@albirex/platformatic-logto 1.3.6 → 1.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/lib/index.cjs +12 -4
  2. package/lib/index.cjs.map +1 -1
  3. package/lib/index.d.cts +3 -2
  4. package/lib/index.d.ts +3 -2
  5. package/lib/index.js +7 -4
  6. package/lib/index.js.map +1 -1
  7. package/package.json +3 -4
package/lib/index.cjs CHANGED
@@ -29,7 +29,9 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
29
29
  // src/index.ts
30
30
  var index_exports = {};
31
31
  __export(index_exports, {
32
- default: () => index_default
32
+ default: () => index_default,
33
+ fastifyLogto: () => import_fastify_logto2.fastifyLogto,
34
+ platformaticLogto: () => platformaticLogto
33
35
  });
34
36
  module.exports = __toCommonJS(index_exports);
35
37
  var import_fastify_plugin = __toESM(require("fastify-plugin"), 1);
@@ -97,8 +99,9 @@ var MissingNotNullableError = (0, import_error.default)(`${ERROR_PREFIX}_NOT_NUL
97
99
 
98
100
  // src/index.ts
99
101
  var import_fastify_logto = __toESM(require("@albirex/fastify-logto"), 1);
102
+ var import_fastify_logto2 = require("@albirex/fastify-logto");
100
103
  var PLT_ADMIN_ROLE = "platformatic-admin";
101
- var auth = async (app, opts) => {
104
+ var platformaticLogto = (0, import_fastify_plugin.default)(async (app, opts) => {
102
105
  app.register(import_fastify_logto.default, {
103
106
  endpoint: opts.logtoBaseUrl || "https://auth.example.com",
104
107
  appId: opts.logtoAppId || "your-app-id",
@@ -372,7 +375,7 @@ var auth = async (app, opts) => {
372
375
  });
373
376
  }
374
377
  });
375
- };
378
+ }, { name: "@albirex/platformatic-logto" });
376
379
  async function fromRuleToWhere(ctx, rule, where, user) {
377
380
  if (!rule) {
378
381
  throw new Unauthorized();
@@ -462,5 +465,10 @@ function checkSaveMandatoryFieldsInRules(type, rules) {
462
465
  }
463
466
  }
464
467
  }
465
- var index_default = (0, import_fastify_plugin.default)(auth, { name: "@albirex/platformatic-logto" });
468
+ var index_default = platformaticLogto;
469
+ // Annotate the CommonJS export names for ESM import in node:
470
+ 0 && (module.exports = {
471
+ fastifyLogto,
472
+ platformaticLogto
473
+ });
466
474
  //# sourceMappingURL=index.cjs.map
package/lib/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/utils/find-rule.ts","../src/utils/utils.ts","../src/utils/errors.ts"],"sourcesContent":["import fp from 'fastify-plugin'\nimport * as fastifyUser from 'fastify-user'\n\nimport findRule from './utils/find-rule.js'\nimport { getRequestFromContext, getRoles } from './utils/utils.js'\nimport { Unauthorized, UnauthorizedField, MissingNotNullableError } from './utils/errors.js'\nimport fastifyLogto from '@albirex/fastify-logto';\nimport { FastifyInstance, FastifyPluginAsync } from 'fastify'\nimport type { FastifyUserPluginOptions } from 'fastify-user';\nimport type { Entity, PlatformaticContext } from '@platformatic/sql-mapper'\n\nconst PLT_ADMIN_ROLE = 'platformatic-admin'\n\nexport type PlatformaticRule = {\n role: string;\n entity?: string;\n entities?: string[];\n defaults?: Record<string, string>;\n checks?: boolean;\n find?: boolean;\n save?: boolean;\n delete?: boolean;\n\n};\n\nexport type PlatformaticLogtoAuthOptions = {\n logtoBaseUrl?: string;\n logtoAppId?: string;\n logtoAppSecret?: string;\n adminSecret?: string;\n rolePath?: string;\n roleKey?: string;\n userPath?: string;\n userKey?: string;\n anonymousRole?: string;\n allowAnonymous?: boolean;\n checks?: boolean;\n defaults?: boolean;\n jwtPlugin: FastifyUserPluginOptions\n};\n\nconst auth: FastifyPluginAsync<PlatformaticLogtoAuthOptions> = async (app: FastifyInstance, opts: PlatformaticLogtoAuthOptions) => {\n app.register(fastifyLogto, {\n endpoint: opts.logtoBaseUrl || 'https://auth.example.com',\n appId: opts.logtoAppId || 'your-app-id',\n appSecret: opts.logtoAppSecret || 'your-app-secret',\n });\n\n await app.register(fastifyUser as unknown as FastifyPluginAsync, opts.jwtPlugin);\n\n const adminSecret = opts.adminSecret\n const roleKey = opts.rolePath || opts.roleKey || 'X-PLATFORMATIC-ROLE'\n const userKey = opts.userPath || opts.userKey || 'X-PLATFORMATIC-USER-ID'\n const isRolePath = !!opts.rolePath // if `true` the role is intepreted as path like `user.role`\n const anonymousRole = opts.anonymousRole || 'anonymous'\n\n async function composeLogToRules() {\n const rolesResp = await app.logto.callAPI('/api/roles?type=User', 'GET');\n\n if (!rolesResp.ok) {\n throw rolesResp;\n }\n\n const roles = await rolesResp.json();\n const rules: PlatformaticRule[] = [{\n role: anonymousRole,\n entities: Object.keys(app.platformatic.entities),\n find: opts.allowAnonymous,\n save: opts.allowAnonymous,\n delete: opts.allowAnonymous,\n }];\n\n for (const role of roles) {\n const scopesResp = await app.logto.callAPI(`/api/roles/${role.id}/scopes`, 'GET');\n\n if (!scopesResp.ok) {\n throw scopesResp;\n }\n\n const scopes = await scopesResp.json();\n\n for (const scope of scopes) {\n const roleName = role.name;\n // eslint-disable-next-line prefer-const\n let [scopeAction, entity] = scope.name.split(':');\n\n if (!app.platformatic.entities[entity]) {\n app.log.debug(`Unknown entity '${entity}' in authorization rule`)\n continue;\n }\n\n switch (scopeAction) {\n case 'create':\n scopeAction = 'save'\n break;\n case 'read':\n scopeAction = 'find'\n break;\n case 'update':\n scopeAction = 'updateMany'\n break;\n }\n\n const checkExists = rules.find(r => r.role === roleName && r.entity === entity);\n if (checkExists) {\n if (opts.checks) {\n checkExists[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n checkExists[scopeAction] = true;\n }\n } else {\n const newRule: PlatformaticRule = {\n role: roleName,\n entity,\n };\n\n if (opts.checks) {\n newRule[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n newRule[scopeAction] = true;\n }\n\n if (opts.defaults) {\n newRule.defaults = {\n userId: userKey\n };\n }\n\n rules.push(newRule);\n }\n }\n }\n\n const logRules = rules.reduce((prev, curr) => {\n (prev[curr['role']] ??= []).push(curr);\n return prev;\n }, {})\n\n for (const key in logRules) {\n app.log.info(`Rules set for role ${key}`);\n\n for (const element of logRules[key]) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { entity, entities, role, ...other } = element;\n app.log.info(`\\t${entity ?? entities.join(',')}: ${JSON.stringify(other)}`);\n }\n }\n\n const missingEntities = Object.keys(app.platformatic.entities).filter((e) => !rules.map((r) => r.entity).includes(e));\n\n if (missingEntities.length) {\n app.log.warn(`Missing rules for entities: ${missingEntities.join(', ')}`);\n }\n\n app.log.debug('LogTo calculated rules');\n app.log.debug(rules);\n return rules;\n }\n\n app.decorateRequest('setupDBAuthorizationUser', setupUser)\n\n async function setupUser() {\n // if (!adminSecret) {\n await this.extractUser()\n // }\n\n let forceAdminRole = false\n if (adminSecret && this.headers['x-platformatic-admin-secret'] === adminSecret) {\n if (opts.jwtPlugin.jwt) {\n forceAdminRole = true\n } else {\n this.log.info('admin secret is valid')\n this.user = new Proxy(this.headers, {\n get: (target, key) => {\n let value;\n if (!target[key.toString()]) {\n const newKey = key.toString().toLowerCase()\n value = target[newKey]\n } else {\n value = target[key.toString()]\n }\n\n if (!value && key.toString().toLowerCase() === roleKey.toLowerCase()) {\n value = PLT_ADMIN_ROLE\n }\n return value\n },\n })\n }\n }\n\n if (forceAdminRole) {\n // We replace just the role in `request.user`, all the rest is untouched\n this.user = {\n // ...request.user,\n [roleKey]: PLT_ADMIN_ROLE,\n }\n }\n }\n\n app.addHook('onReady', async function () {\n const rules = await composeLogToRules();\n\n // TODO validate that there is at most a rule for a given role\n const entityRules = {};\n for (let i = 0; i < rules.length; i++) {\n const rule = rules[i]\n\n let ruleEntities = null\n if (rule.entity) {\n ruleEntities = [rule.entity]\n } else if (rule.entities) {\n ruleEntities = [...rule.entities]\n } else {\n throw new Error(`Missing entity in authorization rule ${i}`)\n }\n\n for (const ruleEntity of ruleEntities) {\n const newRule = { ...rule, entity: ruleEntity, entities: undefined }\n if (!app.platformatic.entities[newRule.entity]) {\n throw new Error(`Unknown entity '${ruleEntity}' in authorization rule ${i}`)\n }\n\n if (!entityRules[ruleEntity]) {\n entityRules[ruleEntity] = []\n }\n entityRules[ruleEntity].push(newRule)\n }\n }\n\n for (const entityKey of Object.keys(app.platformatic.entities)) {\n const rules = entityRules[entityKey] || []\n const type = app.platformatic.entities[entityKey]\n\n // We have subscriptions!\n let userPropToFillForPublish\n const topicsWithoutChecks = false\n\n // mqtt\n // if (app.platformatic.mq) {\n // for (const rule of rules) {\n // const checks = rule.find?.checks\n // if (typeof checks !== 'object') {\n // topicsWithoutChecks = !!rule.find\n // continue\n // }\n // const keys = Object.keys(checks)\n // if (keys.length !== 1) {\n // throw new Error(`Subscription requires that the role \"${rule.role}\" has only one check in the find rule for entity \"${rule.entity}\"`)\n // }\n // const key = keys[0]\n\n // const val = typeof checks[key] === 'object' ? checks[key].eq : checks[key]\n // if (userPropToFillForPublish && userPropToFillForPublish.val !== val) {\n // throw new Error('Unable to configure subscriptions and authorization due to multiple check clauses in find')\n // }\n // userPropToFillForPublish = { key, val }\n // }\n // }\n\n if (userPropToFillForPublish && topicsWithoutChecks) {\n throw new Error(`Subscription for entity \"${entityKey}\" have conflictling rules across roles`)\n }\n\n // MUST set this after doing the security checks on the subscriptions\n if (adminSecret) {\n rules.push({\n role: PLT_ADMIN_ROLE,\n find: true,\n save: true,\n delete: true,\n })\n }\n\n // If we have `fields` in save rules, we need to check if all the not-nullable\n // fields are specified\n checkSaveMandatoryFieldsInRules(type, rules)\n\n function useOriginal(ctx: PlatformaticContext) {\n return !ctx\n }\n\n app.platformatic.addEntityHooks(entityKey, {\n async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {\n if (useOriginal(ctx)) {\n return originalFind({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields))\n where = await fromRuleToWhere(ctx, rule.find, where, request.user)\n\n return originalFind({ ...restOpts, where, ctx, fields })\n },\n async save(originalSave, { input, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalSave({ ctx, input, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, input)\n\n if (rule.defaults) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n\n const hasAllPrimaryKeys = input[type.primaryKey] !== undefined;\n const whereConditions = {}\n whereConditions[type.primaryKey] = { eq: input[type.primaryKey] }\n\n if (hasAllPrimaryKeys) {\n const where = await fromRuleToWhere(ctx, rule.save, whereConditions, request.user)\n\n const found = await type.find({\n where,\n ctx,\n fields,\n })\n\n if (found.length === 0) {\n throw new Unauthorized()\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n },\n\n async insert(originalInsert, { inputs, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, inputs)\n\n /* istanbul ignore else */\n if (rule.defaults) {\n for (const input of inputs) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n }\n\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n },\n\n async delete(originalDelete, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalDelete({ where, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.delete, where, request.user)\n\n return originalDelete({ where, ctx, fields, ...restOpts })\n },\n\n async updateMany(originalUpdateMany, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user)\n\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n },\n })\n }\n })\n}\n\nasync function fromRuleToWhere(ctx: PlatformaticContext, rule, where, user) {\n if (!rule) {\n throw new Unauthorized()\n }\n const request = getRequestFromContext(ctx)\n /* istanbul ignore next */\n where = where || {}\n\n if (typeof rule === 'object') {\n const { checks } = rule\n\n /* istanbul ignore else */\n if (checks) {\n for (const key of Object.keys(checks)) {\n const clauses = checks[key]\n if (typeof clauses === 'string') {\n // case: \"userId\": \"X-PLATFORMATIC-USER-ID\"\n where[key] = {\n eq: request.user[clauses],\n }\n } else {\n // case:\n // userId: {\n // eq: 'X-PLATFORMATIC-USER-ID'\n // }\n for (const clauseKey of Object.keys(clauses)) {\n const clause = clauses[clauseKey]\n where[key] = {\n [clauseKey]: request.user[clause],\n }\n }\n }\n }\n }\n } else if (typeof rule === 'function') {\n where = await rule({ user, ctx, where })\n }\n return where\n}\n\nasync function findRuleForRequestUser(ctx: PlatformaticContext, rules: PlatformaticRule[], roleKey: string, anonymousRole: string, isRolePath = false) {\n const request = getRequestFromContext(ctx)\n await