first commit
This commit is contained in:
parent
c5a1fd4cc4
commit
454cda29e5
27 changed files with 12020 additions and 0 deletions
7
.dockerignore
Normal file
7
.dockerignore
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
.DS_Store
|
||||||
|
node_modules
|
||||||
|
/dist
|
||||||
|
|
||||||
|
.env
|
||||||
|
.env.*
|
||||||
|
!.env.example
|
||||||
12
.env.example
Normal file
12
.env.example
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
AUTH_REALM_URL=http://192.168.1.200:8080/realms/dev
|
||||||
|
AUTH_PUBLIC_KEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/QAH75nWgiRzWCTrGJv8q2A7z0qggC2IQ9Sva/Ok1RxeGE/ED2m4ELbF5B9MtugyXYGMUBXaKhooMpTE3wyR1OwsUlv/GtYSmMuKUnsSEXklsP8nIq8gZkCvISOVdvIC4ng5aZ5nBcp9cQ3eVbz4dfZcbLzcqLIIkxQmFBK0m1eFL5IdNj8Ac7U4eH4ylOckOu174f35NnFH6wDva6Iic3EXapMcE2BnXXCTajk2dmlWAzH13ybQBgHDfrOtulrmn1CzQxe9WUJes4qX5z72N05KsHvtUObaeN6cb+mIeH36GdysqgAdd2hhKkgUFXwtLPzldtrEc7xVyf3OLEg1QIDAQAB
|
||||||
|
AUTH_PREFERRED_MODE=online
|
||||||
|
|
||||||
|
APP_HOST=0.0.0.0
|
||||||
|
APP_PORT=3000
|
||||||
|
|
||||||
|
DB_HOST=192.168.1.200
|
||||||
|
DB_PORT=3306
|
||||||
|
DB_USERNAME=root
|
||||||
|
DB_PASSWORD=
|
||||||
|
DB_NAME=dev
|
||||||
85
.github/workflows/release.yaml
vendored
Normal file
85
.github/workflows/release.yaml
vendored
Normal file
|
|
@ -0,0 +1,85 @@
|
||||||
|
name: release-test
|
||||||
|
run-name: release-test ${{ github.actor }}
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- "version-[0-9]+.[0-9]+.[0-9]+"
|
||||||
|
workflow_dispatch:
|
||||||
|
env:
|
||||||
|
REGISTRY: docker.frappet.com
|
||||||
|
IMAGE_NAME: ehr/bma-ehr-org-service
|
||||||
|
DEPLOY_HOST: 192.168.1.80
|
||||||
|
COMPOSE_PATH: /home/frappet/docker/bma-ehr
|
||||||
|
jobs:
|
||||||
|
# act workflow_dispatch -W .github/workflows/release.yaml --input IMAGE_VER=test-v1 -s DOCKER_USER=sorawit -s DOCKER_PASS=P@ssword -s SSH_PASSWORD=P@ssw0rd
|
||||||
|
release-test:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
# skip Set up QEMU because it fail on act and container
|
||||||
|
# Gen Version try to get version from tag or inut
|
||||||
|
- name: Set output tags
|
||||||
|
id: vars
|
||||||
|
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
|
||||||
|
- name: Gen Version
|
||||||
|
id: gen_ver
|
||||||
|
run: |
|
||||||
|
if [[ $GITHUB_REF == 'refs/tags/'* ]]; then
|
||||||
|
IMAGE_VER=${{ steps.vars.outputs.tag }}
|
||||||
|
else
|
||||||
|
IMAGE_VER=${{ github.event.inputs.IMAGE_VER }}
|
||||||
|
fi
|
||||||
|
if [[ $IMAGE_VER == '' ]]; then
|
||||||
|
IMAGE_VER='test-vBeta'
|
||||||
|
fi
|
||||||
|
echo '::set-output name=image_ver::'$IMAGE_VER
|
||||||
|
- name: Check Version
|
||||||
|
run: |
|
||||||
|
echo $GITHUB_REF
|
||||||
|
echo ${{ steps.gen_ver.outputs.image_ver }}
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v2
|
||||||
|
- name: Login in to registry
|
||||||
|
uses: docker/login-action@v2
|
||||||
|
with:
|
||||||
|
registry: ${{env.REGISTRY}}
|
||||||
|
username: ${{secrets.DOCKER_USER}}
|
||||||
|
password: ${{secrets.DOCKER_PASS}}
|
||||||
|
- name: Build and push docker image
|
||||||
|
uses: docker/build-push-action@v3
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
platforms: linux/amd64
|
||||||
|
push: true
|
||||||
|
tags: ${{env.REGISTRY}}/${{env.IMAGE_NAME}}:${{ steps.gen_ver.outputs.image_ver }},${{env.REGISTRY}}/${{env.IMAGE_NAME}}:latest
|
||||||
|
- name: Remote Deployment
|
||||||
|
uses: appleboy/ssh-action@v0.1.8
|
||||||
|
with:
|
||||||
|
host: ${{env.DEPLOY_HOST}}
|
||||||
|
username: frappet
|
||||||
|
password: ${{ secrets.SSH_PASSWORD }}
|
||||||
|
port: 22
|
||||||
|
script: |
|
||||||
|
cd "${{env.COMPOSE_PATH}}"
|
||||||
|
docker-compose pull
|
||||||
|
docker-compose up -d
|
||||||
|
echo "${{ steps.gen_ver.outputs.image_ver }}"> success
|
||||||
|
- uses: snow-actions/line-notify@v1.1.0
|
||||||
|
if: success()
|
||||||
|
with:
|
||||||
|
access_token: ${{ secrets.TOKEN_LINE }}
|
||||||
|
message: |
|
||||||
|
-Success✅✅✅
|
||||||
|
Image: ${{env.IMAGE_NAME}}
|
||||||
|
Version: ${{ steps.gen_ver.outputs.IMAGE_VER }}
|
||||||
|
By: ${{secrets.DOCKER_USER}}
|
||||||
|
- uses: snow-actions/line-notify@v1.1.0
|
||||||
|
if: failure()
|
||||||
|
with:
|
||||||
|
access_token: ${{ secrets.TOKEN_LINE }}
|
||||||
|
message: |
|
||||||
|
-Failure❌❌❌
|
||||||
|
Image: ${{env.IMAGE_NAME}}
|
||||||
|
Version: ${{ steps.gen_ver.outputs.IMAGE_VER }}
|
||||||
|
By: ${{secrets.DOCKER_USER}}
|
||||||
133
.gitignore
vendored
Normal file
133
.gitignore
vendored
Normal file
|
|
@ -0,0 +1,133 @@
|
||||||
|
# Logs
|
||||||
|
logs
|
||||||
|
*.log
|
||||||
|
npm-debug.log*
|
||||||
|
yarn-debug.log*
|
||||||
|
yarn-error.log*
|
||||||
|
lerna-debug.log*
|
||||||
|
.pnpm-debug.log*
|
||||||
|
|
||||||
|
# Diagnostic reports (https://nodejs.org/api/report.html)
|
||||||
|
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
|
||||||
|
|
||||||
|
# Runtime data
|
||||||
|
pids
|
||||||
|
*.pid
|
||||||
|
*.seed
|
||||||
|
*.pid.lock
|
||||||
|
|
||||||
|
# Directory for instrumented libs generated by jscoverage/JSCover
|
||||||
|
lib-cov
|
||||||
|
|
||||||
|
# Coverage directory used by tools like istanbul
|
||||||
|
coverage
|
||||||
|
*.lcov
|
||||||
|
|
||||||
|
# nyc test coverage
|
||||||
|
.nyc_output
|
||||||
|
|
||||||
|
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
|
||||||
|
.grunt
|
||||||
|
|
||||||
|
# Bower dependency directory (https://bower.io/)
|
||||||
|
bower_components
|
||||||
|
|
||||||
|
# node-waf configuration
|
||||||
|
.lock-wscript
|
||||||
|
|
||||||
|
# Compiled binary addons (https://nodejs.org/api/addons.html)
|
||||||
|
build/Release
|
||||||
|
|
||||||
|
# Dependency directories
|
||||||
|
node_modules/
|
||||||
|
jspm_packages/
|
||||||
|
|
||||||
|
# Snowpack dependency directory (https://snowpack.dev/)
|
