4nk/lecoffre-back
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refresh token refreshes rules

Browse Source
This commit is contained in:
Maxime Lalo 2024-04-24 11:23:01 +02:00
parent 32f92787cc
commit e4f40336c7
2 changed files with 38 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
src/app/api/idnot/UserController.ts
View File

@ -2,7 +2,7 @@ import { Response, Request } from "express";
import { Controller, Post } from "@ControllerPattern/index"; import { Controller, Post } from "@ControllerPattern/index";
import ApiController from "@Common/system/controller-pattern/ApiController"; import ApiController from "@Common/system/controller-pattern/ApiController";
import { Service } from "typedi"; import { Service } from "typedi";
import AuthService, { IUserJwtPayload } from "@Services/common/AuthService/AuthService"; import AuthService, { IUserJwtPayload, PROVIDER_OPENID } from "@Services/common/AuthService/AuthService";
import IdNotService from "@Services/common/IdNotService/IdNotService"; import IdNotService from "@Services/common/IdNotService/IdNotService";
import User, { RulesGroup } from "le-coffre-resources/dist/Admin"; import User, { RulesGroup } from "le-coffre-resources/dist/Admin";
@ -22,7 +22,7 @@ export default class UserController extends ApiController {
private userService: UsersService, private userService: UsersService,
private subscriptionsService: SubscriptionsService, private subscriptionsService: SubscriptionsService,
private seatsService: SeatsService, private seatsService: SeatsService,
private rulesGroupsService: RulesGroupsService private rulesGroupsService: RulesGroupsService,
) { ) {
super(); super();
} }
@ -35,11 +35,11 @@ export default class UserController extends ApiController {
@Post("/api/v1/idnot/user/:code") @Post("/api/v1/idnot/user/:code")
protected async getUserInfosFromIdnot(req: Request, response: Response) { protected async getUserInfosFromIdnot(req: Request, response: Response) {
try { try {
const code = req.params["code"]; const code = req.params["code"];
if (!code) throw new Error("code is required"); if (!code) throw new Error("code is required");
const idNotToken = await this.idNotService.getIdNotToken(code); const idNotToken = await this.idNotService.getIdNotToken(code);
if (!idNotToken) { if (!idNotToken) {
this.httpValidationError(response, "IdNot token undefined"); this.httpValidationError(response, "IdNot token undefined");
@ -48,7 +48,6 @@ export default class UserController extends ApiController {
const user = await this.idNotService.getOrCreateUser(idNotToken); const user = await this.idNotService.getOrCreateUser(idNotToken);
console.log(user); console.log(user);
if (!user) { if (!user) {
this.httpUnauthorized(response, "User not found"); this.httpUnauthorized(response, "User not found");
@ -61,7 +60,6 @@ export default class UserController extends ApiController {
//Get user with contact //Get user with contact
const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true }); const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true });
console.log(prismaUser); console.log(prismaUser);
if (!prismaUser) { if (!prismaUser) {
this.httpNotFoundRequest(response, "user not found"); this.httpNotFoundRequest(response, "user not found");
@ -71,7 +69,6 @@ export default class UserController extends ApiController {
//Hydrate user to be able to use his contact //Hydrate user to be able to use his contact
const userHydrated = User.hydrate<User>(prismaUser, { strategy: "excludeAll" }); const userHydrated = User.hydrate<User>(prismaUser, { strategy: "excludeAll" });
console.log(userHydrated); console.log(userHydrated);
if (!userHydrated.contact?.email || userHydrated.contact?.email === "") { if (!userHydrated.contact?.email || userHydrated.contact?.email === "") {
this.httpUnauthorized(response, "Email not found"); this.httpUnauthorized(response, "Email not found");
@ -79,21 +76,20 @@ export default class UserController extends ApiController {
} }
let isSubscribed = false; let isSubscribed = false;
const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } }); const subscriptions = await this.subscriptionsService.get({ where: { office_uid: userHydrated.office_membership?.uid } });
console.log(subscriptions); console.log(subscriptions);
