177 lines
5.7 KiB
TypeScript
177 lines
5.7 KiB
TypeScript
import { Response, Request } from "express";
|
|
import { Controller, Post } from "@ControllerPattern/index";
|
|
import ApiController from "@Common/system/controller-pattern/ApiController";
|
|
import { Service } from "typedi";
|
|
import AuthService, { IUserJwtPayload, PROVIDER_OPENID } from "@Services/common/AuthService/AuthService";
|
|
|
|
import IdNotService from "@Services/common/IdNotService/IdNotService";
|
|
import User, { RulesGroup } from "le-coffre-resources/dist/Admin";
|
|
import UsersService from "@Services/super-admin/UsersService/UsersService";
|
|
import SubscriptionsService from "@Services/admin/SubscriptionsService/SubscriptionsService.ts";
|
|
import RulesGroupsService from "@Services/admin/RulesGroupsService/RulesGroupsService";
|
|
|
|
@Controller()
|
|
@Service()
|
|
export default class UserController extends ApiController {
|
|
constructor(
|
|
private authService: AuthService,
|
|
private idNotService: IdNotService,
|
|
private userService: UsersService,
|
|
private subscriptionsService: SubscriptionsService,
|
|
private rulesGroupsService: RulesGroupsService,
|
|
) {
|
|
super();
|
|
}
|
|
|
|
/**
|
|
* @description Get user created from IdNot authentification
|
|
* @todo Used for test, should be removed
|
|
* @returns User
|
|
*/
|
|
@Post("/api/v1/idnot/user/:code")
|
|
protected async getUserInfosFromIdnot(req: Request, response: Response) {
|
|
try {
|
|
const code = req.params["code"];
|
|
|
|
if (!code) throw new Error("code is required");
|
|
|
|
const idNotToken = await this.idNotService.getIdNotToken(code);
|
|
|
|
if (!idNotToken) {
|
|
this.httpValidationError(response, "IdNot token undefined");
|
|
return;
|
|
}
|
|
|
|
const user = await this.idNotService.getOrCreateUser(idNotToken);
|
|
|
|
if (!user) {
|
|
this.httpUnauthorized(response, "User not found");
|
|
return;
|
|
}
|
|
|
|
await this.idNotService.updateUser(user.uid);
|
|
|
|
//Whitelist feature
|
|
//Get user with contact
|
|
const prismaUser = await this.userService.getByUid(user.uid, { contact: true, role: true, office_membership: true });
|
|
|
|
if (!prismaUser) {
|
|
this.httpNotFoundRequest(response, "user not found");
|
|
return;
|
|
}
|
|
|
|
//Hydrate user to be able to use his contact
|
|
const userHydrated = User.hydrate<User>(prismaUser, { strategy: "excludeAll" });
|
|
|
|
if (!userHydrated.contact?.email || userHydrated.contact?.email === "") {
|
|
this.httpUnauthorized(response, "Email not found");
|
|
return;
|
|
}
|
|
let isSubscribed = await this.subscriptionsService.isUserSubscribed(user.uid, userHydrated.office_membership?.uid!);
|
|
|
|
//Check if user is whitelisted
|
|
// const isWhitelisted = await this.whitelistService.getByEmail(userHydrated.contact!.email);
|
|
|
|
//When we'll switch to idNotId whitelisting
|
|
// const isWhitelisted = await this.userWhitelistService.getByIdNotId(user.idNot);
|
|
|
|
//If not whitelisted, return 409 Not whitelisted
|
|
// if (!isWhitelisted || isWhitelisted.length === 0) {
|
|
// this.httpNotWhitelisted(response);
|
|
// return;
|
|
// }
|
|
|
|
await this.idNotService.updateOffice(user.office_uid);
|
|
|
|
const payload = await this.authService.getUserJwtPayload(user.idNot);
|
|
if (!payload) return;
|
|
|
|
if (!isSubscribed && (userHydrated.role?.name === "admin" || userHydrated.role?.name === "super-admin")) {
|
|
const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
|
|
where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
|
|
include: { rules: true },
|
|
});
|
|
|
|
const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
|
|
strategy: "excludeAll",
|
|
});
|
|
if (!manageSubscriptionRules[0]) return;
|
|
|
|
payload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
|
|
|
|
isSubscribed = true;
|
|
}
|
|
|
|
if (!isSubscribed) {
|
|
this.httpUnauthorized(response, "User not subscribed");
|
|
return;
|
|
}
|
|
|
|
const accessToken = this.authService.generateAccessToken(payload);
|
|
const refreshToken = this.authService.generateRefreshToken(payload);
|
|
|
|
this.httpSuccess(response, { accessToken, refreshToken });
|
|
} catch (error) {
|
|
console.error(error);
|
|
this.httpInternalError(response);
|
|
return;
|
|
}
|
|
}
|
|
|
|
@Post("/api/v1/idnot/user/auth/refresh-token")
|
|
protected async refreshToken(req: Request, response: Response) {
|
|
try {
|
|
const authHeader = req.headers["authorization"];
|
|
const token = authHeader && authHeader.split(" ")[1];
|
|
|
|
if (!token) {
|
|
this.httpBadRequest(response);
|
|
return;
|
|
}
|
|
|
|
let accessToken;
|
|
this.authService.verifyRefreshToken(token, async (err, userPayload) => {
|
|
if (err) {
|
|
console.error(err);
|
|
this.httpUnauthorized(response);
|
|
return;
|
|
}
|
|
|
|
const openId = (userPayload as IUserJwtPayload).openId.userId;
|
|
if (!openId) return;
|
|
const newUserPayload = (await this.authService.getUserJwtPayload(
|
|
openId.toString(),
|
|
PROVIDER_OPENID.idNot,
|
|
)) as IUserJwtPayload;
|
|
let isSubscribed = await this.subscriptionsService.isUserSubscribed(newUserPayload.userId, newUserPayload.office_Id);
|
|
|
|
if (!isSubscribed && (newUserPayload.role === "admin" || newUserPayload.role === "super-admin")) {
|
|
const manageSubscriptionRulesEntity = await this.rulesGroupsService.get({
|
|
where: { uid: "94343601-04c8-44ef-afb9-3047597528a9" },
|
|
include: { rules: true },
|
|
});
|
|
|
|
const manageSubscriptionRules = RulesGroup.hydrateArray<RulesGroup>(manageSubscriptionRulesEntity, {
|
|
strategy: "excludeAll",
|
|
});
|
|
if (!manageSubscriptionRules[0]) return;
|
|
|
|
newUserPayload.rules = manageSubscriptionRules[0].rules!.map((rule) => rule.name) || [];
|
|
|
|
isSubscribed = true;
|
|
}
|
|
delete newUserPayload.iat;
|
|
delete newUserPayload.exp;
|
|
accessToken = this.authService.generateAccessToken(newUserPayload);
|
|
this.httpSuccess(response, { accessToken });
|
|
});
|
|
|
|
//success
|
|
} catch (error) {
|
|
console.error(error);
|
|
this.httpInternalError(response);
|
|
return;
|
|
}
|
|
}
|
|
}
|