5d3408fafa
Pattern hybride (cf. backend.md §7) : access token Bearer 30min en JSON + refresh token 30j en cookie httpOnly `rubis_refresh` géré custom au-dessus d'@adonisjs/auth qui ne ship pas de primitive refresh.
Migration refresh_tokens (uuid id, user_id FK CASCADE, hashed_token unique [SHA-256, 64 chars hex], expires_at, last_used_at nullable, revoked_at nullable, ip_address, user_agent). Index user_id + expires_at.
Service refresh_token.ts :
- issueRefreshToken(user, ctx) : génère 32 bytes random → base64url → hash SHA-256 stocké, plain dans le cookie httpOnly + secure (en prod) + sameSite strict + path=/api/v1/auth (le browser n'envoie le cookie que sur les routes auth, pas chaque requête API).
- consumeRefreshToken(ctx) : lookup par hash, validation expiry/revoked. Si on présente un token DÉJÀ révoqué, panic mode : tous les refresh tokens actifs du user sont invalidés (signal de vol — le vrai propriétaire devra se re-logger).
- revokeCurrentRefreshToken / revokeAllForUser pour logout et le panic.
Service auth_session.ts : factorise emitAuthSession(user, ctx) qui crée access + refresh + retourne l'AuthSession. Utilisé par signup / login / refresh — DRY.
Controllers :
- POST /auth/signup : emitAuthSession après tx (org + plans + user).
- POST /auth/login : emitAuthSession après verifyCredentials.
- POST /auth/refresh (nouveau) : consumeRefreshToken → emitAuthSession. Rotation : l'ancien token devient révoqué, le nouveau est posé. SPA-side : appelé au boot pour rehydrater + après 401 silencieux.
- POST /account/logout : User.accessTokens.delete + revokeCurrentRefreshToken + clearCookie.
CORS a déjà credentials: true → le cookie traverse cross-origin si origin allowed.
Bruno : nouvelle requête `Auth/04 Refresh.bru` + folder doc + flow décrit dans README. Bruno honore la cookie jar nativement, donc aucun setup additionnel pour tester.
⚠️ Le contrôleur Refresh est nouveau → le registre Tuyau-généré .adonisjs/server/controllers.ts sera régénéré au prochain `pnpm dev:api` (la regen est un effet de bord du boot Adonis, on ne peut pas la déclencher seule). Avant ce premier boot, `pnpm typecheck` échouera sur l'absence de `controllers.Refresh` dans le registre.
247 lines
8.0 KiB
TypeScript
247 lines
8.0 KiB
TypeScript
/**
|
|
* This file is automatically generated
|
|
* DO NOT EDIT manually
|
|
* Run "node ace migration:run" command to re-generate this file
|
|
*/
|
|
|
|
import { BaseModel, column } from '@adonisjs/lucid/orm'
|
|
import { DateTime } from 'luxon'
|
|
|
|
export class AuthAccessTokenSchema extends BaseModel {
|
|
static $columns = ['abilities', 'createdAt', 'expiresAt', 'hash', 'id', 'lastUsedAt', 'name', 'tokenableId', 'type', 'updatedAt'] as const
|
|
$columns = AuthAccessTokenSchema.$columns
|
|
@column()
|
|
declare abilities: string
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime | null
|
|
@column.dateTime()
|
|
declare expiresAt: DateTime | null
|
|
@column()
|
|
declare hash: string
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column.dateTime()
|
|
declare lastUsedAt: DateTime | null
|
|
@column()
|
|
declare name: string | null
|
|
@column()
|
|
declare tokenableId: string
|
|
@column()
|
|
declare type: string
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
}
|
|
|
|
export class ClientSchema extends BaseModel {
|
|
static $columns = ['address', 'createdAt', 'email', 'id', 'name', 'notes', 'organizationId', 'phone', 'siret', 'updatedAt'] as const
|
|
$columns = ClientSchema.$columns
|
|
@column()
|
|
declare address: string | null
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime
|
|
@column()
|
|
declare email: string
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column()
|
|
declare name: string
|
|
@column()
|
|
declare notes: string | null
|
|
@column()
|
|
declare organizationId: string
|
|
@column()
|
|
declare phone: string | null
|
|
@column()
|
|
declare siret: string | null
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
}
|
|
|
|
export class ImportBatchSchema extends BaseModel {
|
|
static $columns = ['createdAt', 'id', 'organizationId', 'updatedAt'] as const
|
|
$columns = ImportBatchSchema.$columns
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column()
|
|
declare organizationId: string
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
}
|
|
|
|
export class ImportDraftSchema extends BaseModel {
|
|
static $columns = ['batchId', 'confidence', 'createdAt', 'edited', 'extracted', 'filename', 'id', 'invoiceId', 'pdfStorageKey', 'status', 'updatedAt'] as const
|
|
$columns = ImportDraftSchema.$columns
|
|
@column()
|
|
declare batchId: string
|
|
@column()
|
|
declare confidence: Partial<{ clientId: number; clientName: number; clientEmail: number; numero: number; amountTtcCents: number; issueDate: number; dueDate: number; planId: number }>
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime
|
|
@column()
|
|
declare edited: { clientId: string | null; clientName: string; clientEmail: string | null; numero: string; amountTtcCents: number; issueDate: string; dueDate: string; planId: string | null }
|
|
