hrms-bangkok/hrms-api-org
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

fist commit

Browse source
This commit is contained in:
AdisakKanthawilang 2024-01-24 11:39:00 +07:00
parent 44ac172e54
commit 3c64d6b790
24 changed files with 11978 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.dockerignore Normal file
View file

@ -0,0 +1,7 @@
.DS_Store
node_modules
/dist
.env
.env.*
!.env.example

12
.env.example Normal file
View file

@ -0,0 +1,12 @@
AUTH_REALM_URL=http://192.168.1.200:8080/realms/dev
AUTH_PUBLIC_KEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/QAH75nWgiRzWCTrGJv8q2A7z0qggC2IQ9Sva/Ok1RxeGE/ED2m4ELbF5B9MtugyXYGMUBXaKhooMpTE3wyR1OwsUlv/GtYSmMuKUnsSEXklsP8nIq8gZkCvISOVdvIC4ng5aZ5nBcp9cQ3eVbz4dfZcbLzcqLIIkxQmFBK0m1eFL5IdNj8Ac7U4eH4ylOckOu174f35NnFH6wDva6Iic3EXapMcE2BnXXCTajk2dmlWAzH13ybQBgHDfrOtulrmn1CzQxe9WUJes4qX5z72N05KsHvtUObaeN6cb+mIeH36GdysqgAdd2hhKkgUFXwtLPzldtrEc7xVyf3OLEg1QIDAQAB
AUTH_PREFERRED_MODE=online
APP_HOST=0.0.0.0
APP_PORT=3000
DB_HOST=192.168.1.200
DB_PORT=3306
DB_USERNAME=root
DB_PASSWORD=
DB_NAME=dev

18
.prettierignore Normal file
View file

@ -0,0 +1,18 @@
.DS_Store
node_modules
.env
.env.*
!.env.example
/dist
/static
/src/routes.ts
/src/swagger.json
# Any log
*.log
# Ignore files for PNPM, NPM and YARN
pnpm-lock.yaml
package-lock.json
yarn.lock

5
.prettierrc Normal file
View file

@ -0,0 +1,5 @@
{
"tabWidth": 2,
"printWidth": 100,
"trailingComma": "all"
}

24
Dockerfile Normal file
View file

@ -0,0 +1,24 @@
FROM node:20-slim AS base
ENV PNPM_HOME="/pnpm"
ENV PATH="$PNPM_HOME:$PATH"
RUN corepack enable
WORKDIR /app
COPY . .
FROM base AS deps
RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile
FROM base AS build
RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
RUN pnpm run build
FROM base as prod
COPY --from=deps /app/node_modules /app/node_modules
COPY --from=build /app/dist /app/dist
COPY --from=base /app/static /app/static
CMD ["node", "./dist/app.js"]

6
nodemon.json Normal file
View file

@ -0,0 +1,6 @@
{
"exec": "tsoa spec-and-routes && ts-node src/app.ts",
"ext": "ts",
"watch": ["src"],
"ignore": ["src/routes.ts"]
}

4786
package-lock.json generated Normal file
View file

File diff suppressed because it is too large Load diff

42
package.json Normal file
View file

@ -0,0 +1,42 @@
{
"name": "template",
"version": "1.0.0",
"description": "",
"main": "src/app.js",
"scripts": {
"dev": "nodemon",
"check": "tsc --noEmit",
"start": "node ./dist/app.js",
"format": "prettier --write .",
"build": "tsoa spec-and-routes && tsc",
"migration:generate": "typeorm-ts-node-commonjs migration:generate -d src/database/data-source.ts",
"migration:run": "typeorm-ts-node-commonjs migration:run -d src/database/data-source.ts"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"@types/cors": "^2.8.17",
"@types/express": "^4.17.21",
"@types/node": "^20.11.5",
"@types/swagger-ui-express": "^4.1.6",
"nodemon": "^3.0.3",
"prettier": "^3.2.2",
"ts-node": "^10.9.2",
"typescript": "^5.3.3"
},
"dependencies": {
"@tsoa/runtime": "^6.0.0",
"cors": "^2.8.5",
"dotenv": "^16.3.1",
"express": "^4.18.2",
"fast-jwt": "^3.3.2",
"mysql2": "^3.7.1",
"promise.any": "^2.0.6",
"reflect-metadata": "^0.2.1",
"swagger-ui-express": "^5.0.0",
"tsoa": "^6.0.1",
"typeorm": "^0.3.19",
"typeorm-cli": "^1.0.7"
}
}

