||
) {
|
||||
super()
|
||||
}
|
||||
|
||||
async handler(request: Request, response: Response, next: NextFunction): Promise<void> {
|
||||
const authHeaderValue = request.headers.authorization as string
|
||||
|
||||
if (!authHeaderValue) {
|
||||
response.status(401).send({
|
||||
error: {
|
||||
tag: 'invalid-auth',
|
||||
message: 'Invalid login credentials.',
|
||||
},
|
||||
})
|
||||
|
||||
if (!this.handleMissingAuthHeader(request.headers.authorization, response, next)) {
|
||||
return
|
||||
}
|
||||
|
||||
const authHeaderValue = request.headers.authorization as string
|
||||
|
||||
try {
|
||||
let crossServiceTokenFetchedFromCache = true
|
||||
let crossServiceToken = null
|
||||
@@ -49,10 +39,7 @@ export class AuthMiddleware extends BaseMiddleware {
|
||||
if (crossServiceToken === null) {
|
||||
const authResponse = await this.serviceProxy.validateSession(authHeaderValue)
|
||||
|
||||
if (authResponse.status > 200) {
|
||||
response.setHeader('content-type', authResponse.headers.contentType)
|
||||
response.status(authResponse.status).send(authResponse.data)
|
||||
|
||||
if (!this.handleSessionValidationResponse(authResponse, response, next)) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -77,7 +64,8 @@ export class AuthMiddleware extends BaseMiddleware {
|
||||
})
|
||||
}
|
||||
|
||||
response.locals.userUuid = decodedToken.user.uuid
|
||||
response.locals.user = decodedToken.user
|
||||
response.locals.session = decodedToken.session
|
||||
response.locals.roles = decodedToken.roles
|
||||
} catch (error) {
|
||||
const errorMessage = (error as AxiosError).isAxiosError
|
||||
@@ -105,6 +93,24 @@ export class AuthMiddleware extends BaseMiddleware {
|
||||
return next()
|
||||
}
|
||||
|
||||
protected abstract handleSessionValidationResponse(
|
||||
authResponse: {
|
||||
status: number
|
||||
data: unknown
|
||||
headers: {
|
||||
contentType: string
|
||||
}
|
||||
},
|
||||
response: Response,
|
||||
next: NextFunction,
|
||||
): boolean
|
||||
|
||||
protected abstract handleMissingAuthHeader(
|
||||
authHeaderValue: string | undefined,
|
||||
response: Response,
|
||||
next: NextFunction,
|
||||
): boolean
|
||||
|
||||
private getCrossServiceTokenCacheExpireTimestamp(token: CrossServiceTokenData): number {
|
||||
const crossServiceTokenDefaultCacheExpiration = this.timer.getTimestampInSeconds() + this.crossServiceTokenCacheTTL
|
||||
|
||||
|
||||
@@ -29,17 +29,17 @@ export class LegacyController extends BaseHttpController {
|
||||
])
|
||||
}
|
||||
|
||||
@httpPost('/items/sync', TYPES.AuthMiddleware)
|
||||
@httpPost('/items/sync', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async legacyItemsSync(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callLegacySyncingServer(request, response, request.path.substring(1), request.body)
|
||||
}
|
||||
|
||||
@httpGet('/items/:item_id/revisions', TYPES.AuthMiddleware)
|
||||
@httpGet('/items/:item_id/revisions', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async legacyGetRevisions(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callLegacySyncingServer(request, response, request.path.substring(1), request.body)
|
||||
}
|
||||
|
||||
@httpGet('/items/:item_id/revisions/:id', TYPES.AuthMiddleware)
|
||||
@httpGet('/items/:item_id/revisions/:id', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async legacyGetRevision(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callLegacySyncingServer(request, response, request.path.substring(1), request.body)
|
||||
}
|
||||
|
||||
@@ -0,0 +1,51 @@
|
||||
import { TimerInterface } from '@standardnotes/time'
|
||||
import { NextFunction, Response } from 'express'
|
||||
import { inject, injectable } from 'inversify'
|
||||
import { Logger } from 'winston'
|
||||
|
||||
import { TYPES } from '../Bootstrap/Types'
|
||||
import { CrossServiceTokenCacheInterface } from '../Service/Cache/CrossServiceTokenCacheInterface'
|
||||
import { ServiceProxyInterface } from '../Service/Http/ServiceProxyInterface'
|
||||
import { AuthMiddleware } from './AuthMiddleware'
|
||||
|
||||
@injectable()
|
||||
export class OptionalCrossServiceTokenMiddleware extends AuthMiddleware {
|
||||
constructor(
|
||||
@inject(TYPES.ServiceProxy) serviceProxy: ServiceProxyInterface,
|
||||
@inject(TYPES.AUTH_JWT_SECRET) jwtSecret: string,
|
||||
@inject(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
|
||||
@inject(TYPES.CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
|
||||
@inject(TYPES.Timer) timer: TimerInterface,
|
||||
@inject(TYPES.Logger) logger: Logger,
|
||||
) {
|
||||
super(serviceProxy, jwtSecret, crossServiceTokenCacheTTL, crossServiceTokenCache, timer, logger)
|
||||
}
|
||||
|
||||
protected override handleSessionValidationResponse(
|
||||
authResponse: { status: number; data: unknown; headers: { contentType: string } },
|
||||
_response: Response,
|
||||
next: NextFunction,
|
||||
): boolean {
|
||||
if (authResponse.status > 200) {
|
||||
next()
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
protected override handleMissingAuthHeader(
|
||||
authHeaderValue: string | undefined,
|
||||
_response: Response,
|
||||
next: NextFunction,
|
||||
): boolean {
|
||||
if (!authHeaderValue) {
|
||||
next()
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,57 @@
|
||||
import { TimerInterface } from '@standardnotes/time'
|
||||
import { NextFunction, Response } from 'express'
|
||||
import { inject, injectable } from 'inversify'
|
||||
import { Logger } from 'winston'
|
||||
|
||||
import { TYPES } from '../Bootstrap/Types'
|
||||
import { CrossServiceTokenCacheInterface } from '../Service/Cache/CrossServiceTokenCacheInterface'
|
||||
import { ServiceProxyInterface } from '../Service/Http/ServiceProxyInterface'
|
||||
import { AuthMiddleware } from './AuthMiddleware'
|
||||
|
||||
@injectable()
|
||||
export class RequiredCrossServiceTokenMiddleware extends AuthMiddleware {
|
||||
constructor(
|
||||
@inject(TYPES.ServiceProxy) serviceProxy: ServiceProxyInterface,
|
||||
@inject(TYPES.AUTH_JWT_SECRET) jwtSecret: string,
|
||||
@inject(TYPES.CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
|
||||
@inject(TYPES.CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
|
||||
@inject(TYPES.Timer) timer: TimerInterface,
|
||||
@inject(TYPES.Logger) logger: Logger,
|
||||
) {
|
||||
super(serviceProxy, jwtSecret, crossServiceTokenCacheTTL, crossServiceTokenCache, timer, logger)
|
||||
}
|
||||
|
||||
protected override handleSessionValidationResponse(
|
||||
authResponse: { status: number; data: unknown; headers: { contentType: string } },
|
||||
response: Response,
|
||||
_next: NextFunction,
|
||||
): boolean {
|
||||
if (authResponse.status > 200) {
|
||||
response.setHeader('content-type', authResponse.headers.contentType)
|
||||
response.status(authResponse.status).send(authResponse.data)
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
protected override handleMissingAuthHeader(
|
||||
authHeaderValue: string | undefined,
|
||||
response: Response,
|
||||
_next: NextFunction,
|
||||
): boolean {
|
||||
if (!authHeaderValue) {
|
||||
response.status(401).send({
|
||||
error: {
|
||||
tag: 'invalid-auth',
|
||||
message: 'Invalid login credentials.',
|
||||
},
|
||||
})
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
}
|
||||
@@ -118,7 +118,7 @@ export class SubscriptionTokenAuthMiddleware extends BaseMiddleware {
|
||||
verify(authResponse.data.authToken, this.jwtSecret, { algorithms: ['HS256'] })
|
||||
)
|
||||
|
||||
response.locals.userUuid = decodedToken.user.uuid
|
||||
response.locals.user = decodedToken.user
|
||||
response.locals.roles = decodedToken.roles
|
||||
}
|
||||
}
|
||||
|
||||
@@ -63,7 +63,7 @@ export class WebSocketAuthMiddleware extends BaseMiddleware {
|
||||
response.locals.freeUser =
|
||||
decodedToken.roles.length === 1 &&
|
||||
decodedToken.roles.find((role) => role.name === RoleName.NAMES.CoreUser) !== undefined
|
||||
response.locals.userUuid = decodedToken.user.uuid
|
||||
response.locals.user = decodedToken.user
|
||||
response.locals.roles = decodedToken.roles
|
||||
} catch (error) {
|
||||
const errorMessage = (error as AxiosError).isAxiosError
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
export * from './AuthMiddleware'
|
||||
export * from './HealthCheckController'
|
||||
export * from './LegacyController'
|
||||
export * from './SubscriptionTokenAuthMiddleware'
|
||||
export * from './TokenAuthenticationMethod'
|
||||
export * from './WebSocketAuthMiddleware'
|
||||
|
||||
@@ -24,7 +24,7 @@ export class ActionsController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/login-params')
|
||||
@httpGet('/login-params', TYPES.OptionalCrossServiceTokenMiddleware)
|
||||
async loginParams(request: Request, response: Response): Promise<void> {
|
||||
await this.serviceProxy.callAuthServer(
|
||||
request,
|
||||
@@ -34,7 +34,7 @@ export class ActionsController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpPost('/logout')
|
||||
@httpPost('/logout', TYPES.OptionalCrossServiceTokenMiddleware)
|
||||
async logout(request: Request, response: Response): Promise<void> {
|
||||
await this.serviceProxy.callAuthServer(
|
||||
request,
|
||||
@@ -54,7 +54,7 @@ export class ActionsController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpPost('/recovery/codes', TYPES.AuthMiddleware)
|
||||
@httpPost('/recovery/codes', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async recoveryCodes(request: Request, response: Response): Promise<void> {
|
||||
await this.serviceProxy.callAuthServer(
|
||||
request,
|
||||
|
||||
@@ -15,7 +15,7 @@ export class AuthenticatorsController extends BaseHttpController {
|
||||
super()
|
||||
}
|
||||
|
||||
@httpDelete('/:authenticatorId', TYPES.AuthMiddleware)
|
||||
@httpDelete('/:authenticatorId', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async delete(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -29,7 +29,7 @@ export class AuthenticatorsController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/', TYPES.AuthMiddleware)
|
||||
@httpGet('/', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async list(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -39,7 +39,7 @@ export class AuthenticatorsController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/generate-registration-options', TYPES.AuthMiddleware)
|
||||
@httpGet('/generate-registration-options', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async generateRegistrationOptions(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -59,7 +59,7 @@ export class AuthenticatorsController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpPost('/verify-registration', TYPES.AuthMiddleware)
|
||||
@httpPost('/verify-registration', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async verifyRegistration(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
|
||||
@@ -15,7 +15,7 @@ export class FilesController extends BaseHttpController {
|
||||
super()
|
||||
}
|
||||
|
||||
@httpPost('/valet-tokens', TYPES.AuthMiddleware)
|
||||
@httpPost('/valet-tokens', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async createToken(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
|
||||
@@ -5,10 +5,10 @@ import { TYPES } from '../../Bootstrap/Types'
|
||||
import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
|
||||
import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'
|
||||
|
||||
@controller('/v1/items', TYPES.AuthMiddleware)
|
||||
@controller('/v1/items', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
export class ItemsController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
|
||||
@inject(TYPES.ServiceProxy) private serviceProxy: ServiceProxyInterface,
|
||||
@inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
|
||||
) {
|
||||
super()
|
||||
@@ -16,7 +16,7 @@ export class ItemsController extends BaseHttpController {
|
||||
|
||||
@httpPost('/')
|
||||
async sync(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callSyncingServer(
|
||||
await this.serviceProxy.callSyncingServer(
|
||||
request,
|
||||
response,
|
||||
this.endpointResolver.resolveEndpointOrMethodIdentifier('POST', 'items/sync'),
|
||||
@@ -26,7 +26,7 @@ export class ItemsController extends BaseHttpController {
|
||||
|
||||
@httpPost('/check-integrity')
|
||||
async checkIntegrity(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callSyncingServer(
|
||||
await this.serviceProxy.callSyncingServer(
|
||||
request,
|
||||
response,
|
||||
this.endpointResolver.resolveEndpointOrMethodIdentifier('POST', 'items/check-integrity'),
|
||||
@@ -36,7 +36,7 @@ export class ItemsController extends BaseHttpController {
|
||||
|
||||
@httpGet('/:uuid')
|
||||
async getItem(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callSyncingServer(
|
||||
await this.serviceProxy.callSyncingServer(
|
||||
request,
|
||||
response,
|
||||
this.endpointResolver.resolveEndpointOrMethodIdentifier('GET', 'items/:uuid', request.params.uuid),
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import { BaseHttpController, controller, httpDelete, httpGet, results } from 'inversify-express-utils'
|
||||
import { TYPES } from '../../Bootstrap/Types'
|
||||
|
||||
@controller('/v1/items/:item_id/revisions', TYPES.AuthMiddleware)
|
||||
@controller('/v1/items/:item_id/revisions', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
export class RevisionsController extends BaseHttpController {
|
||||
@httpGet('/')
|
||||
async getRevisions(): Promise<results.JsonResult> {
|
||||
|
||||
@@ -14,7 +14,7 @@ export class SessionsController extends BaseHttpController {
|
||||
super()
|
||||
}
|
||||
|
||||
@httpGet('/', TYPES.AuthMiddleware)
|
||||
@httpGet('/', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async getSessions(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -23,7 +23,7 @@ export class SessionsController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpDelete('/:uuid', TYPES.AuthMiddleware)
|
||||
@httpDelete('/:uuid', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async deleteSession(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -35,7 +35,7 @@ export class SessionsController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpDelete('/', TYPES.AuthMiddleware)
|
||||
@httpDelete('/', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async deleteSessions(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
|
||||
@@ -15,7 +15,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
|
||||
super()
|
||||
}
|
||||
|
||||
@httpPost('/', TYPES.AuthMiddleware)
|
||||
@httpPost('/', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async inviteToSubscriptionSharing(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -25,7 +25,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/', TYPES.AuthMiddleware)
|
||||
@httpGet('/', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async listInvites(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -35,7 +35,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpDelete('/:inviteUuid', TYPES.AuthMiddleware)
|
||||
@httpDelete('/:inviteUuid', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async cancelSubscriptionSharing(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -48,7 +48,7 @@ export class SubscriptionInvitesController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpPost('/:inviteUuid/accept', TYPES.AuthMiddleware)
|
||||
@httpPost('/:inviteUuid/accept', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async acceptInvite(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
|
||||
@@ -15,7 +15,7 @@ export class TokensController extends BaseHttpController {
|
||||
super()
|
||||
}
|
||||
|
||||
@httpPost('/', TYPES.AuthMiddleware)
|
||||
@httpPost('/', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async createToken(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
|
||||
@@ -37,7 +37,7 @@ export class UsersController extends BaseHttpController {
|
||||
await this.httpService.callPaymentsServer(request, response, 'api/pro_users/send-activation-code', request.body)
|
||||
}
|
||||
|
||||
@httpPatch('/:userId', TYPES.AuthMiddleware)
|
||||
@httpPatch('/:userId', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async updateUser(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -47,7 +47,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpPut('/:userUuid/password', TYPES.AuthMiddleware)
|
||||
@httpPut('/:userUuid/password', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async changePassword(request: Request, response: Response): Promise<void> {
|
||||
this.logger.debug(
|
||||
'[DEPRECATED] use endpoint /v1/users/:userUuid/attributes/credentials instead of /v1/users/:userUuid/password',
|
||||
@@ -65,7 +65,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpPut('/:userUuid/attributes/credentials', TYPES.AuthMiddleware)
|
||||
@httpPut('/:userUuid/attributes/credentials', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async changeCredentials(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -79,7 +79,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/:userId/params', TYPES.AuthMiddleware)
|
||||
@httpGet('/:userId/params', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async getKeyParams(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -88,12 +88,12 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@all('/:userId/mfa', TYPES.AuthMiddleware)
|
||||
@all('/:userId/mfa', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async blockMFA(): Promise<results.StatusCodeResult> {
|
||||
return this.statusCode(401)
|
||||
}
|
||||
|
||||
@httpPost('/:userUuid/integrations/listed', TYPES.AuthMiddleware)
|
||||
@httpPost('/:userUuid/integrations/listed', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async createListedAccount(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -113,7 +113,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/:userUuid/settings', TYPES.AuthMiddleware)
|
||||
@httpGet('/:userUuid/settings', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async listSettings(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -126,7 +126,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpPut('/:userUuid/settings', TYPES.AuthMiddleware)
|
||||
@httpPut('/:userUuid/settings', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async putSetting(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -140,7 +140,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/:userUuid/settings/:settingName', TYPES.AuthMiddleware)
|
||||
@httpGet('/:userUuid/settings/:settingName', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async getSetting(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -154,7 +154,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpDelete('/:userUuid/settings/:settingName', TYPES.AuthMiddleware)
|
||||
@httpDelete('/:userUuid/settings/:settingName', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async deleteSetting(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -169,7 +169,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/:userUuid/subscription-settings/:subscriptionSettingName', TYPES.AuthMiddleware)
|
||||
@httpGet('/:userUuid/subscription-settings/:subscriptionSettingName', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async getSubscriptionSetting(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -183,7 +183,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/:userUuid/features', TYPES.AuthMiddleware)
|
||||
@httpGet('/:userUuid/features', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async getFeatures(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -196,7 +196,7 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/:userUuid/subscription', TYPES.AuthMiddleware)
|
||||
@httpGet('/:userUuid/subscription', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async getSubscription(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
@@ -227,17 +227,17 @@ export class UsersController extends BaseHttpController {
|
||||
this.endpointResolver.resolveEndpointOrMethodIdentifier(
|
||||
'GET',
|
||||
'users/:userUuid/subscription',
|
||||
response.locals.userUuid,
|
||||
response.locals.user.uuid,
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
@httpDelete('/:userUuid', TYPES.AuthMiddleware)
|
||||
@httpDelete('/:userUuid', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async deleteUser(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callPaymentsServer(request, response, 'api/account', request.body)
|
||||
}
|
||||
|
||||
@httpPost('/:userUuid/requests', TYPES.AuthMiddleware)
|
||||
@httpPost('/:userUuid/requests', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async submitRequest(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
request,
|
||||
|
||||
@@ -17,7 +17,7 @@ export class WebSocketsController extends BaseHttpController {
|
||||
super()
|
||||
}
|
||||
|
||||
@httpPost('/tokens', TYPES.AuthMiddleware)
|
||||
@httpPost('/tokens', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
async createWebSocketConnectionToken(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callWebSocketServer(
|
||||
request,
|
||||
|
||||
@@ -9,7 +9,7 @@ import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolv
|
||||
@controller('/v2')
|
||||
export class ActionsControllerV2 extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
|
||||
@inject(TYPES.ServiceProxy) private serviceProxy: ServiceProxyInterface,
|
||||
@inject(TYPES.EndpointResolver) private endpointResolver: EndpointResolverInterface,
|
||||
) {
|
||||
super()
|
||||
@@ -17,7 +17,7 @@ export class ActionsControllerV2 extends BaseHttpController {
|
||||
|
||||
@httpPost('/login')
|
||||
async login(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
await this.serviceProxy.callAuthServer(
|
||||
request,
|
||||
response,
|
||||
this.endpointResolver.resolveEndpointOrMethodIdentifier('POST', 'auth/pkce_sign_in'),
|
||||
@@ -25,9 +25,9 @@ export class ActionsControllerV2 extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpPost('/login-params')
|
||||
@httpPost('/login-params', TYPES.OptionalCrossServiceTokenMiddleware)
|
||||
async loginParams(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callAuthServer(
|
||||
await this.serviceProxy.callAuthServer(
|
||||
request,
|
||||
response,
|
||||
this.endpointResolver.resolveEndpointOrMethodIdentifier('POST', 'auth/pkce_params'),
|
||||
|
||||
@@ -6,7 +6,7 @@ import { TYPES } from '../../Bootstrap/Types'
|
||||
import { ServiceProxyInterface } from '../../Service/Http/ServiceProxyInterface'
|
||||
import { EndpointResolverInterface } from '../../Service/Resolver/EndpointResolverInterface'
|
||||
|
||||
@controller('/v2/items/:itemUuid/revisions', TYPES.AuthMiddleware)
|
||||
@controller('/v2/items/:itemUuid/revisions', TYPES.RequiredCrossServiceTokenMiddleware)
|
||||
export class RevisionsControllerV2 extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.ServiceProxy) private httpService: ServiceProxyInterface,
|
||||
@@ -28,7 +28,7 @@ export class RevisionsControllerV2 extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/:id')
|
||||
@httpGet('/:uuid')
|
||||
async getRevision(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callRevisionsServer(
|
||||
request,
|
||||
@@ -37,12 +37,12 @@ export class RevisionsControllerV2 extends BaseHttpController {
|
||||
'GET',
|
||||
'items/:itemUuid/revisions/:id',
|
||||
request.params.itemUuid,
|
||||
request.params.id,
|
||||
request.params.uuid,
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
@httpDelete('/:id')
|
||||
@httpDelete('/:uuid')
|
||||
async deleteRevision(request: Request, response: Response): Promise<void> {
|
||||
await this.httpService.callRevisionsServer(
|
||||
request,
|
||||
@@ -51,7 +51,7 @@ export class RevisionsControllerV2 extends BaseHttpController {
|
||||
'DELETE',
|
||||
'items/:itemUuid/revisions/:id',
|
||||
request.params.itemUuid,
|
||||
request.params.id,
|
||||
request.params.uuid,
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
@@ -262,7 +262,7 @@ export class HttpServiceProxy implements ServiceProxyInterface {
|
||||
response.status(serviceResponse.status).send({
|
||||
meta: {
|
||||
auth: {
|
||||
userUuid: response.locals.userUuid,
|
||||
userUuid: response.locals.user?.uuid,
|
||||
roles: response.locals.roles,
|
||||
},
|
||||
server: {
|
||||
|
||||
@@ -4,7 +4,7 @@ import { ServiceProxyInterface } from '../Http/ServiceProxyInterface'
|
||||
import { ServiceContainerInterface, ServiceIdentifier } from '@standardnotes/domain-core'
|
||||
|
||||
export class DirectCallServiceProxy implements ServiceProxyInterface {
|
||||
constructor(private serviceContainer: ServiceContainerInterface) {}
|
||||
constructor(private serviceContainer: ServiceContainerInterface, private filesServerUrl: string) {}
|
||||
|
||||
async validateSession(
|
||||
authorizationHeaderValue: string,
|
||||
@@ -49,7 +49,7 @@ export class DirectCallServiceProxy implements ServiceProxyInterface {
|
||||
json: Record<string, unknown>
|
||||
}
|
||||
|
||||
void (response as Response).status(serviceResponse.statusCode).send(serviceResponse.json)
|
||||
this.sendDecoratedResponse(response, serviceResponse)
|
||||
}
|
||||
|
||||
async callAuthServerWithLegacyFormat(
|
||||
@@ -66,7 +66,12 @@ export class DirectCallServiceProxy implements ServiceProxyInterface {
|
||||
throw new Error('Revisions service not found')
|
||||
}
|
||||
|
||||
await service.handleRequest(request, response, endpointOrMethodIdentifier)
|
||||
const serviceResponse = (await service.handleRequest(request, response, endpointOrMethodIdentifier)) as {
|
||||
statusCode: number
|
||||
json: Record<string, unknown>
|
||||
}
|
||||
|
||||
this.sendDecoratedResponse(response, serviceResponse)
|
||||
}
|
||||
|
||||
async callSyncingServer(request: never, response: never, endpointOrMethodIdentifier: string): Promise<void> {
|
||||
@@ -77,7 +82,12 @@ export class DirectCallServiceProxy implements ServiceProxyInterface {
|
||||
throw new Error('Syncing service not found')
|
||||
}
|
||||
|
||||
await service.handleRequest(request, response, endpointOrMethodIdentifier)
|
||||
const serviceResponse = (await service.handleRequest(request, response, endpointOrMethodIdentifier)) as {
|
||||
statusCode: number
|
||||
json: Record<string, unknown>
|
||||
}
|
||||
|
||||
this.sendDecoratedResponse(response, serviceResponse)
|
||||
}
|
||||
|
||||
async callLegacySyncingServer(
|
||||
@@ -99,4 +109,22 @@ export class DirectCallServiceProxy implements ServiceProxyInterface {
|
||||
): Promise<void> {
|
||||
throw new Error('Websockets server is not available.')