||||||
|
web_modules/
|
||||||
|
|
||||||
|
# TypeScript cache
|
||||||
|
*.tsbuildinfo
|
||||||
|
|
||||||
|
# Optional npm cache directory
|
||||||
|
.npm
|
||||||
|
|
||||||
|
# Optional eslint cache
|
||||||
|
.eslintcache
|
||||||
|
|
||||||
|
# Optional stylelint cache
|
||||||
|
.stylelintcache
|
||||||
|
|
||||||
|
# Microbundle cache
|
||||||
|
.rpt2_cache/
|
||||||
|
.rts2_cache_cjs/
|
||||||
|
.rts2_cache_es/
|
||||||
|
.rts2_cache_umd/
|
||||||
|
|
||||||
|
# Optional REPL history
|
||||||
|
.node_repl_history
|
||||||
|
|
||||||
|
# Output of 'npm pack'
|
||||||
|
*.tgz
|
||||||
|
|
||||||
|
# Yarn Integrity file
|
||||||
|
.yarn-integrity
|
||||||
|
|
||||||
|
# dotenv environment variable files
|
||||||
|
.env
|
||||||
|
.env.development.local
|
||||||
|
.env.test.local
|
||||||
|
.env.production.local
|
||||||
|
.env.local
|
||||||
|
|
||||||
|
[Ss]rc/swagger.json
|
||||||
|
[Ss]rc/routes.ts
|
||||||
|
|
||||||
|
# parcel-bundler cache (https://parceljs.org/)
|
||||||
|
.cache
|
||||||
|
.parcel-cache
|
||||||
|
|
||||||
|
# Next.js build output
|
||||||
|
.next
|
||||||
|
out
|
||||||
|
|
||||||
|
# Nuxt.js build / generate output
|
||||||
|
.nuxt
|
||||||
|
dist
|
||||||
|
|
||||||
|
# Gatsby files
|
||||||
|
.cache/
|
||||||
|
# Comment in the public line in if your project uses Gatsby and not Next.js
|
||||||
|
# https://nextjs.org/blog/next-9-1#public-directory-support
|
||||||
|
# public
|
||||||
|
|
||||||
|
# vuepress build output
|
||||||
|
.vuepress/dist
|
||||||
|
|
||||||
|
# vuepress v2.x temp and cache directory
|
||||||
|
.temp
|
||||||
|
.cache
|
||||||
|
|
||||||
|
# Docusaurus cache and generated files
|
||||||
|
.docusaurus
|
||||||
|
|
||||||
|
# Serverless directories
|
||||||
|
.serverless/
|
||||||
|
|
||||||
|
# FuseBox cache
|
||||||
|
.fusebox/
|
||||||
|
|
||||||
|
# DynamoDB Local files
|
||||||
|
.dynamodb/
|
||||||
|
|
||||||
|
# TernJS port file
|
||||||
|
.tern-port
|
||||||
|
|
||||||
|
# Stores VSCode versions used for testing VSCode extensions
|
||||||
|
.vscode-test
|
||||||
|
|
||||||
|
# yarn v2
|
||||||
|
.yarn/cache
|
||||||
|
.yarn/unplugged
|
||||||
|
.yarn/build-state.yml
|
||||||
|
.yarn/install-state.gz
|
||||||
|
.pnp.*
|
||||||
18
.prettierignore
Normal file
18
.prettierignore
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
.DS_Store
|
||||||
|
node_modules
|
||||||
|
.env
|
||||||
|
.env.*
|
||||||
|
!.env.example
|
||||||
|
|
||||||
|
/dist
|
||||||
|
/static
|
||||||
|
/src/routes.ts
|
||||||
|
/src/swagger.json
|
||||||
|
|
||||||
|
# Any log
|
||||||
|
*.log
|
||||||
|
|
||||||
|
# Ignore files for PNPM, NPM and YARN
|
||||||
|
pnpm-lock.yaml
|
||||||
|
package-lock.json
|
||||||
|
yarn.lock
|
||||||
5
.prettierrc
Normal file
5
.prettierrc
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
{
|
||||||
|
"tabWidth": 2,
|
||||||
|
"printWidth": 100,
|
||||||
|
"trailingComma": "all"
|
||||||
|
}
|
||||||
35
Dockerfile
Normal file
35
Dockerfile
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
FROM node:18-alpine as builder
|
||||||
|
|
||||||
|
# Create app directory
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
# Install app dependencies
|
||||||
|
COPY package*.json ./
|
||||||
|
|
||||||
|
RUN npm ci
|
||||||
|
|
||||||
|
COPY . .
|
||||||
|
|
||||||
|
RUN npm run build
|
||||||
|
|
||||||
|
FROM node:18-alpine
|
||||||
|
|
||||||
|
ENV NODE_ENV production
|
||||||
|
USER node
|
||||||
|
|
||||||
|
# Create app directory
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
# Install app dependencies
|
||||||
|
COPY package*.json ./
|
||||||
|
# COPY .env ./
|
||||||
|
|
||||||
|
RUN npm ci --production
|
||||||
|
|
||||||
|
COPY --from=builder /app/dist ./dist
|
||||||
|
|
||||||
|
# COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||||
|
# RUN chmod u+x /usr/local/bin/entrypoint.sh
|
||||||
|
|
||||||
|
# ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|
||||||
|
CMD [ "node", "dist/app.js" ]
|
||||||
6
nodemon.json
Normal file
6
nodemon.json
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
"exec": "tsoa spec-and-routes && ts-node src/app.ts",
|
||||||
|
"ext": "ts",
|
||||||
|
"watch": ["src"],
|
||||||
|
"ignore": ["src/routes.ts"]
|
||||||
|
}
|
||||||
4813
package-lock.json
generated
Normal file
4813
package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load diff
44
package.json
Normal file
44
package.json
Normal file
|
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
"name": "template",
|
||||||
|
"version": "1.0.0",
|
||||||
|
"description": "",
|
||||||
|
"main": "src/app.js",
|
||||||
|
"scripts": {
|
||||||
|
"dev": "nodemon",
|
||||||
|
"check": "tsc --noEmit",
|
||||||
|
"start": "node ./dist/app.js",
|
||||||
|
"format": "prettier --write .",
|
||||||
|
"build": "tsoa spec-and-routes && tsc",
|
||||||
|
"migration:generate": "typeorm-ts-node-commonjs migration:generate -d src/database/data-source.ts",
|
||||||
|
"migration:run": "typeorm-ts-node-commonjs migration:run -d src/database/data-source.ts"
|
||||||
|
},
|
||||||
|
"keywords": [],
|
||||||
|
"author": "",
|
||||||
|
"license": "ISC",
|
||||||
|
"devDependencies": {
|
||||||
|
"@types/cors": "^2.8.17",
|
||||||
|
"@types/express": "^4.17.21",
|
||||||
|
"@types/node": "^20.11.5",
|
||||||
|
"@types/node-cron": "^3.0.11",
|
||||||
|
"@types/swagger-ui-express": "^4.1.6",
|
||||||
|
"nodemon": "^3.0.3",
|
||||||
|
"prettier": "^3.2.2",
|
||||||
|
"ts-node": "^10.9.2",
|
||||||
|
"typescript": "^5.3.3"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"@tsoa/runtime": "^6.0.0",
|
||||||
|
"cors": "^2.8.5",
|
||||||
|
"dotenv": "^16.3.1",
|
||||||
|
"express": "^4.18.2",
|
||||||
|
"fast-jwt": "^3.3.2",
|
||||||
|
"mysql2": "^3.9.1",
|
||||||
|
"node-cron": "^3.0.3",
|
||||||
|
