@albirex/platformatic-logto 1.5.3 → 1.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/lib/index.cjs +12 -12
  2. package/lib/index.cjs.map +1 -1
  3. package/lib/index.d.cts +1 -3
  4. package/lib/index.d.ts +1 -3
  5. package/lib/index.js +12 -12
  6. package/lib/index.js.map +1 -1
  7. package/package.json +1 -1
package/lib/index.cjs CHANGED
@@ -246,11 +246,11 @@ var platformaticLogto = (0, import_fastify_plugin.default)(async (app, opts) =>
246
246
  }
247
247
  }
248
248
  app.addHook("onReady", async function() {
249
- const rules = await composeLogToRules();
250
- app.platformatic.rules = rules;
249
+ const logToRules = await composeLogToRules();
250
+ app.platformaticLogTo.rules = logToRules;
251
251
  const entityRules = {};
252
- for (let i = 0; i < rules.length; i++) {
253
- const rule = rules[i];
252
+ for (let i = 0; i < logToRules.length; i++) {
253
+ const rule = logToRules[i];
254
254
  let ruleEntities = null;
255
255
  if (rule.entity) {
256
256
  ruleEntities = [rule.entity];
@@ -274,7 +274,7 @@ var platformaticLogto = (0, import_fastify_plugin.default)(async (app, opts) =>
274
274
  let useOriginal = function(ctx) {
275
275
  return !ctx;
276
276
  };
277
- const rules2 = entityRules[entityKey] || [];
277
+ const rules = entityRules[entityKey] || [];
278
278
  const type = app.platformatic.entities[entityKey];
279
279
  let userPropToFillForPublish;
280
280
  const topicsWithoutChecks = false;
@@ -282,7 +282,7 @@ var platformaticLogto = (0, import_fastify_plugin.default)(async (app, opts) =>
282
282
  throw new Error(`Subscription for entity "${entityKey}" have conflictling rules across roles`);
283
283
  }
284
284
  if (adminSecret) {
285
- rules2.push({
285
+ rules.push({
286
286
  role: PLT_ADMIN_ROLE,
287
287
  find: true,
288
288
  save: true,
@@ -290,14 +290,14 @@ var platformaticLogto = (0, import_fastify_plugin.default)(async (app, opts) =>
290
290
  updateMany: true
291
291
  });
292
292
  }
293
- checkSaveMandatoryFieldsInRules(type, rules2);
293
+ checkSaveMandatoryFieldsInRules(type, rules);
294
294
  app.platformatic.addEntityHooks(entityKey, {
295
295
  async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {
296
296
  if (useOriginal(ctx)) {
297
297
  return originalFind({ ...restOpts, where, ctx, fields });
298
298
  }
299
299
  const request = getRequestFromContext(ctx);
300
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
300
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
301
301
  checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields));
302
302
  where = await fromRuleToWhere(ctx, rule.find, where, request.user);
303
303
  return originalFind({ ...restOpts, where, ctx, fields });
@@ -307,7 +307,7 @@ var platformaticLogto = (0, import_fastify_plugin.default)(async (app, opts) =>
307
307
  return originalSave({ ctx, input, fields, ...restOpts });
308
308
  }
309
309
  const request = getRequestFromContext(ctx);
310
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
310
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
311
311
  if (!rule.save) {
312
312
  throw new Unauthorized();
313
313
  }
@@ -345,7 +345,7 @@ var platformaticLogto = (0, import_fastify_plugin.default)(async (app, opts) =>
345
345
  return originalInsert({ inputs, ctx, fields, ...restOpts });
346
346
  }
347
347
  const request = getRequestFromContext(ctx);
348
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
348
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
349
349
  if (!rule.save) {
350
350
  throw new Unauthorized();
351
351
  }
@@ -370,7 +370,7 @@ var platformaticLogto = (0, import_fastify_plugin.default)(async (app, opts) =>
370
370
  return originalDelete({ where, ctx, fields, ...restOpts });
371
371
  }
