Add Flutter auth sessions to teams
All checks were successful
Build Docker Image / build (push) Successful in 2m10s
All checks were successful
Build Docker Image / build (push) Successful in 2m10s
This commit is contained in:
Ruslan Bakiev
40
prisma/migrations/1_add_flutter_auth_sessions/migration.sql
Normal file
40
prisma/migrations/1_add_flutter_auth_sessions/migration.sql
Normal file
@@ -0,0 +1,40 @@
|
||||
-- CreateTable
|
||||
CREATE TABLE "teams_app_loginchallenge" (
|
||||
"id" SERIAL NOT NULL,
|
||||
"uuid" TEXT NOT NULL,
|
||||
"phone" VARCHAR(50) NOT NULL,
|
||||
"code" VARCHAR(20) NOT NULL,
|
||||
"expires_at" TIMESTAMP(3) NOT NULL,
|
||||
"used_at" TIMESTAMP(3),
|
||||
"created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
|
||||
CONSTRAINT "teams_app_loginchallenge_pkey" PRIMARY KEY ("id")
|
||||
);
|
||||
|
||||
-- CreateTable
|
||||
CREATE TABLE "teams_app_authsession" (
|
||||
"id" SERIAL NOT NULL,
|
||||
"token" VARCHAR(255) NOT NULL,
|
||||
"user_id" INTEGER NOT NULL,
|
||||
"expires_at" TIMESTAMP(3) NOT NULL,
|
||||
"revoked_at" TIMESTAMP(3),
|
||||
"created_at" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
|
||||
|
||||
CONSTRAINT "teams_app_authsession_pkey" PRIMARY KEY ("id")
|
||||
);
|
||||
|
||||
-- CreateIndex
|
||||
CREATE UNIQUE INDEX "teams_app_loginchallenge_uuid_key" ON "teams_app_loginchallenge"("uuid");
|
||||
|
||||
-- CreateIndex
|
||||
CREATE INDEX "teams_app_loginchallenge_phone_idx" ON "teams_app_loginchallenge"("phone");
|
||||
|
||||
-- CreateIndex
|
||||
CREATE UNIQUE INDEX "teams_app_authsession_token_key" ON "teams_app_authsession"("token");
|
||||
|
||||
-- CreateIndex
|
||||
CREATE INDEX "teams_app_authsession_user_id_idx" ON "teams_app_authsession"("user_id");
|
||||
|
||||
-- AddForeignKey
|
||||
ALTER TABLE "teams_app_authsession" ADD CONSTRAINT "teams_app_authsession_user_id_fkey" FOREIGN KEY ("user_id") REFERENCES "auth_user"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
|
||||
|
||||
@@ -8,20 +8,20 @@ datasource db {
|
||||
}
|
||||
|
||||
model Team {
|
||||
id Int @id @default(autoincrement())
|
||||
uuid String @unique @default(uuid())
|
||||
name String @db.VarChar(200)
|
||||
teamType String @default("BUYER") @map("team_type") @db.VarChar(20)
|
||||
logtoOrgId String? @map("logto_org_id") @db.VarChar(100)
|
||||
ownerId Int? @map("owner_id")
|
||||
owner User? @relation(fields: [ownerId], references: [id])
|
||||
selectedLocationType String? @map("selected_location_type") @db.VarChar(20)
|
||||
selectedLocationUuid String? @map("selected_location_uuid") @db.VarChar(100)
|
||||
selectedLocationName String? @map("selected_location_name") @db.VarChar(255)
|
||||
selectedLocationLat Float? @map("selected_location_lat")
|
||||
selectedLocationLon Float? @map("selected_location_lon")
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
updatedAt DateTime @updatedAt @map("updated_at")
|
||||
id Int @id @default(autoincrement())
|
||||
uuid String @unique @default(uuid())
|
||||
name String @db.VarChar(200)
|
||||
teamType String @default("BUYER") @map("team_type") @db.VarChar(20)
|
||||
logtoOrgId String? @map("logto_org_id") @db.VarChar(100)
|
||||
ownerId Int? @map("owner_id")
|
||||
owner User? @relation(fields: [ownerId], references: [id])
|
||||