2904
pnpm-lock.yaml generated Normal file
View file

File diff suppressed because it is too large Load diff

36
src/app.ts Normal file
View file

@ -0,0 +1,36 @@
import "dotenv/config";
import "reflect-metadata";
import cors from "cors";
import express from "express";
import swaggerUi from "swagger-ui-express";
import swaggerDocument from "./swagger.json";
import database from "./database/data-source";
import error from "./middlewares/error";
import { RegisterRoutes } from "./routes";
async function main() {
await database.initialize();
const app = express();
app.use(cors());
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use("/", express.static("static"));
app.use("/api-docs", swaggerUi.serve, swaggerUi.setup(swaggerDocument));
RegisterRoutes(app);
app.use(error);
const APP_HOST = process.env.APP_HOST || "0.0.0.0";
const APP_PORT = +(process.env.APP_PORT || 3000);
// app.listen(APP_PORT, APP_HOST, () => console.log(`Listening on: http://localhost:${APP_PORT}`));
app.listen(APP_PORT, APP_HOST, () => (
console.log(`[APP] Application is running on: http://localhost:${APP_PORT}`),
console.log(`[APP] Swagger on: http://localhost:${APP_PORT}/api-docs`)
), );
}
main();

10
src/controllers/MyController.ts Normal file
View file

@ -0,0 +1,10 @@
import { Controller, Get, Route, Security, Tags } from "tsoa";
@Route("/hello")
@Security("bearerAuth")
export class AppController extends Controller {
@Get()
public async GET() {
return { message: "Hello World 1" };
}
}

19
src/database/data-source.ts Normal file
View file

@ -0,0 +1,19 @@
import "dotenv/config";
import "reflect-metadata";
import { DataSource } from "typeorm";
const database = new DataSource({
type: "mysql",
database: process.env.DB_NAME,
host: process.env.DB_HOST,
port: +(process.env.DB_PORT || 3306),
username: process.env.DB_USERNAME,
password: process.env.DB_PASSWORD,
synchronize: true,
logging: true,
entities: ["src/entities/**/*.ts"],
migrations: ["src/migrations/**/*.ts"],
subscribers: [],
});
export default database;

41
src/entities/base/Base.ts Normal file
View file

@ -0,0 +1,41 @@
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
} from "typeorm";
@Entity()
export class EntityBase {
@PrimaryGeneratedColumn("uuid")
id!: string;
@CreateDateColumn({ comment: "สร้างข้อมูลเมื่อ" })
createdAt!: Date;
@Column({
comment: "User Id ที่สร้างข้อมูล",
length: 40,
default: "00000000-0000-0000-0000-000000000000",
})
createdUserId!: String;
@UpdateDateColumn({ comment: "แก้ไขข้อมูลล่าสุดเมื่อ" })
lastUpdatedAt!: Date;
@Column({
comment: "User Id ที่แก้ไขข้อมูล",
length: 40,
default: "00000000-0000-0000-0000-000000000000",
})
lastUpdateUserId!: String;
@Column({ comment: "ชื่อ User ที่สร้างข้อมูล", length: 200, default: "string" })
createdFullName!: String;
@Column({ comment: "ชื่อ User ที่แก้ไขข้อมูลล่าสุด", length: 200, default: "string" })
lastUpdateFullName!: String;
}

19
src/interfaces/http-error.ts Normal file
View file

@ -0,0 +1,19 @@
import HttpStatus from "./http-status";
class HttpError extends Error {
/**
* HTTP Status Code
*/
status: HttpStatus;
message: string;
constructor(status: HttpStatus, message: string) {
super(message);
this.name = "HttpError";
this.status = status;
this.message = message;
}
}
export default HttpError;

