mirror of
https://github.com/twentyhq/twenty.git
synced 2024-12-23 12:02:10 +03:00
Error 500 (#8845)
This commit is contained in:
parent
c735026f6c
commit
2c0d3e93d2
@ -0,0 +1,51 @@
|
|||||||
|
import { Inject, Injectable, Scope } from '@nestjs/common';
|
||||||
|
import { REQUEST } from '@nestjs/core';
|
||||||
|
|
||||||
|
import { Response } from 'express';
|
||||||
|
|
||||||
|
import { ExceptionHandlerUser } from 'src/engine/core-modules/exception-handler/interfaces/exception-handler-user.interface';
|
||||||
|
import { ExceptionHandlerWorkspace } from 'src/engine/core-modules/exception-handler/interfaces/exception-handler-workspace.interface';
|
||||||
|
|
||||||
|
import { AuthException } from 'src/engine/core-modules/auth/auth.exception';
|
||||||
|
import { ExceptionHandlerService } from 'src/engine/core-modules/exception-handler/exception-handler.service';
|
||||||
|
|
||||||
|
export const handleException = (
|
||||||
|
exception: AuthException,
|
||||||
|
exceptionHandlerService: ExceptionHandlerService,
|
||||||
|
user?: ExceptionHandlerUser,
|
||||||
|
workspace?: ExceptionHandlerWorkspace,
|
||||||
|
): void => {
|
||||||
|
exceptionHandlerService.captureExceptions([exception], { user, workspace });
|
||||||
|
};
|
||||||
|
|
||||||
|
interface RequestAndParams {
|
||||||
|
request: Request | null;
|
||||||
|
params: any;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Injectable({ scope: Scope.REQUEST })
|
||||||
|
export class AuthExceptionHandlerService {
|
||||||
|
constructor(
|
||||||
|
private readonly exceptionHandlerService: ExceptionHandlerService,
|
||||||
|
@Inject(REQUEST)
|
||||||
|
private readonly request: RequestAndParams | null,
|
||||||
|
) {}
|
||||||
|
|
||||||
|
handleError = (
|
||||||
|
exception: AuthException,
|
||||||
|
response: Response<any, Record<string, any>>,
|
||||||
|
errorCode?: number,
|
||||||
|
user?: ExceptionHandlerUser,
|
||||||
|
workspace?: ExceptionHandlerWorkspace,
|
||||||
|
): Response<any, Record<string, any>> | undefined => {
|
||||||
|
const params = this.request?.params;
|
||||||
|
|
||||||
|
if (params?.workspaceId)
|
||||||
|
workspace = { ...workspace, id: params.workspaceId };
|
||||||
|
if (params?.userId) user = { ...user, id: params.userId };
|
||||||
|
|
||||||
|
handleException(exception, this.exceptionHandlerService, user, workspace);
|
||||||
|
|
||||||
|
return response.status(errorCode || 500).send(exception.message);
|
||||||
|
};
|
||||||
|
}
|
@ -19,4 +19,8 @@ export enum AuthExceptionCode {
|
|||||||
OAUTH_ACCESS_DENIED = 'OAUTH_ACCESS_DENIED',
|
OAUTH_ACCESS_DENIED = 'OAUTH_ACCESS_DENIED',
|
||||||
SSO_AUTH_FAILED = 'SSO_AUTH_FAILED',
|
SSO_AUTH_FAILED = 'SSO_AUTH_FAILED',
|
||||||
USE_SSO_AUTH = 'USE_SSO_AUTH',
|
USE_SSO_AUTH = 'USE_SSO_AUTH',
|
||||||
|
SIGNUP_DISABLED = 'SIGNUP_DISABLED',
|
||||||
|
GOOGLE_API_AUTH_DISABLED = 'GOOGLE_API_AUTH_DISABLED',
|
||||||
|
MICROSOFT_API_AUTH_DISABLED = 'MICROSOFT_API_AUTH_DISABLED',
|
||||||
|
MISSING_ENVIRONMENT_VARIABLE = 'MISSING_ENVIRONMENT_VARIABLE',
|
||||||
}
|
}
|
||||||
|
@ -6,6 +6,7 @@ import { TypeOrmModule } from '@nestjs/typeorm';
|
|||||||
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
||||||
import { AppToken } from 'src/engine/core-modules/app-token/app-token.entity';
|
import { AppToken } from 'src/engine/core-modules/app-token/app-token.entity';
|
||||||
import { AppTokenService } from 'src/engine/core-modules/app-token/services/app-token.service';
|
import { AppTokenService } from 'src/engine/core-modules/app-token/services/app-token.service';
|
||||||
|
import { AuthExceptionHandlerService } from 'src/engine/core-modules/auth/auth-exception-handler.service';
|
||||||
import { GoogleAPIsAuthController } from 'src/engine/core-modules/auth/controllers/google-apis-auth.controller';
|
import { GoogleAPIsAuthController } from 'src/engine/core-modules/auth/controllers/google-apis-auth.controller';
|
||||||
import { GoogleAuthController } from 'src/engine/core-modules/auth/controllers/google-auth.controller';
|
import { GoogleAuthController } from 'src/engine/core-modules/auth/controllers/google-auth.controller';
|
||||||