"promise.any": "^2.0.6",
|
||||||
|
"reflect-metadata": "^0.2.1",
|
||||||
|
"swagger-ui-express": "^5.0.0",
|
||||||
|
"tsoa": "^6.0.1",
|
||||||
|
"typeorm": "^0.3.19",
|
||||||
|
"typeorm-cli": "^1.0.7"
|
||||||
|
}
|
||||||
|
}
|
||||||
2904
pnpm-lock.yaml
generated
Normal file
2904
pnpm-lock.yaml
generated
Normal file
File diff suppressed because it is too large
Load diff
43
src/app.ts
Normal file
43
src/app.ts
Normal file
|
|
@ -0,0 +1,43 @@
|
||||||
|
import "dotenv/config";
|
||||||
|
import "reflect-metadata";
|
||||||
|
import cors from "cors";
|
||||||
|
import express from "express";
|
||||||
|
import swaggerUi from "swagger-ui-express";
|
||||||
|
import swaggerDocument from "./swagger.json";
|
||||||
|
import * as cron from "node-cron";
|
||||||
|
import error from "./middlewares/error";
|
||||||
|
import { AppDataSource } from "./database/data-source";
|
||||||
|
import { RegisterRoutes } from "./routes";
|
||||||
|
|
||||||
|
async function main() {
|
||||||
|
await AppDataSource.initialize();
|
||||||
|
|
||||||
|
const app = express();
|
||||||
|
|
||||||
|
app.use(
|
||||||
|
cors({
|
||||||
|
origin: "*",
|
||||||
|
}),
|
||||||
|
);
|
||||||
|
app.use(express.json());
|
||||||
|
app.use(express.urlencoded({ extended: true }));
|
||||||
|
app.use("/", express.static("static"));
|
||||||
|
app.use("/api-docs", swaggerUi.serve, swaggerUi.setup(swaggerDocument));
|
||||||
|
|
||||||
|
RegisterRoutes(app);
|
||||||
|
|
||||||
|
app.use(error);
|
||||||
|
const APP_HOST = process.env.APP_HOST || "0.0.0.0";
|
||||||
|
const APP_PORT = +(process.env.APP_PORT || 3000);
|
||||||
|
|
||||||
|
app.listen(
|
||||||
|
APP_PORT,
|
||||||
|
APP_HOST,
|
||||||
|
() => (
|
||||||
|
console.log(`[APP] Application is running on: http://localhost:${APP_PORT}`),
|
||||||
|
console.log(`[APP] Swagger on: http://localhost:${APP_PORT}/api-docs`)
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
main();
|
||||||
11
src/controllers/MyController.ts
Normal file
11
src/controllers/MyController.ts
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
import { Controller, Get, Post, Put, Delete, Patch, Route, Security, Tags } from "tsoa";
|
||||||
|
|
||||||
|
@Route("/hello")
|
||||||
|
@Tags("Test")
|
||||||
|
@Security("bearerAuth")
|
||||||
|
export class AppController extends Controller {
|
||||||
|
@Get()
|
||||||
|
public async GET() {
|
||||||
|
return { message: "Hello Development" };
|
||||||
|
}
|
||||||
|
}
|
||||||
27
src/database/data-source.ts
Normal file
27
src/database/data-source.ts
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
import "dotenv/config";
|
||||||
|
import "reflect-metadata";
|
||||||
|
import { DataSource } from "typeorm";
|
||||||
|
|
||||||
|
export const AppDataSource = new DataSource({
|
||||||
|
type: "mysql",
|
||||||
|
database: process.env.DB_NAME,
|
||||||
|
host: process.env.DB_HOST,
|
||||||
|
port: +(process.env.DB_PORT || 3306),
|
||||||
|
username: process.env.DB_USERNAME,
|
||||||
|
password: process.env.DB_PASSWORD,
|
||||||
|
connectorPackage: "mysql2",
|
||||||
|
synchronize: false,
|
||||||
|
logging: true,
|
||||||
|
entities:
|
||||||
|
process.env.NODE_ENV !== "production"
|
||||||
|
? ["src/entities/**/*.ts"]
|
||||||
|
: ["dist/entities/**/*{.ts,.js}"],
|
||||||
|
migrations:
|
||||||
|
process.env.NODE_ENV !== "production"
|
||||||
|
? ["src/migration/**/*.ts"]
|
||||||
|
: ["dist/migration/**/*{.ts,.js}"],
|
||||||
|
subscribers: [],
|
||||||
|
});
|
||||||
|
// console.log(AppDataSource);
|
||||||
|
|
||||||
|
// export default database;
|
||||||
41
src/entities/base/Base.ts
Normal file
41
src/entities/base/Base.ts
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
import {
|
||||||
|
Entity,
|
||||||
|
PrimaryGeneratedColumn,
|
||||||
|
Column,
|
||||||
|
CreateDateColumn,
|
||||||
|
UpdateDateColumn,
|
||||||
|
} from "typeorm";
|
||||||
|
|
||||||
|
@Entity()
|
||||||
|
export class EntityBase {
|
||||||
|
@PrimaryGeneratedColumn("uuid")
|
||||||
|
id!: string;
|
||||||
|
|
||||||
|
@CreateDateColumn({ comment: "สร้างข้อมูลเมื่อ" })
|
||||||
|
createdAt!: Date;
|
||||||
|
|
||||||
|
@Column({
|
||||||
|
comment: "User Id ที่สร้างข้อมูล",
|
||||||
|
length: 40,
|
||||||
|
default: "00000000-0000-0000-0000-000000000000",
|
||||||
|
})
|
||||||
|
createdUserId!: String;
|
||||||
|
|
||||||
|
@UpdateDateColumn({ comment: "แก้ไขข้อมูลล่าสุดเมื่อ" })
|
||||||
|
lastUpdatedAt!: Date;
|
||||||
|
|
||||||
|
@Column({
|
||||||
|
comment: "User Id ที่แก้ไขข้อมูล",
|
||||||
|
length: 40,
|
||||||
|
default: "00000000-0000-0000-0000-000000000000",
|
||||||
|
})
|
||||||
|
lastUpdateUserId!: String;
|
||||||
|
|
||||||
|
@Column({ comment: "ชื่อ User ที่สร้างข้อมูล", length: 200, default: "string" })
|
||||||
|
createdFullName!: String;
|
||||||
|
|
||||||
|
@Column({ comment: "ชื่อ User ที่แก้ไขข้อมูลล่าสุด", length: 200, default: "string" })
|
||||||
|
lastUpdateFullName!: String;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
19
src/interfaces/http-error.ts
Normal file
19
src/interfaces/http-error.ts
Normal file
|
|
@ -0,0 +1,19 @@
|
||||||
|
import HttpStatus from "./http-status";
|
||||||
|
|
||||||
|
class HttpError extends Error {
|
||||||
|
/**
|
||||||
|
* HTTP Status Code
|
||||||
|
*/
|
||||||
|
status: HttpStatus;
|
||||||
|
message: string;
|
||||||
|
|
||||||
|
constructor(status: HttpStatus, message: string) {
|
||||||
|
super(message);
|
||||||
|
|
||||||
|
this.name = "HttpError";
|
||||||
|
this.status = status;
|
||||||
|
this.message = message;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export default HttpError;
|
||||||
380
src/interfaces/http-status.ts
Normal file
380
src/interfaces/http-status.ts
Normal file
|
|
@ -0,0 +1,380 @@
|
||||||
|
/**
|
||||||
|
* Hypertext Transfer Protocol (HTTP) response status codes.
