2024-05-29 14:01:53 +07:00
|
|
|
import {
|
|
|
|
|
Body,
|
|
|
|
|
Controller,
|
|
|
|
|
Delete,
|
|
|
|
|
Get,
|
|
|
|
|
Path,
|
|
|
|
|
Post,
|
|
|
|
|
Put,
|
|
|
|
|
Query,
|
|
|
|
|
Request,
|
|
|
|
|
Route,
|
|
|
|
|
Security,
|
|
|
|
|
Tags,
|
|
|
|
|
} from "tsoa";
|
|
|
|
|
import {
|
|
|
|
|
addUserGroup,
|
|
|
|
|
addUserRoles,
|
|
|
|
|
createGroup,
|
|
|
|
|
createUser,
|
|
|
|
|
deleteGroup,
|
|
|
|
|
deleteUser,
|
|
|
|
|
editUser,
|
|
|
|
|
getGroups,
|
|
|
|
|
getRoles,
|
|
|
|
|
getUser,
|
|
|
|
|
getUserGroups,
|
|
|
|
|
getUserList,
|
|
|
|
|
removeUserGroup,
|
|
|
|
|
removeUserRoles,
|
2024-05-29 16:17:53 +07:00
|
|
|
getRoleMappings,
|
2024-05-31 10:39:12 +07:00
|
|
|
getUserCount,
|
2024-06-14 16:23:36 +07:00
|
|
|
enableStatus,
|
2024-05-29 14:01:53 +07:00
|
|
|
} from "../keycloak";
|
2024-06-13 14:49:50 +07:00
|
|
|
import { AppDataSource } from "../database/data-source";
|
|
|
|
|
import { Profile } from "../entities/Profile";
|
|
|
|
|
import { ProfileEmployee } from "../entities/ProfileEmployee";
|
2024-06-13 17:38:01 +07:00
|
|
|
import { IsNull } from "typeorm";
|
2024-05-29 14:01:53 +07:00
|
|
|
// import * as io from "../lib/websocket";
|
|
|
|
|
// import elasticsearch from "../elasticsearch";
|
|
|
|
|
// import { StorageFolder } from "../interfaces/storage-fs";
|
|
|
|
|
|
|
|
|
|
// if (!process.env.MINIO_BUCKET) throw Error("Default MinIO bucket must be specified.");
|
|
|
|
|
// if (!process.env.ELASTICSEARCH_INDEX) throw Error("Default ElasticSearch index must be specified.");
|
|
|
|
|
|
|
|
|
|
// const DEFAULT_INDEX = process.env.ELASTICSEARCH_INDEX;
|
|
|
|
|
function stripLeadingSlash(str: string) {
|
|
|
|
|
return str.replace(/^\//, "");
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-29 18:11:30 +07:00
|
|
|
@Route("api/v1/org/keycloak")
|
2024-05-29 14:01:53 +07:00
|
|
|
@Tags("Single-Sign On")
|
|
|
|
|
@Security("bearerAuth")
|
|
|
|
|
export class KeycloakController extends Controller {
|
2024-06-13 14:49:50 +07:00
|
|
|
private profileRepo = AppDataSource.getRepository(Profile);
|
|
|
|
|
private profileEmpRepo = AppDataSource.getRepository(ProfileEmployee);
|
|
|
|
|
|
2024-05-29 14:01:53 +07:00
|
|
|
@Get("user/{id}")
|
2024-05-29 16:17:53 +07:00
|
|
|
async getUser(@Path("id") id: string) {
|
|
|
|
|
const userData = await getUser(id);
|
|
|
|
|
if (!userData) {
|
|
|
|
|
throw new Error("User not found");
|
|
|
|
|
}
|
|
|
|
|
const rolesData = await getRoleMappings(id);
|
|
|
|
|
if (!rolesData) {
|
|
|
|
|
throw new Error("Role mappings not found");
|
|
|
|
|
}
|
|
|
|
|
const userDataWithRoles = {
|
|
|
|
|
...userData,
|
|
|
|
|
roles: rolesData,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return userDataWithRoles;
|
2024-05-29 14:01:53 +07:00
|
|
|
}
|
2024-05-29 16:17:53 +07:00
|
|
|
// async getUser(@Path() id: string) {
|
|
|
|
|
// return await getUser(id);
|
|
|
|
|
// }
|
2024-05-29 14:01:53 +07:00
|
|
|
|
|
|
|
|
@Post("user")
|
|
|
|
|
@Security("bearerAuth", ["system", "admin"])
|
|
|
|
|
async createUser(
|
|
|
|
|
@Request() request: { user: { sub: string; preferred_username: string } },
|
|
|
|