import { MicrosoftAPIsAuthController } from 'src/engine/core-modules/auth/controllers/microsoft-apis-auth.controller';
|
import { MicrosoftAPIsAuthController } from 'src/engine/core-modules/auth/controllers/microsoft-apis-auth.controller';
|
||||||
@ -23,6 +24,8 @@ import { AccessTokenService } from 'src/engine/core-modules/auth/token/services/
|
|||||||
import { LoginTokenService } from 'src/engine/core-modules/auth/token/services/login-token.service';
|
import { LoginTokenService } from 'src/engine/core-modules/auth/token/services/login-token.service';
|
||||||
import { RefreshTokenService } from 'src/engine/core-modules/auth/token/services/refresh-token.service';
|
import { RefreshTokenService } from 'src/engine/core-modules/auth/token/services/refresh-token.service';
|
||||||
import { TransientTokenService } from 'src/engine/core-modules/auth/token/services/transient-token.service';
|
import { TransientTokenService } from 'src/engine/core-modules/auth/token/services/transient-token.service';
|
||||||
|
import { TokenModule } from 'src/engine/core-modules/auth/token/token.module';
|
||||||
|
import { DomainManagerModule } from 'src/engine/core-modules/domain-manager/domain-manager.module';
|
||||||
import { FeatureFlagEntity } from 'src/engine/core-modules/feature-flag/feature-flag.entity';
|
import { FeatureFlagEntity } from 'src/engine/core-modules/feature-flag/feature-flag.entity';
|
||||||
import { FeatureFlagModule } from 'src/engine/core-modules/feature-flag/feature-flag.module';
|
import { FeatureFlagModule } from 'src/engine/core-modules/feature-flag/feature-flag.module';
|
||||||
import { FileUploadModule } from 'src/engine/core-modules/file/file-upload/file-upload.module';
|
import { FileUploadModule } from 'src/engine/core-modules/file/file-upload/file-upload.module';
|
||||||
@ -34,15 +37,13 @@ import { WorkspaceSSOIdentityProvider } from 'src/engine/core-modules/sso/worksp
|
|||||||
import { UserWorkspaceModule } from 'src/engine/core-modules/user-workspace/user-workspace.module';
|
import { UserWorkspaceModule } from 'src/engine/core-modules/user-workspace/user-workspace.module';
|
||||||
import { User } from 'src/engine/core-modules/user/user.entity';
|
import { User } from 'src/engine/core-modules/user/user.entity';
|
||||||
import { UserModule } from 'src/engine/core-modules/user/user.module';
|
import { UserModule } from 'src/engine/core-modules/user/user.module';
|
||||||
|
import { WorkspaceInvitationModule } from 'src/engine/core-modules/workspace-invitation/workspace-invitation.module';
|
||||||
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
|
import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
|
||||||
|
import { WorkspaceModule } from 'src/engine/core-modules/workspace/workspace.module';
|
||||||
import { DataSourceModule } from 'src/engine/metadata-modules/data-source/data-source.module';
|
import { DataSourceModule } from 'src/engine/metadata-modules/data-source/data-source.module';
|
||||||
import { WorkspaceDataSourceModule } from 'src/engine/workspace-datasource/workspace-datasource.module';
|
import { WorkspaceDataSourceModule } from 'src/engine/workspace-datasource/workspace-datasource.module';
|
||||||
import { WorkspaceManagerModule } from 'src/engine/workspace-manager/workspace-manager.module';
|
import { WorkspaceManagerModule } from 'src/engine/workspace-manager/workspace-manager.module';
|
||||||
import { ConnectedAccountModule } from 'src/modules/connected-account/connected-account.module';
|
import { ConnectedAccountModule } from 'src/modules/connected-account/connected-account.module';
|
||||||
import { DomainManagerModule } from 'src/engine/core-modules/domain-manager/domain-manager.module';
|
|
||||||
import { WorkspaceInvitationModule } from 'src/engine/core-modules/workspace-invitation/workspace-invitation.module';
|
|
||||||
import { TokenModule } from 'src/engine/core-modules/auth/token/token.module';
|
|
||||||
import { WorkspaceModule } from 'src/engine/core-modules/workspace/workspace.module';
|
|
||||||
|
|
||||||
import { AuthResolver } from './auth.resolver';
|
import { AuthResolver } from './auth.resolver';
|
