diff --git a/.github/workflows/deploy-s4ait-production.yml b/.github/workflows/deploy-s4ait-production.yml index 0d88e4eb..7f0b1e76 100644 --- a/.github/workflows/deploy-s4ait-production.yml +++ b/.github/workflows/deploy-s4ait-production.yml @@ -10,8 +10,7 @@ on: types: [created] jobs: - build: - + deploy: runs-on: ubuntu-latest environment: Stella IT Accounts Deployment steps: diff --git a/INSTALL.md b/INSTALL.md index 7e532505..d9e1855f 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -91,7 +91,7 @@ FASTIFY_USE_PROXY=1 # The "issuer" on OpenID Connect id_token OPENID_ISSUING_AUTHORITY="https://demo.meili.ng" -# Deprecated: use "yarn genkey" will automatically generate certificates for creating JWTs +# Deprecated: use "yarn keygen" will automatically generate certificates for creating JWTs OPENID_SECRET_KEY="" NOTIFICATION_API_HOST="http://notification.meili.ng" @@ -117,7 +117,7 @@ These are the secret key to sign your OpenID Token. Please make sure this is lon **Please Run the following:** ```bash -yarn genkey +yarn keygen ``` diff --git a/package.json b/package.json index 3747f723..7ded2bac 100644 --- a/package.json +++ b/package.json @@ -1,13 +1,13 @@ { "name": "meiling", - "version": "0.7.0", + "version": "0.8.1", "description": "An easy-to-use, open-source, flexible oAuth2 Authentication Provider and OpenID Connect Server", "main": "dist/", "repository": "https://github.com/meiling-gatekeeper/meiling", "author": "Alex4386 ", "license": "MIT", "dependencies": { - "@prisma/client": "^3.7.0", + "@prisma/client": "^3.9.1", "@xmldom/xmldom": "^0.8.0", "ansi-regex": "^6.0.1", "axios": "^0.21.2", @@ -49,7 +49,7 @@ "husky": "^4.3.0", "lint-staged": "^10.5.1", "prettier": "^2.1.2", - "prisma": "^3.7.0", + "prisma": "^3.9.1", "ts-node": "^9.0.0" }, "scripts": { diff --git a/src/common/event/baridegi.ts b/src/common/event/baridegi.ts index 9cd4f474..47b2708e 100644 --- a/src/common/event/baridegi.ts +++ b/src/common/event/baridegi.ts @@ -4,8 +4,8 @@ import config from '../../resources/config'; export enum BaridegiLogType { NEW_SESSION = 'new_session', AUTHORIZE_APP = 'authorize_app', - CREATE_AUTHORIZATION_REQUEST = 'create_authorization_request', - VERIFY_AUTHORIZATION_REQUEST = 'verify_authorization_request', + CREATE_AUTHENTICATION_REQUEST = 'create_authentication_request', + VERIFY_AUTHENTICATION_REQUEST = 'verify_authentication_request', CREATE_PASSWORD_RESET_REQUEST = 'create_password_reset_request', USER_SIGNIN = 'user_signin', USER_SIGNOUT = 'user_signout', diff --git a/src/common/meiling/authorization/index.ts b/src/common/meiling/authentication/index.ts similarity index 100% rename from src/common/meiling/authorization/index.ts rename to src/common/meiling/authentication/index.ts diff --git a/src/common/meiling/authorization/token.ts b/src/common/meiling/authentication/token.ts similarity index 100% rename from src/common/meiling/authorization/token.ts rename to src/common/meiling/authentication/token.ts diff --git a/src/common/meiling/authorization/validate.ts b/src/common/meiling/authentication/validate.ts similarity index 96% rename from src/common/meiling/authorization/validate.ts rename to src/common/meiling/authentication/validate.ts index 762316a1..5777d067 100644 --- a/src/common/meiling/authorization/validate.ts +++ b/src/common/meiling/authentication/validate.ts @@ -47,7 +47,7 @@ export function validateOTP(challengeResponse: string, secret: string) { export async function sendOTPSMS(phone: PhoneNumber, challenge: string, lang: Notification.TemplateLanguage = 'ko') { await Notification.sendNotification(Notification.NotificationMethod.SMS, { type: 'template', - templateId: Notification.TemplateId.AUTHORIZATION_CODE, + templateId: Notification.TemplateId.AUTHENTICATION_CODE, lang, messages: [ diff --git a/src/common/meiling/identity/user.ts b/src/common/meiling/identity/user.ts index 251a26e3..535b1361 100644 --- a/src/common/meiling/identity/user.ts +++ b/src/common/meiling/identity/user.ts @@ -169,11 +169,12 @@ export async function getAuthorizedApps(user: UserModel | string): Promise getPrismaClient().oAuthClient.findUnique({ where: { id: n.id } })), + Utils.getUnique(authRaw, (m, n) => m.clientId === n.clientId).map((n) => + getPrismaClient().oAuthClient.findUnique({ where: { id: n.clientId } }), + ), ); - const raw = rawNotFiltered.filter((n) => n !== null) as OAuthClient[]; - return Utils.getUnique(raw, (m, n) => m.id === n.id); + return rawNotFiltered.filter((n) => n !== null) as OAuthClient[]; } export async function getOwnedApps(user: UserModel | string): Promise { @@ -693,7 +694,7 @@ export async function prevent2FALockout(user: UserModel | string): Promise const data = await getInfo(user); if (!data) return undefined; - const authorizations = await getPrismaClient().authentication.count({ + const authentications = await getPrismaClient().authentication.count({ where: { AND: [ { @@ -711,7 +712,7 @@ export async function prevent2FALockout(user: UserModel | string): Promise }, }); - if (authorizations === 0) { + if (authentications === 0) { await getPrismaClient().user.update({ where: { id: data.id, diff --git a/src/common/meiling/index.ts b/src/common/meiling/index.ts index 83fd5e17..e64ca515 100644 --- a/src/common/meiling/index.ts +++ b/src/common/meiling/index.ts @@ -1,7 +1,7 @@ export * as OAuth2 from './oauth2'; export * as SAML2 from './saml2'; export * as Identity from './identity'; -export * as Authorization from './authorization'; +export * as Authentication from './authentication'; export * as Database from './database'; export * as Error from './error'; export * as Sanitize from './sanitize'; diff --git a/src/common/meiling/oauth2/clientAuthorization.ts b/src/common/meiling/oauth2/clientAuthorization.ts index 43d742fb..c982d629 100644 --- a/src/common/meiling/oauth2/clientAuthorization.ts +++ b/src/common/meiling/oauth2/clientAuthorization.ts @@ -1,5 +1,5 @@ import { OAuthClient, OAuthClientAuthorization, OAuthToken, OAuthTokenType, Permission, User } from '@prisma/client'; -import { Authorization } from '..'; +import { Authentication } from '..'; import { getPrismaClient } from '../../../resources/prisma'; // TODO: OPTIMIZE @@ -175,10 +175,10 @@ export async function getUser(authorization: