#1-account-management #13
16 changed files with 272 additions and 14 deletions
|
|
@ -4,6 +4,7 @@ export interface CreateUserCommand {
|
|||
firstname: string;
|
||||
lastname: string;
|
||||
secret: string;
|
||||
isOwner: boolean;
|
||||
}
|
||||
|
||||
export interface UpdateUserCommand {
|
||||
|
|
@ -14,6 +15,11 @@ export interface UpdateUserCommand {
|
|||
lastname: string;
|
||||
}
|
||||
|
||||
export interface TransferUserOwnerCommand {
|
||||
fromId: number;
|
||||
toId: number;
|
||||
}
|
||||
|
||||
export interface UpdateUserRolesCommand {
|
||||
id: number;
|
||||
roleIds: Array<number>;
|
||||
|
|
|
|||
|
|
@ -2,7 +2,13 @@ import { EntityManager } from "typeorm";
|
|||
import { dataSource } from "../data-source";
|
||||
import { user } from "../entity/user";
|
||||
import InternalException from "../exceptions/internalException";
|
||||
import { CreateUserCommand, DeleteUserCommand, UpdateUserCommand, UpdateUserRolesCommand } from "./userCommand";
|
||||
import {
|
||||
CreateUserCommand,
|
||||
DeleteUserCommand,
|
||||
TransferUserOwnerCommand,
|
||||
UpdateUserCommand,
|
||||
UpdateUserRolesCommand,
|
||||
} from "./userCommand";
|
||||
import UserService from "../service/userService";
|
||||
|
||||
export default abstract class UserCommandHandler {
|
||||
|
|
@ -22,6 +28,7 @@ export default abstract class UserCommandHandler {
|
|||
firstname: createUser.firstname,
|
||||
lastname: createUser.lastname,
|
||||
secret: createUser.secret,
|
||||
isOwner: createUser.isOwner,
|
||||
})
|
||||
.execute()
|
||||
.then((result) => {
|
||||
|
|
@ -89,6 +96,38 @@ export default abstract class UserCommandHandler {
|
|||
return await manager.createQueryBuilder().relation(user, "roles").of(userId).remove(roleId);
|
||||
}
|
||||
|
||||
/**
|
||||
* @description transfer ownership
|
||||
* @param TransferUserOwnerCommand
|
||||
* @returns {Promise<void>}
|
||||
*/
|
||||
static async transferOwnership(transferOwnership: TransferUserOwnerCommand): Promise<void> {
|
||||
return await dataSource.manager
|
||||
.transaction(async (manager) => {
|
||||
manager
|
||||
.createQueryBuilder()
|
||||
.update(user)
|
||||
.set({
|
||||
isOwner: false,
|
||||
})
|
||||
.where("id = :id", { id: transferOwnership.fromId })
|
||||
.execute();
|
||||
|
||||
manager
|
||||
.createQueryBuilder()
|
||||
.update(user)
|
||||
.set({
|
||||
isOwner: true,
|
||||
})
|
||||
.where("id = :id", { id: transferOwnership.toId })
|
||||
.execute();
|
||||
})
|
||||
.then(() => {})
|
||||
.catch((err) => {
|
||||
throw new InternalException("Failed transfering ownership", err);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @description delete user
|
||||
* @param DeleteUserCommand
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ export async function login(req: Request, res: Response): Promise<any> {
|
|||
let username = req.body.username;
|
||||
let totp = req.body.totp;
|
||||
|
||||
let { id, secret, mail, firstname, lastname } = await UserService.getByUsername(username);
|
||||
let { id, secret, mail, firstname, lastname, isOwner } = await UserService.getByUsername(username);
|
||||
|
||||
let valid = speakeasy.totp.verify({
|
||||
secret: secret,
|
||||
|
|
@ -48,6 +48,7 @@ export async function login(req: Request, res: Response): Promise<any> {
|
|||
username: username,
|
||||
firstname: firstname,
|
||||
lastname: lastname,
|
||||
isOwner: isOwner,
|
||||
permissions: permissionObject,
|
||||
};
|
||||
|
||||
|
|
@ -105,7 +106,7 @@ export async function refresh(req: Request, res: Response): Promise<any> {
|
|||
throw new UnauthorizedRequestException("user not identified with token and refresh");
|
||||
}
|
||||
|
||||
let { id, username, mail, firstname, lastname } = await UserService.getById(tokenUserId);
|
||||
let { id, username, mail, firstname, lastname, isOwner } = await UserService.getById(tokenUserId);
|
||||
|
||||
let permissions = await UserPermissionService.getByUser(id);
|
||||
let permissionStrings = permissions.map((e) => e.permission);
|
||||
|
|
@ -117,6 +118,7 @@ export async function refresh(req: Request, res: Response): Promise<any> {