380
src/interfaces/http-status.ts Normal file
View file

@ -0,0 +1,380 @@
/**
* Hypertext Transfer Protocol (HTTP) response status codes.
* @see {@link https://en.wikipedia.org/wiki/List_of_HTTP_status_codes}
*/
enum HttpStatus {
/**
* The server has received the request headers and the client should proceed to send the request body
* (in the case of a request for which a body needs to be sent; for example, a POST request).
* Sending a large request body to a server after a request has been rejected for inappropriate headers would be inefficient.
* To have a server check the request's headers, a client must send Expect: 100-continue as a header in its initial request
* and receive a 100 Continue status code in response before sending the body. The response 417 Expectation Failed indicates the request should not be continued.
*/
CONTINUE = 100,
/**
* The requester has asked the server to switch protocols and the server has agreed to do so.
*/
SWITCHING_PROTOCOLS = 101,
/**
* A WebDAV request may contain many sub-requests involving file operations, requiring a long time to complete the request.
* This code indicates that the server has received and is processing the request, but no response is available yet.
* This prevents the client from timing out and assuming the request was lost.
*/
PROCESSING = 102,
/**
* Standard response for successful HTTP requests.
* The actual response will depend on the request method used.
* In a GET request, the response will contain an entity corresponding to the requested resource.
* In a POST request, the response will contain an entity describing or containing the result of the action.
*/
OK = 200,
/**
* The request has been fulfilled, resulting in the creation of a new resource.
*/
CREATED = 201,
/**
* The request has been accepted for processing, but the processing has not been completed.
* The request might or might not be eventually acted upon, and may be disallowed when processing occurs.
*/
ACCEPTED = 202,
/**
* SINCE HTTP/1.1
* The server is a transforming proxy that received a 200 OK from its origin,
* but is returning a modified version of the origin's response.
*/
NON_AUTHORITATIVE_INFORMATION = 203,
/**
* The server successfully processed the request and is not returning any content.
*/
NO_CONTENT = 204,
/**
* The server successfully processed the request, but is not returning any content.
* Unlike a 204 response, this response requires that the requester reset the document view.
*/
RESET_CONTENT = 205,
/**
* The server is delivering only part of the resource (byte serving) due to a range header sent by the client.
* The range header is used by HTTP clients to enable resuming of interrupted downloads,
* or split a download into multiple simultaneous streams.
*/
PARTIAL_CONTENT = 206,
/**
* The message body that follows is an XML message and can contain a number of separate response codes,
* depending on how many sub-requests were made.
*/
MULTI_STATUS = 207,
/**
* The members of a DAV binding have already been enumerated in a preceding part of the (multistatus) response,
* and are not being included again.
*/
ALREADY_REPORTED = 208,
/**
* The server has fulfilled a request for the resource,
* and the response is a representation of the result of one or more instance-manipulations applied to the current instance.
*/
IM_USED = 226,
/**
* Indicates multiple options for the resource from which the client may choose (via agent-driven content negotiation).
* For example, this code could be used to present multiple video format options,
* to list files with different filename extensions, or to suggest word-sense disambiguation.
*/
MULTIPLE_CHOICES = 300,
/**
* This and all future requests should be directed to the given URI.
*/
MOVED_PERMANENTLY = 301,
/**
* This is an example of industry practice contradicting the standard.
* The HTTP/1.0 specification (RFC 1945) required the client to perform a temporary redirect
* (the original describing phrase was "Moved Temporarily"), but popular browsers implemented 302
* with the functionality of a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307
* to distinguish between the two behaviours. However, some Web applications and frameworks
* use the 302 status code as if it were the 303.
*/
FOUND = 302,
/**
* SINCE HTTP/1.1
* The response to the request can be found under another URI using a GET method.
* When received in response to a POST (or PUT/DELETE), the client should presume that
* the server has received the data and should issue a redirect with a separate GET message.
*/
SEE_OTHER = 303,
/**
* Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match.
* In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy.
*/
NOT_MODIFIED = 304,
/**
* SINCE HTTP/1.1
* The requested resource is available only through a proxy, the address for which is provided in the response.
* Many HTTP clients (such as Mozilla and Internet Explorer) do not correctly handle responses with this status code, primarily for security reasons.
*/
USE_PROXY = 305,
/**
* No longer used. Originally meant "Subsequent requests should use the specified proxy."
*/
SWITCH_PROXY = 306,
/**
* SINCE HTTP/1.1
* In this case, the request should be repeated with another URI; however, future requests should still use the original URI.
* In contrast to how 302 was historically implemented, the request method is not allowed to be changed when reissuing the original request.
* For example, a POST request should be repeated using another POST request.
*/
TEMPORARY_REDIRECT = 307,
/**
* The request and all future requests should be repeated using another URI.
* 307 and 308 parallel the behaviors of 302 and 301, but do not allow the HTTP method to change.
* So, for example, submitting a form to a permanently redirected resource may continue smoothly.
*/
PERMANENT_REDIRECT = 308,
/**
* The server cannot or will not process the request due to an apparent client error
* (e.g., malformed request syntax, too large size, invalid request message framing, or deceptive request routing).
*/
BAD_REQUEST = 400,
/**
* Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet
* been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the
* requested resource. See Basic access authentication and Digest access authentication. 401 semantically means
* "unauthenticated",i.e. the user does not have the necessary credentials.
*/
UNAUTHORIZED = 401,
/**
