@raddiamond/nexauth-core/dist/context/TenantManager.js

Core authentication plugin supporting Local, AD authentication

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TenantManager = void 0;
const Tenant_1 = require("../entities/Tenant");
/**
 * Manages tenant contexts and client secret generation using the database
 */
class TenantManager {
    constructor(db) {
        this.db = db;
    }
    /**
     * Register a new tenant in the database
     */
    async registerTenant(tenantData) {
        const repo = this.db.getRepository(Tenant_1.Tenant);
        let tenant = await repo.findOne({ where: { tenantId: tenantData.tenantId } });
        if (!tenant) {
            tenant = repo.create(tenantData);
            await repo.save(tenant);
        }
        return tenant;
    }
    /**
     * Get a tenant by tenantId
     */
    async getTenant(tenantId) {
        const repo = this.db.getRepository(Tenant_1.Tenant);
        return await repo.findOne({ where: { tenantId } }) || undefined;
    }
    /**
     * Validate client credentials for a tenant
     */
    async validateClientCredentials(tenantId, clientId) {
        const tenant = await this.getTenant(tenantId);
        if (!tenant)
            return false;
        if (tenant.clientId !== clientId)
            return false;
        return true;
    }
    /**
     * Generate a client secret for a tenant (utility)
     */
    async generateClientSecret(tenantId) {
        const repo = this.db.getRepository(Tenant_1.Tenant);
        const tenant = await repo.findOne({ where: { tenantId } });
        if (!tenant) {
            throw new Error(`Tenant ${tenantId} not found`);
        }
        // Generate a random secret
        const clientSecret = require('crypto').randomBytes(32).toString('hex');
        tenant.clientSecret = clientSecret;
        await repo.save(tenant);
        return clientSecret;
    }
    /**
     * Configure UI provider for a tenant
     */
    async configureUIProvider(tenantId, clientId, redirectUrl, allowedOrigins) {
        const repo = this.db.getRepository(Tenant_1.Tenant);
        let tenant = await repo.findOne({ where: { tenantId } });
        if (!tenant) {
            tenant = repo.create({
                tenantId,
                clientId,
                identityProviderType: 'ui',
                redirectUrl,
                allowedOrigins,
                clientSecret: require('crypto').randomBytes(32).toString('hex'),
            });
            await repo.save(tenant);
        }
        else {
            // Update fields if needed
            tenant.clientId = clientId;
            tenant.identityProviderType = 'ui';
            tenant.redirectUrl = redirectUrl;
            tenant.allowedOrigins = allowedOrigins;
            if (!tenant.clientSecret) {
                tenant.clientSecret = require('crypto').randomBytes(32).toString('hex');
            }
            await repo.save(tenant);
        }
        return {
            clientId: tenant.clientId,
            clientSecret: tenant.clientSecret,
            redirectUrl: tenant.redirectUrl,
            allowedOrigins: tenant.allowedOrigins || [],
        };
    }
}
exports.TenantManager = TenantManager;