Starship/CoreID
1
0
Fork 0
Code Issues 8 Pull Requests Releases 34 Wiki Activity

Compare commits

base: Starship:ci-20
Branches Tags
Starship:master Starship:feature/cd
Starship:ci-26 Starship:ci-25 Starship:ci-24 Starship:ci-23 Starship:ci-22 Starship:ci-21 Starship:ci-20 Starship:ci-19 Starship:ci-18 Starship:ci-17 Starship:ci-16 Starship:ci-15 Starship:ci-14 Starship:ci-13 Starship:ci-12 Starship:ci-11 Starship:ci-10 Starship:ci-09 Starship:ci-08 Starship:ci-07 Starship:ci-06 Starship:ci-05 Starship:ci-04 Starship:ci-03 Starship:ci=02 Starship:ci-01 Starship:0.1.0 Starship:0.1.0-rc8 Starship:0.1.0-rc7 Starship:0.1.0-rc6 Starship:0.1.0-rc5 Starship:0.1.0-rc3 Starship:0.1.0-rc2 Starship:0.1.0-rc1
...
compare: Starship:ci-25
Branches Tags
Starship:master Starship:feature/cd
Starship:ci-26 Starship:ci-25 Starship:ci-24 Starship:ci-23 Starship:ci-22 Starship:ci-21 Starship:ci-20 Starship:ci-19 Starship:ci-18 Starship:ci-17 Starship:ci-16 Starship:ci-15 Starship:ci-14 Starship:ci-13 Starship:ci-12 Starship:ci-11 Starship:ci-10 Starship:ci-09 Starship:ci-08 Starship:ci-07 Starship:ci-06 Starship:ci-05 Starship:ci-04 Starship:ci-03 Starship:ci=02 Starship:ci-01 Starship:0.1.0 Starship:0.1.0-rc8 Starship:0.1.0-rc7 Starship:0.1.0-rc6 Starship:0.1.0-rc5 Starship:0.1.0-rc3 Starship:0.1.0-rc2 Starship:0.1.0-rc1

5 Commits
ci-20 ... ci-25

Author SHA1 Message Date
garrettmills
9b5216431d Make jobs use built-in job logging
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2020-12-04 20:40:27 -06:00
garrettmills
1d5c00768c Update flitter jobs
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2020-12-03 20:00:40 -06:00
garrettmills
7f1c9ec9a8 Update libflitter
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2020-10-29 08:52:13 -05:00
garrettmills
fe0a4d5991 Update libflitter and set session max age
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2020-10-29 08:46:30 -05:00
garrettmills
f06ff83dce Move all front-end public field definitions into constructors for iOS support
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2020-10-28 19:53:07 -05:00
49 changed files with 1448 additions and 1277 deletions
Expand all files Collapse all files

16
app/assets/app/auth/MFAChallenge.component.js
View File

@@ -38,14 +38,18 @@ export default class MFAChallengePage extends Component {
static get props() { return ['app_name'] }
static get template() { return template }
loading = false
constructor() {
super()
verify_code = ''
verify_success = false
this.loading = false
error_message = ''
other_message = ''
t = {}
this.verify_code = ''
this.verify_success = false
this.error_message = ''
this.other_message = ''
this.t = {}
}
async vue_on_create() {
this.t = await T(

16
app/assets/app/auth/MFADisable.component.js
View File

@@ -28,12 +28,16 @@ export default class MFADisableComponent extends Component {
static get template() { return template }
static get props() { return [] }
app_name = ''
step = 0
loading = false
error_message = ''
other_message = ''
t = {}
constructor() {
super()
this.app_name = ''
this.step = 0
this.loading = false
this.error_message = ''
this.other_message = ''
this.t = {}
}
async vue_on_create() {
this.app_name = session.get('app.name')

16
app/assets/app/auth/MFARecovery.component.js
View File

@@ -38,12 +38,16 @@ export default class MFARecoveryComponent extends Component {
static get template() { return template }
static get props() { return ['app_name'] }
verify_success = false
loading = false
recovery_code = ''
error_message = ''
other_message = ''
t = {}
constructor() {
super()
this.verify_success = false
this.loading = false
this.recovery_code = ''
this.error_message = ''
this.other_message = ''
this.t = {}
}
async vue_on_create() {
this.t = await T(

24
app/assets/app/auth/MFASetup.component.js
View File

@@ -61,19 +61,23 @@ export default class MFASetupPage extends Component {
static get props() { return ['app_name'] }
static get template() { return template }
loading = false
step = 0
constructor() {
super()
qr_data = ''
otpauth_url = ''
secret = ''
verify_code = ''
this.loading = false
this.step = 0
verify_success = false
this.qr_data = ''
this.otpauth_url = ''
this.secret = ''
this.verify_code = ''
error_message = ''
other_message = ''
t = {}
this.verify_success = false
this.error_message = ''
this.other_message = ''
this.t = {}
}
async vue_on_create() {
this.t = await T(

6
app/assets/app/auth/Page.component.js
View File

@@ -25,7 +25,11 @@ export default class AuthPage extends Component {
static get props() { return ['app_name', 'message', 'actions'] }
static get template() { return template }
loading = false
constructor() {
super()
this.loading = false
}
async action_click(index) {
this.loading = true