selectedLocationType String? @map("selected_location_type") @db.VarChar(20)
|
||||
selectedLocationUuid String? @map("selected_location_uuid") @db.VarChar(100)
|
||||
selectedLocationName String? @map("selected_location_name") @db.VarChar(255)
|
||||
selectedLocationLat Float? @map("selected_location_lat")
|
||||
selectedLocationLon Float? @map("selected_location_lon")
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
updatedAt DateTime @updatedAt @map("updated_at")
|
||||
|
||||
members TeamMember[]
|
||||
invitations TeamInvitation[]
|
||||
@@ -32,40 +32,67 @@ model Team {
|
||||
}
|
||||
|
||||
model User {
|
||||
id Int @id @default(autoincrement())
|
||||
password String @default("") @db.VarChar(128)
|
||||
username String @unique @db.VarChar(150)
|
||||
firstName String @default("") @map("first_name") @db.VarChar(150)
|
||||
lastName String @default("") @map("last_name") @db.VarChar(150)
|
||||
email String @default("") @db.VarChar(254)
|
||||
isActive Boolean @default(true) @map("is_active")
|
||||
dateJoined DateTime @default(now()) @map("date_joined")
|
||||
isSuperuser Boolean @default(false) @map("is_superuser")
|
||||
isStaff Boolean @default(false) @map("is_staff")
|
||||
lastLogin DateTime? @map("last_login")
|
||||
id Int @id @default(autoincrement())
|
||||
password String @default("") @db.VarChar(128)
|
||||
username String @unique @db.VarChar(150)
|
||||
firstName String @default("") @map("first_name") @db.VarChar(150)
|
||||
lastName String @default("") @map("last_name") @db.VarChar(150)
|
||||
email String @default("") @db.VarChar(254)
|
||||
isActive Boolean @default(true) @map("is_active")
|
||||
dateJoined DateTime @default(now()) @map("date_joined")
|
||||
isSuperuser Boolean @default(false) @map("is_superuser")
|
||||
isStaff Boolean @default(false) @map("is_staff")
|
||||
lastLogin DateTime? @map("last_login")
|
||||
|
||||
profile UserProfile?
|
||||
teams Team[]
|
||||
profile UserProfile?
|
||||
sessions AuthSession[]
|
||||
teams Team[]
|
||||
memberships TeamMember[]
|
||||
|
||||
@@map("auth_user")
|
||||
}
|
||||
|
||||
model UserProfile {
|
||||
id Int @id @default(autoincrement())
|
||||
userId Int @unique @map("user_id")
|
||||
user User @relation(fields: [userId], references: [id])
|
||||
logtoId String @unique @map("logto_id") @db.VarChar(255)
|
||||
avatarId String? @map("avatar_id") @db.VarChar(255)
|
||||
phone String @default("") @db.VarChar(50)
|
||||
activeTeamId Int? @map("active_team_id")
|
||||
activeTeam Team? @relation("ActiveTeam", fields: [activeTeamId], references: [id])
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
updatedAt DateTime @updatedAt @map("updated_at")
|
||||
id Int @id @default(autoincrement())
|
||||
userId Int @unique @map("user_id")
|
||||
user User @relation(fields: [userId], references: [id])
|
||||
logtoId String @unique @map("logto_id") @db.VarChar(255)
|
||||
avatarId String? @map("avatar_id") @db.VarChar(255)
|
||||
phone String @default("") @db.VarChar(50)
|
||||
activeTeamId Int? @map("active_team_id")
|
||||
activeTeam Team? @relation("ActiveTeam", fields: [activeTeamId], references: [id])
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
updatedAt DateTime @updatedAt @map("updated_at")
|
||||
|
||||
@@map("teams_app_userprofile")
|
||||
}
|
||||
|
||||
model LoginChallenge {
|