* Reserved for future use. The original intention was that this code might be used as part of some form of digital
* cash or micro payment scheme, but that has not happened, and this code is not usually used.
* Google Developers API uses this status if a particular developer has exceeded the daily limit on requests.
*/
PAYMENT_REQUIRED = 402,
/**
* The request was valid, but the server is refusing action.
* The user might not have the necessary permissions for a resource.
*/
FORBIDDEN = 403,
/**
* The requested resource could not be found but may be available in the future.
* Subsequent requests by the client are permissible.
*/
NOT_FOUND = 404,
/**
* A request method is not supported for the requested resource;
* for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource.
*/
METHOD_NOT_ALLOWED = 405,
/**
* The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.
*/
NOT_ACCEPTABLE = 406,
/**
* The client must first authenticate itself with the proxy.
*/
PROXY_AUTHENTICATION_REQUIRED = 407,
/**
* The server timed out waiting for the request.
* According to HTTP specifications:
* "The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time."
*/
REQUEST_TIMEOUT = 408,
/**
* Indicates that the request could not be processed because of conflict in the request,
* such as an edit conflict between multiple simultaneous updates.
*/
CONFLICT = 409,
/**
* Indicates that the resource requested is no longer available and will not be available again.
* This should be used when a resource has been intentionally removed and the resource should be purged.
* Upon receiving a 410 status code, the client should not request the resource in the future.
* Clients such as search engines should remove the resource from their indices.
* Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.
*/
GONE = 410,
/**
* The request did not specify the length of its content, which is required by the requested resource.
*/
LENGTH_REQUIRED = 411,
/**
* The server does not meet one of the preconditions that the requester put on the request.
*/
PRECONDITION_FAILED = 412,
/**
* The request is larger than the server is willing or able to process. Previously called "Request Entity Too Large".
*/
PAYLOAD_TOO_LARGE = 413,
/**
* The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request,
* in which case it should be converted to a POST request.
* Called "Request-URI Too Long" previously.
*/
URI_TOO_LONG = 414,
/**
* The request entity has a media type which the server or resource does not support.
* For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format.
*/
UNSUPPORTED_MEDIA_TYPE = 415,
/**
* The client has asked for a portion of the file (byte serving), but the server cannot supply that portion.
* For example, if the client asked for a part of the file that lies beyond the end of the file.
* Called "Requested Range Not Satisfiable" previously.
*/
RANGE_NOT_SATISFIABLE = 416,
/**
* The server cannot meet the requirements of the Expect request-header field.
*/
EXPECTATION_FAILED = 417,
/**
* This code was defined in 1998 as one of the traditional IETF April Fools' jokes, in RFC 2324, Hyper Text Coffee Pot Control Protocol,
* and is not expected to be implemented by actual HTTP servers. The RFC specifies this code should be returned by
* teapots requested to brew coffee. This HTTP status is used as an Easter egg in some websites, including Google.com.
*/
I_AM_A_TEAPOT = 418,
/**
* The request was directed at a server that is not able to produce a response (for example because a connection reuse).
*/
MISDIRECTED_REQUEST = 421,
/**
* The request was well-formed but was unable to be followed due to semantic errors.
*/
UNPROCESSABLE_ENTITY = 422,
/**
* The resource that is being accessed is locked.
*/
LOCKED = 423,
/**
* The request failed due to failure of a previous request (e.g., a PROPPATCH).
*/
FAILED_DEPENDENCY = 424,
/**
* The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field.
*/
UPGRADE_REQUIRED = 426,
/**
* The origin server requires the request to be conditional.
* Intended to prevent "the 'lost update' problem, where a client
* GETs a resource's state, modifies it, and PUTs it back to the server,
* when meanwhile a third party has modified the state on the server, leading to a conflict."
*/
PRECONDITION_REQUIRED = 428,
/**
* The user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes.
*/
TOO_MANY_REQUESTS = 429,
/**
* The server is unwilling to process the request because either an individual header field,
* or all the header fields collectively, are too large.
*/
REQUEST_HEADER_FIELDS_TOO_LARGE = 431,
/**
* A server operator has received a legal demand to deny access to a resource or to a set of resources
* that includes the requested resource. The code 451 was chosen as a reference to the novel Fahrenheit 451.
*/
UNAVAILABLE_FOR_LEGAL_REASONS = 451,
/**
* A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.
*/
INTERNAL_SERVER_ERROR = 500,
/**
* The server either does not recognize the request method, or it lacks the ability to fulfill the request.
* Usually this implies future availability (e.g., a new feature of a web-service API).
*/
NOT_IMPLEMENTED = 501,
/**
* The server was acting as a gateway or proxy and received an invalid response from the upstream server.
*/
BAD_GATEWAY = 502,
/**
* The server is currently unavailable (because it is overloaded or down for maintenance).
* Generally, this is a temporary state.
*/
SERVICE_UNAVAILABLE = 503,
/**
* The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
*/
GATEWAY_TIMEOUT = 504,
/**
* The server does not support the HTTP protocol version used in the request
*/
HTTP_VERSION_NOT_SUPPORTED = 505,
/**
* Transparent content negotiation for the request results in a circular reference.
*/
VARIANT_ALSO_NEGOTIATES = 506,
/**
* The server is unable to store the representation needed to complete the request.
*/
INSUFFICIENT_STORAGE = 507,
/**
* The server detected an infinite loop while processing the request.
*/
LOOP_DETECTED = 508,
/**
* Further extensions to the request are required for the server to fulfill it.
*/
NOT_EXTENDED = 510,
/**
* The client needs to authenticate to gain network access.
* Intended for use by intercepting proxies used to control access to the network (e.g., "captive portals" used
* to require agreement to Terms of Service before granting full Internet access via a Wi-Fi hotspot).
*/
NETWORK_AUTHENTICATION_REQUIRED = 511,
}
export default HttpStatus;