@column()
|
|
declare extracted: { clientId: string | null; clientName: string; clientEmail: string | null; numero: string; amountTtcCents: number; issueDate: string; dueDate: string; planId: string | null }
|
|
@column()
|
|
declare filename: string
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column()
|
|
declare invoiceId: string | null
|
|
@column()
|
|
declare pdfStorageKey: string | null
|
|
@column()
|
|
declare status: 'pending' | 'validated' | 'skipped'
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
}
|
|
|
|
export class InvoiceSchema extends BaseModel {
|
|
static $columns = ['amountTtcCents', 'clientId', 'createdAt', 'dueDate', 'id', 'issueDate', 'notes', 'numero', 'organizationId', 'paidAt', 'pdfStorageKey', 'planId', 'rubisEarned', 'status', 'updatedAt'] as const
|
|
$columns = InvoiceSchema.$columns
|
|
@column()
|
|
declare amountTtcCents: number
|
|
@column()
|
|
declare clientId: string
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime
|
|
@column.dateTime()
|
|
declare dueDate: DateTime
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column.dateTime()
|
|
declare issueDate: DateTime
|
|
@column()
|
|
declare notes: string | null
|
|
@column()
|
|
declare numero: string
|
|
@column()
|
|
declare organizationId: string
|
|
@column.dateTime()
|
|
declare paidAt: DateTime | null
|
|
@column()
|
|
declare pdfStorageKey: string | null
|
|
@column()
|
|
declare planId: string | null
|
|
@column()
|
|
declare rubisEarned: number
|
|
@column()
|
|
declare status: 'pending' | 'awaiting_user_confirmation' | 'in_relance' | 'paid' | 'litigation' | 'cancelled'
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
}
|
|
|
|
export class OrganizationSchema extends BaseModel {
|
|
static $columns = ['createdAt', 'id', 'monthlyVolumeBucket', 'name', 'onboardingCompletedAt', 'rubisCount', 'siret', 'updatedAt'] as const
|
|
$columns = OrganizationSchema.$columns
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column()
|
|
declare monthlyVolumeBucket: string | null
|
|
@column()
|
|
declare name: string
|
|
@column.dateTime()
|
|
declare onboardingCompletedAt: DateTime | null
|
|
@column()
|
|
declare rubisCount: number
|
|
@column()
|
|
declare siret: string | null
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
}
|
|
|
|
export class PlanStepSchema extends BaseModel {
|
|
static $columns = ['body', 'createdAt', 'id', 'offsetDays', 'order', 'planId', 'requiresManualValidation', 'subject', 'tone', 'updatedAt'] as const
|
|
$columns = PlanStepSchema.$columns
|
|
@column()
|
|
declare body: string
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column()
|
|
declare offsetDays: number
|
|
@column()
|
|
declare order: number
|
|
@column()
|
|
declare planId: string
|
|
@column()
|
|
declare requiresManualValidation: boolean
|
|
@column()
|
|
declare subject: string
|
|
@column()
|
|
declare tone: 'amical' | 'courtois' | 'ferme' | 'mise_en_demeure'
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
}
|
|
|
|
export class PlanSchema extends BaseModel {
|
|
static $columns = ['createdAt', 'description', 'id', 'isDefault', 'name', 'organizationId', 'slug', 'updatedAt'] as const
|
|
$columns = PlanSchema.$columns
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime
|
|
@column()
|
|
declare description: string
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column()
|
|
declare isDefault: boolean
|
|
@column()
|
|
declare name: string
|
|
@column()
|
|
declare organizationId: string
|
|
@column()
|
|
declare slug: string | null
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
}
|
|
|
|
export class RefreshTokenSchema extends BaseModel {
|
|
static $columns = ['createdAt', 'expiresAt', 'hashedToken', 'id', 'ipAddress', 'lastUsedAt', 'revokedAt', 'updatedAt', 'userAgent', 'userId'] as const
|
|
$columns = RefreshTokenSchema.$columns
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime
|
|
@column.dateTime()
|
|
declare expiresAt: DateTime
|
|
@column()
|
|
declare hashedToken: string
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column()
|
|
declare ipAddress: string | null
|
|
@column.dateTime()
|
|
declare lastUsedAt: DateTime | null
|
|
@column.dateTime()
|
|
declare revokedAt: DateTime | null
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
@column()
|
|
declare userAgent: string | null
|
|
@column()
|
|
declare userId: string
|
|
}
|
|
|
|
export class UserSchema extends BaseModel {
|
|
static $columns = ['createdAt', 'email', 'fullName', 'id', 'organizationId', 'password', 'signature', 'updatedAt'] as const
|
|
$columns = UserSchema.$columns
|
|
@column.dateTime({ autoCreate: true })
|
|
declare createdAt: DateTime
|
|
@column()
|
|
declare email: string
|
|
@column()
|
|
declare fullName: string | null
|
|
@column({ isPrimary: true })
|
|
declare id: string
|
|
@column()
|
|
declare organizationId: string | null
|
|
@column({ serializeAs: null })
|
|
declare password: string
|
|
@column()
|
|
declare signature: string | null
|
|
@column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
declare updatedAt: DateTime | null
|
|
}
|