OAuthClientAuthorization | string): export async function createToken( authorization: OAuthClientAuthorization, type: OAuthTokenType, - metadata?: Authorization.Token.TokenMetadata, + metadata?: Authentication.Token.TokenMetadata, ): Promise { // TODO: allow custom generator for token - const tokenKey = Authorization.Token.generateToken(); + const tokenKey = Authentication.Token.generateToken(); const token = await getPrismaClient().oAuthToken.create({ data: { @@ -217,9 +217,9 @@ export async function getToken(authorization: OAuthClientAuthorization, type: OA if ( !token || - Authorization.Token.getExpiresInByType(type, token.issuedAt) < Authorization.Token.getValidTimeByType(type) * 0.1 + Authentication.Token.getExpiresInByType(type, token.issuedAt) < Authentication.Token.getValidTimeByType(type) * 0.1 ) { - token = await createToken(authorization, type, token?.metadata as Authorization.Token.TokenMetadata); + token = await createToken(authorization, type, token?.metadata as Authentication.Token.TokenMetadata); } updateLastUpdated(authorization); diff --git a/src/common/meiling/v1/challenge.ts b/src/common/meiling/v1/challenge.ts index be417808..e036631f 100644 --- a/src/common/meiling/v1/challenge.ts +++ b/src/common/meiling/v1/challenge.ts @@ -2,7 +2,7 @@ import { Authentication } from '@prisma/client'; import { Meiling } from '../..'; import { ExtendedAuthMethods, SigninType, SigninExtendedAuthentication } from './interfaces'; import { AuthenticationJSONObject, AuthenticationOTPObject, AuthenticationPGPSSHKeyObject } from '../identity/user'; -import { validateOTP, validatePGPSign } from '../authorization/validate'; +import { validateOTP, validatePGPSign } from '../authentication/validate'; import config from '../../../resources/config'; export function getMeilingAvailableAuthMethods( @@ -53,10 +53,10 @@ export function generateChallenge(signinMethod: ExtendedAuthMethods): string | u switch (signinMethod) { case ExtendedAuthMethods.PGP_SIGNATURE: case ExtendedAuthMethods.SECURITY_KEY: - return Meiling.Authorization.Token.generateToken(); + return Meiling.Authentication.Token.generateToken(); case ExtendedAuthMethods.SMS: case ExtendedAuthMethods.EMAIL: - return Meiling.Authorization.Token.generateToken(6, '0123456789'); + return Meiling.Authentication.Token.generateToken(6, '0123456789'); case ExtendedAuthMethods.OTP: default: return undefined; diff --git a/src/common/meiling/v1/error/error.ts b/src/common/meiling/v1/error/error.ts index 9c5f8ac4..5258e1e9 100644 --- a/src/common/meiling/v1/error/error.ts +++ b/src/common/meiling/v1/error/error.ts @@ -26,8 +26,8 @@ function getMeilingErrorStatusCode(type: ErrorType) { case ErrorType.ALREADY_SIGNED_IN: case ErrorType.ALREADY_SIGNED_OUT: case ErrorType.APPLICATION_REDIRECT_URI_INVALID: - case ErrorType.AUTHORIZATION_REQUEST_NOT_GENERATED: - case ErrorType.AUTHORIZATION_REQUEST_NOT_COMPLETED: + case ErrorType.AUTHENTICATION_REQUEST_NOT_GENERATED: + case ErrorType.AUTHENTICATION_REQUEST_NOT_COMPLETED: return 400; case ErrorType.UNAUTHORIZED: @@ -37,7 +37,7 @@ function getMeilingErrorStatusCode(type: ErrorType) { case ErrorType.INVALID_SESSION: case ErrorType.APPLICATION_NOT_AUTHORIZED_BY_USER: case ErrorType.APPLICATION_NOT_AUTHORIZED_SCOPES: - case ErrorType.AUTHORIZATION_REQUEST_INVALID: + case ErrorType.AUTHENTICATION_REQUEST_INVALID: return 401; case ErrorType.FORBIDDEN: @@ -50,7 +50,7 @@ function getMeilingErrorStatusCode(type: ErrorType) { case ErrorType.UNSUPPORTED_SIGNIN_METHOD: case ErrorType.UNSUPPORTED_SCOPE: case ErrorType.UNSUPPORTED_RESPONSE_TYPE: - case ErrorType.UNSUPPORTED_AUTHORIZATION_TYPE: + case ErrorType.UNSUPPORTED_AUTHENTICATION_TYPE: return 405; case ErrorType.MORE_THAN_ONE_USER_MATCHED: @@ -63,10 +63,9 @@ function getMeilingErrorStatusCode(type: ErrorType) { return 409; case ErrorType.AUTHENTICATION_TIMEOUT: - case ErrorType.AUTHORIZATION_REQUEST_TIMEOUT: return 410; - case ErrorType.AUTHORIZATION_REQUEST_RATE_LIMITED: + case ErrorType.AUTHENTICATION_REQUEST_RATE_LIMITED: return 429; case ErrorType.INTERNAL_SERVER_ERROR: diff --git a/src/common/meiling/v1/error/type.ts b/src/common/meiling/v1/error/type.ts index f83bb22b..b63cccf3 100644 --- a/src/common/meiling/v1/error/type.ts +++ b/src/common/meiling/v1/error/type.ts @@ -13,13 +13,16 @@ export enum ErrorType { UNSUPPORTED_SIGNIN_METHOD = 'unsupported_signin_method', UNSUPPORTED_SCOPE = 'unsupported_scope', UNSUPPORTED_RESPONSE_TYPE = 'unsupported_response_type', - UNSUPPORTED_AUTHORIZATION_TYPE = 'unsupported_authorization_type', + UNSUPPORTED_AUTHENTICATION_TYPE = 'unsupported_authentication_type', TWO_FACTOR_AUTHENTICATION_REQUIRED = 'two_factor_authentication_required', TWO_FACTOR_AUTHENTICATION_REQUEST_NOT_GENERATED = 'two_factor_authentication_request_not_generated', MORE_THAN_ONE_USER_MATCHED = 'more_than_one_user_matched', AUTHENTICATION_REQUEST_NOT_GENERATED = 'authentication_request_not_generated', AUTHENTICATION_NOT_CURRENT_CHALLENGE_METHOD = 'authentication_not_current_challenge_method', AUTHENTICATION_TIMEOUT = 'authentication_timeout', + AUTHENTICATION_REQUEST_INVALID = 'authentication_request_invalid', + AUTHENTICATION_REQUEST_NOT_COMPLETED = 'authentication_request_not_completed', + AUTHENTICATION_REQUEST_RATE_LIMITED = 'authentication_request_rate_limited', NOT_IMPLEMENTED = 'not_implemented', NOT_FOUND = 'not_found', CONFLICT = 'conflict', @@ -30,11 +33,6 @@ export enum ErrorType { APPLICATION_NOT_AUTHORIZED_SCOPES = 'application_not_authorized_scopes', APPLICATION_USER_ACTION_REQUIRED = 'application_user_action_required', INTERNAL_SERVER_ERROR = 'internal_server_error', - AUTHORIZATION_REQUEST_INVALID = 'authorization_request_invalid', - AUTHORIZATION_REQUEST_NOT_GENERATED = 'authorization_request_not_generated', - AUTHORIZATION_REQUEST_NOT_COMPLETED = 'authorization_request_not_completed', - AUTHORIZATION_REQUEST_RATE_LIMITED = 'authorization_request_rate_limited', - AUTHORIZATION_REQUEST_TIMEOUT = 'authorization_request_timeout', EMAIL_NOT_ALLOWED = 'email_not_allowed', PHONE_NOT_ALLOWED = 'phone_not_allowed', EXISTING_USERNAME = 'existing_username', diff --git a/src/common/meiling/v1/session.ts b/src/common/meiling/v1/session.ts index 685deb75..9415c52d 100644 --- a/src/common/meiling/v1/session.ts +++ b/src/common/meiling/v1/session.ts @@ -131,12 +131,12 @@ export async function isToken(token?: string): Promise { } export function getTokenFromRequest(req: FastifyRequest): string | undefined { - const token = Meiling.Authorization.Token.getTokenFromRequest(req); + const token = Meiling.Authentication.Token.getTokenFromRequest(req); return token ? token.token : undefined; } export async function createToken(req: FastifyRequest): Promise { - const token = Meiling.Authorization.Token.generateToken(); + const token = Meiling.Authentication.Token.generateToken(); const expiration = new Date(new Date().getTime() + config.session.v1.maxAge * 1000); const userTimeFieldMinimum = new Date().getTime() - config.session.v1.rateLimit.timeframe * 1000; diff --git a/src/common/notification.ts b/src/common/notification.ts index 13cb795e..3271b03f 100644 --- a/src/common/notification.ts +++ b/src/common/notification.ts @@ -6,7 +6,7 @@ import { BaridegiLogType, sendBaridegiLog } from './event/baridegi'; export type TemplateLanguage = 'ko' | 'en'; export enum TemplateId { - AUTHORIZATION_CODE = 'authorization_code', + AUTHENTICATION_CODE = 'authentication_code', } export enum NotificationMethod { @@ -19,7 +19,7 @@ type NotificationPayload = SMSPayload | AlimtalkPayload | CallPayload; type SMSPayload = SMSPlainPayload | TemplatePayload; type AlimtalkPayload = TemplatePayload; -type CallPayload = AuthorizationCodeCallPayload; +type CallPayload = AuthentcationCodeCallPayload; // Not Recommended. Please use Template. interface SMSPlainPayload { @@ -46,7 +46,7 @@ interface PlainMessagePayload { message: string; } -interface AuthorizationCodeCallPayload { +interface AuthentcationCodeCallPayload { type: 'authorization_code'; to: string; lang: TemplateLanguage; diff --git a/src/common/startup.ts b/src/common/startup.ts index 964497ed..51bd3f8f 100644 --- a/src/common/startup.ts +++ b/src/common/startup.ts @@ -3,7 +3,7 @@ import crypto from 'crypto'; import { Meiling } from '.'; import config from '../resources/config'; import Log from './terminal/log'; -import { generateToken } from './meiling/authorization/token'; +import { generateToken } from './meiling/authentication/token'; export function checkIDTokenIssueCredentials(): true | string { if (!config.openid.jwt.algorithm) { @@ -88,7 +88,7 @@ export async function runStartupGarbageCollection(force?: boolean): Promise { const session = (req as FastifyRequestWithSession).session; - const body = req.body as MeilingV1AuthorizationIssueQuery; + const body = req.body as MeilingV1AuthenticationIssueQuery; const createdAt = new Date(); - const challenge = Meiling.Authorization.Token.generateToken(6, '0123456789'); + const challenge = Meiling.Authentication.Token.generateToken(6, '0123456789'); const lang = body.lang ? body.lang : 'ko'; @@ -46,7 +48,7 @@ export async function meilingV1SessionAuthnIssueHandler(req: FastifyRequest, rep ) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_RATE_LIMITED, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_RATE_LIMITED, 'old token is still valid for email verification. rate_limited', ); return; @@ -56,7 +58,7 @@ export async function meilingV1SessionAuthnIssueHandler(req: FastifyRequest, rep await Notification.sendNotification(Notification.NotificationMethod.EMAIL, { type: 'template', - templateId: Notification.TemplateId.AUTHORIZATION_CODE, + templateId: Notification.TemplateId.AUTHENTICATION_CODE, lang, messages: [ @@ -69,7 +71,7 @@ export async function meilingV1SessionAuthnIssueHandler(req: FastifyRequest, rep ], }); - Event.Baridegi.sendBaridegiLog(Event.Baridegi.BaridegiLogType.CREATE_AUTHORIZATION_REQUEST, { + Event.Baridegi.sendBaridegiLog(Event.Baridegi.BaridegiLogType.CREATE_AUTHENTICATION_REQUEST, { type: body.type, notificationApi: { rawType: Notification.NotificationMethod.EMAIL, @@ -107,7 +109,7 @@ export async function meilingV1SessionAuthnIssueHandler(req: FastifyRequest, rep ) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_RATE_LIMITED, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_RATE_LIMITED, 'old token is still valid for phone authorization. rate_limited', ); return; @@ -123,7 +125,7 @@ export async function meilingV1SessionAuthnIssueHandler(req: FastifyRequest, rep await Notification.sendNotification(method, { type: 'template', - templateId: Notification.TemplateId.AUTHORIZATION_CODE, + templateId: Notification.TemplateId.AUTHENTICATION_CODE, lang, messages: [ @@ -136,7 +138,7 @@ export async function meilingV1SessionAuthnIssueHandler(req: FastifyRequest, rep ], }); - Event.Baridegi.sendBaridegiLog(Event.Baridegi.BaridegiLogType.CREATE_AUTHORIZATION_REQUEST, { + Event.Baridegi.sendBaridegiLog(Event.Baridegi.BaridegiLogType.CREATE_AUTHENTICATION_REQUEST, { type: body.type, notificationApi: { rawType: Notification.NotificationMethod.EMAIL, @@ -156,7 +158,7 @@ export async function meilingV1SessionAuthnIssueHandler(req: FastifyRequest, rep }, }); } else { - Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.UNSUPPORTED_AUTHORIZATION_TYPE); + Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.UNSUPPORTED_AUTHENTICATION_TYPE); return; } } catch (e) { diff --git a/src/routes/v1/meiling/authentication/verify.ts b/src/routes/v1/meiling/authentication/verify.ts index 4e7f3d48..6697d175 100644 --- a/src/routes/v1/meiling/authentication/verify.ts +++ b/src/routes/v1/meiling/authentication/verify.ts @@ -31,7 +31,7 @@ export async function meilingV1SessionAuthnVerifyHandler(req: FastifyRequest, re const body = req.body as MeilingV1VerificationQuery; if (!session.authenticationStatus) { - Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_NOT_GENERATED); + Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_NOT_GENERATED); return; } @@ -41,7 +41,7 @@ export async function meilingV1SessionAuthnVerifyHandler(req: FastifyRequest, re if (body.type === 'phone') { if (!session.authenticationStatus.phone) { - Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_NOT_GENERATED); + Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_NOT_GENERATED); return; } @@ -55,7 +55,7 @@ export async function meilingV1SessionAuthnVerifyHandler(req: FastifyRequest, re if (code) { if (!session.authenticationStatus.email) { - Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_NOT_GENERATED); + Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_NOT_GENERATED); return; } @@ -101,21 +101,21 @@ export async function meilingV1SessionAuthnVerifyHandler(req: FastifyRequest, re session.authenticationStatus.email.isVerified = true; to = session.authenticationStatus.email.to; } else { - Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.UNSUPPORTED_AUTHORIZATION_TYPE); + Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.UNSUPPORTED_AUTHENTICATION_TYPE); return; } - sendBaridegiLog(BaridegiLogType.VERIFY_AUTHORIZATION_REQUEST, { + sendBaridegiLog(BaridegiLogType.VERIFY_AUTHENTICATION_REQUEST, { type: body.type, ip: req.ip, to, }); } else { - Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_TIMEOUT); + Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHENTICATION_TIMEOUT); return; } } else { - Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_INVALID); + Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_INVALID); return; } diff --git a/src/routes/v1/meiling/index.ts b/src/routes/v1/meiling/index.ts index 25ec6e27..89bbb406 100644 --- a/src/routes/v1/meiling/index.ts +++ b/src/routes/v1/meiling/index.ts @@ -55,8 +55,6 @@ function sessionRequiredPlugin(app: FastifyInstance, opts: FastifyPluginOptions, app.register(userPlugin, { prefix: '/users' }); app.register(appsPlugin, { prefix: '/apps' }); - // TODO: deprecate authorization -> authn - app.register(meilingV1SessionAuthnPlugin, { prefix: '/authorization' }); app.register(meilingV1SessionAuthnPlugin, { prefix: '/authn' }); done(); diff --git a/src/routes/v1/meiling/lost-password.ts b/src/routes/v1/meiling/lost-password.ts index 0ebdce11..0351648d 100644 --- a/src/routes/v1/meiling/lost-password.ts +++ b/src/routes/v1/meiling/lost-password.ts @@ -22,7 +22,7 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply if (!session.passwordReset?.isVerified || !session.passwordReset.passwordResetUser) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_NOT_COMPLETED, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_NOT_COMPLETED, 'password reset request not completed yet', ); return; @@ -126,7 +126,7 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply if (!to || !Utils.isValidEmail(to)) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_INVALID, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_INVALID, 'email does not exist on this user', ); return; @@ -144,7 +144,7 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply if (!to) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_INVALID, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_INVALID, 'phone number does not exist on this user', ); return; @@ -158,7 +158,7 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply if (Meiling.V1.Challenge.isChallengeRateLimited(body.method, session.passwordReset?.challengeCreatedAt)) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_RATE_LIMITED, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_RATE_LIMITED, 'You are rate limited', ); @@ -169,13 +169,13 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply if (!notificationMethod) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_INVALID, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_INVALID, 'invalid authorization method', ); return; } - Event.Baridegi.sendBaridegiLog(Event.Baridegi.BaridegiLogType.CREATE_AUTHORIZATION_REQUEST, { + Event.Baridegi.sendBaridegiLog(Event.Baridegi.BaridegiLogType.CREATE_AUTHENTICATION_REQUEST, { type: currentMethod, notificationApi: { rawType: notificationMethod, @@ -186,7 +186,7 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply await Notification.sendNotification(notificationMethod, { type: 'template', - templateId: Notification.TemplateId.AUTHORIZATION_CODE, + templateId: Notification.TemplateId.AUTHENTICATION_CODE, lang, messages: [ { @@ -222,7 +222,7 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply ) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_NOT_GENERATED, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_NOT_GENERATED, 'generation request was not generated in first place.', ); return; @@ -236,7 +236,7 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply ) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_NOT_GENERATED, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_NOT_GENERATED, 'generation request was not generated with particular method', ); return; @@ -249,7 +249,7 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply ) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_TIMEOUT, + Meiling.V1.Error.ErrorType.AUTHENTICATION_TIMEOUT, 'generated request was timed out', ); return; @@ -263,7 +263,7 @@ export async function lostPasswordHandler(req: FastifyRequest, rep: FastifyReply if (!isValid) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_INVALID, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_INVALID, 'invalid challenge', ); return; diff --git a/src/routes/v1/meiling/signin.ts b/src/routes/v1/meiling/signin.ts index 2c9b2e3d..bf2115ad 100644 --- a/src/routes/v1/meiling/signin.ts +++ b/src/routes/v1/meiling/signin.ts @@ -215,7 +215,7 @@ export async function signinHandler(req: FastifyRequest, rep: FastifyReply): Pro ) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_RATE_LIMITED, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_RATE_LIMITED, 'you have been rate limited. please try again later.', ); return; @@ -238,7 +238,7 @@ export async function signinHandler(req: FastifyRequest, rep: FastifyReply): Pro if (phone.country === 'KR') { await Notification.sendNotification(Notification.NotificationMethod.ALIMTALK, { type: 'template', - templateId: Notification.TemplateId.AUTHORIZATION_CODE, + templateId: Notification.TemplateId.AUTHENTICATION_CODE, lang: 'ko', messages: [ { @@ -252,7 +252,7 @@ export async function signinHandler(req: FastifyRequest, rep: FastifyReply): Pro } else { await Notification.sendNotification(Notification.NotificationMethod.SMS, { type: 'template', - templateId: Notification.TemplateId.AUTHORIZATION_CODE, + templateId: Notification.TemplateId.AUTHENTICATION_CODE, lang: 'ko', messages: [ { @@ -268,7 +268,7 @@ export async function signinHandler(req: FastifyRequest, rep: FastifyReply): Pro } else if (signinMethod === Meiling.V1.Interfaces.ExtendedAuthMethods.EMAIL) { await Notification.sendNotification(Notification.NotificationMethod.EMAIL, { type: 'template', - templateId: Notification.TemplateId.AUTHORIZATION_CODE, + templateId: Notification.TemplateId.AUTHENTICATION_CODE, lang: 'ko', messages: [ { @@ -407,7 +407,7 @@ please request this endpoint without challengeResponse field to request challeng Event.Baridegi.sendBaridegiLog(Event.Baridegi.BaridegiLogType.USER_SIGNIN, { ip: req.ip, user, - token: Meiling.Authorization.Token.getTokenFromRequest(req)?.token, + token: Meiling.Authentication.Token.getTokenFromRequest(req)?.token, }); rep.status(200).send({ diff --git a/src/routes/v1/meiling/signout.ts b/src/routes/v1/meiling/signout.ts index fa0aeb65..1a0d4850 100644 --- a/src/routes/v1/meiling/signout.ts +++ b/src/routes/v1/meiling/signout.ts @@ -33,7 +33,7 @@ export async function signoutHandler(req: FastifyRequest, rep: FastifyReply): Pr Event.Baridegi.sendBaridegiLog(Event.Baridegi.BaridegiLogType.USER_SIGNOUT, { ip: req.ip, user: await Meiling.Identity.User.getDetailedInfo(userId), - token: Meiling.Authorization.Token.getTokenFromRequest(req)?.token, + token: Meiling.Authentication.Token.getTokenFromRequest(req)?.token, }); } else { Meiling.V1.Error.sendMeilingError( diff --git a/src/routes/v1/meiling/signup/signup.ts b/src/routes/v1/meiling/signup/signup.ts index 8ace4860..759863c5 100644 --- a/src/routes/v1/meiling/signup/signup.ts +++ b/src/routes/v1/meiling/signup/signup.ts @@ -40,7 +40,7 @@ export async function signupHandler(req: FastifyRequest, rep: FastifyReply): Pro if (signupChallenge === undefined) { Meiling.V1.Error.sendMeilingError( rep, - Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_NOT_GENERATED, + Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_NOT_GENERATED, 'Signup Validation requests were not generated.', ); return; @@ -94,7 +94,7 @@ export async function signupHandler(req: FastifyRequest, rep: FastifyReply): Pro // check with validation. if (!(signupChallenge.email?.isVerified && signupChallenge.phone?.isVerified)) { - Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_NOT_COMPLETED); + Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_NOT_COMPLETED); return; } @@ -105,7 +105,7 @@ export async function signupHandler(req: FastifyRequest, rep: FastifyReply): Pro phone.formatInternational() === libmobilephoneJs(signupChallenge.phone.to)?.formatInternational() ) ) { - Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHORIZATION_REQUEST_INVALID); + Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.AUTHENTICATION_REQUEST_INVALID); return; } diff --git a/src/routes/v1/meiling/users/actions/apps/actions/client_secret/post.ts b/src/routes/v1/meiling/users/actions/apps/actions/client_secret/post.ts index 83f1fd0b..7cf1144f 100644 --- a/src/routes/v1/meiling/users/actions/apps/actions/client_secret/post.ts +++ b/src/routes/v1/meiling/users/actions/apps/actions/client_secret/post.ts @@ -9,7 +9,7 @@ async function clientSecretPostHandler(_req: FastifyRequest, rep: FastifyReply): const body = _req.body as any; const user = await getUserFromActionRequest(req); - const secret = Meiling.Authorization.Token.generateToken(64); + const secret = Meiling.Authentication.Token.generateToken(64); if (!user) { Meiling.V1.Error.sendMeilingError(rep, Meiling.V1.Error.ErrorType.UNAUTHORIZED); diff --git a/src/routes/v1/meiling/users/actions/auth/auth.ts b/src/routes/v1/meiling/users/actions/auth/auth.ts index 7c524bff..fd2fa673 100644 --- a/src/routes/v1/meiling/users/actions/auth/auth.ts +++ b/src/routes/v1/meiling/users/actions/auth/auth.ts @@ -221,7 +221,7 @@ export async function meilingV1OAuthClientAuthHandler(req: FastifyRequest, rep: rep.send({ access_token: token.token, token_type: 'Bearer', - expires_in: Meiling.Authorization.Token.getValidTimeByType('ACCESS_TOKEN'), + expires_in: Meiling.Authentication.Token.getValidTimeByType('ACCESS_TOKEN'), state: query.state, id_token: scopes.includes('openid') ? await Meiling.Identity.User.createIDToken(userData, clientId, scopes, query.nonce) diff --git a/src/routes/v1/meiling/users/actions/auth/check.ts b/src/routes/v1/meiling/users/actions/auth/check.ts index 0d1fb72a..63b1d133 100644 --- a/src/routes/v1/meiling/users/actions/auth/check.ts +++ b/src/routes/v1/meiling/users/actions/auth/check.ts @@ -237,7 +237,7 @@ export async function meilingV1OAuthClientAuthCheckHandler(req: FastifyRequest, rep.send({ access_token: access_token.token, token_type: 'Bearer', - expires_in: Meiling.Authorization.Token.getValidTimeByType('ACCESS_TOKEN'), + expires_in: Meiling.Authentication.Token.getValidTimeByType('ACCESS_TOKEN'), state: query.state, id_token: scopes.includes('openid') ? await Meiling.Identity.User.createIDToken(userData, clientId, scopes, query.nonce) diff --git a/src/routes/v1/meiling/users/actions/auth/device/auth.ts b/src/routes/v1/meiling/users/actions/auth/device/auth.ts index 823ce695..232fab1a 100644 --- a/src/routes/v1/meiling/users/actions/auth/device/auth.ts +++ b/src/routes/v1/meiling/users/actions/auth/device/auth.ts @@ -36,7 +36,7 @@ export async function deviceCodeAuthorizeHandler(req: FastifyRequest, rep: Fasti return; } - const minimumIssuedAt = new Date(new Date().getTime() - 1000 * Meiling.Authorization.Token.getValidTimeByType(type)); + const minimumIssuedAt = new Date(new Date().getTime() - 1000 * Meiling.Authentication.Token.getValidTimeByType(type)); const deviceTokens = await getPrismaClient().oAuthToken.findMany({ where: { @@ -49,7 +49,7 @@ export async function deviceCodeAuthorizeHandler(req: FastifyRequest, rep: Fasti const matchingUserCodes = deviceTokens.filter( (n) => - (n.metadata as unknown as Meiling.Authorization.Token.TokenMetadataV1).data?.deviceCode?.userCode === + (n.metadata as unknown as Meiling.Authentication.Token.TokenMetadataV1).data?.deviceCode?.userCode === query.user_code, ); if (matchingUserCodes.length === 0) { @@ -96,7 +96,7 @@ export async function deviceCodeAuthorizeHandler(req: FastifyRequest, rep: Fasti Meiling.V1.Error.sendMeilingError( rep, Meiling.V1.Error.ErrorType.UNAUTHORIZED, - "specified oAuth2 application doesn't have proper authorization", + "specified oAuth2 application didn't requested this authorization