|
||||||
|
* @see {@link https://en.wikipedia.org/wiki/List_of_HTTP_status_codes}
|
||||||
|
*/
|
||||||
|
enum HttpStatus {
|
||||||
|
/**
|
||||||
|
* The server has received the request headers and the client should proceed to send the request body
|
||||||
|
* (in the case of a request for which a body needs to be sent; for example, a POST request).
|
||||||
|
* Sending a large request body to a server after a request has been rejected for inappropriate headers would be inefficient.
|
||||||
|
* To have a server check the request's headers, a client must send Expect: 100-continue as a header in its initial request
|
||||||
|
* and receive a 100 Continue status code in response before sending the body. The response 417 Expectation Failed indicates the request should not be continued.
|
||||||
|
*/
|
||||||
|
CONTINUE = 100,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The requester has asked the server to switch protocols and the server has agreed to do so.
|
||||||
|
*/
|
||||||
|
SWITCHING_PROTOCOLS = 101,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A WebDAV request may contain many sub-requests involving file operations, requiring a long time to complete the request.
|
||||||
|
* This code indicates that the server has received and is processing the request, but no response is available yet.
|
||||||
|
* This prevents the client from timing out and assuming the request was lost.
|
||||||
|
*/
|
||||||
|
PROCESSING = 102,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Standard response for successful HTTP requests.
|
||||||
|
* The actual response will depend on the request method used.
|
||||||
|
* In a GET request, the response will contain an entity corresponding to the requested resource.
|
||||||
|
* In a POST request, the response will contain an entity describing or containing the result of the action.
|
||||||
|
*/
|
||||||
|
OK = 200,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request has been fulfilled, resulting in the creation of a new resource.
|
||||||
|
*/
|
||||||
|
CREATED = 201,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request has been accepted for processing, but the processing has not been completed.
|
||||||
|
* The request might or might not be eventually acted upon, and may be disallowed when processing occurs.
|
||||||
|
*/
|
||||||
|
ACCEPTED = 202,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SINCE HTTP/1.1
|
||||||
|
* The server is a transforming proxy that received a 200 OK from its origin,
|
||||||
|
* but is returning a modified version of the origin's response.
|
||||||
|
*/
|
||||||
|
NON_AUTHORITATIVE_INFORMATION = 203,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server successfully processed the request and is not returning any content.
|
||||||
|
*/
|
||||||
|
NO_CONTENT = 204,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server successfully processed the request, but is not returning any content.
|
||||||
|
* Unlike a 204 response, this response requires that the requester reset the document view.
|
||||||
|
*/
|
||||||
|
RESET_CONTENT = 205,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server is delivering only part of the resource (byte serving) due to a range header sent by the client.
|
||||||
|
* The range header is used by HTTP clients to enable resuming of interrupted downloads,
|
||||||
|
* or split a download into multiple simultaneous streams.
|
||||||
|
*/
|
||||||
|
PARTIAL_CONTENT = 206,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The message body that follows is an XML message and can contain a number of separate response codes,
|
||||||
|
* depending on how many sub-requests were made.
|
||||||
|
*/
|
||||||
|
MULTI_STATUS = 207,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The members of a DAV binding have already been enumerated in a preceding part of the (multistatus) response,
|
||||||
|
* and are not being included again.
|
||||||
|
*/
|
||||||
|
ALREADY_REPORTED = 208,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server has fulfilled a request for the resource,
|
||||||
|
* and the response is a representation of the result of one or more instance-manipulations applied to the current instance.
|
||||||
|
*/
|
||||||
|
IM_USED = 226,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates multiple options for the resource from which the client may choose (via agent-driven content negotiation).
|
||||||
|
* For example, this code could be used to present multiple video format options,
|
||||||
|
* to list files with different filename extensions, or to suggest word-sense disambiguation.
|
||||||
|
*/
|
||||||
|
MULTIPLE_CHOICES = 300,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This and all future requests should be directed to the given URI.
|
||||||
|
*/
|
||||||
|
MOVED_PERMANENTLY = 301,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is an example of industry practice contradicting the standard.
|
||||||
|
* The HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect
|
||||||
|
* (the original describing phrase was "Moved Temporarily"), but popular browsers implemented 302
|
||||||
|
* with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307
|
||||||
|
* to distinguish between the two behaviours. However, some Web applications and frameworks
|
||||||
|
* use the 302 status code as if it were the 303.
|
||||||
|
*/
|
||||||
|
FOUND = 302,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SINCE HTTP/1.1
|
||||||
|
* The response to the request can be found under another URI using a GET method.
|
||||||
|
* When received in response to a POST (or PUT/DELETE), the client should presume that
|
||||||
|
* the server has received the data and should issue a redirect with a separate GET message.
|
||||||
|
*/
|
||||||
|
SEE_OTHER = 303,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match.
|
||||||
|
* In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy.
|
||||||
|
*/
|
||||||
|
NOT_MODIFIED = 304,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SINCE HTTP/1.1
|
||||||
|
* The requested resource is available only through a proxy, the address for which is provided in the response.
|
||||||
|
* Many HTTP clients (such as Mozilla and Internet Explorer) do not correctly handle responses with this status code, primarily for security reasons.
|
||||||
|
*/
|
||||||
|
USE_PROXY = 305,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* No longer used. Originally meant "Subsequent requests should use the specified proxy."
|
||||||
|
*/
|
||||||
|
SWITCH_PROXY = 306,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* SINCE HTTP/1.1
|
||||||
|
* In this case, the request should be repeated with another URI; however, future requests should still use the original URI.
|
||||||
|
* In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request.
|
||||||
|
* For example, a POST request should be repeated using another POST request.
|
||||||
|
*/
|
||||||
|
TEMPORARY_REDIRECT = 307,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request and all future requests should be repeated using another URI.
|
||||||
|
* 307 and 308 parallel the behaviors of 302 and 301, but do not allow the HTTP method to change.
|
||||||
|
* So, for example, submitting a form to a permanently redirected resource may continue smoothly.
|
||||||
|
*/
|
||||||
|
PERMANENT_REDIRECT = 308,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server cannot or will not process the request due to an apparent client error
|
||||||
|
* (e.g., malformed request syntax, too large size, invalid request message framing, or deceptive request routing).
|
||||||
|
*/
|
||||||
|
BAD_REQUEST = 400,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet
|
||||||
|
* been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the
|
||||||
|
* requested resource. See Basic access authentication and Digest access authentication. 401 semantically means
|
||||||
|
* "unauthenticated",i.e. the user does not have the necessary credentials.
|
||||||
|
*/
|
||||||
|
UNAUTHORIZED = 401,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reserved for future use. The original intention was that this code might be used as part of some form of digital
|
||||||
|
* cash or micro payment scheme, but that has not happened, and this code is not usually used.