78
src/middlewares/auth.ts Normal file
View file

@ -0,0 +1,78 @@
import * as express from "express";
import { createDecoder, createVerifier } from "fast-jwt";
import HttpError from "../interfaces/http-error";
import HttpStatus from "../interfaces/http-status";
if (!process.env.AUTH_PUBLIC_KEY && !process.env.AUTH_REALM_URL) {
throw new Error("Require keycloak AUTH_PUBLIC_KEY or AUTH_REALM_URL.");
}
if (
process.env.AUTH_PUBLIC_KEY &&
process.env.AUTH_REALM_URL &&
!process.env.AUTH_PREFERRED_MODE
) {
throw new Error(
"AUTH_PREFFERRED must be specified if AUTH_PUBLIC_KEY and AUTH_REALM_URL is provided.",
);
}
const jwtVerify = createVerifier({
key: async () => {
return `-----BEGIN PUBLIC KEY-----\n${process.env.AUTH_PUBLIC_KEY}\n-----END PUBLIC KEY-----`;
},
});
const jwtDecode = createDecoder();
export async function expressAuthentication(
request: express.Request,
securityName: string,
_scopes?: string[],
) {
if (process.env.NODE_ENV !== "production" && process.env.AUTH_BYPASS) {
return { preferred_username: "bypassed" };
}
if (securityName !== "bearerAuth") throw new Error("ไม่ทราบวิธีการยืนยันตัวตน");
const token = request.headers["authorization"]?.includes("Bearer ")
? request.headers["authorization"].split(" ")[1]
: request.headers["authorization"];
if (!token) throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่พบข้อมูลสำหรับยืนยันตัวตน");
let payload: Record<string, any> = {};
switch (process.env.AUTH_PREFERRED_MODE) {
case "online":
payload = await verifyOnline(token);
break;
case "offline":
payload = await verifyOffline(token);
break;
default:
if (process.env.AUTH_REALM_URL) payload = await verifyOnline(token);
if (process.env.AUTH_PUBLIC_KEY) payload = await verifyOffline(token);
break;
}
return payload;
}
async function verifyOffline(token: string) {
const payload = await jwtVerify(token).catch((_) => null);
if (!payload) throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้");
return payload;
}
async function verifyOnline(token: string) {
const res = await fetch(`${process.env.AUTH_REALM_URL}/protocol/openid-connect/userinfo`, {
headers: { authorization: `Bearer ${token}` },
}).catch((e) => console.error(e));
if (!res) throw new Error("ไม่สามารถเข้าถึงระบบยืนยันตัวตน");
if (!res.ok) throw new HttpError(HttpStatus.UNAUTHORIZED, "ไม่สามารถยืนยันตัวตนได้");
return await jwtDecode(token);
}

30
src/middlewares/error.ts Normal file
View file

@ -0,0 +1,30 @@
import { NextFunction, Request, Response } from "express";
import HttpError from "../interfaces/http-error";
import HttpStatus from "../interfaces/http-status";
import { ValidateError } from "tsoa";
function error(error: Error, _req: Request, res: Response, _next: NextFunction) {
if (error instanceof HttpError) {
return res.status(error.status).json({
status: error.status,
message: error.message,
});
}
if (error instanceof ValidateError) {
return res.status(error.status).json({
status: HttpStatus.UNPROCESSABLE_ENTITY,
message: "Validation error(s).",
detail: error.fields,
});
}
console.error("Exception Caught:" + error);
return res.status(HttpStatus.INTERNAL_SERVER_ERROR).json({
status: HttpStatus.INTERNAL_SERVER_ERROR,
message: error.message,
});
}
export default error;