if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) { if (!subscriptions || subscriptions.length === 0 || subscriptions[0]?.status === ESubscriptionStatus.INACTIVE) {
console.log("no subscription"); console.log("no subscription");
isSubscribed = false; isSubscribed = false;
} } else if (subscriptions[0]?.type === EType.Unlimited) {
else if (subscriptions[0]?.type === EType.Unlimited) {
console.log("unlimited subscription"); console.log("unlimited subscription");
isSubscribed = true; isSubscribed = true;
} else { } else {
console.log("Seats"); console.log("Seats");
const hasSeat = await this.subscriptionsService.get({ const hasSeat = await this.subscriptionsService.get({
where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userHydrated.uid } } }, where: { status: ESubscriptionStatus.ACTIVE, seats: { some: { user_uid: userHydrated.uid } } },
}); });
@ -127,32 +123,36 @@ export default class UserController extends ApiController {
// return; // return;
// } // }
await this.idNotService.updateOffice(user.office_uid); await this.idNotService.updateOffice(user.office_uid);
const payload = await this.authService.getUserJwtPayload(user.idNot); const payload = await this.authService.getUserJwtPayload(user.idNot);
if(!payload) return; if (!payload) return;
console.log(isSubscribed, userHydrated.role?.name); console.log(isSubscribed, userHydrated.role?.name);
if(!isSubscribed && userHydrated.role?.name === "admin" || userHydrated.role?.name === "super-admin"){
const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({ where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" }, include: { rules: true } });
console.log(manageSubscriptionRulesEntity);
const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, { strategy: "excludeAll" });
if(!manageSubscriptionRules[0]) return;
payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
console.log(payload);
isSubscribed = true;
}
if ((!isSubscribed && userHydrated.role?.name === "admin") || userHydrated.role?.name === "super-admin") {
const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
include: { rules: true },
});
console.log(manageSubscriptionRulesEntity);
const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
strategy: "excludeAll",
});
if (!manageSubscriptionRules[0]) return;
payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
console.log(payload);
isSubscribed = true;
}
if (!isSubscribed) { if (!isSubscribed) {
this.httpUnauthorized(response, "User not subscribed"); this.httpUnauthorized(response, "User not subscribed");
return; return;
} }
const accessToken = this.authService.generateAccessToken(payload); const accessToken = this.authService.generateAccessToken(payload);
const refreshToken = this.authService.generateRefreshToken(payload); const refreshToken = this.authService.generateRefreshToken(payload);
@ -176,21 +176,24 @@ export default class UserController extends ApiController {
} }
let accessToken; let accessToken;
this.authService.verifyRefreshToken(token, (err, userPayload) => { this.authService.verifyRefreshToken(token, async (err, userPayload) => {
if (err) { if (err) {
console.log(err); console.log(err);
this.httpUnauthorized(response); this.httpUnauthorized(response);
return; return;
} }
const user = userPayload as IUserJwtPayload; const openId = (userPayload as IUserJwtPayload).openId.userId;
if (!openId) return;
const newUserPayload = await this.authService.getUserJwtPayload(openId.toString(), PROVIDER_OPENID.idNot);
const user = newUserPayload as IUserJwtPayload;
delete user.iat; delete user.iat;
delete user.exp; delete user.exp;
accessToken = this.authService.generateAccessToken(user); accessToken = this.authService.generateAccessToken(user);
this.httpSuccess(response, { accessToken });
}); });
//success //success
this.httpSuccess(response, { accessToken });
} catch (error) { } catch (error) {
console.log(error); console.log(error);
this.httpInternalError(response); this.httpInternalError(response);

2
src/services/common/AuthService/AuthService.ts
View File

@ -8,7 +8,7 @@ import { ECustomerStatus } from "@prisma/client";
import { Customer } from "le-coffre-resources/dist/Notary"; import { Customer } from "le-coffre-resources/dist/Notary";
import bcrypt from "bcrypt"; import bcrypt from "bcrypt";
enum PROVIDER_OPENID { export enum PROVIDER_OPENID {
idNot = "idNot", idNot = "idNot",
} }