||||||
|
|
||||||
@ -102,6 +103,7 @@ import { JwtAuthStrategy } from './strategies/jwt.auth.strategy';
|
|||||||
ResetPasswordService,
|
ResetPasswordService,
|
||||||
SwitchWorkspaceService,
|
SwitchWorkspaceService,
|
||||||
TransientTokenService,
|
TransientTokenService,
|
||||||
|
AuthExceptionHandlerService,
|
||||||
ApiKeyService,
|
ApiKeyService,
|
||||||
OAuthService,
|
OAuthService,
|
||||||
],
|
],
|
||||||
|
@ -1,13 +1,8 @@
|
|||||||
import {
|
import { ArgumentsHost, Catch, ExceptionFilter } from '@nestjs/common';
|
||||||
ArgumentsHost,
|
|
||||||
BadRequestException,
|
|
||||||
Catch,
|
|
||||||
ExceptionFilter,
|
|
||||||
InternalServerErrorException,
|
|
||||||
NotFoundException,
|
|
||||||
UnauthorizedException,
|
|
||||||
} from '@nestjs/common';
|
|
||||||
|
|
||||||
|
import { Response } from 'express';
|
||||||
|
|
||||||
|
import { AuthExceptionHandlerService } from 'src/engine/core-modules/auth/auth-exception-handler.service';
|
||||||
import {
|
import {
|
||||||
AuthException,
|
AuthException,
|
||||||
AuthExceptionCode,
|
AuthExceptionCode,
|
||||||
@ -15,19 +10,51 @@ import {
|
|||||||
|
|
||||||
@Catch(AuthException)
|
@Catch(AuthException)
|
||||||
export class AuthRestApiExceptionFilter implements ExceptionFilter {
|
export class AuthRestApiExceptionFilter implements ExceptionFilter {
|
||||||
catch(exception: AuthException, _: ArgumentsHost) {
|
constructor(
|
||||||
|
private readonly authExceptionHandlerService: AuthExceptionHandlerService,
|
||||||
|
) {}
|
||||||
|
|
||||||
|
catch(exception: AuthException, host: ArgumentsHost) {
|
||||||
|
const ctx = host.switchToHttp();
|
||||||
|
const response = ctx.getResponse<Response>();
|
||||||
|
|
||||||
switch (exception.code) {
|
switch (exception.code) {
|
||||||
case AuthExceptionCode.USER_NOT_FOUND:
|
case AuthExceptionCode.USER_NOT_FOUND:
|
||||||
case AuthExceptionCode.CLIENT_NOT_FOUND:
|
case AuthExceptionCode.CLIENT_NOT_FOUND:
|
||||||
throw new NotFoundException(exception.message);
|
return this.authExceptionHandlerService.handleError(
|
||||||
|
exception,
|
||||||
|
response,
|
||||||
|
404,
|
||||||
|
);
|
||||||
case AuthExceptionCode.INVALID_INPUT:
|
case AuthExceptionCode.INVALID_INPUT:
|
||||||
throw new BadRequestException(exception.message);
|
|
||||||
case AuthExceptionCode.FORBIDDEN_EXCEPTION:
|
|
||||||
throw new UnauthorizedException(exception.message);
|
|
||||||
case AuthExceptionCode.INVALID_DATA:
|
case AuthExceptionCode.INVALID_DATA:
|
||||||
|
case AuthExceptionCode.MISSING_ENVIRONMENT_VARIABLE:
|
||||||
|
return this.authExceptionHandlerService.handleError(
|
||||||
|
exception,
|
||||||
|
response,
|
||||||
|
400,
|
||||||
|
);
|
||||||
|
case AuthExceptionCode.FORBIDDEN_EXCEPTION:
|
||||||
|
return this.authExceptionHandlerService.handleError(
|
||||||
|
exception,
|
||||||
|
response,
|
||||||
|
401,
|
||||||
|
);
|
||||||
|
case AuthExceptionCode.GOOGLE_API_AUTH_DISABLED:
|
||||||
|
case AuthExceptionCode.MICROSOFT_API_AUTH_DISABLED:
|
||||||
|
case AuthExceptionCode.SIGNUP_DISABLED:
|
||||||
|
return this.authExceptionHandlerService.handleError(
|
||||||
|
exception,
|
||||||
|
response,
|
||||||
|
403,
|
||||||
|
);
|
||||||
case AuthExceptionCode.INTERNAL_SERVER_ERROR:
|
case AuthExceptionCode.INTERNAL_SERVER_ERROR:
|
||||||
default:
|
default:
|
||||||
throw new InternalServerErrorException(exception.message);
|
return this.authExceptionHandlerService.handleError(
|
||||||
|
exception,
|
||||||
|
response,
|
||||||
|
500,
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
import { ExecutionContext, Injectable } from '@nestjs/common';
|
import { ExecutionContext, Injectable } from '@nestjs/common';
|
||||||
import { AuthGuard } from '@nestjs/passport';
|
import { AuthGuard } from '@nestjs/passport';
|
||||||
|
|
||||||
|
import {
|
||||||
|
AuthException,
|
||||||
|
AuthExceptionCode,
|
||||||
|
} from 'src/engine/core-modules/auth/auth.exception';
|
||||||
import { GoogleAPIsOauthExchangeCodeForTokenStrategy } from 'src/engine/core-modules/auth/strategies/google-apis-oauth-exchange-code-for-token.auth.strategy';
|
