UNPKG

supertokens-node

Version:

NodeJS driver for SuperTokens core

github.com/supertokens/supertokens-node

supertokens/supertokens-node

292 lines (291 loc) 16.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
"use strict"; /* Copyright (c) 2021, VRAI Labs and/or its affiliates. All rights reserved. * * This software is licensed under the Apache License, Version 2.0 (the * "License") as published by the Apache Software Foundation. * * You may not use this file except in compliance with the License. You may * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations * under the License. */ var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const recipeModule_1 = __importDefault(require("../../recipeModule")); const error_1 = __importDefault(require("./error")); const utils_1 = require("./utils"); const normalisedURLPath_1 = __importDefault(require("../../normalisedURLPath")); const constants_1 = require("./constants"); const generateEmailVerifyToken_1 = __importDefault(require("./api/generateEmailVerifyToken")); const emailVerify_1 = __importDefault(require("./api/emailVerify")); const recipeImplementation_1 = __importDefault(require("./recipeImplementation")); const implementation_1 = __importDefault(require("./api/implementation")); const supertokens_js_override_1 = __importDefault(require("supertokens-js-override")); const emaildelivery_1 = __importDefault(require("../../ingredients/emaildelivery")); const postSuperTokensInitCallbacks_1 = require("../../postSuperTokensInitCallbacks"); const emailVerificationClaim_1 = require("./emailVerificationClaim"); const error_2 = __importDefault(require("../session/error")); const session_1 = __importDefault(require("../session")); const logger_1 = require("../../logger"); const utils_2 = require("../../utils"); const plugins_1 = require("../../plugins"); class Recipe extends recipeModule_1.default { constructor(stInstance, recipeId, appInfo, isInServerlessEnv, config, ingredients) { super(stInstance, recipeId, appInfo); // abstract instance functions below............... this.getAPIsHandled = () => { return [ { method: "post", pathWithoutApiBasePath: new normalisedURLPath_1.default(constants_1.GENERATE_EMAIL_VERIFY_TOKEN_API), id: constants_1.GENERATE_EMAIL_VERIFY_TOKEN_API, disabled: this.apiImpl.generateEmailVerifyTokenPOST === undefined, }, { method: "post", pathWithoutApiBasePath: new normalisedURLPath_1.default(constants_1.EMAIL_VERIFY_API), id: constants_1.EMAIL_VERIFY_API, disabled: this.apiImpl.verifyEmailPOST === undefined, }, { method: "get", pathWithoutApiBasePath: new normalisedURLPath_1.default(constants_1.EMAIL_VERIFY_API), id: constants_1.EMAIL_VERIFY_API, disabled: this.apiImpl.isEmailVerifiedGET === undefined, }, ]; }; this.handleAPIRequest = async (id, tenantId, req, res, _, __, userContext) => { let options = { config: this.config, recipeId: this.getRecipeId(), isInServerlessEnv: this.isInServerlessEnv, recipeImplementation: this.recipeInterfaceImpl, req, res, emailDelivery: this.emailDelivery, appInfo: this.getAppInfo(), }; if (id === constants_1.GENERATE_EMAIL_VERIFY_TOKEN_API) { return await (0, generateEmailVerifyToken_1.default)(this.stInstance, this.apiImpl, options, userContext); } else { return await (0, emailVerify_1.default)(this.stInstance, this.apiImpl, tenantId, options, userContext); } }; this.handleError = async (err, _, __) => { throw err; }; this.getAllCORSHeaders = () => { return []; }; this.isErrorFromThisRecipe = (err) => { return error_1.default.isErrorFromSuperTokens(err) && err.fromRecipe === Recipe.RECIPE_ID; }; this.getEmailForRecipeUserId = async (user, recipeUserId, userContext) => { if (this.config.getEmailForRecipeUserId !== undefined) { const userRes = await this.config.getEmailForRecipeUserId(recipeUserId, userContext); if (userRes.status !== "UNKNOWN_USER_ID_ERROR") { return userRes; } } if (user === undefined) { user = await this.stInstance .getRecipeInstanceOrThrow("accountlinking") .recipeInterfaceImpl.getUser({ userId: recipeUserId.getAsString(), userContext }); if (user === undefined) { return { status: "UNKNOWN_USER_ID_ERROR", }; } } for (let i = 0; i < user.loginMethods.length; i++) { let currLM = user.loginMethods[i]; if (currLM.recipeUserId.getAsString() === recipeUserId.getAsString()) { if (currLM.email !