session", ); return; } @@ -114,7 +114,7 @@ export async function deviceCodeAuthorizeHandler(req: FastifyRequest, rep: Fasti }, }); - const metadata = userCode.metadata as unknown as Meiling.Authorization.Token.TokenMetadata; + const metadata = userCode.metadata as unknown as Meiling.Authentication.Token.TokenMetadata; if (!metadata?.data?.deviceCode) { Meiling.V1.Error.sendMeilingError( rep, diff --git a/src/routes/v1/meiling/users/actions/auth/device/check.ts b/src/routes/v1/meiling/users/actions/auth/device/check.ts index d390d258..8d550d5f 100644 --- a/src/routes/v1/meiling/users/actions/auth/device/check.ts +++ b/src/routes/v1/meiling/users/actions/auth/device/check.ts @@ -36,7 +36,7 @@ export async function deviceCodeCheckHandler(req: FastifyRequest, rep: FastifyRe return; } - const minimumIssuedAt = new Date(new Date().getTime() - 1000 * Meiling.Authorization.Token.getValidTimeByType(type)); + const minimumIssuedAt = new Date(new Date().getTime() - 1000 * Meiling.Authentication.Token.getValidTimeByType(type)); const deviceTokens = await getPrismaClient().oAuthToken.findMany({ where: { @@ -49,7 +49,7 @@ export async function deviceCodeCheckHandler(req: FastifyRequest, rep: FastifyRe const matchingUserCodes = deviceTokens.filter( (n) => - (n.metadata as unknown as Meiling.Authorization.Token.TokenMetadataV1).data?.deviceCode?.userCode === + (n.metadata as unknown as Meiling.Authentication.Token.TokenMetadataV1).data?.deviceCode?.userCode === query.user_code, ); if (matchingUserCodes.length === 0) { @@ -74,7 +74,7 @@ export async function deviceCodeCheckHandler(req: FastifyRequest, rep: FastifyRe Meiling.V1.Error.sendMeilingError( rep, Meiling.V1.Error.ErrorType.UNAUTHORIZED, - "specified oAuth2 application doesn't have proper authorization", + "specified oAuth2 application didn't requested this authorization session", ); return; } diff --git a/src/routes/v1/meiling/users/actions/security/webauthn/index.ts b/src/routes/v1/meiling/users/actions/security/webauthn/index.ts index a3c91e2e..b0a4af58 100644 --- a/src/routes/v1/meiling/users/actions/security/webauthn/index.ts +++ b/src/routes/v1/meiling/users/actions/security/webauthn/index.ts @@ -45,7 +45,7 @@ function userWebAuthnPlugin(app: FastifyInstance, opts: FastifyPluginOptions, do if (Utils.isNotBlank(body.id, body.response, body.response?.attenationObject, body)) { // TODO: Implement registration procedure } else { - const challenge = Meiling.Authorization.Token.generateToken(64); + const challenge = Meiling.Authentication.Token.generateToken(64); await Meiling.V1.Session.setSession(req, { ...session, diff --git a/src/routes/v1/oauth2/common.ts b/src/routes/v1/oauth2/common.ts index ceb9fe45..578e85a4 100644 --- a/src/routes/v1/oauth2/common.ts +++ b/src/routes/v1/oauth2/common.ts @@ -35,7 +35,7 @@ export function parseClientInfo(req: FastifyRequest): clientSecret?: string; } | undefined { - const token = Meiling.Authorization.Token.getTokenFromRequest(req); + const token = Meiling.Authentication.Token.getTokenFromRequest(req); let clientId: string | undefined = undefined; let clientSecret: string | undefined = undefined; diff --git a/src/routes/v1/oauth2/device/code.ts b/src/routes/v1/oauth2/device/code.ts index c8660f0b..17861550 100644 --- a/src/routes/v1/oauth2/device/code.ts +++ b/src/routes/v1/oauth2/device/code.ts @@ -33,9 +33,9 @@ export async function meilingV1OAuth2DeviceCodeHandler(req: FastifyRequest, rep: return; } - const device_code = Meiling.Authorization.Token.generateToken(); - const user_code = Meiling.Authorization.Token.generateToken(8, '0123456789QWERTYUIOPASDFGHJKLZXCVBNM'); - const metadata: Meiling.Authorization.Token.TokenMetadata = { + const device_code = Meiling.Authentication.Token.generateToken(); + const user_code = Meiling.Authentication.Token.generateToken(8, '0123456789QWERTYUIOPASDFGHJKLZXCVBNM'); + const metadata: Meiling.Authentication.Token.TokenMetadata = { version: 1, data: { deviceCode: { @@ -134,7 +134,7 @@ export async function meilingV1OAuth2DeviceCodeHandler(req: FastifyRequest, rep: rep.send({ device_code, - expires_in: Meiling.Authorization.Token.getExpiresInByType(type, new Date()), + expires_in: Meiling.Authentication.Token.getExpiresInByType(type, new Date()), // TODO: Make this configurable interval: config.meiling.deviceCode.interval, user_code: user_code, diff --git a/src/routes/v1/oauth2/token/authorization_code.ts b/src/routes/v1/oauth2/token/authorization_code.ts index 577d7ae4..ec1115fb 100644 --- a/src/routes/v1/oauth2/token/authorization_code.ts +++ b/src/routes/v1/oauth2/token/authorization_code.ts @@ -33,14 +33,14 @@ export async function oAuth2AuthorizationCodeHandler(req: FastifyRequest, rep: F return; } - const data = await Meiling.Authorization.Token.getData(token); + const data = await Meiling.Authentication.Token.getData(token); if (data?.type !== type) { Meiling.OAuth2.Error.sendOAuth2Error(rep, Meiling.OAuth2.Error.ErrorType.INVALID_GRANT, 'invalid token type'); return; } - if (!(await Meiling.Authorization.Token.isValid(token, type))) { - const expiresIn = await Meiling.Authorization.Token.getExpiresIn(token, type); + if (!(await Meiling.Authentication.Token.isValid(token, type))) { + const expiresIn = await Meiling.Authentication.Token.getExpiresIn(token, type); Meiling.OAuth2.Error.sendOAuth2Error( rep, Meiling.OAuth2.Error.ErrorType.INVALID_GRANT, @@ -50,7 +50,7 @@ export async function oAuth2AuthorizationCodeHandler(req: FastifyRequest, rep: F } // get user - const user = await Meiling.Authorization.Token.getUser(token, type); + const user = await Meiling.Authentication.Token.getUser(token, type); if (!user) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -60,7 +60,7 @@ export async function oAuth2AuthorizationCodeHandler(req: FastifyRequest, rep: F return; } - const authorization = await Meiling.Authorization.Token.getAuthorization(token, type); + const authorization = await Meiling.Authentication.Token.getAuthorization(token, type); if (!authorization) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -70,7 +70,7 @@ export async function oAuth2AuthorizationCodeHandler(req: FastifyRequest, rep: F return; } - const permissions = await Meiling.Authorization.Token.getAuthorizedPermissions(token, type); + const