import { GoogleAPIsOauthExchangeCodeForTokenStrategy } from 'src/engine/core-modules/auth/strategies/google-apis-oauth-exchange-code-for-token.auth.strategy';
|
||||||
import { TransientTokenService } from 'src/engine/core-modules/auth/token/services/transient-token.service';
|
import { TransientTokenService } from 'src/engine/core-modules/auth/token/services/transient-token.service';
|
||||||
import { setRequestExtraParams } from 'src/engine/core-modules/auth/utils/google-apis-set-request-extra-params.util';
|
import { setRequestExtraParams } from 'src/engine/core-modules/auth/utils/google-apis-set-request-extra-params.util';
|
||||||
import {
|
|
||||||
EnvironmentException,
|
|
||||||
EnvironmentExceptionCode,
|
|
||||||
} from 'src/engine/core-modules/environment/environment.exception';
|
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
|
import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
|
||||||
import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
|
import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
|
||||||
@ -41,9 +41,9 @@ export class GoogleAPIsOauthExchangeCodeForTokenGuard extends AuthGuard(
|
|||||||
!this.environmentService.get('MESSAGING_PROVIDER_GMAIL_ENABLED') &&
|
!this.environmentService.get('MESSAGING_PROVIDER_GMAIL_ENABLED') &&
|
||||||
!this.environmentService.get('CALENDAR_PROVIDER_GOOGLE_ENABLED')
|
!this.environmentService.get('CALENDAR_PROVIDER_GOOGLE_ENABLED')
|
||||||
) {
|
) {
|
||||||
throw new EnvironmentException(
|
throw new AuthException(
|
||||||
'Google apis auth is not enabled',
|
'Google apis auth is not enabled',
|
||||||
EnvironmentExceptionCode.ENVIRONMENT_VARIABLES_NOT_FOUND,
|
AuthExceptionCode.GOOGLE_API_AUTH_DISABLED,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
import { ExecutionContext, Injectable } from '@nestjs/common';
|
import { ExecutionContext, Injectable } from '@nestjs/common';
|
||||||
import { AuthGuard } from '@nestjs/passport';
|
import { AuthGuard } from '@nestjs/passport';
|
||||||
|
|
||||||
|
import {
|
||||||
|
AuthException,
|
||||||
|
AuthExceptionCode,
|
||||||
|
} from 'src/engine/core-modules/auth/auth.exception';
|
||||||
import { GoogleAPIsOauthRequestCodeStrategy } from 'src/engine/core-modules/auth/strategies/google-apis-oauth-request-code.auth.strategy';
|
import { GoogleAPIsOauthRequestCodeStrategy } from 'src/engine/core-modules/auth/strategies/google-apis-oauth-request-code.auth.strategy';
|
||||||
import { TransientTokenService } from 'src/engine/core-modules/auth/token/services/transient-token.service';
|
import { TransientTokenService } from 'src/engine/core-modules/auth/token/services/transient-token.service';
|
||||||
import { setRequestExtraParams } from 'src/engine/core-modules/auth/utils/google-apis-set-request-extra-params.util';
|
import { setRequestExtraParams } from 'src/engine/core-modules/auth/utils/google-apis-set-request-extra-params.util';
|
||||||
import {
|
|
||||||
EnvironmentException,
|
|
||||||
EnvironmentExceptionCode,
|
|
||||||
} from 'src/engine/core-modules/environment/environment.exception';
|
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
|
import { FeatureFlagKey } from 'src/engine/core-modules/feature-flag/enums/feature-flag-key.enum';
|
||||||
import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
|
import { FeatureFlagService } from 'src/engine/core-modules/feature-flag/services/feature-flag.service';
|
||||||
@ -27,7 +27,7 @@ export class GoogleAPIsOauthRequestCodeGuard extends AuthGuard('google-apis') {
|
|||||||
async canActivate(context: ExecutionContext) {
|
async canActivate(context: ExecutionContext) {
|
||||||
const request = context.switchToHttp().getRequest();
|
const request = context.switchToHttp().getRequest();
|
||||||
|
|
||||||
const { workspaceId } =
|
const { workspaceId, userId } =
|
||||||
await this.transientTokenService.verifyTransientToken(
|
await this.transientTokenService.verifyTransientToken(
|
||||||
request.query.transientToken,
|
request.query.transientToken,
|
||||||
);
|
);
|
||||||
@ -37,13 +37,23 @@ export class GoogleAPIsOauthRequestCodeGuard extends AuthGuard('google-apis') {
|
|||||||
workspaceId,
|
