From 3081b7a29dba371871f24102e30c09bac6de959d Mon Sep 17 00:00:00 2001 From: root Date: Sat, 25 Apr 2026 21:28:26 +0200 Subject: [PATCH] table:vault update --- dbcreate.sql | 27 +- server.js | 4 +- src/models/{vaulModel.js => vaultModel.js} | 6 +- src/services/identityManager.js | 302 --------------------- 4 files changed, 18 insertions(+), 321 deletions(-) rename src/models/{vaulModel.js => vaultModel.js} (89%) delete mode 100644 src/services/identityManager.js diff --git a/dbcreate.sql b/dbcreate.sql index a514ec3..add13b2 100644 --- a/dbcreate.sql +++ b/dbcreate.sql @@ -50,23 +50,20 @@ GO /* ========================================================= CORE TABLES ========================================================= */ -CREATE TABLE Vault ( - ID UNIQUEIDENTIFIER PRIMARY KEY DEFAULT NEWID(), - - Customer_ID NVARCHAR(128) NOT NULL, -- ehem. tenantId - Feature NVARCHAR(128) NOT NULL, -- z.B. AD_SYNC, DEMO_PLUGIN - - Payload NVARCHAR(MAX) NOT NULL, -- flexible JSON (config, limits etc.) - Signature NVARCHAR(MAX) NOT NULL, -- RSA-Signatur (Base64) - - Active BIT NOT NULL DEFAULT 1, - - ExpiresAt DATETIME NULL, - - CreatedAt DATETIME NOT NULL DEFAULT GETDATE(), - UpdatedAt DATETIME NULL DEFAULT GETDATE() +CREATE TABLE dbo.Vault ( + ID int IDENTITY(1,1) NOT NULL, + CustomerGUID uniqueidentifier NOT NULL, + Feature nvarchar(128) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, + Payload nvarchar(MAX) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, + Signature nvarchar(MAX) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, + Active bit DEFAULT 1 NOT NULL, + ExpiresAt datetime NULL, + CreatedAt datetime DEFAULT getdate() NOT NULL, + UpdatedAt datetime DEFAULT getdate() NULL, + CONSTRAINT PK__Vault__3214EC275180843D PRIMARY KEY (ID) ); + CREATE TABLE dbo.ObjectSource ( ID INT IDENTITY(1,1) PRIMARY KEY, Name VARCHAR(100) NOT NULL UNIQUE diff --git a/server.js b/server.js index 1943b23..ea2e62d 100644 --- a/server.js +++ b/server.js @@ -121,6 +121,9 @@ const server = https.createServer(httpsOptions, app); service.set('fileSystemManager', new FileSystemManager()); + databaseModel.set('vault', require(`@models/vaultModel`)(service.get('sqlManager').getInstance('main'))); + service.set('vaultifyManager', new VaultifyManager(databaseModel.get('vault'), "123")); + databaseModel.set('authenticationGroupsModel', require(`@models/authenticationGroupsModel`)(service.get('sqlManager').getInstance('main'))); databaseModel.set('authenticationRolesModel', require(`@models/authenticationRolesModel`)(service.get('sqlManager').getInstance('main'))); databaseModel.set('groupClosureModel', require(`@models/groupClosureModel`)(service.get('sqlManager').getInstance('main'))); @@ -132,7 +135,6 @@ const server = https.createServer(httpsOptions, app); databaseModel.set('rolePermissionsModel', require(`@models/rolePermissionsModel`)(service.get('sqlManager').getInstance('main'))); service.set('authenticationManager', new AuthenticationManager(databaseModel.get('authentication'), app.locals.configuration.integration.token.secret, databaseModel)); - // service.set('vaultifyManager', new VaultifyManager()); service.set('activeDirectoryManager', new ActiveDirectory(app.locals.configuration.integration.activedirectory)) // everytime last created service! diff --git a/src/models/vaulModel.js b/src/models/vaultModel.js similarity index 89% rename from src/models/vaulModel.js rename to src/models/vaultModel.js index 1fbe410..d21b0b7 100644 --- a/src/models/vaulModel.js +++ b/src/models/vaultModel.js @@ -5,13 +5,13 @@ module.exports = (sequelize) => { const Vault = sequelize.define('Vault', { ID: { - type: DataTypes.UUID, + type: DataTypes.INTEGER, primaryKey: true, - defaultValue: DataTypes.UUIDV4 + autoIncrement: true }, Customer_ID: { - type: DataTypes.STRING(128), + type: DataTypes.UUIDV4, allowNull: false }, diff --git a/src/services/identityManager.js b/src/services/identityManager.js deleted file mode 100644 index be4d7b4..0000000 --- a/src/services/identityManager.js +++ /dev/null @@ -1,302 +0,0 @@ -const { Op } = require('sequelize'); - -class IdentityManager { - constructor(adManager, AuthenticationModel) { - this.ad = adManager || null; - this.Authentication = AuthenticationModel; - } - - /** - * ----------------------------------------------------- - * REQUIRED FIELDS (MANUAL USER) - * ----------------------------------------------------- - */ - REQUIRED_FIELDS = [ - 'sAMAccountName', - 'mail', - 'givenName', - 'sn', - 'password' - ]; - - /** - * ----------------------------------------------------- - * VALIDATE MANUAL USER - * ----------------------------------------------------- - */ - validateManualUser(user) { - const missing = []; - - for (const field of this.REQUIRED_FIELDS) { - if ( - user[field] === undefined || - user[field] === null || - user[field] === '' - ) { - missing.push(field); - } - } - - if (missing.length) { - throw new Error( - `Fehlende Pflichtfelder: ${missing.join(', ')}` - ); - } - - // 🔍 Optional: einfache Zusatzvalidierungen - if (user.mail && !user.mail.includes('@')) { - throw new Error('Ungültige E-Mail-Adresse'); - } - - if (user.password && user.password.length < 6) { - throw new Error('Passwort muss mindestens 6 Zeichen lang sein'); - } - } - - /** - * ----------------------------------------------------- - * FIXED MAPPING (AD → Authentication) - * ----------------------------------------------------- - */ - mapAdObject(obj) { - if (!obj || !obj.objectGUID) return null; - - return { - ObjectGUID: obj.objectGUID, - sAMAccountName: obj.sAMAccountName || obj.cn || null, - mail: obj.mail || null, - givenName: obj.givenName || null, - sn: obj.sn || null, - employeeID: obj.employeeID || null, - title: obj.title || null, - department: obj.department || null, - streetAddress: obj.streetAddress || null, - userAccountControl_ID: obj.userAccountControl || null, - authenticationType_ID: 1, - telephoneNumber: obj.telephoneNumber || null, - physicalDeliveryOfficeName: obj.physicalDeliveryOfficeName || null, - distinguishedName: obj.dn || null, - password: null, - refreshtoken: null, - active: true, - online: false - }; - } - - /** - * ----------------------------------------------------- - * DEDUP (wie SQL UNION) - * ----------------------------------------------------- - */ - deduplicateByGUID(items) { - const map = new Map(); - - for (const item of items) { - if (!item?.ObjectGUID) continue; - map.set(item.ObjectGUID, item); - } - - return Array.from(map.values()); - } - - /** - * ----------------------------------------------------- - * TABLE CHECK / CREATE - * ----------------------------------------------------- - */ - async ensureTable() { - const qi = this.Authentication.sequelize.getQueryInterface(); - const tables = await qi.showAllTables(); - - const exists = tables.includes('Authentication'); - - if (!exists) { - await this.Authentication.sync(); - return false; - } - - return true; - } - - /** - * ----------------------------------------------------- - * CORE SYNC (INTELLIGENT) - * ----------------------------------------------------- - */ - async syncFromAD() { - if (!this.ad) { - throw new Error('AD nicht konfiguriert'); - } - - const [users, groups, computers] = await Promise.all([ - this.ad.findUsers('*'), - this.ad.findGroups('*'), - this.ad.getComputers() - ]); - - const mapped = this.deduplicateByGUID([ - ...users.map(u => this.mapAdObject(u)), - ...groups.map(g => this.mapAdObject(g)), - ...computers.map(c => this.mapAdObject(c)) - ].filter(Boolean)); - - if (!mapped.length) { - return { total: 0, deactivated: 0 }; - } - - await this.Authentication.bulkCreate(mapped, { - updateOnDuplicate: [ - 'mail', - 'givenName', - 'sn', - 'employeeID', - 'title', - 'department', - 'streetAddress', - 'userAccountControl_ID', - 'telephoneNumber', - 'physicalDeliveryOfficeName', - 'distinguishedName', - 'active' - ] - }); - - const existing = await this.Authentication.findAll({ - where: { authenticationType_ID: 1 }, - attributes: ['ObjectGUID'] - }); - - const adGuids = new Set(mapped.map(u => u.ObjectGUID)); - - const toDeactivate = existing - .filter(e => !adGuids.has(e.ObjectGUID)) - .map(e => e.ObjectGUID); - - if (toDeactivate.length) { - await this.Authentication.update( - { active: false }, - { - where: { - ObjectGUID: toDeactivate - } - } - ); - } - - return { - total: mapped.length, - deactivated: toDeactivate.length, - adGuids: Array.from(adGuids) - }; - } - - /** - * ----------------------------------------------------- - * OPTIONAL: HARD DELETE - * ----------------------------------------------------- - */ - async removeDeletedADObjects(adGuids) { - return this.Authentication.destroy({ - where: { - authenticationType_ID: 1, - ObjectGUID: { - [Op.notIn]: adGuids - } - } - }); - } - - /** - * ----------------------------------------------------- - * RECREATE - * ----------------------------------------------------- - */ - async recreateAuthentications(hardReset = false) { - let message = ''; - - const exists = await this.ensureTable(); - - if (!exists) { - message = 'Tabelle wurde neu erstellt '; - } - - try { - const result = await this.syncFromAD(); - - message += `Sync abgeschlossen (${result.total} Objekte)`; - - if (result.deactivated) { - message += `, ${result.deactivated} deaktiviert`; - } - - if (hardReset) { - const deleted = await this.removeDeletedADObjects(result.adGuids); - message += `, ${deleted} gelöscht`; - } - - } catch (err) { - message += 'Fehler: ' + err.message; - } - - return message; - } - - /** - * ----------------------------------------------------- - * MANUAL USER (MIT VALIDATION) - * ----------------------------------------------------- - */ - async createManualUser(user) { - this.validateManualUser(user); - - return this.Authentication.create({ - ...user, - authenticationType_ID: 2, - active: true, - online: false - }); - } - - /** - * ----------------------------------------------------- - * MANUAL BULK (MIT VALIDATION) - * ----------------------------------------------------- - */ - async createManualUsers(users) { - const errors = []; - - users.forEach((user, index) => { - try { - this.validateManualUser(user); - } catch (err) { - errors.push(`User ${index}: ${err.message}`); - } - }); - - if (errors.length) { - throw new Error(errors.join(' | ')); - } - - return this.Authentication.bulkCreate( - users.map(user => ({ - ...user, - authenticationType_ID: 2, - active: true, - online: false - })) - ); - } - - /** - * ----------------------------------------------------- - * GET USER - * ----------------------------------------------------- - */ - async getUser(username) { - return this.Authentication.findOne({ - where: { sAMAccountName: username } - }); - } -} - -module.exports = IdentityManager; \ No newline at end of file