permissions = await Meiling.Authentication.Token.getAuthorizedPermissions(token, type); if (!permissions) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -82,7 +82,7 @@ export async function oAuth2AuthorizationCodeHandler(req: FastifyRequest, rep: F const scopes = permissions.map((p) => p.name); const scope = scopes.join(' '); - const metadata = await Meiling.Authorization.Token.getMetadata(token, type); + const metadata = await Meiling.Authentication.Token.getMetadata(token, type); // refresh thing let nonce = undefined; @@ -90,8 +90,8 @@ export async function oAuth2AuthorizationCodeHandler(req: FastifyRequest, rep: F // doing manual casting because typescript compiler // doesn't know xxxx about types - if ((metadata as Meiling.Authorization.Token.TokenMetadataV1)?.version === 1) { - const metadataV1 = metadata as Meiling.Authorization.Token.TokenMetadataV1; + if ((metadata as Meiling.Authentication.Token.TokenMetadataV1)?.version === 1) { + const metadataV1 = metadata as Meiling.Authentication.Token.TokenMetadataV1; needRefreshToken = metadataV1.options?.offline !== undefined; @@ -171,7 +171,7 @@ export async function oAuth2AuthorizationCodeHandler(req: FastifyRequest, rep: F scope, refresh_token: refresh_token?.token, token_type: 'Bearer', - expires_in: Meiling.Authorization.Token.getValidTimeByType('ACCESS_TOKEN'), + expires_in: Meiling.Authentication.Token.getValidTimeByType('ACCESS_TOKEN'), id_token: scopes.includes('openid') ? await Meiling.Identity.User.createIDToken(user, clientId, scopes, nonce) : undefined, diff --git a/src/routes/v1/oauth2/token/device_code.ts b/src/routes/v1/oauth2/token/device_code.ts index 41f31b4f..a24f3903 100644 --- a/src/routes/v1/oauth2/token/device_code.ts +++ b/src/routes/v1/oauth2/token/device_code.ts @@ -32,12 +32,12 @@ export async function oAuth2DeviceCodeHandler(req: FastifyRequest, rep: FastifyR return; } - if (!(await Meiling.Authorization.Token.isValid(token, type))) { + if (!(await Meiling.Authentication.Token.isValid(token, type))) { Meiling.OAuth2.Error.sendOAuth2Error(rep, Meiling.OAuth2.Error.ErrorType.INVALID_GRANT, 'expired token'); return; } - const authorization = await Meiling.Authorization.Token.getAuthorization(token, type); + const authorization = await Meiling.Authentication.Token.getAuthorization(token, type); if (!authorization) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -47,7 +47,7 @@ export async function oAuth2DeviceCodeHandler(req: FastifyRequest, rep: FastifyR return; } - const permissions = await Meiling.Authorization.Token.getAuthorizedPermissions(token, type); + const permissions = await Meiling.Authentication.Token.getAuthorizedPermissions(token, type); if (!permissions) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -57,7 +57,7 @@ export async function oAuth2DeviceCodeHandler(req: FastifyRequest, rep: FastifyR return; } - const metadata = await Meiling.Authorization.Token.getMetadata(token, type); + const metadata = await Meiling.Authentication.Token.getMetadata(token, type); if (!metadata) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -103,7 +103,7 @@ export async function oAuth2DeviceCodeHandler(req: FastifyRequest, rep: FastifyR scope, refresh_token: currentRefreshToken.token, token_type: 'Bearer', - expires_in: Meiling.Authorization.Token.getValidTimeByType('ACCESS_TOKEN'), + expires_in: Meiling.Authentication.Token.getValidTimeByType('ACCESS_TOKEN'), id_token: scopes.includes('openid') ? await Meiling.Identity.User.createIDToken(user, clientId, scopes) : undefined, diff --git a/src/routes/v1/oauth2/token/refresh_token.ts b/src/routes/v1/oauth2/token/refresh_token.ts index 89815857..a81546bd 100644 --- a/src/routes/v1/oauth2/token/refresh_token.ts +++ b/src/routes/v1/oauth2/token/refresh_token.ts @@ -32,13 +32,13 @@ export async function oAuth2RefreshTokenHandler(req: FastifyRequest, rep: Fastif return; } - if (!(await Meiling.Authorization.Token.isValid(token, type))) { + if (!(await Meiling.Authentication.Token.isValid(token, type))) { Meiling.OAuth2.Error.sendOAuth2Error(rep, Meiling.OAuth2.Error.ErrorType.INVALID_GRANT, 'expired token'); return; } // get user - const user = await Meiling.Authorization.Token.getUser(token, type); + const user = await Meiling.Authentication.Token.getUser(token, type); if (!user) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -48,7 +48,7 @@ export async function oAuth2RefreshTokenHandler(req: FastifyRequest, rep: Fastif return; } - const authorization = await Meiling.Authorization.Token.getAuthorization(token, type); + const authorization = await Meiling.Authentication.Token.getAuthorization(token, type); if (!authorization) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -58,7 +58,7 @@ export async function oAuth2RefreshTokenHandler(req: FastifyRequest, rep: Fastif return; } - const permissions = await Meiling.Authorization.Token.getAuthorizedPermissions(token, type); + const permissions = await Meiling.Authentication.Token.getAuthorizedPermissions(token, type); if (!permissions) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -83,6 +83,6 @@ export async function oAuth2RefreshTokenHandler(req: FastifyRequest, rep: Fastif scope, refresh_token: currentRefreshToken.token, token_type: 'Bearer', - expires_in: Meiling.Authorization.Token.getValidTimeByType('ACCESS_TOKEN'), + expires_in: Meiling.Authentication.Token.getValidTimeByType('ACCESS_TOKEN'), }); } diff --git a/src/routes/v1/oauth2/tokeninfo/access_token.ts b/src/routes/v1/oauth2/tokeninfo/access_token.ts index 574d1731..ac0876f4 100644 --- a/src/routes/v1/oauth2/tokeninfo/access_token.ts +++ b/src/routes/v1/oauth2/tokeninfo/access_token.ts @@ -4,12 +4,12 @@ import { Meiling } from '../../../../common'; export async function accessTokenInfoHandler(token: string, rep: FastifyReply): Promise { const type = 'ACCESS_TOKEN'; - if (!(await Meiling.Authorization.Token.isValid(token, type))) { + if (!