|
|||
username: username,
|
||||
firstname: firstname,
|
||||
lastname: lastname,
|
||||
isOwner: isOwner,
|
||||
permissions: permissionObject,
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -124,23 +124,17 @@ export async function finishInvite(req: Request, res: Response, grantAdmin: bool
|
|||
lastname: lastname,
|
||||
mail: mail,
|
||||
secret: secret,
|
||||
isOwner: grantAdmin,
|
||||
};
|
||||
let id = await UserCommandHandler.create(createUser);
|
||||
|
||||
if (grantAdmin) {
|
||||
let createPermission: CreateUserPermissionCommand = {
|
||||
permission: "*",
|
||||
userId: id,
|
||||
};
|
||||
await UserPermissionCommandHandler.create(createPermission);
|
||||
}
|
||||
|
||||
let jwtData: JWTToken = {
|
||||
userId: id,
|
||||
mail: mail,
|
||||
username: username,
|
||||
firstname: firstname,
|
||||
lastname: lastname,
|
||||
isOwner: grantAdmin,
|
||||
permissions: {
|
||||
...(grantAdmin ? { admin: true } : {}),
|
||||
},
|
||||
|
|
|
|||
121
src/controller/userController.ts
Normal file
121
src/controller/userController.ts
Normal file
|
|
@ -0,0 +1,121 @@
|
|||
import { Request, Response } from "express";
|
||||
import speakeasy from "speakeasy";
|
||||
import QRCode from "qrcode";
|
||||
import InternalException from "../exceptions/internalException";
|
||||
import { CLUB_NAME } from "../env.defaults";
|
||||
import UserService from "../service/userService";
|
||||
import UserFactory from "../factory/admin/user";
|
||||
import { TransferUserOwnerCommand, UpdateUserCommand } from "../command/userCommand";
|
||||
import UserCommandHandler from "../command/userCommandHandler";
|
||||
import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
|
||||
|
||||
/**
|
||||
* @description get my by id
|
||||
* @param req {Request} Express req object
|
||||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function getMeById(req: Request, res: Response): Promise<any> {
|
||||
const id = parseInt(req.userId);
|
||||
let user = await UserService.getById(id);
|
||||
|
||||
res.json(UserFactory.mapToSingle(user));
|
||||
}
|
||||
|
||||
/**
|
||||
* @description get my totp
|
||||
* @param req {Request} Express req object
|
||||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function getMyTotp(req: Request, res: Response): Promise<any> {
|
||||
const userId = parseInt(req.userId);
|
||||
|
||||
let { secret } = await UserService.getById(userId);
|
||||
|
||||
const url = `otpauth://totp/Mitgliederverwaltung ${CLUB_NAME}?secret=${secret}`;
|
||||
|
||||
QRCode.toDataURL(url)
|
||||
.then((result) => {
|
||||
res.json({
|
||||
dataUrl: result,
|
||||
otp: secret,
|
||||
});
|
||||
})
|
||||
.catch((err) => {
|
||||
throw new InternalException("QRCode not created", err);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @description verify my totp
|
||||
* @param req {Request} Express req object
|
||||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function verifyMyTotp(req: Request, res: Response): Promise<any> {
|
||||
const userId = parseInt(req.userId);
|
||||
let totp = req.body.totp;
|
||||
|
||||
let { secret } = await UserService.getById(userId);
|
||||
let valid = speakeasy.totp.verify({
|
||||
secret: secret,
|
||||
encoding: "base32",
|
||||
token: totp,
|
||||
window: 2,
|
||||
});
|
||||
|
||||
if (!valid) {
|
||||
throw new InternalException("Token not valid or expired");
|
||||
}
|
||||
res.sendStatus(204);
|
||||
}
|
||||
|
||||
/**
|
||||
* @description transferOwnership
|
||||
* @param req {Request} Express req object
|
||||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function transferOwnership(req: Request, res: Response): Promise<any> {
|
||||
const userId = parseInt(req.userId);
|
||||
let toId = req.body.toId;
|
||||
|
||||
let { isOwner } = await UserService.getById(userId);
|
||||
if (!isOwner) {
|
||||
throw new ForbiddenRequestException("Action only allowed to owner.");
|
||||
}
|
||||
|
||||
let transfer: TransferUserOwnerCommand = {
|
||||
toId: toId,
|
||||
fromId: userId,
|
||||
};
|
||||
await UserCommandHandler.transferOwnership(transfer);