372
372
  const request = getRequestFromContext(ctx);
373
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
373
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
374
374
  where = await fromRuleToWhere(ctx, rule.delete, where, request.user);
375
375
  return originalDelete({ where, ctx, fields, ...restOpts });
376
376
  },
@@ -379,7 +379,7 @@ var platformaticLogto = (0, import_fastify_plugin.default)(async (app, opts) =>
379
379
  return originalUpdateMany({ ...restOpts, where, ctx, fields });
380
380
  }
381
381
  const request = getRequestFromContext(ctx);
382
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
382
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
383
383
  where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user);
384
384
  return originalUpdateMany({ ...restOpts, where, ctx, fields });
385
385
  }
package/lib/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/utils/find-rule.ts","../src/utils/errors.ts","../src/utils/utils.ts"],"sourcesContent":["import fp from 'fastify-plugin'\nimport * as fastifyUser from 'fastify-user'\n\nimport findRule from './utils/find-rule.js'\nimport { Unauthorized, UnauthorizedField, MissingNotNullableError } from './utils/errors.js'\nimport fastifyLogto from '@albirex/fastify-logto';\nimport { FastifyInstance, FastifyPluginAsync } from 'fastify'\nimport type { FastifyUserPluginOptions } from 'fastify-user';\nimport type { Entities, Entity, PlatformaticContext, SQLMapperPluginInterface } from '@platformatic/sql-mapper'\nexport { fastifyLogto } from '@albirex/fastify-logto';\n\nimport { getRequestFromContext, getRoles } from './utils/utils.js'\nexport { getRequestFromContext, getRoles } from './utils/utils.js'\n\nconst PLT_ADMIN_ROLE = 'platformatic-admin'\n\nexport type PlatformaticRule = {\n role: string;\n entity?: string;\n entities?: string[];\n defaults?: Record<string, string>;\n checks?: boolean;\n find?: boolean;\n save?: boolean;\n delete?: boolean;\n [action: string]: unknown;\n};\n\nexport type PlatformaticLogtoAuthOptions = {\n logtoBaseUrl?: string;\n logtoAppId?: string;\n logtoAppSecret?: string;\n adminSecret?: string;\n rolePath?: string;\n roleKey?: string;\n userPath?: string;\n userKey?: string;\n anonymousRole?: string;\n allowAnonymous?: boolean;\n checks?: boolean;\n defaults?: boolean;\n jwtPlugin: FastifyUserPluginOptions\n};\n\nexport const platformaticLogto: FastifyPluginAsync<PlatformaticLogtoAuthOptions> = fp(async (app: FastifyInstance, opts: PlatformaticLogtoAuthOptions) => {\n app.decorate('platformaticLogTo', {\n opts\n })\n\n app.register(fastifyLogto, {\n endpoint: opts.logtoBaseUrl || 'https://auth.example.com',\n appId: opts.logtoAppId || 'your-app-id',\n appSecret: opts.logtoAppSecret || 'your-app-secret',\n });\n\n await app.register(fastifyUser as unknown as FastifyPluginAsync, opts.jwtPlugin);\n\n const adminSecret = opts.adminSecret\n const roleKey = opts.rolePath || opts.roleKey || 'X-PLATFORMATIC-ROLE'\n const userKey = opts.userPath || opts.userKey || 'X-PLATFORMATIC-USER-ID'\n const isRolePath = !!opts.rolePath // if `true` the role is intepreted as path like `user.role`\n const anonymousRole = opts.anonymousRole || 'anonymous'\n\n async function composeLogToRules() {\n const rolesResp = await app.logto.callAPI('/api/roles?type=User', 'GET');\n\n if (!rolesResp.ok) {\n throw rolesResp;\n }\n\n const roles = await rolesResp.json();\n const rules: PlatformaticRule[] = [{\n role: anonymousRole,\n entities: Object.keys(app.platformatic.entities),\n find: opts.allowAnonymous,\n save: opts.allowAnonymous,\n delete: opts.allowAnonymous,\n }];\n\n for (const role of roles) {\n const scopesResp = await app.logto.callAPI(`/api/roles/${role.id}/scopes`, 'GET');\n\n