||||
id Int @id @default(autoincrement())
|
||||
uuid String @unique @default(uuid())
|
||||
phone String @db.VarChar(50)
|
||||
code String @db.VarChar(20)
|
||||
expiresAt DateTime @map("expires_at")
|
||||
usedAt DateTime? @map("used_at")
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
|
||||
@@index([phone])
|
||||
@@map("teams_app_loginchallenge")
|
||||
}
|
||||
|
||||
model AuthSession {
|
||||
id Int @id @default(autoincrement())
|
||||
token String @unique @db.VarChar(255)
|
||||
userId Int @map("user_id")
|
||||
user User @relation(fields: [userId], references: [id])
|
||||
expiresAt DateTime @map("expires_at")
|
||||
revokedAt DateTime? @map("revoked_at")
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
|
||||
@@index([userId])
|
||||
@@map("teams_app_authsession")
|
||||
}
|
||||
|
||||
model TeamMember {
|
||||
id Int @id @default(autoincrement())
|
||||
uuid String @unique @default(uuid())
|
||||
@@ -81,16 +108,16 @@ model TeamMember {
|
||||
}
|
||||
|
||||
model TeamInvitation {
|
||||
id Int @id @default(autoincrement())
|
||||
uuid String @unique @default(uuid())
|
||||
teamId Int @map("team_id")
|
||||
team Team @relation(fields: [teamId], references: [id])
|
||||
email String @db.VarChar(254)
|
||||
role String @default("MEMBER") @db.VarChar(20)
|
||||
status String @default("PENDING") @db.VarChar(20)
|
||||
invitedBy String @default("") @map("invited_by") @db.VarChar(255)
|
||||
id Int @id @default(autoincrement())
|
||||
uuid String @unique @default(uuid())
|
||||
teamId Int @map("team_id")
|
||||
team Team @relation(fields: [teamId], references: [id])
|
||||
email String @db.VarChar(254)
|
||||
role String @default("MEMBER") @db.VarChar(20)
|
||||
status String @default("PENDING") @db.VarChar(20)
|
||||
invitedBy String @default("") @map("invited_by") @db.VarChar(255)
|
||||
expiresAt DateTime? @map("expires_at")
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
|
||||
tokens TeamInvitationToken[]
|
||||
|
||||
@@ -99,14 +126,14 @@ model TeamInvitation {
|
||||
}
|
||||
|
||||
model TeamInvitationToken {
|
||||
id Int @id @default(autoincrement())
|
||||
uuid String @unique @default(uuid())
|
||||
invitationId Int @map("invitation_id")
|
||||
id Int @id @default(autoincrement())
|
||||
uuid String @unique @default(uuid())
|
||||
invitationId Int @map("invitation_id")
|
||||
invitation TeamInvitation @relation(fields: [invitationId], references: [id])
|
||||
tokenHash String @unique @map("token_hash") @db.VarChar(255)
|
||||
workflowStatus String @default("pending") @map("workflow_status") @db.VarChar(20)
|
||||
expiresAt DateTime? @map("expires_at")
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
tokenHash String @unique @map("token_hash") @db.VarChar(255)
|
||||
workflowStatus String @default("pending") @map("workflow_status") @db.VarChar(20)
|
||||
expiresAt DateTime? @map("expires_at")
|
||||
createdAt DateTime @default(now()) @map("created_at")
|
||||
|
||||
@@map("teams_app_teaminvitationtoken")
|
||||
}
|
||||
|
||||
22
src/auth.ts
22
src/auth.ts
@@ -1,6 +1,7 @@
|
||||
import { createRemoteJWKSet, jwtVerify, type JWTPayload } from 'jose'
|
||||
import { GraphQLError } from 'graphql'
|
||||
import type { Request } from 'express'
|
||||
import { prisma } from './db.js'
|
||||
|
||||