|
||||||
|
* Google Developers API uses this status if a particular developer has exceeded the daily limit on requests.
|
||||||
|
*/
|
||||||
|
PAYMENT_REQUIRED = 402,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request was valid, but the server is refusing action.
|
||||||
|
* The user might not have the necessary permissions for a resource.
|
||||||
|
*/
|
||||||
|
FORBIDDEN = 403,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The requested resource could not be found but may be available in the future.
|
||||||
|
* Subsequent requests by the client are permissible.
|
||||||
|
*/
|
||||||
|
NOT_FOUND = 404,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A request method is not supported for the requested resource;
|
||||||
|
* for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource.
|
||||||
|
*/
|
||||||
|
METHOD_NOT_ALLOWED = 405,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.
|
||||||
|
*/
|
||||||
|
NOT_ACCEPTABLE = 406,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The client must first authenticate itself with the proxy.
|
||||||
|
*/
|
||||||
|
PROXY_AUTHENTICATION_REQUIRED = 407,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server timed out waiting for the request.
|
||||||
|
* According to HTTP specifications:
|
||||||
|
* "The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time."
|
||||||
|
*/
|
||||||
|
REQUEST_TIMEOUT = 408,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates that the request could not be processed because of conflict in the request,
|
||||||
|
* such as an edit conflict between multiple simultaneous updates.
|
||||||
|
*/
|
||||||
|
CONFLICT = 409,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates that the resource requested is no longer available and will not be available again.
|
||||||
|
* This should be used when a resource has been intentionally removed and the resource should be purged.
|
||||||
|
* Upon receiving a 410 status code, the client should not request the resource in the future.
|
||||||
|
* Clients such as search engines should remove the resource from their indices.
|
||||||
|
* Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.
|
||||||
|
*/
|
||||||
|
GONE = 410,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request did not specify the length of its content, which is required by the requested resource.
|
||||||
|
*/
|
||||||
|
LENGTH_REQUIRED = 411,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server does not meet one of the preconditions that the requester put on the request.
|
||||||
|
*/
|
||||||
|
PRECONDITION_FAILED = 412,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request is larger than the server is willing or able to process. Previously called "Request Entity Too Large".
|
||||||
|
*/
|
||||||
|
PAYLOAD_TOO_LARGE = 413,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request,
|
||||||
|
* in which case it should be converted to a POST request.
|
||||||
|
* Called "Request-URI Too Long" previously.
|
||||||
|
*/
|
||||||
|
URI_TOO_LONG = 414,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request entity has a media type which the server or resource does not support.
|
||||||
|
* For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format.
|
||||||
|
*/
|
||||||
|
UNSUPPORTED_MEDIA_TYPE = 415,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The client has asked for a portion of the file (byte serving), but the server cannot supply that portion.
|
||||||
|
* For example, if the client asked for a part of the file that lies beyond the end of the file.
|
||||||
|
* Called "Requested Range Not Satisfiable" previously.
|
||||||
|
*/
|
||||||
|
RANGE_NOT_SATISFIABLE = 416,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server cannot meet the requirements of the Expect request-header field.
|
||||||
|
*/
|
||||||
|
EXPECTATION_FAILED = 417,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This code was defined in 1998 as one of the traditional IETF April Fools' jokes, in RFC 2324, Hyper Text Coffee Pot Control Protocol,
|
||||||
|
* and is not expected to be implemented by actual HTTP servers. The RFC specifies this code should be returned by
|
||||||
|
* teapots requested to brew coffee. This HTTP status is used as an Easter egg in some websites, including Google.com.
|
||||||
|
*/
|
||||||
|
I_AM_A_TEAPOT = 418,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request was directed at a server that is not able to produce a response (for example because a connection reuse).
|
||||||
|
*/
|
||||||
|
MISDIRECTED_REQUEST = 421,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request was well-formed but was unable to be followed due to semantic errors.
|
||||||
|
*/
|
||||||
|
UNPROCESSABLE_ENTITY = 422,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The resource that is being accessed is locked.
|
||||||
|
*/
|
||||||
|
LOCKED = 423,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The request failed due to failure of a previous request (e.g., a PROPPATCH).
|
||||||
|
*/
|
||||||
|
FAILED_DEPENDENCY = 424,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field.
|
||||||
|
*/
|
||||||
|
UPGRADE_REQUIRED = 426,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The origin server requires the request to be conditional.
|
||||||
|
* Intended to prevent "the 'lost update' problem, where a client
|
||||||
|
* GETs a resource's state, modifies it, and PUTs it back to the server,
|
||||||
|
* when meanwhile a third party has modified the state on the server, leading to a conflict."
|
||||||
|
*/
|
||||||
|
PRECONDITION_REQUIRED = 428,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes.
|
||||||
|
*/
|
||||||
|
TOO_MANY_REQUESTS = 429,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server is unwilling to process the request because either an individual header field,
|
||||||
|
* or all the header fields collectively, are too large.
|
||||||
|
*/
|
||||||
|
REQUEST_HEADER_FIELDS_TOO_LARGE = 431,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A server operator has received a legal demand to deny access to a resource or to a set of resources
|
||||||
|
* that includes the requested resource. The code 451 was chosen as a reference to the novel Fahrenheit 451.
|
||||||
|
*/
|
||||||
|
UNAVAILABLE_FOR_LEGAL_REASONS = 451,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.
|
||||||
|
*/
|
||||||
|
INTERNAL_SERVER_ERROR = 500,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server either does not recognize the request method, or it lacks the ability to fulfill the request.
|
||||||
|
* Usually this implies future availability (e.g., a new feature of a web-service API).
|
||||||
|
*/
|
||||||
|
NOT_IMPLEMENTED = 501,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server was acting as a gateway or proxy and received an invalid response from the upstream server.
|
||||||
|
*/
|
||||||
|
BAD_GATEWAY = 502,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server is currently unavailable (because it is overloaded or down for maintenance).
|
||||||
|
* Generally, this is a temporary state.
|
||||||
|
*/
|
||||||
|
SERVICE_UNAVAILABLE = 503,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
|
||||||
|
*/
|
||||||
|
GATEWAY_TIMEOUT = 504,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server does not support the HTTP protocol version used in the request
|
||||||
|
*/
|
||||||
|
HTTP_VERSION_NOT_SUPPORTED = 505,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Transparent content negotiation for the request results in a circular reference.
|
||||||
|
*/
|
||||||
|
VARIANT_ALSO_NEGOTIATES = 506,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server is unable to store the representation needed to complete the request.
|
||||||
|
*/
|
||||||
|
INSUFFICIENT_STORAGE = 507,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The server detected an infinite loop while processing the request.
|
||||||
|
*/
|
||||||
|
LOOP_DETECTED = 508,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Further extensions to the request are required for the server to fulfill it.
|
||||||
|
*/
|
||||||
|
NOT_EXTENDED = 510,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The client needs to authenticate to gain network access.
|
||||||
|
* Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used
|
||||||
|
* to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).