|
@Body()
|
|
|
|
|
body: {
|
|
|
|
|
username: string;
|
|
|
|
|
password: string;
|
|
|
|
|
firstName?: string;
|
|
|
|
|
lastName?: string;
|
|
|
|
|
email?: string;
|
2024-05-30 17:52:31 +07:00
|
|
|
roles?: string[];
|
2024-06-13 14:49:50 +07:00
|
|
|
profileId?: string;
|
2024-05-29 14:01:53 +07:00
|
|
|
},
|
|
|
|
|
) {
|
|
|
|
|
const userId = await createUser(body.username, body.password, {
|
|
|
|
|
firstName: body.firstName,
|
|
|
|
|
lastName: body.lastName,
|
|
|
|
|
email: body.email,
|
|
|
|
|
requiredActions: ["UPDATE_PASSWORD"],
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (typeof userId !== "string") {
|
2024-05-30 14:16:00 +07:00
|
|
|
// throw new Error("ไม่สามารถติดต่อกับระบบจัดการผู้ใช้งานได้");
|
|
|
|
|
throw new Error(userId.errorMessage);
|
2024-05-29 14:01:53 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const now = new Date().toISOString();
|
|
|
|
|
const folderData: any = {
|
|
|
|
|
pathname: stripLeadingSlash(`${body.username.trim()}/`),
|
|
|
|
|
path: "",
|
|
|
|
|
name: body.username.trim(),
|
|
|
|
|
hidden: false,
|
|
|
|
|
permissionGroup: [],
|
|
|
|
|
permissionUser: [],
|
|
|
|
|
permissionOther: {
|
|
|
|
|
create: false,
|
|
|
|
|
read: false,
|
|
|
|
|
update: false,
|
|
|
|
|
delete: false,
|
|
|
|
|
perm: false,
|
|
|
|
|
},
|
|
|
|
|
favourite: false,
|
|
|
|
|
color: "default",
|
|
|
|
|
type: "folder",
|
|
|
|
|
owner: body.username,
|
|
|
|
|
ownerId: userId,
|
|
|
|
|
createdAt: now,
|
|
|
|
|
createdBy: request.user.preferred_username,
|
|
|
|
|
createdByUserId: request.user.sub,
|
|
|
|
|
updatedAt: now,
|
|
|
|
|
updatedBy: request.user.preferred_username,
|
|
|
|
|
updatedByUserId: request.user.sub,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// await elasticsearch.index({
|
|
|
|
|
// index: DEFAULT_INDEX!,
|
|
|
|
|
// document: folderData,
|
|
|
|
|
// refresh: "wait_for",
|
|
|
|
|
// });
|
|
|
|
|
|
|
|
|
|
// io.getInstance()?.emit("FolderCreate", folderData);
|
2024-05-30 17:52:31 +07:00
|
|
|
const _roles = {
|
|
|
|
|
role: body.roles || [],
|
|
|
|
|
};
|
|
|
|
|
const addRole = await this.addRole(userId, _roles);
|
2024-06-13 14:49:50 +07:00
|
|
|
|
|
|
|
|
const profile = await this.profileRepo.findOne({
|
|
|
|
|
where: {
|
|
|
|
|
id: body.profileId,
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
2024-06-14 16:23:36 +07:00
|
|
|
if (profile) {
|
2024-06-13 14:49:50 +07:00
|
|
|
profile.keycloak = userId;
|
|
|
|
|
await this.profileRepo.save(profile);
|
|
|
|
|
}
|
2024-05-29 14:01:53 +07:00
|
|
|
return userId;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Put("user/{userId}")
|
|
|
|
|
async editUser(
|
|
|
|
|
@Path() userId: string,
|
|
|
|
|
@Body()
|
|
|
|
|
body: {
|
|
|
|
|
username?: string;
|
|
|
|
|
password?: string;
|
|
|
|
|
firstName?: string;
|
|
|
|
|
lastName?: string;
|
|
|
|
|
email?: string;
|
2024-05-30 17:52:31 +07:00
|
|
|
attributes?: object;
|
|
|
|
|
// roles?: string[];
|
2024-05-29 14:01:53 +07:00
|
|
|
},
|
|
|
|
|
) {
|
2024-05-30 14:16:00 +07:00
|
|
|
// return await editUser(userId, body);
|
|
|
|
|
const chkUpdate = await editUser(userId, body);