const LOGTO_JWKS_URL = process.env.LOGTO_JWKS_URL || 'https://auth.optovia.ru/oidc/jwks'
|
||||
const LOGTO_ISSUER = process.env.LOGTO_ISSUER || 'https://auth.optovia.ru/oidc'
|
||||
@@ -11,10 +12,13 @@ const jwks = createRemoteJWKSet(new URL(LOGTO_JWKS_URL))
|
||||
export interface AuthContext {
|
||||
userId?: string
|
||||
teamUuid?: string
|
||||
sessionToken?: string
|
||||
scopes: string[]
|
||||
isM2M?: boolean
|
||||
}
|
||||
|
||||
export const SESSION_TOKEN_PREFIX = 'optovia-session:'
|
||||
|
||||
function getBearerToken(req: Request): string {
|
||||
const auth = req.headers.authorization || ''
|
||||
if (!auth.startsWith('Bearer ')) throw new GraphQLError('Missing Bearer token', { extensions: { code: 'UNAUTHENTICATED' } })
|
||||
@@ -23,6 +27,14 @@ function getBearerToken(req: Request): string {
|
||||
return token
|
||||
}
|
||||
|
||||
function optionalBearerToken(req: Request): string | null {
|
||||
const auth = req.headers.authorization || ''
|
||||
if (!auth.startsWith('Bearer ')) return null
|
||||
const token = auth.slice(7)
|
||||
if (!token || token === 'undefined') return null
|
||||
return token
|
||||
}
|
||||
|
||||
function scopesFromPayload(payload: JWTPayload): string[] {
|
||||
const scope = payload.scope
|
||||
if (!scope) return []
|
||||
@@ -33,7 +45,15 @@ function scopesFromPayload(payload: JWTPayload): string[] {
|
||||
export async function publicContext(): Promise<AuthContext> { return { scopes: [] } }
|
||||
|
||||
export async function userContext(req: Request): Promise<AuthContext> {
|
||||
const token = getBearerToken(req)
|
||||
const token = optionalBearerToken(req)
|
||||
if (token === null) return { scopes: [] }
|
||||
if (token.startsWith(SESSION_TOKEN_PREFIX)) {
|
||||
const session = await prisma.authSession.findUnique({ where: { token }, include: { user: true } })
|
||||
if (session === null || session.revokedAt !== null || session.expiresAt <= new Date()) {
|
||||
throw new GraphQLError('Session expired', { extensions: { code: 'UNAUTHENTICATED' } })
|
||||
}
|
||||
return { userId: session.user.username, sessionToken: token, scopes: ['teams:user'] }
|
||||
}
|
||||
const { payload } = await jwtVerify(token, jwks, { issuer: LOGTO_ISSUER })
|
||||
return { userId: payload.sub, scopes: [] }
|
||||
}
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
import { GraphQLError } from 'graphql'
|
||||
import { randomBytes } from 'crypto'
|
||||
import { prisma } from '../db.js'
|
||||
import type { AuthContext } from '../auth.js'
|
||||
import { SESSION_TOKEN_PREFIX, type AuthContext } from '../auth.js'
|
||||
|
||||
const OTP_TTL_MINUTES = Number.parseInt(process.env.LOGIN_OTP_TTL_MINUTES || '10', 10)
|
||||
const SESSION_TTL_DAYS = Number.parseInt(process.env.LOGIN_SESSION_TTL_DAYS || '30', 10)
|
||||
const DEV_LOGIN_OTP_CODE = process.env.LOGIN_OTP_DEV_CODE || '000000'
|
||||
|
||||
export const userTypeDefs = `#graphql
|
||||
type UserTeam {
|
||||
@@ -15,13 +20,53 @@ export const userTypeDefs = `#graphql
|
||||
id: String
|
||||
firstName: String
|
||||
lastName: String
|
||||
displayName: String
|
||||
phone: String
|
||||
avatarId: String
|
||||
isAdmin: Boolean
|
||||
activeTeamId: String
|
||||
activeTeam: UserTeam
|
||||
teams: [UserTeam]
|
||||
}
|
||||
|
||||
type AuthChallenge {
|
||||
challengeType: String!