request.setupDBAuthorizationUser()\n const roles = getRoles(request, roleKey, anonymousRole, isRolePath)\n const rule = findRule(rules, roles)\n if (!rule) {\n ctx.reply.request.log.warn({ roles, rules }, 'no rule for roles')\n throw new Unauthorized()\n }\n ctx.reply.request.log.trace({ roles, rule }, 'found rule')\n return rule\n}\n\nfunction checkFieldsFromRule(rule, fields) {\n if (!rule) {\n throw new Unauthorized()\n }\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n for (const field of fields) {\n if (!fieldsFromRule.includes(field)) {\n throw new UnauthorizedField(field)\n }\n }\n }\n}\n\nconst validateInputs = (inputs, fieldsFromRule) => {\n for (const input of inputs) {\n const inputFields = Object.keys(input)\n for (const inputField of inputFields) {\n if (!fieldsFromRule.includes(inputField)) {\n throw new UnauthorizedField(inputField)\n }\n }\n }\n}\n\nfunction checkInputFromRuleFields(rule, inputs) {\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n if (!Array.isArray(inputs)) {\n // save\n validateInputs([inputs], fieldsFromRule)\n } else {\n // insert\n validateInputs(inputs, fieldsFromRule)\n }\n }\n}\n\nfunction checkSaveMandatoryFieldsInRules(type: Entity, rules) {\n // List of not nullable, not PKs field to validate save/insert when allowed fields are specified on the rule\n const mandatoryFields =\n Object.values(type.fields)\n .filter(k => (!k.isNullable && !k.primaryKey))\n .map(({ camelcase }) => (camelcase))\n\n for (const rule of rules) {\n const { entity, save } = rule\n if (save && save.fields) {\n const fields = save.fields\n for (const mField of mandatoryFields) {\n if (!fields.includes(mField)) {\n throw new MissingNotNullableError(mField, entity)\n }\n }\n }\n }\n}\n\nexport default fp(auth, { name: '@albirex/platformatic-logto' })\n","'use strict'\n\nimport { PlatformaticRule } from '../index.js'\n\nfunction findRule(rules: PlatformaticRule[], roles: string[]) {\n let found = null\n for (const rule of rules) {\n for (const role of roles) {\n if (rule.role === role) {\n found = rule\n break\n }\n }\n if (found) {\n break\n }\n }\n return found\n}\n\nexport default findRule\n","'use strict'\n\nexport function getRequestFromContext (ctx) {\n if (ctx && !ctx.reply) {\n throw new Error('Missing reply in context. You should call this function with { ctx: { reply }}')\n }\n return ctx.reply.request\n}\n\nexport function getRoles (request, roleKey, anonymousRole, isRolePath = false) {\n let output = []\n const user = request.user\n if (!user) {\n output.push(anonymousRole)\n return output\n }\n\n let rolesRaw\n if (isRolePath) {\n const roleKeys = roleKey.split('.')\n rolesRaw = user\n for (const key of roleKeys) {\n rolesRaw = rolesRaw[key]\n }\n } else {\n rolesRaw = user[roleKey]\n }\n\n if (typeof rolesRaw === 'string') {\n output = rolesRaw.split(',')\n } else if (Array.isArray(rolesRaw)) {\n output = rolesRaw\n }\n if (output.length === 0) {\n output.push(anonymousRole)\n }\n\n return output\n}\n","'use strict'\n\nimport createError from '@fastify/error'\n\nconst ERROR_PREFIX = 'PLT_DB_AUTH'\n\nexport const Unauthorized = createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401)\nexport const UnauthorizedField = createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401)\nexport const MissingNotNullableError = createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`, 'missing not nullable field: \"%s\" in save rule for entity \"%s\"')\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAe;AACf,kBAA6B;;;ACG7B,SAAS,SAAS,OAA2B,OAAiB;AAC5D,MAAI,QAAQ;AACZ,aAAW,QAAQ,OAAO;AACxB,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,MAAM;AACtB,gBAAQ;AACR;AAAA,MACF;AAAA,IACF;AACA,QAAI,OAAO;AACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAO,oBAAQ;;;AClBR,SAAS,sBAAuB,KAAK;AAC1C,MAAI,OAAO,CAAC,IAAI,OAAO;AACrB,UAAM,IAAI,MAAM,gFAAgF;AAAA,EAClG;AACA,SAAO,IAAI,MAAM;AACnB;AAEO,SAAS,SAAU,SAAS,SAAS,eAAe,aAAa,OAAO;AAC7E,MAAI,SAAS,CAAC;AACd,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM;AACT,WAAO,KAAK,aAAa;AACzB,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI,YAAY;AACd,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,eAAW;AACX,eAAW,OAAO,UAAU;AAC1B,iBAAW,SAAS,GAAG;AAAA,IACzB;AAAA,EACF,OAAO;AACL,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,MAAI,OAAO,aAAa,UAAU;AAChC,aAAS,SAAS,MAAM,GAAG;AAAA,EAC7B,WAAW,MAAM,QAAQ,QAAQ,GAAG;AAClC,aAAS;AAAA,EACX;AACA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,KAAK,aAAa;AAAA,EAC3B;AAEA,SAAO;AACT;;;ACpCA,mBAAwB;AAExB,IAAM,eAAe;AAEd,IAAM,mBAAe,aAAAA,SAAY,GAAG,YAAY,iBAAiB,yBAAyB,GAAG;AAC7F,IAAM,wBAAoB,aAAAA,SAAY,GAAG,YAAY,uBAAuB,yBAAyB,GAAG;AACxG,IAAM,8BAA0B,aAAAA,SAAY,GAAG,YAAY,yBAAyB,+DAA+D;;;AHF1J,2BAAyB;AAKzB,IAAM,iBAAiB;AA8BvB,IAAM,OAAyD,OAAO,KAAsB,SAAuC;AAC/H,MAAI,SAAS,qBAAAC,SAAc;AAAA,IACvB,UAAU,KAAK,gBAAgB;AAAA,IAC/B,OAAO,KAAK,cAAc;AAAA,IAC1B,WAAW,KAAK,kBAAkB;AAAA,EACtC,CAAC;AAED,QAAM,IAAI,SAAS,aAA8C,KAAK,SAAS;AAE/E,QAAM,cAAc,KAAK;AACzB,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,aAAa,CAAC,CAAC,KAAK;AAC1B,QAAM,gBAAgB,KAAK,iBAAiB;AAE5C,iBAAe,oBAAoB;AAC/B,UAAM,YAAY,MAAM,IAAI,MAAM,QAAQ,wBAAwB,KAAK;AAEvE,QAAI,CAAC,UAAU,IAAI;AACf,YAAM;AAAA,IACV;AAEA,UAAM,QAAQ,MAAM,UAAU,KAAK;AACnC,UAAM,QAA4B,CAAC;AAAA,MAC/B,MAAM;AAAA,MACN,UAAU,OAAO,KAAK,IAAI,aAAa,QAAQ;AAAA,MAC/C,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACjB,CAAC;AAED,eAAW,QAAQ,OAAO;AACtB,YAAM,aAAa,MAAM,IAAI,MAAM,QAAQ,cAAc,KAAK,EAAE,WAAW,KAAK;AAEhF,UAAI,CAAC,WAAW,IAAI;AAChB,cAAM;AAAA,MACV;AAEA,YAAM,SAAS,MAAM,WAAW,KAAK;AAErC,iBAAW,SAAS,QAAQ;AACxB,cAAM,WAAW,KAAK;AAEtB,YAAI,CAAC,aAAa,MAAM,IAAI,MAAM,KAAK,MAAM,GAAG;AAEhD,YAAI,CAAC,IAAI,aAAa,SAAS,MAAM,GAAG;AACpC,cAAI,IAAI,MAAM,mBAAmB,MAAM,yBAAyB;AAChE;AAAA,QACJ;AAEA,gBAAQ,aAAa;AAAA,UACjB,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,QACR;AAEA,cAAM,cAAc,MAAM,KAAK,OAAK,EAAE,SAAS,YAAY,EAAE,WAAW,MAAM;AAC9E,YAAI,aAAa;AACb,cAAI,KAAK,QAAQ;AACb,wBAAY,WAAW,IAAI;AAAA,cACvB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,wBAAY,WAAW,IAAI;AAAA,UAC/B;AAAA,QACJ,OAAO;AACH,gBAAM,UAA4B;AAAA,YAC9B,MAAM;AAAA,YACN;AAAA,UACJ;AAEA,cAAI,KAAK,QAAQ;AACb,oBAAQ,WAAW,IAAI;AAAA,cACnB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,oBAAQ,WAAW,IAAI;AAAA,UAC3B;AAEA,cAAI,KAAK,UAAU;AACf,oBAAQ,WAAW;AAAA,cACf,QAAQ;AAAA,YACZ;AAAA,UACJ;AAEA,gBAAM,KAAK,OAAO;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,WAAW,MAAM,OAAO,CAAC,MAAM,SAAS;AAC1C,OAAC,KAAK,KAAK,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI;AACrC,aAAO;AAAA,IACX,GAAG,CAAC,CAAC;AAEL,eAAW,OAAO,UAAU;AACxB,UAAI,IAAI,KAAK,sBAAsB,GAAG,EAAE;AAExC,iBAAW,WAAW,SAAS,GAAG,GAAG;AAEjC,cAAM,EAAE,QAAQ,UAAU,MAAM,GAAG,MAAM,IAAI;AAC7C,YAAI,IAAI,KAAK,IAAK,UAAU,SAAS,KAAK,GAAG,CAAC,KAAK,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,MAC9E;AAAA,IACJ;AAEA,UAAM,kBAAkB,OAAO,KAAK,IAAI,aAAa,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEpH,QAAI,gBAAgB,QAAQ;AACxB,UAAI,IAAI,KAAK,+BAA+B,gBAAgB,KAAK,IAAI,CAAC,EAAE;AAAA,IAC5E;AAEA,QAAI,IAAI,MAAM,wBAAwB;AACtC,QAAI,IAAI,MAAM,KAAK;AACnB,WAAO;AAAA,EACX;AAEA,MAAI,gBAAgB,4BAA4B,SAAS;AAEzD,iBAAe,YAAY;AAEvB,UAAM,KAAK,YAAY;AAGvB,QAAI,iBAAiB;AACrB,QAAI,eAAe,KAAK,QAAQ,6BAA6B,MAAM,aAAa;AAC5E,UAAI,KAAK,UAAU,KAAK;AACpB,yBAAiB;AAAA,MACrB,OAAO;AACH,aAAK,IAAI,KAAK,uBAAuB;AACrC,aAAK,OAAO,IAAI,MAAM,KAAK,SAAS;AAAA,UAChC,KAAK,CAAC,QAAQ,QAAQ;AAClB,gBAAI;AACJ,gBAAI,CAAC,OAAO,IAAI,SAAS,CAAC,GAAG;AACzB,oBAAM,SAAS,IAAI,SAAS,EAAE,YAAY;AAC1C,sBAAQ,OAAO,MAAM;AAAA,YACzB,OAAO;AACH,sBAAQ,OAAO,IAAI,SAAS,CAAC;AAAA,YACjC;AAEA,gBAAI,CAAC,SAAS,IAAI,SAAS,EAAE,YAAY,MAAM,QAAQ,YAAY,GAAG;AAClE,sBAAQ;AAAA,YACZ;AACA,mBAAO;AAAA,UACX;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAEA,QAAI,gBAAgB;AAEhB,WAAK,OAAO;AAAA;AAAA,QAER,CAAC,OAAO,GAAG;AAAA,MACf;AAAA,IACJ;AAAA,EACJ;AAEA,MAAI,QAAQ,WAAW,iBAAkB;AACrC,UAAM,QAAQ,MAAM,kBAAkB;AAGtC,UAAM,cAAc,CAAC;AACrB,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACnC,YAAM,OAAO,MAAM,CAAC;AAEpB,UAAI,eAAe;AACnB,UAAI,KAAK,QAAQ;AACb,uBAAe,CAAC,KAAK,MAAM;AAAA,MAC/B,WAAW,KAAK,UAAU;AACtB,uBAAe,CAAC,GAAG,KAAK,QAAQ;AAAA,MACpC,OAAO;AACH,cAAM,IAAI,MAAM,wCAAwC,CAAC,EAAE;AAAA,MAC/D;AAEA,iBAAW,cAAc,cAAc;AACnC,cAAM,UAAU,EAAE,GAAG,MAAM,QAAQ,YAAY,UAAU,OAAU;AACnE,YAAI,CAAC,IAAI,aAAa,SAAS,QAAQ,MAAM,GAAG;AAC5C,gBAAM,IAAI,MAAM,mBAAmB,UAAU,2BAA2B,CAAC,EAAE;AAAA,QAC/E;AAEA,YAAI,CAAC,YAAY,UAAU,GAAG;AAC1B,sBAAY,UAAU,IAAI,CAAC;AAAA,QAC/B;AACA,oBAAY,UAAU,EAAE,KAAK,OAAO;AAAA,MACxC;AAAA,IACJ;AAEA,eAAW,aAAa,OAAO,KAAK,IAAI,aAAa,QAAQ,GAAG;AAgD5D,UAAS,cAAT,SAAqB,KAA0B;AAC3C,eAAO,CAAC;AAAA,MACZ;AAjDA,YAAMC,SAAQ,YAAY,SAAS,KAAK,CAAC;AACzC,YAAM,OAAO,IAAI,aAAa,SAAS,SAAS;AAGhD,UAAI;AACJ,YAAM,sBAAsB;AAwB5B,UAAI,4BAA4B,qBAAqB;AACjD,cAAM,IAAI,MAAM,4BAA4B,SAAS,wCAAwC;AAAA,MACjG;AAGA,UAAI,aAAa;AACb,QAAAA,OAAM,KAAK;AAAA,UACP,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,QACZ,CAAC;AAAA,MACL;AAIA,sCAAgC,MAAMA,MAAK;AAM3C,UAAI,aAAa,eAAe,WAAW;AAAA,QACvC,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,IAAI,CAAC,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AACxF,8BAAoB,KAAK,MAAM,UAAU,OAAO,KAAK,IAAI,aAAa,SAAS,SAAS,EAAE,MAAM,CAAC;AACjG,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,OAAO,QAAQ,IAAI;AAEjE,iBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QAC3D;AAAA,QACA,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC1D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,KAAK,OAAO,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AACA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,KAAK;AAEzC,cAAI,KAAK,UAAU;AACf,uBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,oBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,kBAAI,OAAO,aAAa,YAAY;AAChC,sBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,cAClE,OAAO;AACH,sBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,cACtC;AAAA,YACJ;AAAA,UACJ;AAEA,gBAAM,oBAAoB,MAAM,KAAK,UAAU,MAAM;AACrD,gBAAM,kBAAkB,CAAC;AACzB,0BAAgB,KAAK,UAAU,IAAI,EAAE,IAAI,MAAM,KAAK,UAAU,EAAE;AAEhE,cAAI,mBAAmB;AACnB,kBAAM,QAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,iBAAiB,QAAQ,IAAI;AAEjF,kBAAM,QAAQ,MAAM,KAAK,KAAK;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,YACJ,CAAC;AAED,gBAAI,MAAM,WAAW,GAAG;AACpB,oBAAM,IAAI,aAAa;AAAA,YAC3B;AAEA,mBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AAEA,iBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC3D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC9D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AAEA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,MAAM;AAG1C,cAAI,KAAK,UAAU;AACf,uBAAW,SAAS,QAAQ;AACxB,yBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,sBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,oBAAI,OAAO,aAAa,YAAY;AAChC,wBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,gBAClE,OAAO;AACH,wBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,gBACtC;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEA,iBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC9D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC9D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC7D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,QAAQ,OAAO,QAAQ,IAAI;AAEnE,iBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7D;AAAA,QAEA,MAAM,WAAW,oBAAoB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AACtE,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UACjE;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,YAAY,OAAO,QAAQ,IAAI;AAEvE,iBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QACjE;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ,CAAC;AACL;AAEA,eAAe,gBAAgB,KAA0B,MAAM,OAAO,MAAM;AACxE,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,UAAU,sBAAsB,GAAG;AAEzC,UAAQ,SAAS,CAAC;AAElB,MAAI,OAAO,SAAS,UAAU;AAC1B,UAAM,EAAE,OAAO,IAAI;AAGnB,QAAI,QAAQ;AACR,iBAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACnC,cAAM,UAAU,OAAO,GAAG;AAC1B,YAAI,OAAO,YAAY,UAAU;AAE7B,gBAAM,GAAG,IAAI;AAAA,YACT,IAAI,QAAQ,KAAK,OAAO;AAAA,UAC5B;AAAA,QACJ,OAAO;AAKH,qBAAW,aAAa,OAAO,KAAK,OAAO,GAAG;AAC1C,kBAAM,SAAS,QAAQ,SAAS;AAChC,kBAAM,GAAG,IAAI;AAAA,cACT,CAAC,SAAS,GAAG,QAAQ,KAAK,MAAM;AAAA,YACpC;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS,YAAY;AACnC,YAAQ,MAAM,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC;AAAA,EAC3C;AACA,SAAO;AACX;AAEA,eAAe,uBAAuB,KAA0B,OAA2B,SAAiB,eAAuB,aAAa,OAAO;AACnJ,QAAM,UAAU,sBAAsB,GAAG;AACzC,QAAM,QAAQ,yBAAyB;AACvC,QAAM,QAAQ,SAAS,SAAS,SAAS,eAAe,UAAU;AAClE,QAAM,OAAO,kBAAS,OAAO,KAAK;AAClC,MAAI,CAAC,MAAM;AACP,QAAI,MAAM,QAAQ,IAAI,KAAK,EAAE,OAAO,MAAM,GAAG,mBAAmB;AAChE,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,MAAI,MAAM,QAAQ,IAAI,MAAM,EAAE,OAAO,KAAK,GAAG,YAAY;AACzD,SAAO;AACX;AAEA,SAAS,oBAAoB,MAAM,QAAQ;AACvC,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,eAAW,SAAS,QAAQ;AACxB,UAAI,CAAC,eAAe,SAAS,KAAK,GAAG;AACjC,cAAM,IAAI,kBAAkB,KAAK;AAAA,MACrC;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAM,iBAAiB,CAAC,QAAQ,mBAAmB;AAC/C,aAAW,SAAS,QAAQ;AACxB,UAAM,cAAc,OAAO,KAAK,KAAK;AACrC,eAAW,cAAc,aAAa;AAClC,UAAI,CAAC,eAAe,SAAS,UAAU,GAAG;AACtC,cAAM,IAAI,kBAAkB,UAAU;AAAA,MAC1C;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,SAAS,yBAAyB,MAAM,QAAQ;AAC5C,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,QAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AAExB,qBAAe,CAAC,MAAM,GAAG,cAAc;AAAA,IAC3C,OAAO;AAEH,qBAAe,QAAQ,cAAc;AAAA,IACzC;AAAA,EACJ;AACJ;AAEA,SAAS,gCAAgC,MAAc,OAAO;AAE1D,QAAM,kBACF,OAAO,OAAO,KAAK,MAAM,EACpB,OAAO,OAAM,CAAC,EAAE,cAAc,CAAC,EAAE,UAAW,EAC5C,IAAI,CAAC,EAAE,UAAU,MAAO,SAAU;AAE3C,aAAW,QAAQ,OAAO;AACtB,UAAM,EAAE,QAAQ,KAAK,IAAI;AACzB,QAAI,QAAQ,KAAK,QAAQ;AACrB,YAAM,SAAS,KAAK;AACpB,iBAAW,UAAU,iBAAiB;AAClC,YAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC1B,gBAAM,IAAI,wBAAwB,QAAQ,MAAM;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAO,oBAAQ,sBAAAC,SAAG,MAAM,EAAE,MAAM,8BAA8B,CAAC;","names":["createError","fastifyLogto","rules","fp"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/utils/find-rule.ts","../src/utils/utils.ts","../src/utils/errors.ts"],"sourcesContent":["import