workspaceId,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
setRequestExtraParams(request, {
|
||||||
|
transientToken: request.query.transientToken,
|
||||||
|
redirectLocation: request.query.redirectLocation,
|
||||||
|
calendarVisibility: request.query.calendarVisibility,
|
||||||
|
messageVisibility: request.query.messageVisibility,
|
||||||
|
loginHint: request.query.loginHint,
|
||||||
|
userId: userId,
|
||||||
|
workspaceId: workspaceId,
|
||||||
|
});
|
||||||
|
|
||||||
if (
|
if (
|
||||||
!this.environmentService.get('MESSAGING_PROVIDER_GMAIL_ENABLED') &&
|
!this.environmentService.get('MESSAGING_PROVIDER_GMAIL_ENABLED') &&
|
||||||
!this.environmentService.get('CALENDAR_PROVIDER_GOOGLE_ENABLED')
|
!this.environmentService.get('CALENDAR_PROVIDER_GOOGLE_ENABLED')
|
||||||
) {
|
) {
|
||||||
throw new EnvironmentException(
|
throw new AuthException(
|
||||||
'Google apis auth is not enabled',
|
'Google apis auth is not enabled',
|
||||||
EnvironmentExceptionCode.ENVIRONMENT_VARIABLES_NOT_FOUND,
|
AuthExceptionCode.GOOGLE_API_AUTH_DISABLED,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -52,13 +62,6 @@ export class GoogleAPIsOauthRequestCodeGuard extends AuthGuard('google-apis') {
|
|||||||
{},
|
{},
|
||||||
isGmailSendEmailScopeEnabled,
|
isGmailSendEmailScopeEnabled,
|
||||||
);
|
);
|
||||||
setRequestExtraParams(request, {
|
|
||||||
transientToken: request.query.transientToken,
|
|
||||||
redirectLocation: request.query.redirectLocation,
|
|
||||||
calendarVisibility: request.query.calendarVisibility,
|
|
||||||
messageVisibility: request.query.messageVisibility,
|
|
||||||
loginHint: request.query.loginHint,
|
|
||||||
});
|
|
||||||
|
|
||||||
const activate = (await super.canActivate(context)) as boolean;
|
const activate = (await super.canActivate(context)) as boolean;
|
||||||
|
|
||||||
|
@ -2,11 +2,11 @@ import { CanActivate, Injectable } from '@nestjs/common';
|
|||||||
|
|
||||||
import { Observable } from 'rxjs';
|
import { Observable } from 'rxjs';
|
||||||
|
|
||||||
import { GoogleStrategy } from 'src/engine/core-modules/auth/strategies/google.auth.strategy';
|
|
||||||
import {
|
import {
|
||||||
EnvironmentException,
|
AuthException,
|
||||||
EnvironmentExceptionCode,
|
AuthExceptionCode,
|
||||||
} from 'src/engine/core-modules/environment/environment.exception';
|
} from 'src/engine/core-modules/auth/auth.exception';
|
||||||
|
import { GoogleStrategy } from 'src/engine/core-modules/auth/strategies/google.auth.strategy';
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
@ -15,9 +15,9 @@ export class GoogleProviderEnabledGuard implements CanActivate {
|
|||||||
|
|
||||||
canActivate(): boolean | Promise<boolean> | Observable<boolean> {
|
canActivate(): boolean | Promise<boolean> | Observable<boolean> {
|
||||||
if (!this.environmentService.get('AUTH_GOOGLE_ENABLED')) {
|
if (!this.environmentService.get('AUTH_GOOGLE_ENABLED')) {
|
||||||
throw new EnvironmentException(
|
throw new AuthException(
|
||||||
'Google auth is not enabled',
|
'Google auth is not enabled',
|
||||||
EnvironmentExceptionCode.ENVIRONMENT_VARIABLES_NOT_FOUND,
|
AuthExceptionCode.GOOGLE_API_AUTH_DISABLED,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,11 +2,11 @@ import { CanActivate, Injectable } from '@nestjs/common';
|
|||||||
|
|
||||||
import { Observable } from 'rxjs';
|
import { Observable } from 'rxjs';
|
||||||
|
|
||||||
import { MicrosoftStrategy } from 'src/engine/core-modules/auth/strategies/microsoft.auth.strategy';
|
|
||||||
import {
|
import {
|
||||||
EnvironmentException,
|
AuthException,
|
||||||
EnvironmentExceptionCode,
|
AuthExceptionCode,
|
||||||
} from 'src/engine/core-modules/environment/environment.exception';
|
} from 'src/engine/core-modules/auth/auth.exception';
|
||||||
|
import { MicrosoftStrategy } from 'src/engine/core-modules/auth/strategies/microsoft.auth.strategy';
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
@ -15,9 +15,9 @@ export class MicrosoftProviderEnabledGuard implements CanActivate {
|
|||||||
|
|
||||||
canActivate(): boolean | Promise<boolean> | Observable<boolean> {
|
canActivate(): boolean | Promise<boolean> | Observable<boolean> {