|
||||
}
|
||||
|
||||
private sendDecoratedResponse(
|
||||
response: Response,
|
||||
serviceResponse: { statusCode: number; json: Record<string, unknown> },
|
||||
): void {
|
||||
void response.status(serviceResponse.statusCode).send({
|
||||
meta: {
|
||||
auth: {
|
||||
userUuid: response.locals.user?.uuid,
|
||||
roles: response.locals.roles,
|
||||
},
|
||||
server: {
|
||||
filesServerUrl: this.filesServerUrl,
|
||||
},
|
||||
},
|
||||
data: serviceResponse.json,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,6 +13,9 @@ export class EndpointResolver implements EndpointResolverInterface {
|
||||
['[POST]:auth/recovery/codes', 'auth.generateRecoveryCodes'],
|
||||
['[POST]:auth/recovery/login', 'auth.signInWithRecoveryCodes'],
|
||||
['[POST]:auth/recovery/params', 'auth.recoveryKeyParams'],
|
||||
// v2 Actions Controller
|
||||
['[POST]:auth/pkce_sign_in', 'auth.pkceSignIn'],
|
||||
['[POST]:auth/pkce_params', 'auth.pkceParams'],
|
||||
// Authenticators Controller
|
||||
['[DELETE]:authenticators/:authenticatorId', 'auth.authenticators.delete'],
|
||||
['[GET]:authenticators/', 'auth.authenticators.list'],
|
||||
@@ -51,6 +54,14 @@ export class EndpointResolver implements EndpointResolverInterface {
|
||||
['[GET]:users/:userUuid/subscription', 'auth.users.getSubscription'],
|
||||
['[GET]:offline/users/subscription', 'auth.users.getOfflineSubscriptionByToken'],
|
||||
['[POST]:users/:userUuid/requests', 'auth.users.createRequest'],
|
||||
// Syncing Server
|
||||
['[POST]:items/sync', 'sync.items.sync'],
|
||||
['[POST]:items/check-integrity', 'sync.items.check_integrity'],
|
||||
['[GET]:items/:uuid', 'sync.items.get_item'],
|
||||
// Revisions Controller V2
|
||||
['[GET]:items/:itemUuid/revisions', 'revisions.revisions.getRevisions'],
|
||||
['[GET]:items/:itemUuid/revisions/:id', 'revisions.revisions.getRevision'],
|
||||
['[DELETE]:items/:itemUuid/revisions/:id', 'revisions.revisions.deleteRevision'],
|
||||
])
|
||||
|
||||
resolveEndpointOrMethodIdentifier(method: string, endpoint: string, ...params: string[]): string {
|
||||
|
||||
@@ -3,6 +3,46 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
# [1.112.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.111.0...@standardnotes/auth-server@1.112.0) (2023-05-29)
|
||||
|
||||
### Features
|
||||
|
||||
* add files server as a service to home-server ([#614](https://github.com/standardnotes/server/issues/614)) ([c7d575a](https://github.com/standardnotes/server/commit/c7d575a0ffc7eb3e8799c3835da5727584f4f67b))
|
||||
|
||||
# [1.111.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.110.0...@standardnotes/auth-server@1.111.0) (2023-05-25)
|
||||
|
||||
### Features
|
||||
|
||||
* add revisions service to home server ([#613](https://github.com/standardnotes/server/issues/613)) ([c70040f](https://github.com/standardnotes/server/commit/c70040fe5dfd35663b9811fbbaa9370bd0298482))
|
||||
|
||||
# [1.110.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.109.2...@standardnotes/auth-server@1.110.0) (2023-05-25)
|
||||
|
||||
### Features
|
||||
|
||||
* refactor auth middleware to handle required and optional cross service token scenarios ([#612](https://github.com/standardnotes/server/issues/612)) ([1e4c7d0](https://github.com/standardnotes/server/commit/1e4c7d0f317d5c2d98065da12ffeb950b10ee5dc))
|
||||
|
||||
## [1.109.2](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.109.1...@standardnotes/auth-server@1.109.2) (2023-05-18)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **auth:** changing user credentials to work both on http proxy and direct code call ([cc61229](https://github.com/standardnotes/server/commit/cc612296d0fbfa7e95556fda45eb9706845e4f58))
|
||||
|
||||
## [1.109.1](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.109.0...@standardnotes/auth-server@1.109.1) (2023-05-18)
|
||||
|
||||
**Note:** Version bump only for package @standardnotes/auth-server
|
||||
|
||||
# [1.109.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.108.0...@standardnotes/auth-server@1.109.0) (2023-05-17)
|
||||
|
||||
### Features
|
||||
|
||||
* bundle syncing server into home server setup ([#611](https://github.com/standardnotes/server/issues/611)) ([b3b617e](https://github.com/standardnotes/server/commit/b3b617ea0b4f4574f6aa7cfae0e9fa8f868f1f4c))
|
||||
|
||||
# [1.108.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.107.0...@standardnotes/auth-server@1.108.0) (2023-05-17)
|
||||
|
||||
### Features
|
||||
|
||||
* **auth:** move inversify express controllers to different structure ([#610](https://github.com/standardnotes/server/issues/610)) ([fea5802](https://github.com/standardnotes/server/commit/fea58029b90804dba31faa3c26dcd7dabe541648))
|
||||
|
||||
# [1.107.0](https://github.com/standardnotes/server/compare/@standardnotes/auth-server@1.106.0...@standardnotes/auth-server@1.107.0) (2023-05-17)
|
||||
|
||||
### Features
|
||||
|
||||
@@ -2,25 +2,24 @@ import 'reflect-metadata'
|
||||
|
||||
import 'newrelic'
|
||||
|
||||
import '../src/Controller/HealthCheckController'
|
||||
import '../src/Controller/SessionController'
|
||||
import '../src/Controller/UsersController'
|
||||
import '../src/Controller/SettingsController'
|
||||
import '../src/Controller/FeaturesController'
|
||||
import '../src/Controller/AdminController'
|
||||
import '../src/Controller/InternalController'
|
||||
import '../src/Controller/SubscriptionTokensController'
|
||||
import '../src/Controller/OfflineController'
|
||||
import '../src/Controller/ValetTokenController'
|
||||
import '../src/Controller/ListedController'
|
||||
import '../src/Controller/SubscriptionSettingsController'
|
||||
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressAuthController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressAuthenticatorsController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressSessionsController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressSubscriptionInvitesController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressUserRequestsController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressWebSocketsController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressUsersController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressValetTokenController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressAdminController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressSubscriptionTokensController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressSubscriptionSettingsController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressSettingsController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressSessionController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressOfflineController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressListedController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressInternalController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressHealthCheckController'
|
||||
import '../src/Infra/InversifyExpressUtils/InversifyExpressFeaturesController'
|
||||
|
||||
import * as cors from 'cors'
|
||||
import { urlencoded, json, Request, Response, NextFunction } from 'express'
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@standardnotes/auth-server",
|
||||
"version": "1.107.0",
|
||||
"version": "1.112.0",
|
||||
"engines": {
|
||||
"node": ">=18.0.0 <21.0.0"
|
||||
},
|
||||
|
||||
@@ -14,7 +14,6 @@ import { UAParser } from 'ua-parser-js'
|
||||
|
||||
import { Env } from './Env'
|
||||
import TYPES from './Types'
|
||||
import { AuthMiddleware } from '../Controller/AuthMiddleware'
|
||||
import { AuthenticateUser } from '../Domain/UseCase/AuthenticateUser'
|
||||
import { Repository } from 'typeorm'
|
||||
import { AppDataSource } from './DataSource'
|
||||
@@ -24,7 +23,6 @@ import { SessionService } from '../Domain/Session/SessionService'
|
||||
import { TypeORMSessionRepository } from '../Infra/TypeORM/TypeORMSessionRepository'
|
||||
import { TypeORMUserRepository } from '../Infra/TypeORM/TypeORMUserRepository'
|
||||
import { SessionProjector } from '../Projection/SessionProjector'
|
||||
import { SessionMiddleware } from '../Controller/SessionMiddleware'
|
||||
import { RefreshSessionToken } from '../Domain/UseCase/RefreshSessionToken'
|
||||
import { KeyParamsFactory } from '../Domain/User/KeyParamsFactory'
|
||||
import { SignIn } from '../Domain/UseCase/SignIn'
|
||||
@@ -36,8 +34,6 @@ import { AuthResponseFactory20200115 } from '../Domain/Auth/AuthResponseFactory2
|
||||
import { AuthResponseFactoryResolver } from '../Domain/Auth/AuthResponseFactoryResolver'
|
||||
import { ClearLoginAttempts } from '../Domain/UseCase/ClearLoginAttempts'
|
||||
import { IncreaseLoginAttempts } from '../Domain/UseCase/IncreaseLoginAttempts'
|
||||
import { LockMiddleware } from '../Controller/LockMiddleware'
|
||||
import { AuthMiddlewareWithoutResponse } from '../Controller/AuthMiddlewareWithoutResponse'
|
||||
import { GetUserKeyParams } from '../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
|
||||
import { UpdateUser } from '../Domain/UseCase/UpdateUser'
|
||||
import { RedisEphemeralSessionRepository } from '../Infra/Redis/RedisEphemeralSessionRepository'
|
||||
@@ -103,7 +99,6 @@ import { ChangeCredentials } from '../Domain/UseCase/ChangeCredentials/ChangeCre
|
||||
import { SubscriptionReassignedEventHandler } from '../Domain/Handler/SubscriptionReassignedEventHandler'
|
||||
import { UserSubscriptionRepositoryInterface } from '../Domain/Subscription/UserSubscriptionRepositoryInterface'
|
||||
import { CreateSubscriptionToken } from '../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { ApiGatewayAuthMiddleware } from '../Controller/ApiGatewayAuthMiddleware'
|
||||
import { SubscriptionTokenRepositoryInterface } from '../Domain/Subscription/SubscriptionTokenRepositoryInterface'
|
||||
import { RedisSubscriptionTokenRepository } from '../Infra/Redis/RedisSubscriptionTokenRepository'
|
||||
import { AuthenticateSubscriptionToken } from '../Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken'
|
||||
@@ -116,7 +111,6 @@ import { TypeORMOfflineSettingRepository } from '../Infra/TypeORM/TypeORMOffline
|
||||
import { OfflineUserSubscription } from '../Domain/Subscription/OfflineUserSubscription'
|
||||
import { OfflineUserSubscriptionRepositoryInterface } from '../Domain/Subscription/OfflineUserSubscriptionRepositoryInterface'
|
||||
import { TypeORMOfflineUserSubscriptionRepository } from '../Infra/TypeORM/TypeORMOfflineUserSubscriptionRepository'
|
||||
import { OfflineUserAuthMiddleware } from '../Controller/OfflineUserAuthMiddleware'
|
||||
import { OfflineSubscriptionTokenRepositoryInterface } from '../Domain/Auth/OfflineSubscriptionTokenRepositoryInterface'
|
||||
import { RedisOfflineSubscriptionTokenRepository } from '../Infra/Redis/RedisOfflineSubscriptionTokenRepository'
|
||||
import { CreateOfflineSubscriptionToken } from '../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
@@ -124,7 +118,6 @@ import { AuthenticateOfflineSubscriptionToken } from '../Domain/UseCase/Authenti
|
||||
import { SubscriptionCancelledEventHandler } from '../Domain/Handler/SubscriptionCancelledEventHandler'
|
||||
import { ContentDecoder, ContentDecoderInterface, ProtocolVersion } from '@standardnotes/common'
|
||||
import { GetUserOfflineSubscription } from '../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription'
|
||||
import { ApiGatewayOfflineAuthMiddleware } from '../Controller/ApiGatewayOfflineAuthMiddleware'
|
||||
import { UserEmailChangedEventHandler } from '../Domain/Handler/UserEmailChangedEventHandler'
|
||||
import { SettingsAssociationServiceInterface } from '../Domain/Setting/SettingsAssociationServiceInterface'
|
||||
import { SettingsAssociationService } from '../Domain/Setting/SettingsAssociationService'
|
||||
@@ -235,12 +228,28 @@ import { TypeORMEphemeralSessionRepository } from '../Infra/TypeORM/TypeORMEphem
|
||||
import { TypeORMOfflineSubscriptionTokenRepository } from '../Infra/TypeORM/TypeORMOfflineSubscriptionTokenRepository'
|
||||
import { TypeORMPKCERepository } from '../Infra/TypeORM/TypeORMPKCERepository'
|
||||
import { TypeORMSubscriptionTokenRepository } from '../Infra/TypeORM/TypeORMSubscriptionTokenRepository'
|
||||
import { InversifyExpressAuthController } from '../Infra/InversifyExpressUtils/InversifyExpressAuthController'
|
||||
import { InversifyExpressAuthenticatorsController } from '../Infra/InversifyExpressUtils/InversifyExpressAuthenticatorsController'
|
||||
import { InversifyExpressSubscriptionInvitesController } from '../Infra/InversifyExpressUtils/InversifyExpressSubscriptionInvitesController'
|
||||
import { InversifyExpressUserRequestsController } from '../Infra/InversifyExpressUtils/InversifyExpressUserRequestsController'
|
||||
import { InversifyExpressWebSocketsController } from '../Infra/InversifyExpressUtils/InversifyExpressWebSocketsController'
|
||||
import { InversifyExpressSessionsController } from '../Infra/InversifyExpressUtils/InversifyExpressSessionsController'
|
||||
import { SessionMiddleware } from '../Infra/InversifyExpressUtils/Middleware/SessionMiddleware'
|
||||
import { ApiGatewayOfflineAuthMiddleware } from '../Infra/InversifyExpressUtils/Middleware/ApiGatewayOfflineAuthMiddleware'
|
||||
import { OfflineUserAuthMiddleware } from '../Infra/InversifyExpressUtils/Middleware/OfflineUserAuthMiddleware'
|
||||
import { LockMiddleware } from '../Infra/InversifyExpressUtils/Middleware/LockMiddleware'
|
||||
import { RequiredCrossServiceTokenMiddleware } from '../Infra/InversifyExpressUtils/Middleware/RequiredCrossServiceTokenMiddleware'
|
||||
import { OptionalCrossServiceTokenMiddleware } from '../Infra/InversifyExpressUtils/Middleware/OptionalCrossServiceTokenMiddleware'
|
||||
import { HomeServerSettingsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSettingsController'
|
||||
import { HomeServerAdminController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerAdminController'
|
||||
import { HomeServerAuthController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerAuthController'
|
||||
import { HomeServerAuthenticatorsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerAuthenticatorsController'
|
||||
import { HomeServerFeaturesController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerFeaturesController'
|
||||
import { HomeServerListedController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerListedController'
|
||||
import { HomeServerOfflineController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerOfflineController'
|
||||
import { HomeServerSessionController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSessionController'
|
||||
import { HomeServerSubscriptionInvitesController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSubscriptionInvitesController'
|
||||
import { HomeServerSubscriptionSettingsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSubscriptionSettingsController'
|
||||
import { HomeServerSubscriptionTokensController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSubscriptionTokensController'
|
||||
import { HomeServerUserRequestsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerUserRequestsController'
|
||||
import { HomeServerUsersController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerUsersController'
|
||||
import { HomeServerValetTokenController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerValetTokenController'
|
||||
import { HomeServerWebSocketsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerWebSocketsController'
|
||||
import { HomeServerSessionsController } from '../Infra/InversifyExpressUtils/HomeServer/HomeServerSessionsController'
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
||||
const newrelicFormatter = require('@newrelic/winston-enricher')
|
||||
@@ -285,6 +294,7 @@ export class ContainerConfigLoader {
|
||||
level: env.get('LOG_LEVEL') || 'info',
|
||||
format: winston.format.combine(...winstonFormatters),
|
||||
transports: [new winston.transports.Console({ level: env.get('LOG_LEVEL') || 'info' })],
|
||||
defaultMeta: { service: 'auth' },
|
||||
})
|
||||
container.bind<winston.Logger>(TYPES.Auth_Logger).toConstantValue(logger)
|
||||
|
||||
@@ -436,13 +446,14 @@ export class ContainerConfigLoader {
|
||||
)
|
||||
|
||||
// Middleware
|
||||
container.bind<AuthMiddleware>(TYPES.Auth_AuthMiddleware).to(AuthMiddleware)
|
||||
container.bind<SessionMiddleware>(TYPES.Auth_SessionMiddleware).to(SessionMiddleware)
|
||||
container.bind<LockMiddleware>(TYPES.Auth_LockMiddleware).to(LockMiddleware)
|
||||
container
|
||||
.bind<AuthMiddlewareWithoutResponse>(TYPES.Auth_AuthMiddlewareWithoutResponse)
|
||||
.to(AuthMiddlewareWithoutResponse)
|
||||
container.bind<ApiGatewayAuthMiddleware>(TYPES.Auth_ApiGatewayAuthMiddleware).to(ApiGatewayAuthMiddleware)
|
||||
.bind<RequiredCrossServiceTokenMiddleware>(TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
.to(RequiredCrossServiceTokenMiddleware)
|
||||
container
|
||||
.bind<OptionalCrossServiceTokenMiddleware>(TYPES.Auth_OptionalCrossServiceTokenMiddleware)
|
||||
.to(OptionalCrossServiceTokenMiddleware)
|
||||
container
|
||||
.bind<ApiGatewayOfflineAuthMiddleware>(TYPES.Auth_ApiGatewayOfflineAuthMiddleware)
|
||||
.to(ApiGatewayOfflineAuthMiddleware)
|
||||
@@ -506,7 +517,7 @@ export class ContainerConfigLoader {
|
||||
.toConstantValue(env.get('USER_SERVER_CHANGE_EMAIL_URL', true))
|
||||
container.bind(TYPES.Auth_NEW_RELIC_ENABLED).toConstantValue(env.get('NEW_RELIC_ENABLED', true))
|
||||
container.bind(TYPES.Auth_SYNCING_SERVER_URL).toConstantValue(env.get('SYNCING_SERVER_URL', true))
|
||||
container.bind(TYPES.Auth_VERSION).toConstantValue(env.get('VERSION'))
|
||||
container.bind(TYPES.Auth_VERSION).toConstantValue(env.get('VERSION', true) ?? 'development')
|
||||
container.bind(TYPES.Auth_PAYMENTS_SERVER_URL).toConstantValue(env.get('PAYMENTS_SERVER_URL', true))
|
||||
container
|
||||
.bind(TYPES.Auth_SESSION_TRACE_DAYS_TTL)
|
||||
@@ -1000,9 +1011,9 @@ export class ContainerConfigLoader {
|
||||
}
|
||||
|
||||
container
|
||||
.bind<InversifyExpressAuthController>(TYPES.Auth_InversifyExpressAuthController)
|
||||
.bind<HomeServerAuthController>(TYPES.Auth_HomeServerAuthController)
|
||||
.toConstantValue(
|
||||
new InversifyExpressAuthController(
|
||||
new HomeServerAuthController(
|
||||
container.get(TYPES.Auth_VerifyMFA),
|
||||
container.get(TYPES.Auth_SignIn),
|
||||
container.get(TYPES.Auth_GetUserKeyParams),
|
||||
@@ -1015,50 +1026,158 @@ export class ContainerConfigLoader {
|
||||
)
|
||||
|
||||
// Inversify Controllers
|
||||
container
|
||||
.bind<InversifyExpressAuthenticatorsController>(TYPES.Auth_InversifyExpressAuthenticatorsController)
|
||||
.toConstantValue(
|
||||
new InversifyExpressAuthenticatorsController(
|
||||
container.get(TYPES.Auth_AuthenticatorsController),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<InversifyExpressSubscriptionInvitesController>(TYPES.Auth_InversifyExpressSubscriptionInvitesController)
|
||||
.toConstantValue(
|
||||
new InversifyExpressSubscriptionInvitesController(
|
||||
container.get(TYPES.Auth_SubscriptionInvitesController),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<InversifyExpressUserRequestsController>(TYPES.Auth_InversifyExpressUserRequestsController)
|
||||
.toConstantValue(
|
||||
new InversifyExpressUserRequestsController(
|
||||
container.get(TYPES.Auth_UserRequestsController),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<InversifyExpressWebSocketsController>(TYPES.Auth_InversifyExpressWebSocketsController)
|
||||
.toConstantValue(
|
||||
new InversifyExpressWebSocketsController(
|
||||
container.get(TYPES.Auth_CreateCrossServiceToken),
|
||||
container.get(TYPES.Auth_WebSocketConnectionTokenDecoder),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<InversifyExpressSessionsController>(TYPES.Auth_SessionsController)
|
||||
.toConstantValue(
|
||||
new InversifyExpressSessionsController(
|
||||
container.get(TYPES.Auth_GetActiveSessionsForUser),
|
||||
container.get(TYPES.Auth_AuthenticateRequest),
|
||||
container.get(TYPES.Auth_SessionProjector),
|
||||
container.get(TYPES.Auth_CreateCrossServiceToken),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
if (isConfiguredForHomeServer) {
|
||||
container
|
||||
.bind<HomeServerAuthenticatorsController>(TYPES.Auth_HomeServerAuthenticatorsController)
|
||||
.toConstantValue(
|
||||
new HomeServerAuthenticatorsController(
|
||||
container.get(TYPES.Auth_AuthenticatorsController),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerSubscriptionInvitesController>(TYPES.Auth_HomeServerSubscriptionInvitesController)
|
||||
.toConstantValue(
|
||||
new HomeServerSubscriptionInvitesController(
|
||||
container.get(TYPES.Auth_SubscriptionInvitesController),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerUserRequestsController>(TYPES.Auth_HomeServerUserRequestsController)
|
||||
.toConstantValue(
|
||||
new HomeServerUserRequestsController(
|
||||
container.get(TYPES.Auth_UserRequestsController),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerWebSocketsController>(TYPES.Auth_HomeServerWebSocketsController)
|
||||
.toConstantValue(
|
||||
new HomeServerWebSocketsController(
|
||||
container.get(TYPES.Auth_CreateCrossServiceToken),
|
||||
container.get(TYPES.Auth_WebSocketConnectionTokenDecoder),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerSessionsController>(TYPES.Auth_HomeServerSessionsController)
|
||||
.toConstantValue(
|
||||
new HomeServerSessionsController(
|
||||
container.get(TYPES.Auth_GetActiveSessionsForUser),
|
||||
container.get(TYPES.Auth_AuthenticateRequest),
|
||||
container.get(TYPES.Auth_SessionProjector),
|
||||
container.get(TYPES.Auth_CreateCrossServiceToken),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerValetTokenController>(TYPES.Auth_HomeServerValetTokenController)
|
||||
.toConstantValue(
|
||||
new HomeServerValetTokenController(
|
||||
container.get(TYPES.Auth_CreateValetToken),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerUsersController>(TYPES.Auth_HomeServerUsersController)
|
||||
.toConstantValue(
|
||||
new HomeServerUsersController(
|
||||
container.get(TYPES.Auth_UpdateUser),
|
||||
container.get(TYPES.Auth_GetUserKeyParams),
|
||||
container.get(TYPES.Auth_DeleteAccount),
|
||||
container.get(TYPES.Auth_GetUserSubscription),
|
||||
container.get(TYPES.Auth_ClearLoginAttempts),
|
||||
container.get(TYPES.Auth_IncreaseLoginAttempts),
|
||||
container.get(TYPES.Auth_ChangeCredentials),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerAdminController>(TYPES.Auth_HomeServerAdminController)
|
||||
.toConstantValue(
|
||||
new HomeServerAdminController(
|
||||
container.get(TYPES.Auth_DeleteSetting),
|
||||
container.get(TYPES.Auth_UserRepository),
|
||||
container.get(TYPES.Auth_CreateSubscriptionToken),
|
||||
container.get(TYPES.Auth_CreateOfflineSubscriptionToken),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerSubscriptionTokensController>(TYPES.Auth_HomeServerSubscriptionTokensController)
|
||||
.toConstantValue(
|
||||
new HomeServerSubscriptionTokensController(
|
||||
container.get(TYPES.Auth_CreateSubscriptionToken),
|
||||
container.get(TYPES.Auth_AuthenticateSubscriptionToken),
|
||||
container.get(TYPES.Auth_SettingService),
|
||||
container.get(TYPES.Auth_UserProjector),
|
||||
container.get(TYPES.Auth_RoleProjector),
|
||||
container.get(TYPES.Auth_CrossServiceTokenEncoder),
|
||||
container.get(TYPES.Auth_AUTH_JWT_TTL),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerSubscriptionSettingsController>(TYPES.Auth_HomeServerSubscriptionSettingsController)
|
||||
.toConstantValue(
|
||||
new HomeServerSubscriptionSettingsController(
|
||||
container.get(TYPES.Auth_GetSetting),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerSettingsController>(TYPES.Auth_HomeServerSettingsController)
|
||||
.toConstantValue(
|
||||
new HomeServerSettingsController(
|
||||
container.get(TYPES.Auth_GetSettings),
|
||||
container.get(TYPES.Auth_GetSetting),
|
||||
container.get(TYPES.Auth_UpdateSetting),
|
||||
container.get(TYPES.Auth_DeleteSetting),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerSessionController>(TYPES.Auth_HomeServerSessionController)
|
||||
.toConstantValue(
|
||||
new HomeServerSessionController(
|
||||
container.get(TYPES.Auth_DeleteSessionForUser),
|
||||
container.get(TYPES.Auth_DeletePreviousSessionsForUser),
|
||||
container.get(TYPES.Auth_RefreshSessionToken),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerOfflineController>(TYPES.Auth_HomeServerOfflineController)
|
||||
.toConstantValue(
|
||||
new HomeServerOfflineController(
|
||||
container.get(TYPES.Auth_GetUserFeatures),
|
||||
container.get(TYPES.Auth_GetUserOfflineSubscription),
|
||||
container.get(TYPES.Auth_CreateOfflineSubscriptionToken),
|
||||
container.get(TYPES.Auth_AuthenticateOfflineSubscriptionToken),
|
||||
container.get(TYPES.Auth_OfflineUserTokenEncoder),
|
||||
container.get(TYPES.Auth_AUTH_JWT_TTL),
|
||||
container.get(TYPES.Auth_Logger),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerListedController>(TYPES.Auth_HomeServerListedController)
|
||||
.toConstantValue(
|
||||
new HomeServerListedController(
|
||||
container.get(TYPES.Auth_CreateListedAccount),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
container
|
||||
.bind<HomeServerFeaturesController>(TYPES.Auth_HomeServerFeaturesController)
|
||||
.toConstantValue(
|
||||
new HomeServerFeaturesController(
|
||||
container.get(TYPES.Auth_GetUserFeatures),
|
||||
container.get(TYPES.Auth_ControllerContainer),
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
return container
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ export class Service implements ServiceInterface {
|
||||
private controllerContainer: ControllerContainerInterface,
|
||||
private directCallDomainEventPublisher: DirectCallDomainEventPublisher,
|
||||
) {
|
||||
this.serviceContainer.register(ServiceIdentifier.create(ServiceIdentifier.NAMES.Auth).getValue(), this)