|
||||||
|
*/
|
||||||
|
NETWORK_AUTHENTICATION_REQUIRED = 511,
|
||||||
|
}
|
||||||
|
|
||||||
|
export default HttpStatus;
|
||||||
18
src/interfaces/http-success.ts
Normal file
18
src/interfaces/http-success.ts
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
import HttpStatus from "./http-status";
|
||||||
|
|
||||||
|
class HttpSuccess {
|
||||||
|
/**
|
||||||
|
* HTTP Status Code
|
||||||
|
*/
|
||||||
|
status: HttpStatus;
|
||||||
|
message: string;
|
||||||
|
result?: any;
|
||||||
|
|
||||||
|
constructor(result?: any) {
|
||||||
|
this.status = HttpStatus.OK;
|
||||||
|
this.message = "สำเร็จ";
|
||||||
|
this.result = result;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export default HttpSuccess;
|
||||||
14
src/middlewares/1707895706666-start.ts
Normal file
14
src/middlewares/1707895706666-start.ts
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
import { MigrationInterface, QueryRunner } from "typeorm";
|
||||||
|
|
||||||
|
export class Start1707895706666 implements MigrationInterface {
|
||||||
|
name = 'Start1707895706666'
|
||||||
|
|
||||||
|
public async up(queryRunner: QueryRunner): Promise<void> {
|
||||||
|
await queryRunner.query(`CREATE TABLE \`entity_base\` (\`id\` varchar(36) NOT NULL, \`createdAt\` datetime(6) NOT NULL COMMENT 'สร้างข้อมูลเมื่อ' DEFAULT CURRENT_TIMESTAMP(6), \`createdUserId\` varchar(40) NOT NULL COMMENT 'User Id ที่สร้างข้อมูล' DEFAULT '00000000-0000-0000-0000-000000000000', \`lastUpdatedAt\` datetime(6) NOT NULL COMMENT 'แก้ไขข้อมูลล่าสุดเมื่อ' DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6), \`lastUpdateUserId\` varchar(40) NOT NULL COMMENT 'User Id ที่แก้ไขข้อมูล' DEFAULT '00000000-0000-0000-0000-000000000000', \`createdFullName\` varchar(200) NOT NULL COMMENT 'ชื่อ User ที่สร้างข้อมูล' DEFAULT 'string', \`lastUpdateFullName\` varchar(200) NOT NULL COMMENT 'ชื่อ User ที่แก้ไขข้อมูลล่าสุด' DEFAULT 'string', PRIMARY KEY (\`id\`)) ENGINE=InnoDB`);
|
||||||
|
}
|
||||||
|
|
||||||
|
public async down(queryRunner: QueryRunner): Promise<void> {
|
||||||
|
await queryRunner.query(`DROP TABLE \`entity_base\``);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
78
src/middlewares/auth.ts
Normal file
78
src/middlewares/auth.ts
Normal file
|
|
@ -0,0 +1,78 @@
|
||||||
|
import * as express from "express";
|
||||||
|
import { createDecoder, createVerifier } from "fast-jwt";
|
||||||
|
|
||||||
|
import HttpError from "../interfaces/http-error";
|
||||||
|
import HttpStatus from "../interfaces/http-status";
|
||||||
|
|
||||||
|
if (!process.env.AUTH_PUBLIC_KEY && !process.env.AUTH_REALM_URL) {
|
||||||
|
throw new Error("Require keycloak AUTH_PUBLIC_KEY or AUTH_REALM_URL.");
|
||||||
|
}
|
||||||
|
if (
|
||||||
|
process.env.AUTH_PUBLIC_KEY &&
|
||||||
|
process.env.AUTH_REALM_URL &&
|
||||||
|
!process.env.AUTH_PREFERRED_MODE
|
||||||
|
) {
|
||||||
|
throw new Error(
|
||||||
|
"AUTH_PREFFERRED must be specified if AUTH_PUBLIC_KEY and AUTH_REALM_URL is provided.",
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
const jwtVerify = createVerifier({
|
||||||
|
key: async () => {
|
||||||
|
return `-----BEGIN PUBLIC KEY-----\n${process.env.AUTH_PUBLIC_KEY}\n-----END PUBLIC KEY-----`;
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
const jwtDecode = createDecoder();
|
||||||
|
|
||||||
|
export async function expressAuthentication(
|
||||||
|
request: express.Request,
|
||||||
|
securityName: string,
|
||||||
|
_scopes?: string[],
|
||||||
|
) {
|
||||||
|
if (process.env.NODE_ENV !== "production" && process.env.AUTH_BYPASS) {
|
||||||
|
return { preferred_username: "bypassed" };
|
||||||
|
}
|
||||||
|
|
||||||
|
if (securityName !== "bearerAuth") throw new Error("ไม่ทราบวิธีการยืนยันตัวตน");
|
||||||
|
|
||||||
|
const token = request.headers["authorization"]?.includes("Bearer ")
|
||||||
|
? request.headers["authorization"].split(" ")[1]
|
||||||
|
: request.headers["authorization"];
|
||||||
|
|
||||||
|
if (!token) throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่พบข้อมูลสำหรับยืนยันตัวตน");
|
||||||
|
|
||||||
|
let payload: Record<string, any> = {};
|
||||||
|
|
||||||
|
switch (process.env.AUTH_PREFERRED_MODE) {
|
||||||
|
case "online":
|
||||||
|
payload = await verifyOnline(token);
|
||||||
|
break;
|
||||||
|
case "offline":
|
||||||
|
payload = await verifyOffline(token);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
if (process.env.AUTH_REALM_URL) payload = await verifyOnline(token);
|
||||||
|
if (process.env.AUTH_PUBLIC_KEY) payload = await verifyOffline(token);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return payload;
|
||||||
|
}
|
||||||
|
|
||||||
|
async function verifyOffline(token: string) {
|
||||||
|
const payload = await jwtVerify(token).catch((_) => null);
|
||||||
|
if (!payload) throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้");
|
||||||
|
return payload;
|
||||||
|
}
|
||||||
|
|
||||||
|
async function verifyOnline(token: string) {
|
||||||
|
const res = await fetch(`${process.env.AUTH_REALM_URL}/protocol/openid-connect/userinfo`, {
|
||||||
|
headers: { authorization: `Bearer ${token}` },
|
||||||
|
}).catch((e) => console.error(e));
|
||||||
|
|
||||||
|
if (!res) throw new Error("ไม่สามารถเข้าถึงระบบยืนยันตัวตน");
|
||||||
|
if (!res.ok) throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้");
|
||||||
|
|
||||||
|
return await jwtDecode(token);
|
||||||
|
}
|
||||||
30
src/middlewares/error.ts
Normal file
30
src/middlewares/error.ts
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
import { NextFunction, Request, Response } from "express";
|
||||||
|
import HttpError from "../interfaces/http-error";
|
||||||
|
import HttpStatus from "../interfaces/http-status";
|
||||||
|
import { ValidateError } from "tsoa";
|
||||||
|
|
||||||
|
function error(error: Error, _req: Request, res: Response, _next: NextFunction) {
|
||||||
|
if (error instanceof HttpError) {
|
||||||
|
return res.status(error.status).json({
|
||||||
|
status: error.status,
|
||||||
|
message: error.message,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (error instanceof ValidateError) {
|
||||||
|
return res.status(error.status).json({
|
||||||
|
status: HttpStatus.UNPROCESSABLE_ENTITY,
|
||||||
|
message: "Validation error(s).",
|
||||||
|
detail: error.fields,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
console.error("Exception Caught:" + error);
|
||||||
|
|
||||||
|
return res.status(HttpStatus.INTERNAL_SERVER_ERROR).json({
|
||||||
|
status: HttpStatus.INTERNAL_SERVER_ERROR,
|
||||||
|
message: error.message,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
export default error;
|
||||||
14
src/migration/1707898658755-start.ts
Normal file
14
src/migration/1707898658755-start.ts
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
import { MigrationInterface, QueryRunner } from "typeorm";
|
||||||
|
|
||||||
|
export class Start1707898658755 implements MigrationInterface {
|
||||||
|
name = 'Start1707898658755'
|
||||||
|
|
||||||
|
public async up(queryRunner: QueryRunner): Promise<void> {
|
||||||
|
await queryRunner.query(`CREATE TABLE \`entity_base\` (\`id\` varchar(36) NOT NULL, \`createdAt\` datetime(6) NOT NULL COMMENT 'สร้างข้อมูลเมื่อ' DEFAULT CURRENT_TIMESTAMP(6), \`createdUserId\` varchar(40) NOT NULL COMMENT 'User Id ที่สร้างข้อมูล' DEFAULT '00000000-0000-0000-0000-000000000000', \`lastUpdatedAt\` datetime(6) NOT NULL COMMENT 'แก้ไขข้อมูลล่าสุดเมื่อ' DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6), \`lastUpdateUserId\` varchar(40) NOT NULL COMMENT 'User Id ที่แก้ไขข้อมูล' DEFAULT '00000000-0000-0000-0000-000000000000', \`createdFullName\` varchar(200) NOT NULL COMMENT 'ชื่อ User ที่สร้างข้อมูล' DEFAULT 'string', \`lastUpdateFullName\` varchar(200) NOT NULL COMMENT 'ชื่อ User ที่แก้ไขข้อมูลล่าสุด' DEFAULT 'string', PRIMARY KEY (\`id\`)) ENGINE=InnoDB`);
|
||||||
|
}
|
||||||
|
|
||||||
|
public async down(queryRunner: QueryRunner): Promise<void> {
|
||||||
|
await queryRunner.query(`DROP TABLE \`entity_base\``);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
266
static/index.html
Normal file
266
static/index.html
Normal file
|
|
@ -0,0 +1,266 @@
|
||||||
|
<!--
|
||||||
|
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
~ and other contributors as indicated by the @author tags.
