admin/changemaker.lite
1
0
Fork 0
Code Issues Packages Projects Releases 31 Wiki Activity
changemaker.lite/api/dist/modules/auth/auth.service.js

305 lines
14 KiB
JavaScript
Raw Blame History

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.authService = void 0;
const bcryptjs_1 = __importDefault(require("bcryptjs"));
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
const client_1 = require("@prisma/client");
const database_1 = require("../../config/database");
const env_1 = require("../../config/env");
const error_handler_1 = require("../../middleware/error-handler");
const metrics_1 = require("../../utils/metrics");
const settings_service_1 = require("../settings/settings.service");
const verification_token_service_1 = require("../../services/verification-token.service");
const email_service_1 = require("../../services/email.service");
const roles_1 = require("../../utils/roles");
const logger_1 = require("../../utils/logger");
/** Parse the roles JSON field into a UserRole[] array */
function parseRoles(user) {
if (Array.isArray(user.roles) && user.roles.length > 0) {
return user.roles;
}
return [user.role];
}
exports.authService = {
async login(email, password) {
const user = await database_1.prisma.user.findUnique({ where: { email } });
if (!user) {
(0, metrics_1.recordLoginAttempt)('failure');
throw new error_handler_1.AppError(401, 'Invalid email or password', 'INVALID_CREDENTIALS');
}
const valid = await bcryptjs_1.default.compare(password, user.password);
if (!valid) {
(0, metrics_1.recordLoginAttempt)('failure');
throw new error_handler_1.AppError(401, 'Invalid email or password', 'INVALID_CREDENTIALS');
}
// Status-specific errors
if (user.status === client_1.UserStatus.PENDING_VERIFICATION) {
(0, metrics_1.recordLoginAttempt)('failure');
throw new error_handler_1.AppError(403, 'Please verify your email address before logging in', 'EMAIL_NOT_VERIFIED');
}
if (user.status === client_1.UserStatus.PENDING_APPROVAL) {
(0, metrics_1.recordLoginAttempt)('failure');
throw new error_handler_1.AppError(403, 'Your account is pending admin approval', 'ACCOUNT_PENDING');
}
if (user.status !== client_1.UserStatus.ACTIVE) {
(0, metrics_1.recordLoginAttempt)('failure');
throw new error_handler_1.AppError(403, `Account is ${user.status.toLowerCase()}`, 'ACCOUNT_INACTIVE');
}
if (user.expiresAt && user.expiresAt < new Date()) {
(0, metrics_1.recordLoginAttempt)('failure');
throw new error_handler_1.AppError(403, 'Account has expired', 'ACCOUNT_EXPIRED');
}
(0, metrics_1.recordLoginAttempt)('success');
await database_1.prisma.user.update({
where: { id: user.id },
data: { lastLoginAt: new Date() },
});
// Fire-and-forget: log USER_LOGIN activity on linked Contact
database_1.prisma.contact.findFirst({
where: { userId: user.id, mergedIntoId: null },
}).then(async (contact) => {
if (contact) {
await database_1.prisma.contactActivity.create({
data: {
contactId: contact.id,
type: 'USER_LOGIN',
title: 'User logged in',
description: `Login from ${user.email}`,
},
});
}
}).catch(err => {
logger_1.logger.warn('Login activity logging failed:', err);
});
const tokens = await this.generateTokenPair(user);
const { password: _, ...userWithoutPassword } = user;
return { user: userWithoutPassword, ...tokens };
},
async register(data) {
// Check if public registration is enabled
const settings = await settings_service_1.siteSettingsService.get();
if (!settings.enablePublicRegistration) {
throw new error_handler_1.AppError(403, 'Public registration is currently disabled', 'REGISTRATION_DISABLED');
}
const existing = await database_1.prisma.user.findUnique({ where: { email: data.email } });
if (existing) {
throw new error_handler_1.AppError(409, 'Email already registered', 'EMAIL_EXISTS');
}
const hashedPassword = await bcryptjs_1.default.hash(data.password, 12);
// Determine if email verification is needed
const smtpReady = await email_service_1.emailService.isSmtpConfigured();
const requireVerification = settings.enableEmailVerification && smtpReady;
const user = await database_1.prisma.user.create({
data: {
email: data.email,
password: hashedPassword,
name: data.name,
phone: data.phone,
role: client_1.UserRole.USER,
roles: JSON.parse(JSON.stringify([client_1.UserRole.USER])),
status: requireVerification ? client_1.UserStatus.PENDING_VERIFICATION : client_1.UserStatus.ACTIVE,
emailVerified: !requireVerification,
createdVia: 'SELF_REGISTRATION',
},
});
// Fire-and-forget: process referral if invite code provided
if (data.inviteCode) {
Promise.resolve().then(() => __importStar(require('../social/referral.service'))).then(({ referralService }) => {
referralService.processRegistrationReferral(user.id, data.inviteCode).catch(err => {
logger_1.logger.warn('Referral processing failed:', err);
});
}).catch(() => { });
}
// Fire-and-forget: auto-link or create Contact if People feature is enabled
settings_service_1.siteSettingsService.get().then(async (s) => {
if (!s.enablePeople)
return;
// Check for existing Contact with matching email → link
const existingContact = await database_1.prisma.contact.findFirst({