fp from 'fastify-plugin'\nimport * as fastifyUser from 'fastify-user'\n\nimport findRule from './utils/find-rule.js'\nimport { getRequestFromContext, getRoles } from './utils/utils.js'\nimport { Unauthorized, UnauthorizedField, MissingNotNullableError } from './utils/errors.js'\nimport fastifyLogto from '@albirex/fastify-logto';\nimport { FastifyInstance, FastifyPluginAsync } from 'fastify'\nimport type { FastifyUserPluginOptions } from 'fastify-user';\nimport type { Entity, PlatformaticContext } from '@platformatic/sql-mapper'\nexport { fastifyLogto } from '@albirex/fastify-logto';\n\nconst PLT_ADMIN_ROLE = 'platformatic-admin'\n\nexport type PlatformaticRule = {\n role: string;\n entity?: string;\n entities?: string[];\n defaults?: Record<string, string>;\n checks?: boolean;\n find?: boolean;\n save?: boolean;\n delete?: boolean;\n\n};\n\nexport type PlatformaticLogtoAuthOptions = {\n logtoBaseUrl?: string;\n logtoAppId?: string;\n logtoAppSecret?: string;\n adminSecret?: string;\n rolePath?: string;\n roleKey?: string;\n userPath?: string;\n userKey?: string;\n anonymousRole?: string;\n allowAnonymous?: boolean;\n checks?: boolean;\n defaults?: boolean;\n jwtPlugin: FastifyUserPluginOptions\n};\n\nexport const platformaticLogto: FastifyPluginAsync<PlatformaticLogtoAuthOptions> = fp(async (app: FastifyInstance, opts: PlatformaticLogtoAuthOptions) => {\n app.register(fastifyLogto, {\n endpoint: opts.logtoBaseUrl || 'https://auth.example.com',\n appId: opts.logtoAppId || 'your-app-id',\n appSecret: opts.logtoAppSecret || 'your-app-secret',\n });\n\n await app.register(fastifyUser as unknown as FastifyPluginAsync, opts.jwtPlugin);\n\n const adminSecret = opts.adminSecret\n const roleKey = opts.rolePath || opts.roleKey || 'X-PLATFORMATIC-ROLE'\n const userKey = opts.userPath || opts.userKey || 'X-PLATFORMATIC-USER-ID'\n const isRolePath = !!opts.rolePath // if `true` the role is intepreted as path like `user.role`\n const anonymousRole = opts.anonymousRole || 'anonymous'\n\n async function composeLogToRules() {\n const rolesResp = await app.logto.callAPI('/api/roles?type=User', 'GET');\n\n if (!rolesResp.ok) {\n throw rolesResp;\n }\n\n const roles = await rolesResp.json();\n const rules: PlatformaticRule[] = [{\n role: anonymousRole,\n entities: Object.keys(app.platformatic.entities),\n find: opts.allowAnonymous,\n save: opts.allowAnonymous,\n delete: opts.allowAnonymous,\n }];\n\n for (const role of roles) {\n const scopesResp = await app.logto.callAPI(`/api/roles/${role.id}/scopes`, 'GET');\n\n if (!scopesResp.ok) {\n throw scopesResp;\n }\n\n const scopes = await scopesResp.json();\n\n for (const scope of scopes) {\n const roleName = role.name;\n // eslint-disable-next-line prefer-const\n let [scopeAction, entity] = scope.name.split(':');\n\n if (!app.platformatic.entities[entity]) {\n app.log.debug(`Unknown entity '${entity}' in authorization rule`)\n continue;\n }\n\n switch (scopeAction) {\n case 'create':\n scopeAction = 'save'\n break;\n case 'read':\n scopeAction = 'find'\n break;\n case 'update':\n scopeAction = 'updateMany'\n break;\n }\n\n const checkExists = rules.find(r => r.role === roleName && r.entity === entity);\n if (checkExists) {\n if (opts.checks) {\n checkExists[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n checkExists[scopeAction] = true;\n }\n } else {\n const newRule: PlatformaticRule = {\n role: roleName,\n entity,\n };\n\n if (opts.checks) {\n newRule[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n newRule[scopeAction] = true;\n }\n\n if (opts.defaults) {\n newRule.defaults = {\n userId: userKey\n };\n }\n\n rules.push(newRule);\n }\n }\n }\n\n const logRules = rules.reduce((prev, curr) => {\n (prev[curr['role']] ??= []).push(curr);\n return prev;\n }, {})\n\n for (const key in logRules) {\n app.log.info(`Rules set for role ${key}`);\n\n for (const element of logRules[key]) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { entity, entities, role, ...other } = element;\n app.log.info(`\\t${entity ?? entities.join(',')}: ${JSON.stringify(other)}`);\n }\n }\n\n const missingEntities = Object.keys(app.platformatic.entities).filter((e) => !rules.map((r) => r.entity).includes(e));\n\n if (missingEntities.length) {\n app.log.warn(`Missing rules for entities: ${missingEntities.join(', ')}`);\n }\n\n app.log.debug('LogTo calculated rules');\n app.log.debug(rules);\n return rules;\n }\n\n app.decorateRequest('setupDBAuthorizationUser', setupUser)\n\n async function setupUser() {\n // if (!adminSecret) {\n await this.extractUser()\n // }\n\n let forceAdminRole = false\n if (adminSecret && this.headers['x-platformatic-admin-secret'] === adminSecret) {\n if (opts.jwtPlugin.jwt) {\n forceAdminRole = true\n } else {\n this.log.info('admin secret is valid')\n this.user = new Proxy(this.headers, {\n get: (target, key) => {\n let value;\n if (!target[key.toString()]) {\n const newKey = key.toString().toLowerCase()\n value = target[newKey]\n } else {\n value = target[key.toString()]\n }\n\n if (!value && key.toString().toLowerCase() === roleKey.toLowerCase()) {\n value = PLT_ADMIN_ROLE\n }\n return value\n },\n })\n }\n }\n\n if (forceAdminRole) {\n // We replace just the role in `request.user`, all the rest is untouched\n this.user = {\n // ...request.user,\n [roleKey]: PLT_ADMIN_ROLE,\n }\n }\n }\n\n app.addHook('onReady', async function () {\n const rules = await composeLogToRules();\n\n // TODO validate that there is at most a rule for a given role\n const entityRules = {};\n for (let i = 0; i < rules.length; i++) {\n const rule = rules[i]\n\n let ruleEntities = null\n if (rule.entity) {\n ruleEntities = [rule.entity]\n } else if (rule.entities) {\n ruleEntities = [...rule.entities]\n } else {\n throw new Error(`Missing entity in authorization rule ${i}`)\n }\n\n for (const ruleEntity of ruleEntities) {\n const newRule = { ...rule, entity: ruleEntity, entities: undefined }\n if (!app.platformatic.entities[newRule.entity]) {\n throw new Error(`Unknown entity '${ruleEntity}' in authorization rule ${i}`)\n }\n\n if (!entityRules[ruleEntity]) {\n entityRules[ruleEntity] = []\n }\n entityRules[ruleEntity].push(newRule)\n }\n }\n\n for (const entityKey of Object.keys(app.platformatic.entities)) {\n const rules = entityRules[entityKey] || []\n const type = app.platformatic.entities[entityKey]\n\n // We have subscriptions!\n let userPropToFillForPublish\n const topicsWithoutChecks = false\n\n // mqtt\n // if (app.platformatic.mq) {\n // for (const rule of rules) {\n // const checks = rule.find?.checks\n // if (typeof checks !== 'object') {\n // topicsWithoutChecks = !!rule.find\n // continue\n // }\n // const keys = Object.keys(checks)\n // if (keys.length !== 1) {\n // throw new Error(`Subscription requires that the role \"${rule.role}\" has only one check in the find rule for entity \"${rule.entity}\"`)\n // }\n // const key = keys[0]\n\n // const val = typeof checks[key] === 'object' ? checks[key].eq : checks[key]\n // if (userPropToFillForPublish && userPropToFillForPublish.val !== val) {\n // throw new Error('Unable to configure subscriptions and authorization due to multiple check clauses in find')\n // }\n // userPropToFillForPublish = { key, val }\n // }\n // }\n\n if (userPropToFillForPublish && topicsWithoutChecks) {\n throw new Error(`Subscription for entity \"${entityKey}\" have conflictling rules across roles`)\n }\n\n // MUST set this after doing the security checks on the subscriptions\n if (adminSecret) {\n rules.push({\n role: PLT_ADMIN_ROLE,\n find: true,\n save: true,\n delete: true,\n })\n }\n\n // If we have `fields` in save rules, we need to check if all the not-nullable\n // fields are specified\n checkSaveMandatoryFieldsInRules(type, rules)\n\n function useOriginal(ctx: PlatformaticContext) {\n return !ctx\n }\n\n app.platformatic.addEntityHooks(entityKey, {\n async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {\n if (useOriginal(ctx)) {\n return originalFind({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields))\n where = await fromRuleToWhere(ctx, rule.find, where, request.user)\n\n return originalFind({ ...restOpts, where, ctx, fields })\n },\n async save(originalSave, { input, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalSave({ ctx, input, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, input)\n\n if (rule.defaults) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n\n const hasAllPrimaryKeys = input[type.primaryKey] !== undefined;\n const whereConditions = {}\n whereConditions[type.primaryKey] = { eq: input[type.primaryKey] }\n\n if (hasAllPrimaryKeys) {\n const where = await fromRuleToWhere(ctx, rule.save, whereConditions, request.user)\n\n const found = await type.find({\n where,\n ctx,\n fields,\n })\n\n if (found.length === 0) {\n throw new Unauthorized()\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n },\n\n async insert(originalInsert, { inputs, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, inputs)\n\n /* istanbul ignore else */\n if (rule.defaults) {\n for (const input of inputs) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n }\n\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n },\n\n async delete(originalDelete, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalDelete({ where, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.delete, where, request.user)\n\n return originalDelete({ where, ctx, fields, ...restOpts })\n },\n\n async updateMany(originalUpdateMany, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user)\n\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n },\n })\n }\n })\n}, { name: '@albirex/platformatic-logto' });\n\nasync function fromRuleToWhere(ctx: PlatformaticContext, rule, where, user) {\n if (!rule) {\n throw new Unauthorized()\n }\n const request = getRequestFromContext(ctx)\n /* istanbul ignore next */\n where = where || {}\n\n if (typeof rule === 'object') {\n const { checks } = rule\n\n /* istanbul ignore else */\n if (checks) {\n for (const key of Object.keys(checks)) {\n const clauses = checks[key]\n if (typeof clauses === 'string') {\n // case: \"userId\": \"X-PLATFORMATIC-USER-ID\"\n where[key] = {\n eq: request.user[clauses],\n }\n } else {\n // case:\n // userId: {\n // eq: 'X-PLATFORMATIC-USER-ID'\n // }\n for (const clauseKey of Object.keys(clauses)) {\n const clause = clauses[clauseKey]\n where[key] = {\n [clauseKey]: request.user[clause],\n }\n }\n }\n }\n }\n } else if (typeof rule === 'function') {\n where = await rule({ user, ctx, where })\n }\n return where\n}\n\nasync function findRuleForRequestUser(ctx: PlatformaticContext, rules: PlatformaticRule[], roleKey: string, anonymousRole: string, isRolePath = false) {\n const request = getRequestFromContext(ctx)\n await request.setupDBAuthorizationUser()\n const roles = getRoles(request, roleKey, anonymousRole, isRolePath)\n const rule = findRule(rules, roles)\n if (!rule) {\n ctx.reply.request.log.warn({ roles, rules }, 'no rule for roles')\n throw new Unauthorized()\n }\n ctx.reply.request.log.trace({ roles, rule }, 'found rule')\n return rule\n}\n\nfunction checkFieldsFromRule(rule, fields) {\n if (!rule) {\n throw new Unauthorized()\n }\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n for (const field of fields) {\n if (!fieldsFromRule.includes(field)) {\n throw new UnauthorizedField(field)\n }\n }\n }\n}\n\nconst validateInputs = (inputs, fieldsFromRule) => {\n for (const input of inputs) {\n const inputFields = Object.keys(input)\n for (const inputField of inputFields) {\n if (!fieldsFromRule.includes(inputField)) {\n throw new UnauthorizedField(inputField)\n }\n }\n }\n}\n\nfunction checkInputFromRuleFields(rule, inputs) {\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n if (!Array.isArray(inputs)) {\n // save\n validateInputs([inputs], fieldsFromRule)\n } else {\n // insert\n validateInputs(inputs, fieldsFromRule)\n }\n }\n}\n\nfunction checkSaveMandatoryFieldsInRules(type: Entity, rules) {\n // List of not nullable, not PKs field to validate save/insert when allowed fields are specified on the rule\n const mandatoryFields =\n Object.values(type.fields)\n .filter(k => (!k.isNullable && !k.primaryKey))\n .map(({ camelcase }) => (camelcase))\n\n for (const rule of rules) {\n const { entity, save } = rule\n if (save && save.fields) {\n const fields = save.fields\n for (const mField of mandatoryFields) {\n if (!fields.includes(mField)) {\n throw new MissingNotNullableError(mField, entity)\n }\n }\n }\n }\n}\n\nexport default platformaticLogto;\n","'use strict'\n\nimport { PlatformaticRule } from '../index.js'\n\nfunction findRule(rules: PlatformaticRule[], roles: string[]) {\n let found = null\n for (const rule of rules) {\n for (const role of roles) {\n if (rule.role === role) {\n found = rule\n break\n }\n }\n if (found) {\n break\n }\n }\n return found\n}\n\nexport default findRule\n","'use strict'\n\nexport function getRequestFromContext (ctx) {\n if (ctx && !ctx.reply) {\n throw new Error('Missing reply in context. You should call this function with { ctx: { reply }}')\n }\n return ctx.reply.request\n}\n\nexport function getRoles (request, roleKey, anonymousRole, isRolePath = false) {\n let output = []\n const user = request.user\n if (!user) {\n output.push(anonymousRole)\n return output\n }\n\n let rolesRaw\n if (isRolePath) {\n const roleKeys = roleKey.split('.')