== undefined) { return { email: currLM.email, status: "OK", }; } else { return { status: "EMAIL_DOES_NOT_EXIST_ERROR", }; } } } return { status: "UNKNOWN_USER_ID_ERROR", }; }; this.getPrimaryUserIdForRecipeUser = async (recipeUserId, userContext) => { // We extract this into its own function like this cause we want to make sure that // this recipe does not get the email of the user ID from the getUser function. // In fact, there is a test "email verification recipe uses getUser function only in getEmailForRecipeUserId" // which makes sure that this function is only called in 3 places in this recipe: // - this function // - getEmailForRecipeUserId function (above) // - after verification to get the updated user in verifyEmailUsingToken // We want to isolate the result of calling this function as much as possible // so that the consumer of the getUser function does not read the email // from the primaryUser. Hence, this function only returns the string ID // and nothing else from the primaryUser. let primaryUser = await this.stInstance .getRecipeInstanceOrThrow("accountlinking") .recipeInterfaceImpl.getUser({ userId: recipeUserId.getAsString(), userContext }); if (primaryUser === undefined) { // This can come here if the user is using session + email verification // recipe with a user ID that is not known to supertokens. In this case, // we do not allow linking for such users. return recipeUserId.getAsString(); } return primaryUser === null || primaryUser === void 0 ? void 0 : primaryUser.id; }; this.updateSessionIfRequiredPostEmailVerification = async (input) => { let primaryUserId = await this.getPrimaryUserIdForRecipeUser(input.recipeUserIdWhoseEmailGotVerified, input.userContext); // if a session exists in the API, then we can update the session // claim related to email verification if (input.session !== undefined) { (0, logger_1.logDebugMessage)("updateSessionIfRequiredPostEmailVerification got session"); // Due to linking, we will have to correct the current // session's user ID. There are four cases here: // --> (Case 1) User signed up and did email verification and the new account // became a primary user (user ID no change) // --> (Case 2) User signed up and did email verification and the new account got linked // to another primary user (user ID change) // --> (Case 3) This is post login account linking, in which the account that got verified // got linked to the session's account (user ID of account has changed to the session's user ID) // --> (Case 4) This is post login account linking, in which the account that got verified // got linked to ANOTHER primary account (user ID of account has changed to a different user ID != session.getUserId, but // we should ignore this since it will result in the user's session changing.) if (input.session.getRecipeUserId(input.userContext).getAsString() === input.recipeUserIdWhoseEmailGotVerified.getAsString()) { (0, logger_1.logDebugMessage)("updateSessionIfRequiredPostEmailVerification the session belongs to the verified user"); // this means that the session's login method's account is the // one that just got verified and that we are NOT doing post login // account linking. So this is only for (Case 1) and (Case 2) if (input.session.getUserId() === primaryUserId) { (0, logger_1.logDebugMessage)("updateSessionIfRequiredPostEmailVerification the session userId matches the primary user id, so we are only refreshing the claim"); // if the session's primary user ID is equal to the // primary user ID that the account was linked to, then // this means that the new account became a primary user (Case 1) // We also have the sub cases here that the account that just // got verified was already linked to the session's primary user ID, // but either way, we don't need to change any user ID. // In this case, all we do is to update the emailverification claim try { // EmailVerificationClaim will be based on the recipeUserId // and not the primary user ID. await input.session.fetchAndSetClaim(emailVerificationClaim_1.EmailVerificationClaim, input.userContext); } catch (err) { // This should never happen, since we've just set the status