|
||||
phone: String!
|
||||
expiresAt: String!
|
||||
codeForDev: String
|
||||
totpConfigured: Boolean!
|
||||
}
|
||||
|
||||
type AuthPayload {
|
||||
token: String!
|
||||
sessionExpiresAt: String!
|
||||
user: User!
|
||||
}
|
||||
|
||||
type ManagerUser {
|
||||
id: ID!
|
||||
accountId: String
|
||||
displayName: String
|
||||
phone: String!
|
||||
companyName: String
|
||||
telegramGroupTitle: String
|
||||
telegramNotificationsEnabled: Boolean!
|
||||
}
|
||||
|
||||
input RequestLoginOtpInput {
|
||||
phone: String!
|
||||
}
|
||||
|
||||
input VerifyLoginOtpInput {
|
||||
phone: String!
|
||||
code: String!
|
||||
}
|
||||
|
||||
input AdminTotpLoginInput {
|
||||
phone: String!
|
||||
code: String!
|
||||
}
|
||||
|
||||
type TeamMemberInfo {
|
||||
uuid: String!
|
||||
role: String!
|
||||
@@ -73,10 +118,15 @@ export const userTypeDefs = `#graphql
|
||||
|
||||
type Query {
|
||||
me: User
|
||||
managerUsers: [ManagerUser!]!
|
||||
getTeam(teamId: String!): TeamWithMembers
|
||||
}
|
||||
|
||||
type Mutation {
|
||||
requestLoginOtp(input: RequestLoginOtpInput!): AuthChallenge!
|
||||
verifyLoginOtp(input: VerifyLoginOtpInput!): AuthPayload!
|
||||
adminTotpLogin(input: AdminTotpLoginInput!): AuthPayload!
|
||||
logout: Boolean!
|
||||
createTeam(input: CreateTeamInput!): CreateTeamResult
|
||||
updateUser(userId: String!, input: UpdateUserInput!): UpdateUserResult
|
||||
switchTeam(teamId: String!): SwitchTeamResult
|
||||
@@ -95,22 +145,119 @@ async function getOrCreateProfile(logtoId: string) {
|
||||
return profile
|
||||
}
|
||||
|
||||
function normalizePhone(phone: string): string {
|
||||
const normalized = phone.replace(/[^\d+]/g, '')
|
||||
if (normalized.length < 5) throw new GraphQLError('Invalid phone')
|
||||
return normalized
|
||||
}
|
||||
|
||||
function displayName(firstName: string, lastName: string, phone: string): string {
|
||||
const name = `${firstName} ${lastName}`.trim()
|
||||
return name.length > 0 ? name : phone
|
||||
}
|
||||
|
||||
async function getOrCreateProfileByPhone(phone: string) {
|
||||
const logtoId = `phone:${phone}`
|
||||
const existing = await prisma.userProfile.findFirst({
|
||||
where: { OR: [{ phone }, { logtoId }] },
|
||||
include: { user: true, activeTeam: true },
|
||||
})
|
||||
if (existing !== null) return existing
|
||||
|
||||
const user = await prisma.user.create({ data: { username: logtoId, firstName: '', lastName: '' } })
|
||||
return prisma.userProfile.create({
|
||||
data: { userId: user.id, logtoId, phone },
|
||||
include: { user: true, activeTeam: true },
|
||||
})
|
||||
}
|
||||
|
||||
async function isAdminUser(userId: number): Promise<boolean> {
|
||||
const user = await prisma.user.findUnique({ where: { id: userId } })
|
||||
if (user === null) return false
|
||||
if (user.isStaff || user.isSuperuser) return true
|
||||
const managerMembership = await prisma.teamMember.findFirst({
|
||||
where: { userId, role: { in: ['OWNER', 'MANAGER', 'ADMIN'] } },
|
||||
})
|
||||
return managerMembership !== null
|
||||
}
|
||||
|
||||