|
||||
this.serviceContainer.register(this.getId(), this)
|
||||
}
|
||||
|
||||
async handleRequest(request: never, response: never, endpointOrMethodIdentifier: string): Promise<unknown> {
|
||||
|
||||
@@ -51,11 +51,10 @@ const TYPES = {
|
||||
Auth_ORMAuthenticatorChallengeRepository: Symbol.for('Auth_ORMAuthenticatorChallengeRepository'),
|
||||
Auth_ORMCacheEntryRepository: Symbol.for('Auth_ORMCacheEntryRepository'),
|
||||
// Middleware
|
||||
Auth_AuthMiddleware: Symbol.for('Auth_AuthMiddleware'),
|
||||
Auth_ApiGatewayAuthMiddleware: Symbol.for('Auth_ApiGatewayAuthMiddleware'),
|
||||
Auth_RequiredCrossServiceTokenMiddleware: Symbol.for('Auth_RequiredCrossServiceTokenMiddleware'),
|
||||
Auth_OptionalCrossServiceTokenMiddleware: Symbol.for('Auth_OptionalCrossServiceTokenMiddleware'),
|
||||
Auth_ApiGatewayOfflineAuthMiddleware: Symbol.for('Auth_ApiGatewayOfflineAuthMiddleware'),
|
||||
Auth_OfflineUserAuthMiddleware: Symbol.for('Auth_OfflineUserAuthMiddleware'),
|
||||
Auth_AuthMiddlewareWithoutResponse: Symbol.for('Auth_AuthMiddlewareWithoutResponse'),
|
||||
Auth_LockMiddleware: Symbol.for('Auth_LockMiddleware'),
|
||||
Auth_SessionMiddleware: Symbol.for('Auth_SessionMiddleware'),
|
||||
// Projectors
|
||||
@@ -217,12 +216,22 @@ const TYPES = {
|
||||
Auth_ProtocolVersionSelector: Symbol.for('Auth_ProtocolVersionSelector'),
|
||||
Auth_BooleanSelector: Symbol.for('Auth_BooleanSelector'),
|
||||
Auth_UserSubscriptionService: Symbol.for('Auth_UserSubscriptionService'),
|
||||
Auth_InversifyExpressAuthController: Symbol.for('Auth_InversifyExpressAuthController'),
|
||||
Auth_InversifyExpressAuthenticatorsController: Symbol.for('Auth_InversifyExpressAuthenticatorsController'),
|
||||
Auth_InversifyExpressSubscriptionInvitesController: Symbol.for('Auth_InversifyExpressSubscriptionInvitesController'),
|
||||
Auth_InversifyExpressUserRequestsController: Symbol.for('Auth_InversifyExpressUserRequestsController'),
|
||||
Auth_InversifyExpressWebSocketsController: Symbol.for('Auth_InversifyExpressWebSocketsController'),
|
||||
Auth_SessionsController: Symbol.for('Auth_SessionsController'),
|
||||
Auth_HomeServerAuthController: Symbol.for('Auth_HomeServerAuthController'),
|
||||
Auth_HomeServerAuthenticatorsController: Symbol.for('Auth_HomeServerAuthenticatorsController'),
|
||||
Auth_HomeServerSubscriptionInvitesController: Symbol.for('Auth_HomeServerSubscriptionInvitesController'),
|
||||
Auth_HomeServerUserRequestsController: Symbol.for('Auth_HomeServerUserRequestsController'),
|
||||
Auth_HomeServerWebSocketsController: Symbol.for('Auth_HomeServerWebSocketsController'),
|
||||
Auth_HomeServerSessionsController: Symbol.for('Auth_HomeServerSessionsController'),
|
||||
Auth_HomeServerValetTokenController: Symbol.for('Auth_HomeServerValetTokenController'),
|
||||
Auth_HomeServerUsersController: Symbol.for('Auth_HomeServerUsersController'),
|
||||
Auth_HomeServerAdminController: Symbol.for('Auth_HomeServerAdminController'),
|
||||
Auth_HomeServerSubscriptionTokensController: Symbol.for('Auth_HomeServerSubscriptionTokensController'),
|
||||
Auth_HomeServerSubscriptionSettingsController: Symbol.for('Auth_HomeServerSubscriptionSettingsController'),
|
||||
Auth_HomeServerSettingsController: Symbol.for('Auth_HomeServerSettingsController'),
|
||||
Auth_HomeServerSessionController: Symbol.for('Auth_HomeServerSessionController'),
|
||||
Auth_HomeServerOfflineController: Symbol.for('Auth_HomeServerOfflineController'),
|
||||
Auth_HomeServerListedController: Symbol.for('Auth_HomeServerListedController'),
|
||||
Auth_HomeServerFeaturesController: Symbol.for('Auth_HomeServerFeaturesController'),
|
||||
}
|
||||
|
||||
export default TYPES
|
||||
|
||||
@@ -1,99 +0,0 @@
|
||||
import 'reflect-metadata'
|
||||
|
||||
import { ApiGatewayAuthMiddleware } from './ApiGatewayAuthMiddleware'
|
||||
import { NextFunction, Request, Response } from 'express'
|
||||
import { Logger } from 'winston'
|
||||
import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/security'
|
||||
import { RoleName } from '@standardnotes/domain-core'
|
||||
|
||||
describe('ApiGatewayAuthMiddleware', () => {
|
||||
let tokenDecoder: TokenDecoderInterface<CrossServiceTokenData>
|
||||
let request: Request
|
||||
let response: Response
|
||||
let next: NextFunction
|
||||
|
||||
const logger = {
|
||||
debug: jest.fn(),
|
||||
} as unknown as jest.Mocked<Logger>
|
||||
|
||||
const createMiddleware = () => new ApiGatewayAuthMiddleware(tokenDecoder, logger)
|
||||
|
||||
beforeEach(() => {
|
||||
tokenDecoder = {} as jest.Mocked<TokenDecoderInterface<CrossServiceTokenData>>
|
||||
tokenDecoder.decodeToken = jest.fn().mockReturnValue({
|
||||
user: {
|
||||
uuid: '1-2-3',
|
||||
email: 'test@test.te',
|
||||
},
|
||||
roles: [
|
||||
{
|
||||
uuid: 'a-b-c',
|
||||
name: RoleName.NAMES.CoreUser,
|
||||
},
|
||||
],
|
||||
})
|
||||
|
||||
request = {
|
||||
headers: {},
|
||||
} as jest.Mocked<Request>
|
||||
response = {
|
||||
locals: {},
|
||||
} as jest.Mocked<Response>
|
||||
response.status = jest.fn().mockReturnThis()
|
||||
response.send = jest.fn()
|
||||
next = jest.fn()
|
||||
})
|
||||
|
||||
it('should authorize user', async () => {
|
||||
request.headers['x-auth-token'] = 'auth-jwt-token'
|
||||
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(response.locals.user).toEqual({
|
||||
uuid: '1-2-3',
|
||||
email: 'test@test.te',
|
||||
})
|
||||
expect(response.locals.roles).toEqual([
|
||||
{
|
||||
uuid: 'a-b-c',
|
||||
name: RoleName.NAMES.CoreUser,
|
||||
},
|
||||
])
|
||||
|
||||
expect(next).toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should not authorize if request is missing auth jwt token in headers', async () => {
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(response.status).toHaveBeenCalledWith(401)
|
||||
expect(next).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should not authorize if auth jwt token is malformed', async () => {
|
||||
request.headers['x-auth-token'] = 'auth-jwt-token'
|
||||
|
||||
tokenDecoder.decodeToken = jest.fn().mockReturnValue(undefined)
|
||||
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(response.status).toHaveBeenCalledWith(401)
|
||||
expect(next).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should pass the error to next middleware if one occurres', async () => {
|
||||
request.headers['x-auth-token'] = 'auth-jwt-token'
|
||||
|
||||
const error = new Error('Ooops')
|
||||
|
||||
tokenDecoder.decodeToken = jest.fn().mockImplementation(() => {
|
||||
throw error
|
||||
})
|
||||
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(response.status).not.toHaveBeenCalled()
|
||||
|
||||
expect(next).toHaveBeenCalledWith(error)
|
||||
})
|
||||
})
|
||||
@@ -1,79 +0,0 @@
|
||||
import 'reflect-metadata'
|
||||
|
||||
import { AuthMiddleware } from './AuthMiddleware'
|
||||
import { NextFunction, Request, Response } from 'express'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { AuthenticateRequest } from '../Domain/UseCase/AuthenticateRequest'
|
||||
import { Session } from '../Domain/Session/Session'
|
||||
import { Logger } from 'winston'
|
||||
|
||||
describe('AuthMiddleware', () => {
|
||||
let authenticateRequest: AuthenticateRequest
|
||||
let request: Request
|
||||
let response: Response
|
||||
let next: NextFunction
|
||||
|
||||
const logger = {
|
||||
debug: jest.fn(),
|
||||
} as unknown as jest.Mocked<Logger>
|
||||
|
||||
const createMiddleware = () => new AuthMiddleware(authenticateRequest, logger)
|
||||
|
||||
beforeEach(() => {
|
||||
authenticateRequest = {} as jest.Mocked<AuthenticateRequest>
|
||||
authenticateRequest.execute = jest.fn()
|
||||
|
||||
request = {
|
||||
headers: {},
|
||||
} as jest.Mocked<Request>
|
||||
response = {
|
||||
locals: {},
|
||||
} as jest.Mocked<Response>
|
||||
response.status = jest.fn().mockReturnThis()
|
||||
response.send = jest.fn()
|
||||
next = jest.fn()
|
||||
})
|
||||
|
||||
it('should authorize user', async () => {
|
||||
const user = {} as jest.Mocked<User>
|
||||
const session = {} as jest.Mocked<Session>
|
||||
authenticateRequest.execute = jest.fn().mockReturnValue({
|
||||
success: true,
|
||||
user,
|
||||
session,
|
||||
})
|
||||
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(response.locals.user).toEqual(user)
|
||||
expect(response.locals.session).toEqual(session)
|
||||
|
||||
expect(next).toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should not authorize if request authentication fails', async () => {
|
||||
authenticateRequest.execute = jest.fn().mockReturnValue({
|
||||
success: false,
|
||||
responseCode: 401,
|
||||
})
|
||||
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(response.status).toHaveBeenCalledWith(401)
|
||||
expect(next).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should pass the error to next middleware if one occurres', async () => {
|
||||
const error = new Error('Ooops')
|
||||
|
||||
authenticateRequest.execute = jest.fn().mockImplementation(() => {
|
||||
throw error
|
||||
})
|
||||
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(response.status).not.toHaveBeenCalled()
|
||||
|
||||
expect(next).toHaveBeenCalledWith(error)
|
||||
})
|
||||
})
|
||||
@@ -1,45 +0,0 @@
|
||||
import { NextFunction, Request, Response } from 'express'
|
||||
import { inject, injectable } from 'inversify'
|
||||
import { BaseMiddleware } from 'inversify-express-utils'
|
||||
import { Logger } from 'winston'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { AuthenticateRequest } from '../Domain/UseCase/AuthenticateRequest'
|
||||
|
||||
@injectable()
|
||||
export class AuthMiddleware extends BaseMiddleware {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_AuthenticateRequest) private authenticateRequest: AuthenticateRequest,
|
||||
@inject(TYPES.Auth_Logger) private logger: Logger,
|
||||
) {
|
||||
super()
|
||||
}
|
||||
|
||||
async handler(request: Request, response: Response, next: NextFunction): Promise<void> {
|
||||
try {
|
||||
const authenticateRequestResponse = await this.authenticateRequest.execute({
|
||||
authorizationHeader: request.headers.authorization,
|
||||
})
|
||||
|
||||
if (!authenticateRequestResponse.success) {
|
||||
this.logger.debug('AuthMiddleware authentication failure.')
|
||||
|
||||
response.status(authenticateRequestResponse.responseCode).send({
|
||||
error: {
|
||||
tag: authenticateRequestResponse.errorTag,
|
||||
message: authenticateRequestResponse.errorMessage,
|
||||
},
|
||||
})
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
response.locals.user = authenticateRequestResponse.user
|
||||
response.locals.session = authenticateRequestResponse.session
|
||||
response.locals.readOnlyAccess = authenticateRequestResponse.session?.readonlyAccess ?? false
|
||||
|
||||
return next()
|
||||
} catch (error) {
|
||||
return next(error)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,68 +0,0 @@
|
||||
import 'reflect-metadata'
|
||||
|
||||
import { AuthMiddlewareWithoutResponse } from './AuthMiddlewareWithoutResponse'
|
||||
import { NextFunction, Request, Response } from 'express'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { AuthenticateRequest } from '../Domain/UseCase/AuthenticateRequest'
|
||||
import { Session } from '../Domain/Session/Session'
|
||||
|
||||
describe('AuthMiddlewareWithoutResponse', () => {
|
||||
let authenticateRequest: AuthenticateRequest
|
||||
let request: Request
|
||||
let response: Response
|
||||
let next: NextFunction
|
||||
|
||||
const createMiddleware = () => new AuthMiddlewareWithoutResponse(authenticateRequest)
|
||||
|
||||
beforeEach(() => {
|
||||
authenticateRequest = {} as jest.Mocked<AuthenticateRequest>
|
||||
authenticateRequest.execute = jest.fn()
|
||||
|
||||
request = {
|
||||
headers: {},
|
||||
} as jest.Mocked<Request>
|
||||
response = {
|
||||
locals: {},
|
||||
} as jest.Mocked<Response>
|
||||
response.status = jest.fn().mockReturnThis()
|
||||
response.send = jest.fn()
|
||||
next = jest.fn()
|
||||
})
|
||||
|
||||
it('should authorize user', async () => {
|
||||
const user = {} as jest.Mocked<User>
|
||||
const session = {} as jest.Mocked<Session>
|
||||
authenticateRequest.execute = jest.fn().mockReturnValue({
|
||||
success: true,
|
||||
user,
|
||||
session,
|
||||
})
|
||||
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(response.locals.user).toEqual(user)
|
||||
expect(response.locals.session).toEqual(session)
|
||||
|
||||
expect(next).toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should skip middleware if authentication fails', async () => {
|
||||
authenticateRequest.execute = jest.fn().mockReturnValue({
|
||||
success: false,
|
||||
})
|
||||
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(next).toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should skip middleware if authentication errors', async () => {
|
||||
authenticateRequest.execute = jest.fn().mockImplementation(() => {
|
||||
throw new Error('Ooops')
|
||||
})
|
||||
|
||||
await createMiddleware().handler(request, response, next)
|
||||
|
||||
expect(next).toHaveBeenCalled()
|
||||
})
|
||||
})
|
||||
@@ -1,32 +0,0 @@
|
||||
import { NextFunction, Request, Response } from 'express'
|
||||
import { inject, injectable } from 'inversify'
|
||||
import { BaseMiddleware } from 'inversify-express-utils'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { AuthenticateRequest } from '../Domain/UseCase/AuthenticateRequest'
|
||||
|
||||
@injectable()
|
||||
export class AuthMiddlewareWithoutResponse extends BaseMiddleware {
|
||||
constructor(@inject(TYPES.Auth_AuthenticateRequest) private authenticateRequest: AuthenticateRequest) {
|
||||
super()
|
||||
}
|
||||
|
||||
async handler(request: Request, response: Response, next: NextFunction): Promise<void> {
|
||||
try {
|
||||
const authenticateRequestResponse = await this.authenticateRequest.execute({
|
||||
authorizationHeader: request.headers.authorization,
|
||||
})
|
||||
|
||||
if (!authenticateRequestResponse.success) {
|
||||
return next()
|
||||
}
|
||||
|
||||
response.locals.user = authenticateRequestResponse.user
|
||||
response.locals.session = authenticateRequestResponse.session
|
||||
response.locals.readOnlyAccess = authenticateRequestResponse.session?.readonlyAccess ?? false
|
||||
|
||||
return next()
|
||||
} catch (error) {
|
||||
return next()
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,49 +0,0 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpGet,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { GetUserFeatures } from '../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
|
||||
@controller('/users/:userUuid/features')
|
||||
export class FeaturesController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_GetUserFeatures) private doGetUserFeatures: GetUserFeatures,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.users.getFeatures', this.getFeatures.bind(this))
|
||||
}
|
||||
|
||||
@httpGet('/', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async getFeatures(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (request.params.userUuid !== response.locals.user.uuid) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: 'Operation not allowed.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const result = await this.doGetUserFeatures.execute({
|
||||
userUuid: request.params.userUuid,
|
||||
offline: false,
|
||||
})
|
||||
|
||||
if (result.success) {
|
||||
return this.json(result)
|
||||
}
|
||||
|
||||
return this.json(result, 400)
|
||||
}
|
||||
}
|
||||
@@ -1,38 +0,0 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpGet,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { GetSetting } from '../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
|
||||
@controller('/users/:userUuid')
|
||||
export class SubscriptionSettingsController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_GetSetting) private doGetSetting: GetSetting,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.users.getSubscriptionSetting', this.getSubscriptionSetting.bind(this))
|
||||
}
|
||||
|
||||
@httpGet('/subscription-settings/:subscriptionSettingName', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async getSubscriptionSetting(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.doGetSetting.execute({
|
||||
userUuid: response.locals.user.uuid,
|
||||
settingName: request.params.subscriptionSettingName.toUpperCase(),
|
||||
})
|
||||
|
||||
if (result.success) {
|
||||
return this.json(result)
|
||||
}
|
||||
|
||||
return this.json(result, 400)
|
||||
}
|
||||
}
|
||||
@@ -11,6 +11,7 @@ import { User } from '../../User/User'
|
||||
import { UserRepositoryInterface } from '../../User/UserRepositoryInterface'
|
||||
|
||||
import { ChangeCredentials } from './ChangeCredentials'
|
||||
import { Username } from '@standardnotes/domain-core'
|
||||
|
||||
describe('ChangeCredentials', () => {
|
||||
let userRepository: UserRepositoryInterface
|
||||
@@ -25,9 +26,6 @@ describe('ChangeCredentials', () => {
|
||||
new ChangeCredentials(userRepository, authResponseFactoryResolver, domainEventPublisher, domainEventFactory, timer)
|
||||
|
||||
beforeEach(() => {
|
||||
userRepository = {} as jest.Mocked<UserRepositoryInterface>
|
||||
userRepository.save = jest.fn()
|
||||
|
||||
authResponseFactory = {} as jest.Mocked<AuthResponseFactoryInterface>
|
||||
authResponseFactory.createResponse = jest.fn().mockReturnValue({ foo: 'bar' })
|
||||
|
||||
@@ -39,6 +37,10 @@ describe('ChangeCredentials', () => {
|
||||
user.uuid = '1-2-3'
|
||||
user.email = 'test@test.te'
|
||||
|
||||
userRepository = {} as jest.Mocked<UserRepositoryInterface>
|
||||
userRepository.save = jest.fn()
|
||||
userRepository.findOneByUsernameOrEmail = jest.fn().mockReturnValue(user)
|
||||
|
||||
domainEventPublisher = {} as jest.Mocked<DomainEventPublisherInterface>
|
||||
domainEventPublisher.publish = jest.fn()
|
||||
|
||||
@@ -52,7 +54,7 @@ describe('ChangeCredentials', () => {
|
||||
it('should change password', async () => {
|
||||
expect(
|
||||
await createUseCase().execute({
|
||||
user,
|
||||
username: Username.create('test@test.te').getValue(),
|
||||
apiVersion: '20190520',
|
||||
currentPassword: 'qweqwe123123',
|
||||
newPassword: 'test234',
|
||||
@@ -82,11 +84,11 @@ describe('ChangeCredentials', () => {
|
||||
})
|
||||
|
||||
it('should change email', async () => {
|
||||
userRepository.findOneByUsernameOrEmail = jest.fn().mockReturnValue(null)
|
||||
userRepository.findOneByUsernameOrEmail = jest.fn().mockReturnValueOnce(user).mockReturnValueOnce(null)
|
||||
|
||||
expect(
|
||||
await createUseCase().execute({
|
||||
user,
|
||||
username: Username.create('test@test.te').getValue(),
|
||||
apiVersion: '20190520',
|
||||
currentPassword: 'qweqwe123123',
|
||||
newPassword: 'test234',
|
||||
@@ -117,11 +119,14 @@ describe('ChangeCredentials', () => {
|
||||
})
|
||||
|
||||
it('should not change email if already taken', async () => {
|
||||
userRepository.findOneByUsernameOrEmail = jest.fn().mockReturnValue({} as jest.Mocked<User>)
|
||||
userRepository.findOneByUsernameOrEmail = jest
|
||||
.fn()
|
||||
.mockReturnValueOnce(user)
|
||||
.mockReturnValueOnce({} as jest.Mocked<User>)
|
||||
|
||||
expect(
|
||||
await createUseCase().execute({
|
||||
user,
|
||||
username: Username.create('test@test.te').getValue(),
|
||||
apiVersion: '20190520',
|
||||
currentPassword: 'qweqwe123123',
|
||||
newPassword: 'test234',
|
||||
@@ -144,7 +149,7 @@ describe('ChangeCredentials', () => {
|
||||
it('should not change email if the new email is invalid', async () => {
|
||||
expect(
|
||||
await createUseCase().execute({
|
||||
user,
|
||||
username: Username.create('test@test.te').getValue(),
|
||||
apiVersion: '20190520',
|
||||
currentPassword: 'qweqwe123123',
|
||||
newPassword: 'test234',
|
||||
@@ -164,10 +169,35 @@ describe('ChangeCredentials', () => {
|
||||
expect(domainEventPublisher.publish).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should not change email if the user is not found', async () => {
|
||||
userRepository.findOneByUsernameOrEmail = jest.fn().mockReturnValue(null)
|
||||
|
||||
expect(
|
||||
await createUseCase().execute({
|
||||
username: Username.create('test@test.te').getValue(),
|
||||
apiVersion: '20190520',
|
||||
currentPassword: 'qweqwe123123',
|
||||
newPassword: 'test234',
|
||||
newEmail: '',
|
||||
pwNonce: 'asdzxc',
|
||||
updatedWithUserAgent: 'Google Chrome',
|
||||
kpCreated: '123',
|
||||
kpOrigination: 'password-change',
|
||||
}),
|
||||
).toEqual({
|
||||
success: false,
|
||||
errorMessage: 'User not found.',
|
||||
})
|
||||
|
||||
expect(userRepository.save).not.toHaveBeenCalled()
|
||||
expect(domainEventFactory.createUserEmailChangedEvent).not.toHaveBeenCalled()
|
||||
expect(domainEventPublisher.publish).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should not change password if current password is incorrect', async () => {
|
||||
expect(
|
||||
await createUseCase().execute({
|
||||
user,
|
||||
username: Username.create('test@test.te').getValue(),
|
||||
apiVersion: '20190520',
|
||||
currentPassword: 'test123',
|
||||
newPassword: 'test234',
|
||||
@@ -185,7 +215,7 @@ describe('ChangeCredentials', () => {
|
||||
it('should update protocol version while changing password', async () => {
|
||||
expect(
|
||||
await createUseCase().execute({
|
||||
user,
|
||||
username: Username.create('test@test.te').getValue(),
|
||||
apiVersion: '20190520',
|
||||
currentPassword: 'qweqwe123123',
|
||||
newPassword: 'test234',
|
||||
|
||||
@@ -25,14 +25,22 @@ export class ChangeCredentials implements UseCaseInterface {
|
||||
) {}
|
||||
|
||||
async execute(dto: ChangeCredentialsDTO): Promise<ChangeCredentialsResponse> {
|
||||
if (!(await bcrypt.compare(dto.currentPassword, dto.user.encryptedPassword))) {
|
||||
const user = await this.userRepository.findOneByUsernameOrEmail(dto.username)
|
||||
if (!user) {
|
||||
return {
|
||||
success: false,
|
||||
errorMessage: 'User not found.',
|
||||
}
|
||||
}
|
||||
|
||||
if (!(await bcrypt.compare(dto.currentPassword, user.encryptedPassword))) {
|
||||
return {
|
||||
success: false,
|
||||
errorMessage: 'The current password you entered is incorrect. Please try again.',
|
||||
}
|
||||
}
|
||||
|
||||
dto.user.encryptedPassword = await bcrypt.hash(dto.newPassword, User.PASSWORD_HASH_COST)
|
||||
user.encryptedPassword = await bcrypt.hash(dto.newPassword, User.PASSWORD_HASH_COST)
|
||||
|
||||
let userEmailChangedEvent: UserEmailChangedEvent | undefined = undefined
|
||||
if (dto.newEmail !== undefined) {
|
||||
@@ -54,27 +62,27 @@ export class ChangeCredentials implements UseCaseInterface {
|
||||
}
|
||||
|
||||
userEmailChangedEvent = this.domainEventFactory.createUserEmailChangedEvent(
|
||||
dto.user.uuid,
|
||||
dto.user.email,
|
||||
user.uuid,
|
||||
user.email,
|
||||
newUsername.value,
|
||||
)
|
||||
|
||||
dto.user.email = newUsername.value
|
||||
user.email = newUsername.value
|
||||
}
|
||||
|
||||
dto.user.pwNonce = dto.pwNonce
|
||||
user.pwNonce = dto.pwNonce
|
||||
if (dto.protocolVersion) {
|
||||
dto.user.version = dto.protocolVersion
|
||||
user.version = dto.protocolVersion
|
||||
}
|
||||
if (dto.kpCreated) {
|
||||
dto.user.kpCreated = dto.kpCreated
|
||||
user.kpCreated = dto.kpCreated
|
||||
}
|
||||
if (dto.kpOrigination) {
|
||||
dto.user.kpOrigination = dto.kpOrigination
|
||||
user.kpOrigination = dto.kpOrigination
|
||||
}
|
||||
dto.user.updatedAt = this.timer.getUTCDate()
|
||||
user.updatedAt = this.timer.getUTCDate()
|
||||
|
||||
const updatedUser = await this.userRepository.save(dto.user)
|
||||
const updatedUser = await this.userRepository.save(user)
|
||||
|
||||
if (userEmailChangedEvent !== undefined) {
|
||||
await this.domainEventPublisher.publish(userEmailChangedEvent)
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import { User } from '../../User/User'
|
||||
import { Username } from '@standardnotes/domain-core'
|
||||
|
||||
export type ChangeCredentialsDTO = {
|
||||
user: User
|
||||
username: Username
|
||||
apiVersion: string
|
||||
currentPassword: string
|
||||
newPassword: string
|
||||
|
||||
@@ -35,9 +35,7 @@ describe('GetUserKeyParams', () => {
|
||||
})
|
||||
|
||||
it('should get key params for an authenticated user - searching by email', async () => {
|
||||
expect(
|
||||
await createUseCase().execute({ email: 'test@test.te', authenticated: true, authenticatedUser: user }),
|
||||
).toEqual({
|
||||
expect(await createUseCase().execute({ email: 'test@test.te', authenticated: true })).toEqual({
|
||||
keyParams: {
|
||||
foo: 'bar',
|
||||
},
|
||||
@@ -63,7 +61,7 @@ describe('GetUserKeyParams', () => {
|
||||
})
|
||||
|
||||
it('should get key params for an authenticated user - searching by uuid', async () => {
|
||||
expect(await createUseCase().execute({ userUuid: '1-2-3', authenticated: true, authenticatedUser: user })).toEqual({
|
||||
expect(await createUseCase().execute({ userUuid: '1-2-3', authenticated: true })).toEqual({
|
||||
keyParams: {
|
||||
foo: 'bar',
|
||||
},
|
||||
|
||||
@@ -22,16 +22,6 @@ export class GetUserKeyParams implements UseCaseInterface {
|
||||
) {}
|
||||
|
||||
async execute(dto: GetUserKeyParamsDTO): Promise<GetUserKeyParamsResponse> {
|
||||
if (dto.authenticatedUser) {
|
||||
this.logger.debug(`Creating key params for authenticated user ${dto.authenticatedUser.email}`)
|
||||
|
||||
const keyParams = await this.createKeyParams(dto, dto.authenticatedUser, true)
|
||||
|
||||
return {
|
||||
keyParams,
|
||||
}
|
||||
}
|
||||
|
||||
let user: User | null = null
|
||||
if (dto.email !== undefined) {
|
||||
const usernameOrError = Username.create(dto.email)
|
||||
|
||||
@@ -1,8 +1,5 @@
|
||||
import { User } from '../../User/User'
|
||||
|
||||
export type GetUserKeyParamsDTOV1Unchallenged = {
|
||||
authenticated: boolean
|
||||
email?: string
|
||||
userUuid?: string
|
||||
authenticatedUser?: User
|
||||
}
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