if (!scopesResp.ok) {\n throw scopesResp;\n }\n\n const scopes = await scopesResp.json();\n\n for (const scope of scopes) {\n const roleName = role.name;\n // eslint-disable-next-line prefer-const\n let [scopeAction, entity] = scope.name.split(':');\n\n if (!app.platformatic.entities[entity]) {\n app.log.debug(`Unknown entity '${entity}' in authorization rule`)\n continue;\n }\n\n switch (scopeAction) {\n case 'create':\n scopeAction = 'save'\n break;\n case 'read':\n scopeAction = 'find'\n break;\n case 'update':\n scopeAction = 'updateMany'\n break;\n }\n\n const checkExists = rules.find(r => r.role === roleName && r.entity === entity);\n if (checkExists) {\n if (opts.checks) {\n checkExists[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n checkExists[scopeAction] = true;\n }\n } else {\n const newRule: PlatformaticRule = {\n role: roleName,\n entity,\n };\n\n if (opts.checks) {\n newRule[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n newRule[scopeAction] = true;\n }\n\n if (opts.defaults) {\n newRule.defaults = {\n userId: userKey\n };\n }\n\n rules.push(newRule);\n }\n }\n }\n\n const logRules = rules.reduce((prev, curr) => {\n (prev[curr['role']] ??= []).push(curr);\n return prev;\n }, {})\n\n for (const key in logRules) {\n app.log.info(`Rules set for role ${key}`);\n\n for (const element of logRules[key]) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { entity, entities, role, ...other } = element;\n app.log.info(`\\t${entity ?? entities.join(',')}: ${JSON.stringify(other)}`);\n }\n }\n\n const missingEntities = Object.keys(app.platformatic.entities).filter((e) => !rules.map((r) => r.entity).includes(e));\n\n if (missingEntities.length) {\n app.log.warn(`Missing rules for entities: ${missingEntities.join(', ')}`);\n }\n\n app.log.debug('LogTo calculated rules');\n app.log.debug(rules);\n return rules;\n }\n\n app.decorateRequest('setupDBAuthorizationUser', setupUser)\n\n async function setupUser() {\n // if (!adminSecret) {\n await this.extractUser()\n // }\n\n let forceAdminRole = false\n if (adminSecret && this.headers['x-platformatic-admin-secret'] === adminSecret) {\n if (opts.jwtPlugin.jwt) {\n forceAdminRole = true\n } else {\n this.log.info('admin secret is valid')\n this.user = new Proxy(this.headers, {\n get: (target, key) => {\n let value;\n if (!target[key.toString()]) {\n const newKey = key.toString().toLowerCase()\n value = target[newKey]\n } else {\n value = target[key.toString()]\n }\n\n if (!value && key.toString().toLowerCase() === roleKey.toLowerCase()) {\n value = PLT_ADMIN_ROLE\n }\n return value\n },\n })\n }\n }\n\n if (forceAdminRole) {\n // We replace just the role in `request.user`, all the rest is untouched\n this.user = {\n // ...request.user,\n [roleKey]: this.headers['x-platformatic-role'] ?? PLT_ADMIN_ROLE\n }\n }\n }\n\n app.addHook('onReady', async function () {\n const rules = await composeLogToRules();\n\n app.platformatic.rules = rules;\n\n // TODO validate that there is at most a rule for a given role\n const entityRules = {};\n for (let i = 0; i < rules.length; i++) {\n const rule = rules[i]\n\n let ruleEntities = null\n if (rule.entity) {\n ruleEntities = [rule.entity]\n } else if (rule.entities) {\n ruleEntities = [...rule.entities]\n } else {\n throw new Error(`Missing entity in authorization rule ${i}`)\n }\n\n for (const ruleEntity of ruleEntities) {\n const newRule = { ...rule, entity: ruleEntity, entities: undefined }\n if (!app.platformatic.entities[newRule.entity]) {\n throw new Error(`Unknown entity '${ruleEntity}' in authorization rule ${i}`)\n }\n\n if (!entityRules[ruleEntity]) {\n entityRules[ruleEntity] = []\n }\n entityRules[ruleEntity].push(newRule)\n }\n }\n\n for (const entityKey of Object.keys(app.platformatic.entities)) {\n const rules = entityRules[entityKey] || []\n const type = app.platformatic.entities[entityKey]\n\n // We have subscriptions!