|
||||
|
||||
res.sendStatus(204);
|
||||
}
|
||||
|
||||
/**
|
||||
* @description update my data
|
||||
* @param req {Request} Express req object
|
||||
* @param res {Response} Express res object
|
||||
* @returns {Promise<*>}
|
||||
*/
|
||||
export async function updateMe(req: Request, res: Response): Promise<any> {
|
||||
const id = parseInt(req.userId);
|
||||
let mail = req.body.mail;
|
||||
let firstname = req.body.firstname;
|
||||
let lastname = req.body.lastname;
|
||||
let username = req.body.username;
|
||||
|
||||
let updateUser: UpdateUserCommand = {
|
||||
id: id,
|
||||
mail: mail,
|
||||
firstname: firstname,
|
||||
lastname: lastname,
|
||||
username: username,
|
||||
};
|
||||
await UserCommandHandler.update(updateUser);
|
||||
|
||||
res.sendStatus(204);
|
||||
}
|
||||
|
|
@ -29,6 +29,7 @@ import { memberQualifications } from "./entity/memberQualifications";
|
|||
import { membership } from "./entity/membership";
|
||||
import { Memberdata1726301836849 } from "./migrations/1726301836849-memberdata";
|
||||
import { CommunicationFields1727439800630 } from "./migrations/1727439800630-communicationFields";
|
||||
import { Ownership1728313041449 } from "./migrations/1728313041449-ownership";
|
||||
import { protocol } from "./entity/protocol";
|
||||
import { protocolAgenda } from "./entity/protocolAgenda";
|
||||
import { protocolDecision } from "./entity/protocolDecision";
|
||||
|
|
@ -86,6 +87,7 @@ const dataSource = new DataSource({
|
|||
MemberBaseData1725435669492,
|
||||
Memberdata1726301836849,
|
||||
CommunicationFields1727439800630,
|
||||
Ownership1728313041449,
|
||||
Protocol1729347911107,
|
||||
Calendar1729947763295,
|
||||
],
|
||||
|
|
|
|||
|
|
@ -22,6 +22,9 @@ export class user {
|
|||
@Column({ type: "varchar", length: 255 })
|
||||
secret: string;
|
||||
|
||||
@Column({ type: "boolean", default: false })
|
||||
isOwner: boolean;
|
||||
|
||||
@ManyToMany(() => role, (role) => role.users, {
|
||||
nullable: false,
|
||||
onDelete: "CASCADE",
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ export default abstract class UserFactory {
|
|||
firstname: record.firstname,
|
||||
lastname: record.lastname,
|
||||
mail: record.mail,
|
||||
isOwner: record.isOwner,
|
||||
permissions: PermissionHelper.convertToObject(userPermissionStrings),
|
||||
roles: RoleFactory.mapToBase(record.roles),
|
||||
permissions_total: totalPermissions,
|
||||
|
|
|
|||
|
|
@ -55,8 +55,9 @@ export default class PermissionHelper {
|
|||
): (req: Request, res: Response, next: Function) => void {
|
||||
return (req: Request, res: Response, next: Function) => {
|
||||
const permissions = req.permissions;
|
||||
const isOwner = req.isOwner;
|
||||
|
||||
if (this.can(permissions, requiredPermissions, section, module)) {
|
||||
if (isOwner || this.can(permissions, requiredPermissions, section, module)) {
|
||||
next();
|
||||
} else {
|
||||
throw new ForbiddenRequestException(
|
||||
|
|
@ -74,8 +75,9 @@ export default class PermissionHelper {
|
|||
): (req: Request, res: Response, next: Function) => void {
|
||||
return (req: Request, res: Response, next: Function) => {
|
||||
const permissions = req.permissions;
|
||||
const isOwner = req.isOwner;
|
||||
|
||||
if (this.canSection(permissions, requiredPermissions, section)) {
|
||||
if (isOwner || this.canSection(permissions, requiredPermissions, section)) {
|
||||
next();
|
||||
} else {
|
||||
throw new ForbiddenRequestException(
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ declare global {
|
|||
export interface Request {
|
||||
userId: string;
|
||||
username: string;
|
||||
isOwner: boolean;
|
||||
permissions: PermissionObject;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ export default async function authenticate(req: Request, res: Response, next: Fu
|
|||
|
||||
req.userId = decoded.userId;
|
||||
req.username = decoded.username;
|
||||
req.isOwner = decoded.isOwner;
|
||||
req.permissions = decoded.permissions;
|
||||
|
||||
next();
|
||||
|
|
|
|||
56
src/migrations/1728313041449-ownership.ts
Normal file
56