30
app/assets/app/auth/PasswordReset.component.js
View File

@@ -78,23 +78,27 @@ export default class PasswordResetComponent extends Component {
static get template() { return template }
static get props() { return ['app_name'] }
step = 0
loading = false
has_mfa = false
constructor() {
super()
error_message = ''
other_message = ''
this.step = 0
this.loading = false
this.has_mfa = false
step_1_valid = false
step_1_calc_time = ''
step_1_problem = ''
this.error_message = ''
this.other_message = ''
step_2_valid = false
this.step_1_valid = false
this.step_1_calc_time = ''
this.step_1_problem = ''
password = ''
confirm_password = ''
t = {}
ready = false
this.step_2_valid = false
this.password = ''
this.confirm_password = ''
this.t = {}
this.ready = false
}
async vue_on_create() {
this.has_mfa = !!session.get('user.has_mfa')

25
app/assets/app/auth/login/Form.component.js
View File

@@ -63,18 +63,21 @@ export default class AuthLoginForm extends Component {
] }
static get template() { return template }
username = ''
password = ''
button_text = ''
step_two = false
btn_disabled = true
loading = false
error_message = ''
other_message = ''
allow_back = true
auth_user = false
constructor() {
super()
t = {}
this.username = ''
this.password = ''
this.button_text = ''
this.step_two = false
this.btn_disabled = true
this.loading = false
this.error_message = ''
this.other_message = ''
this.allow_back = true
this.auth_user = false
this.t = {}
}
watch_username(new_username, old_username) {
this.btn_disabled = !new_username

28
app/assets/app/auth/register/Form.component.js
View File

@@ -98,19 +98,23 @@ export default class RegistrationFormComponent extends Component {
static get template() { return template }
static get props() { return ['app_name'] }
loading = false
step = 1
other_message = ''
error_message = ''
message = ''
btn_disabled = true
button_text = ''
constructor() {
super()
first_name = ''
last_name = ''
username = ''
email = ''
t = {}
this.loading = false
this.step = 1
this.other_message = ''
this.error_message = ''
this.message = ''
this.btn_disabled = true
this.button_text = ''
this.first_name = ''
this.last_name = ''
this.username = ''
this.email = ''
this.t = {}
}
async vue_on_create() {
// Batch-load translated phrases

28
app/assets/app/cobalt/Form.component.js
View File

@@ -146,20 +146,24 @@ export default class FormComponent extends Component {
return ['resource', 'form_id', 'initial_mode']
}
definition = {}
data = {}
uuid = ''
title = ''
error_message = ''
other_message = ''
constructor() {
super()
access_msg = ''
can_access = false
this.definition = {}
this.data = {}
this.uuid = ''
this.title = ''
this.error_message = ''
this.other_message = ''
is_ready = false
mode = ''
id = ''
t = {}
this.access_msg = ''
this.can_access = false
this.is_ready = false
this.mode = ''
this.id = ''
this.t = {}
}
reset() {
this.definition = {}

16
app/assets/app/cobalt/Listing.component.js
View File

@@ -65,13 +65,17 @@ export default class ListingComponent extends Component {
static get template() { return template }
static get props() { return ['resource'] }
definition = {}
data = []
resource_class = {}
constructor() {
super()
access_msg = ''
can_access = false
t = {}
this.definition = {}
this.data = []
this.resource_class = {}
this.access_msg = ''
this.can_access = false
this.t = {}
}
async vue_on_create() {
this.t = await T(

50
app/assets/app/dash/AppSetup.component.js
View File

@@ -232,35 +232,39 @@ export default class AppSetupComponent extends Component {
static get template() { return template }
static get props() { return [] }
step = 0
btn_disabled = true
btn_back = false
btn_hidden = false
btn_listing = false
constructor() {
super()
name = ''
identifier = ''
type = '' // ldap | saml | oauth
oauth_redirect_uri = ''
this.step = 0
this.btn_disabled = true
this.btn_back = false
this.btn_hidden = false
this.btn_listing = false
saml_entity_id = ''
saml_acs_url = ''
saml_slo_url = ''
this.name = ''
this.identifier = ''
this.type = '' // ldap | saml | oauth
this.oauth_redirect_uri = ''
ldap_username = ''
ldap_password = ''
ldap_password_confirm = ''
ldap_config = {}
this.saml_entity_id = ''
this.saml_acs_url = ''
this.saml_slo_url = ''
error_message = ''
this.ldap_username = ''
this.ldap_password = ''
this.ldap_password_confirm = ''
this.ldap_config = {}
app = {}
oauth_client = {}
saml_provider = {}
ldap_client = {}
this.error_message = ''
app_name = ''
host = ''
this.app = {}
this.oauth_client = {}
this.saml_provider = {}
this.ldap_client = {}
this.app_name = ''
this.host = ''
}
make_url(path) {
return session.url(path)

5
app/assets/app/dash/NavBar.component.js
View File

@@ -1,7 +1,6 @@
import { Component } from '../../lib/vues6/vues6.js'
import { event_bus } from '../service/EventBus.service.js'
import { session } from '../service/Session.service.js'
import { message_service } from '../service/Message.service.js'
const template = `
<nav class="navbar navbar-expand-lg navbar-light bg-light border-bottom">
@@ -53,10 +52,10 @@ export default class NavBarComponent extends Component {
static get template() { return template }
static get props() { return [] }
can = {}
constructor() {
super()
this.can = {}
this.toggle_event = event_bus.event('sidebar.toggle')
this.first_name = session.get('user.first_name')
this.last_name = session.get('user.last_name')