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<script src="./keycloak.js"></script>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div>
|
||||||
|
<button onclick="keycloak.login()">Login</button>
|
||||||
|
<button onclick="keycloak.login({ action: 'UPDATE_PASSWORD' })">
|
||||||
|
Update Password
|
||||||
|
</button>
|
||||||
|
<button onclick="keycloak.logout()">Logout</button>
|
||||||
|
<button onclick="keycloak.register()">Register</button>
|
||||||
|
<button onclick="keycloak.accountManagement()">Account</button>
|
||||||
|
<button onclick="refreshToken(9999)">Refresh Token</button>
|
||||||
|
<button onclick="refreshToken(30)">
|
||||||
|
Refresh Token (if <30s validity)
|
||||||
|
</button>
|
||||||
|
<button onclick="loadProfile()">Get Profile</button>
|
||||||
|
<button onclick="updateProfile()">Update profile</button>
|
||||||
|
<button onclick="loadUserInfo()">Get User Info</button>
|
||||||
|
<button onclick="output(keycloak.tokenParsed)">Show Token</button>
|
||||||
|
<button onclick="output(keycloak.refreshTokenParsed)">
|
||||||
|
Show Refresh Token
|
||||||
|
</button>
|
||||||
|
<button onclick="output(keycloak.idTokenParsed)">Show ID Token</button>
|
||||||
|
<button onclick="showExpires()">Show Expires</button>
|
||||||
|
<button onclick="output(keycloak)">Show Details</button>
|
||||||
|
<button onclick="output(keycloak.createLoginUrl())">
|
||||||
|
Show Login URL
|
||||||
|
</button>
|
||||||
|
<button onclick="output(keycloak.createLogoutUrl())">
|
||||||
|
Show Logout URL
|
||||||
|
</button>
|
||||||
|
<button onclick="output(keycloak.createRegisterUrl())">
|
||||||
|
Show Register URL
|
||||||
|
</button>
|
||||||
|
<button onclick="output(keycloak.createAccountUrl())">
|
||||||
|
Show Account URL
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h2>Result</h2>
|
||||||
|
<pre
|
||||||
|
style="
|
||||||
|
background-color: #ddd;
|
||||||
|
border: 1px solid #ccc;
|
||||||
|
padding: 10px;
|
||||||
|
word-wrap: break-word;
|
||||||
|
white-space: pre-wrap;
|
||||||
|
"
|
||||||
|
id="output"
|
||||||
|
></pre>
|
||||||
|
|
||||||
|
<h2>Events</h2>
|
||||||
|
<pre
|
||||||
|
style="
|
||||||
|
background-color: #ddd;
|
||||||
|
border: 1px solid #ccc;
|
||||||
|
padding: 10px;
|
||||||
|
word-wrap: break-word;
|
||||||
|
white-space: pre-wrap;
|
||||||
|
"
|
||||||
|
id="events"
|
||||||
|
></pre>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
function loadProfile() {
|
||||||
|
keycloak
|
||||||
|
.loadUserProfile()
|
||||||
|
.success(function (profile) {
|
||||||
|
output(profile);
|
||||||
|
})
|
||||||
|
.error(function () {
|
||||||
|
output("Failed to load profile");
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function updateProfile() {
|
||||||
|
var url = keycloak.createAccountUrl().split("?")[0];
|
||||||
|
var req = new XMLHttpRequest();
|
||||||
|
req.open("POST", url, true);
|
||||||
|
req.setRequestHeader("Accept", "application/json");
|
||||||
|
req.setRequestHeader("Content-Type", "application/json");
|
||||||
|
req.setRequestHeader("Authorization", "bearer " + keycloak.token);
|
||||||
|
|
||||||
|
req.onreadystatechange = function () {
|
||||||
|
if (req.readyState == 4) {
|
||||||
|
if (req.status == 200) {
|
||||||
|
output("Success");
|
||||||
|
} else {
|
||||||
|
output("Failed");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
req.send(
|
||||||
|
'{"email":"myemail@foo.bar","firstName":"test","lastName":"bar"}'
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
function loadUserInfo() {
|
||||||
|
keycloak
|
||||||
|
.loadUserInfo()
|
||||||
|
.success(function (userInfo) {
|
||||||
|
output(userInfo);
|
||||||
|
})
|
||||||
|
.error(function () {
|
||||||
|
output("Failed to load user info");
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function refreshToken(minValidity) {
|
||||||
|
keycloak
|
||||||
|
.updateToken(minValidity)
|
||||||
|
.then(function (refreshed) {
|
||||||
|
if (refreshed) {
|
||||||
|
output(keycloak.tokenParsed);
|
||||||
|
} else {
|
||||||
|
output(
|
||||||
|
"Token not refreshed, valid for " +
|
||||||
|
Math.round(
|
||||||
|
keycloak.tokenParsed.exp +
|
||||||
|
keycloak.timeSkew -
|
||||||
|
new Date().getTime() / 1000
|
||||||
|
) +
|
||||||
|
" seconds"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.catch(function () {
|
||||||
|
output("Failed to refresh token");
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function showExpires() {
|
||||||
|
if (!keycloak.tokenParsed) {
|
||||||
|
output("Not authenticated");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
var o =
|
||||||
|
"Token Expires:\t\t" +
|
||||||
|
new Date(
|
||||||
|
(keycloak.tokenParsed.exp + keycloak.timeSkew) * 1000
|
||||||
|
).toLocaleString() +
|
||||||
|
"\n";
|
||||||
|
o +=
|
||||||
|
"Token Expires in:\t" +
|
||||||
|
Math.round(
|
||||||
|
keycloak.tokenParsed.exp +
|
||||||
|
keycloak.timeSkew -
|
||||||
|
new Date().getTime() / 1000
|
||||||
|
) +
|
||||||
|
" seconds\n";
|
||||||
|
|
||||||
|
if (keycloak.refreshTokenParsed) {
|
||||||
|
o +=
|
||||||
|
"Refresh Token Expires:\t" +
|
||||||
|
new Date(
|
||||||
|
(keycloak.refreshTokenParsed.exp + keycloak.timeSkew) * 1000
|
||||||
|
).toLocaleString() +
|
||||||
|
"\n";
|
||||||
|
o +=
|
||||||
|
"Refresh Expires in:\t" +
|
||||||
|
Math.round(
|
||||||
|
keycloak.refreshTokenParsed.exp +