\n let userPropToFillForPublish\n const topicsWithoutChecks = false\n\n // mqtt\n // if (app.platformatic.mq) {\n // for (const rule of rules) {\n // const checks = rule.find?.checks\n // if (typeof checks !== 'object') {\n // topicsWithoutChecks = !!rule.find\n // continue\n // }\n // const keys = Object.keys(checks)\n // if (keys.length !== 1) {\n // throw new Error(`Subscription requires that the role \"${rule.role}\" has only one check in the find rule for entity \"${rule.entity}\"`)\n // }\n // const key = keys[0]\n\n // const val = typeof checks[key] === 'object' ? checks[key].eq : checks[key]\n // if (userPropToFillForPublish && userPropToFillForPublish.val !== val) {\n // throw new Error('Unable to configure subscriptions and authorization due to multiple check clauses in find')\n // }\n // userPropToFillForPublish = { key, val }\n // }\n // }\n\n if (userPropToFillForPublish && topicsWithoutChecks) {\n throw new Error(`Subscription for entity \"${entityKey}\" have conflictling rules across roles`)\n }\n\n // MUST set this after doing the security checks on the subscriptions\n if (adminSecret) {\n rules.push({\n role: PLT_ADMIN_ROLE,\n find: true,\n save: true,\n delete: true,\n updateMany: true\n })\n }\n\n // If we have `fields` in save rules, we need to check if all the not-nullable\n // fields are specified\n checkSaveMandatoryFieldsInRules(type, rules)\n\n function useOriginal(ctx: PlatformaticContext) {\n return !ctx\n }\n\n app.platformatic.addEntityHooks(entityKey, {\n async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {\n if (useOriginal(ctx)) {\n return originalFind({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields))\n where = await fromRuleToWhere(ctx, rule.find, where, request.user)\n\n return originalFind({ ...restOpts, where, ctx, fields })\n },\n async save(originalSave, { input, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalSave({ ctx, input, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, input)\n\n if (rule.defaults) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n\n const hasAllPrimaryKeys = input[type.primaryKey] !== undefined;\n const whereConditions = {}\n whereConditions[type.primaryKey] = { eq: input[type.primaryKey] }\n\n if (hasAllPrimaryKeys) {\n const where = await fromRuleToWhere(ctx, rule.save, whereConditions, request.user)\n\n const found = await type.find({\n where,\n ctx,\n fields,\n })\n\n if (found.length === 0) {\n throw new Unauthorized()\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n },\n\n async insert(originalInsert, { inputs, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, inputs)\n\n /* istanbul ignore else */\n if (rule.defaults) {\n for (const input of inputs) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n }\n\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n },\n\n async delete(originalDelete, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalDelete({ where, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.delete, where, request.user)\n\n return originalDelete({ where, ctx, fields, ...restOpts })\n },\n\n async updateMany(originalUpdateMany, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user)\n\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n },\n })\n }\n })\n}, { name: '@albirex/platformatic-logto' });\n\nasync function fromRuleToWhere(ctx: PlatformaticContext, rule, where, user) {\n if (!rule) {\n throw new Unauthorized()\n }\n const request = getRequestFromContext(ctx)\n /* istanbul ignore next */\n where = where || {}\n\n if (typeof rule === 'object') {\n const { checks } = rule\n\n /* istanbul ignore else */\n if (checks) {\n for (const key of Object.keys(checks)) {\n const clauses = checks[key]\n if (typeof clauses === 'string') {\n // case: \"userId\": \"X-PLATFORMATIC-USER-ID\"\n where[key] = {\n eq: request.user[clauses],\n }\n } else {\n // case:\n // userId: {\n // eq: 'X-PLATFORMATIC-USER-ID'\n // }\n for (const clauseKey of Object.keys(clauses)) {\n const clause = clauses[clauseKey]\n where[key] = {\n [clauseKey]: request.user[clause],\n }\n }\n }\n }\n }\n } else if (typeof rule === 'function') {\n where = await rule({ user, ctx, where })\n }\n return where\n}\n\nexport async function findRuleForRequestUser(ctx: PlatformaticContext, rules: PlatformaticRule[], roleKey: string, anonymousRole: string, isRolePath = false) {\n const request = getRequestFromContext(ctx)\n await request.setupDBAuthorizationUser()\n const roles = getRoles(request, roleKey, anonymousRole, isRolePath)\n const rule = findRule(rules, roles)\n if (!rule) {\n ctx.reply.request.log.warn({ roles, rules }, 'no rule for roles')\n throw new Unauthorized()\n }\n ctx.reply.request.log.trace({ roles, rule }, 'found rule')\n return rule\n}\n\nexport function checkFieldsFromRule(rule, fields) {\n if (!rule) {\n throw new Unauthorized()\n }\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n for (const field of fields) {\n if (!fieldsFromRule.includes(field)) {\n throw new UnauthorizedField(field)\n }\n }\n }\n}\n\nconst validateInputs = (inputs, fieldsFromRule) => {\n for (const input of inputs) {\n const inputFields = Object.keys(input)\n for (const inputField of inputFields) {\n if (!fieldsFromRule.includes(inputField)) {\n throw new UnauthorizedField(inputField)\n }\n }\n }\n}\n\nfunction checkInputFromRuleFields(rule, inputs) {\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n if (!Array.isArray(inputs)) {\n // save\n validateInputs([inputs], fieldsFromRule)\n } else {\n // insert\n validateInputs(inputs, fieldsFromRule)\n }\n }\n}\n\nfunction checkSaveMandatoryFieldsInRules(type: Entity, rules) {\n // List of not nullable, not PKs field to validate save/insert when allowed fields are specified on the rule\n const mandatoryFields =\n Object.values(type.fields)\n .filter(k => (!k.isNullable && !k.primaryKey))\n .map(({ camelcase }) => (camelcase))\n\n for (const rule of rules) {\n const { entity, save } = rule\n if (save && save.fields) {\n const fields = save.fields\n for (const mField of mandatoryFields) {\n if (!fields.includes(mField)) {\n throw new MissingNotNullableError(mField, entity)\n }\n }\n }\n }\n}\n\nexport default platformaticLogto;\n\ndeclare module 'fastify' {\n interface FastifyInstance {\n platformaticLogTo: {\n opts: PlatformaticLogtoAuthOptions\n },\n platformatic: SQLMapperPluginInterface<Entities> & {\n rules?: PlatformaticRule[]\n };\n }\n}","'use strict'\n\nimport { PlatformaticRule } from '../index.js'\n\nfunction findRule(rules: PlatformaticRule[], roles: string[]) {\n let found = null\n for (const rule of rules) {\n for (const role of roles) {\n if (rule.role === role) {\n found = rule\n break\n }\n }\n if (found) {\n break\n }\n }\n return found\n}\n\nexport default findRule\n","'use strict'\n\nimport createError from '@fastify/error'\n\nconst ERROR_PREFIX = 'PLT_DB_AUTH'\n\nexport const Unauthorized = createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401)\nexport const UnauthorizedField = createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401)\nexport const MissingNotNullableError = createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`, 'missing not nullable field: \"%s\" in save rule for entity \"%s\"')\n","'use strict'\n\nexport function getRequestFromContext (ctx) {\n if (ctx && !ctx.reply) {\n throw new Error('Missing reply in context. You should call this function with { ctx: { reply }}')\n }\n return ctx.reply.request\n}\n\nexport function getRoles (request, roleKey, anonymousRole, isRolePath = false) {\n let output = []\n const user = request.user\n if (!user) {\n output.push(anonymousRole)\n return output\n }\n\n let rolesRaw\n if (isRolePath) {\n const roleKeys = roleKey.split('.')