13
app/assets/app/dash/SideBar.component.js
View File

@@ -23,9 +23,14 @@ export default class SideBarComponent extends Component {
static get props() { return ['app_name'] }
static get template() { return template }
actions = []
constructor() {
super()
possible_actions = [
this.actions = []
this.isCollapsed = false
this.possible_actions = [
{
text: 'Profile',
action: 'redirect',
@@ -87,8 +92,6 @@ export default class SideBarComponent extends Component {
},
]
constructor() {
super()
event_bus.event('sidebar.toggle').subscribe(() => {
this.toggle()
})
@@ -120,8 +123,6 @@ export default class SideBarComponent extends Component {
this.actions = new_actions
}
isCollapsed = false
toggle() {
this.isCollapsed = !this.isCollapsed
}

8
app/assets/app/dash/message/MessageContainer.component.js
View File

@@ -68,8 +68,12 @@ export default class MessageContainerComponent extends Component {
static get template() { return template }
static get props() { return [] }
messages = []
modals = []
constructor() {
super()
this.messages = []
this.modals = []
}
vue_on_create() {
this.alert_event = event_bus.event('message.alert')

44
app/assets/app/dash/profile/EditProfile.component.js
View File

@@ -195,31 +195,35 @@ export default class EditProfileComponent extends Component {
static get template() { return template }
static get props() { return ['user_id'] }
profile_first = ''
profile_last = ''
profile_email = ''
profile_tagline = ''
last_reset = ''
mfa_enable_date = ''
constructor() {
super()
has_mfa_recovery = false
mfa_recovery_date = ''
mfa_recovery_codes = 0
this.profile_first = ''
this.profile_last = ''
this.profile_email = ''
this.profile_tagline = ''
this.last_reset = ''
this.mfa_enable_date = ''
form_message = 'No changes.'
this.has_mfa_recovery = false
this.mfa_recovery_date = ''
this.mfa_recovery_codes = 0
has_mfa = false
ready = false
this.form_message = 'No changes.'
notify_gateway_url = ''
notify_app_key = ''
notify_enabled = false
notify_created_on = ''
notify_loaded = false
this.has_mfa = false
this.ready = false
app_passwords = []
app_name = ''
t = {}
this.notify_gateway_url = ''
this.notify_app_key = ''
this.notify_enabled = false
this.notify_created_on = ''
this.notify_loaded = false
this.app_passwords = []
this.app_name = ''
this.t = {}
}
on_key_up = ($event) => {}

16
app/assets/app/dash/profile/form/AppPassword.component.js
View File

@@ -72,12 +72,16 @@ export default class AppPasswordFormComponent extends Component {
static get template() { return template }
static get props() { return [] }
name = ''
valid = false
uuid = ''
enable_form = true
display_password = ''
t = {}
constructor() {
super()
this.name = ''
this.valid = false
this.uuid = ''
this.enable_form = true
this.display_password = ''
this.t = {}
}
async vue_on_create() {
this.t = await T(

8
app/assets/app/dash/profile/form/ProfilePhotoUploader.component.js
View File

@@ -29,8 +29,12 @@ export default class ProfilePhotoUploaderComponent extends Component {
static get template() { return template }
static get params() { return [] }
ready = false
t = {}
constructor() {
super()
this.ready = false
this.t = {}
}
async vue_on_create() {
this.t = await T(

18
app/assets/app/resource/App.resource.js
View File

@@ -2,14 +2,17 @@ import CRUDBase from './CRUDBase.js'
import { session } from '../service/Session.service.js'
class AppResource extends CRUDBase {
endpoint = '/api/v1/applications'
required_fields = ['name', 'identifier']
permission_base = 'v1:applications'
constructor() {
super()
item = 'Application'
plural = 'Applications'
this.endpoint = '/api/v1/applications'
this.required_fields = ['name', 'identifier']
this.permission_base = 'v1:applications'
listing_definition = {
this.item = 'Application'
this.plural = 'Applications'
this.listing_definition = {
display: `
An application is anything that can authenticate users against ${session.get('app.name')}. Applications can have any number of associated LDAP clients, SAML service providers, and OAuth2 clients.
`,
@@ -60,7 +63,7 @@ class AppResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Name',
@@ -124,6 +127,7 @@ class AppResource extends CRUDBase {
],
}
}
}
const app = new AppResource()
export { app }

16
app/assets/app/resource/CRUDBase.js
View File

@@ -2,15 +2,17 @@ import APIParseError from './APIParseError.js'
import { session } from '../service/Session.service.js'
export default class CRUDBase {
endpoint = '/api/v1'
required_fields = []
permission_base = ''
constructor() {
this.endpoint = '/api/v1'
this.required_fields = []
this.permission_base = ''
listing_definition = {}
form_definition = {}
this.listing_definition = {}
this.form_definition = {}
item = ''
plural = ''
this.item = ''
this.plural = ''
}
async can(action) {
return session.check_permissions(`${this.permission_base}:${action}`)

