4nk/lecoffre-back
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'dev' into staging

Browse Source
This commit is contained in:
Vins 2023-12-01 11:57:08 +01:00
commit f76856813d
7 changed files with 113 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/app/api/customer/AuthController.ts
View File

@ -30,17 +30,16 @@ export default class AuthController extends ApiController {
}
try {
const customer = await this.customerService.verifyEmail2FASms(email);
if (!customer) {
const res = await this.customerService.verifyEmail2FASms(email);
if (!res) {
this.httpNotFoundRequest(response, "Customer not found");
return;
}
this.httpSuccess(response, { partialPhoneNumber: customer.contact?.cell_phone_number.replace(/\s/g, "").slice(-4) });
this.httpSuccess(response, {
partialPhoneNumber: res.customer.contact?.cell_phone_number.replace(/\s/g, "").slice(-4),
totpCodeUid: res.totpCode.uid,
});
} catch (error) {
if (error instanceof SmsNotExpiredError) {
this.httpTooEarlyRequest(response, error.message);
return;
}
console.log(error);
this.httpInternalError(response);
}
@ -207,18 +206,27 @@ export default class AuthController extends ApiController {
@Post("/api/v1/customer/auth/send-another-code")
protected async sendAnotherCode(req: Request, response: Response) {
const email = req.body["email"];
const totpCodeUid = req.body["totpCodeUid"];
if (!email) {
this.httpBadRequest(response, "email is required");
return;
}
if (!totpCodeUid) {
this.httpBadRequest(response, "totpCodeUid is required");
return;
}
try {
const customer = await this.customerService.askAnotherCode(email);
if (!customer) {
const res = await this.customerService.askAnotherCode(email, totpCodeUid);
if (!res) {
this.httpNotFoundRequest(response, "Customer not found");
return;
}
this.httpSuccess(response, { partialPhoneNumber: customer.contact?.cell_phone_number.replace(/\s/g, "").slice(-4) });
this.httpSuccess(response, {
partialPhoneNumber: res.customer.contact?.cell_phone_number.replace(/\s/g, "").slice(-4),
totpCodeUid: res.totpCode.uid,
});
} catch (error) {
if (error instanceof TooSoonForNewCode || error instanceof TotpCodeExpiredError) {
this.httpUnauthorized(response, error.message);

7
src/common/repositories/TotpCodesRepository.ts
View File

@ -67,4 +67,11 @@ export default class TotpCodesRepository extends BaseRepository {
},
});
}
/**
* Delete many totp codes
*/
public async deleteMany(query: Prisma.TotpCodesDeleteManyArgs) {
return this.model.deleteMany({ ...query });
}
}

23
src/services/common/CronService/CronService.ts
View File

@ -6,6 +6,7 @@ import IdNotService from "../IdNotService/IdNotService";
import { PrismaClient } from "@prisma/client";
import NotificationBuilder from "@Common/notifications/NotificationBuilder";
import EmailBuilder from "@Common/emails/EmailBuilder";
import TotpService from "@Services/customer/TotpService/TotpService";
// import { PrismaClient } from "@prisma/client";
@Service()
@ -16,6 +17,7 @@ export default class CronService {
private idNotService: IdNotService,
private notificationBuilder: NotificationBuilder,
private emailBuilder: EmailBuilder,
private totpService: TotpService,
) {}
public async sendMails() {
@ -86,8 +88,8 @@ export default class CronService {
// Once a day at midnight
try {
const prisma = new PrismaClient();
const expiringDocuments15Days: [{uid: string, expiration_date: Date}] = await prisma.$queryRaw
`SELECT distinct o.uid, f.created_at as expiration_date
const expiringDocuments15Days: [{ uid: string; expiration_date: Date }] =
await prisma.$queryRaw`SELECT distinct o.uid, f.created_at as expiration_date
FROM documents d
JOIN files f ON d.uid=f.document_uid
JOIN office_folders o ON o.uid=d.folder_uid
@ -95,11 +97,24 @@ export default class CronService {
AND d.document_status = 'DEPOSITED'
AND current_date = (DATE(f.created_at) + interval '3 months' - interval '2 days');`;
expiringDocuments15Days.forEach(expiringFolder => {
expiringDocuments15Days.forEach((expiringFolder) => {
this.notificationBuilder.sendDocumentExpiringSoonNotification(expiringFolder.uid, expiringFolder.expiration_date);
});
} catch (e) {
console.error(e);
}
});
// Start job
if (!cronJob.running) {
cronJob.start();
}
}
public async cleanExpiredTotpCodes() {
const cronJob = new CronJob("0 0 * * *", async () => {
// Once a day at midnight
try {
await this.totpService.cleanExpiredTotpCodes();
} catch (e) {
console.error(e);
}

5
src/services/common/IdNotService/IdNotService.ts
View File

@ -117,11 +117,14 @@ export default class IdNotService extends BaseService {
const query = new URLSearchParams({
client_id: this.variables.IDNOT_CLIENT_ID,
client_secret: this.variables.IDNOT_CLIENT_SECRET,
redirect_uri: `${this.variables.APP_HOST}/authorized-client`,
redirect_uri: this.variables.IDNOT_REDIRECT_URL,
code: code,
grant_type: "authorization_code",
});
const token = await fetch(this.variables.IDNOT_BASE_URL + this.variables.IDNOT_CONNEXION_URL + "?" + query, { method: "POST" });
if(token.status !== 200) console.error(await token.text());
const decodedToken = (await token.json()) as IIdNotToken;
const decodedIdToken = jwt.decode(decodedToken.id_token) as IdNotJwtPayload;