205
src/routes.ts Normal file
View file

@ -0,0 +1,205 @@
/* tslint:disable */
/* eslint-disable */
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
import { Controller, ValidationService, FieldErrors, ValidateError, TsoaRoute, HttpStatusCodeLiteral, TsoaResponse, fetchMiddlewares } from '@tsoa/runtime';
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
import { AppController } from './controllers/MyController';
import { expressAuthentication } from './middlewares/auth';
// @ts-ignore - no great way to install types from subpackage
import type { RequestHandler, Router } from 'express';
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
const models: TsoaRoute.Models = {
};
const validationService = new ValidationService(models);
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
export function RegisterRoutes(app: Router) {
// ###########################################################################################################
// NOTE: If you do not see routes for all of your controllers in this file, then you might not have informed tsoa of where to look
// Please look into the "controllerPathGlobs" config option described in the readme: https://github.com/lukeautry/tsoa
// ###########################################################################################################
app.get('/hello',
authenticateMiddleware([{"bearerAuth":[]}]),
...(fetchMiddlewares<RequestHandler>(AppController)),
...(fetchMiddlewares<RequestHandler>(AppController.prototype.GET)),
function AppController_GET(request: any, response: any, next: any) {
const args = {
};
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
let validatedArgs: any[] = [];
try {
validatedArgs = getValidatedArgs(args, request, response);
const controller = new AppController();
const promise = controller.GET.apply(controller, validatedArgs as any);
promiseHandler(controller, promise, response, undefined, next);
} catch (err) {
return next(err);
}
});
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
function authenticateMiddleware(security: TsoaRoute.Security[] = []) {
return async function runAuthenticationMiddleware(request: any, _response: any, next: any) {
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
// keep track of failed auth attempts so we can hand back the most
// recent one. This behavior was previously existing so preserving it
// here
const failedAttempts: any[] = [];
const pushAndRethrow = (error: any) => {
failedAttempts.push(error);
throw error;
};
const secMethodOrPromises: Promise<any>[] = [];
for (const secMethod of security) {
if (Object.keys(secMethod).length > 1) {
const secMethodAndPromises: Promise<any>[] = [];
for (const name in secMethod) {
secMethodAndPromises.push(
expressAuthentication(request, name, secMethod[name])
.catch(pushAndRethrow)
);
}
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
secMethodOrPromises.push(Promise.all(secMethodAndPromises)
.then(users => { return users[0]; }));
} else {
for (const name in secMethod) {
secMethodOrPromises.push(
expressAuthentication(request, name, secMethod[name])
.catch(pushAndRethrow)
);
}
}
}
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
try {
request['user'] = await Promise.any(secMethodOrPromises);
next();
}
catch(err) {
// Show most recent error as response
const error = failedAttempts.pop();
error.status = error.status || 401;
next(error);
}
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
}
}
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
function isController(object: any): object is Controller {
return 'getHeaders' in object && 'getStatus' in object && 'setStatus' in object;
}
function promiseHandler(controllerObj: any, promise: any, response: any, successStatus: any, next: any) {
return Promise.resolve(promise)
.then((data: any) => {
let statusCode = successStatus;
let headers;
if (isController(controllerObj)) {
headers = controllerObj.getHeaders();
statusCode = controllerObj.getStatus() || statusCode;
}
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
returnHandler(response, statusCode, data, headers)
})
.catch((error: any) => next(error));
}
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
function returnHandler(response: any, statusCode?: number, data?: any, headers: any = {}) {
if (response.headersSent) {
return;
}
Object.keys(headers).forEach((name: string) => {
response.set(name, headers[name]);
});
if (data && typeof data.pipe === 'function' && data.readable && typeof data._read === 'function') {
response.status(statusCode || 200)
data.pipe(response);
} else if (data !== null && data !== undefined) {
response.status(statusCode || 200).json(data);
} else {
response.status(statusCode || 204).end();
}
}
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
function responder(response: any): TsoaResponse<HttpStatusCodeLiteral, unknown> {
return function(status, data, headers) {
returnHandler(response, status, data, headers);
};
};
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
function getValidatedArgs(args: any, request: any, response: any): any[] {
const fieldErrors: FieldErrors = {};
const values = Object.keys(args).map((key) => {
const name = args[key].name;
switch (args[key].in) {
case 'request':
return request;
case 'query':
return validationService.ValidateParam(args[key], request.query[name], name, fieldErrors, undefined, {"noImplicitAdditionalProperties":"throw-on-extras"});
case 'queries':
return validationService.ValidateParam(args[key], request.query, name, fieldErrors, undefined, {"noImplicitAdditionalProperties":"throw-on-extras"});
case 'path':
return validationService.ValidateParam(args[key], request.params[name], name, fieldErrors, undefined, {"noImplicitAdditionalProperties":"throw-on-extras"});
case 'header':
return validationService.ValidateParam(args[key], request.header(name), name, fieldErrors, undefined, {"noImplicitAdditionalProperties":"throw-on-extras"});
case 'body':
return validationService.ValidateParam(args[key], request.body, name, fieldErrors, undefined, {"noImplicitAdditionalProperties":"throw-on-extras"});
case 'body-prop':
return validationService.ValidateParam(args[key], request.body[name], name, fieldErrors, 'body.', {"noImplicitAdditionalProperties":"throw-on-extras"});
case 'formData':
if (args[key].dataType === 'file') {
return validationService.ValidateParam(args[key], request.file, name, fieldErrors, undefined, {"noImplicitAdditionalProperties":"throw-on-extras"});
} else if (args[key].dataType === 'array' && args[key].array.dataType === 'file') {
return validationService.ValidateParam(args[key], request.files, name, fieldErrors, undefined, {"noImplicitAdditionalProperties":"throw-on-extras"});
} else {
return validationService.ValidateParam(args[key], request.body[name], name, fieldErrors, undefined, {"noImplicitAdditionalProperties":"throw-on-extras"});
}
case 'res':
return responder(response);
}
});
if (Object.keys(fieldErrors).length > 0) {
throw new ValidateError(fieldErrors, '');
}
return values;
}
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa
}
// WARNING: This file was auto-generated with tsoa. Please do not modify it. Re-run tsoa to re-generate this file: https://github.com/lukeautry/tsoa