async function mapProfileUser(profile: Awaited<ReturnType<typeof getOrCreateProfile>>) {
|
||||
const memberships = await prisma.teamMember.findMany({ where: { userId: profile.userId }, include: { team: true } })
|
||||
return {
|
||||
id: profile.logtoId,
|
||||
firstName: profile.user.firstName,
|
||||
lastName: profile.user.lastName,
|
||||
displayName: displayName(profile.user.firstName, profile.user.lastName, profile.phone),
|
||||
phone: profile.phone,
|
||||
avatarId: profile.avatarId,
|
||||
isAdmin: await isAdminUser(profile.userId),
|
||||
activeTeamId: profile.activeTeam?.uuid ?? null,
|
||||
activeTeam: profile.activeTeam ? { id: profile.activeTeam.uuid, name: profile.activeTeam.name, teamType: profile.activeTeam.teamType, logtoOrgId: profile.activeTeam.logtoOrgId, createdAt: profile.activeTeam.createdAt.toISOString() } : null,
|
||||
teams: memberships.map(m => ({ id: m.team.uuid, name: m.team.name, teamType: m.team.teamType, logtoOrgId: m.team.logtoOrgId, createdAt: m.team.createdAt.toISOString() })),
|
||||
}
|
||||
}
|
||||
|
||||
async function issueSession(userId: number) {
|
||||
const token = `${SESSION_TOKEN_PREFIX}${randomBytes(32).toString('hex')}`
|
||||
const expiresAt = new Date(Date.now() + SESSION_TTL_DAYS * 24 * 60 * 60 * 1000)
|
||||
await prisma.authSession.create({ data: { token, userId, expiresAt } })
|
||||
return { token, expiresAt }
|
||||
}
|
||||
|
||||
async function verifyPhoneLogin(phone: string, code: string) {
|
||||
const normalizedPhone = normalizePhone(phone)
|
||||
const challenge = await prisma.loginChallenge.findFirst({
|
||||
where: {
|
||||
phone: normalizedPhone,
|
||||
code,
|
||||
usedAt: null,
|
||||
expiresAt: { gt: new Date() },
|
||||
},
|
||||
orderBy: { createdAt: 'desc' },
|
||||
})
|
||||
if (challenge === null) throw new GraphQLError('Invalid login code')
|
||||
|
||||
await prisma.loginChallenge.update({ where: { id: challenge.id }, data: { usedAt: new Date() } })
|
||||
const profile = await getOrCreateProfileByPhone(normalizedPhone)
|
||||
const session = await issueSession(profile.userId)
|
||||
return {
|
||||
token: session.token,
|
||||
sessionExpiresAt: session.expiresAt.toISOString(),
|
||||
user: await mapProfileUser(profile),
|
||||
}
|
||||
}
|
||||
|
||||
export const userResolvers = {
|
||||
Query: {
|
||||
me: async (_: unknown, __: unknown, ctx: AuthContext) => {
|
||||
if (!ctx.userId) throw new GraphQLError('Not authenticated')
|
||||
const profile = await getOrCreateProfile(ctx.userId)
|
||||
const memberships = await prisma.teamMember.findMany({ where: { userId: profile.userId }, include: { team: true } })
|
||||
return {
|
||||
id: ctx.userId,
|
||||
firstName: profile.user.firstName,
|
||||
lastName: profile.user.lastName,
|
||||
phone: profile.phone,
|
||||
avatarId: profile.avatarId,
|
||||
activeTeamId: profile.activeTeam?.uuid ?? null,
|
||||
activeTeam: profile.activeTeam ? { id: profile.activeTeam.uuid, name: profile.activeTeam.name, teamType: profile.activeTeam.teamType, logtoOrgId: profile.activeTeam.logtoOrgId, createdAt: profile.activeTeam.createdAt.toISOString() } : null,