(await Meiling.Authentication.Token.isValid(token, type))) { Meiling.OAuth2.Error.sendOAuth2Error(rep, Meiling.OAuth2.Error.ErrorType.INVALID_GRANT, 'token is expired'); return; } - const data = await Meiling.Authorization.Token.serialize(token, type); + const data = await Meiling.Authentication.Token.serialize(token, type); if (!data) { Meiling.OAuth2.Error.sendOAuth2Error(rep, Meiling.OAuth2.Error.ErrorType.INVALID_GRANT, 'invalid token'); return; diff --git a/src/routes/v1/oauth2/tokeninfo/refresh_token.ts b/src/routes/v1/oauth2/tokeninfo/refresh_token.ts index c3440220..53d25ef1 100644 --- a/src/routes/v1/oauth2/tokeninfo/refresh_token.ts +++ b/src/routes/v1/oauth2/tokeninfo/refresh_token.ts @@ -4,12 +4,12 @@ import { Meiling } from '../../../../common'; export async function refreshTokenInfoHandler(token: string, rep: FastifyReply): Promise { const type = 'REFRESH_TOKEN'; - if (!(await Meiling.Authorization.Token.isValid(token, type))) { + if (!(await Meiling.Authentication.Token.isValid(token, type))) { Meiling.OAuth2.Error.sendOAuth2Error(rep, Meiling.OAuth2.Error.ErrorType.INVALID_GRANT, 'token is expired'); return; } - const data = await Meiling.Authorization.Token.serialize(token, type); + const data = await Meiling.Authentication.Token.serialize(token, type); if (!data) { Meiling.OAuth2.Error.sendOAuth2Error(rep, Meiling.OAuth2.Error.ErrorType.INVALID_GRANT, 'invalid token'); return; diff --git a/src/routes/v1/oauth2/userinfo.ts b/src/routes/v1/oauth2/userinfo.ts index c6b9c979..e127aec0 100644 --- a/src/routes/v1/oauth2/userinfo.ts +++ b/src/routes/v1/oauth2/userinfo.ts @@ -5,7 +5,7 @@ import { Meiling } from '../../../common'; export async function oAuth2UserInfoHandler(req: FastifyRequest, rep: FastifyReply): Promise { const type = 'ACCESS_TOKEN'; - let token = Meiling.Authorization.Token.getTokenFromRequest(req); + let token = Meiling.Authentication.Token.getTokenFromRequest(req); if (!token) { if (req.body) { const accessToken = (req.body as any).access_token; @@ -27,9 +27,9 @@ export async function oAuth2UserInfoHandler(req: FastifyRequest, rep: FastifyRep return; } - const perms = await Meiling.Authorization.Token.getAuthorizedPermissions(token.token, type); - const clientId = await Meiling.Authorization.Token.getClient(token.token, type); - const user = await Meiling.Authorization.Token.getUser(token.token, type); + const perms = await Meiling.Authentication.Token.getAuthorizedPermissions(token.token, type); + const clientId = await Meiling.Authentication.Token.getClient(token.token, type); + const user = await Meiling.Authentication.Token.getUser(token.token, type); if (!user || !perms || !clientId) { Meiling.OAuth2.Error.sendOAuth2Error( rep, @@ -39,7 +39,7 @@ export async function oAuth2UserInfoHandler(req: FastifyRequest, rep: FastifyRep return; } - const isValid = await Meiling.Authorization.Token.isValid(token.token, type); + const isValid = await Meiling.Authentication.Token.isValid(token.token, type); if (!isValid) { Meiling.OAuth2.Error.sendOAuth2Error( rep, diff --git a/yarn.lock b/yarn.lock index 2c80dd1a..4a74f6c1 100644 --- a/yarn.lock +++ b/yarn.lock @@ -104,22 +104,22 @@ "@nodelib/fs.scandir" "2.1.5" fastq "^1.6.0" -"@prisma/client@^3.7.0": - version "3.8.1" - resolved "https://registry.yarnpkg.com/@prisma/client/-/client-3.8.1.tgz#c11eda8e84760867552ffde4de7b48fb2cf1e1c0" - integrity sha512-NxD1Xbkx1eT1mxSwo1RwZe665mqBETs0VxohuwNfFIxMqcp0g6d4TgugPxwZ4Jb4e5wCu8mQ9quMedhNWIWcZQ== +"@prisma/client@^3.9.1": + version "3.9.1" + resolved "https://registry.yarnpkg.com/@prisma/client/-/client-3.9.1.tgz#565c8121f1220637bcab4a1d1f106b8c1334406c" + integrity sha512-aLwfXKLvL+loQ0IuPPCXkcq8cXBg1IeoHHa5lqQu3dJHdj45wnislA/Ny4UxRQjD5FXqrfAb8sWtF+jhdmjFTg== dependencies: - "@prisma/engines-version" "3.8.0-43.34df67547cf5598f5a6cd3eb45f14ee70c3fb86f" + "@prisma/engines-version" "3.9.0-58.bcc2ff906db47790ee902e7bbc76d7ffb1893009" -"@prisma/engines-version@3.8.0-43.34df67547cf5598f5a6cd3eb45f14ee70c3fb86f": - version "3.8.0-43.34df67547cf5598f5a6cd3eb45f14ee70c3fb86f" - resolved "https://registry.yarnpkg.com/@prisma/engines-version/-/engines-version-3.8.0-43.34df67547cf5598f5a6cd3eb45f14ee70c3fb86f.tgz#4c8d9744b5e54650a8ba5fde0a711399d6adba24" - integrity sha512-G2JH6yWt6ixGKmsRmVgaQYahfwMopim0u/XLIZUo2o/mZ5jdu7+BL+2V5lZr7XiG1axhyrpvlyqE/c0OgYSl3g== +"@prisma/engines-version@3.9.0-58.bcc2ff906db47790ee902e7bbc76d7ffb1893009": + version "3.9.0-58.bcc2ff906db47790ee902e7bbc76d7ffb1893009" + resolved "https://registry.yarnpkg.com/@prisma/engines-version/-/engines-version-3.9.0-58.bcc2ff906db47790ee902e7bbc76d7ffb1893009.tgz#ea03ffa723382a526dc6625ce6eae9b6ad984400" + integrity sha512-5Dh+qTDhpPR66w6NNAnPs+/W/Qt4r1DSd+qhfPFcDThUK4uxoZKGlPb2IYQn5LL+18aIGnmteDf7BnVMmvBNSQ== -"@prisma/engines@3.8.0-43.34df67547cf5598f5a6cd3eb45f14ee70c3fb86f": - version "3.8.0-43.34df67547cf5598f5a6cd3eb45f14ee70c3fb86f" - resolved "https://registry.yarnpkg.com/@prisma/engines/-/engines-3.8.0-43.34df67547cf5598f5a6cd3eb45f14ee70c3fb86f.tgz#4479099b99f6a082ce5843ee7208943ccedd127f" - integrity sha512-bHYubuItSN/DGYo36aDu7xJiJmK52JOSHs4MK+KbceAtwS20BCWadRgtpQ3iZ2EXfN/B1T0iCXlNraaNwnpU2w== +"@prisma/engines@3.9.0-58.bcc2ff906db47790ee902e7bbc76d7ffb1893009": + version "3.9.0-58.bcc2ff906db47790ee902e7bbc76d7ffb1893009" + resolved "https://registry.yarnpkg.com/@prisma/engines/-/engines-3.9.0-58.bcc2ff906db47790ee902e7bbc76d7ffb1893009.tgz#e5c345cdedb7be83d11c1e0c5ab61d866b411256" + integrity sha512-qM+uJbkelB21bnK44gYE049YTHIjHysOuj0mj5U2gDGyNLfmiazlggzFPCgEjgme4U5YB2tYs6Z5Hq08Kl8pjA== "@sindresorhus/is@^0.14.0": version "0.14.0" @@ -2428,12 +2428,12 @@ prettier@^2.1.2: resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.5.1.tgz#fff75fa9d519c54cf0fce328c1017d94546bc56a" integrity sha512-vBZcPRUR5MZJwoyi3ZoyQlc1rXeEck8KgeC9AwwOn+exuxLxq5toTRDTSaVrXHxelDMHy9zlicw8u66yxoSUFg== -prisma@^3.7.0: - version "3.8.1" - resolved "https://registry.yarnpkg.com/prisma/-/prisma-3.8.1.tgz#44395cef7cbb1ea86216cb84ee02f856c08a7873" - integrity sha512-Q8zHwS9m70TaD7qI8u+8hTAmiTpK+IpvRYF3Rgb/OeWGQJOMgZCFFvNCiSfoLEQ95wilK7ctW3KOpc9AuYnRUA== +prisma@^3.9.1: + version "3.9.1" + resolved "https://registry.yarnpkg.com/prisma/-/prisma-3.9.1.tgz#7510a8bf06018a5313b9427b1127ce4750b1ce5c" + integrity sha512-IGcJAu5LzlFv+i+NNhOEh1J1xVVttsVdRBxmrMN7eIH+7mRN6L89Hz1npUAiz4jOpNlHC7n9QwaOYZGxTqlwQw== dependencies: - "@prisma/engines" "3.8.0-43.34df67547cf5598f5a6cd3eb45f14ee70c3fb86f" + "@prisma/engines" "3.9.0-58.bcc2ff906db47790ee902e7bbc76d7ffb1893009" process-warning@^1.0.0: version "1.0.0"