import { User } from '../../User/User'
|
||||
|
||||
export type GetUserKeyParamsDTOV2Challenged = {
|
||||
authenticated: boolean
|
||||
codeChallenge: string
|
||||
email?: string
|
||||
userUuid?: string
|
||||
authenticatedUser?: User
|
||||
}
|
||||
|
||||
@@ -1,42 +1,32 @@
|
||||
import { ControllerContainerInterface, Username } from '@standardnotes/domain-core'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
import { SettingName } from '@standardnotes/settings'
|
||||
import { Request } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpDelete,
|
||||
httpGet,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { CreateOfflineSubscriptionToken } from '../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
import { CreateSubscriptionToken } from '../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { DeleteSetting } from '../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { UserRepositoryInterface } from '../Domain/User/UserRepositoryInterface'
|
||||
|
||||
@controller('/admin')
|
||||
export class AdminController extends BaseHttpController {
|
||||
import { CreateOfflineSubscriptionToken } from '../../../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
import { CreateSubscriptionToken } from '../../../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { DeleteSetting } from '../../../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { UserRepositoryInterface } from '../../../Domain/User/UserRepositoryInterface'
|
||||
|
||||
export class HomeServerAdminController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_DeleteSetting) private doDeleteSetting: DeleteSetting,
|
||||
@inject(TYPES.Auth_UserRepository) private userRepository: UserRepositoryInterface,
|
||||
@inject(TYPES.Auth_CreateSubscriptionToken) private createSubscriptionToken: CreateSubscriptionToken,
|
||||
@inject(TYPES.Auth_CreateOfflineSubscriptionToken)
|
||||
private createOfflineSubscriptionToken: CreateOfflineSubscriptionToken,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
protected doDeleteSetting: DeleteSetting,
|
||||
protected userRepository: UserRepositoryInterface,
|
||||
protected createSubscriptionToken: CreateSubscriptionToken,
|
||||
protected createOfflineSubscriptionToken: CreateOfflineSubscriptionToken,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('admin.getUser', this.getUser.bind(this))
|
||||
this.controllerContainer.register('admin.deleteMFASetting', this.deleteMFASetting.bind(this))
|
||||
this.controllerContainer.register('admin.createToken', this.createToken.bind(this))
|
||||
this.controllerContainer.register('admin.createOfflineToken', this.createOfflineToken.bind(this))
|
||||
this.controllerContainer.register('admin.disableEmailBackups', this.disableEmailBackups.bind(this))
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('admin.getUser', this.getUser.bind(this))
|
||||
this.controllerContainer.register('admin.deleteMFASetting', this.deleteMFASetting.bind(this))
|
||||
this.controllerContainer.register('admin.createToken', this.createToken.bind(this))
|
||||
this.controllerContainer.register('admin.createOfflineToken', this.createOfflineToken.bind(this))
|
||||
this.controllerContainer.register('admin.disableEmailBackups', this.disableEmailBackups.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
@httpGet('/user/:email')
|
||||
async getUser(request: Request): Promise<results.JsonResult> {
|
||||
const usernameOrError = Username.create(request.params.email ?? '')
|
||||
if (usernameOrError.isFailed()) {
|
||||
@@ -69,7 +59,6 @@ export class AdminController extends BaseHttpController {
|
||||
})
|
||||
}
|
||||
|
||||
@httpDelete('/users/:userUuid/mfa')
|
||||
async deleteMFASetting(request: Request): Promise<results.JsonResult> {
|
||||
const { userUuid } = request.params
|
||||
const { uuid, updatedAt } = request.body
|
||||
@@ -89,7 +78,6 @@ export class AdminController extends BaseHttpController {
|
||||
return this.json(result, 400)
|
||||
}
|
||||
|
||||
@httpPost('/users/:userUuid/subscription-token')
|
||||
async createToken(request: Request): Promise<results.JsonResult> {
|
||||
const { userUuid } = request.params
|
||||
const result = await this.createSubscriptionToken.execute({
|
||||
@@ -101,7 +89,6 @@ export class AdminController extends BaseHttpController {
|
||||
})
|
||||
}
|
||||
|
||||
@httpPost('/users/:email/offline-subscription-token')
|
||||
async createOfflineToken(request: Request): Promise<results.JsonResult | results.BadRequestResult> {
|
||||
const { email } = request.params
|
||||
const result = await this.createOfflineSubscriptionToken.execute({
|
||||
@@ -117,7 +104,6 @@ export class AdminController extends BaseHttpController {
|
||||
})
|
||||
}
|
||||
|
||||
@httpPost('/users/:userUuid/email-backups')
|
||||
async disableEmailBackups(request: Request): Promise<results.BadRequestErrorMessageResult | results.OkResult> {
|
||||
const { userUuid } = request.params
|
||||
|
||||
@@ -0,0 +1,299 @@
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { Request, Response } from 'express'
|
||||
import { Logger } from 'winston'
|
||||
|
||||
import { ClearLoginAttempts } from '../../../Domain/UseCase/ClearLoginAttempts'
|
||||
import { GetUserKeyParams } from '../../../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
|
||||
import { IncreaseLoginAttempts } from '../../../Domain/UseCase/IncreaseLoginAttempts'
|
||||
import { SignIn } from '../../../Domain/UseCase/SignIn'
|
||||
import { VerifyMFA } from '../../../Domain/UseCase/VerifyMFA'
|
||||
import { AuthController } from '../../../Controller/AuthController'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
|
||||
export class HomeServerAuthController extends BaseHttpController {
|
||||
constructor(
|
||||
protected verifyMFA: VerifyMFA,
|
||||
protected signInUseCase: SignIn,
|
||||
protected getUserKeyParams: GetUserKeyParams,
|
||||
protected clearLoginAttempts: ClearLoginAttempts,
|
||||
protected increaseLoginAttempts: IncreaseLoginAttempts,
|
||||
protected logger: Logger,
|
||||
protected authController: AuthController,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.params', this.params.bind(this))
|
||||
this.controllerContainer.register('auth.signIn', this.signIn.bind(this))
|
||||
this.controllerContainer.register('auth.pkceParams', this.pkceParams.bind(this))
|
||||
this.controllerContainer.register('auth.pkceSignIn', this.pkceSignIn.bind(this))
|
||||
this.controllerContainer.register('auth.users.register', this.register.bind(this))
|
||||
this.controllerContainer.register('auth.generateRecoveryCodes', this.generateRecoveryCodes.bind(this))
|
||||
this.controllerContainer.register('auth.signInWithRecoveryCodes', this.recoveryLogin.bind(this))
|
||||
this.controllerContainer.register('auth.recoveryKeyParams', this.recoveryParams.bind(this))
|
||||
this.controllerContainer.register('auth.signOut', this.signOut.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
async params(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (response.locals.session) {
|
||||
const result = await this.getUserKeyParams.execute({
|
||||
email: response.locals.user.email,
|
||||
authenticated: true,
|
||||
})
|
||||
|
||||
return this.json(result.keyParams)
|
||||
}
|
||||
|
||||
if (!request.query.email) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: 'Please provide an email address.',
|
||||
},
|
||||
},
|
||||
400,
|
||||
)
|
||||
}
|
||||
|
||||
const verifyMFAResponse = await this.verifyMFA.execute({
|
||||
email: <string>request.query.email,
|
||||
requestParams: request.query,
|
||||
preventOTPFromFurtherUsage: false,
|
||||
})
|
||||
|
||||
if (!verifyMFAResponse.success) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: verifyMFAResponse.errorTag,
|
||||
message: verifyMFAResponse.errorMessage,
|
||||
payload: verifyMFAResponse.errorPayload,
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const result = await this.getUserKeyParams.execute({
|
||||
email: <string>request.query.email,
|
||||
authenticated: false,
|
||||
})
|
||||
|
||||
return this.json(result.keyParams)
|
||||
}
|
||||
|
||||
async signIn(request: Request): Promise<results.JsonResult> {
|
||||
if (!request.body.email || !request.body.password) {
|
||||
this.logger.debug('/auth/sign_in request missing credentials: %O', request.body)
|
||||
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: 'invalid-auth',
|
||||
message: 'Invalid login credentials.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const verifyMFAResponse = await this.verifyMFA.execute({
|
||||
email: request.body.email,
|
||||
requestParams: request.body,
|
||||
preventOTPFromFurtherUsage: true,
|
||||
})
|
||||
|
||||
if (!verifyMFAResponse.success) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: verifyMFAResponse.errorTag,
|
||||
message: verifyMFAResponse.errorMessage,
|
||||
payload: verifyMFAResponse.errorPayload,
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const signInResult = await this.signInUseCase.execute({
|
||||
apiVersion: request.body.api,
|
||||
userAgent: <string>request.headers['user-agent'],
|
||||
email: request.body.email,
|
||||
password: request.body.password,
|
||||
ephemeralSession: request.body.ephemeral ?? false,
|
||||
})
|
||||
|
||||
if (!signInResult.success) {
|
||||
await this.increaseLoginAttempts.execute({ email: request.body.email })
|
||||
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: signInResult.errorMessage,
|
||||
},
|
||||
},
|
||||
signInResult.errorCode ?? 401,
|
||||
)
|
||||
}
|
||||
|
||||
await this.clearLoginAttempts.execute({ email: request.body.email })
|
||||
|
||||
return this.json(signInResult.authResponse)
|
||||
}
|
||||
|
||||
async pkceParams(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (!request.body.code_challenge) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: 'Please provide the code challenge parameter.',
|
||||
},
|
||||
},
|
||||
400,
|
||||
)
|
||||
}
|
||||
|
||||
if (response.locals.session) {
|
||||
const result = await this.getUserKeyParams.execute({
|
||||
email: response.locals.user.email,
|
||||
authenticated: true,
|
||||
codeChallenge: request.body.code_challenge as string,
|
||||
})
|
||||
|
||||
return this.json(result.keyParams)
|
||||
}
|
||||
|
||||
if (!request.body.email) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: 'Please provide an email address.',
|
||||
},
|
||||
},
|
||||
400,
|
||||
)
|
||||
}
|
||||
|
||||
const verifyMFAResponse = await this.verifyMFA.execute({
|
||||
email: <string>request.body.email,
|
||||
requestParams: request.body,
|
||||
preventOTPFromFurtherUsage: true,
|
||||
})
|
||||
|
||||
if (!verifyMFAResponse.success) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: verifyMFAResponse.errorTag,
|
||||
message: verifyMFAResponse.errorMessage,
|
||||
payload: verifyMFAResponse.errorPayload,
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const result = await this.getUserKeyParams.execute({
|
||||
email: <string>request.body.email,
|
||||
authenticated: false,
|
||||
codeChallenge: request.body.code_challenge as string,
|
||||
})
|
||||
|
||||
return this.json(result.keyParams)
|
||||
}
|
||||
|
||||
async pkceSignIn(request: Request): Promise<results.JsonResult> {
|
||||
if (!request.body.email || !request.body.password || !request.body.code_verifier) {
|
||||
this.logger.debug('/auth/sign_in request missing credentials: %O', request.body)
|
||||
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: 'invalid-auth',
|
||||
message: 'Invalid login credentials.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const signInResult = await this.signInUseCase.execute({
|
||||
apiVersion: request.body.api,
|
||||
userAgent: <string>request.headers['user-agent'],
|
||||
email: request.body.email,
|
||||
password: request.body.password,
|
||||
ephemeralSession: request.body.ephemeral ?? false,
|
||||
codeVerifier: request.body.code_verifier,
|
||||
})
|
||||
|
||||
if (!signInResult.success) {
|
||||
await this.increaseLoginAttempts.execute({ email: request.body.email })
|
||||
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: signInResult.errorMessage,
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
await this.clearLoginAttempts.execute({ email: request.body.email })
|
||||
|
||||
return this.json(signInResult.authResponse)
|
||||
}
|
||||
|
||||
async generateRecoveryCodes(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authController.generateRecoveryCodes({
|
||||
userUuid: response.locals.user.uuid,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async recoveryLogin(request: Request): Promise<results.JsonResult> {
|
||||
const result = await this.authController.signInWithRecoveryCodes({
|
||||
apiVersion: request.body.api_version,
|
||||
userAgent: <string>request.headers['user-agent'],
|
||||
codeVerifier: request.body.code_verifier,
|
||||
username: request.body.username,
|
||||
recoveryCodes: request.body.recovery_codes,
|
||||
password: request.body.password,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async recoveryParams(request: Request): Promise<results.JsonResult> {
|
||||
const result = await this.authController.recoveryKeyParams({
|
||||
apiVersion: request.body.api_version,
|
||||
username: request.body.username,
|
||||
codeChallenge: request.body.code_challenge,
|
||||
recoveryCodes: request.body.recovery_codes,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async signOut(request: Request, response: Response): Promise<results.JsonResult | void> {
|
||||
const result = await this.authController.signOut({
|
||||
readOnlyAccess: response.locals.readOnlyAccess,
|
||||
authorizationHeader: <string>request.headers.authorization,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async register(request: Request): Promise<results.JsonResult> {
|
||||
const response = await this.authController.register({
|
||||
...request.body,
|
||||
userAgent: <string>request.headers['user-agent'],
|
||||
})
|
||||
|
||||
return this.json(response.data, response.status)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,74 @@
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { Request, Response } from 'express'
|
||||
|
||||
import { AuthenticatorsController } from '../../../Controller/AuthenticatorsController'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
|
||||
export class HomeServerAuthenticatorsController extends BaseHttpController {
|
||||
constructor(
|
||||
protected authenticatorsController: AuthenticatorsController,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.authenticators.list', this.list.bind(this))
|
||||
this.controllerContainer.register('auth.authenticators.delete', this.delete.bind(this))
|
||||
this.controllerContainer.register(
|
||||
'auth.authenticators.generateRegistrationOptions',
|
||||
this.generateRegistrationOptions.bind(this),
|
||||
)
|
||||
this.controllerContainer.register(
|
||||
'auth.authenticators.verifyRegistrationResponse',
|
||||
this.verifyRegistration.bind(this),
|
||||
)
|
||||
this.controllerContainer.register(
|
||||
'auth.authenticators.generateAuthenticationOptions',
|
||||
this.generateAuthenticationOptions.bind(this),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
async list(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.list({
|
||||
userUuid: response.locals.user.uuid,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async delete(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.delete({
|
||||
userUuid: response.locals.user.uuid,
|
||||
authenticatorId: request.params.authenticatorId,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async generateRegistrationOptions(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.generateRegistrationOptions({
|
||||
username: response.locals.user.email,
|
||||
userUuid: response.locals.user.uuid,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async verifyRegistration(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.verifyRegistrationResponse({
|
||||
userUuid: response.locals.user.uuid,
|
||||
attestationResponse: request.body.attestationResponse,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async generateAuthenticationOptions(request: Request): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.generateAuthenticationOptions({
|
||||
username: request.body.username,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,42 @@
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { Request, Response } from 'express'
|
||||
|
||||
import { GetUserFeatures } from '../../../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
|
||||
export class HomeServerFeaturesController extends BaseHttpController {
|
||||
constructor(
|
||||
protected doGetUserFeatures: GetUserFeatures,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.users.getFeatures', this.getFeatures.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
async getFeatures(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (request.params.userUuid !== response.locals.user.uuid) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: 'Operation not allowed.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const result = await this.doGetUserFeatures.execute({
|
||||
userUuid: request.params.userUuid,
|
||||
offline: false,
|
||||
})
|
||||
|
||||
if (result.success) {
|
||||
return this.json(result)
|
||||
}
|
||||
|
||||
return this.json(result, 400)
|
||||
}
|
||||
}
|
||||
@@ -1,24 +1,22 @@
|
||||
import { inject } from 'inversify'
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
import { BaseHttpController, controller, httpPost, results } from 'inversify-express-utils'
|
||||
import { Request, Response } from 'express'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { CreateListedAccount } from '../Domain/UseCase/CreateListedAccount/CreateListedAccount'
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
import { Request, Response } from 'express'
|
||||
|
||||
@controller('/listed')
|
||||
export class ListedController extends BaseHttpController {
|
||||
import { CreateListedAccount } from '../../../Domain/UseCase/CreateListedAccount/CreateListedAccount'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
|
||||
export class HomeServerListedController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_CreateListedAccount) private doCreateListedAccount: CreateListedAccount,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
protected doCreateListedAccount: CreateListedAccount,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.users.createListedAccount', this.createListedAccount.bind(this))
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.users.createListedAccount', this.createListedAccount.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
@httpPost('/', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async createListedAccount(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json(
|
||||
@@ -1,44 +1,34 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpGet,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { GetUserFeatures } from '../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { AuthenticateOfflineSubscriptionToken } from '../Domain/UseCase/AuthenticateOfflineSubscriptionToken/AuthenticateOfflineSubscriptionToken'
|
||||
import { CreateOfflineSubscriptionToken } from '../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
import { GetUserOfflineSubscription } from '../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription'
|
||||
import { Logger } from 'winston'
|
||||
import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/security'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { Request, Response } from 'express'
|
||||
import { TokenEncoderInterface, OfflineUserTokenData } from '@standardnotes/security'
|
||||
import { Logger } from 'winston'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
|
||||
@controller('/offline')
|
||||
export class OfflineController extends BaseHttpController {
|
||||
import { AuthenticateOfflineSubscriptionToken } from '../../../Domain/UseCase/AuthenticateOfflineSubscriptionToken/AuthenticateOfflineSubscriptionToken'
|
||||
import { CreateOfflineSubscriptionToken } from '../../../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
import { GetUserFeatures } from '../../../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { GetUserOfflineSubscription } from '../../../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription'
|
||||
|
||||
export class HomeServerOfflineController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_GetUserFeatures) private doGetUserFeatures: GetUserFeatures,
|
||||
@inject(TYPES.Auth_GetUserOfflineSubscription) private getUserOfflineSubscription: GetUserOfflineSubscription,
|
||||
@inject(TYPES.Auth_CreateOfflineSubscriptionToken)
|
||||
private createOfflineSubscriptionToken: CreateOfflineSubscriptionToken,
|
||||
@inject(TYPES.Auth_AuthenticateOfflineSubscriptionToken)
|
||||
private authenticateToken: AuthenticateOfflineSubscriptionToken,
|
||||
@inject(TYPES.Auth_OfflineUserTokenEncoder) private tokenEncoder: TokenEncoderInterface<OfflineUserTokenData>,
|
||||
@inject(TYPES.Auth_AUTH_JWT_TTL) private jwtTTL: number,
|
||||
@inject(TYPES.Auth_Logger) private logger: Logger,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
protected doGetUserFeatures: GetUserFeatures,
|
||||
protected getUserOfflineSubscription: GetUserOfflineSubscription,
|
||||
protected createOfflineSubscriptionToken: CreateOfflineSubscriptionToken,
|
||||
protected authenticateToken: AuthenticateOfflineSubscriptionToken,
|
||||
protected tokenEncoder: TokenEncoderInterface<OfflineUserTokenData>,
|
||||
protected jwtTTL: number,
|
||||
protected logger: Logger,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.offline.features', this.getOfflineFeatures.bind(this))
|
||||
this.controllerContainer.register('auth.offline.subscriptionTokens.create', this.createToken.bind(this))
|
||||
this.controllerContainer.register('auth.users.getOfflineSubscriptionByToken', this.getSubscription.bind(this))
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.offline.features', this.getOfflineFeatures.bind(this))
|
||||
this.controllerContainer.register('auth.offline.subscriptionTokens.create', this.createToken.bind(this))
|
||||
this.controllerContainer.register('auth.users.getOfflineSubscriptionByToken', this.getSubscription.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
@httpGet('/features', TYPES.Auth_OfflineUserAuthMiddleware)
|
||||
async getOfflineFeatures(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.doGetUserFeatures.execute({
|
||||
email: response.locals.offlineUserEmail,
|
||||
@@ -52,7 +42,6 @@ export class OfflineController extends BaseHttpController {
|
||||
return this.json(result, 400)
|
||||
}
|
||||
|
||||
@httpPost('/subscription-tokens')
|
||||
async createToken(request: Request): Promise<results.JsonResult> {
|
||||
if (!request.body.email) {
|
||||
return this.json(
|
||||
@@ -77,7 +66,6 @@ export class OfflineController extends BaseHttpController {
|
||||
return this.json({ success: true })
|
||||
}
|
||||
|
||||
@httpPost('/subscription-tokens/:token/validate')
|
||||
async validate(request: Request): Promise<results.JsonResult> {
|
||||
if (!request.body.email) {
|
||||
this.logger.debug('[Offline Subscription Token Validation] Missing email')
|
||||
@@ -126,7 +114,6 @@ export class OfflineController extends BaseHttpController {
|
||||
return this.json({ authToken })
|
||||
}
|
||||
|
||||
@httpGet('/users/subscription', TYPES.Auth_ApiGatewayOfflineAuthMiddleware)
|
||||
async getSubscription(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.getUserOfflineSubscription.execute({
|
||||
userEmail: response.locals.userEmail,
|
||||
@@ -1,38 +1,29 @@
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpDelete,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { DeletePreviousSessionsForUser } from '../Domain/UseCase/DeletePreviousSessionsForUser'
|
||||
import { DeleteSessionForUser } from '../Domain/UseCase/DeleteSessionForUser'
|
||||
import { RefreshSessionToken } from '../Domain/UseCase/RefreshSessionToken'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { Request, Response } from 'express'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
|
||||
@controller('/session')
|
||||
export class SessionController extends BaseHttpController {
|
||||
import { DeletePreviousSessionsForUser } from '../../../Domain/UseCase/DeletePreviousSessionsForUser'
|
||||
import { DeleteSessionForUser } from '../../../Domain/UseCase/DeleteSessionForUser'
|
||||
import { RefreshSessionToken } from '../../../Domain/UseCase/RefreshSessionToken'
|
||||
|
||||
export class HomeServerSessionController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_DeleteSessionForUser) private deleteSessionForUser: DeleteSessionForUser,
|
||||
@inject(TYPES.Auth_DeletePreviousSessionsForUser)
|
||||
private deletePreviousSessionsForUser: DeletePreviousSessionsForUser,
|
||||
@inject(TYPES.Auth_RefreshSessionToken) private refreshSessionToken: RefreshSessionToken,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
protected deleteSessionForUser: DeleteSessionForUser,
|
||||
protected deletePreviousSessionsForUser: DeletePreviousSessionsForUser,
|
||||
protected refreshSessionToken: RefreshSessionToken,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.session.delete', this.deleteSession.bind(this))
|
||||
this.controllerContainer.register('auth.session.deleteAll', this.deleteAllSessions.bind(this))
|
||||
this.controllerContainer.register('auth.session.refresh', this.refresh.bind(this))
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.sessions.delete', this.deleteSession.bind(this))
|
||||
this.controllerContainer.register('auth.sessions.deleteAll', this.deleteAllSessions.bind(this))
|
||||
this.controllerContainer.register('auth.sessions.refresh', this.refresh.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
@httpDelete('/', TYPES.Auth_AuthMiddleware, TYPES.Auth_SessionMiddleware)
|
||||
async deleteSession(request: Request, response: Response): Promise<results.JsonResult | void> {