24
src/services/customer/CustomersService/CustomersService.ts
View File

@ -88,7 +88,7 @@ export default class CustomersService extends BaseService {
* 4: Save the SMS code in database
* 5: Send the SMS code to the customer
*/
public async verifyEmail2FASms(email: string): Promise<Customer | null> {
public async verifyEmail2FASms(email: string): Promise<{ customer: Customer; totpCode: TotpCodes } | null> {
// 1: Check if the customer exists
const customer = await this.getByEmail(email);
if (!customer) return null;
@ -100,18 +100,18 @@ export default class CustomersService extends BaseService {
const validTotpCode = customerHydrated.totpCodes?.find((totpCode) => {
return totpCode.expire_at && totpCode.expire_at.getTime() > now;
});
if (validTotpCode) throw new SmsNotExpiredError();
if (validTotpCode) return { customer, totpCode: validTotpCode };
// 3: Generate a new SMS code
const totpPin = this.generateTotp();
const reason = customer.password ? TotpCodesReasons.LOGIN : TotpCodesReasons.FIRST_LOGIN;
// 4: Save the SMS code in database
await this.saveTotpPin(customer, totpPin, new Date(now + 5 * 60000), reason);
const totpCode = await this.saveTotpPin(customer, totpPin, new Date(now + 5 * 60000), reason);
// 5: Send the SMS code to the customer
await this.sendSmsCodeToCustomer(totpPin, customer);
return customer;
return { customer, totpCode };
}
/**
@ -258,7 +258,7 @@ export default class CustomersService extends BaseService {
);
}
public async askAnotherCode(email: string): Promise<Customer | null> {
public async askAnotherCode(email: string, totpCodeUid: string): Promise<{ customer: Customer; totpCode: TotpCodes } | null> {
// 1: Check if the customer exists
const customer = await this.getByEmail(email);
if (!customer) return null;
@ -267,26 +267,26 @@ export default class CustomersService extends BaseService {
const customerHydrated = Customer.hydrate<Customer>(customer);
// 2: Get last code sent
const lastCode = customerHydrated.totpCodes?.find((totpCode) => {
return totpCode.expire_at && totpCode.expire_at.getTime() > now;
const totpCodeToResend = customerHydrated.totpCodes?.find((totpCode) => {
return totpCode.uid === totpCodeUid && totpCode.expire_at && totpCode.expire_at.getTime() > now;
});
if (!lastCode) throw new TotpCodeExpiredError();
if (!totpCodeToResend) throw new TotpCodeExpiredError();
// 3: Check if it was created more than 30 seconds ago
if (lastCode.created_at && lastCode.created_at.getTime() > now - 30000) throw new TooSoonForNewCode();
if (totpCodeToResend.created_at && totpCodeToResend.created_at.getTime() > now - 30000) throw new TooSoonForNewCode();
// 4: Generate a new SMS code
const totpPin = this.generateTotp();
// 5: Disable the old code
await this.totpCodesRepository.disable(lastCode);
await this.totpCodesRepository.disable(totpCodeToResend);
// 6: Save the SMS code in database
await this.saveTotpPin(customer, totpPin, new Date(now + 5 * 60000), lastCode.reason!);
const totpCode = await this.saveTotpPin(customer, totpPin, new Date(now + 5 * 60000), totpCodeToResend.reason!);
// 7: Send the SMS code to the customer
await this.sendSmsCodeToCustomer(totpPin, customer);
return customer;
return { customer, totpCode };
}
/**

51
src/services/customer/TotpService/TotpService.ts Normal file
View File

@ -0,0 +1,51 @@
import { Prisma, TotpCodes } from "@prisma/client";
import TotpCodesRepository from "@Repositories/TotpCodesRepository";
import BaseService from "@Services/BaseService";
import { Service } from "typedi";
@Service()
export default class TotpService extends BaseService {
constructor(private totpCodesRepository: TotpCodesRepository) {
super();
}
/**
* @description : Get all totp codes
* @throws {Error} If totp codes cannot be get
*/
public async get(query: Prisma.TotpCodesFindManyArgs): Promise<TotpCodes[]> {
return this.totpCodesRepository.findMany(query);
}
/**
* @description : Get one totp code
* @throws {Error} If totp code cannot be get
*/
public async getOne(query: Prisma.TotpCodesFindFirstArgs): Promise<TotpCodes | null> {
return this.totpCodesRepository.findOne(query);
}
/**
* @description : Delete many totp codes
* @throws {Error} If totp code cannot be deleted
*/
public async deleteMany(query: Prisma.TotpCodesDeleteManyArgs): Promise<Prisma.BatchPayload> {
return this.totpCodesRepository.deleteMany(query);
}
/**
* @description : Delete every totp code expired for more than 30 days
* @throws {Error} If totp codes cannot be deleted
*/
public async cleanExpiredTotpCodes() {
const query: Prisma.TotpCodesDeleteManyArgs = {
where: {
expire_at: {
lte: new Date(Date.now() - 30 * 24 * 60 * 60 * 1000),
},
},
};
return this.totpCodesRepository.deleteMany(query);
}
}