src/migrations/1728313041449-ownership.ts
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
import { MigrationInterface, QueryRunner, TableColumn } from "typeorm";
|
||||
|
||||
export class Ownership1728313041449 implements MigrationInterface {
|
||||
name = "Ownership1728313041449";
|
||||
|
||||
public async up(queryRunner: QueryRunner): Promise<void> {
|
||||
await queryRunner.addColumn(
|
||||
"user",
|
||||
new TableColumn({
|
||||
name: "isOwner",
|
||||
type: "tinyint",
|
||||
default: 0,
|
||||
isNullable: false,
|
||||
})
|
||||
);
|
||||
|
||||
await queryRunner.manager
|
||||
.createQueryBuilder()
|
||||
.update("user")
|
||||
.set({ isOwner: 1 })
|
||||
.where((qb) => {
|
||||
const subQuery = queryRunner.manager
|
||||
.createQueryBuilder()
|
||||
.select("1")
|
||||
.from("user_permission", "up")
|
||||
.where("user.id = up.userId")
|
||||
.andWhere("up.permission = '*'")
|
||||
.getQuery();
|
||||
return `EXISTS (${subQuery})`;
|
||||
})
|
||||
.execute();
|
||||
|
||||
await queryRunner.manager.createQueryBuilder().delete().from("user_permission").where("permission = '*'").execute();
|
||||
}
|
||||
|
||||
public async down(queryRunner: QueryRunner): Promise<void> {
|
||||
await queryRunner.manager
|
||||
.createQueryBuilder()
|
||||
.insert()
|
||||
.into("user_permission")
|
||||
.values(
|
||||
await queryRunner.manager
|
||||
.createQueryBuilder()
|
||||
.select("user.id", "userId")
|
||||
.addSelect("'*'", "permission")
|
||||
.from("user", "user")
|
||||
.where("user.isOwner = 1")
|
||||
.execute()
|
||||
)
|
||||
.execute();
|
||||
|
||||
await queryRunner.manager.createQueryBuilder().update("user").set({ isOwner: 0 }).where("isOwner = 1").execute();
|
||||
|
||||
await queryRunner.dropColumn("user", "isOwner");
|
||||
}
|
||||
}
|
||||
|
|
@ -10,6 +10,7 @@ import publicAvailable from "./public";
|
|||
import setup from "./setup";
|
||||
import auth from "./auth";
|
||||
import admin from "./admin/index";
|
||||
import user from "./user";
|
||||
|
||||
export default (app: Express) => {
|
||||
app.set("query parser", "extended");
|
||||
|
|
@ -27,5 +28,6 @@ export default (app: Express) => {
|
|||
app.use("/auth", auth);
|
||||
app.use(authenticate);
|
||||
app.use("/admin", admin);
|
||||
app.use("/user", user);
|
||||
app.use(errorHandler);
|
||||
};
|
||||
|
|
|
|||
26
src/routes/user.ts
Normal file
26
src/routes/user.ts
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
import express from "express";
|
||||
import { getMeById, getMyTotp, transferOwnership, updateMe, verifyMyTotp } from "../controller/userController";
|
||||
|
||||
var router = express.Router({ mergeParams: true });
|
||||
|
||||
router.get("/me", async (req, res) => {
|
||||
await getMeById(req, res);
|
||||
});
|
||||
|
||||
router.get("/totp", async (req, res) => {
|
||||
await getMyTotp(req, res);
|
||||
});
|
||||
|
||||
router.post("/verify", async (req, res) => {
|
||||
await verifyMyTotp(req, res);
|
||||
});
|
||||
|
||||
router.put("/transferOwner", async (req, res) => {
|
||||
await transferOwnership(req, res);
|
||||
});
|
||||
|
||||
router.patch("/me", async (req, res) => {
|
||||
await updateMe(req, res);
|
||||
});
|
||||
|
||||
export default router;
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
import { PermissionObject } from "./permissionTypes";
|
||||
|
||||
export type JWTData = {
|
||||
[key: string]: string | number | PermissionObject;
|
||||
[key: string]: string | number | boolean | PermissionObject;
|
||||
};
|
||||
|
||||
export type JWTToken = {
|
||||
|
|
@ -10,6 +10,7 @@ export type JWTToken = {
|
|||
username: string;
|
||||
firstname: string;
|
||||
lastname: string;
|
||||
isOwner: boolean;
|
||||
permissions: PermissionObject;
|
||||
} & JWTData;
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ export interface UserViewModel {
|
|||
mail: string;
|
||||
firstname: string;
|
||||
lastname: string;
|
||||
isOwner: boolean;
|
||||
permissions: PermissionObject;
|
||||
roles: Array<RoleViewModel>;
|
||||
permissions_total: PermissionObject;
|
||||
|
|
|
|||
Loading…
Reference in a new issue