\n rolesRaw = user\n for (const key of roleKeys) {\n rolesRaw = rolesRaw[key]\n }\n } else {\n rolesRaw = user[roleKey]\n }\n\n if (typeof rolesRaw === 'string') {\n output = rolesRaw.split(',')\n } else if (Array.isArray(rolesRaw)) {\n output = rolesRaw\n }\n if (output.length === 0) {\n output.push(anonymousRole)\n }\n\n return output\n}\n","'use strict'\n\nimport createError from '@fastify/error'\n\nconst ERROR_PREFIX = 'PLT_DB_AUTH'\n\nexport const Unauthorized = createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401)\nexport const UnauthorizedField = createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401)\nexport const MissingNotNullableError = createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`, 'missing not nullable field: \"%s\" in save rule for entity \"%s\"')\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAe;AACf,kBAA6B;;;ACG7B,SAAS,SAAS,OAA2B,OAAiB;AAC5D,MAAI,QAAQ;AACZ,aAAW,QAAQ,OAAO;AACxB,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,MAAM;AACtB,gBAAQ;AACR;AAAA,MACF;AAAA,IACF;AACA,QAAI,OAAO;AACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAO,oBAAQ;;;AClBR,SAAS,sBAAuB,KAAK;AAC1C,MAAI,OAAO,CAAC,IAAI,OAAO;AACrB,UAAM,IAAI,MAAM,gFAAgF;AAAA,EAClG;AACA,SAAO,IAAI,MAAM;AACnB;AAEO,SAAS,SAAU,SAAS,SAAS,eAAe,aAAa,OAAO;AAC7E,MAAI,SAAS,CAAC;AACd,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM;AACT,WAAO,KAAK,aAAa;AACzB,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI,YAAY;AACd,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,eAAW;AACX,eAAW,OAAO,UAAU;AAC1B,iBAAW,SAAS,GAAG;AAAA,IACzB;AAAA,EACF,OAAO;AACL,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,MAAI,OAAO,aAAa,UAAU;AAChC,aAAS,SAAS,MAAM,GAAG;AAAA,EAC7B,WAAW,MAAM,QAAQ,QAAQ,GAAG;AAClC,aAAS;AAAA,EACX;AACA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,KAAK,aAAa;AAAA,EAC3B;AAEA,SAAO;AACT;;;ACpCA,mBAAwB;AAExB,IAAM,eAAe;AAEd,IAAM,mBAAe,aAAAA,SAAY,GAAG,YAAY,iBAAiB,yBAAyB,GAAG;AAC7F,IAAM,wBAAoB,aAAAA,SAAY,GAAG,YAAY,uBAAuB,yBAAyB,GAAG;AACxG,IAAM,8BAA0B,aAAAA,SAAY,GAAG,YAAY,yBAAyB,+DAA+D;;;AHF1J,2BAAyB;AAIzB,IAAAC,wBAA6B;AAE7B,IAAM,iBAAiB;AA8BhB,IAAM,wBAAsE,sBAAAC,SAAG,OAAO,KAAsB,SAAuC;AACtJ,MAAI,SAAS,qBAAAC,SAAc;AAAA,IACvB,UAAU,KAAK,gBAAgB;AAAA,IAC/B,OAAO,KAAK,cAAc;AAAA,IAC1B,WAAW,KAAK,kBAAkB;AAAA,EACtC,CAAC;AAED,QAAM,IAAI,SAAS,aAA8C,KAAK,SAAS;AAE/E,QAAM,cAAc,KAAK;AACzB,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,aAAa,CAAC,CAAC,KAAK;AAC1B,QAAM,gBAAgB,KAAK,iBAAiB;AAE5C,iBAAe,oBAAoB;AAC/B,UAAM,YAAY,MAAM,IAAI,MAAM,QAAQ,wBAAwB,KAAK;AAEvE,QAAI,CAAC,UAAU,IAAI;AACf,YAAM;AAAA,IACV;AAEA,UAAM,QAAQ,MAAM,UAAU,KAAK;AACnC,UAAM,QAA4B,CAAC;AAAA,MAC/B,MAAM;AAAA,MACN,UAAU,OAAO,KAAK,IAAI,aAAa,QAAQ;AAAA,MAC/C,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACjB,CAAC;AAED,eAAW,QAAQ,OAAO;AACtB,YAAM,aAAa,MAAM,IAAI,MAAM,QAAQ,cAAc,KAAK,EAAE,WAAW,KAAK;AAEhF,UAAI,CAAC,WAAW,IAAI;AAChB,cAAM;AAAA,MACV;AAEA,YAAM,SAAS,MAAM,WAAW,KAAK;AAErC,iBAAW,SAAS,QAAQ;AACxB,cAAM,WAAW,KAAK;AAEtB,YAAI,CAAC,aAAa,MAAM,IAAI,MAAM,KAAK,MAAM,GAAG;AAEhD,YAAI,CAAC,IAAI,aAAa,SAAS,MAAM,GAAG;AACpC,cAAI,IAAI,MAAM,mBAAmB,MAAM,yBAAyB;AAChE;AAAA,QACJ;AAEA,gBAAQ,aAAa;AAAA,UACjB,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,QACR;AAEA,cAAM,cAAc,MAAM,KAAK,OAAK,EAAE,SAAS,YAAY,EAAE,WAAW,MAAM;AAC9E,YAAI,aAAa;AACb,cAAI,KAAK,QAAQ;AACb,wBAAY,WAAW,IAAI;AAAA,cACvB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,wBAAY,WAAW,IAAI;AAAA,UAC/B;AAAA,QACJ,OAAO;AACH,gBAAM,UAA4B;AAAA,YAC9B,MAAM;AAAA,YACN;AAAA,UACJ;AAEA,cAAI,KAAK,QAAQ;AACb,oBAAQ,WAAW,IAAI;AAAA,cACnB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,oBAAQ,WAAW,IAAI;AAAA,UAC3B;AAEA,cAAI,KAAK,UAAU;AACf,oBAAQ,WAAW;AAAA,cACf,QAAQ;AAAA,YACZ;AAAA,UACJ;AAEA,gBAAM,KAAK,OAAO;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,WAAW,MAAM,OAAO,CAAC,MAAM,SAAS;AAC1C,OAAC,KAAK,KAAK,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI;AACrC,aAAO;AAAA,IACX,GAAG,CAAC,CAAC;AAEL,eAAW,OAAO,UAAU;AACxB,UAAI,IAAI,KAAK,sBAAsB,GAAG,EAAE;AAExC,iBAAW,WAAW,SAAS,GAAG,GAAG;AAEjC,cAAM,EAAE,QAAQ,UAAU,MAAM,GAAG,MAAM,IAAI;AAC7C,YAAI,IAAI,KAAK,IAAK,UAAU,SAAS,KAAK,GAAG,CAAC,KAAK,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,MAC9E;AAAA,IACJ;AAEA,UAAM,kBAAkB,OAAO,KAAK,IAAI,aAAa,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEpH,QAAI,gBAAgB,QAAQ;AACxB,UAAI,IAAI,KAAK,+BAA+B,gBAAgB,KAAK,IAAI,CAAC,EAAE;AAAA,IAC5E;AAEA,QAAI,IAAI,MAAM,wBAAwB;AACtC,QAAI,IAAI,MAAM,KAAK;AACnB,WAAO;AAAA,EACX;AAEA,MAAI,gBAAgB,4BAA4B,SAAS;AAEzD,iBAAe,YAAY;AAEvB,UAAM,KAAK,YAAY;AAGvB,QAAI,iBAAiB;AACrB,QAAI,eAAe,KAAK,QAAQ,6BAA6B,MAAM,aAAa;AAC5E,UAAI,KAAK,UAAU,KAAK;AACpB,yBAAiB;AAAA,MACrB,OAAO;AACH,aAAK,IAAI,KAAK,uBAAuB;AACrC,aAAK,OAAO,IAAI,MAAM,KAAK,SAAS;AAAA,UAChC,KAAK,CAAC,QAAQ,QAAQ;AAClB,gBAAI;AACJ,gBAAI,CAAC,OAAO,IAAI,SAAS,CAAC,GAAG;AACzB,oBAAM,SAAS,IAAI,SAAS,EAAE,YAAY;AAC1C,sBAAQ,OAAO,MAAM;AAAA,YACzB,OAAO;AACH,sBAAQ,OAAO,IAAI,SAAS,CAAC;AAAA,YACjC;AAEA,gBAAI,CAAC,SAAS,IAAI,SAAS,EAAE,YAAY,MAAM,QAAQ,YAAY,GAAG;AAClE,sBAAQ;AAAA,YACZ;AACA,mBAAO;AAAA,UACX;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAEA,QAAI,gBAAgB;AAEhB,WAAK,OAAO;AAAA;AAAA,QAER,CAAC,OAAO,GAAG;AAAA,MACf;AAAA,IACJ;AAAA,EACJ;AAEA,MAAI,QAAQ,WAAW,iBAAkB;AACrC,UAAM,QAAQ,MAAM,kBAAkB;AAGtC,UAAM,cAAc,CAAC;AACrB,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACnC,YAAM,OAAO,MAAM,CAAC;AAEpB,UAAI,eAAe;AACnB,UAAI,KAAK,QAAQ;AACb,uBAAe,CAAC,KAAK,MAAM;AAAA,MAC/B,WAAW,KAAK,UAAU;AACtB,uBAAe,CAAC,GAAG,KAAK,QAAQ;AAAA,MACpC,OAAO;AACH,cAAM,IAAI,MAAM,wCAAwC,CAAC,EAAE;AAAA,MAC/D;AAEA,iBAAW,cAAc,cAAc;AACnC,cAAM,UAAU,EAAE,GAAG,MAAM,QAAQ,YAAY,UAAU,OAAU;AACnE,YAAI,CAAC,IAAI,aAAa,SAAS,QAAQ,MAAM,GAAG;AAC5C,gBAAM,IAAI,MAAM,mBAAmB,UAAU,2BAA2B,CAAC,EAAE;AAAA,QAC/E;AAEA,YAAI,CAAC,YAAY,UAAU,GAAG;AAC1B,sBAAY,UAAU,IAAI,CAAC;AAAA,QAC/B;AACA,oBAAY,UAAU,EAAE,KAAK,OAAO;AAAA,MACxC;AAAA,IACJ;AAEA,eAAW,aAAa,OAAO,KAAK,IAAI,aAAa,QAAQ,GAAG;AAgD5D,UAAS,cAAT,SAAqB,KAA0B;AAC3C,eAAO,CAAC;AAAA,MACZ;AAjDA,YAAMC,SAAQ,YAAY,SAAS,KAAK,CAAC;AACzC,YAAM,OAAO,IAAI,aAAa,SAAS,SAAS;AAGhD,UAAI;AACJ,YAAM,sBAAsB;AAwB5B,UAAI,4BAA4B,qBAAqB;AACjD,cAAM,IAAI,MAAM,4BAA4B,SAAS,wCAAwC;AAAA,MACjG;AAGA,UAAI,aAAa;AACb,QAAAA,OAAM,KAAK;AAAA,UACP,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,QACZ,CAAC;AAAA,MACL;AAIA,sCAAgC,MAAMA,MAAK;AAM3C,UAAI,aAAa,eAAe,WAAW;AAAA,QACvC,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,IAAI,CAAC,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AACxF,8BAAoB,KAAK,MAAM,UAAU,OAAO,KAAK,IAAI,aAAa,SAAS,SAAS,EAAE,MAAM,CAAC;AACjG,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,OAAO,QAAQ,IAAI;AAEjE,iBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QAC3D;AAAA,QACA,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC1D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,KAAK,OAAO,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AACA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,KAAK;AAEzC,cAAI,KAAK,UAAU;AACf,uBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,oBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,kBAAI,OAAO,aAAa,YAAY;AAChC,sBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,cAClE,OAAO;AACH,sBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,cACtC;AAAA,YACJ;AAAA,UACJ;AAEA,gBAAM,oBAAoB,MAAM,KAAK,UAAU,MAAM;AACrD,gBAAM,kBAAkB,CAAC;AACzB,0BAAgB,KAAK,UAAU,IAAI,EAAE,IAAI,MAAM,KAAK,UAAU,EAAE;AAEhE,cAAI,mBAAmB;AACnB,kBAAM,QAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,iBAAiB,QAAQ,IAAI;AAEjF,kBAAM,QAAQ,MAAM,KAAK,KAAK;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,YACJ,CAAC;AAED,gBAAI,MAAM,WAAW,GAAG;AACpB,oBAAM,IAAI,aAAa;AAAA,YAC3B;AAEA,mBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AAEA,iBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC3D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC9D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AAEA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,MAAM;AAG1C,cAAI,KAAK,UAAU;AACf,uBAAW,SAAS,QAAQ;AACxB,yBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,sBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,oBAAI,OAAO,aAAa,YAAY;AAChC,wBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,gBAClE,OAAO;AACH,wBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,gBACtC;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEA,iBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC9D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC9D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC7D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,QAAQ,OAAO,QAAQ,IAAI;AAEnE,iBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7D;AAAA,QAEA,MAAM,WAAW,oBAAoB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AACtE,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UACjE;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,YAAY,OAAO,QAAQ,IAAI;AAEvE,iBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QACjE;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ,CAAC;AACL,GAAG,EAAE,MAAM,8BAA8B,CAAC;AAE1C,eAAe,gBAAgB,KAA0B,MAAM,OAAO,MAAM;AACxE,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,UAAU,sBAAsB,GAAG;AAEzC,UAAQ,SAAS,CAAC;AAElB,MAAI,OAAO,SAAS,UAAU;AAC1B,UAAM,EAAE,OAAO,IAAI;AAGnB,QAAI,QAAQ;AACR,iBAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACnC,cAAM,UAAU,OAAO,GAAG;AAC1B,YAAI,OAAO,YAAY,UAAU;AAE7B,gBAAM,GAAG,IAAI;AAAA,YACT,IAAI,QAAQ,KAAK,OAAO;AAAA,UAC5B;AAAA,QACJ,OAAO;AAKH,qBAAW,aAAa,OAAO,KAAK,OAAO,GAAG;AAC1C,kBAAM,SAAS,QAAQ,SAAS;AAChC,kBAAM,GAAG,IAAI;AAAA,cACT,CAAC,SAAS,GAAG,QAAQ,KAAK,MAAM;AAAA,YACpC;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS,YAAY;AACnC,YAAQ,MAAM,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC;AAAA,EAC3C;AACA,SAAO;AACX;AAEA,eAAe,uBAAuB,KAA0B,OAA2B,SAAiB,eAAuB,aAAa,OAAO;AACnJ,QAAM,UAAU,sBAAsB,GAAG;AACzC,QAAM,QAAQ,yBAAyB;AACvC,QAAM,QAAQ,SAAS,SAAS,SAAS,eAAe,UAAU;AAClE,QAAM,OAAO,kBAAS,OAAO,KAAK;AAClC,MAAI,CAAC,MAAM;AACP,QAAI,MAAM,QAAQ,IAAI,KAAK,EAAE,OAAO,MAAM,GAAG,mBAAmB;AAChE,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,MAAI,MAAM,QAAQ,IAAI,MAAM,EAAE,OAAO,KAAK,GAAG,YAAY;AACzD,SAAO;AACX;AAEA,SAAS,oBAAoB,MAAM,QAAQ;AACvC,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,eAAW,SAAS,QAAQ;AACxB,UAAI,CAAC,eAAe,SAAS,KAAK,GAAG;AACjC,cAAM,IAAI,kBAAkB,KAAK;AAAA,MACrC;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAM,iBAAiB,CAAC,QAAQ,mBAAmB;AAC/C,aAAW,SAAS,QAAQ;AACxB,UAAM,cAAc,OAAO,KAAK,KAAK;AACrC,eAAW,cAAc,aAAa;AAClC,UAAI,CAAC,eAAe,SAAS,UAAU,GAAG;AACtC,cAAM,IAAI,kBAAkB,UAAU;AAAA,MAC1C;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,SAAS,yBAAyB,MAAM,QAAQ;AAC5C,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,QAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AAExB,qBAAe,CAAC,MAAM,GAAG,cAAc;AAAA,IAC3C,OAAO;AAEH,qBAAe,QAAQ,cAAc;AAAA,IACzC;AAAA,EACJ;AACJ;AAEA,SAAS,gCAAgC,MAAc,OAAO;AAE1D,QAAM,kBACF,OAAO,OAAO,KAAK,MAAM,EACpB,OAAO,OAAM,CAAC,EAAE,cAAc,CAAC,EAAE,UAAW,EAC5C,IAAI,CAAC,EAAE,UAAU,MAAO,SAAU;AAE3C,aAAW,QAAQ,OAAO;AACtB,UAAM,EAAE,QAAQ,KAAK,IAAI;AACzB,QAAI,QAAQ,KAAK,QAAQ;AACrB,YAAM,SAAS,KAAK;AACpB,iBAAW,UAAU,iBAAiB;AAClC,YAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC1B,gBAAM,IAAI,wBAAwB,QAAQ,MAAM;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAO,gBAAQ;","names":["createError","import_fastify_logto","fp","fastifyLogto","rules"]}
package/lib/index.d.cts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { FastifyPluginAsync } from 'fastify';
2
2
  import { FastifyUserPluginOptions } from 'fastify-user';
3
+ export { fastifyLogto } from '@albirex/fastify-logto';
3
4
 
4
5
  type PlatformaticRule = {
5
6
  role: string;
@@ -26,6 +27,6 @@ type PlatformaticLogtoAuthOptions = {
26
27
  defaults?: boolean;
27
28
  jwtPlugin: FastifyUserPluginOptions;
28
29
  };
29
- declare const _default: FastifyPluginAsync<PlatformaticLogtoAuthOptions>;
30
+ declare const platformaticLogto: FastifyPluginAsync<PlatformaticLogtoAuthOptions>;
30
31
 
31
- export { type PlatformaticLogtoAuthOptions, type PlatformaticRule, _default as default };
32
+ export { type PlatformaticLogtoAuthOptions, type PlatformaticRule, platformaticLogto as default, platformaticLogto };