|
||||
async deleteSession(request: Request, response: Response): Promise<results.JsonResult | results.StatusCodeResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json(
|
||||
{
|
||||
@@ -84,11 +75,14 @@ export class SessionController extends BaseHttpController {
|
||||
}
|
||||
|
||||
response.setHeader('x-invalidate-cache', response.locals.user.uuid)
|
||||
response.status(204).send()
|
||||
|
||||
return this.statusCode(204)
|
||||
}
|
||||
|
||||
@httpDelete('/all', TYPES.Auth_AuthMiddleware, TYPES.Auth_SessionMiddleware)
|
||||
async deleteAllSessions(_request: Request, response: Response): Promise<results.JsonResult | void> {
|
||||
async deleteAllSessions(
|
||||
_request: Request,
|
||||
response: Response,
|
||||
): Promise<results.JsonResult | results.StatusCodeResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json(
|
||||
{
|
||||
@@ -118,11 +112,11 @@ export class SessionController extends BaseHttpController {
|
||||
})
|
||||
|
||||
response.setHeader('x-invalidate-cache', response.locals.user.uuid)
|
||||
response.status(204).send()
|
||||
|
||||
return this.statusCode(204)
|
||||
}
|
||||
|
||||
@httpPost('/refresh')
|
||||
async refresh(request: Request, response: Response): Promise<results.JsonResult | void> {
|
||||
async refresh(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (!request.body.access_token || !request.body.refresh_token) {
|
||||
return this.json(
|
||||
{
|
||||
@@ -152,7 +146,7 @@ export class SessionController extends BaseHttpController {
|
||||
}
|
||||
|
||||
response.setHeader('x-invalidate-cache', result.userUuid as string)
|
||||
response.send({
|
||||
return this.json({
|
||||
session: result.sessionPayload,
|
||||
})
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { Request, Response } from 'express'
|
||||
|
||||
import { AuthenticateRequest } from '../../../Domain/UseCase/AuthenticateRequest'
|
||||
import { CreateCrossServiceToken } from '../../../Domain/UseCase/CreateCrossServiceToken/CreateCrossServiceToken'
|
||||
import { GetActiveSessionsForUser } from '../../../Domain/UseCase/GetActiveSessionsForUser'
|
||||
import { ProjectorInterface } from '../../../Projection/ProjectorInterface'
|
||||
import { Session } from '../../../Domain/Session/Session'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
import { User } from '../../../Domain/User/User'
|
||||
import { SessionProjector } from '../../../Projection/SessionProjector'
|
||||
|
||||
export class HomeServerSessionsController extends BaseHttpController {
|
||||
constructor(
|
||||
protected getActiveSessionsForUser: GetActiveSessionsForUser,
|
||||
protected authenticateRequest: AuthenticateRequest,
|
||||
protected sessionProjector: ProjectorInterface<Session>,
|
||||
protected createCrossServiceToken: CreateCrossServiceToken,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.sessions.list', this.getSessions.bind(this))
|
||||
this.controllerContainer.register('auth.sessions.validate', this.validate.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
async validate(request: Request): Promise<results.JsonResult> {
|
||||
const authenticateRequestResponse = await this.authenticateRequest.execute({
|
||||
authorizationHeader: request.headers.authorization,
|
||||
})
|
||||
|
||||
if (!authenticateRequestResponse.success) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: authenticateRequestResponse.errorTag,
|
||||
message: authenticateRequestResponse.errorMessage,
|
||||
},
|
||||
},
|
||||
authenticateRequestResponse.responseCode,
|
||||
)
|
||||
}
|
||||
|
||||
const user = authenticateRequestResponse.user as User
|
||||
|
||||
const result = await this.createCrossServiceToken.execute({
|
||||
user,
|
||||
session: authenticateRequestResponse.session,
|
||||
})
|
||||
|
||||
return this.json({ authToken: result.token })
|
||||
}
|
||||
|
||||
async getSessions(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json([])
|
||||
}
|
||||
|
||||
const useCaseResponse = await this.getActiveSessionsForUser.execute({
|
||||
userUuid: response.locals.user.uuid,
|
||||
})
|
||||
|
||||
return this.json(
|
||||
useCaseResponse.sessions.map((session) =>
|
||||
this.sessionProjector.projectCustom(
|
||||
SessionProjector.CURRENT_SESSION_PROJECTION.toString(),
|
||||
session,
|
||||
response.locals.session,
|
||||
),
|
||||
),
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -1,41 +1,32 @@
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpDelete,
|
||||
httpGet,
|
||||
httpPut,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { EncryptionVersion } from '../Domain/Encryption/EncryptionVersion'
|
||||
import { DeleteSetting } from '../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { GetSetting } from '../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { GetSettings } from '../Domain/UseCase/GetSettings/GetSettings'
|
||||
import { UpdateSetting } from '../Domain/UseCase/UpdateSetting/UpdateSetting'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
|
||||
@controller('/users/:userUuid')
|
||||
export class SettingsController extends BaseHttpController {
|
||||
import { DeleteSetting } from '../../../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { GetSetting } from '../../../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { GetSettings } from '../../../Domain/UseCase/GetSettings/GetSettings'
|
||||
import { UpdateSetting } from '../../../Domain/UseCase/UpdateSetting/UpdateSetting'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
import { EncryptionVersion } from '../../../Domain/Encryption/EncryptionVersion'
|
||||
|
||||
export class HomeServerSettingsController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_GetSettings) private doGetSettings: GetSettings,
|
||||
@inject(TYPES.Auth_GetSetting) private doGetSetting: GetSetting,
|
||||
@inject(TYPES.Auth_UpdateSetting) private doUpdateSetting: UpdateSetting,
|
||||
@inject(TYPES.Auth_DeleteSetting) private doDeleteSetting: DeleteSetting,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
protected doGetSettings: GetSettings,
|
||||
protected doGetSetting: GetSetting,
|
||||
protected doUpdateSetting: UpdateSetting,
|
||||
protected doDeleteSetting: DeleteSetting,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.users.getSettings', this.getSettings.bind(this))
|
||||
this.controllerContainer.register('auth.users.getSetting', this.getSetting.bind(this))
|
||||
this.controllerContainer.register('auth.users.updateSetting', this.updateSetting.bind(this))
|
||||
this.controllerContainer.register('auth.users.deleteSetting', this.deleteSetting.bind(this))
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.users.getSettings', this.getSettings.bind(this))
|
||||
this.controllerContainer.register('auth.users.getSetting', this.getSetting.bind(this))
|
||||
this.controllerContainer.register('auth.users.updateSetting', this.updateSetting.bind(this))
|
||||
this.controllerContainer.register('auth.users.deleteSetting', this.deleteSetting.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
@httpGet('/settings', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async getSettings(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (request.params.userUuid !== response.locals.user.uuid) {
|
||||
return this.json(
|
||||
@@ -54,7 +45,6 @@ export class SettingsController extends BaseHttpController {
|
||||
return this.json(result)
|
||||
}
|
||||
|
||||
@httpGet('/settings/:settingName', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async getSetting(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (request.params.userUuid !== response.locals.user.uuid) {
|
||||
return this.json(
|
||||
@@ -77,7 +67,6 @@ export class SettingsController extends BaseHttpController {
|
||||
return this.json(result, 400)
|
||||
}
|
||||
|
||||
@httpPut('/settings', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async updateSetting(request: Request, response: Response): Promise<results.JsonResult | results.StatusCodeResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json(
|
||||
@@ -124,7 +113,6 @@ export class SettingsController extends BaseHttpController {
|
||||
return this.json(result, result.statusCode)
|
||||
}
|
||||
|
||||
@httpDelete('/settings/:settingName', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async deleteSetting(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json(
|
||||
@@ -0,0 +1,74 @@
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { Request, Response } from 'express'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
import { ApiVersion } from '@standardnotes/api'
|
||||
|
||||
import { SubscriptionInvitesController } from '../../../Controller/SubscriptionInvitesController'
|
||||
import { Role } from '../../../Domain/Role/Role'
|
||||
|
||||
export class HomeServerSubscriptionInvitesController extends BaseHttpController {
|
||||
constructor(
|
||||
protected subscriptionInvitesController: SubscriptionInvitesController,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.subscriptionInvites.accept', this.acceptInvite.bind(this))
|
||||
this.controllerContainer.register('auth.subscriptionInvites.declineInvite', this.declineInvite.bind(this))
|
||||
this.controllerContainer.register('auth.subscriptionInvites.create', this.inviteToSubscriptionSharing.bind(this))
|
||||
this.controllerContainer.register('auth.subscriptionInvites.delete', this.cancelSubscriptionSharing.bind(this))
|
||||
this.controllerContainer.register('auth.subscriptionInvites.list', this.listInvites.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
async acceptInvite(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.subscriptionInvitesController.acceptInvite({
|
||||
api: request.query.api as ApiVersion,
|
||||
inviteUuid: request.params.inviteUuid,
|
||||
})
|
||||
|
||||
response.setHeader('x-invalidate-cache', response.locals.user.uuid)
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async declineInvite(request: Request): Promise<results.JsonResult> {
|
||||
const response = await this.subscriptionInvitesController.declineInvite({
|
||||
api: request.query.api as ApiVersion,
|
||||
inviteUuid: request.params.inviteUuid,
|
||||
})
|
||||
|
||||
return this.json(response.data, response.status)
|
||||
}
|
||||
|
||||
async inviteToSubscriptionSharing(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.subscriptionInvitesController.invite({
|
||||
...request.body,
|
||||
inviterEmail: response.locals.user.email,
|
||||
inviterUuid: response.locals.user.uuid,
|
||||
inviterRoles: response.locals.roles.map((role: Role) => role.name),
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async cancelSubscriptionSharing(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.subscriptionInvitesController.cancelInvite({
|
||||
...request.body,
|
||||
inviteUuid: request.params.inviteUuid,
|
||||
inviterEmail: response.locals.user.email,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
|
||||
async listInvites(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.subscriptionInvitesController.listInvites({
|
||||
...request.body,
|
||||
inviterEmail: response.locals.user.email,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,28 @@
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
import { Request, Response } from 'express'
|
||||
|
||||
import { GetSetting } from '../../../Domain/UseCase/GetSetting/GetSetting'
|
||||
|
||||
export class HomeServerSubscriptionSettingsController extends BaseHttpController {
|
||||
constructor(protected doGetSetting: GetSetting, private controllerContainer?: ControllerContainerInterface) {
|
||||
super()
|
||||
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.users.getSubscriptionSetting', this.getSubscriptionSetting.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
async getSubscriptionSetting(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.doGetSetting.execute({
|
||||
userUuid: response.locals.user.uuid,
|
||||
settingName: request.params.subscriptionSettingName.toUpperCase(),
|
||||
})
|
||||
|
||||
if (result.success) {
|
||||
return this.json(result)
|
||||
}
|
||||
|
||||
return this.json(result, 400)
|
||||
}
|
||||
}
|
||||
@@ -1,43 +1,34 @@
|
||||
import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security'
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
import { SettingName } from '@standardnotes/settings'
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { Role } from '../Domain/Role/Role'
|
||||
import { SettingServiceInterface } from '../Domain/Setting/SettingServiceInterface'
|
||||
import { AuthenticateSubscriptionToken } from '../Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken'
|
||||
import { CreateSubscriptionToken } from '../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { ProjectorInterface } from '../Projection/ProjectorInterface'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
import { Role, TokenEncoderInterface, CrossServiceTokenData } from '@standardnotes/security'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
import { Request, Response } from 'express'
|
||||
|
||||
@controller('/subscription-tokens')
|
||||
export class SubscriptionTokensController extends BaseHttpController {
|
||||
import { SettingServiceInterface } from '../../../Domain/Setting/SettingServiceInterface'
|
||||
import { AuthenticateSubscriptionToken } from '../../../Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken'
|
||||
import { CreateSubscriptionToken } from '../../../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { ProjectorInterface } from '../../../Projection/ProjectorInterface'
|
||||
import { SettingName } from '@standardnotes/settings'
|
||||
import { User } from '../../../Domain/User/User'
|
||||
|
||||
export class HomeServerSubscriptionTokensController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_CreateSubscriptionToken) private createSubscriptionToken: CreateSubscriptionToken,
|
||||
@inject(TYPES.Auth_AuthenticateSubscriptionToken) private authenticateToken: AuthenticateSubscriptionToken,
|
||||
@inject(TYPES.Auth_SettingService) private settingService: SettingServiceInterface,
|
||||
@inject(TYPES.Auth_UserProjector) private userProjector: ProjectorInterface<User>,
|
||||
@inject(TYPES.Auth_RoleProjector) private roleProjector: ProjectorInterface<Role>,
|
||||
@inject(TYPES.Auth_CrossServiceTokenEncoder) private tokenEncoder: TokenEncoderInterface<CrossServiceTokenData>,
|
||||
@inject(TYPES.Auth_AUTH_JWT_TTL) private jwtTTL: number,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
protected createSubscriptionToken: CreateSubscriptionToken,
|
||||
protected authenticateToken: AuthenticateSubscriptionToken,
|
||||
protected settingService: SettingServiceInterface,
|
||||
protected userProjector: ProjectorInterface<User>,
|
||||
protected roleProjector: ProjectorInterface<Role>,
|
||||
protected tokenEncoder: TokenEncoderInterface<CrossServiceTokenData>,
|
||||
protected jwtTTL: number,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.subscription-tokens.create', this.createToken.bind(this))
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.subscription-tokens.create', this.createToken.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
@httpPost('/', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async createToken(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json(
|
||||
@@ -60,7 +51,6 @@ export class SubscriptionTokensController extends BaseHttpController {
|
||||
})
|
||||
}
|
||||
|
||||
@httpPost('/:token/validate')
|
||||
async validate(request: Request): Promise<results.JsonResult> {
|
||||
const authenticateTokenResponse = await this.authenticateToken.execute({
|
||||
token: request.params.token,
|
||||
@@ -0,0 +1,28 @@
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
import { Request, Response } from 'express'
|
||||
|
||||
import { UserRequestsController } from '../../../Controller/UserRequestsController'
|
||||
|
||||
export class HomeServerUserRequestsController extends BaseHttpController {
|
||||
constructor(
|
||||
protected userRequestsController: UserRequestsController,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.users.createRequest', this.submitRequest.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
async submitRequest(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.userRequestsController.submitUserRequest({
|
||||
requestType: request.body.requestType,
|
||||
userUuid: response.locals.user.uuid,
|
||||
userEmail: response.locals.user.email,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
}
|
||||
}
|
||||
@@ -1,48 +1,38 @@
|
||||
import { ControllerContainerInterface, Username } from '@standardnotes/domain-core'
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpDelete,
|
||||
httpGet,
|
||||
httpPatch,
|
||||
httpPut,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { DeleteAccount } from '../Domain/UseCase/DeleteAccount/DeleteAccount'
|
||||
import { GetUserKeyParams } from '../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
|
||||
import { UpdateUser } from '../Domain/UseCase/UpdateUser'
|
||||
import { GetUserSubscription } from '../Domain/UseCase/GetUserSubscription/GetUserSubscription'
|
||||
import { ClearLoginAttempts } from '../Domain/UseCase/ClearLoginAttempts'
|
||||
import { IncreaseLoginAttempts } from '../Domain/UseCase/IncreaseLoginAttempts'
|
||||
import { ChangeCredentials } from '../Domain/UseCase/ChangeCredentials/ChangeCredentials'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
|
||||
@controller('/users')
|
||||
export class UsersController extends BaseHttpController {
|
||||
import { ChangeCredentials } from '../../../Domain/UseCase/ChangeCredentials/ChangeCredentials'
|
||||
import { ClearLoginAttempts } from '../../../Domain/UseCase/ClearLoginAttempts'
|
||||
import { DeleteAccount } from '../../../Domain/UseCase/DeleteAccount/DeleteAccount'
|
||||
import { GetUserKeyParams } from '../../../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
|
||||
import { GetUserSubscription } from '../../../Domain/UseCase/GetUserSubscription/GetUserSubscription'
|
||||
import { IncreaseLoginAttempts } from '../../../Domain/UseCase/IncreaseLoginAttempts'
|
||||
import { UpdateUser } from '../../../Domain/UseCase/UpdateUser'
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
|
||||
export class HomeServerUsersController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_UpdateUser) private updateUser: UpdateUser,
|
||||
@inject(TYPES.Auth_GetUserKeyParams) private getUserKeyParams: GetUserKeyParams,
|
||||
@inject(TYPES.Auth_DeleteAccount) private doDeleteAccount: DeleteAccount,
|
||||
@inject(TYPES.Auth_GetUserSubscription) private doGetUserSubscription: GetUserSubscription,
|
||||
@inject(TYPES.Auth_ClearLoginAttempts) private clearLoginAttempts: ClearLoginAttempts,
|
||||
@inject(TYPES.Auth_IncreaseLoginAttempts) private increaseLoginAttempts: IncreaseLoginAttempts,
|
||||
@inject(TYPES.Auth_ChangeCredentials) private changeCredentialsUseCase: ChangeCredentials,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
protected updateUser: UpdateUser,
|
||||
protected getUserKeyParams: GetUserKeyParams,
|
||||
protected doDeleteAccount: DeleteAccount,
|
||||
protected doGetUserSubscription: GetUserSubscription,
|
||||
protected clearLoginAttempts: ClearLoginAttempts,
|
||||
protected increaseLoginAttempts: IncreaseLoginAttempts,
|
||||
protected changeCredentialsUseCase: ChangeCredentials,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.users.update', this.update.bind(this))
|
||||
this.controllerContainer.register('auth.users.getKeyParams', this.keyParams.bind(this))
|
||||
this.controllerContainer.register('auth.users.getSubscription', this.getSubscription.bind(this))
|
||||
this.controllerContainer.register('auth.users.updateCredentials', this.changeCredentials.bind(this))
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.users.update', this.update.bind(this))
|
||||
this.controllerContainer.register('auth.users.getKeyParams', this.keyParams.bind(this))
|
||||
this.controllerContainer.register('auth.users.getSubscription', this.getSubscription.bind(this))
|
||||
this.controllerContainer.register('auth.users.updateCredentials', this.changeCredentials.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
@httpPatch('/:userId', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async update(request: Request, response: Response): Promise<results.JsonResult | void> {
|
||||
async update(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json(
|
||||
{
|
||||
@@ -83,9 +73,8 @@ export class UsersController extends BaseHttpController {
|
||||
|
||||
if (updateResult.success) {
|
||||
response.setHeader('x-invalidate-cache', response.locals.user.uuid)
|
||||
response.send(updateResult.authResponse)
|
||||
|
||||
return
|
||||
return this.json(updateResult.authResponse)
|
||||
}
|
||||
|
||||
return this.json(
|
||||
@@ -98,7 +87,6 @@ export class UsersController extends BaseHttpController {
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/params')
|
||||
async keyParams(request: Request): Promise<results.JsonResult> {
|
||||
const email = 'email' in request.query ? <string>request.query.email : undefined
|
||||
const userUuid = 'uuid' in request.query ? <string>request.query.uuid : undefined
|
||||
@@ -123,7 +111,6 @@ export class UsersController extends BaseHttpController {
|
||||
return this.json(result.keyParams)
|
||||
}
|
||||
|
||||
@httpDelete('/:email')
|
||||
async deleteAccount(request: Request): Promise<results.JsonResult> {
|
||||
const result = await this.doDeleteAccount.execute({
|
||||
email: request.params.email,
|
||||
@@ -132,7 +119,6 @@ export class UsersController extends BaseHttpController {
|
||||
return this.json({ message: result.message }, result.responseCode)
|
||||
}
|
||||
|
||||
@httpGet('/:userUuid/subscription', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async getSubscription(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (request.params.userUuid !== response.locals.user.uuid) {
|
||||
return this.json(
|
||||
@@ -156,8 +142,7 @@ export class UsersController extends BaseHttpController {
|
||||
return this.json(result, 400)
|
||||
}
|
||||
|
||||
@httpPut('/:userId/attributes/credentials', TYPES.Auth_AuthMiddleware)
|
||||
async changeCredentials(request: Request, response: Response): Promise<results.JsonResult | void> {
|
||||
async changeCredentials(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json(
|
||||
{
|
||||
@@ -203,9 +188,21 @@ export class UsersController extends BaseHttpController {
|
||||
400,
|
||||
)
|
||||
}
|
||||
const usernameOrError = Username.create(response.locals.user.email)
|
||||
if (usernameOrError.isFailed()) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: 'Invalid username.',
|
||||
},
|
||||
},
|
||||
400,
|
||||
)
|
||||
}
|
||||
const username = usernameOrError.getValue()
|
||||
|
||||
const changeCredentialsResult = await this.changeCredentialsUseCase.execute({
|
||||
user: response.locals.user,
|
||||
username,
|
||||
apiVersion: request.body.api,
|
||||
currentPassword: request.body.current_password,
|
||||
newPassword: request.body.new_password,
|
||||
@@ -233,6 +230,7 @@ export class UsersController extends BaseHttpController {
|
||||
await this.clearLoginAttempts.execute({ email: response.locals.user.email })
|
||||
|
||||
response.setHeader('x-invalidate-cache', response.locals.user.uuid)
|
||||
response.send(changeCredentialsResult.authResponse)
|
||||
|
||||
return this.json(changeCredentialsResult.authResponse)
|
||||
}
|
||||
}
|
||||
@@ -1,31 +1,20 @@
|
||||
import { inject } from 'inversify'
|
||||
import { ControllerContainerInterface, Uuid } from '@standardnotes/domain-core'
|
||||
import { Request, Response } from 'express'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
|
||||
import { CreateValetToken } from '../../../Domain/UseCase/CreateValetToken/CreateValetToken'
|
||||
import { CreateValetTokenPayload, ErrorTag } from '@standardnotes/responses'
|
||||
import { ValetTokenOperation } from '@standardnotes/security'
|
||||
import { ControllerContainerInterface, Uuid } from '@standardnotes/domain-core'
|
||||
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { CreateValetToken } from '../Domain/UseCase/CreateValetToken/CreateValetToken'
|
||||
|
||||
@controller('/valet-tokens', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
export class ValetTokenController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_CreateValetToken) private createValetKey: CreateValetToken,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
) {
|
||||
export class HomeServerValetTokenController extends BaseHttpController {
|
||||
constructor(protected createValetKey: CreateValetToken, private controllerContainer?: ControllerContainerInterface) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.valet-tokens.create', this.create.bind(this))
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.valet-tokens.create', this.create.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
@httpPost('/')
|
||||
public async create(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const payload: CreateValetTokenPayload = request.body
|
||||
|
||||
@@ -0,0 +1,55 @@
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { TokenDecoderInterface, WebSocketConnectionTokenData } from '@standardnotes/security'
|
||||
import { Request } from 'express'
|
||||
import { BaseHttpController, results } from 'inversify-express-utils'
|
||||
|
||||
import { CreateCrossServiceToken } from '../../../Domain/UseCase/CreateCrossServiceToken/CreateCrossServiceToken'
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
|
||||
export class HomeServerWebSocketsController extends BaseHttpController {
|
||||
constructor(
|
||||
protected createCrossServiceToken: CreateCrossServiceToken,
|
||||
protected tokenDecoder: TokenDecoderInterface<WebSocketConnectionTokenData>,
|
||||
private controllerContainer?: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