|
||||||
|
keycloak.timeSkew -
|
||||||
|
new Date().getTime() / 1000
|
||||||
|
) +
|
||||||
|
" seconds";
|
||||||
|
}
|
||||||
|
|
||||||
|
output(o);
|
||||||
|
}
|
||||||
|
|
||||||
|
function output(data) {
|
||||||
|
if (typeof data === "object") {
|
||||||
|
data = JSON.stringify(data, null, " ");
|
||||||
|
}
|
||||||
|
document.getElementById("output").innerHTML = data;
|
||||||
|
}
|
||||||
|
|
||||||
|
function event(event) {
|
||||||
|
var e = document.getElementById("events").innerHTML;
|
||||||
|
document.getElementById("events").innerHTML =
|
||||||
|
new Date().toLocaleString() + "\t" + event + "\n" + e;
|
||||||
|
}
|
||||||
|
|
||||||
|
var keycloak = Keycloak();
|
||||||
|
|
||||||
|
keycloak.onAuthSuccess = function () {
|
||||||
|
event("Auth Success");
|
||||||
|
};
|
||||||
|
|
||||||
|
keycloak.onAuthError = function (errorData) {
|
||||||
|
event("Auth Error: " + JSON.stringify(errorData));
|
||||||
|
};
|
||||||
|
|
||||||
|
keycloak.onAuthRefreshSuccess = function () {
|
||||||
|
event("Auth Refresh Success");
|
||||||
|
};
|
||||||
|
|
||||||
|
keycloak.onAuthRefreshError = function () {
|
||||||
|
event("Auth Refresh Error");
|
||||||
|
};
|
||||||
|
|
||||||
|
keycloak.onAuthLogout = function () {
|
||||||
|
event("Auth Logout");
|
||||||
|
};
|
||||||
|
|
||||||
|
keycloak.onTokenExpired = function () {
|
||||||
|
event("Access token expired.");
|
||||||
|
};
|
||||||
|
|
||||||
|
keycloak.onActionUpdate = function (status) {
|
||||||
|
switch (status) {
|
||||||
|
case "success":
|
||||||
|
event("Action completed successfully");
|
||||||
|
break;
|
||||||
|
case "cancelled":
|
||||||
|
event("Action cancelled by user");
|
||||||
|
break;
|
||||||
|
case "error":
|
||||||
|
event("Action failed");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
// Flow can be changed to 'implicit' or 'hybrid', but then client must enable implicit flow in admin console too
|
||||||
|
var initOptions = {
|
||||||
|
responseMode: "fragment",
|
||||||
|
flow: "standard",
|
||||||
|
};
|
||||||
|
|
||||||
|
keycloak
|
||||||
|
.init(initOptions)
|
||||||
|
.then(function (authenticated) {
|
||||||
|
output(
|
||||||
|
"Init Success (" +
|
||||||
|
(authenticated ? "Authenticated" : "Not Authenticated") +
|
||||||
|
")"
|
||||||
|
);
|
||||||
|
})
|
||||||
|
.catch(function () {
|
||||||
|
output("Init Error");
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
2952
static/keycloak.js
Normal file
2952
static/keycloak.js
Normal file
File diff suppressed because it is too large
Load diff
9
static/keycloak.json
Normal file
9
static/keycloak.json
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"realm": "bma-ehr",
|
||||||
|
"auth-server-url": "https://id.frappet.synology.me",
|
||||||
|
"ssl-required": "external",
|
||||||
|
"resource": "bma-ehr",
|
||||||
|
"public-client": true,
|
||||||
|
"client_secret": "tF0huP4MylOSMVZEohwPMI8DDttW66A7",
|
||||||
|
"realm-public-key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYg0ZJvH6HgNOzyPp7PCvY3bJwD9WdsNn6gZbuvIfqJQZ8iSH1t0p3fgODO/fqwcj9UFeh1bVFOSjuW+JpnPehROqzt81KNl9zLLNXoN4LimReQHaMM3dU7DCbRylgVCouIDvObyjg8G+Cy5lZvFKWym/DPwGVpSdbvDZJ83qxq2dp7GJXS8PhOvA+MB1K009/jW5pBTUwNArLjoFccr+gIYIiOJDg2rYyIF3fDkwyWkuxr6xRt10+BRJytselwy/18kbDuJxVPaapdgTXI6wLzx7HWcDk30n5EvhJEumnIPpRst8gucqNYmB4MH+vsyoxV5WLuO3qmVRzFbtAppRQIDAQAB"
|
||||||
|
}
|
||||||
18
tsconfig.json
Normal file
18
tsconfig.json
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
{
|
||||||
|
"compilerOptions": {
|
||||||
|
"incremental": true,
|
||||||
|
"outDir": "dist",
|
||||||
|
"lib": ["ESNext", "DOM", "DOM.Iterable"],
|
||||||
|
"target": "ESNext",
|
||||||
|
"module": "NodeNext",
|
||||||
|
"moduleResolution": "NodeNext",
|
||||||
|
"strictPropertyInitialization": false,
|
||||||
|
"strict": true,
|
||||||
|
"esModuleInterop": true,
|
||||||
|
"forceConsistentCasingInFileNames": true,
|
||||||
|
"experimentalDecorators": true,
|
||||||
|
"emitDecoratorMetadata": true,
|
||||||
|
"resolveJsonModule": true,
|
||||||
|
"skipLibCheck": true
|
||||||
|
}
|
||||||
|
}
|
||||||
38
tsoa.json
Normal file
38
tsoa.json
Normal file
|
|
@ -0,0 +1,38 @@
|
||||||
|
{
|
||||||
|
"entryFile": "src/app.ts",
|
||||||
|
"noImplicitAdditionalProperties": "throw-on-extras",
|
||||||
|
"controllerPathGlobs": ["src/controllers/*Controller.ts"],
|
||||||
|
"spec": {
|
||||||
|
"outputDirectory": "src",
|
||||||
|
"specVersion": 3,
|
||||||
|
"spec": {
|
||||||
|
"info": {
|
||||||
|
"title": "bma-ehr-development - API",
|
||||||
|
"version": "0.0.1",
|
||||||
|
"description": "ระบบการพัฒนาบุคลากร/การศึกษาต่อ (Development: DV)",
|
||||||
|
"license": {
|
||||||
|
"name": "by Frappet",
|
||||||
|
"url": "https://frappet.com"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"basePath": "/"
|
||||||
|
},
|
||||||
|
"securityDefinitions": {
|
||||||
|
"bearerAuth": {
|
||||||
|
"type": "apiKey",
|
||||||
|
"name": "Authorization",
|
||||||
|
"description": "Keycloak Bearer Token",
|
||||||
|
"in": "header"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"tags": [
|
||||||
|
{
|
||||||
|
"name": "Test", "description": "สำหรับทดสอบ"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"routes": {
|
||||||
|
"routesDir": "src/",
|
||||||
|
"authenticationModule": "src/middlewares/auth.ts"
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue