feat: add supertokens
This commit is contained in:
@@ -1,16 +1,21 @@
|
||||
import { ForbiddenError, NotFoundError } from "@platform/relay";
|
||||
import { getPrincipalAttributes, getPrincipalRoles } from "@platform/supertoken/principal.ts";
|
||||
import { getUserById } from "@platform/supertoken/users.ts";
|
||||
|
||||
import { getIdentityById } from "../../../database.ts";
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("session").handle(async ({ params: { id } }, { access }) => {
|
||||
const identity = await getIdentityById(id);
|
||||
if (identity === undefined) {
|
||||
const user = await getUserById(id);
|
||||
if (user === undefined) {
|
||||
return new NotFoundError("Identity does not exist, or has been removed.");
|
||||
}
|
||||
const decision = await access.isAllowed({ kind: "identity", id: identity.id, attr: {} }, "read");
|
||||
const decision = await access.isAllowed({ kind: "identity", id: user.id, attr: {} }, "read");
|
||||
if (decision === false) {
|
||||
return new ForbiddenError("You do not have permission to view this identity.");
|
||||
}
|
||||
return identity;
|
||||
return {
|
||||
id: user.id,
|
||||
roles: await getPrincipalRoles(id),
|
||||
attr: await getPrincipalAttributes(id),
|
||||
};
|
||||
});
|
||||
|
||||
@@ -1,12 +1,10 @@
|
||||
import { ForbiddenError, NotFoundError, route, UnauthorizedError } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
import { IdentitySchema } from "../../../models/identity.ts";
|
||||
|
||||
export default route
|
||||
.get("/api/v1/identities/:id")
|
||||
.get("/api/v1/identity/:id")
|
||||
.params({
|
||||
id: z.string(),
|
||||
})
|
||||
.errors([UnauthorizedError, ForbiddenError, NotFoundError])
|
||||
.response(IdentitySchema);
|
||||
.response(z.any());
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
import { UnauthorizedError } from "@platform/relay";
|
||||
|
||||
import { getIdentityById } from "../../../database.ts";
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("session").handle(async ({ principal }) => {
|
||||
const identity = await getIdentityById(principal.id);
|
||||
if (identity === undefined) {
|
||||
return new UnauthorizedError("You must be signed in to view your session.");
|
||||
}
|
||||
return identity;
|
||||
});
|
||||
@@ -1,5 +0,0 @@
|
||||
import { NotFoundError, route, UnauthorizedError } from "@platform/relay";
|
||||
|
||||
import { IdentitySchema } from "../../../models/identity.ts";
|
||||
|
||||
export default route.get("/api/v1/identities/me").response(IdentitySchema).errors([UnauthorizedError, NotFoundError]);
|
||||
@@ -1,11 +0,0 @@
|
||||
import { Identity, isEmailClaimed } from "../../../aggregates/identity.ts";
|
||||
import { IdentityEmailClaimedError } from "../../../errors.ts";
|
||||
import { eventStore } from "../../../event-store.ts";
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("public").handle(async ({ body: { name, email } }) => {
|
||||
if ((await isEmailClaimed(email)) === true) {
|
||||
return new IdentityEmailClaimedError(email);
|
||||
}
|
||||
return eventStore.aggregate.from(Identity).create().addName(name).addEmailStrategy(email).addRole("user").save();
|
||||
});
|
||||
@@ -1,17 +0,0 @@
|
||||
import { route } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
import { IdentityEmailClaimedError } from "../../../errors.ts";
|
||||
import { IdentitySchema } from "../../../models/identity.ts";
|
||||
import { NameSchema } from "../../../schemas/name.ts";
|
||||
|
||||
export default route
|
||||
.post("/api/v1/identities")
|
||||
.body(
|
||||
z.object({
|
||||
name: NameSchema,
|
||||
email: z.email(),
|
||||
}),
|
||||