if (this.controllerContainer !== undefined) {
|
||||
this.controllerContainer.register('auth.webSockets.validateToken', this.validateToken.bind(this))
|
||||
}
|
||||
}
|
||||
|
||||
async validateToken(request: Request): Promise<results.JsonResult> {
|
||||
if (!request.headers.authorization) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: ErrorTag.AuthInvalid,
|
||||
message: 'Invalid authorization token.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const token: WebSocketConnectionTokenData | undefined = this.tokenDecoder.decodeToken(request.headers.authorization)
|
||||
|
||||
if (token === undefined) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: ErrorTag.AuthInvalid,
|
||||
message: 'Invalid authorization token.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const result = await this.createCrossServiceToken.execute({
|
||||
userUuid: token.userUuid,
|
||||
})
|
||||
|
||||
return this.json({ authToken: result.token })
|
||||
}
|
||||
}
|
||||
@@ -1,31 +1,28 @@
|
||||
import 'reflect-metadata'
|
||||
|
||||
import { AdminController } from './AdminController'
|
||||
import { InversifyExpressAdminController } from './InversifyExpressAdminController'
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { UserRepositoryInterface } from '../Domain/User/UserRepositoryInterface'
|
||||
import { User } from '../../Domain/User/User'
|
||||
import { UserRepositoryInterface } from '../../Domain/User/UserRepositoryInterface'
|
||||
import * as express from 'express'
|
||||
import { DeleteSetting } from '../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { CreateSubscriptionToken } from '../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { CreateOfflineSubscriptionToken } from '../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { DeleteSetting } from '../../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { CreateSubscriptionToken } from '../../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { CreateOfflineSubscriptionToken } from '../../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
|
||||
describe('AdminController', () => {
|
||||
describe('InversifyExpressAdminController', () => {
|
||||
let deleteSetting: DeleteSetting
|
||||
let userRepository: UserRepositoryInterface
|
||||
let createSubscriptionToken: CreateSubscriptionToken
|
||||
let createOfflineSubscriptionToken: CreateOfflineSubscriptionToken
|
||||
let request: express.Request
|
||||
let user: User
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () =>
|
||||
new AdminController(
|
||||
new InversifyExpressAdminController(
|
||||
deleteSetting,
|
||||
userRepository,
|
||||
createSubscriptionToken,
|
||||
createOfflineSubscriptionToken,
|
||||
controllerContainer,
|
||||
)
|
||||
|
||||
beforeEach(() => {
|
||||
@@ -58,9 +55,6 @@ describe('AdminController', () => {
|
||||
body: {},
|
||||
params: {},
|
||||
} as jest.Mocked<express.Request>
|
||||
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
})
|
||||
|
||||
it('should return error if missing email parameter', async () => {
|
||||
@@ -0,0 +1,56 @@
|
||||
import { Request } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
controller,
|
||||
httpDelete,
|
||||
httpGet,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { HomeServerAdminController } from './HomeServer/HomeServerAdminController'
|
||||
import { CreateOfflineSubscriptionToken } from '../../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
import { CreateSubscriptionToken } from '../../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { DeleteSetting } from '../../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { UserRepositoryInterface } from '../../Domain/User/UserRepositoryInterface'
|
||||
|
||||
@controller('/admin')
|
||||
export class InversifyExpressAdminController extends HomeServerAdminController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_DeleteSetting) override doDeleteSetting: DeleteSetting,
|
||||
@inject(TYPES.Auth_UserRepository) override userRepository: UserRepositoryInterface,
|
||||
@inject(TYPES.Auth_CreateSubscriptionToken) override createSubscriptionToken: CreateSubscriptionToken,
|
||||
@inject(TYPES.Auth_CreateOfflineSubscriptionToken)
|
||||
override createOfflineSubscriptionToken: CreateOfflineSubscriptionToken,
|
||||
) {
|
||||
super(doDeleteSetting, userRepository, createSubscriptionToken, createOfflineSubscriptionToken)
|
||||
}
|
||||
|
||||
@httpGet('/user/:email')
|
||||
override async getUser(request: Request): Promise<results.JsonResult> {
|
||||
return super.getUser(request)
|
||||
}
|
||||
|
||||
@httpDelete('/users/:userUuid/mfa')
|
||||
override async deleteMFASetting(request: Request): Promise<results.JsonResult> {
|
||||
return super.deleteMFASetting(request)
|
||||
}
|
||||
|
||||
@httpPost('/users/:userUuid/subscription-token')
|
||||
override async createToken(request: Request): Promise<results.JsonResult> {
|
||||
return super.createToken(request)
|
||||
}
|
||||
|
||||
@httpPost('/users/:email/offline-subscription-token')
|
||||
override async createOfflineToken(request: Request): Promise<results.JsonResult | results.BadRequestResult> {
|
||||
return super.createOfflineToken(request)
|
||||
}
|
||||
|
||||
@httpPost('/users/:userUuid/email-backups')
|
||||
override async disableEmailBackups(
|
||||
request: Request,
|
||||
): Promise<results.BadRequestErrorMessageResult | results.OkResult> {
|
||||
return super.disableEmailBackups(request)
|
||||
}
|
||||
}
|
||||
@@ -1,6 +1,5 @@
|
||||
import { Request, Response } from 'express'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpGet,
|
||||
httpPost,
|
||||
@@ -16,303 +15,65 @@ import { IncreaseLoginAttempts } from '../../Domain/UseCase/IncreaseLoginAttempt
|
||||
import { Logger } from 'winston'
|
||||
import { GetUserKeyParams } from '../../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
|
||||
import { AuthController } from '../../Controller/AuthController'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { inject } from 'inversify'
|
||||
import { HomeServerAuthController } from './HomeServer/HomeServerAuthController'
|
||||
|
||||
@controller('/auth')
|
||||
export class InversifyExpressAuthController extends BaseHttpController {
|
||||
export class InversifyExpressAuthController extends HomeServerAuthController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_VerifyMFA) private verifyMFA: VerifyMFA,
|
||||
@inject(TYPES.Auth_SignIn) private signInUseCase: SignIn,
|
||||
@inject(TYPES.Auth_GetUserKeyParams) private getUserKeyParams: GetUserKeyParams,
|
||||
@inject(TYPES.Auth_ClearLoginAttempts) private clearLoginAttempts: ClearLoginAttempts,
|
||||
@inject(TYPES.Auth_IncreaseLoginAttempts) private increaseLoginAttempts: IncreaseLoginAttempts,
|
||||
@inject(TYPES.Auth_Logger) private logger: Logger,
|
||||
@inject(TYPES.Auth_AuthController) private authController: AuthController,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
@inject(TYPES.Auth_VerifyMFA) override verifyMFA: VerifyMFA,
|
||||
@inject(TYPES.Auth_SignIn) override signInUseCase: SignIn,
|
||||
@inject(TYPES.Auth_GetUserKeyParams) override getUserKeyParams: GetUserKeyParams,
|
||||
@inject(TYPES.Auth_ClearLoginAttempts) override clearLoginAttempts: ClearLoginAttempts,
|
||||
@inject(TYPES.Auth_IncreaseLoginAttempts) override increaseLoginAttempts: IncreaseLoginAttempts,
|
||||
@inject(TYPES.Auth_Logger) override logger: Logger,
|
||||
@inject(TYPES.Auth_AuthController) override authController: AuthController,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.params', this.params.bind(this))
|
||||
this.controllerContainer.register('auth.signIn', this.signIn.bind(this))
|
||||
this.controllerContainer.register('auth.pkceParams', this.pkceParams.bind(this))
|
||||
this.controllerContainer.register('auth.pkceSignIn', this.pkceSignIn.bind(this))
|
||||
this.controllerContainer.register('auth.users.register', this.register.bind(this))
|
||||
this.controllerContainer.register('auth.generateRecoveryCodes', this.generateRecoveryCodes.bind(this))
|
||||
this.controllerContainer.register('auth.signInWithRecoveryCodes', this.recoveryLogin.bind(this))
|
||||
this.controllerContainer.register('auth.recoveryKeyParams', this.recoveryParams.bind(this))
|
||||
this.controllerContainer.register('auth.signOut', this.signOut.bind(this))
|
||||
super(verifyMFA, signInUseCase, getUserKeyParams, clearLoginAttempts, increaseLoginAttempts, logger, authController)
|
||||
}
|
||||
|
||||
@httpGet('/params', TYPES.Auth_AuthMiddlewareWithoutResponse)
|
||||
async params(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (response.locals.session) {
|
||||
const result = await this.getUserKeyParams.execute({
|
||||
email: response.locals.user.email,
|
||||
authenticated: true,
|
||||
authenticatedUser: response.locals.user,
|
||||
})
|
||||
|
||||
return this.json(result.keyParams)
|
||||
}
|
||||
|
||||
if (!request.query.email) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: 'Please provide an email address.',
|
||||
},
|
||||
},
|
||||
400,
|
||||
)
|
||||
}
|
||||
|
||||
const verifyMFAResponse = await this.verifyMFA.execute({
|
||||
email: <string>request.query.email,
|
||||
requestParams: request.query,
|
||||
preventOTPFromFurtherUsage: false,
|
||||
})
|
||||
|
||||
if (!verifyMFAResponse.success) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: verifyMFAResponse.errorTag,
|
||||
message: verifyMFAResponse.errorMessage,
|
||||
payload: verifyMFAResponse.errorPayload,
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const result = await this.getUserKeyParams.execute({
|
||||
email: <string>request.query.email,
|
||||
authenticated: false,
|
||||
})
|
||||
|
||||
return this.json(result.keyParams)
|
||||
@httpGet('/params', TYPES.Auth_OptionalCrossServiceTokenMiddleware)
|
||||
override async params(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.params(request, response)
|
||||
}
|
||||
|
||||
@httpPost('/sign_in', TYPES.Auth_LockMiddleware)
|
||||
async signIn(request: Request): Promise<results.JsonResult> {
|
||||
if (!request.body.email || !request.body.password) {
|
||||
this.logger.debug('/auth/sign_in request missing credentials: %O', request.body)
|
||||
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: 'invalid-auth',
|
||||
message: 'Invalid login credentials.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const verifyMFAResponse = await this.verifyMFA.execute({
|
||||
email: request.body.email,
|
||||
requestParams: request.body,
|
||||
preventOTPFromFurtherUsage: true,
|
||||
})
|
||||
|
||||
if (!verifyMFAResponse.success) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: verifyMFAResponse.errorTag,
|
||||
message: verifyMFAResponse.errorMessage,
|
||||
payload: verifyMFAResponse.errorPayload,
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const signInResult = await this.signInUseCase.execute({
|
||||
apiVersion: request.body.api,
|
||||
userAgent: <string>request.headers['user-agent'],
|
||||
email: request.body.email,
|
||||
password: request.body.password,
|
||||
ephemeralSession: request.body.ephemeral ?? false,
|
||||
})
|
||||
|
||||
if (!signInResult.success) {
|
||||
await this.increaseLoginAttempts.execute({ email: request.body.email })
|
||||
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: signInResult.errorMessage,
|
||||
},
|
||||
},
|
||||
signInResult.errorCode ?? 401,
|
||||
)
|
||||
}
|
||||
|
||||
await this.clearLoginAttempts.execute({ email: request.body.email })
|
||||
|
||||
return this.json(signInResult.authResponse)
|
||||
override async signIn(request: Request): Promise<results.JsonResult> {
|
||||
return super.signIn(request)
|
||||
}
|
||||
|
||||
@httpPost('/pkce_params', TYPES.Auth_AuthMiddlewareWithoutResponse)
|
||||
async pkceParams(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (!request.body.code_challenge) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: 'Please provide the code challenge parameter.',
|
||||
},
|
||||
},
|
||||
400,
|
||||
)
|
||||
}
|
||||
|
||||
if (response.locals.session) {
|
||||
const result = await this.getUserKeyParams.execute({
|
||||
email: response.locals.user.email,
|
||||
authenticated: true,
|
||||
authenticatedUser: response.locals.user,
|
||||
codeChallenge: request.body.code_challenge as string,
|
||||
})
|
||||
|
||||
return this.json(result.keyParams)
|
||||
}
|
||||
|
||||
if (!request.body.email) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: 'Please provide an email address.',
|
||||
},
|
||||
},
|
||||
400,
|
||||
)
|
||||
}
|
||||
|
||||
const verifyMFAResponse = await this.verifyMFA.execute({
|
||||
email: <string>request.body.email,
|
||||
requestParams: request.body,
|
||||
preventOTPFromFurtherUsage: true,
|
||||
})
|
||||
|
||||
if (!verifyMFAResponse.success) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: verifyMFAResponse.errorTag,
|
||||
message: verifyMFAResponse.errorMessage,
|
||||
payload: verifyMFAResponse.errorPayload,
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const result = await this.getUserKeyParams.execute({
|
||||
email: <string>request.body.email,
|
||||
authenticated: false,
|
||||
codeChallenge: request.body.code_challenge as string,
|
||||
})
|
||||
|
||||
return this.json(result.keyParams)
|
||||
@httpPost('/pkce_params', TYPES.Auth_OptionalCrossServiceTokenMiddleware)
|
||||
override async pkceParams(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.pkceParams(request, response)
|
||||
}
|
||||
|
||||
@httpPost('/pkce_sign_in', TYPES.Auth_LockMiddleware)
|
||||
async pkceSignIn(request: Request): Promise<results.JsonResult> {
|
||||
if (!request.body.email || !request.body.password || !request.body.code_verifier) {
|
||||
this.logger.debug('/auth/sign_in request missing credentials: %O', request.body)
|
||||
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: 'invalid-auth',
|
||||
message: 'Invalid login credentials.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const signInResult = await this.signInUseCase.execute({
|
||||
apiVersion: request.body.api,
|
||||
userAgent: <string>request.headers['user-agent'],
|
||||
email: request.body.email,
|
||||
password: request.body.password,
|
||||
ephemeralSession: request.body.ephemeral ?? false,
|
||||
codeVerifier: request.body.code_verifier,
|
||||
})
|
||||
|
||||
if (!signInResult.success) {
|
||||
await this.increaseLoginAttempts.execute({ email: request.body.email })
|
||||
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
message: signInResult.errorMessage,
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
await this.clearLoginAttempts.execute({ email: request.body.email })
|
||||
|
||||
return this.json(signInResult.authResponse)
|
||||
override async pkceSignIn(request: Request): Promise<results.JsonResult> {
|
||||
return super.pkceSignIn(request)
|
||||
}
|
||||
|
||||
@httpPost('/recovery/codes', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async generateRecoveryCodes(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authController.generateRecoveryCodes({
|
||||
userUuid: response.locals.user.uuid,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpPost('/recovery/codes', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async generateRecoveryCodes(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.generateRecoveryCodes(_request, response)
|
||||
}
|
||||
|
||||
@httpPost('/recovery/login', TYPES.Auth_LockMiddleware)
|
||||
async recoveryLogin(request: Request): Promise<results.JsonResult> {
|
||||
const result = await this.authController.signInWithRecoveryCodes({
|
||||
apiVersion: request.body.api_version,
|
||||
userAgent: <string>request.headers['user-agent'],
|
||||
codeVerifier: request.body.code_verifier,
|
||||
username: request.body.username,
|
||||
recoveryCodes: request.body.recovery_codes,
|
||||
password: request.body.password,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
override async recoveryLogin(request: Request): Promise<results.JsonResult> {
|
||||
return super.recoveryLogin(request)
|
||||
}
|
||||
|
||||
@httpPost('/recovery/params')
|
||||
async recoveryParams(request: Request): Promise<results.JsonResult> {
|
||||
const result = await this.authController.recoveryKeyParams({
|
||||
apiVersion: request.body.api_version,
|
||||
username: request.body.username,
|
||||
codeChallenge: request.body.code_challenge,
|
||||
recoveryCodes: request.body.recovery_codes,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
override async recoveryParams(request: Request): Promise<results.JsonResult> {
|
||||
return super.recoveryParams(request)
|
||||
}
|
||||
|
||||
@httpPost('/sign_out', TYPES.Auth_AuthMiddlewareWithoutResponse)
|
||||
async signOut(request: Request, response: Response): Promise<results.JsonResult | void> {
|
||||
const result = await this.authController.signOut({
|
||||
readOnlyAccess: response.locals.readOnlyAccess,
|
||||
authorizationHeader: <string>request.headers.authorization,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpPost('/sign_out', TYPES.Auth_OptionalCrossServiceTokenMiddleware)
|
||||
override async signOut(request: Request, response: Response): Promise<results.JsonResult | void> {
|
||||
return super.signOut(request, response)
|
||||
}
|
||||
|
||||
@httpPost('/')
|
||||
async register(request: Request): Promise<results.JsonResult> {
|
||||
const response = await this.authController.register({
|
||||
...request.body,
|
||||
userAgent: <string>request.headers['user-agent'],
|
||||
})
|
||||
|
||||
return this.json(response.data, response.status)
|
||||
override async register(request: Request): Promise<results.JsonResult> {
|
||||
return super.register(request)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
import { Request, Response } from 'express'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpDelete,
|
||||
httpGet,
|
||||
@@ -10,78 +9,39 @@ import {
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { AuthenticatorsController } from '../../Controller/AuthenticatorsController'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { inject } from 'inversify'
|
||||
import { HomeServerAuthenticatorsController } from './HomeServer/HomeServerAuthenticatorsController'
|
||||
|
||||
@controller('/authenticators')
|
||||
export class InversifyExpressAuthenticatorsController extends BaseHttpController {
|
||||
export class InversifyExpressAuthenticatorsController extends HomeServerAuthenticatorsController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_AuthenticatorsController) private authenticatorsController: AuthenticatorsController,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
@inject(TYPES.Auth_AuthenticatorsController) override authenticatorsController: AuthenticatorsController,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.authenticators.list', this.list.bind(this))
|
||||
this.controllerContainer.register('auth.authenticators.delete', this.delete.bind(this))
|
||||
this.controllerContainer.register(
|
||||
'auth.authenticators.generateRegistrationOptions',
|
||||
this.generateRegistrationOptions.bind(this),
|
||||
)
|
||||
this.controllerContainer.register(
|
||||
'auth.authenticators.verifyRegistrationResponse',
|
||||
this.verifyRegistration.bind(this),
|
||||
)
|
||||
this.controllerContainer.register(
|
||||
'auth.authenticators.generateAuthenticationOptions',
|
||||
this.generateAuthenticationOptions.bind(this),
|
||||
)
|
||||
super(authenticatorsController)
|
||||
}
|
||||
|
||||
@httpGet('/', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async list(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.list({
|
||||
userUuid: response.locals.user.uuid,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpGet('/', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async list(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.list(_request, response)
|
||||
}
|
||||
|
||||
@httpDelete('/:authenticatorId', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async delete(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.delete({
|
||||
userUuid: response.locals.user.uuid,
|
||||
authenticatorId: request.params.authenticatorId,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpDelete('/:authenticatorId', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async delete(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.delete(request, response)
|
||||
}
|
||||
|
||||
@httpGet('/generate-registration-options', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async generateRegistrationOptions(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.generateRegistrationOptions({
|
||||
username: response.locals.user.email,
|
||||
userUuid: response.locals.user.uuid,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpGet('/generate-registration-options', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async generateRegistrationOptions(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.generateRegistrationOptions(_request, response)
|
||||
}
|
||||
|
||||
@httpPost('/verify-registration', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async verifyRegistration(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.verifyRegistrationResponse({
|
||||
userUuid: response.locals.user.uuid,
|
||||
attestationResponse: request.body.attestationResponse,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpPost('/verify-registration', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async verifyRegistration(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.verifyRegistration(request, response)
|
||||
}
|
||||
|
||||
@httpPost('/generate-authentication-options')
|
||||
async generateAuthenticationOptions(request: Request): Promise<results.JsonResult> {
|
||||
const result = await this.authenticatorsController.generateAuthenticationOptions({
|
||||
username: request.body.username,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
override async generateAuthenticationOptions(request: Request): Promise<results.JsonResult> {
|
||||
return super.generateAuthenticationOptions(request)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,26 +2,21 @@ import 'reflect-metadata'
|
||||
|
||||
import * as express from 'express'
|
||||
|
||||
import { FeaturesController } from './FeaturesController'
|
||||
import { InversifyExpressFeaturesController } from './InversifyExpressFeaturesController'
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { GetUserFeatures } from '../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { User } from '../../Domain/User/User'
|
||||
import { GetUserFeatures } from '../../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
|
||||
describe('FeaturesController', () => {
|
||||
describe('InversifyExpressFeaturesController', () => {
|
||||
let getUserFeatures: GetUserFeatures
|
||||
|
||||
let request: express.Request
|
||||
let response: express.Response
|
||||
let user: User
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () => new FeaturesController(getUserFeatures, controllerContainer)
|
||||
const createController = () => new InversifyExpressFeaturesController(getUserFeatures)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
user = {} as jest.Mocked<User>
|
||||
user.uuid = '123'
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
controller,
|
||||
httpGet,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { GetUserFeatures } from '../../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { HomeServerFeaturesController } from './HomeServer/HomeServerFeaturesController'
|
||||
|
||||
@controller('/users/:userUuid/features')
|
||||
export class InversifyExpressFeaturesController extends HomeServerFeaturesController {
|
||||
constructor(@inject(TYPES.Auth_GetUserFeatures) override doGetUserFeatures: GetUserFeatures) {
|
||||
super(doGetUserFeatures)
|
||||
}
|
||||
|
||||
@httpGet('/', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async getFeatures(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.getFeatures(request, response)
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
import { controller, httpGet } from 'inversify-express-utils'
|
||||
|
||||
@controller('/healthcheck')
|
||||
export class HealthCheckController {
|
||||
export class InversifyExpressHealthCheckController {
|
||||
@httpGet('/')
|
||||
public async get(): Promise<string> {
|
||||
return 'OK'
|
||||
@@ -2,13 +2,13 @@ import 'reflect-metadata'
|
||||
|
||||
import * as express from 'express'
|
||||
|
||||
import { InternalController } from './InternalController'
|
||||
import { InversifyExpressInternalController } from './InversifyExpressInternalController'
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { GetUserFeatures } from '../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { GetSetting } from '../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { User } from '../../Domain/User/User'
|
||||
import { GetUserFeatures } from '../../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { GetSetting } from '../../Domain/UseCase/GetSetting/GetSetting'
|
||||
|
||||
describe('InternalController', () => {
|
||||
describe('InversifyExpressInternalController', () => {
|
||||
let getUserFeatures: GetUserFeatures
|
||||
let getSetting: GetSetting
|
||||
|
||||
@@ -16,7 +16,7 @@ describe('InternalController', () => {
|
||||
let response: express.Response
|
||||
let user: User
|
||||
|
||||
const createController = () => new InternalController(getUserFeatures, getSetting)
|
||||
const createController = () => new InversifyExpressInternalController(getUserFeatures, getSetting)
|
||||
|
||||
beforeEach(() => {
|
||||
user = {} as jest.Mocked<User>
|
||||
@@ -7,12 +7,12 @@ import {
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
import { GetSetting } from '../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { GetUserFeatures } from '../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { GetSetting } from '../../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { GetUserFeatures } from '../../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
|
||||
@controller('/internal')
|
||||
