feat: Add legal requirements (#1306)

2025-12-20 01:14:12 +03:00 · 2025-08-21 15:10:02 +02:00
parent bb40a22563
commit 2f4bcb0583
122 changed files with 1522 additions and 81 deletions
--- a/server/api/helpers/access-tokens/handle-steps.js
+++ b/server/api/helpers/access-tokens/handle-steps.js
@@ -0,0 +1,123 @@
+/*!
+ * Copyright (c) 2024 PLANKA Software GmbH
+ * Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
+ */
+
+const { AccessTokenSteps } = require('../../../constants');
+
+const Errors = {
+  ADMIN_LOGIN_REQUIRED_TO_INITIALIZE_INSTANCE: {
+    adminLoginRequiredToInitializeInstance: 'Admin login required to initialize instance',
+  },
+};
+
+const PENDING_TOKEN_EXPIRES_IN = 10 * 60;
+
+module.exports = {
+  inputs: {
+    user: {
+      type: 'ref',
+      required: true,
+    },
+    request: {
+      type: 'ref',
+      required: true,
+    },
+    response: {
+      type: 'ref',
+      required: true,
+    },
+    remoteAddress: {
+      type: 'string',
+      required: true,
+    },
+    withHttpOnlyToken: {
+      type: 'boolean',
+    },
+  },
+
+  exits: {
+    adminLoginRequiredToInitializeInstance: {},
+    termsAcceptanceRequired: {},
+  },
+
+  async fn(inputs) {
+    const config = await Config.qm.getOneMain();
+
+    if (!config.isInitialized) {
+      if (inputs.user.role === User.Roles.ADMIN) {
+        if (inputs.user.termsSignature) {
+          await Config.qm.updateOneMain({
+            isInitialized: true,
+          });
+        }
+      } else {
+        throw Errors.ADMIN_LOGIN_REQUIRED_TO_INITIALIZE_INSTANCE;
+      }
+    }
+
+    if (!sails.hooks.terms.hasSignature(inputs.user.termsSignature)) {
+      const { token: pendingToken, payload: pendingTokenPayload } =
+        sails.helpers.utils.createJwtToken(
+          AccessTokenSteps.ACCEPT_TERMS,
+          undefined,
+          PENDING_TOKEN_EXPIRES_IN,
+        );
+
+      const session = await sails.helpers.sessions.createOne.with({
+        values: {
+          pendingToken,
+          userId: inputs.user.id,
+          remoteAddress: inputs.remoteAddress,
+          userAgent: inputs.request.headers['user-agent'],
+        },
+        withHttpOnlyToken: inputs.withHttpOnlyToken,
+      });
+
+      if (session.httpOnlyToken && !inputs.request.isSocket) {
+        sails.helpers.utils.setHttpOnlyTokenCookie(
+          session.httpOnlyToken,
+          pendingTokenPayload,
+          inputs.response,
+        );
+      }
+
+      const termsType = sails.hooks.terms.getTypeByUserRole(inputs.user.role);
+
+      throw {
+        termsAcceptanceRequired: {
+          pendingToken,
+          termsType,
+          message: 'Terms acceptance required',
+          step: AccessTokenSteps.ACCEPT_TERMS,
+        },
+      };
+    }
+
+    const { token: accessToken, payload: accessTokenPayload } = sails.helpers.utils.createJwtToken(
+      inputs.user.id,
+    );
+
+    const session = await sails.helpers.sessions.createOne.with({
+      values: {
+        accessToken,
+        userId: inputs.user.id,
+        remoteAddress: inputs.remoteAddress,
+        userAgent: inputs.request.headers['user-agent'],
+      },
+      withHttpOnlyToken: inputs.withHttpOnlyToken,
+    });
+
+    if (session.httpOnlyToken && !inputs.request.isSocket) {
+      sails.helpers.utils.setHttpOnlyTokenCookie(
+        session.httpOnlyToken,
+        accessTokenPayload,
+        inputs.response,
+      );
+    }
+
+    return {
+      item: accessToken,
+    };
+  },
+};