|
||||||
if (!this.environmentService.get('AUTH_MICROSOFT_ENABLED')) {
|
if (!this.environmentService.get('AUTH_MICROSOFT_ENABLED')) {
|
||||||
throw new EnvironmentException(
|
throw new AuthException(
|
||||||
'Microsoft auth is not enabled',
|
'Microsoft auth is not enabled',
|
||||||
EnvironmentExceptionCode.ENVIRONMENT_VARIABLES_NOT_FOUND,
|
AuthExceptionCode.MICROSOFT_API_AUTH_DISABLED,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -5,9 +5,9 @@ import { CanActivate, Injectable } from '@nestjs/common';
|
|||||||
import { Observable } from 'rxjs';
|
import { Observable } from 'rxjs';
|
||||||
|
|
||||||
import {
|
import {
|
||||||
EnvironmentException,
|
AuthException,
|
||||||
EnvironmentExceptionCode,
|
AuthExceptionCode,
|
||||||
} from 'src/engine/core-modules/environment/environment.exception';
|
} from 'src/engine/core-modules/auth/auth.exception';
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
@ -16,9 +16,9 @@ export class SSOProviderEnabledGuard implements CanActivate {
|
|||||||
|
|
||||||
canActivate(): boolean | Promise<boolean> | Observable<boolean> {
|
canActivate(): boolean | Promise<boolean> | Observable<boolean> {
|
||||||
if (!this.environmentService.get('ENTERPRISE_KEY')) {
|
if (!this.environmentService.get('ENTERPRISE_KEY')) {
|
||||||
throw new EnvironmentException(
|
throw new AuthException(
|
||||||
'Enterprise key must be defined to use SSO',
|
'Enterprise key must be defined to use SSO',
|
||||||
EnvironmentExceptionCode.ENVIRONMENT_VARIABLES_NOT_FOUND,
|
AuthExceptionCode.MISSING_ENVIRONMENT_VARIABLE,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -18,24 +18,20 @@ import {
|
|||||||
hashPassword,
|
hashPassword,
|
||||||
PASSWORD_REGEX,
|
PASSWORD_REGEX,
|
||||||
} from 'src/engine/core-modules/auth/auth.util';
|
} from 'src/engine/core-modules/auth/auth.util';
|
||||||
|
import { DomainManagerService } from 'src/engine/core-modules/domain-manager/service/domain-manager.service';
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
|
import { FileUploadService } from 'src/engine/core-modules/file/file-upload/services/file-upload.service';
|
||||||
import { OnboardingService } from 'src/engine/core-modules/onboarding/onboarding.service';
|
import { OnboardingService } from 'src/engine/core-modules/onboarding/onboarding.service';
|
||||||
import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
|
import { UserWorkspaceService } from 'src/engine/core-modules/user-workspace/user-workspace.service';
|
||||||
import { User } from 'src/engine/core-modules/user/user.entity';
|
import { User } from 'src/engine/core-modules/user/user.entity';
|
||||||
|
import { userValidator } from 'src/engine/core-modules/user/user.validate';
|
||||||
|
import { WorkspaceInvitationService } from 'src/engine/core-modules/workspace-invitation/services/workspace-invitation.service';
|
||||||
import {
|
import {
|
||||||
Workspace,
|
Workspace,
|
||||||
WorkspaceActivationStatus,
|
WorkspaceActivationStatus,
|
||||||
} from 'src/engine/core-modules/workspace/workspace.entity';
|
} from 'src/engine/core-modules/workspace/workspace.entity';
|
||||||
import { getImageBufferFromUrl } from 'src/utils/image';
|
|
||||||
import { WorkspaceInvitationService } from 'src/engine/core-modules/workspace-invitation/services/workspace-invitation.service';
|
|
||||||
import { userValidator } from 'src/engine/core-modules/user/user.validate';
|
|
||||||
import { workspaceValidator } from 'src/engine/core-modules/workspace/workspace.validate';
|
import { workspaceValidator } from 'src/engine/core-modules/workspace/workspace.validate';
|
||||||
import { DomainManagerService } from 'src/engine/core-modules/domain-manager/service/domain-manager.service';
|
import { getImageBufferFromUrl } from 'src/utils/image';
|
||||||
import {
|
|
||||||
EnvironmentException,
|
|
||||||
EnvironmentExceptionCode,
|
|
||||||
} from 'src/engine/core-modules/environment/environment.exception';
|
|
||||||
|
|
||||||
export type SignInUpServiceInput = {
|
export type SignInUpServiceInput = {
|
||||||
email: string;
|
email: string;
|
||||||
@ -299,9 +295,9 @@ export class SignInUpService {