18
app/assets/app/resource/Setting.resource.js
View File

@@ -2,14 +2,17 @@ import CRUDBase from './CRUDBase.js'
import { session } from '../service/Session.service.js'
class SettingResource extends CRUDBase {
endpoint = '/api/v1/settings'
required_fields = ['key', 'value']
permission_base = 'v1:settings'
constructor() {
super()
item = 'Setting'
plural = 'Settings'
this.endpoint = '/api/v1/settings'
this.required_fields = ['key', 'value']
this.permission_base = 'v1:settings'
listing_definition = {
this.item = 'Setting'
this.plural = 'Settings'
this.listing_definition = {
display: `
<p>These are advanced settings that allow you to tweak the way ${session.get('app.name')} behaves. Tweak them at your own risk.</p>
`,
@@ -35,7 +38,7 @@ class SettingResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Setting Key',
@@ -51,6 +54,7 @@ class SettingResource extends CRUDBase {
],
}
}
}
const setting = new SettingResource()
export { setting }

18
app/assets/app/resource/auth/Group.resource.js
View File

@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
import { session } from '../../service/Session.service.js'
class GroupResource extends CRUDBase {
endpoint = '/api/v1/auth/groups'
required_fields = ['name']
permission_base = 'v1:auth:groups'
constructor() {
super()
item = 'Group'
plural = 'Groups'
this.endpoint = '/api/v1/auth/groups'
this.required_fields = ['name']
this.permission_base = 'v1:auth:groups'
listing_definition = {
this.item = 'Group'
this.plural = 'Groups'
this.listing_definition = {
display: `
In ${session.get('app.name')}, groups are simply a tool for organizing users and assigning permissions and access in bulk. After creating and assigning users to a group, you can manage permissions for that group, and its policies will be applied to all users in that group.
`,
@@ -50,7 +53,7 @@ class GroupResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Name',
@@ -72,6 +75,7 @@ class GroupResource extends CRUDBase {
],
}
}
}
const auth_group = new GroupResource()
export { auth_group }

15
app/assets/app/resource/auth/Role.resource.js
View File

@@ -1,12 +1,17 @@
import CRUDBase from '../CRUDBase.js'
class RoleResource extends CRUDBase {
endpoint = '/api/v1/auth/roles'
required_fields = ['role', 'permissions']
permission_base = 'v1:auth:roles'
item = 'Role'
plural = 'Roles'
constructor() {
super()
this.endpoint = '/api/v1/auth/roles'
this.required_fields = ['role', 'permissions']
this.permission_base = 'v1:auth:roles'
this.item = 'Role'
this.plural = 'Roles'
}
}
const auth_role = new RoleResource()

14
app/assets/app/resource/auth/Trap.resource.js
View File

@@ -1,12 +1,16 @@
import CRUDBase from '../CRUDBase.js'
class TrapResource extends CRUDBase {
endpoint = '/api/v1/auth/traps'
required_fields = ['name', 'trap', 'redirect_to']
permission_base = 'v1:auth:traps'
constructor() {
super()
item = 'Trap'
plural = 'Traps'
this.endpoint = '/api/v1/auth/traps'
this.required_fields = ['name', 'trap', 'redirect_to']
this.permission_base = 'v1:auth:traps'
this.item = 'Trap'
this.plural = 'Traps'
}
}
const auth_trap = new TrapResource()

18
app/assets/app/resource/auth/User.resource.js
View File

@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
import { session } from '../../service/Session.service.js'
class UserResource extends CRUDBase {
endpoint = '/api/v1/auth/users'
required_fields = ['uid', 'first_name', 'last_name', 'email']
permission_base = 'v1:auth:users'
constructor() {
super()
item = 'User'
plural = 'Users'
this.endpoint = '/api/v1/auth/users'
this.required_fields = ['uid', 'first_name', 'last_name', 'email']
this.permission_base = 'v1:auth:users'
listing_definition = {
this.item = 'User'
this.plural = 'Users'
this.listing_definition = {
display: `
Users can be assigned permissions and, if granted, can manage their ${session.get('app.name')} accounts from the Profile page, as well as login to the external applications they've been given access to.
`,
@@ -57,7 +60,7 @@ class UserResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'First Name',
@@ -112,6 +115,7 @@ class UserResource extends CRUDBase {
],
}
}
}
const auth_user = new UserResource()
export { auth_user }

18
app/assets/app/resource/iam/Policy.resource.js
View File

@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
import { session } from '../../service/Session.service.js'
class PolicyResource extends CRUDBase {
endpoint = '/api/v1/iam/policy'
required_fields = ['entity_id', 'entity_type', 'target_id', 'target_type', 'access_type']
permission_base = 'v1:iam:policy'
constructor() {
super()
item = 'IAM Policy'
plural = 'IAM Policies'
this.endpoint = '/api/v1/iam/policy'
this.required_fields = ['entity_id', 'entity_type', 'target_id', 'target_type', 'access_type']
this.permission_base = 'v1:iam:policy'
listing_definition = {
this.item = 'IAM Policy'
this.plural = 'IAM Policies'
this.listing_definition = {
display: `
Identity & Access Management (IAM) policies give you fine grained control over which ${session.get('app.name')} users and groups are allowed to access which applications.
<br><br>
@@ -65,7 +68,7 @@ class PolicyResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Subject Type',
@@ -156,6 +159,7 @@ class PolicyResource extends CRUDBase {
},*/
}
}
}
const iam_policy = new PolicyResource()
export { iam_policy }