export class InternalController extends BaseHttpController {
|
||||
export class InversifyExpressInternalController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_GetUserFeatures) private doGetUserFeatures: GetUserFeatures,
|
||||
@inject(TYPES.Auth_GetSetting) private doGetSetting: GetSetting,
|
||||
@@ -3,25 +3,20 @@ import 'reflect-metadata'
|
||||
import * as express from 'express'
|
||||
import { results } from 'inversify-express-utils'
|
||||
|
||||
import { ListedController } from './ListedController'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { CreateListedAccount } from '../Domain/UseCase/CreateListedAccount/CreateListedAccount'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { InversifyExpressListedController } from './InversifyExpressListedController'
|
||||
import { User } from '../../Domain/User/User'
|
||||
import { CreateListedAccount } from '../../Domain/UseCase/CreateListedAccount/CreateListedAccount'
|
||||
|
||||
describe('ListedController', () => {
|
||||
describe('InversifyExpressListedController', () => {
|
||||
let createListedAccount: CreateListedAccount
|
||||
|
||||
let request: express.Request
|
||||
let response: express.Response
|
||||
let user: User
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () => new ListedController(createListedAccount, controllerContainer)
|
||||
const createController = () => new InversifyExpressListedController(createListedAccount)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
user = {} as jest.Mocked<User>
|
||||
user.uuid = '123'
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
import { inject } from 'inversify'
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
import { controller, httpPost, results } from 'inversify-express-utils'
|
||||
import { Request, Response } from 'express'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { CreateListedAccount } from '../../Domain/UseCase/CreateListedAccount/CreateListedAccount'
|
||||
import { HomeServerListedController } from './HomeServer/HomeServerListedController'
|
||||
|
||||
@controller('/listed')
|
||||
export class InversifyExpressListedController extends HomeServerListedController {
|
||||
constructor(@inject(TYPES.Auth_CreateListedAccount) override doCreateListedAccount: CreateListedAccount) {
|
||||
super(doCreateListedAccount)
|
||||
}
|
||||
|
||||
@httpPost('/', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async createListedAccount(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.createListedAccount(_request, response)
|
||||
}
|
||||
}
|
||||
@@ -2,21 +2,20 @@ import 'reflect-metadata'
|
||||
|
||||
import * as express from 'express'
|
||||
|
||||
import { OfflineController } from './OfflineController'
|
||||
import { InversifyExpressOfflineController } from './InversifyExpressOfflineController'
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { GetUserFeatures } from '../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { CreateOfflineSubscriptionToken } from '../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
import { CreateOfflineSubscriptionTokenResponse } from '../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionTokenResponse'
|
||||
import { AuthenticateOfflineSubscriptionToken } from '../Domain/UseCase/AuthenticateOfflineSubscriptionToken/AuthenticateOfflineSubscriptionToken'
|
||||
import { OfflineUserSubscription } from '../Domain/Subscription/OfflineUserSubscription'
|
||||
import { GetUserOfflineSubscription } from '../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription'
|
||||
import { User } from '../../Domain/User/User'
|
||||
import { GetUserFeatures } from '../../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { CreateOfflineSubscriptionToken } from '../../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
import { CreateOfflineSubscriptionTokenResponse } from '../../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionTokenResponse'
|
||||
import { AuthenticateOfflineSubscriptionToken } from '../../Domain/UseCase/AuthenticateOfflineSubscriptionToken/AuthenticateOfflineSubscriptionToken'
|
||||
import { OfflineUserSubscription } from '../../Domain/Subscription/OfflineUserSubscription'
|
||||
import { GetUserOfflineSubscription } from '../../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription'
|
||||
import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/security'
|
||||
import { SubscriptionName } from '@standardnotes/common'
|
||||
import { Logger } from 'winston'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
|
||||
describe('OfflineController', () => {
|
||||
describe('InversifyExpressOfflineController', () => {
|
||||
let getUserFeatures: GetUserFeatures
|
||||
let getUserOfflineSubscription: GetUserOfflineSubscription
|
||||
let createOfflineSubscriptionToken: CreateOfflineSubscriptionToken
|
||||
@@ -29,10 +28,8 @@ describe('OfflineController', () => {
|
||||
let response: express.Response
|
||||
let user: User
|
||||
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () =>
|
||||
new OfflineController(
|
||||
new InversifyExpressOfflineController(
|
||||
getUserFeatures,
|
||||
getUserOfflineSubscription,
|
||||
createOfflineSubscriptionToken,
|
||||
@@ -40,13 +37,9 @@ describe('OfflineController', () => {
|
||||
tokenEncoder,
|
||||
jwtTTL,
|
||||
logger,
|
||||
controllerContainer,
|
||||
)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
user = {} as jest.Mocked<User>
|
||||
user.uuid = '123'
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
controller,
|
||||
httpGet,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import { Logger } from 'winston'
|
||||
import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/security'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { AuthenticateOfflineSubscriptionToken } from '../../Domain/UseCase/AuthenticateOfflineSubscriptionToken/AuthenticateOfflineSubscriptionToken'
|
||||
import { CreateOfflineSubscriptionToken } from '../../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken'
|
||||
import { GetUserFeatures } from '../../Domain/UseCase/GetUserFeatures/GetUserFeatures'
|
||||
import { GetUserOfflineSubscription } from '../../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription'
|
||||
import { HomeServerOfflineController } from './HomeServer/HomeServerOfflineController'
|
||||
|
||||
@controller('/offline')
|
||||
export class InversifyExpressOfflineController extends HomeServerOfflineController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_GetUserFeatures) override doGetUserFeatures: GetUserFeatures,
|
||||
@inject(TYPES.Auth_GetUserOfflineSubscription) override getUserOfflineSubscription: GetUserOfflineSubscription,
|
||||
@inject(TYPES.Auth_CreateOfflineSubscriptionToken)
|
||||
override createOfflineSubscriptionToken: CreateOfflineSubscriptionToken,
|
||||
@inject(TYPES.Auth_AuthenticateOfflineSubscriptionToken)
|
||||
override authenticateToken: AuthenticateOfflineSubscriptionToken,
|
||||
@inject(TYPES.Auth_OfflineUserTokenEncoder) override tokenEncoder: TokenEncoderInterface<OfflineUserTokenData>,
|
||||
@inject(TYPES.Auth_AUTH_JWT_TTL) override jwtTTL: number,
|
||||
@inject(TYPES.Auth_Logger) override logger: Logger,
|
||||
) {
|
||||
super(
|
||||
doGetUserFeatures,
|
||||
getUserOfflineSubscription,
|
||||
createOfflineSubscriptionToken,
|
||||
authenticateToken,
|
||||
tokenEncoder,
|
||||
jwtTTL,
|
||||
logger,
|
||||
)
|
||||
}
|
||||
|
||||
@httpGet('/features', TYPES.Auth_OfflineUserAuthMiddleware)
|
||||
override async getOfflineFeatures(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.getOfflineFeatures(_request, response)
|
||||
}
|
||||
|
||||
@httpPost('/subscription-tokens')
|
||||
override async createToken(request: Request): Promise<results.JsonResult> {
|
||||
return super.createToken(request)
|
||||
}
|
||||
|
||||
@httpPost('/subscription-tokens/:token/validate')
|
||||
override async validate(request: Request): Promise<results.JsonResult> {
|
||||
return super.validate(request)
|
||||
}
|
||||
|
||||
@httpGet('/users/subscription', TYPES.Auth_ApiGatewayOfflineAuthMiddleware)
|
||||
override async getSubscription(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.getSubscription(_request, response)
|
||||
}
|
||||
}
|
||||
@@ -2,28 +2,23 @@ import 'reflect-metadata'
|
||||
|
||||
import * as express from 'express'
|
||||
|
||||
import { SessionController } from './SessionController'
|
||||
import { InversifyExpressSessionController } from './InversifyExpressSessionController'
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { RefreshSessionToken } from '../Domain/UseCase/RefreshSessionToken'
|
||||
import { DeletePreviousSessionsForUser } from '../Domain/UseCase/DeletePreviousSessionsForUser'
|
||||
import { DeleteSessionForUser } from '../Domain/UseCase/DeleteSessionForUser'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { DeletePreviousSessionsForUser } from '../../Domain/UseCase/DeletePreviousSessionsForUser'
|
||||
import { DeleteSessionForUser } from '../../Domain/UseCase/DeleteSessionForUser'
|
||||
import { RefreshSessionToken } from '../../Domain/UseCase/RefreshSessionToken'
|
||||
|
||||
describe('SessionController', () => {
|
||||
describe('InversifyExpressSessionController', () => {
|
||||
let deleteSessionForUser: DeleteSessionForUser
|
||||
let deletePreviousSessionsForUser: DeletePreviousSessionsForUser
|
||||
let refreshSessionToken: RefreshSessionToken
|
||||
let request: express.Request
|
||||
let response: express.Response
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () =>
|
||||
new SessionController(deleteSessionForUser, deletePreviousSessionsForUser, refreshSessionToken, controllerContainer)
|
||||
new InversifyExpressSessionController(deleteSessionForUser, deletePreviousSessionsForUser, refreshSessionToken)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
deleteSessionForUser = {} as jest.Mocked<DeleteSessionForUser>
|
||||
deleteSessionForUser.execute = jest.fn().mockReturnValue({ success: true })
|
||||
|
||||
@@ -59,16 +54,12 @@ describe('SessionController', () => {
|
||||
},
|
||||
})
|
||||
|
||||
await createController().refresh(request, response)
|
||||
const httpResult = <results.JsonResult>await createController().refresh(request, response)
|
||||
const result = await httpResult.executeAsync()
|
||||
|
||||
expect(response.send).toHaveBeenCalledWith({
|
||||
session: {
|
||||
access_token: '1231',
|
||||
refresh_token: '2341',
|
||||
access_expiration: 123123,
|
||||
refresh_expiration: 123123,
|
||||
},
|
||||
})
|
||||
expect(await result.content.readAsStringAsync()).toEqual(
|
||||
'{"session":{"access_token":"1231","refresh_token":"2341","access_expiration":123123,"refresh_expiration":123123}}',
|
||||
)
|
||||
})
|
||||
|
||||
it('should return bad request if tokens are missing from refresh token request', async () => {
|
||||
@@ -108,14 +99,15 @@ describe('SessionController', () => {
|
||||
}
|
||||
request.body.uuid = '123'
|
||||
|
||||
await createController().deleteSession(request, response)
|
||||
const httpResult = <results.JsonResult>await createController().deleteSession(request, response)
|
||||
const result = await httpResult.executeAsync()
|
||||
|
||||
expect(deleteSessionForUser.execute).toBeCalledWith({
|
||||
userUuid: '123',
|
||||
sessionUuid: '123',
|
||||
})
|
||||
|
||||
expect(response.status).toHaveBeenCalledWith(204)
|
||||
expect(result.statusCode).toEqual(204)
|
||||
})
|
||||
|
||||
it('should not delete a specific session is current session has read only access', async () => {
|
||||
@@ -200,15 +192,16 @@ describe('SessionController', () => {
|
||||
uuid: '234',
|
||||
},
|
||||
}
|
||||
await createController().deleteAllSessions(request, response)
|
||||
|
||||
const httpResult = <results.JsonResult>await createController().deleteAllSessions(request, response)
|
||||
const result = await httpResult.executeAsync()
|
||||
|
||||
expect(deletePreviousSessionsForUser.execute).toHaveBeenCalledWith({
|
||||
userUuid: '123',
|
||||
currentSessionUuid: '234',
|
||||
})
|
||||
|
||||
expect(response.status).toHaveBeenCalledWith(204)
|
||||
expect(response.send).toHaveBeenCalled()
|
||||
expect(result.statusCode).toEqual(204)
|
||||
})
|
||||
|
||||
it('should not delete all sessions if current sessions has read only access', async () => {
|
||||
@@ -0,0 +1,47 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
controller,
|
||||
httpDelete,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { DeletePreviousSessionsForUser } from '../../Domain/UseCase/DeletePreviousSessionsForUser'
|
||||
import { DeleteSessionForUser } from '../../Domain/UseCase/DeleteSessionForUser'
|
||||
import { RefreshSessionToken } from '../../Domain/UseCase/RefreshSessionToken'
|
||||
import { HomeServerSessionController } from './HomeServer/HomeServerSessionController'
|
||||
|
||||
@controller('/session')
|
||||
export class InversifyExpressSessionController extends HomeServerSessionController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_DeleteSessionForUser) override deleteSessionForUser: DeleteSessionForUser,
|
||||
@inject(TYPES.Auth_DeletePreviousSessionsForUser)
|
||||
override deletePreviousSessionsForUser: DeletePreviousSessionsForUser,
|
||||
@inject(TYPES.Auth_RefreshSessionToken) override refreshSessionToken: RefreshSessionToken,
|
||||
) {
|
||||
super(deleteSessionForUser, deletePreviousSessionsForUser, refreshSessionToken)
|
||||
}
|
||||
|
||||
@httpDelete('/', TYPES.Auth_RequiredCrossServiceTokenMiddleware, TYPES.Auth_SessionMiddleware)
|
||||
override async deleteSession(
|
||||
request: Request,
|
||||
response: Response,
|
||||
): Promise<results.JsonResult | results.StatusCodeResult> {
|
||||
return super.deleteSession(request, response)
|
||||
}
|
||||
|
||||
@httpDelete('/all', TYPES.Auth_RequiredCrossServiceTokenMiddleware, TYPES.Auth_SessionMiddleware)
|
||||
override async deleteAllSessions(
|
||||
_request: Request,
|
||||
response: Response,
|
||||
): Promise<results.JsonResult | results.StatusCodeResult> {
|
||||
return super.deleteAllSessions(_request, response)
|
||||
}
|
||||
|
||||
@httpPost('/refresh')
|
||||
override async refresh(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.refresh(request, response)
|
||||
}
|
||||
}
|
||||
@@ -4,7 +4,6 @@ import * as express from 'express'
|
||||
|
||||
import { InversifyExpressSessionsController } from './InversifyExpressSessionsController'
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { User } from '@standardnotes/responses'
|
||||
|
||||
import { AuthenticateRequest } from '../../Domain/UseCase/AuthenticateRequest'
|
||||
@@ -22,7 +21,6 @@ describe('InversifyExpressSessionsController', () => {
|
||||
let response: express.Response
|
||||
let user: User
|
||||
let createCrossServiceToken: CreateCrossServiceToken
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () =>
|
||||
new InversifyExpressSessionsController(
|
||||
@@ -30,13 +28,9 @@ describe('InversifyExpressSessionsController', () => {
|
||||
authenticateRequest,
|
||||
sessionProjector,
|
||||
createCrossServiceToken,
|
||||
controllerContainer,
|
||||
)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
session = {} as jest.Mocked<Session>
|
||||
|
||||
user = {} as jest.Mocked<User>
|
||||
|
||||
@@ -1,85 +1,39 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpGet,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { AuthenticateRequest } from '../../Domain/UseCase/AuthenticateRequest'
|
||||
import { CreateCrossServiceToken } from '../../Domain/UseCase/CreateCrossServiceToken/CreateCrossServiceToken'
|
||||
import { GetActiveSessionsForUser } from '../../Domain/UseCase/GetActiveSessionsForUser'
|
||||
import { ProjectorInterface } from '../../Projection/ProjectorInterface'
|
||||
import { SessionProjector } from '../../Projection/SessionProjector'
|
||||
import { User } from '../../Domain/User/User'
|
||||
import { Session } from '../../Domain/Session/Session'
|
||||
import { HomeServerSessionsController } from './HomeServer/HomeServerSessionsController'
|
||||
|
||||
@controller('/sessions')
|
||||
export class InversifyExpressSessionsController extends BaseHttpController {
|
||||
export class InversifyExpressSessionsController extends HomeServerSessionsController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_GetActiveSessionsForUser) private getActiveSessionsForUser: GetActiveSessionsForUser,
|
||||
@inject(TYPES.Auth_AuthenticateRequest) private authenticateRequest: AuthenticateRequest,
|
||||
@inject(TYPES.Auth_SessionProjector) private sessionProjector: ProjectorInterface<Session>,
|
||||
@inject(TYPES.Auth_CreateCrossServiceToken) private createCrossServiceToken: CreateCrossServiceToken,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
@inject(TYPES.Auth_GetActiveSessionsForUser) override getActiveSessionsForUser: GetActiveSessionsForUser,
|
||||
@inject(TYPES.Auth_AuthenticateRequest) override authenticateRequest: AuthenticateRequest,
|
||||
@inject(TYPES.Auth_SessionProjector) override sessionProjector: ProjectorInterface<Session>,
|
||||
@inject(TYPES.Auth_CreateCrossServiceToken) override createCrossServiceToken: CreateCrossServiceToken,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.sessions.list', this.getSessions.bind(this))
|
||||
this.controllerContainer.register('auth.sessions.validate', this.validate.bind(this))
|
||||
super(getActiveSessionsForUser, authenticateRequest, sessionProjector, createCrossServiceToken)
|
||||
}
|
||||
|
||||
@httpPost('/validate')
|
||||
async validate(request: Request): Promise<results.JsonResult> {
|
||||
const authenticateRequestResponse = await this.authenticateRequest.execute({
|
||||
authorizationHeader: request.headers.authorization,
|
||||
})
|
||||
|
||||
if (!authenticateRequestResponse.success) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: authenticateRequestResponse.errorTag,
|
||||
message: authenticateRequestResponse.errorMessage,
|
||||
},
|
||||
},
|
||||
authenticateRequestResponse.responseCode,
|
||||
)
|
||||
}
|
||||
|
||||
const user = authenticateRequestResponse.user as User
|
||||
|
||||
const result = await this.createCrossServiceToken.execute({
|
||||
user,
|
||||
session: authenticateRequestResponse.session,
|
||||
})
|
||||
|
||||
return this.json({ authToken: result.token })
|
||||
override async validate(request: Request): Promise<results.JsonResult> {
|
||||
return super.validate(request)
|
||||
}
|
||||
|
||||
@httpGet('/', TYPES.Auth_AuthMiddleware, TYPES.Auth_SessionMiddleware)
|
||||
async getSessions(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
if (response.locals.readOnlyAccess) {
|
||||
return this.json([])
|
||||
}
|
||||
|
||||
const useCaseResponse = await this.getActiveSessionsForUser.execute({
|
||||
userUuid: response.locals.user.uuid,
|
||||
})
|
||||
|
||||
return this.json(
|
||||
useCaseResponse.sessions.map((session) =>
|
||||
this.sessionProjector.projectCustom(
|
||||
SessionProjector.CURRENT_SESSION_PROJECTION.toString(),
|
||||
session,
|
||||
response.locals.session,
|
||||
),
|
||||
),
|
||||
)
|
||||
@httpGet('/', TYPES.Auth_RequiredCrossServiceTokenMiddleware, TYPES.Auth_SessionMiddleware)
|
||||
override async getSessions(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.getSessions(_request, response)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,17 +2,16 @@ import 'reflect-metadata'
|
||||
|
||||
import * as express from 'express'
|
||||
|
||||
import { SettingsController } from './SettingsController'
|
||||
import { InversifyExpressSettingsController } from './InversifyExpressSettingsController'
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { GetSettings } from '../Domain/UseCase/GetSettings/GetSettings'
|
||||
import { GetSetting } from '../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { UpdateSetting } from '../Domain/UseCase/UpdateSetting/UpdateSetting'
|
||||
import { DeleteSetting } from '../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { EncryptionVersion } from '../Domain/Encryption/EncryptionVersion'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { EncryptionVersion } from '../../Domain/Encryption/EncryptionVersion'
|
||||
import { DeleteSetting } from '../../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { GetSetting } from '../../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { GetSettings } from '../../Domain/UseCase/GetSettings/GetSettings'
|
||||
import { UpdateSetting } from '../../Domain/UseCase/UpdateSetting/UpdateSetting'
|
||||
import { User } from '../../Domain/User/User'
|
||||
|
||||
describe('SettingsController', () => {
|
||||
describe('InversifyExpressSettingsController', () => {
|
||||
let deleteSetting: DeleteSetting
|
||||
let getSettings: GetSettings
|
||||
let getSetting: GetSetting
|
||||
@@ -21,15 +20,11 @@ describe('SettingsController', () => {
|
||||
let request: express.Request
|
||||
let response: express.Response
|
||||
let user: User
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () =>
|
||||
new SettingsController(getSettings, getSetting, updateSetting, deleteSetting, controllerContainer)
|
||||
new InversifyExpressSettingsController(getSettings, getSetting, updateSetting, deleteSetting)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
deleteSetting = {} as jest.Mocked<DeleteSetting>
|
||||
deleteSetting.execute = jest.fn().mockReturnValue({ success: true })
|
||||
|
||||
@@ -0,0 +1,51 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
controller,
|
||||
httpDelete,
|
||||
httpGet,
|
||||
httpPut,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { DeleteSetting } from '../../Domain/UseCase/DeleteSetting/DeleteSetting'
|
||||
import { GetSetting } from '../../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { GetSettings } from '../../Domain/UseCase/GetSettings/GetSettings'
|
||||
import { UpdateSetting } from '../../Domain/UseCase/UpdateSetting/UpdateSetting'
|
||||
import { HomeServerSettingsController } from './HomeServer/HomeServerSettingsController'
|
||||
|
||||
@controller('/users/:userUuid')
|
||||
export class InversifyExpressSettingsController extends HomeServerSettingsController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_GetSettings) override doGetSettings: GetSettings,
|
||||
@inject(TYPES.Auth_GetSetting) override doGetSetting: GetSetting,
|
||||
@inject(TYPES.Auth_UpdateSetting) override doUpdateSetting: UpdateSetting,
|
||||
@inject(TYPES.Auth_DeleteSetting) override doDeleteSetting: DeleteSetting,
|
||||
) {
|
||||
super(doGetSettings, doGetSetting, doUpdateSetting, doDeleteSetting)
|
||||
}
|
||||
|
||||
@httpGet('/settings', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async getSettings(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.getSettings(request, response)
|
||||
}
|
||||
|
||||
@httpGet('/settings/:settingName', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async getSetting(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.getSetting(request, response)
|
||||
}
|
||||
|
||||
@httpPut('/settings', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async updateSetting(
|
||||
request: Request,
|
||||
response: Response,
|
||||
): Promise<results.JsonResult | results.StatusCodeResult> {
|
||||
return super.updateSetting(request, response)
|
||||
}
|
||||
|
||||
@httpDelete('/settings/:settingName', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async deleteSetting(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.deleteSetting(request, response)
|
||||
}
|
||||
}
|
||||
@@ -1,8 +1,5 @@
|
||||
import { ApiVersion } from '@standardnotes/api'
|
||||
import { Role } from '@standardnotes/security'
|
||||
import { Request, Response } from 'express'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpDelete,
|
||||
httpGet,
|
||||
@@ -10,78 +7,43 @@ import {
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { SubscriptionInvitesController } from '../../Controller/SubscriptionInvitesController'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { inject } from 'inversify'
|
||||
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { SubscriptionInvitesController } from '../../Controller/SubscriptionInvitesController'
|
||||
import { HomeServerSubscriptionInvitesController } from './HomeServer/HomeServerSubscriptionInvitesController'
|
||||
|
||||
@controller('/subscription-invites')
|
||||
export class InversifyExpressSubscriptionInvitesController extends BaseHttpController {
|
||||
export class InversifyExpressSubscriptionInvitesController extends HomeServerSubscriptionInvitesController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_SubscriptionInvitesController)
|
||||
private subscriptionInvitesController: SubscriptionInvitesController,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
override subscriptionInvitesController: SubscriptionInvitesController,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.subscriptionInvites.accept', this.acceptInvite.bind(this))
|
||||
this.controllerContainer.register('auth.subscriptionInvites.declineInvite', this.declineInvite.bind(this))
|
||||
this.controllerContainer.register('auth.subscriptionInvites.create', this.inviteToSubscriptionSharing.bind(this))
|
||||
this.controllerContainer.register('auth.subscriptionInvites.delete', this.cancelSubscriptionSharing.bind(this))
|
||||
this.controllerContainer.register('auth.subscriptionInvites.list', this.listInvites.bind(this))
|
||||
super(subscriptionInvitesController)
|
||||
}
|
||||
|
||||
@httpPost('/:inviteUuid/accept', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async acceptInvite(request: Request, response: Response): Promise<void> {
|
||||
const result = await this.subscriptionInvitesController.acceptInvite({
|
||||
api: request.query.api as ApiVersion,
|
||||
inviteUuid: request.params.inviteUuid,
|
||||
})
|
||||
|
||||
response.setHeader('x-invalidate-cache', response.locals.user.uuid)
|
||||
response.status(result.status).send(result.data)
|
||||
@httpPost('/:inviteUuid/accept', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async acceptInvite(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.acceptInvite(request, response)