above. if (err.message === "UNKNOWN_USER_ID") { throw new error_2.default({ type: error_2.default.UNAUTHORISED, message: "Unknown User ID provided", }); } throw err; } return; } else { (0, logger_1.logDebugMessage)("updateSessionIfRequiredPostEmailVerification the session user id doesn't match the primary user id, so we are revoking all sessions and creating a new one"); // if the session's primary user ID is NOT equal to the // primary user ID that the account that it was linked to, then // this means that the new account got linked to another primary user (Case 2) // In this case, we need to update the session's user ID by creating // a new session // Revoke all session belonging to session.getRecipeUserId() // We do not really need to do this, but we do it anyway.. no harm. await session_1.default.revokeAllSessionsForUser(input.recipeUserIdWhoseEmailGotVerified.getAsString(), false, undefined, input.userContext); // create a new session and return that.. return await session_1.default.createNewSession(input.req, input.res, input.session.getTenantId(), input.session.getRecipeUserId(input.userContext), {}, {}, input.userContext); } } else { (0, logger_1.logDebugMessage)("updateSessionIfRequiredPostEmailVerification the verified user doesn't match the session"); // this means that the session's login method's account was NOT the // one that just got verified and that we ARE doing post login // account linking. So this is only for (Case 3) and (Case 4) // In both case 3 and case 4, we do not want to change anything in the // current session in terms of user ID or email verification claim (since // both of these refer to the current logged in user and not the newly // linked user's account). return undefined; } } else { (0, logger_1.logDebugMessage)("updateSessionIfRequiredPostEmailVerification got no session"); // the session is updated when the is email verification GET API is called // so we don't do anything in this API. return undefined; } }; this.config = (0, utils_1.validateAndNormaliseUserInput)(this, appInfo, config); this.isInServerlessEnv = isInServerlessEnv; { let builder = new supertokens_js_override_1.default((0, recipeImplementation_1.default)(this.stInstance, this.querier, this.getEmailForRecipeUserId)); this.recipeInterfaceImpl = builder.override(this.config.override.functions).build(); } { let builder = new supertokens_js_override_1.default((0, implementation_1.default)(this.stInstance)); this.apiImpl = builder.override(this.config.override.apis).build(); } /** * emailDelivery will always needs to be declared after isInServerlessEnv * and recipeInterfaceImpl values are set */ this.emailDelivery = ingredients.emailDelivery === undefined ? new emaildelivery_1.default(this.config.getEmailDeliveryConfig(this.isInServerlessEnv)) : ingredients.emailDelivery; } static getInstanceOrThrowError() { if (Recipe.instance !== undefined) { return Recipe.instance; } throw new Error("Initialisation not done. Did you forget to call the EmailVerification.init function?"); } static getInstance() { return Recipe.instance; } static init(config) { return (stInstance, appInfo, isInServerlessEnv, plugins) => { if (Recipe.instance === undefined) { Recipe.instance = new Recipe(stInstance, Recipe.RECIPE_ID, appInfo, isInServerlessEnv, (0, plugins_1.applyPlugins)(Recipe.RECIPE_ID, config, plugins !== null && plugins !== void 0 ? plugins : []), { emailDelivery: undefined, }); postSuperTokensInitCallbacks_1.PostSuperTokensInitCallbacks.addPostInitCallback(() => { stInstance.getRecipeInstanceOrThrow("session").addClaimFromOtherRecipe(emailVerificationClaim_1.EmailVerificationClaim); if (config.mode === "REQUIRED") { stInstance .getRecipeInstanceOrThrow("session") .addClaimValidatorFromOtherRecipe(emailVerificationClaim_1.EmailVerificationClaim.validators.isVerified()); } }); return Recipe.instance; } else { throw new Error("Emailverification recipe has already been initialised. Please check your code for bugs."); } }; } static reset() { if (!(0, utils_2.isTestEnv)()) { throw new Error("calling testing function in non testing env"); } Recipe.instance = undefined; } } Recipe.instance = undefined; Recipe.RECIPE_ID = "emailverification"; exports.default = Recipe;