27
app/assets/app/resource/ldap/Client.resource.js
View File

@@ -2,19 +2,18 @@ import CRUDBase from '../CRUDBase.js'
import { session } from '../../service/Session.service.js'
class ClientResource extends CRUDBase {
endpoint = '/api/v1/ldap/clients'
required_fields = ['name', 'uid', 'password']
permission_base = 'v1:ldap:clients'
constructor() {
super()
item = 'LDAP Client'
plural = 'LDAP Clients'
this.endpoint = '/api/v1/ldap/clients'
this.required_fields = ['name', 'uid', 'password']
this.permission_base = 'v1:ldap:clients'
async server_config() {
const results = await axios.get('/api/v1/ldap/config')
if ( results && results.data && results.data.data ) return results.data.data
}
this.item = 'LDAP Client'
this.plural = 'LDAP Clients'
listing_definition = {
this.listing_definition = {
display: `
LDAP Clients are special user accounts that external applications can use to bind to ${session.get('app.name')}'s built-in LDAP server to allow these applications to authenticate users.
<br><br>
@@ -56,7 +55,7 @@ class ClientResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Provider Name',
@@ -82,5 +81,11 @@ class ClientResource extends CRUDBase {
}
}
async server_config() {
const results = await axios.get('/api/v1/ldap/config')
if (results && results.data && results.data.data) return results.data.data
}
}
const ldap_client = new ClientResource()
export { ldap_client }

18
app/assets/app/resource/ldap/Group.resource.js
View File

@@ -1,14 +1,17 @@
import CRUDBase from '../CRUDBase.js'
class GroupResource extends CRUDBase {
endpoint = '/api/v1/ldap/groups'
required_fields = ['name', 'role']
permission_base = 'v1:ldap:groups'
constructor() {
super()
item = 'LDAP Group'
plural = 'LDAP Groups'
this.endpoint = '/api/v1/ldap/groups'
this.required_fields = ['name', 'role']
this.permission_base = 'v1:ldap:groups'
listing_definition = {
this.item = 'LDAP Group'
this.plural = 'LDAP Groups'
this.listing_definition = {
columns: [
{
name: 'Group Name',
@@ -50,7 +53,7 @@ class GroupResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
// back_action: {
// text: 'Back',
// action: 'back',
@@ -94,6 +97,7 @@ class GroupResource extends CRUDBase {
],
}
}
}
const ldap_group = new GroupResource()
export { ldap_group }

18
app/assets/app/resource/oauth/Client.resource.js
View File

@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
import { session } from '../../service/Session.service.js';
class ClientResource extends CRUDBase {
endpoint = '/api/v1/oauth/clients'
required_fields = ['name', 'redirect_url', 'api_scopes']
permission_base = 'v1:oauth:clients'
constructor() {
super()
item = 'OAuth2 Client'
plural = 'OAuth2 Clients'
this.endpoint = '/api/v1/oauth/clients'
this.required_fields = ['name', 'redirect_url', 'api_scopes']
this.permission_base = 'v1:oauth:clients'
listing_definition = {
this.item = 'OAuth2 Client'
this.plural = 'OAuth2 Clients'
this.listing_definition = {
display: `
OAuth2 clients are applications that support authentication over the OAuth2 protocol. This allows you to add a "Sign-In with XXX" button for ${session.get('app.name')} to the application in question. To do this, you need to create an OAuth2 client for that application, and provide the name, redirect URL, and API scopes.
<br><br>
@@ -58,7 +61,7 @@ class ClientResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Client Name',
@@ -102,6 +105,7 @@ class ClientResource extends CRUDBase {
],
}
}
}
const oauth_client = new ClientResource()
export { oauth_client }

18
app/assets/app/resource/openid/Client.resource.js
View File

@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
import { session } from '../../service/Session.service.js'
class ClientResource extends CRUDBase {
endpoint = '/openid/clients'
required_fields = ['client_name', 'grant_types', 'redirect_uri']
permission_base = 'v1:openid:clients'
constructor() {
super()
item = 'OpenID Connect Client'
plural = 'OpenID Connect Clients'
this.endpoint = '/openid/clients'
this.required_fields = ['client_name', 'grant_types', 'redirect_uri']
this.permission_base = 'v1:openid:clients'
listing_definition = {
this.item = 'OpenID Connect Client'
this.plural = 'OpenID Connect Clients'
this.listing_definition = {
display: `
OpenID Connect clients are applications that support authentication over the OpenID Connect protocol. This allows you to add a "Sign-In with XXX" button for ${session.get('app.name')} to the application in question. To do this, the application need only comply with the OpenID standards.
`,
@@ -49,7 +52,7 @@ class ClientResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Client Name',
@@ -92,6 +95,7 @@ class ClientResource extends CRUDBase {
],
}
}
}
const openid_client = new ClientResource()
export { openid_client }