)
|
||||
.errors([IdentityEmailClaimedError])
|
||||
.response(IdentitySchema);
|
||||
@@ -1,13 +0,0 @@
|
||||
import { NotFoundError } from "@platform/relay";
|
||||
|
||||
import { config } from "../../../config.ts";
|
||||
import { getIdentityById } from "../../../database.ts";
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access(["internal:public", config.internal.privateKey]).handle(async ({ params: { id } }) => {
|
||||
const identity = await getIdentityById(id);
|
||||
if (identity === undefined) {
|
||||
return new NotFoundError();
|
||||
}
|
||||
return identity;
|
||||
});
|
||||
@@ -1,5 +0,0 @@
|
||||
import { importVault } from "@platform/vault";
|
||||
|
||||
import { config } from "../../../config.ts";
|
||||
|
||||
export const vault = importVault(config.internal);
|
||||
@@ -1,12 +0,0 @@
|
||||
import { NotFoundError, route, UnauthorizedError } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
import { IdentitySchema } from "../../../models/identity.ts";
|
||||
|
||||
export default route
|
||||
.get("/api/v1/identities/:id/resolve")
|
||||
.params({
|
||||
id: z.string(),
|
||||
})
|
||||
.response(IdentitySchema)
|
||||
.errors([UnauthorizedError, NotFoundError]);
|
||||
40
modules/identity/routes/identities/update/handle.ts
Normal file
40
modules/identity/routes/identities/update/handle.ts
Normal file
@@ -0,0 +1,40 @@
|
||||
import { ForbiddenError } from "@platform/relay";
|
||||
import { getPrincipalAttributes } from "@platform/supertoken/principal.ts";
|
||||
import UserMetadata from "supertokens-node/recipe/usermetadata";
|
||||
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("session").handle(async ({ params: { id }, body: ops }, { access }) => {
|
||||
const decision = await access.isAllowed({ kind: "identity", id, attr: {} }, "update");
|
||||
if (decision === false) {
|
||||
return new ForbiddenError("You do not have permission to update this identity.");
|
||||
}
|
||||
const attr = await getPrincipalAttributes(id);
|
||||
for (const op of ops) {
|
||||
switch (op.type) {
|
||||
case "add": {
|
||||
attr[op.key] = op.value;
|
||||
break;
|
||||
}
|
||||
case "push": {
|
||||
if (attr[op.key] === undefined) {
|
||||
attr[op.key] = op.values;
|
||||
} else {
|
||||
attr[op.key] = [...attr[op.key], ...op.values];
|
||||
}
|
||||
break;
|
||||
}
|
||||
case "pop": {
|
||||
if (Array.isArray(attr[op.key])) {
|
||||
attr[op.key] = attr[op.key].filter((value: any) => op.values.includes(value) === false);
|
||||
}
|
||||
break;
|
||||
}
|
||||
case "remove": {
|
||||
delete attr[op.key];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
await UserMetadata.updateUserMetadata(id, { attr });
|
||||
});
|
||||
29
modules/identity/routes/identities/update/spec.ts
Normal file
29
modules/identity/routes/identities/update/spec.ts
Normal file
@@ -0,0 +1,29 @@
|
||||
import { ForbiddenError, NotFoundError, route, UnauthorizedError } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
export default route
|
||||
.put("/api/v1/identity/:id")
|
||||
.params({
|
||||
id: z.string(),
|
||||
})
|
||||
.body(
|
||||
z.array(
|
||||
z.union([
|
||||
z.strictObject({
|
||||
type: z.union([z.literal("add")]),
|
||||
key: z.string(),
|
||||
value: z.any(),
|
||||
}),
|
||||
z.strictObject({
|
||||
type: z.union([z.literal("push"), z.literal("pop")]),
|
||||
key: z.string(),
|
||||
values: z.array(z.any()),
|
||||
}),
|
||||
z.strictObject({
|
||||
type: z.union([z.literal("remove")]),
|
||||
key: z.string(),
|
||||
}),
|
||||
]),
|
||||
),
|
||||
)
|
||||
.errors([UnauthorizedError, ForbiddenError, NotFoundError]);
|
||||
Reference in New Issue
Block a user