where: { email: { equals: data.email, mode: 'insensitive' }, userId: null, mergedIntoId: null },
});
if (existingContact) {
await database_1.prisma.contact.update({ where: { id: existingContact.id }, data: { userId: user.id } });
logger_1.logger.info(`Auto-linked contact ${existingContact.id} to registered user ${user.id}`);
}
else {
// Create new Contact linked to the user
await database_1.prisma.contact.create({
data: {
displayName: data.name || data.email,
firstName: data.name?.split(' ')[0] || null,
lastName: data.name?.split(' ').slice(1).join(' ') || null,
email: data.email,
phone: data.phone || null,
primarySource: 'USER',
userId: user.id,
tags: [],
},
});
logger_1.logger.info(`Auto-created contact for registered user ${user.id}`);
}
}).catch(err => {
logger_1.logger.warn('Contact auto-creation on register failed:', err);
});
// If verification required, send email and don't issue tokens
if (requireVerification) {
const token = await verification_token_service_1.verificationTokenService.createToken(user.id);
const adminUrl = env_1.env.ADMIN_URL || 'http://localhost:3000';
const verificationUrl = `${adminUrl}/verify-email?token=${token}`;
await email_service_1.emailService.sendVerificationEmail({
recipientEmail: user.email,
recipientName: user.name || 'there',
verificationUrl,
});
const { password: _, ...userWithoutPassword } = user;
return {
user: userWithoutPassword,
requiresVerification: true,
message: 'Please check your email to verify your account',
};
}
// No verification needed — issue tokens immediately
const tokens = await this.generateTokenPair(user);
const { password: _, ...userWithoutPassword } = user;
return { user: userWithoutPassword, ...tokens };
},
async refreshTokens(refreshToken) {
let payload;
try {
payload = jsonwebtoken_1.default.verify(refreshToken, env_1.env.JWT_REFRESH_SECRET, { algorithms: ['HS256'] });
}
catch {
throw new error_handler_1.AppError(401, 'Invalid refresh token', 'INVALID_REFRESH_TOKEN');
}
const stored = await database_1.prisma.refreshToken.findUnique({
where: { token: refreshToken },
include: { user: true },
});
if (!stored) {
throw new error_handler_1.AppError(401, 'Refresh token not found', 'INVALID_REFRESH_TOKEN');
}
// Check user status — banned/inactive users must not get new tokens
if (stored.user.status !== client_1.UserStatus.ACTIVE) {
await database_1.prisma.refreshToken.delete({ where: { id: stored.id } });
throw new error_handler_1.AppError(401, 'Account is not active', 'ACCOUNT_INACTIVE');
}
// Check account expiry
if (stored.user.expiresAt && stored.user.expiresAt < new Date()) {
await database_1.prisma.refreshToken.delete({ where: { id: stored.id } });
throw new error_handler_1.AppError(401, 'Account has expired', 'ACCOUNT_EXPIRED');
}
if (stored.expiresAt < new Date()) {
await database_1.prisma.refreshToken.delete({ where: { id: stored.id } });
throw new error_handler_1.AppError(401, 'Refresh token expired', 'REFRESH_TOKEN_EXPIRED');
}
// Rotate: delete old and create new atomically
const tokens = await database_1.prisma.$transaction(async (tx) => {
await tx.refreshToken.delete({ where: { id: stored.id } });
const userRoles = parseRoles(stored.user);
const accessToken = this.generateAccessToken(stored.user);
const refreshPayload = {
id: stored.user.id,
email: stored.user.email,
role: (0, roles_1.getPrimaryRole)(userRoles),
roles: userRoles,
};
const refreshToken = jsonwebtoken_1.default.sign(refreshPayload, env_1.env.JWT_REFRESH_SECRET, {
algorithm: 'HS256',
expiresIn: env_1.env.JWT_REFRESH_EXPIRY,
});
const decoded = jsonwebtoken_1.default.decode(refreshToken);
const expiresAt = new Date(decoded.exp * 1000);
await tx.refreshToken.create({
data: {
token: refreshToken,
userId: stored.user.id,
expiresAt,
},
});
return { accessToken, refreshToken };
});
const { password: _, ...userWithoutPassword } = stored.user;
return { user: userWithoutPassword, ...tokens };
},
async logout(refreshToken) {
await database_1.prisma.refreshToken.deleteMany({ where: { token: refreshToken } });
},
generateAccessToken(user) {
const userRoles = parseRoles(user);
const payload = {
id: user.id,
email: user.email,
role: (0, roles_1.getPrimaryRole)(userRoles),
roles: userRoles,
};
return jsonwebtoken_1.default.sign(payload, env_1.env.JWT_ACCESS_SECRET, {
algorithm: 'HS256',
expiresIn: env_1.env.JWT_ACCESS_EXPIRY,
});
},
async generateRefreshToken(user) {
const userRoles = parseRoles(user);
const payload = {
id: user.id,
email: user.email,
role: (0, roles_1.getPrimaryRole)(userRoles),
roles: userRoles,
};
const token = jsonwebtoken_1.default.sign(payload, env_1.env.JWT_REFRESH_SECRET, {
algorithm: 'HS256',
expiresIn: env_1.env.JWT_REFRESH_EXPIRY,
});
const decoded = jsonwebtoken_1.default.decode(token);
const expiresAt = new Date(decoded.exp * 1000);
await database_1.prisma.refreshToken.create({
data: {
token,
userId: user.id,
expiresAt,
},
});
return token;
},
async generateTokenPair(user) {
const accessToken = this.generateAccessToken(user);
const refreshToken = await this.generateRefreshToken(user);
return { accessToken, refreshToken };
},
};
//# sourceMappingURL=auth.service.js.map
Reference in New Issue View Git Blame Copy Permalink