14
app/assets/app/resource/reflect/Scope.resource.js
View File

@@ -1,12 +1,16 @@
import CRUDBase from '../CRUDBase.js'
class ScopeResource extends CRUDBase {
endpoint = '/api/v1/reflect/scopes'
required_fields = ['scope']
permission_base = 'v1:reflect:scopes'
constructor() {
super()
item = 'API Scope'
plural = 'API Scopes'
this.endpoint = '/api/v1/reflect/scopes'
this.required_fields = ['scope']
this.permission_base = 'v1:reflect:scopes'
this.item = 'API Scope'
this.plural = 'API Scopes'
}
}
const reflect_scope = new ScopeResource()

17
app/assets/app/resource/reflect/Token.resource.js
View File

@@ -1,14 +1,16 @@
import CRUDBase from '../CRUDBase.js'
class TokenResource extends CRUDBase {
endpoint = '/api/v1/reflect/tokens'
required_fields = ['client_id']
permission_base = 'v1:reflect:tokens'
constructor() {
super()
this.endpoint = '/api/v1/reflect/tokens'
this.required_fields = ['client_id']
this.permission_base = 'v1:reflect:tokens'
item = 'API Token'
plural = 'API Tokens'
this.item = 'API Token'
this.plural = 'API Tokens'
listing_definition = {
this.listing_definition = {
display: `
This allows you to create bearer tokens manually to allow for easier testing of the API. Notably, this is meant as a measure for testing and development, not for long term use.
<br><br>
@@ -54,7 +56,7 @@ class TokenResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Client',
@@ -84,6 +86,7 @@ class TokenResource extends CRUDBase {
],
}
}
}
const reflect_token = new TokenResource()
export { reflect_token }

18
app/assets/app/resource/saml/Provider.resource.js
View File

@@ -2,14 +2,17 @@ import CRUDBase from '../CRUDBase.js'
import { session } from '../../service/Session.service.js'
class ProviderResource extends CRUDBase {
endpoint = '/api/v1/saml/providers'
required_fields = ['name', 'acs_url', 'entity_id']
permission_base = 'v1:saml:providers'
constructor() {
super()
item = 'SAML Service Provider'
plural = 'SAML Service Providers'
this.endpoint = '/api/v1/saml/providers'
this.required_fields = ['name', 'acs_url', 'entity_id']
this.permission_base = 'v1:saml:providers'
listing_definition = {
this.item = 'SAML Service Provider'
this.plural = 'SAML Service Providers'
this.listing_definition = {
display: `SAML Service Providers are applications that support external authentication to a SAML Identity Provider. In this case, ${session.get('app.name')} is the identity provider, so these external applications can authenticate against it.
<br><br>
To do this, you need to know the SAML service provider's entity ID, assertion consumer service URL, and single-logout URL (if supported).`,
@@ -58,7 +61,7 @@ class ProviderResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Provider Name',
@@ -90,6 +93,7 @@ class ProviderResource extends CRUDBase {
],
}
}
}
const saml_provider = new ProviderResource()
export { saml_provider }

18
app/assets/app/resource/system/Announcement.resource.js
View File

@@ -1,14 +1,17 @@
import CRUDBase from '../CRUDBase.js'
class AnnouncementResource extends CRUDBase {
endpoint = '/api/v1/system/announcements'
required_fields = ['user_ids', 'group_ids', 'title', 'message', 'type']
permission_base = 'v1:system:announcements'
constructor() {
super()
item = 'System Announcement'
plural = 'System Announcements'
this.endpoint = '/api/v1/system/announcements'
this.required_fields = ['user_ids', 'group_ids', 'title', 'message', 'type']
this.permission_base = 'v1:system:announcements'
listing_definition = {
this.item = 'System Announcement'
this.plural = 'System Announcements'
this.listing_definition = {
display: `
System announcements are administrative messages that you want all or some of your users to see. These messages can be delivered via e-mail, as a message after login, or as a system banner announcement.
`,
@@ -42,7 +45,7 @@ class AnnouncementResource extends CRUDBase {
],
}
form_definition = {
this.form_definition = {
fields: [
{
name: 'Title',
@@ -93,6 +96,7 @@ class AnnouncementResource extends CRUDBase {
}
}
}
}
const system_announcement = new AnnouncementResource()
export { system_announcement }

8
app/assets/app/service/EventBus.service.js
View File

@@ -1,9 +1,9 @@
class Event {
firings = []
subscriptions = []
constructor(name) {
this.name = name
this.firings = []
this.subscriptions = []
}
subscribe(handler) {
@@ -22,7 +22,9 @@ class Event {
}
class EventBusService {
_events = {}
constructor() {
this._events = {}
}
event(name) {
if ( !this._events[name] ) {

4
app/assets/app/service/Message.service.js
View File

@@ -2,7 +2,9 @@ import { event_bus } from './EventBus.service.js'
import { auth_api } from './AuthApi.service.js'
class MessageService {
listener_interval = 25000
constructor() {
this.listener_interval = 25000
}
alert({type, message, timeout = 0, on_dismiss = () => {} }) {
event_bus.event('message.alert').fire({ type, message, timeout, on_dismiss })