|
|
|
|
|
if (typeof chkUpdate !== "boolean") {
|
|
|
|
|
throw new Error(chkUpdate.errorMessage);
|
|
|
|
|
}
|
2024-05-30 17:52:31 +07:00
|
|
|
// const _rolesUpdate = {
|
|
|
|
|
// role: body.roles || [],
|
|
|
|
|
// };
|
|
|
|
|
// const addRole = await this.addRole(userId, _rolesUpdate);
|
2024-05-31 10:39:12 +07:00
|
|
|
return chkUpdate;
|
2024-05-29 14:01:53 +07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Delete("user/{userId}")
|
|
|
|
|
async deleteUser(@Path() userId: string) {
|
2024-05-29 14:20:37 +07:00
|
|
|
const result = await deleteUser(userId);
|
|
|
|
|
if (!result) throw new Error("Failed. Cannot delete userId.");
|
2024-06-13 17:38:01 +07:00
|
|
|
|
|
|
|
|
const profile = await this.profileRepo.findOne({
|
|
|
|
|
where: {
|
|
|
|
|
id: userId,
|
|
|
|
|
},
|
|
|
|
|
});
|
2024-06-14 16:23:36 +07:00
|
|
|
|
2024-06-13 17:38:01 +07:00
|
|
|
if (profile) {
|
2024-06-14 16:23:36 +07:00
|
|
|
const null_: any = null;
|
2024-06-14 10:02:20 +07:00
|
|
|
profile.keycloak = null_;
|
2024-06-13 17:38:01 +07:00
|
|
|
await this.profileRepo.save(profile);
|
|
|
|
|
}
|
2024-05-29 14:01:53 +07:00
|
|
|
}
|
2024-05-29 14:20:37 +07:00
|
|
|
// @Security("bearerAuth", ["system", "admin"])
|
2024-05-29 14:01:53 +07:00
|
|
|
|
|
|
|
|
@Get("role")
|
|
|
|
|
async getRole() {
|
|
|
|
|
const role = await getRoles();
|
|
|
|
|
if (Array.isArray(role))
|
|
|
|
|
return role.filter(
|
|
|
|
|
(a) =>
|
|
|
|
|
!["uma_authorization", "offline_access", "default-roles"].some((b) => a.name.includes(b)),
|
|
|
|
|
);
|
|
|
|
|
throw new Error("Failed. Cannot get role.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Post("{userId}/role")
|
|
|
|
|
async addRole(@Path() userId: string, @Body() body: { role: string[] }) {
|
|
|
|
|
const list = await getRoles();
|
|
|
|
|
|
|
|
|
|
if (!Array.isArray(list)) throw new Error("Failed. Cannot get role(s) data from the server.");
|
|
|
|
|
|
|
|
|
|
const result = await addUserRoles(
|
|
|
|
|
userId,
|
|
|
|
|
list.filter((v) => body.role.includes(v.id)),
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!result) throw new Error("Failed. Cannot set user's role.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Delete("{userId}/role/{roleId}")
|
|
|
|
|
async deleteRole(@Path() userId: string, @Path() roleId: string) {
|
|
|
|
|
const list = await getRoles();
|
|
|
|
|
|
|
|
|
|
if (!Array.isArray(list)) throw new Error("Failed. Cannot get role(s) data from the server.");
|
|
|
|
|
|
|
|
|
|
const result = await removeUserRoles(
|
|
|
|
|
userId,
|
|
|
|
|
list.filter((v) => roleId === v.id),
|
|
|
|
|
);
|
|
|
|
|
if (!result) throw new Error("Failed. Cannot remove user's role.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Get("user")
|
2024-05-31 10:39:12 +07:00
|
|
|
async getUserList(@Query() first = "", @Query() max = "", @Query() search = "") {
|
2024-05-31 13:53:08 +07:00
|
|
|
const total = await getUserCount(first, max, search);
|
2024-05-30 15:24:38 +07:00
|
|
|
const result = await getUserList(first, max, search);
|
2024-05-29 14:01:53 +07:00
|
|
|
|
|
|
|
|
if (Array.isArray(result)) {
|
2024-05-31 10:39:12 +07:00