package/lib/index.d.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { FastifyPluginAsync } from 'fastify';
2
2
  import { FastifyUserPluginOptions } from 'fastify-user';
3
+ export { fastifyLogto } from '@albirex/fastify-logto';
3
4
 
4
5
  type PlatformaticRule = {
5
6
  role: string;
@@ -26,6 +27,6 @@ type PlatformaticLogtoAuthOptions = {
26
27
  defaults?: boolean;
27
28
  jwtPlugin: FastifyUserPluginOptions;
28
29
  };
29
- declare const _default: FastifyPluginAsync<PlatformaticLogtoAuthOptions>;
30
+ declare const platformaticLogto: FastifyPluginAsync<PlatformaticLogtoAuthOptions>;
30
31
 
31
- export { type PlatformaticLogtoAuthOptions, type PlatformaticRule, _default as default };
32
+ export { type PlatformaticLogtoAuthOptions, type PlatformaticRule, platformaticLogto as default, platformaticLogto };
package/lib/index.js CHANGED
@@ -64,8 +64,9 @@ var MissingNotNullableError = createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`
64
64
 
65
65
  // src/index.ts
66
66
  import fastifyLogto from "@albirex/fastify-logto";
67
+ import { fastifyLogto as fastifyLogto2 } from "@albirex/fastify-logto";
67
68
  var PLT_ADMIN_ROLE = "platformatic-admin";
68
- var auth = async (app, opts) => {
69
+ var platformaticLogto = fp(async (app, opts) => {
69
70
  app.register(fastifyLogto, {
70
71
  endpoint: opts.logtoBaseUrl || "https://auth.example.com",
71
72
  appId: opts.logtoAppId || "your-app-id",
@@ -339,7 +340,7 @@ var auth = async (app, opts) => {
339
340
  });
340
341
  }
341
342
  });
342
- };
343
+ }, { name: "@albirex/platformatic-logto" });
343
344
  async function fromRuleToWhere(ctx, rule, where, user) {
344
345
  if (!rule) {
345
346
  throw new Unauthorized();
@@ -429,8 +430,10 @@ function checkSaveMandatoryFieldsInRules(type, rules) {
429
430
  }
430
431
  }
431
432
  }
432
- var index_default = fp(auth, { name: "@albirex/platformatic-logto" });
433
+ var index_default = platformaticLogto;
433
434
  export {
434
- index_default as default
435
+ index_default as default,
436
+ fastifyLogto2 as fastifyLogto,
437
+ platformaticLogto
435
438
  };
436
439
  //# sourceMappingURL=index.js.map
package/lib/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/utils/find-rule.ts","../src/utils/utils.ts","../src/utils/errors.ts"],"sourcesContent":["import fp from 'fastify-plugin'\nimport * as fastifyUser from 'fastify-user'\n\nimport findRule from './utils/find-rule.js'\nimport { getRequestFromContext, getRoles } from './utils/utils.js'\nimport { Unauthorized, UnauthorizedField, MissingNotNullableError } from './utils/errors.js'\nimport fastifyLogto from '@albirex/fastify-logto';\nimport { FastifyInstance, FastifyPluginAsync } from 'fastify'\nimport type { FastifyUserPluginOptions } from 'fastify-user';\nimport type { Entity, PlatformaticContext } from '@platformatic/sql-mapper'\n\nconst PLT_ADMIN_ROLE = 'platformatic-admin'\n\nexport type PlatformaticRule = {\n role: string;\n entity?: string;\n entities?: string[];\n defaults?: Record<string, string>;\n checks?: boolean;\n find?: boolean;\n save?: boolean;\n delete?: boolean;\n\n};\n\nexport type PlatformaticLogtoAuthOptions = {\n logtoBaseUrl?: string;\n logtoAppId?: string;\n logtoAppSecret?: string;\n adminSecret?: string;\n rolePath?: string;\n roleKey?: string;\n userPath?: string;\n userKey?: string;\n anonymousRole?: string;\n allowAnonymous?: boolean;\n checks?: boolean;\n defaults?: boolean;\n jwtPlugin: FastifyUserPluginOptions\n};\n\nconst auth: FastifyPluginAsync<PlatformaticLogtoAuthOptions> = async (app: FastifyInstance, opts: PlatformaticLogtoAuthOptions) => {\n app.register(fastifyLogto, {\n endpoint: opts.logtoBaseUrl || 'https://auth.example.com',\n appId: opts.logtoAppId || 'your-app-id',\n appSecret: opts.logtoAppSecret || 'your-app-secret',\n });\n\n await app.register(fastifyUser as unknown as FastifyPluginAsync, opts.jwtPlugin);\n\n const adminSecret = opts.adminSecret\n const roleKey = opts.rolePath || opts.roleKey || 'X-PLATFORMATIC-ROLE'\n const userKey = opts.userPath || opts.userKey || 'X-PLATFORMATIC-USER-ID'\n const isRolePath = !!opts.rolePath // if `true` the role is intepreted as path like `user.role`\n const anonymousRole = opts.anonymousRole || 'anonymous'\n\n async function composeLogToRules() {\n const rolesResp = await app.logto.callAPI('/api/roles?type=User', 'GET');\n\n if (!rolesResp.ok) {\n throw rolesResp;\n }\n\n const roles = await rolesResp.json();\n const rules: PlatformaticRule[] = [{\n role: anonymousRole,\n entities: Object.keys(app.platformatic.entities),\n find: opts.allowAnonymous,\n save: opts.allowAnonymous,\n delete: opts.allowAnonymous,\n }];\n\n for (const role of roles) {\n const scopesResp = await app.logto.callAPI(`/api/roles/${role.id}/scopes`, 'GET');\n\n if (!scopesResp.ok) {\n throw scopesResp;\n }\n\n const scopes = await scopesResp.json();\n\n for (const scope of scopes) {\n const roleName = role.name;\n // eslint-disable-next-line prefer-const\n let [scopeAction, entity] = scope.name.split(':');\n\n if (!app.platformatic.entities[entity]) {\n app.log.debug(`Unknown entity '${entity}' in authorization rule`)\n continue;\n }\n\n switch (scopeAction) {\n case 'create':\n scopeAction = 'save'\n break;\n case 'read':\n scopeAction = 'find'\n break;\n case 'update':\n scopeAction = 'updateMany'\n break;\n }\n\n const checkExists = rules.find(r => r.role === roleName && r.entity === entity);\n if (checkExists) {\n if (opts.checks) {\n checkExists[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n checkExists[scopeAction] = true;\n }\n } else {\n const newRule: PlatformaticRule = {\n role: roleName,\n entity,\n };\n\n if (opts.checks) {\n newRule[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n newRule[scopeAction] = true;\n }\n\n if (opts.defaults) {\n newRule.defaults = {\n userId: userKey\n };\n }\n\n rules.push(newRule);\n }\n }\n }\n\n const logRules = rules.reduce((prev, curr) => {\n (prev[curr['role']] ??= []).push(curr);\n return prev;\n }, {})\n\n for (const key in logRules) {\n app.log.info(`Rules set for role ${key}`);\n\n for (const element of logRules[key]) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { entity, entities, role, ...other } = element;\n app.log.info(`\\t${entity ?? entities.join(',')}: ${JSON.stringify(other)}`);\n }\n }\n\n const missingEntities = Object.keys(app.platformatic.entities).filter((e) => !rules.map((r) => r.entity).includes(e));\n\n if (missingEntities.length) {\n app.log.warn(`Missing rules for entities: ${missingEntities.join(', ')}`);\n }\n\n app.log.debug('LogTo calculated rules');\n app.log.debug(rules);\n return rules;\n }\n\n app.decorateRequest('setupDBAuthorizationUser', setupUser)\n\n async function setupUser() {\n // if (!adminSecret) {\n await this.extractUser()\n // }\n\n let forceAdminRole = false\n if (adminSecret && this.headers['x-platformatic-admin-secret'] === adminSecret) {\n if (opts.jwtPlugin.jwt) {\n forceAdminRole = true\n } else {\n this.log.info('admin secret is valid')\n this.user = new Proxy(this.headers, {\n get: (target, key) => {\n let value;\n if (!target[key.toString()]) {\n const newKey = key.toString().toLowerCase()\n value = target[newKey]\n } else {\n value = target[key.toString()]\n }\n\n if (!value && key.toString().toLowerCase() === roleKey.toLowerCase()) {\n value = PLT_ADMIN_ROLE\n }\n return value\n },\n })\n }\n }\n\n if (forceAdminRole) {\n // We replace just the role in `request.user`, all the rest is untouched\n this.user = {\n // ...request.user,\n [roleKey]: PLT_ADMIN_ROLE,\n }\n }\n }\n\n app.addHook('onReady', async function () {\n const rules = await composeLogToRules();\n\n // TODO validate that there is at most a rule for a given role\n const entityRules = {};\n for (let i = 0; i < rules.length; i++) {\n const rule = rules[i]\n\n let ruleEntities = null\n if (rule.entity) {\n ruleEntities = [rule.entity]\n } else if (rule.entities) {\n ruleEntities = [...rule.entities]\n } else {\n throw new Error(`Missing entity in authorization rule ${i}`)\n }\n\n for (const ruleEntity of ruleEntities) {\n const newRule = { ...rule, entity: ruleEntity, entities: undefined }\n if (!app.platformatic.entities[newRule.entity]) {\n throw new Error(`Unknown entity '${ruleEntity}' in authorization rule ${i}`)\n }\n\n if (!entityRules[ruleEntity]) {\n entityRules[ruleEntity] = []\n }\n entityRules[ruleEntity].push(newRule)\n }\n }\n\n for (const entityKey of Object.keys(app.platformatic.entities)) {\n const rules = entityRules[entityKey] || []\n const type = app.platformatic.entities[entityKey]\n\n // We have subscriptions!\n let userPropToFillForPublish\n const topicsWithoutChecks = false\n\n // mqtt\n // if (app.platformatic.mq) {\n // for (const rule of rules) {\n // const checks = rule.find?.checks\n // if (typeof checks !== 'object') {\n // topicsWithoutChecks = !!rule.find\n // continue\n // }\n // const keys = Object.keys(checks)\n // if (keys.length !== 1) {\n // throw new Error(`Subscription requires that the role \"${rule.role}\" has only one check in the find rule for entity \"${rule.entity}\"`)\n // }\n // const key = keys[0]\n\n // const val = typeof checks[key] === 'object' ? checks[key].eq : checks[key]\n // if (userPropToFillForPublish && userPropToFillForPublish.val !== val) {\n // throw new Error('Unable to configure subscriptions and authorization due to multiple check clauses in find')\n // }\n // userPropToFillForPublish = { key, val }\n // }\n // }\n\n if (userPropToFillForPublish && topicsWithoutChecks) {\n throw new Error(`Subscription for entity \"${entityKey}\" have conflictling rules across roles`)\n }\n\n // MUST set this after doing the security checks on the subscriptions\n if (adminSecret) {\n rules.push({\n role: PLT_ADMIN_ROLE,\n find: true,\n save: true,\n delete: true,\n })\n }\n\n // If we have `fields` in save rules, we need to check if all the not-nullable\n // fields are specified\n checkSaveMandatoryFieldsInRules(type, rules)\n\n function useOriginal(ctx: PlatformaticContext) {\n return !ctx\n }\n\n app.platformatic.addEntityHooks(entityKey, {\n async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {\n if (useOriginal(ctx)) {\n return originalFind({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields))\n where = await fromRuleToWhere(ctx, rule.find, where, request.user)\n\n return originalFind({ ...restOpts, where, ctx, fields })\n },\n async save(originalSave, { input, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalSave({ ctx, input, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, input)\n\n if (rule.defaults) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n\n const hasAllPrimaryKeys = input[type.primaryKey] !== undefined;\n const whereConditions = {}\n whereConditions[type.primaryKey] = { eq: input[type.primaryKey] }\n\n if (hasAllPrimaryKeys) {\n const where = await fromRuleToWhere(ctx, rule.save, whereConditions, request.user)\n\n const found = await type.find({\n where,\n ctx,\n fields,\n })\n\n if (found.length === 0) {\n throw new Unauthorized()\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n },\n\n async insert(originalInsert, { inputs, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, inputs)\n\n /* istanbul ignore else */\n if (rule.defaults) {\n for (const input of inputs) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n }\n\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n },\n\n async delete(originalDelete, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalDelete({ where, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.delete, where, request.user)\n\n return originalDelete({ where, ctx, fields, ...restOpts })\n },\n\n async updateMany(originalUpdateMany, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user)\n\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n },\n })\n }\n })\n}\n\nasync function fromRuleToWhere(ctx: PlatformaticContext, rule, where, user) {\n if (!rule) {\n throw new Unauthorized()\n }\n const request = getRequestFromContext(ctx)\n /* istanbul ignore next */\n where = where || {}\n\n if (typeof rule === 'object') {\n const { checks } = rule\n\n /* istanbul ignore else */\n if (checks) {\n for (const key of Object.keys(checks)) {\n const clauses = checks[key]\n if (typeof clauses === 'string') {\n // case: \"userId\": \"X-PLATFORMATIC-USER-ID\"\n where[key] = {\n eq: request.user[clauses],\n }\n } else {\n // case:\n // userId: {\n // eq: 'X-PLATFORMATIC-USER-ID'\n // }\n for (const clauseKey of Object.keys(clauses)) {\n const clause = clauses[clauseKey]\n where[key] = {\n [clauseKey]: request.user[clause],\n }\n }\n }\n }\n }\n } else if (typeof rule === 'function') {\n where = await rule({ user, ctx, where })\n }\n return where\n}\n\nasync function findRuleForRequestUser(ctx: PlatformaticContext, rules: PlatformaticRule[], roleKey: string, anonymousRole: string, isRolePath = false) {\n const request = getRequestFromContext(ctx)\n await request.setupDBAuthorizationUser()\n const roles = getRoles(request, roleKey, anonymousRole, isRolePath)\n const rule = findRule(rules, roles)\n if (!rule) {\n ctx.reply.request.log.warn({ roles, rules }, 'no rule for roles')\n throw new Unauthorized()\n }\n ctx.reply.request.log.trace({ roles, rule }, 'found rule')\n return rule\n}\n\nfunction checkFieldsFromRule(rule, fields) {\n if (!rule) {\n throw new Unauthorized()\n }\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n for (const field of fields) {\n if (!fieldsFromRule.includes(field)) {\n throw new UnauthorizedField(field)\n }\n }\n }\n}\n\nconst validateInputs = (inputs, fieldsFromRule) => {\n for (const input of inputs) {\n const inputFields = Object.keys(input)\n for (const inputField of inputFields) {\n if (!fieldsFromRule.includes(inputField)) {\n throw new UnauthorizedField(inputField)\n }\n }\n }\n}\n\nfunction checkInputFromRuleFields(rule, inputs) {\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n if (!Array.isArray(inputs)) {\n // save\n validateInputs([inputs], fieldsFromRule)\n } else {\n // insert\n validateInputs(inputs, fieldsFromRule)\n }\n }\n}\n\nfunction checkSaveMandatoryFieldsInRules(type: Entity, rules) {\n // List of not nullable, not PKs field to validate save/insert when allowed fields are specified on the rule\n const mandatoryFields =\n Object.values(type.fields)\n .filter(k => (!k.isNullable && !k.primaryKey))\n .map(({ camelcase }) => (camelcase))\n\n for (const rule of rules) {\n const { entity, save } = rule\n if (save && save.fields) {\n const fields = save.fields\n for (const mField of mandatoryFields) {\n if (!fields.includes(mField)) {\n throw new MissingNotNullableError(mField, entity)\n }\n }\n }\n }\n}\n\nexport default fp(auth, { name: '@albirex/platformatic-logto' })\n","'use strict'\n\nimport { PlatformaticRule } from '../index.js'\n\nfunction findRule(rules: PlatformaticRule[], roles: string[]) {\n let found = null\n for (const rule of rules) {\n for (const role of roles) {\n if (rule.role === role) {\n found = rule\n break\n }\n }\n if (found) {\n break\n }\n }\n return found\n}\n\nexport default findRule\n","'use strict'\n\nexport function getRequestFromContext (ctx) {\n if (ctx && !ctx.reply) {\n throw new Error('Missing reply in context. You should call this function with { ctx: { reply }}')\n }\n return ctx.reply.request\n}\n\nexport function getRoles (request, roleKey, anonymousRole, isRolePath = false) {\n let output = []\n const user = request.user\n if (!user) {\n output.push(anonymousRole)\n return output\n }\n\n let rolesRaw\n if (isRolePath) {\n const roleKeys = roleKey.split('.')\n rolesRaw = user\n for (const key of roleKeys) {\n rolesRaw = rolesRaw[key]\n }\n } else {\n rolesRaw = user[roleKey]\n }\n\n if (typeof rolesRaw === 'string') {\n output = rolesRaw.split(',')\n } else if (Array.isArray(rolesRaw)) {\n output = rolesRaw\n }\n if (output.length === 0) {\n output.push(anonymousRole)\n }\n\n return output\n}\n","'use strict'\n\nimport createError from '@fastify/error'\n\nconst ERROR_PREFIX = 'PLT_DB_AUTH'\n\nexport const Unauthorized = createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401)\nexport const UnauthorizedField = createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401)\nexport const MissingNotNullableError = createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`, 'missing not nullable field: \"%s\" in save rule for entity \"%s\"')\n"],"mappings":";AAAA,OAAO,QAAQ;AACf,YAAY,iBAAiB;;;ACG7B,SAAS,SAAS,OAA2B,OAAiB;AAC5D,MAAI,QAAQ;AACZ,aAAW,QAAQ,OAAO;AACxB,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,MAAM;AACtB,gBAAQ;AACR;AAAA,MACF;AAAA,IACF;AACA,QAAI,OAAO;AACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAO,oBAAQ;;;AClBR,SAAS,sBAAuB,KAAK;AAC1C,MAAI,OAAO,CAAC,IAAI,OAAO;AACrB,UAAM,IAAI,MAAM,gFAAgF;AAAA,EAClG;AACA,SAAO,IAAI,MAAM;AACnB;AAEO,SAAS,SAAU,SAAS,SAAS,eAAe,aAAa,OAAO;AAC7E,MAAI,SAAS,CAAC;AACd,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM;AACT,WAAO,KAAK,aAAa;AACzB,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI,YAAY;AACd,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,eAAW;AACX,eAAW,OAAO,UAAU;AAC1B,iBAAW,SAAS,GAAG;AAAA,IACzB;AAAA,EACF,OAAO;AACL,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,MAAI,OAAO,aAAa,UAAU;AAChC,aAAS,SAAS,MAAM,GAAG;AAAA,EAC7B,WAAW,MAAM,QAAQ,QAAQ,GAAG;AAClC,aAAS;AAAA,EACX;AACA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,KAAK,aAAa;AAAA,EAC3B;AAEA,SAAO;AACT;;;ACpCA,OAAO,iBAAiB;AAExB,IAAM,eAAe;AAEd,IAAM,eAAe,YAAY,GAAG,YAAY,iBAAiB,yBAAyB,GAAG;AAC7F,IAAM,oBAAoB,YAAY,GAAG,YAAY,uBAAuB,yBAAyB,GAAG;AACxG,IAAM,0BAA0B,YAAY,GAAG,YAAY,yBAAyB,+DAA+D;;;AHF1J,OAAO,kBAAkB;AAKzB,IAAM,iBAAiB;AA8BvB,IAAM,OAAyD,OAAO,KAAsB,SAAuC;AAC/H,MAAI,SAAS,cAAc;AAAA,IACvB,UAAU,KAAK,gBAAgB;AAAA,IAC/B,OAAO,KAAK,cAAc;AAAA,IAC1B,WAAW,KAAK,kBAAkB;AAAA,EACtC,CAAC;AAED,QAAM,IAAI,SAAS,aAA8C,KAAK,SAAS;AAE/E,QAAM,cAAc,KAAK;AACzB,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,aAAa,CAAC,CAAC,KAAK;AAC1B,QAAM,gBAAgB,KAAK,iBAAiB;AAE5C,iBAAe,oBAAoB;AAC/B,UAAM,YAAY,MAAM,IAAI,MAAM,QAAQ,wBAAwB,KAAK;AAEvE,QAAI,CAAC,UAAU,IAAI;AACf,YAAM;AAAA,IACV;AAEA,UAAM,QAAQ,MAAM,UAAU,KAAK;AACnC,UAAM,QAA4B,CAAC;AAAA,MAC/B,MAAM;AAAA,MACN,UAAU,OAAO,KAAK,IAAI,aAAa,QAAQ;AAAA,MAC/C,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACjB,CAAC;AAED,eAAW,QAAQ,OAAO;AACtB,YAAM,aAAa,MAAM,IAAI,MAAM,QAAQ,cAAc,KAAK,EAAE,WAAW,KAAK;AAEhF,UAAI,CAAC,WAAW,IAAI;AAChB,cAAM;AAAA,MACV;AAEA,YAAM,SAAS,MAAM,WAAW,KAAK;AAErC,iBAAW,SAAS,QAAQ;AACxB,cAAM,WAAW,KAAK;AAEtB,YAAI,CAAC,aAAa,MAAM,IAAI,MAAM,KAAK,MAAM,GAAG;AAEhD,YAAI,CAAC,IAAI,aAAa,SAAS,MAAM,GAAG;AACpC,cAAI,IAAI,MAAM,mBAAmB,MAAM,yBAAyB;AAChE;AAAA,QACJ;AAEA,gBAAQ,aAAa;AAAA,UACjB,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,QACR;AAEA,cAAM,cAAc,MAAM,KAAK,OAAK,EAAE,SAAS,YAAY,EAAE,WAAW,MAAM;AAC9E,YAAI,aAAa;AACb,cAAI,KAAK,QAAQ;AACb,wBAAY,WAAW,IAAI;AAAA,cACvB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,wBAAY,WAAW,IAAI;AAAA,UAC/B;AAAA,QACJ,OAAO;AACH,gBAAM,UAA4B;AAAA,YAC9B,MAAM;AAAA,YACN;AAAA,UACJ;AAEA,cAAI,KAAK,QAAQ;AACb,oBAAQ,WAAW,IAAI;AAAA,cACnB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,oBAAQ,WAAW,IAAI;AAAA,UAC3B;AAEA,cAAI,KAAK,UAAU;AACf,oBAAQ,WAAW;AAAA,cACf,QAAQ;AAAA,YACZ;AAAA,UACJ;AAEA,gBAAM,KAAK,OAAO;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,WAAW,MAAM,OAAO,CAAC,MAAM,SAAS;AAC1C,OAAC,KAAK,KAAK,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI;AACrC,aAAO;AAAA,IACX,GAAG,CAAC,CAAC;AAEL,eAAW,OAAO,UAAU;AACxB,UAAI,IAAI,KAAK,sBAAsB,GAAG,EAAE;AAExC,iBAAW,WAAW,SAAS,GAAG,GAAG;AAEjC,cAAM,EAAE,QAAQ,UAAU,MAAM,GAAG,MAAM,IAAI;AAC7C,YAAI,IAAI,KAAK,IAAK,UAAU,SAAS,KAAK,GAAG,CAAC,KAAK,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,MAC9E;AAAA,IACJ;AAEA,UAAM,kBAAkB,OAAO,KAAK,IAAI,aAAa,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEpH,QAAI,gBAAgB,QAAQ;AACxB,UAAI,IAAI,KAAK,+BAA+B,gBAAgB,KAAK,IAAI,CAAC,EAAE;AAAA,IAC5E;AAEA,QAAI,IAAI,MAAM,wBAAwB;AACtC,QAAI,IAAI,MAAM,KAAK;AACnB,WAAO;AAAA,EACX;AAEA,MAAI,gBAAgB,4BAA4B,SAAS;AAEzD,iBAAe,YAAY;AAEvB,UAAM,KAAK,YAAY;AAGvB,QAAI,iBAAiB;AACrB,QAAI,eAAe,KAAK,QAAQ,6BAA6B,MAAM,aAAa;AAC5E,UAAI,KAAK,UAAU,KAAK;AACpB,yBAAiB;AAAA,MACrB,OAAO;AACH,aAAK,IAAI,KAAK,uBAAuB;AACrC,aAAK,OAAO,IAAI,MAAM,KAAK,SAAS;AAAA,UAChC,KAAK,CAAC,QAAQ,QAAQ;AAClB,gBAAI;AACJ,gBAAI,CAAC,OAAO,IAAI,SAAS,CAAC,GAAG;AACzB,oBAAM,SAAS,IAAI,SAAS,EAAE,YAAY;AAC1C,sBAAQ,OAAO,MAAM;AAAA,YACzB,OAAO;AACH,sBAAQ,OAAO,IAAI,SAAS,CAAC;AAAA,YACjC;AAEA,gBAAI,CAAC,SAAS,IAAI,SAAS,EAAE,YAAY,MAAM,QAAQ,YAAY,GAAG;AAClE,sBAAQ;AAAA,YACZ;AACA,mBAAO;AAAA,UACX;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAEA,QAAI,gBAAgB;AAEhB,WAAK,OAAO;AAAA;AAAA,QAER,CAAC,OAAO,GAAG;AAAA,MACf;AAAA,IACJ;AAAA,EACJ;AAEA,MAAI,QAAQ,WAAW,iBAAkB;AACrC,UAAM,QAAQ,MAAM,kBAAkB;AAGtC,UAAM,cAAc,CAAC;AACrB,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACnC,YAAM,OAAO,MAAM,CAAC;AAEpB,UAAI,eAAe;AACnB,UAAI,KAAK,QAAQ;AACb,uBAAe,CAAC,KAAK,MAAM;AAAA,MAC/B,WAAW,KAAK,UAAU;AACtB,uBAAe,CAAC,GAAG,KAAK,QAAQ;AAAA,MACpC,OAAO;AACH,cAAM,IAAI,MAAM,wCAAwC,CAAC,EAAE;AAAA,MAC/D;AAEA,iBAAW,cAAc,cAAc;AACnC,cAAM,UAAU,EAAE,GAAG,MAAM,QAAQ,YAAY,UAAU,OAAU;AACnE,YAAI,CAAC,IAAI,aAAa,SAAS,QAAQ,MAAM,GAAG;AAC5C,gBAAM,IAAI,MAAM,mBAAmB,UAAU,2BAA2B,CAAC,EAAE;AAAA,QAC/E;AAEA,YAAI,CAAC,YAAY,UAAU,GAAG;AAC1B,sBAAY,UAAU,IAAI,CAAC;AAAA,QAC/B;AACA,oBAAY,UAAU,EAAE,KAAK,OAAO;AAAA,MACxC;AAAA,IACJ;AAEA,eAAW,aAAa,OAAO,KAAK,IAAI,aAAa,QAAQ,GAAG;AAgD5D,UAAS,cAAT,SAAqB,KAA0B;AAC3C,eAAO,CAAC;AAAA,MACZ;AAjDA,YAAMA,SAAQ,YAAY,SAAS,KAAK,CAAC;AACzC,YAAM,OAAO,IAAI,aAAa,SAAS,SAAS;AAGhD,UAAI;AACJ,YAAM,sBAAsB;AAwB5B,UAAI,4BAA4B,qBAAqB;AACjD,cAAM,IAAI,MAAM,4BAA4B,SAAS,wCAAwC;AAAA,MACjG;AAGA,UAAI,aAAa;AACb,QAAAA,OAAM,KAAK;AAAA,UACP,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,QACZ,CAAC;AAAA,MACL;AAIA,sCAAgC,MAAMA,MAAK;AAM3C,UAAI,aAAa,eAAe,WAAW;AAAA,QACvC,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,IAAI,CAAC,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AACxF,8BAAoB,KAAK,MAAM,UAAU,OAAO,KAAK,IAAI,aAAa,SAAS,SAAS,EAAE,MAAM,CAAC;AACjG,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,OAAO,QAAQ,IAAI;AAEjE,iBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QAC3D;AAAA,QACA,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC1D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,KAAK,OAAO,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AACA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,KAAK;AAEzC,cAAI,KAAK,UAAU;AACf,uBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,oBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,kBAAI,OAAO,aAAa,YAAY;AAChC,sBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,cAClE,OAAO;AACH,sBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,cACtC;AAAA,YACJ;AAAA,UACJ;AAEA,gBAAM,oBAAoB,MAAM,KAAK,UAAU,MAAM;AACrD,gBAAM,kBAAkB,CAAC;AACzB,0BAAgB,KAAK,UAAU,IAAI,EAAE,IAAI,MAAM,KAAK,UAAU,EAAE;AAEhE,cAAI,mBAAmB;AACnB,kBAAM,QAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,iBAAiB,QAAQ,IAAI;AAEjF,kBAAM,QAAQ,MAAM,KAAK,KAAK;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,YACJ,CAAC;AAED,gBAAI,MAAM,WAAW,GAAG;AACpB,oBAAM,IAAI,aAAa;AAAA,YAC3B;AAEA,mBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AAEA,iBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC3D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC9D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AAEA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,MAAM;AAG1C,cAAI,KAAK,UAAU;AACf,uBAAW,SAAS,QAAQ;AACxB,yBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,sBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,oBAAI,OAAO,aAAa,YAAY;AAChC,wBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,gBAClE,OAAO;AACH,wBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,gBACtC;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEA,iBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC9D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC9D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC7D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,QAAQ,OAAO,QAAQ,IAAI;AAEnE,iBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7D;AAAA,QAEA,MAAM,WAAW,oBAAoB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AACtE,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UACjE;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,YAAY,OAAO,QAAQ,IAAI;AAEvE,iBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QACjE;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ,CAAC;AACL;AAEA,eAAe,gBAAgB,KAA0B,MAAM,OAAO,MAAM;AACxE,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,UAAU,sBAAsB,GAAG;AAEzC,UAAQ,SAAS,CAAC;AAElB,MAAI,OAAO,SAAS,UAAU;AAC1B,UAAM,EAAE,OAAO,IAAI;AAGnB,QAAI,QAAQ;AACR,iBAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACnC,cAAM,UAAU,OAAO,GAAG;AAC1B,YAAI,OAAO,YAAY,UAAU;AAE7B,gBAAM,GAAG,IAAI;AAAA,YACT,IAAI,QAAQ,KAAK,OAAO;AAAA,UAC5B;AAAA,QACJ,OAAO;AAKH,qBAAW,aAAa,OAAO,KAAK,OAAO,GAAG;AAC1C,kBAAM,SAAS,QAAQ,SAAS;AAChC,kBAAM,GAAG,IAAI;AAAA,cACT,CAAC,SAAS,GAAG,QAAQ,KAAK,MAAM;AAAA,YACpC;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS,YAAY;AACnC,YAAQ,MAAM,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC;AAAA,EAC3C;AACA,SAAO;AACX;AAEA,eAAe,uBAAuB,KAA0B,OAA2B,SAAiB,eAAuB,aAAa,OAAO;AACnJ,QAAM,UAAU,sBAAsB,GAAG;AACzC,QAAM,QAAQ,yBAAyB;AACvC,QAAM,QAAQ,SAAS,SAAS,SAAS,eAAe,UAAU;AAClE,QAAM,OAAO,kBAAS,OAAO,KAAK;AAClC,MAAI,CAAC,MAAM;AACP,QAAI,MAAM,QAAQ,IAAI,KAAK,EAAE,OAAO,MAAM,GAAG,mBAAmB;AAChE,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,MAAI,MAAM,QAAQ,IAAI,MAAM,EAAE,OAAO,KAAK,GAAG,YAAY;AACzD,SAAO;AACX;AAEA,SAAS,oBAAoB,MAAM,QAAQ;AACvC,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,eAAW,SAAS,QAAQ;AACxB,UAAI,CAAC,eAAe,SAAS,KAAK,GAAG;AACjC,cAAM,IAAI,kBAAkB,KAAK;AAAA,MACrC;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAM,iBAAiB,CAAC,QAAQ,mBAAmB;AAC/C,aAAW,SAAS,QAAQ;AACxB,UAAM,cAAc,OAAO,KAAK,KAAK;AACrC,eAAW,cAAc,aAAa;AAClC,UAAI,CAAC,eAAe,SAAS,UAAU,GAAG;AACtC,cAAM,IAAI,kBAAkB,UAAU;AAAA,MAC1C;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,SAAS,yBAAyB,MAAM,QAAQ;AAC5C,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,QAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AAExB,qBAAe,CAAC,MAAM,GAAG,cAAc;AAAA,IAC3C,OAAO;AAEH,qBAAe,QAAQ,cAAc;AAAA,IACzC;AAAA,EACJ;AACJ;AAEA,SAAS,gCAAgC,MAAc,OAAO;AAE1D,QAAM,kBACF,OAAO,OAAO,KAAK,MAAM,EACpB,OAAO,OAAM,CAAC,EAAE,cAAc,CAAC,EAAE,UAAW,EAC5C,IAAI,CAAC,EAAE,UAAU,MAAO,SAAU;AAE3C,aAAW,QAAQ,OAAO;AACtB,UAAM,EAAE,QAAQ,KAAK,IAAI;AACzB,QAAI,QAAQ,KAAK,QAAQ;AACrB,YAAM,SAAS,KAAK;AACpB,iBAAW,UAAU,iBAAiB;AAClC,YAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC1B,gBAAM,IAAI,wBAAwB,QAAQ,MAAM;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAO,gBAAQ,GAAG,MAAM,EAAE,MAAM,8BAA8B,CAAC;","names":["rules"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/utils/find-rule.ts","../src/utils/utils.ts","../src/utils/errors.ts"],"sourcesContent":["import