4
app/assets/app/service/Session.service.js
View File

@@ -1,5 +1,7 @@
class Session {
data = {}
constructor() {
this.data = {}
}
init(data) {
this.data = data

4
app/assets/app/service/Translate.service.js
View File

@@ -1,5 +1,7 @@
class TranslateService {
_cache = {}
constructor() {
this._cache = {}
}
check_cache(...keys) {
const obj = {}

4
app/assets/app/service/Utility.service.js
View File

@@ -1,5 +1,7 @@
class UtilityService {
_debounce_timeouts = {}
constructor() {
this._debounce_timeouts = {}
}
uuid() {
return ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c =>

8
app/jobs/EMail.job.js
View File

@@ -12,7 +12,7 @@ class EMailJob extends Job {
const { data } = job
let { from = config.default_sender, to, subject, html = undefined, email_params = undefined } = data
this.output.info(`Sending mail to ${to}...`)
this.info(`Sending mail to ${to}...`)
if ( !html && email_params ) html = this.email(email_params)
@@ -20,9 +20,11 @@ class EMailJob extends Job {
from, to, subject, html,
})
} catch (e) {
this.output.error(e)
this.error(e)
throw e
}
this.output.success(`Mail sent!`)
this.success(`Mail sent!`)
}
email({ header_text, body_paragraphs = [], button_text = '', button_link = '' }) {

9
app/jobs/ForeignIPLoginAlert.job.js
View File

@@ -12,7 +12,7 @@ class ForeignIPLoginAlertJob extends Job {
const user = await User.findById(user_id)
if ( !user ) throw new Error('Unable to find user with ID: '+user_id)
this.output.info('Sending foreign IP login alert to user.')
this.info('Sending foreign IP login alert to user ' + user.uid)
await this.jobs.queue('mailer').add('EMail', {
to: user.email,
@@ -29,14 +29,19 @@ class ForeignIPLoginAlertJob extends Job {
}
})
this.info('Logged e-mail job')
if ( user.notify_config && user.notify_config.active ) {
await user.notify_config.log({
title: `${this.configs.get('app.name')}: Sign-In From New IP`,
message: `Someone signed into your account (${user.uid}) from the IP address ${ip}. If this was you, no further action is required.`,
})
this.info('Logged push notification job')
}
} catch (e) {
this.output.error(e)
this.error(e)
throw e
}
}
}

17
app/jobs/PasswordReset.job.js
View File

@@ -13,13 +13,17 @@ class PasswordResetJob extends Job {
const User = this.models.get('auth:User')
const user = await User.findById(user_id)
if (!user) {
this.output.error(`Unable to find user with ID: ${user_id}`)
this.error(`Unable to find user with ID: ${user_id}`)
throw new Error('Unable to find user with that ID.')
}
this.output.info(`Resetting password for user: ${user.uid}`)
this.info(`Resetting password for user: ${user.uid}`)
// Create an authenticated key-action
const key_action = await this.key_action(user)
this.info(`Created reset keyaction ${key_action.id} (key: ${key_action.key}, handler: ${key_action.handler})`)
await this.jobs.queue('mailer').add('EMail', {
to: user.email,
subject: 'Reset Your Password | ' + this.configs.get('app.name'),
@@ -34,17 +38,22 @@ class PasswordResetJob extends Job {
}
})
this.info('Logged e-mail job.')
if ( user.notify_config && user.notify_config.active ) {
await user.notify_config.log({
title: `${this.configs.get('app.name')}: Password Reset Requested`,
message: `A password reset request was logged for your account (${user.uid}). If this was you, please check your e-mail for further instructions.`,
priority: 8,
})
this.info('Logged security push notification job')
}
this.output.success('Password reset logged.')
this.success('Password reset logged.')
} catch (e) {
this.output.error(e)
this.error(e)
throw e
}
}

9
app/jobs/PasswordResetAlert.job.js
View File

@@ -14,7 +14,7 @@ class PasswordResetAlertJob extends Job {
const user = await User.findById(user_id)
if ( !user ) throw new Error('Unable to find user with ID: '+user_id)
this.output.info('Sending password reset alert to user.')
this.info('Sending password reset alert to user ' + user.uid)
await this.jobs.queue('mailer').add('EMail', {
to: user.email,
@@ -28,15 +28,20 @@ class PasswordResetAlertJob extends Job {
},
})
this.info('Logged e-mail job')
if ( user.notify_config && user.notify_config.active ) {
await user.notify_config.log({
title: `${this.configs.get('app.name')}: Password Reset`,
message: `The password to your account (${user.uid}) was reset from the IP address ${ip}. If this was not you, please contact your system administrator.`,
priority: 8,
})
this.info('Logged push notification job')
}
} catch (e) {
this.output.error(e)
this.error(e)
throw e
}
}
}

7
app/jobs/PopulateAnnouncement.job.js
View File

@@ -14,14 +14,15 @@ class PopulateAnnouncementJob extends Job {
const announcement = await Announcement.findById(announcement_id)
if ( !announcement ) {
this.output.error(`Unable to find announcement with ID: ${announcement_id}`)
this.error(`Unable to find announcement with ID: ${announcement_id}`)
throw new Error('Unable to find announcement with that ID.')
}
await announcement.populate()
this.output.success('Populated announcements.')
this.success('Populated announcements.')
} catch (e) {
this.output.error(e)
this.error(e)
throw e
}
}
}