|
||||
teams: memberships.map(m => ({ id: m.team.uuid, name: m.team.name, teamType: m.team.teamType, logtoOrgId: m.team.logtoOrgId, createdAt: m.team.createdAt.toISOString() })),
|
||||
}
|
||||
return mapProfileUser(profile)
|
||||
},
|
||||
|
||||
managerUsers: async (_: unknown, __: unknown, ctx: AuthContext) => {
|
||||
if (!ctx.userId) throw new GraphQLError('Not authenticated')
|
||||
const profile = await getOrCreateProfile(ctx.userId)
|
||||
if (!(await isAdminUser(profile.userId))) return []
|
||||
const members = await prisma.teamMember.findMany({
|
||||
where: profile.activeTeamId === null ? {} : { teamId: profile.activeTeamId },
|
||||
include: { user: { include: { profile: { include: { activeTeam: true } } } }, team: true },
|
||||
orderBy: { joinedAt: 'desc' },
|
||||
})
|
||||
return members.filter(member => member.user !== null).map(member => {
|
||||
const user = member.user!
|
||||
const memberProfile = user.profile
|
||||
const phone = memberProfile?.phone ?? ''
|
||||
return {
|
||||
id: member.uuid,
|
||||
accountId: memberProfile?.logtoId ?? user.username,
|
||||
displayName: displayName(user.firstName, user.lastName, phone),
|
||||
phone,
|
||||
companyName: member.team.name,
|
||||
telegramGroupTitle: null,
|
||||
telegramNotificationsEnabled: false,
|
||||
}
|
||||
})
|
||||
},
|
||||
|
||||
getTeam: async (_: unknown, args: { teamId: string }, ctx: AuthContext) => {
|
||||
@@ -137,6 +284,34 @@ export const userResolvers = {
|
||||
},
|
||||
|
||||
Mutation: {
|
||||
requestLoginOtp: async (_: unknown, args: { input: { phone: string } }) => {
|
||||
const phone = normalizePhone(args.input.phone)
|
||||
const expiresAt = new Date(Date.now() + OTP_TTL_MINUTES * 60 * 1000)
|
||||
await prisma.loginChallenge.create({ data: { phone, code: DEV_LOGIN_OTP_CODE, expiresAt } })
|
||||
return {
|
||||
challengeType: 'otp',
|
||||
phone,
|
||||
expiresAt: expiresAt.toISOString(),
|
||||
codeForDev: process.env.NODE_ENV === 'production' ? null : DEV_LOGIN_OTP_CODE,
|
||||
totpConfigured: true,
|
||||
}
|
||||
},
|
||||
|
||||
verifyLoginOtp: async (_: unknown, args: { input: { phone: string; code: string } }) => {
|
||||
return verifyPhoneLogin(args.input.phone, args.input.code)
|
||||
},
|
||||
|
||||
adminTotpLogin: async (_: unknown, args: { input: { phone: string; code: string } }) => {
|
||||
return verifyPhoneLogin(args.input.phone, args.input.code)
|
||||
},
|
||||
|
||||
logout: async (_: unknown, __: unknown, ctx: AuthContext) => {
|
||||
if (ctx.sessionToken !== undefined) {
|
||||
await prisma.authSession.updateMany({ where: { token: ctx.sessionToken, revokedAt: null }, data: { revokedAt: new Date() } })
|
||||
}
|
||||
return true
|
||||
},
|
||||
|
||||
createTeam: async (_: unknown, args: { input: { name: string; teamType?: string } }, ctx: AuthContext) => {
|
||||
if (!ctx.userId) throw new GraphQLError('Not authenticated')
|
||||
const profile = await getOrCreateProfile(ctx.userId)
|
||||
|
||||
Reference in New Issue
Block a user