fp from 'fastify-plugin'\nimport * as fastifyUser from 'fastify-user'\n\nimport findRule from './utils/find-rule.js'\nimport { getRequestFromContext, getRoles } from './utils/utils.js'\nimport { Unauthorized, UnauthorizedField, MissingNotNullableError } from './utils/errors.js'\nimport fastifyLogto from '@albirex/fastify-logto';\nimport { FastifyInstance, FastifyPluginAsync } from 'fastify'\nimport type { FastifyUserPluginOptions } from 'fastify-user';\nimport type { Entity, PlatformaticContext } from '@platformatic/sql-mapper'\nexport { fastifyLogto } from '@albirex/fastify-logto';\n\nconst PLT_ADMIN_ROLE = 'platformatic-admin'\n\nexport type PlatformaticRule = {\n role: string;\n entity?: string;\n entities?: string[];\n defaults?: Record<string, string>;\n checks?: boolean;\n find?: boolean;\n save?: boolean;\n delete?: boolean;\n\n};\n\nexport type PlatformaticLogtoAuthOptions = {\n logtoBaseUrl?: string;\n logtoAppId?: string;\n logtoAppSecret?: string;\n adminSecret?: string;\n rolePath?: string;\n roleKey?: string;\n userPath?: string;\n userKey?: string;\n anonymousRole?: string;\n allowAnonymous?: boolean;\n checks?: boolean;\n defaults?: boolean;\n jwtPlugin: FastifyUserPluginOptions\n};\n\nexport const platformaticLogto: FastifyPluginAsync<PlatformaticLogtoAuthOptions> = fp(async (app: FastifyInstance, opts: PlatformaticLogtoAuthOptions) => {\n app.register(fastifyLogto, {\n endpoint: opts.logtoBaseUrl || 'https://auth.example.com',\n appId: opts.logtoAppId || 'your-app-id',\n appSecret: opts.logtoAppSecret || 'your-app-secret',\n });\n\n await app.register(fastifyUser as unknown as FastifyPluginAsync, opts.jwtPlugin);\n\n const adminSecret = opts.adminSecret\n const roleKey = opts.rolePath || opts.roleKey || 'X-PLATFORMATIC-ROLE'\n const userKey = opts.userPath || opts.userKey || 'X-PLATFORMATIC-USER-ID'\n const isRolePath = !!opts.rolePath // if `true` the role is intepreted as path like `user.role`\n const anonymousRole = opts.anonymousRole || 'anonymous'\n\n async function composeLogToRules() {\n const rolesResp = await app.logto.callAPI('/api/roles?type=User', 'GET');\n\n if (!rolesResp.ok) {\n throw rolesResp;\n }\n\n const roles = await rolesResp.json();\n const rules: PlatformaticRule[] = [{\n role: anonymousRole,\n entities: Object.keys(app.platformatic.entities),\n find: opts.allowAnonymous,\n save: opts.allowAnonymous,\n delete: opts.allowAnonymous,\n }];\n\n for (const role of roles) {\n const scopesResp = await app.logto.callAPI(`/api/roles/${role.id}/scopes`, 'GET');\n\n if (!scopesResp.ok) {\n throw scopesResp;\n }\n\n const scopes = await scopesResp.json();\n\n for (const scope of scopes) {\n const roleName = role.name;\n // eslint-disable-next-line prefer-const\n let [scopeAction, entity] = scope.name.split(':');\n\n if (!app.platformatic.entities[entity]) {\n app.log.debug(`Unknown entity '${entity}' in authorization rule`)\n continue;\n }\n\n switch (scopeAction) {\n case 'create':\n scopeAction = 'save'\n break;\n case 'read':\n scopeAction = 'find'\n break;\n case 'update':\n scopeAction = 'updateMany'\n break;\n }\n\n const checkExists = rules.find(r => r.role === roleName && r.entity === entity);\n if (checkExists) {\n if (opts.checks) {\n checkExists[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n checkExists[scopeAction] = true;\n }\n } else {\n const newRule: PlatformaticRule = {\n role: roleName,\n entity,\n };\n\n if (opts.checks) {\n newRule[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n newRule[scopeAction] = true;\n }\n\n if (opts.defaults) {\n newRule.defaults = {\n userId: userKey\n };\n }\n\n rules.push(newRule);\n }\n }\n }\n\n const logRules = rules.reduce((prev, curr) => {\n (prev[curr['role']] ??= []).push(curr);\n return prev;\n }, {})\n\n for (const key in logRules) {\n app.log.info(`Rules set for role ${key}`);\n\n for (const element of logRules[key]) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { entity, entities, role, ...other } = element;\n app.log.info(`\\t${entity ?? entities.join(',')}: ${JSON.stringify(other)}`);\n }\n }\n\n const missingEntities = Object.keys(app.platformatic.entities).filter((e) => !rules.map((r) => r.entity).includes(e));\n\n if (missingEntities.length) {\n app.log.warn(`Missing rules for entities: ${missingEntities.join(', ')}`);\n }\n\n app.log.debug('LogTo calculated rules');\n app.log.debug(rules);\n return rules;\n }\n\n app.decorateRequest('setupDBAuthorizationUser', setupUser)\n\n async function setupUser() {\n // if (!adminSecret) {\n await this.extractUser()\n // }\n\n let forceAdminRole = false\n if (adminSecret && this.headers['x-platformatic-admin-secret'] === adminSecret) {\n if (opts.jwtPlugin.jwt) {\n forceAdminRole = true\n } else {\n this.log.info('admin secret is valid')\n this.user = new Proxy(this.headers, {\n get: (target, key) => {\n let value;\n if (!target[key.toString()]) {\n const newKey = key.toString().toLowerCase()\n value = target[newKey]\n } else {\n value = target[key.toString()]\n }\n\n if (!value && key.toString().toLowerCase() === roleKey.toLowerCase()) {\n value = PLT_ADMIN_ROLE\n }\n return value\n },\n })\n }\n }\n\n if (forceAdminRole) {\n // We replace just the role in `request.user`, all the rest is untouched\n this.user = {\n // ...request.user,\n [roleKey]: PLT_ADMIN_ROLE,\n }\n }\n }\n\n app.addHook('onReady', async function () {\n const rules = await composeLogToRules();\n\n // TODO validate that there is at most a rule for a given role\n const entityRules = {};\n for (let i = 0; i < rules.length; i++) {\n const rule = rules[i]\n\n let ruleEntities = null\n if (rule.entity) {\n ruleEntities = [rule.entity]\n } else if (rule.entities) {\n ruleEntities = [...rule.entities]\n } else {\n throw new Error(`Missing entity in authorization rule ${i}`)\n }\n\n for (const ruleEntity of ruleEntities) {\n const newRule = { ...rule, entity: ruleEntity, entities: undefined }\n if (!app.platformatic.entities[newRule.entity]) {\n throw new Error(`Unknown entity '${ruleEntity}' in authorization rule ${i}`)\n }\n\n if (!entityRules[ruleEntity]) {\n entityRules[ruleEntity] = []\n }\n entityRules[ruleEntity].push(newRule)\n }\n }\n\n for (const entityKey of Object.keys(app.platformatic.entities)) {\n const rules = entityRules[entityKey] || []\n const type = app.platformatic.entities[entityKey]\n\n // We have subscriptions!\n let userPropToFillForPublish\n const topicsWithoutChecks = false\n\n // mqtt\n // if (app.platformatic.mq) {\n // for (const rule of rules) {\n // const checks = rule.find?.checks\n // if (typeof checks !== 'object') {\n // topicsWithoutChecks = !!rule.find\n // continue\n // }\n // const keys = Object.keys(checks)\n // if (keys.length !== 1) {\n // throw new Error(`Subscription requires that the role \"${rule.role}\" has only one check in the find rule for entity \"${rule.entity}\"`)\n // }\n // const key = keys[0]\n\n // const val = typeof checks[key] === 'object' ? checks[key].eq : checks[key]\n // if (userPropToFillForPublish && userPropToFillForPublish.val !== val) {\n // throw new Error('Unable to configure subscriptions and authorization due to multiple check clauses in find')\n // }\n // userPropToFillForPublish = { key, val }\n // }\n // }\n\n if (userPropToFillForPublish && topicsWithoutChecks) {\n throw new Error(`Subscription for entity \"${entityKey}\" have conflictling rules across roles`)\n }\n\n // MUST set this after doing the security checks on the subscriptions\n if (adminSecret) {\n rules.push({\n role: PLT_ADMIN_ROLE,\n find: true,\n save: true,\n delete: true,\n })\n }\n\n // If we have `fields` in save rules, we need to check if all the not-nullable\n // fields are specified\n checkSaveMandatoryFieldsInRules(type, rules)\n\n function useOriginal(ctx: PlatformaticContext) {\n return !ctx\n }\n\n app.platformatic.addEntityHooks(entityKey, {\n async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {\n if (useOriginal(ctx)) {\n return originalFind({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields))\n where = await fromRuleToWhere(ctx, rule.find, where, request.user)\n\n return originalFind({ ...restOpts, where, ctx, fields })\n },\n async save(originalSave, { input, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalSave({ ctx, input, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, input)\n\n if (rule.defaults) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n\n const hasAllPrimaryKeys = input[type.primaryKey] !== undefined;\n const whereConditions = {}\n whereConditions[type.primaryKey] = { eq: input[type.primaryKey] }\n\n if (hasAllPrimaryKeys) {\n const where = await fromRuleToWhere(ctx, rule.save, whereConditions, request.user)\n\n const found = await type.find({\n where,\n ctx,\n fields,\n })\n\n if (found.length === 0) {\n throw new Unauthorized()\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n },\n\n async insert(originalInsert, { inputs, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, inputs)\n\n /* istanbul ignore else */\n if (rule.defaults) {\n for (const input of inputs) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n }\n\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n },\n\n async delete(originalDelete, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalDelete({ where, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.delete, where, request.user)\n\n return originalDelete({ where, ctx, fields, ...restOpts })\n },\n\n async updateMany(originalUpdateMany, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user)\n\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n },\n })\n }\n })\n}, { name: '@albirex/platformatic-logto' });\n\nasync function fromRuleToWhere(ctx: PlatformaticContext, rule, where, user) {\n if (!rule) {\n throw new Unauthorized()\n }\n const request = getRequestFromContext(ctx)\n /* istanbul ignore next */\n where = where || {}\n\n if (typeof rule === 'object') {\n const { checks } = rule\n\n /* istanbul ignore else */\n if (checks) {\n for (const key of Object.keys(checks)) {\n const clauses = checks[key]\n if (typeof clauses === 'string') {\n // case: \"userId\": \"X-PLATFORMATIC-USER-ID\"\n where[key] = {\n eq: request.user[clauses],\n }\n } else {\n // case:\n // userId: {\n // eq: 'X-PLATFORMATIC-USER-ID'\n // }\n for (const clauseKey of Object.keys(clauses)) {\n const clause = clauses[clauseKey]\n where[key] = {\n [clauseKey]: request.user[clause],\n }\n }\n }\n }\n }\n } else if (typeof rule === 'function') {\n where = await rule({ user, ctx, where })\n }\n return where\n}\n\nasync function findRuleForRequestUser(ctx: PlatformaticContext, rules: PlatformaticRule[], roleKey: string, anonymousRole: string, isRolePath = false) {\n const request = getRequestFromContext(ctx)\n await request.setupDBAuthorizationUser()\n const roles = getRoles(request, roleKey, anonymousRole, isRolePath)\n const rule = findRule(rules, roles)\n if (!rule) {\n ctx.reply.request.log.warn({ roles, rules }, 'no rule for roles')\n throw new Unauthorized()\n }\n ctx.reply.request.log.trace({ roles, rule }, 'found rule')\n return rule\n}\n\nfunction checkFieldsFromRule(rule, fields) {\n if (!rule) {\n throw new Unauthorized()\n }\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n for (const field of fields) {\n if (!fieldsFromRule.includes(field)) {\n throw new UnauthorizedField(field)\n }\n }\n }\n}\n\nconst validateInputs = (inputs, fieldsFromRule) => {\n for (const input of inputs) {\n const inputFields = Object.keys(input)\n for (const inputField of inputFields) {\n if (!fieldsFromRule.includes(inputField)) {\n throw new UnauthorizedField(inputField)\n }\n }\n }\n}\n\nfunction checkInputFromRuleFields(rule, inputs) {\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n if (!Array.isArray(inputs)) {\n // save\n validateInputs([inputs], fieldsFromRule)\n } else {\n // insert\n validateInputs(inputs, fieldsFromRule)\n }\n }\n}\n\nfunction checkSaveMandatoryFieldsInRules(type: Entity, rules) {\n // List of not nullable, not PKs field to validate save/insert when allowed fields are specified on the rule\n const mandatoryFields =\n Object.values(type.fields)\n .filter(k => (!k.isNullable && !k.primaryKey))\n .map(({ camelcase }) => (camelcase))\n\n for (const rule of rules) {\n const { entity, save } = rule\n if (save && save.fields) {\n const fields = save.fields\n for (const mField of mandatoryFields) {\n if (!fields.includes(mField)) {\n throw new MissingNotNullableError(mField, entity)\n }\n }\n }\n }\n}\n\nexport default platformaticLogto;\n","'use strict'\n\nimport { PlatformaticRule } from '../index.js'\n\nfunction findRule(rules: PlatformaticRule[], roles: string[]) {\n let found = null\n for (const rule of rules) {\n for (const role of roles) {\n if (rule.role === role) {\n found = rule\n break\n }\n }\n if (found) {\n break\n }\n }\n return found\n}\n\nexport default findRule\n","'use strict'\n\nexport function getRequestFromContext (ctx) {\n if (ctx && !ctx.reply) {\n throw new Error('Missing reply in context. You should call this function with { ctx: { reply }}')\n }\n return ctx.reply.request\n}\n\nexport function getRoles (request, roleKey, anonymousRole, isRolePath = false) {\n let output = []\n const user = request.user\n if (!user) {\n output.push(anonymousRole)\n return output\n }\n\n let rolesRaw\n if (isRolePath) {\n const roleKeys = roleKey.split('.')