|
|
|
const mappedData = await Promise.all(
|
|
|
|
|
result.map(async (x) => {
|
|
|
|
|
const roles = await getRoleMappings(x.id);
|
|
|
|
|
return {
|
|
|
|
|
id: x.id,
|
|
|
|
|
username: x.username,
|
|
|
|
|
firstname: x.firstName,
|
|
|
|
|
lastname: x.lastName,
|
|
|
|
|
email: x.email,
|
|
|
|
|
roles: roles,
|
2024-06-14 16:23:36 +07:00
|
|
|
enabled: x.enabled,
|
2024-05-31 10:39:12 +07:00
|
|
|
};
|
|
|
|
|
}),
|
|
|
|
|
);
|
|
|
|
|
|
2024-05-30 17:13:48 +07:00
|
|
|
const _mapData = {
|
|
|
|
|
data: mappedData,
|
2024-05-31 10:39:12 +07:00
|
|
|
total: total,
|
2024-05-30 17:13:48 +07:00
|
|
|
};
|
2024-05-31 10:39:12 +07:00
|
|
|
|
2024-05-30 17:13:48 +07:00
|
|
|
return _mapData;
|
2024-05-29 14:01:53 +07:00
|
|
|
}
|
|
|
|
|
throw new Error("Failed. Cannot get user list.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Get("group")
|
|
|
|
|
async getGroup() {
|
|
|
|
|
const group = await getGroups();
|
|
|
|
|
if (Array.isArray(group)) return group;
|
|
|
|
|
throw new Error("Failed. Cannot get group.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Post("group")
|
|
|
|
|
async createGroup(@Body() body: { name: string }) {
|
|
|
|
|
const result = await createGroup(body.name);
|
|
|
|
|
if (!result) throw new Error("Failed. Cannot create group.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Delete("group/{groupId}")
|
|
|
|
|
async deleteGroup(@Path() groupId: string) {
|
|
|
|
|
const result = await deleteGroup(groupId);
|
|
|
|
|
if (!result) throw new Error("Failed. Cannot delete group.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Get("user/{userId}/group")
|
|
|
|
|
async getUserGroup(@Path() userId: string) {
|
|
|
|
|
const result = await getUserGroups(userId);
|
|
|
|
|
if (!result) throw new Error("Failed. Cannot list group to user.");
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Post("user/{userId}/group/{groupId}")
|
|
|
|
|
async addUserGroup(@Path() userId: string, @Path() groupId: string) {
|
|
|
|
|
const result = await addUserGroup(userId, groupId);
|
|
|
|
|
if (!result) throw new Error("Failed. Cannot assign group to user.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Delete("user/{userId}/group/{groupId}")
|
|
|
|
|
async removeUserGroup(@Path() userId: string, @Path() groupId: string) {
|
|
|
|
|
const result = await removeUserGroup(userId, groupId);
|
|
|
|
|
if (!result) throw new Error("Failed. Cannot remove group to user.");
|
|
|
|
|
}
|
2024-05-31 10:39:12 +07:00
|
|
|
|
|
|
|
|
@Get("user/role/{id}")
|
|
|
|
|
async getRoleUser(@Path("id") id: string) {
|
|
|
|
|
const result = await getRoleMappings(id);
|
|
|
|
|
if (!result) {
|
|
|
|
|
throw new Error("Role mappings not found");
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
}
|
2024-06-14 16:23:36 +07:00
|
|
|
|
|
|
|
|
@Put("user/{userId}/enableStatus/{status}")
|
|
|
|
|
async changeEnableStatus(@Path() userId: string, @Path() status: boolean) {
|
|
|
|
|
const result = await enableStatus(userId, status);
|
|
|
|
|
if (!result) throw new Error("Failed. Cannot change enable status.");
|
|
|
|
|
}
|
2024-05-29 14:01:53 +07:00
|
|
|
}
|