|
||||
}
|
||||
|
||||
@httpGet('/:inviteUuid/decline')
|
||||
async declineInvite(request: Request): Promise<results.JsonResult> {
|
||||
const response = await this.subscriptionInvitesController.declineInvite({
|
||||
api: request.query.api as ApiVersion,
|
||||
inviteUuid: request.params.inviteUuid,
|
||||
})
|
||||
|
||||
return this.json(response.data, response.status)
|
||||
override async declineInvite(request: Request): Promise<results.JsonResult> {
|
||||
return super.declineInvite(request)
|
||||
}
|
||||
|
||||
@httpPost('/', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async inviteToSubscriptionSharing(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.subscriptionInvitesController.invite({
|
||||
...request.body,
|
||||
inviterEmail: response.locals.user.email,
|
||||
inviterUuid: response.locals.user.uuid,
|
||||
inviterRoles: response.locals.roles.map((role: Role) => role.name),
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpPost('/', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async inviteToSubscriptionSharing(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.inviteToSubscriptionSharing(request, response)
|
||||
}
|
||||
|
||||
@httpDelete('/:inviteUuid', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async cancelSubscriptionSharing(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.subscriptionInvitesController.cancelInvite({
|
||||
...request.body,
|
||||
inviteUuid: request.params.inviteUuid,
|
||||
inviterEmail: response.locals.user.email,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpDelete('/:inviteUuid', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async cancelSubscriptionSharing(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.cancelSubscriptionSharing(request, response)
|
||||
}
|
||||
|
||||
@httpGet('/', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async listInvites(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.subscriptionInvitesController.listInvites({
|
||||
...request.body,
|
||||
inviterEmail: response.locals.user.email,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpGet('/', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async listInvites(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.listInvites(request, response)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,25 +3,20 @@ import 'reflect-metadata'
|
||||
import * as express from 'express'
|
||||
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { SubscriptionSettingsController } from './SubscriptionSettingsController'
|
||||
import { GetSetting } from '../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { InversifyExpressSubscriptionSettingsController } from './InversifyExpressSubscriptionSettingsController'
|
||||
import { User } from '../../Domain/User/User'
|
||||
import { GetSetting } from '../../Domain/UseCase/GetSetting/GetSetting'
|
||||
|
||||
describe('SubscriptionSettingsController', () => {
|
||||
describe('InversifyExpressSubscriptionSettingsController', () => {
|
||||
let getSetting: GetSetting
|
||||
|
||||
let request: express.Request
|
||||
let response: express.Response
|
||||
let user: User
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () => new SubscriptionSettingsController(getSetting, controllerContainer)
|
||||
const createController = () => new InversifyExpressSubscriptionSettingsController(getSetting)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
user = {} as jest.Mocked<User>
|
||||
user.uuid = '123'
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
controller,
|
||||
httpGet,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { GetSetting } from '../../Domain/UseCase/GetSetting/GetSetting'
|
||||
import { HomeServerSubscriptionSettingsController } from './HomeServer/HomeServerSubscriptionSettingsController'
|
||||
|
||||
@controller('/users/:userUuid')
|
||||
export class InversifyExpressSubscriptionSettingsController extends HomeServerSubscriptionSettingsController {
|
||||
constructor(@inject(TYPES.Auth_GetSetting) override doGetSetting: GetSetting) {
|
||||
super(doGetSetting)
|
||||
}
|
||||
|
||||
@httpGet('/subscription-settings/:subscriptionSettingName', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async getSubscriptionSetting(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.getSubscriptionSetting(request, response)
|
||||
}
|
||||
}
|
||||
@@ -3,19 +3,19 @@ import 'reflect-metadata'
|
||||
import * as express from 'express'
|
||||
import { results } from 'inversify-express-utils'
|
||||
|
||||
import { SubscriptionTokensController } from './SubscriptionTokensController'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { CreateSubscriptionToken } from '../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { CreateSubscriptionTokenResponse } from '../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionTokenResponse'
|
||||
import { AuthenticateSubscriptionToken } from '../Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken'
|
||||
import { ProjectorInterface } from '../Projection/ProjectorInterface'
|
||||
import { Role } from '../Domain/Role/Role'
|
||||
import { SettingServiceInterface } from '../Domain/Setting/SettingServiceInterface'
|
||||
import { Setting } from '../Domain/Setting/Setting'
|
||||
import { InversifyExpressSubscriptionTokensController } from './InversifyExpressSubscriptionTokensController'
|
||||
import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
|
||||
describe('SubscriptionTokensController', () => {
|
||||
import { Setting } from '../../Domain/Setting/Setting'
|
||||
import { SettingServiceInterface } from '../../Domain/Setting/SettingServiceInterface'
|
||||
import { AuthenticateSubscriptionToken } from '../../Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken'
|
||||
import { CreateSubscriptionToken } from '../../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { CreateSubscriptionTokenResponse } from '../../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionTokenResponse'
|
||||
import { ProjectorInterface } from '../../Projection/ProjectorInterface'
|
||||
import { User } from '../../Domain/User/User'
|
||||
import { Role } from '../../Domain/Role/Role'
|
||||
|
||||
describe('InversifyExpressSubscriptionTokensController', () => {
|
||||
let createSubscriptionToken: CreateSubscriptionToken
|
||||
let authenticateToken: AuthenticateSubscriptionToken
|
||||
const jwtTTL = 60
|
||||
@@ -30,10 +30,8 @@ describe('SubscriptionTokensController', () => {
|
||||
let user: User
|
||||
let role: Role
|
||||
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () =>
|
||||
new SubscriptionTokensController(
|
||||
new InversifyExpressSubscriptionTokensController(
|
||||
createSubscriptionToken,
|
||||
authenticateToken,
|
||||
settingService,
|
||||
@@ -41,13 +39,9 @@ describe('SubscriptionTokensController', () => {
|
||||
roleProjector,
|
||||
tokenEncoder,
|
||||
jwtTTL,
|
||||
controllerContainer,
|
||||
)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
user = {} as jest.Mocked<User>
|
||||
user.uuid = '123'
|
||||
user.roles = Promise.resolve([role])
|
||||
@@ -0,0 +1,51 @@
|
||||
import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security'
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
controller,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { Role } from '../../Domain/Role/Role'
|
||||
import { SettingServiceInterface } from '../../Domain/Setting/SettingServiceInterface'
|
||||
import { AuthenticateSubscriptionToken } from '../../Domain/UseCase/AuthenticateSubscriptionToken/AuthenticateSubscriptionToken'
|
||||
import { CreateSubscriptionToken } from '../../Domain/UseCase/CreateSubscriptionToken/CreateSubscriptionToken'
|
||||
import { User } from '../../Domain/User/User'
|
||||
import { ProjectorInterface } from '../../Projection/ProjectorInterface'
|
||||
import { HomeServerSubscriptionTokensController } from './HomeServer/HomeServerSubscriptionTokensController'
|
||||
|
||||
@controller('/subscription-tokens')
|
||||
export class InversifyExpressSubscriptionTokensController extends HomeServerSubscriptionTokensController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_CreateSubscriptionToken) override createSubscriptionToken: CreateSubscriptionToken,
|
||||
@inject(TYPES.Auth_AuthenticateSubscriptionToken) override authenticateToken: AuthenticateSubscriptionToken,
|
||||
@inject(TYPES.Auth_SettingService) override settingService: SettingServiceInterface,
|
||||
@inject(TYPES.Auth_UserProjector) override userProjector: ProjectorInterface<User>,
|
||||
@inject(TYPES.Auth_RoleProjector) override roleProjector: ProjectorInterface<Role>,
|
||||
@inject(TYPES.Auth_CrossServiceTokenEncoder) override tokenEncoder: TokenEncoderInterface<CrossServiceTokenData>,
|
||||
@inject(TYPES.Auth_AUTH_JWT_TTL) override jwtTTL: number,
|
||||
) {
|
||||
super(
|
||||
createSubscriptionToken,
|
||||
authenticateToken,
|
||||
settingService,
|
||||
userProjector,
|
||||
roleProjector,
|
||||
tokenEncoder,
|
||||
jwtTTL,
|
||||
)
|
||||
}
|
||||
|
||||
@httpPost('/', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async createToken(_request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.createToken(_request, response)
|
||||
}
|
||||
|
||||
@httpPost('/:token/validate')
|
||||
override async validate(request: Request): Promise<results.JsonResult> {
|
||||
return super.validate(request)
|
||||
}
|
||||
}
|
||||
@@ -1,30 +1,19 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { BaseHttpController, results, httpPost, controller } from 'inversify-express-utils'
|
||||
import { results, httpPost, controller } from 'inversify-express-utils'
|
||||
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { UserRequestsController } from '../../Controller/UserRequestsController'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { inject } from 'inversify'
|
||||
import { HomeServerUserRequestsController } from './HomeServer/HomeServerUserRequestsController'
|
||||
|
||||
@controller('/users/:userUuid/requests')
|
||||
export class InversifyExpressUserRequestsController extends BaseHttpController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_UserRequestsController) private userRequestsController: UserRequestsController,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.users.createRequest', this.submitRequest.bind(this))
|
||||
export class InversifyExpressUserRequestsController extends HomeServerUserRequestsController {
|
||||
constructor(@inject(TYPES.Auth_UserRequestsController) override userRequestsController: UserRequestsController) {
|
||||
super(userRequestsController)
|
||||
}
|
||||
|
||||
@httpPost('/', TYPES.Auth_ApiGatewayAuthMiddleware)
|
||||
async submitRequest(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
const result = await this.userRequestsController.submitUserRequest({
|
||||
requestType: request.body.requestType,
|
||||
userUuid: response.locals.user.uuid,
|
||||
userEmail: response.locals.user.email,
|
||||
})
|
||||
|
||||
return this.json(result.data, result.status)
|
||||
@httpPost('/', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async submitRequest(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.submitRequest(request, response)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,20 +2,20 @@ import 'reflect-metadata'
|
||||
|
||||
import * as express from 'express'
|
||||
|
||||
import { UsersController } from './UsersController'
|
||||
import { InversifyExpressUsersController } from './InversifyExpressUsersController'
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { User } from '../Domain/User/User'
|
||||
import { UpdateUser } from '../Domain/UseCase/UpdateUser'
|
||||
import { GetUserKeyParams } from '../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
|
||||
import { DeleteAccount } from '../Domain/UseCase/DeleteAccount/DeleteAccount'
|
||||
import { GetUserSubscription } from '../Domain/UseCase/GetUserSubscription/GetUserSubscription'
|
||||
import { ClearLoginAttempts } from '../Domain/UseCase/ClearLoginAttempts'
|
||||
import { IncreaseLoginAttempts } from '../Domain/UseCase/IncreaseLoginAttempts'
|
||||
import { ChangeCredentials } from '../Domain/UseCase/ChangeCredentials/ChangeCredentials'
|
||||
import { InviteToSharedSubscription } from '../Domain/UseCase/InviteToSharedSubscription/InviteToSharedSubscription'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { Username } from '@standardnotes/domain-core'
|
||||
import { DeleteAccount } from '../../Domain/UseCase/DeleteAccount/DeleteAccount'
|
||||
import { ChangeCredentials } from '../../Domain/UseCase/ChangeCredentials/ChangeCredentials'
|
||||
import { ClearLoginAttempts } from '../../Domain/UseCase/ClearLoginAttempts'
|
||||
import { GetUserKeyParams } from '../../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
|
||||
import { GetUserSubscription } from '../../Domain/UseCase/GetUserSubscription/GetUserSubscription'
|
||||
import { IncreaseLoginAttempts } from '../../Domain/UseCase/IncreaseLoginAttempts'
|
||||
import { InviteToSharedSubscription } from '../../Domain/UseCase/InviteToSharedSubscription/InviteToSharedSubscription'
|
||||
import { UpdateUser } from '../../Domain/UseCase/UpdateUser'
|
||||
import { User } from '../../Domain/User/User'
|
||||
|
||||
describe('UsersController', () => {
|
||||
describe('InversifyExpressUsersController', () => {
|
||||
let updateUser: UpdateUser
|
||||
let deleteAccount: DeleteAccount
|
||||
let getUserKeyParams: GetUserKeyParams
|
||||
@@ -28,10 +28,9 @@ describe('UsersController', () => {
|
||||
let request: express.Request
|
||||
let response: express.Response
|
||||
let user: User
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () =>
|
||||
new UsersController(
|
||||
new InversifyExpressUsersController(
|
||||
updateUser,
|
||||
getUserKeyParams,
|
||||
deleteAccount,
|
||||
@@ -39,13 +38,9 @@ describe('UsersController', () => {
|
||||
clearLoginAttempts,
|
||||
increaseLoginAttempts,
|
||||
changeCredentials,
|
||||
controllerContainer,
|
||||
)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
updateUser = {} as jest.Mocked<UpdateUser>
|
||||
updateUser.execute = jest.fn()
|
||||
|
||||
@@ -99,7 +94,8 @@ describe('UsersController', () => {
|
||||
|
||||
updateUser.execute = jest.fn().mockReturnValue({ success: true, authResponse: { foo: 'bar' } })
|
||||
|
||||
await createController().update(request, response)
|
||||
const httpResponse = <results.JsonResult>await createController().update(request, response)
|
||||
const result = await httpResponse.executeAsync()
|
||||
|
||||
expect(updateUser.execute).toHaveBeenCalledWith({
|
||||
apiVersion: '20190520',
|
||||
@@ -112,7 +108,7 @@ describe('UsersController', () => {
|
||||
},
|
||||
})
|
||||
|
||||
expect(response.send).toHaveBeenCalledWith({ foo: 'bar' })
|
||||
expect(await result.content.readAsStringAsync()).toEqual('{"foo":"bar"}')
|
||||
})
|
||||
|
||||
it('should not update user if session has read only access', async () => {
|
||||
@@ -310,7 +306,8 @@ describe('UsersController', () => {
|
||||
|
||||
changeCredentials.execute = jest.fn().mockReturnValue({ success: true, authResponse: { foo: 'bar' } })
|
||||
|
||||
await createController().changeCredentials(request, response)
|
||||
const httpResponse = <results.JsonResult>await createController().changeCredentials(request, response)
|
||||
const result = await httpResponse.executeAsync()
|
||||
|
||||
expect(changeCredentials.execute).toHaveBeenCalledWith({
|
||||
apiVersion: '20190520',
|
||||
@@ -321,15 +318,12 @@ describe('UsersController', () => {
|
||||
kpOrigination: 'change-password',
|
||||
pwNonce: 'asdzxc',
|
||||
protocolVersion: '004',
|
||||
user: {
|
||||
uuid: '123',
|
||||
email: 'test@test.te',
|
||||
},
|
||||
username: Username.create('test@test.te').getValue(),
|
||||
})
|
||||
|
||||
expect(clearLoginAttempts.execute).toHaveBeenCalled()
|
||||
|
||||
expect(response.send).toHaveBeenCalledWith({ foo: 'bar' })
|
||||
expect(await result.content.readAsStringAsync()).toEqual('{"foo":"bar"}')
|
||||
})
|
||||
|
||||
it('should not change a password if session has read only access', async () => {
|
||||
@@ -0,0 +1,68 @@
|
||||
import { Request, Response } from 'express'
|
||||
import { inject } from 'inversify'
|
||||
import {
|
||||
controller,
|
||||
httpDelete,
|
||||
httpGet,
|
||||
httpPatch,
|
||||
httpPut,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { DeleteAccount } from '../../Domain/UseCase/DeleteAccount/DeleteAccount'
|
||||
import { GetUserKeyParams } from '../../Domain/UseCase/GetUserKeyParams/GetUserKeyParams'
|
||||
import { UpdateUser } from '../../Domain/UseCase/UpdateUser'
|
||||
import { GetUserSubscription } from '../../Domain/UseCase/GetUserSubscription/GetUserSubscription'
|
||||
import { ClearLoginAttempts } from '../../Domain/UseCase/ClearLoginAttempts'
|
||||
import { IncreaseLoginAttempts } from '../../Domain/UseCase/IncreaseLoginAttempts'
|
||||
import { ChangeCredentials } from '../../Domain/UseCase/ChangeCredentials/ChangeCredentials'
|
||||
import { HomeServerUsersController } from './HomeServer/HomeServerUsersController'
|
||||
|
||||
@controller('/users')
|
||||
export class InversifyExpressUsersController extends HomeServerUsersController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_UpdateUser) override updateUser: UpdateUser,
|
||||
@inject(TYPES.Auth_GetUserKeyParams) override getUserKeyParams: GetUserKeyParams,
|
||||
@inject(TYPES.Auth_DeleteAccount) override doDeleteAccount: DeleteAccount,
|
||||
@inject(TYPES.Auth_GetUserSubscription) override doGetUserSubscription: GetUserSubscription,
|
||||
@inject(TYPES.Auth_ClearLoginAttempts) override clearLoginAttempts: ClearLoginAttempts,
|
||||
@inject(TYPES.Auth_IncreaseLoginAttempts) override increaseLoginAttempts: IncreaseLoginAttempts,
|
||||
@inject(TYPES.Auth_ChangeCredentials) override changeCredentialsUseCase: ChangeCredentials,
|
||||
) {
|
||||
super(
|
||||
updateUser,
|
||||
getUserKeyParams,
|
||||
doDeleteAccount,
|
||||
doGetUserSubscription,
|
||||
clearLoginAttempts,
|
||||
increaseLoginAttempts,
|
||||
changeCredentialsUseCase,
|
||||
)
|
||||
}
|
||||
|
||||
@httpPatch('/:userId', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async update(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.update(request, response)
|
||||
}
|
||||
|
||||
@httpGet('/params')
|
||||
override async keyParams(request: Request): Promise<results.JsonResult> {
|
||||
return super.keyParams(request)
|
||||
}
|
||||
|
||||
@httpDelete('/:email')
|
||||
override async deleteAccount(request: Request): Promise<results.JsonResult> {
|
||||
return super.deleteAccount(request)
|
||||
}
|
||||
|
||||
@httpGet('/:userUuid/subscription', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async getSubscription(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.getSubscription(request, response)
|
||||
}
|
||||
|
||||
@httpPut('/:userId/attributes/credentials', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
override async changeCredentials(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.changeCredentials(request, response)
|
||||
}
|
||||
}
|
||||
@@ -2,22 +2,17 @@ import 'reflect-metadata'
|
||||
|
||||
import { Request, Response } from 'express'
|
||||
import { results } from 'inversify-express-utils'
|
||||
import { ValetTokenController } from './ValetTokenController'
|
||||
import { CreateValetToken } from '../Domain/UseCase/CreateValetToken/CreateValetToken'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { InversifyExpressValetTokenController } from './InversifyExpressValetTokenController'
|
||||
import { CreateValetToken } from '../../Domain/UseCase/CreateValetToken/CreateValetToken'
|
||||
|
||||
describe('ValetTokenController', () => {
|
||||
describe('InversifyExpressValetTokenController', () => {
|
||||
let createValetToken: CreateValetToken
|
||||
let request: Request
|
||||
let response: Response
|
||||
let controllerContainer: ControllerContainerInterface
|
||||
|
||||
const createController = () => new ValetTokenController(createValetToken, controllerContainer)
|
||||
const createController = () => new InversifyExpressValetTokenController(createValetToken)
|
||||
|
||||
beforeEach(() => {
|
||||
controllerContainer = {} as jest.Mocked<ControllerContainerInterface>
|
||||
controllerContainer.register = jest.fn()
|
||||
|
||||
createValetToken = {} as jest.Mocked<CreateValetToken>
|
||||
createValetToken.execute = jest.fn().mockReturnValue({ success: true, valetToken: 'foobar' })
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
import { inject } from 'inversify'
|
||||
import { Request, Response } from 'express'
|
||||
import {
|
||||
controller,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { CreateValetToken } from '../../Domain/UseCase/CreateValetToken/CreateValetToken'
|
||||
import { HomeServerValetTokenController } from './HomeServer/HomeServerValetTokenController'
|
||||
|
||||
@controller('/valet-tokens', TYPES.Auth_RequiredCrossServiceTokenMiddleware)
|
||||
export class InversifyExpressValetTokenController extends HomeServerValetTokenController {
|
||||
constructor(@inject(TYPES.Auth_CreateValetToken) override createValetKey: CreateValetToken) {
|
||||
super(createValetKey)
|
||||
}
|
||||
|
||||
@httpPost('/')
|
||||
override async create(request: Request, response: Response): Promise<results.JsonResult> {
|
||||
return super.create(request, response)
|
||||
}
|
||||
}
|
||||
@@ -1,63 +1,28 @@
|
||||
import { ErrorTag } from '@standardnotes/responses'
|
||||
import { TokenDecoderInterface, WebSocketConnectionTokenData } from '@standardnotes/security'
|
||||
import { Request } from 'express'
|
||||
import {
|
||||
BaseHttpController,
|
||||
controller,
|
||||
httpPost,
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
results,
|
||||
} from 'inversify-express-utils'
|
||||
import { CreateCrossServiceToken } from '../../Domain/UseCase/CreateCrossServiceToken/CreateCrossServiceToken'
|
||||
import { ControllerContainerInterface } from '@standardnotes/domain-core'
|
||||
import { inject } from 'inversify'
|
||||
import TYPES from '../../Bootstrap/Types'
|
||||
import { HomeServerWebSocketsController } from './HomeServer/HomeServerWebSocketsController'
|
||||
|
||||
@controller('/sockets')
|
||||
export class InversifyExpressWebSocketsController extends BaseHttpController {
|
||||
export class InversifyExpressWebSocketsController extends HomeServerWebSocketsController {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_CreateCrossServiceToken) private createCrossServiceToken: CreateCrossServiceToken,
|
||||
@inject(TYPES.Auth_CreateCrossServiceToken) override createCrossServiceToken: CreateCrossServiceToken,
|
||||
@inject(TYPES.Auth_WebSocketConnectionTokenDecoder)
|
||||
private tokenDecoder: TokenDecoderInterface<WebSocketConnectionTokenData>,
|
||||
@inject(TYPES.Auth_ControllerContainer) private controllerContainer: ControllerContainerInterface,
|
||||
override tokenDecoder: TokenDecoderInterface<WebSocketConnectionTokenData>,
|
||||
) {
|
||||
super()
|
||||
|
||||
this.controllerContainer.register('auth.webSockets.validateToken', this.validateToken.bind(this))
|
||||
super(createCrossServiceToken, tokenDecoder)
|
||||
}
|
||||
|
||||
@httpPost('/tokens/validate')
|
||||
async validateToken(request: Request): Promise<results.JsonResult> {
|
||||
if (!request.headers.authorization) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: ErrorTag.AuthInvalid,
|
||||
message: 'Invalid authorization token.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const token: WebSocketConnectionTokenData | undefined = this.tokenDecoder.decodeToken(request.headers.authorization)
|
||||
|
||||
if (token === undefined) {
|
||||
return this.json(
|
||||
{
|
||||
error: {
|
||||
tag: ErrorTag.AuthInvalid,
|
||||
message: 'Invalid authorization token.',
|
||||
},
|
||||
},
|
||||
401,
|
||||
)
|
||||
}
|
||||
|
||||
const result = await this.createCrossServiceToken.execute({
|
||||
userUuid: token.userUuid,
|
||||
})
|
||||
|
||||
return this.json({ authToken: result.token })
|
||||
override async validateToken(request: Request): Promise<results.JsonResult> {
|
||||
return super.validateToken(request)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,31 +1,16 @@
|
||||
import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/security'
|
||||
import { NextFunction, Request, Response } from 'express'
|
||||
import { inject, injectable } from 'inversify'
|
||||
import { BaseMiddleware } from 'inversify-express-utils'
|
||||
import { Logger } from 'winston'
|
||||
import TYPES from '../Bootstrap/Types'
|
||||
|
||||
@injectable()
|
||||
export class ApiGatewayAuthMiddleware extends BaseMiddleware {
|
||||
constructor(
|
||||
@inject(TYPES.Auth_CrossServiceTokenDecoder) private tokenDecoder: TokenDecoderInterface<CrossServiceTokenData>,
|
||||
@inject(TYPES.Auth_Logger) private logger: Logger,
|
||||
) {
|
||||
export abstract class ApiGatewayAuthMiddleware extends BaseMiddleware {
|
||||
constructor(private tokenDecoder: TokenDecoderInterface<CrossServiceTokenData>, private logger: Logger) {
|
||||
super()
|
||||
}
|
||||
|
||||
async handler(request: Request, response: Response, next: NextFunction): Promise<void> {
|
||||
try {
|
||||
if (!request.headers['x-auth-token']) {
|
||||
this.logger.debug('ApiGatewayAuthMiddleware missing x-auth-token header.')
|
||||
|
||||
response.status(401).send({
|
||||
error: {
|
||||
tag: 'invalid-auth',
|
||||
message: 'Invalid login credentials.',
|
||||
},
|
||||
})
|
||||
|
||||
if (!this.handleMissingToken(request, response, next)) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -56,4 +41,6 @@ export class ApiGatewayAuthMiddleware extends BaseMiddleware {
|
||||
return next(error)
|
||||
}
|
||||
}
|
||||
|
||||
protected abstract handleMissingToken(request: Request, response: Response, next: NextFunction): boolean
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user