73
src/swagger.json Normal file
View file

@ -0,0 +1,73 @@
{
"openapi": "3.0.0",
"components": {
"examples": {},
"headers": {},
"parameters": {},
"requestBodies": {},
"responses": {},
"schemas": {},
"securitySchemes": {
"bearerAuth": {
"type": "apiKey",
"name": "Authorization",
"description": "Keycloak Bearer Token",
"in": "header"
}
}
},
"info": {
"title": "bma-ehr-evaluation-nodeservice - API",
"version": "0.0.1",
"description": "ระบบประเมินบุคคล",
"license": {
"name": "by Frappet",
"url": "https://frappet.com"
}
},
"paths": {
"/hello": {
"get": {
"operationId": "GET",
"responses": {
"200": {
"description": "Ok",
"content": {
"application/json": {
"schema": {
"properties": {
"message": {
"type": "string"
}
},
"required": [
"message"
],
"type": "object"
}
}
}
}
},
"security": [
{
"bearerAuth": []
}
],
"parameters": []
}
}
},
"servers": [
{
"url": "/"
}
],
"tags": [
{
"name": "Test",
"description": "ทดสอบ"
}
],
"basePath": "/"
}

266
static/index.html Normal file
View file

@ -0,0 +1,266 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<html>
<head>
<script src="./keycloak.js"></script>
</head>
<body>
<div>
<button onclick="keycloak.login()">Login</button>
<button onclick="keycloak.login({ action: 'UPDATE_PASSWORD' })">
Update Password
</button>
<button onclick="keycloak.logout()">Logout</button>
<button onclick="keycloak.register()">Register</button>
<button onclick="keycloak.accountManagement()">Account</button>
<button onclick="refreshToken(9999)">Refresh Token</button>
<button onclick="refreshToken(30)">
Refresh Token (if <30s validity)
</button>
<button onclick="loadProfile()">Get Profile</button>
<button onclick="updateProfile()">Update profile</button>
<button onclick="loadUserInfo()">Get User Info</button>
<button onclick="output(keycloak.tokenParsed)">Show Token</button>
<button onclick="output(keycloak.refreshTokenParsed)">
Show Refresh Token
</button>
<button onclick="output(keycloak.idTokenParsed)">Show ID Token</button>
<button onclick="showExpires()">Show Expires</button>
<button onclick="output(keycloak)">Show Details</button>
<button onclick="output(keycloak.createLoginUrl())">
Show Login URL
</button>
<button onclick="output(keycloak.createLogoutUrl())">
Show Logout URL
</button>
<button onclick="output(keycloak.createRegisterUrl())">
Show Register URL
</button>
<button onclick="output(keycloak.createAccountUrl())">
Show Account URL
</button>
</div>
<h2>Result</h2>
<pre
style="
background-color: #ddd;
border: 1px solid #ccc;
padding: 10px;
word-wrap: break-word;
white-space: pre-wrap;
"
id="output"
></pre>
<h2>Events</h2>
<pre
style="
background-color: #ddd;
border: 1px solid #ccc;
padding: 10px;
word-wrap: break-word;
white-space: pre-wrap;
"
id="events"
></pre>
<script>
function loadProfile() {
keycloak
.loadUserProfile()
.success(function (profile) {
output(profile);
})
.error(function () {
output("Failed to load profile");
});
}
function updateProfile() {
var url = keycloak.createAccountUrl().split("?")[0];
var req = new XMLHttpRequest();
req.open("POST", url, true);
req.setRequestHeader("Accept", "application/json");
req.setRequestHeader("Content-Type", "application/json");
req.setRequestHeader("Authorization", "bearer " + keycloak.token);
req.onreadystatechange = function () {
if (req.readyState == 4) {
if (req.status == 200) {
output("Success");
} else {
output("Failed");
}
}
};
req.send(
'{"email":"myemail@foo.bar","firstName":"test","lastName":"bar"}'
);
}
function loadUserInfo() {
keycloak
.loadUserInfo()
.success(function (userInfo) {
output(userInfo);
})
.error(function () {
output("Failed to load user info");
});
}
function refreshToken(minValidity) {
keycloak
.updateToken(minValidity)
.then(function (refreshed) {
if (refreshed) {
output(keycloak.tokenParsed);
} else {
output(
"Token not refreshed, valid for " +
Math.round(
keycloak.tokenParsed.exp +
keycloak.timeSkew -
new Date().getTime() / 1000
) +
" seconds"
);
}
})
.catch(function () {
output("Failed to refresh token");
});
}
function showExpires() {
if (!keycloak.tokenParsed) {
output("Not authenticated");
return;
}
var o =
"Token Expires:\t\t" +
new Date(
(keycloak.tokenParsed.exp + keycloak.timeSkew) * 1000
).toLocaleString() +
"\n";
o +=
"Token Expires in:\t" +
Math.round(
keycloak.tokenParsed.exp +
keycloak.timeSkew -
new Date().getTime() / 1000
) +
" seconds\n";
if (keycloak.refreshTokenParsed) {
o +=
"Refresh Token Expires:\t" +
new Date(
(keycloak.refreshTokenParsed.exp + keycloak.timeSkew) * 1000
).toLocaleString() +
"\n";
o +=
"Refresh Expires in:\t" +
Math.round(
keycloak.refreshTokenParsed.exp +
keycloak.timeSkew -
new Date().getTime() / 1000
) +
" seconds";
}
output(o);
}
function output(data) {
if (typeof data === "object") {
data = JSON.stringify(data, null, " ");
}
document.getElementById("output").innerHTML = data;
}
function event(event) {
var e = document.getElementById("events").innerHTML;
document.getElementById("events").innerHTML =
new Date().toLocaleString() + "\t" + event + "\n" + e;
}
var keycloak = Keycloak();
keycloak.onAuthSuccess = function () {
event("Auth Success");
};
keycloak.onAuthError = function (errorData) {
event("Auth Error: " + JSON.stringify(errorData));
};
keycloak.onAuthRefreshSuccess = function () {
event("Auth Refresh Success");
};
keycloak.onAuthRefreshError = function () {
event("Auth Refresh Error");
};
keycloak.onAuthLogout = function () {
event("Auth Logout");
};
keycloak.onTokenExpired = function () {
event("Access token expired.");
};
keycloak.onActionUpdate = function (status) {
switch (status) {
case "success":
event("Action completed successfully");
break;
case "cancelled":
event("Action cancelled by user");
break;
case "error":
event("Action failed");
break;
}
};
// Flow can be changed to 'implicit' or 'hybrid', but then client must enable implicit flow in admin console too
var initOptions = {
responseMode: "fragment",
flow: "standard",
};
keycloak
.init(initOptions)
.then(function (authenticated) {
output(
"Init Success (" +
(authenticated ? "Authenticated" : "Not Authenticated") +
")"
);
})
.catch(function () {
output("Init Error");
});
</script>
</body>
</html>