|
|||||||
|
|
||||||
// let the creation of the first workspace
|
// let the creation of the first workspace
|
||||||
if (workspacesCount > 0) {
|
if (workspacesCount > 0) {
|
||||||
throw new EnvironmentException(
|
throw new AuthException(
|
||||||
'New workspace setup is disabled',
|
'New workspace setup is disabled',
|
||||||
EnvironmentExceptionCode.ENVIRONMENT_VARIABLES_NOT_FOUND,
|
AuthExceptionCode.SIGNUP_DISABLED,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -17,10 +17,6 @@ import {
|
|||||||
AuthContext,
|
AuthContext,
|
||||||
JwtPayload,
|
JwtPayload,
|
||||||
} from 'src/engine/core-modules/auth/types/auth-context.type';
|
} from 'src/engine/core-modules/auth/types/auth-context.type';
|
||||||
import {
|
|
||||||
EnvironmentException,
|
|
||||||
EnvironmentExceptionCode,
|
|
||||||
} from 'src/engine/core-modules/environment/environment.exception';
|
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
||||||
import { User } from 'src/engine/core-modules/user/user.entity';
|
import { User } from 'src/engine/core-modules/user/user.entity';
|
||||||
@ -45,13 +41,6 @@ export class AccessTokenService {
|
|||||||
): Promise<AuthToken> {
|
): Promise<AuthToken> {
|
||||||
const expiresIn = this.environmentService.get('ACCESS_TOKEN_EXPIRES_IN');
|
const expiresIn = this.environmentService.get('ACCESS_TOKEN_EXPIRES_IN');
|
||||||
|
|
||||||
if (!expiresIn) {
|
|
||||||
throw new EnvironmentException(
|
|
||||||
'Expiration time for access token is not set',
|
|
||||||
EnvironmentExceptionCode.ENVIRONMENT_VARIABLES_NOT_FOUND,
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
|
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
|
||||||
|
|
||||||
const user = await this.userRepository.findOne({
|
const user = await this.userRepository.findOne({
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
import { Test, TestingModule } from '@nestjs/testing';
|
import { Test, TestingModule } from '@nestjs/testing';
|
||||||
|
|
||||||
import { EnvironmentException } from 'src/engine/core-modules/environment/environment.exception';
|
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
||||||
|
|
||||||
@ -70,14 +69,6 @@ describe('LoginTokenService', () => {
|
|||||||
{ secret: mockSecret, expiresIn: mockExpiresIn },
|
{ secret: mockSecret, expiresIn: mockExpiresIn },
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should throw an error if LOGIN_TOKEN_EXPIRES_IN is not set', async () => {
|
|
||||||
jest.spyOn(environmentService, 'get').mockReturnValue(undefined);
|
|
||||||
|
|
||||||
await expect(
|
|
||||||
service.generateLoginToken('test@example.com'),
|
|
||||||
).rejects.toThrow(EnvironmentException);
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('verifyLoginToken', () => {
|
describe('verifyLoginToken', () => {
|
||||||
|
@ -4,10 +4,6 @@ import { addMilliseconds } from 'date-fns';
|
|||||||
import ms from 'ms';
|
import ms from 'ms';
|
||||||
|
|
||||||
import { AuthToken } from 'src/engine/core-modules/auth/dto/token.entity';
|
import { AuthToken } from 'src/engine/core-modules/auth/dto/token.entity';
|
||||||
import {
|
|
||||||
EnvironmentException,
|
|
||||||
EnvironmentExceptionCode,
|
|
||||||
} from 'src/engine/core-modules/environment/environment.exception';
|
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
||||||
|
|
||||||
@ -23,13 +19,6 @@ export class LoginTokenService {
|
|||||||
|
|
||||||
const expiresIn = this.environmentService.get('LOGIN_TOKEN_EXPIRES_IN');
|
const expiresIn = this.environmentService.get('LOGIN_TOKEN_EXPIRES_IN');
|
||||||
|
|
||||||
if (!expiresIn) {
|
|
||||||
throw new EnvironmentException(
|
|
||||||
'Expiration time for access token is not set',
|
|
||||||
EnvironmentExceptionCode.ENVIRONMENT_VARIABLES_NOT_FOUND,
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
|
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
|
||||||
const jwtPayload = {
|
const jwtPayload = {
|
||||||
sub: email,
|
sub: email,
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
import { Test, TestingModule } from '@nestjs/testing';
|
import { Test, TestingModule } from '@nestjs/testing';
|
||||||
|
|
||||||