\n rolesRaw = user\n for (const key of roleKeys) {\n rolesRaw = rolesRaw[key]\n }\n } else {\n rolesRaw = user[roleKey]\n }\n\n if (typeof rolesRaw === 'string') {\n output = rolesRaw.split(',')\n } else if (Array.isArray(rolesRaw)) {\n output = rolesRaw\n }\n if (output.length === 0) {\n output.push(anonymousRole)\n }\n\n return output\n}\n","'use strict'\n\nimport createError from '@fastify/error'\n\nconst ERROR_PREFIX = 'PLT_DB_AUTH'\n\nexport const Unauthorized = createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401)\nexport const UnauthorizedField = createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401)\nexport const MissingNotNullableError = createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`, 'missing not nullable field: \"%s\" in save rule for entity \"%s\"')\n"],"mappings":";AAAA,OAAO,QAAQ;AACf,YAAY,iBAAiB;;;ACG7B,SAAS,SAAS,OAA2B,OAAiB;AAC5D,MAAI,QAAQ;AACZ,aAAW,QAAQ,OAAO;AACxB,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,MAAM;AACtB,gBAAQ;AACR;AAAA,MACF;AAAA,IACF;AACA,QAAI,OAAO;AACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAO,oBAAQ;;;AClBR,SAAS,sBAAuB,KAAK;AAC1C,MAAI,OAAO,CAAC,IAAI,OAAO;AACrB,UAAM,IAAI,MAAM,gFAAgF;AAAA,EAClG;AACA,SAAO,IAAI,MAAM;AACnB;AAEO,SAAS,SAAU,SAAS,SAAS,eAAe,aAAa,OAAO;AAC7E,MAAI,SAAS,CAAC;AACd,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM;AACT,WAAO,KAAK,aAAa;AACzB,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI,YAAY;AACd,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,eAAW;AACX,eAAW,OAAO,UAAU;AAC1B,iBAAW,SAAS,GAAG;AAAA,IACzB;AAAA,EACF,OAAO;AACL,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,MAAI,OAAO,aAAa,UAAU;AAChC,aAAS,SAAS,MAAM,GAAG;AAAA,EAC7B,WAAW,MAAM,QAAQ,QAAQ,GAAG;AAClC,aAAS;AAAA,EACX;AACA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,KAAK,aAAa;AAAA,EAC3B;AAEA,SAAO;AACT;;;ACpCA,OAAO,iBAAiB;AAExB,IAAM,eAAe;AAEd,IAAM,eAAe,YAAY,GAAG,YAAY,iBAAiB,yBAAyB,GAAG;AAC7F,IAAM,oBAAoB,YAAY,GAAG,YAAY,uBAAuB,yBAAyB,GAAG;AACxG,IAAM,0BAA0B,YAAY,GAAG,YAAY,yBAAyB,+DAA+D;;;AHF1J,OAAO,kBAAkB;AAIzB,SAAS,gBAAAA,qBAAoB;AAE7B,IAAM,iBAAiB;AA8BhB,IAAM,oBAAsE,GAAG,OAAO,KAAsB,SAAuC;AACtJ,MAAI,SAAS,cAAc;AAAA,IACvB,UAAU,KAAK,gBAAgB;AAAA,IAC/B,OAAO,KAAK,cAAc;AAAA,IAC1B,WAAW,KAAK,kBAAkB;AAAA,EACtC,CAAC;AAED,QAAM,IAAI,SAAS,aAA8C,KAAK,SAAS;AAE/E,QAAM,cAAc,KAAK;AACzB,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,aAAa,CAAC,CAAC,KAAK;AAC1B,QAAM,gBAAgB,KAAK,iBAAiB;AAE5C,iBAAe,oBAAoB;AAC/B,UAAM,YAAY,MAAM,IAAI,MAAM,QAAQ,wBAAwB,KAAK;AAEvE,QAAI,CAAC,UAAU,IAAI;AACf,YAAM;AAAA,IACV;AAEA,UAAM,QAAQ,MAAM,UAAU,KAAK;AACnC,UAAM,QAA4B,CAAC;AAAA,MAC/B,MAAM;AAAA,MACN,UAAU,OAAO,KAAK,IAAI,aAAa,QAAQ;AAAA,MAC/C,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACjB,CAAC;AAED,eAAW,QAAQ,OAAO;AACtB,YAAM,aAAa,MAAM,IAAI,MAAM,QAAQ,cAAc,KAAK,EAAE,WAAW,KAAK;AAEhF,UAAI,CAAC,WAAW,IAAI;AAChB,cAAM;AAAA,MACV;AAEA,YAAM,SAAS,MAAM,WAAW,KAAK;AAErC,iBAAW,SAAS,QAAQ;AACxB,cAAM,WAAW,KAAK;AAEtB,YAAI,CAAC,aAAa,MAAM,IAAI,MAAM,KAAK,MAAM,GAAG;AAEhD,YAAI,CAAC,IAAI,aAAa,SAAS,MAAM,GAAG;AACpC,cAAI,IAAI,MAAM,mBAAmB,MAAM,yBAAyB;AAChE;AAAA,QACJ;AAEA,gBAAQ,aAAa;AAAA,UACjB,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,QACR;AAEA,cAAM,cAAc,MAAM,KAAK,OAAK,EAAE,SAAS,YAAY,EAAE,WAAW,MAAM;AAC9E,YAAI,aAAa;AACb,cAAI,KAAK,QAAQ;AACb,wBAAY,WAAW,IAAI;AAAA,cACvB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,wBAAY,WAAW,IAAI;AAAA,UAC/B;AAAA,QACJ,OAAO;AACH,gBAAM,UAA4B;AAAA,YAC9B,MAAM;AAAA,YACN;AAAA,UACJ;AAEA,cAAI,KAAK,QAAQ;AACb,oBAAQ,WAAW,IAAI;AAAA,cACnB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,oBAAQ,WAAW,IAAI;AAAA,UAC3B;AAEA,cAAI,KAAK,UAAU;AACf,oBAAQ,WAAW;AAAA,cACf,QAAQ;AAAA,YACZ;AAAA,UACJ;AAEA,gBAAM,KAAK,OAAO;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,WAAW,MAAM,OAAO,CAAC,MAAM,SAAS;AAC1C,OAAC,KAAK,KAAK,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI;AACrC,aAAO;AAAA,IACX,GAAG,CAAC,CAAC;AAEL,eAAW,OAAO,UAAU;AACxB,UAAI,IAAI,KAAK,sBAAsB,GAAG,EAAE;AAExC,iBAAW,WAAW,SAAS,GAAG,GAAG;AAEjC,cAAM,EAAE,QAAQ,UAAU,MAAM,GAAG,MAAM,IAAI;AAC7C,YAAI,IAAI,KAAK,IAAK,UAAU,SAAS,KAAK,GAAG,CAAC,KAAK,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,MAC9E;AAAA,IACJ;AAEA,UAAM,kBAAkB,OAAO,KAAK,IAAI,aAAa,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEpH,QAAI,gBAAgB,QAAQ;AACxB,UAAI,IAAI,KAAK,+BAA+B,gBAAgB,KAAK,IAAI,CAAC,EAAE;AAAA,IAC5E;AAEA,QAAI,IAAI,MAAM,wBAAwB;AACtC,QAAI,IAAI,MAAM,KAAK;AACnB,WAAO;AAAA,EACX;AAEA,MAAI,gBAAgB,4BAA4B,SAAS;AAEzD,iBAAe,YAAY;AAEvB,UAAM,KAAK,YAAY;AAGvB,QAAI,iBAAiB;AACrB,QAAI,eAAe,KAAK,QAAQ,6BAA6B,MAAM,aAAa;AAC5E,UAAI,KAAK,UAAU,KAAK;AACpB,yBAAiB;AAAA,MACrB,OAAO;AACH,aAAK,IAAI,KAAK,uBAAuB;AACrC,aAAK,OAAO,IAAI,MAAM,KAAK,SAAS;AAAA,UAChC,KAAK,CAAC,QAAQ,QAAQ;AAClB,gBAAI;AACJ,gBAAI,CAAC,OAAO,IAAI,SAAS,CAAC,GAAG;AACzB,oBAAM,SAAS,IAAI,SAAS,EAAE,YAAY;AAC1C,sBAAQ,OAAO,MAAM;AAAA,YACzB,OAAO;AACH,sBAAQ,OAAO,IAAI,SAAS,CAAC;AAAA,YACjC;AAEA,gBAAI,CAAC,SAAS,IAAI,SAAS,EAAE,YAAY,MAAM,QAAQ,YAAY,GAAG;AAClE,sBAAQ;AAAA,YACZ;AACA,mBAAO;AAAA,UACX;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAEA,QAAI,gBAAgB;AAEhB,WAAK,OAAO;AAAA;AAAA,QAER,CAAC,OAAO,GAAG;AAAA,MACf;AAAA,IACJ;AAAA,EACJ;AAEA,MAAI,QAAQ,WAAW,iBAAkB;AACrC,UAAM,QAAQ,MAAM,kBAAkB;AAGtC,UAAM,cAAc,CAAC;AACrB,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACnC,YAAM,OAAO,MAAM,CAAC;AAEpB,UAAI,eAAe;AACnB,UAAI,KAAK,QAAQ;AACb,uBAAe,CAAC,KAAK,MAAM;AAAA,MAC/B,WAAW,KAAK,UAAU;AACtB,uBAAe,CAAC,GAAG,KAAK,QAAQ;AAAA,MACpC,OAAO;AACH,cAAM,IAAI,MAAM,wCAAwC,CAAC,EAAE;AAAA,MAC/D;AAEA,iBAAW,cAAc,cAAc;AACnC,cAAM,UAAU,EAAE,GAAG,MAAM,QAAQ,YAAY,UAAU,OAAU;AACnE,YAAI,CAAC,IAAI,aAAa,SAAS,QAAQ,MAAM,GAAG;AAC5C,gBAAM,IAAI,MAAM,mBAAmB,UAAU,2BAA2B,CAAC,EAAE;AAAA,QAC/E;AAEA,YAAI,CAAC,YAAY,UAAU,GAAG;AAC1B,sBAAY,UAAU,IAAI,CAAC;AAAA,QAC/B;AACA,oBAAY,UAAU,EAAE,KAAK,OAAO;AAAA,MACxC;AAAA,IACJ;AAEA,eAAW,aAAa,OAAO,KAAK,IAAI,aAAa,QAAQ,GAAG;AAgD5D,UAAS,cAAT,SAAqB,KAA0B;AAC3C,eAAO,CAAC;AAAA,MACZ;AAjDA,YAAMC,SAAQ,YAAY,SAAS,KAAK,CAAC;AACzC,YAAM,OAAO,IAAI,aAAa,SAAS,SAAS;AAGhD,UAAI;AACJ,YAAM,sBAAsB;AAwB5B,UAAI,4BAA4B,qBAAqB;AACjD,cAAM,IAAI,MAAM,4BAA4B,SAAS,wCAAwC;AAAA,MACjG;AAGA,UAAI,aAAa;AACb,QAAAA,OAAM,KAAK;AAAA,UACP,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,QACZ,CAAC;AAAA,MACL;AAIA,sCAAgC,MAAMA,MAAK;AAM3C,UAAI,aAAa,eAAe,WAAW;AAAA,QACvC,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,IAAI,CAAC,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AACxF,8BAAoB,KAAK,MAAM,UAAU,OAAO,KAAK,IAAI,aAAa,SAAS,SAAS,EAAE,MAAM,CAAC;AACjG,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,OAAO,QAAQ,IAAI;AAEjE,iBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QAC3D;AAAA,QACA,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC1D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,KAAK,OAAO,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AACA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,KAAK;AAEzC,cAAI,KAAK,UAAU;AACf,uBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,oBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,kBAAI,OAAO,aAAa,YAAY;AAChC,sBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,cAClE,OAAO;AACH,sBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,cACtC;AAAA,YACJ;AAAA,UACJ;AAEA,gBAAM,oBAAoB,MAAM,KAAK,UAAU,MAAM;AACrD,gBAAM,kBAAkB,CAAC;AACzB,0BAAgB,KAAK,UAAU,IAAI,EAAE,IAAI,MAAM,KAAK,UAAU,EAAE;AAEhE,cAAI,mBAAmB;AACnB,kBAAM,QAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,iBAAiB,QAAQ,IAAI;AAEjF,kBAAM,QAAQ,MAAM,KAAK,KAAK;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,YACJ,CAAC;AAED,gBAAI,MAAM,WAAW,GAAG;AACpB,oBAAM,IAAI,aAAa;AAAA,YAC3B;AAEA,mBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AAEA,iBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC3D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC9D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AAEA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,MAAM;AAG1C,cAAI,KAAK,UAAU;AACf,uBAAW,SAAS,QAAQ;AACxB,yBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,sBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,oBAAI,OAAO,aAAa,YAAY;AAChC,wBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,gBAClE,OAAO;AACH,wBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,gBACtC;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEA,iBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC9D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC9D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC7D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,QAAQ,OAAO,QAAQ,IAAI;AAEnE,iBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7D;AAAA,QAEA,MAAM,WAAW,oBAAoB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AACtE,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UACjE;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,YAAY,OAAO,QAAQ,IAAI;AAEvE,iBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QACjE;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ,CAAC;AACL,GAAG,EAAE,MAAM,8BAA8B,CAAC;AAE1C,eAAe,gBAAgB,KAA0B,MAAM,OAAO,MAAM;AACxE,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,UAAU,sBAAsB,GAAG;AAEzC,UAAQ,SAAS,CAAC;AAElB,MAAI,OAAO,SAAS,UAAU;AAC1B,UAAM,EAAE,OAAO,IAAI;AAGnB,QAAI,QAAQ;AACR,iBAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACnC,cAAM,UAAU,OAAO,GAAG;AAC1B,YAAI,OAAO,YAAY,UAAU;AAE7B,gBAAM,GAAG,IAAI;AAAA,YACT,IAAI,QAAQ,KAAK,OAAO;AAAA,UAC5B;AAAA,QACJ,OAAO;AAKH,qBAAW,aAAa,OAAO,KAAK,OAAO,GAAG;AAC1C,kBAAM,SAAS,QAAQ,SAAS;AAChC,kBAAM,GAAG,IAAI;AAAA,cACT,CAAC,SAAS,GAAG,QAAQ,KAAK,MAAM;AAAA,YACpC;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS,YAAY;AACnC,YAAQ,MAAM,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC;AAAA,EAC3C;AACA,SAAO;AACX;AAEA,eAAe,uBAAuB,KAA0B,OAA2B,SAAiB,eAAuB,aAAa,OAAO;AACnJ,QAAM,UAAU,sBAAsB,GAAG;AACzC,QAAM,QAAQ,yBAAyB;AACvC,QAAM,QAAQ,SAAS,SAAS,SAAS,eAAe,UAAU;AAClE,QAAM,OAAO,kBAAS,OAAO,KAAK;AAClC,MAAI,CAAC,MAAM;AACP,QAAI,MAAM,QAAQ,IAAI,KAAK,EAAE,OAAO,MAAM,GAAG,mBAAmB;AAChE,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,MAAI,MAAM,QAAQ,IAAI,MAAM,EAAE,OAAO,KAAK,GAAG,YAAY;AACzD,SAAO;AACX;AAEA,SAAS,oBAAoB,MAAM,QAAQ;AACvC,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,eAAW,SAAS,QAAQ;AACxB,UAAI,CAAC,eAAe,SAAS,KAAK,GAAG;AACjC,cAAM,IAAI,kBAAkB,KAAK;AAAA,MACrC;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAM,iBAAiB,CAAC,QAAQ,mBAAmB;AAC/C,aAAW,SAAS,QAAQ;AACxB,UAAM,cAAc,OAAO,KAAK,KAAK;AACrC,eAAW,cAAc,aAAa;AAClC,UAAI,CAAC,eAAe,SAAS,UAAU,GAAG;AACtC,cAAM,IAAI,kBAAkB,UAAU;AAAA,MAC1C;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,SAAS,yBAAyB,MAAM,QAAQ;AAC5C,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,QAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AAExB,qBAAe,CAAC,MAAM,GAAG,cAAc;AAAA,IAC3C,OAAO;AAEH,qBAAe,QAAQ,cAAc;AAAA,IACzC;AAAA,EACJ;AACJ;AAEA,SAAS,gCAAgC,MAAc,OAAO;AAE1D,QAAM,kBACF,OAAO,OAAO,KAAK,MAAM,EACpB,OAAO,OAAM,CAAC,EAAE,cAAc,CAAC,EAAE,UAAW,EAC5C,IAAI,CAAC,EAAE,UAAU,MAAO,SAAU;AAE3C,aAAW,QAAQ,OAAO;AACtB,UAAM,EAAE,QAAQ,KAAK,IAAI;AACzB,QAAI,QAAQ,KAAK,QAAQ;AACrB,YAAM,SAAS,KAAK;AACpB,iBAAW,UAAU,iBAAiB;AAClC,YAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC1B,gBAAM,IAAI,wBAAwB,QAAQ,MAAM;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAO,gBAAQ;","names":["fastifyLogto","rules"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@albirex/platformatic-logto",
3
- "version": "1.3.6",
3
+ "version": "1.3.7",
4
4
  "description": "LogTo roles and scopes integrated in Platformatic authorization",
5
5
  "type": "module",
6
6
  "main": "./lib/index.cjs",
@@ -22,7 +22,7 @@
22
22
  },
23
23
  "peerDependencies": {
24
24
  "@platformatic/db": "^2.0.0",
25
- "fastify": "^5",
25
+ "fastify": "^5.5",
26
26
  "platformatic": "^2.0.0"
27
27
  },
28
28
  "devDependencies": {
@@ -31,14 +31,13 @@
31
31
  "@types/node": "^22.10.1",
32
32
  "dotenv": "^16.5.0",
33
33
  "eslint": "^9.12.0",
34
- "fastify": "~5.2",
35
34
  "tap": "^21.1.0",
36
35
  "tsup": "^8.5.0",
37
36
  "typescript": "~5.5",
38
37
  "typescript-eslint": "^8.16.0"
39
38
  },
40
39
  "dependencies": {
41
- "@albirex/fastify-logto": "^1.3.2",
40
+ "@albirex/fastify-logto": "^1.3.3",
42
41
  "@fastify/error": "^4.1.0",
43
42
  "@logto/js": "^5.1.1",
44
43
  "@logto/node": "^3.1.4",