2952
static/keycloak.js Normal file
View file

File diff suppressed because it is too large Load diff

9
static/keycloak.json Normal file
View file

@ -0,0 +1,9 @@
{
"realm": "bma-ehr",
"auth-server-url": "https://id.frappet.synology.me",
"ssl-required": "external",
"resource": "bma-ehr",
"public-client": true,
"client_secret": "tF0huP4MylOSMVZEohwPMI8DDttW66A7",
"realm-public-key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYg0ZJvH6HgNOzyPp7PCvY3bJwD9WdsNn6gZbuvIfqJQZ8iSH1t0p3fgODO/fqwcj9UFeh1bVFOSjuW+JpnPehROqzt81KNl9zLLNXoN4LimReQHaMM3dU7DCbRylgVCouIDvObyjg8G+Cy5lZvFKWym/DPwGVpSdbvDZJ83qxq2dp7GJXS8PhOvA+MB1K009/jW5pBTUwNArLjoFccr+gIYIiOJDg2rYyIF3fDkwyWkuxr6xRt10+BRJytselwy/18kbDuJxVPaapdgTXI6wLzx7HWcDk30n5EvhJEumnIPpRst8gucqNYmB4MH+vsyoxV5WLuO3qmVRzFbtAppRQIDAQAB"
}

18
tsconfig.json Normal file
View file

@ -0,0 +1,18 @@
{
"compilerOptions": {
"incremental": true,
"outDir": "dist",
"lib": ["ESNext", "DOM", "DOM.Iterable"],
"target": "ESNext",
"module": "NodeNext",
"moduleResolution": "NodeNext",
"strictPropertyInitialization": false,
"strict": true,
"esModuleInterop": true,
"forceConsistentCasingInFileNames": true,
"experimentalDecorators": true,
"emitDecoratorMetadata": true,
"resolveJsonModule": true,
"skipLibCheck": true
}
}

38
tsoa.json Normal file
View file

@ -0,0 +1,38 @@
{
"entryFile": "src/app.ts",
"noImplicitAdditionalProperties": "throw-on-extras",
"controllerPathGlobs": ["src/controllers/*Controller.ts"],
"spec": {
"outputDirectory": "src",
"specVersion": 3,
"spec": {
"info": {
"title": "bma-ehr-evaluation-nodeservice - API",
"version": "0.0.1",
"description": "ระบบประเมินบุคคล",
"license": {
"name": "by Frappet",
"url": "https://frappet.com"
}
},
"basePath": "/"
},
"securityDefinitions": {
"bearerAuth": {
"type": "apiKey",
"name": "Authorization",
"description": "Keycloak Bearer Token",
"in": "header"
}
},
"tags": [
{
"name": "Test", "description": "ทดสอบ"
}
]
},
"routes": {
"routesDir": "src/",
"authenticationModule": "src/middlewares/auth.ts"
}
}