import { EnvironmentException } from 'src/engine/core-modules/environment/environment.exception';
|
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
||||||
|
|
||||||
@ -82,14 +81,6 @@ describe('TransientTokenService', () => {
|
|||||||
}),
|
}),
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should throw an error if SHORT_TERM_TOKEN_EXPIRES_IN is not set', async () => {
|
|
||||||
jest.spyOn(environmentService, 'get').mockReturnValue(undefined);
|
|
||||||
|
|
||||||
await expect(
|
|
||||||
service.generateTransientToken('member-id', 'user-id', 'workspace-id'),
|
|
||||||
).rejects.toThrow(EnvironmentException);
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('verifyTransientToken', () => {
|
describe('verifyTransientToken', () => {
|
||||||
|
@ -4,10 +4,6 @@ import { addMilliseconds } from 'date-fns';
|
|||||||
import ms from 'ms';
|
import ms from 'ms';
|
||||||
|
|
||||||
import { AuthToken } from 'src/engine/core-modules/auth/dto/token.entity';
|
import { AuthToken } from 'src/engine/core-modules/auth/dto/token.entity';
|
||||||
import {
|
|
||||||
EnvironmentException,
|
|
||||||
EnvironmentExceptionCode,
|
|
||||||
} from 'src/engine/core-modules/environment/environment.exception';
|
|
||||||
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
import { EnvironmentService } from 'src/engine/core-modules/environment/environment.service';
|
||||||
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
import { JwtWrapperService } from 'src/engine/core-modules/jwt/services/jwt-wrapper.service';
|
||||||
|
|
||||||
@ -31,13 +27,6 @@ export class TransientTokenService {
|
|||||||
'SHORT_TERM_TOKEN_EXPIRES_IN',
|
'SHORT_TERM_TOKEN_EXPIRES_IN',
|
||||||
);
|
);
|
||||||
|
|
||||||
if (!expiresIn) {
|
|
||||||
throw new EnvironmentException(
|
|
||||||
'Expiration time for access token is not set',
|
|
||||||
EnvironmentExceptionCode.ENVIRONMENT_VARIABLES_NOT_FOUND,
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
|
const expiresAt = addMilliseconds(new Date().getTime(), ms(expiresIn));
|
||||||
const jwtPayload = {
|
const jwtPayload = {
|
||||||
sub: workspaceMemberId,
|
sub: workspaceMemberId,
|
||||||
|
@ -10,6 +10,8 @@ type GoogleAPIsRequestExtraParams = {
|
|||||||
calendarVisibility?: string;
|
calendarVisibility?: string;
|
||||||
messageVisibility?: string;
|
messageVisibility?: string;
|
||||||
loginHint?: string;
|
loginHint?: string;
|
||||||
|
userId?: string;
|
||||||
|
workspaceId?: string;
|
||||||
};
|
};
|
||||||
|
|
||||||
export const setRequestExtraParams = (
|
export const setRequestExtraParams = (
|
||||||
@ -22,6 +24,8 @@ export const setRequestExtraParams = (
|
|||||||
calendarVisibility,
|
calendarVisibility,
|
||||||
messageVisibility,
|
messageVisibility,
|
||||||
loginHint,
|
loginHint,
|
||||||
|
userId,
|
||||||
|
workspaceId,
|
||||||
} = params;
|
} = params;
|
||||||
|
|
||||||
if (!transientToken) {
|
if (!transientToken) {
|
||||||
@ -44,7 +48,16 @@ export const setRequestExtraParams = (
|
|||||||
if (messageVisibility) {
|
if (messageVisibility) {
|
||||||
request.params.messageVisibility = messageVisibility;
|
request.params.messageVisibility = messageVisibility;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (loginHint) {
|
if (loginHint) {
|
||||||
request.params.loginHint = loginHint;
|
request.params.loginHint = loginHint;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (userId) {
|
||||||
|
request.params.userId = userId;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (workspaceId) {
|
||||||
|
request.params.workspaceId = workspaceId;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
import { CustomException } from 'src/utils/custom-exception';
|
|
||||||
|
|
||||||
export class EnvironmentException extends CustomException {
|
|
||||||
code: EnvironmentExceptionCode;
|
|
||||||
constructor(message: string, code: EnvironmentExceptionCode) {
|
|
||||||
super(message, code);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
export enum EnvironmentExceptionCode {
|
|
||||||
ENVIRONMENT_VARIABLES_NOT_FOUND = 'ENVIRONMENT_VARIABLES_NOT_FOUND',
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user