8
app/jobs/PushNotify.job.js
View File

@@ -18,13 +18,15 @@ class PushNotifyJob extends Job {
const notify = user.notify_config
if ( !notify || !notify.active ) throw new Error('User does not have notifications configured.')
this.output.info(`Sending notification to ${user.uid}...`)
this.info(`Sending notification to ${user.uid}...`)
await notify.send({ title, message, priority })
} catch (e) {
this.output.error(e)
this.error(e)
throw e
}
this.output.success(`Notification sent!`)
this.success(`Notification sent!`)
}
}

7
config/jobs.config.js
View File

@@ -31,6 +31,13 @@ const jobs_config = {
// worker processes of the same type.
// (e.g. you can have two "main" workers)
},
connector: {
enabled: env('JOB_QUEUE_CONNECTOR', false),
mount: env('JOB_QUEUE_CONNECTOR_MOUNT', '/job_queue_api'),
secret: env('JOB_QUEUE_CONNECTOR_SECRET'),
},
}
module.exports = exports = jobs_config

7
config/server.config.js
View File

@@ -35,7 +35,12 @@ const server_config = {
* The secret used to encrypt the session.
* This should be set in the environment.
*/
secret: env("SECRET", "changeme")
secret: env("SECRET", "changeme"),
/*
* The max age of a session in milliseconds
*/
max_age: env("SESSION_MAX_AGE", 1000 * 60 * 60 * 24 * 2), // default to 2 days
},
uploads: {

3
example.env
View File

@@ -33,3 +33,6 @@ SMTP_PORT="587"
SMTP_USER="coreid@localhost.localdomain"
SMTP_DEFAULT_SENDER="coreid@localhost.localdomain"
SMTP_PASS="something super secure"
JOB_QUEUE_CONNECTOR=true
JOB_QUEUE_CONNECTOR_SECRET=

4
package.json
View File

@@ -25,7 +25,7 @@
"flitter-forms": "^0.8.1",
"flitter-gotify": "^0.1.0",
"flitter-i18n": "^0.1.1",
"flitter-jobs": "^0.1.2",
"flitter-jobs": "^0.3.0",
"flitter-less": "^0.5.3",
"flitter-orm": "^0.4.0",
"flitter-redis": "^0.1.1",
@@ -33,7 +33,7 @@
"ioredis": "^4.17.1",
"is-absolute-url": "^3.0.3",
"ldapjs": "^1.0.2",
"libflitter": "^0.56.1",
"libflitter": "^0.57.1",
"moment": "^2.24.0",
"mongodb": "^3.5.9",
"nodemailer": "^6.4.6",

16
yarn.lock
View File

@@ -2148,10 +2148,10 @@ flitter-i18n@^0.1.1:
ncp "^2.0.0"
pluralize "^8.0.0"
flitter-jobs@^0.1.2:
version "0.1.2"
resolved "https://registry.yarnpkg.com/flitter-jobs/-/flitter-jobs-0.1.2.tgz#5536bb12be728b61f6e0940b6c18760e4f1b59d6"
integrity sha512-bxJD3akDnoKPRyIXXy8ytlypGI8uj0Fjn2C8gIY2HFxZeFIBJo47MqQ9qZvVWFS28pS6aUY+0emOvTFkuG/2zA==
flitter-jobs@^0.3.0:
version "0.3.0"
resolved "https://registry.yarnpkg.com/flitter-jobs/-/flitter-jobs-0.3.0.tgz#c10fd45e4ab3c41c32ad4d8540b9b76547c20fbd"
integrity sha512-uapjauWZCoZwc+3DuL0W1tY4LozSXTr3FqrKJEcL/Ri8diRYjZuT0+v+kiZBJ4YzThcjjXF+aYoFL09QlIG7Zw==
dependencies:
bullmq "^1.8.8"
flitter-redis "^0.1.1"
@@ -3235,10 +3235,10 @@ leven@^1.0.2:
resolved "https://registry.yarnpkg.com/leven/-/leven-1.0.2.tgz#9144b6eebca5f1d0680169f1a6770dcea60b75c3"
integrity sha1-kUS27ryl8dBoAWnxpncNzqYLdcM=
libflitter@^0.56.1:
version "0.56.1"
resolved "https://registry.yarnpkg.com/libflitter/-/libflitter-0.56.1.tgz#250166027b9cab727c9deb6b1fa1865428b1eafb"
integrity sha512-QikFtFRa9okKOjOio5ehpQ6hyacCoMbtOlqcXt4I7uU3lntBeP5qSbz1q3x1wUY/AdBc2k70+Eg8BcpGmBEs4Q==
libflitter@^0.57.1:
version "0.57.1"
resolved "https://registry.yarnpkg.com/libflitter/-/libflitter-0.57.1.tgz#e605333a5e38cadac1203e4be8ea685c5520472b"
integrity sha512-bEu02HZjcAp53A2xnE0hz/LVhkErvnqaKmlNOqvJJaGMjKClfVuqJlr9bFfWU84qXL9SaHWd06P3nxIVKTvFIw==
dependencies:
colors "^1.3.3"
connect-mongodb-session "^2.2.0"