\n rolesRaw = user\n for (const key of roleKeys) {\n rolesRaw = rolesRaw[key]\n }\n } else {\n rolesRaw = user[roleKey]\n }\n\n if (typeof rolesRaw === 'string') {\n output = rolesRaw.split(',')\n } else if (Array.isArray(rolesRaw)) {\n output = rolesRaw\n }\n if (output.length === 0) {\n output.push(anonymousRole)\n }\n\n return output\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAe;AACf,kBAA6B;;;ACG7B,SAAS,SAAS,OAA2B,OAAiB;AAC5D,MAAI,QAAQ;AACZ,aAAW,QAAQ,OAAO;AACxB,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,MAAM;AACtB,gBAAQ;AACR;AAAA,MACF;AAAA,IACF;AACA,QAAI,OAAO;AACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAO,oBAAQ;;;AClBf,mBAAwB;AAExB,IAAM,eAAe;AAEd,IAAM,mBAAe,aAAAA,SAAY,GAAG,YAAY,iBAAiB,yBAAyB,GAAG;AAC7F,IAAM,wBAAoB,aAAAA,SAAY,GAAG,YAAY,uBAAuB,yBAAyB,GAAG;AACxG,IAAM,8BAA0B,aAAAA,SAAY,GAAG,YAAY,yBAAyB,+DAA+D;;;AFH1J,2BAAyB;AAIzB,IAAAC,wBAA6B;;;AGPtB,SAAS,sBAAuB,KAAK;AAC1C,MAAI,OAAO,CAAC,IAAI,OAAO;AACrB,UAAM,IAAI,MAAM,gFAAgF;AAAA,EAClG;AACA,SAAO,IAAI,MAAM;AACnB;AAEO,SAAS,SAAU,SAAS,SAAS,eAAe,aAAa,OAAO;AAC7E,MAAI,SAAS,CAAC;AACd,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM;AACT,WAAO,KAAK,aAAa;AACzB,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI,YAAY;AACd,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,eAAW;AACX,eAAW,OAAO,UAAU;AAC1B,iBAAW,SAAS,GAAG;AAAA,IACzB;AAAA,EACF,OAAO;AACL,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,MAAI,OAAO,aAAa,UAAU;AAChC,aAAS,SAAS,MAAM,GAAG;AAAA,EAC7B,WAAW,MAAM,QAAQ,QAAQ,GAAG;AAClC,aAAS;AAAA,EACX;AACA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,KAAK,aAAa;AAAA,EAC3B;AAEA,SAAO;AACT;;;AHxBA,IAAM,iBAAiB;AA8BhB,IAAM,wBAAsE,sBAAAC,SAAG,OAAO,KAAsB,SAAuC;AACtJ,MAAI,SAAS,qBAAqB;AAAA,IAC9B;AAAA,EACJ,CAAC;AAED,MAAI,SAAS,qBAAAC,SAAc;AAAA,IACvB,UAAU,KAAK,gBAAgB;AAAA,IAC/B,OAAO,KAAK,cAAc;AAAA,IAC1B,WAAW,KAAK,kBAAkB;AAAA,EACtC,CAAC;AAED,QAAM,IAAI,SAAS,aAA8C,KAAK,SAAS;AAE/E,QAAM,cAAc,KAAK;AACzB,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,aAAa,CAAC,CAAC,KAAK;AAC1B,QAAM,gBAAgB,KAAK,iBAAiB;AAE5C,iBAAe,oBAAoB;AAC/B,UAAM,YAAY,MAAM,IAAI,MAAM,QAAQ,wBAAwB,KAAK;AAEvE,QAAI,CAAC,UAAU,IAAI;AACf,YAAM;AAAA,IACV;AAEA,UAAM,QAAQ,MAAM,UAAU,KAAK;AACnC,UAAM,QAA4B,CAAC;AAAA,MAC/B,MAAM;AAAA,MACN,UAAU,OAAO,KAAK,IAAI,aAAa,QAAQ;AAAA,MAC/C,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACjB,CAAC;AAED,eAAW,QAAQ,OAAO;AACtB,YAAM,aAAa,MAAM,IAAI,MAAM,QAAQ,cAAc,KAAK,EAAE,WAAW,KAAK;AAEhF,UAAI,CAAC,WAAW,IAAI;AAChB,cAAM;AAAA,MACV;AAEA,YAAM,SAAS,MAAM,WAAW,KAAK;AAErC,iBAAW,SAAS,QAAQ;AACxB,cAAM,WAAW,KAAK;AAEtB,YAAI,CAAC,aAAa,MAAM,IAAI,MAAM,KAAK,MAAM,GAAG;AAEhD,YAAI,CAAC,IAAI,aAAa,SAAS,MAAM,GAAG;AACpC,cAAI,IAAI,MAAM,mBAAmB,MAAM,yBAAyB;AAChE;AAAA,QACJ;AAEA,gBAAQ,aAAa;AAAA,UACjB,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,QACR;AAEA,cAAM,cAAc,MAAM,KAAK,OAAK,EAAE,SAAS,YAAY,EAAE,WAAW,MAAM;AAC9E,YAAI,aAAa;AACb,cAAI,KAAK,QAAQ;AACb,wBAAY,WAAW,IAAI;AAAA,cACvB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,wBAAY,WAAW,IAAI;AAAA,UAC/B;AAAA,QACJ,OAAO;AACH,gBAAM,UAA4B;AAAA,YAC9B,MAAM;AAAA,YACN;AAAA,UACJ;AAEA,cAAI,KAAK,QAAQ;AACb,oBAAQ,WAAW,IAAI;AAAA,cACnB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,oBAAQ,WAAW,IAAI;AAAA,UAC3B;AAEA,cAAI,KAAK,UAAU;AACf,oBAAQ,WAAW;AAAA,cACf,QAAQ;AAAA,YACZ;AAAA,UACJ;AAEA,gBAAM,KAAK,OAAO;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,WAAW,MAAM,OAAO,CAAC,MAAM,SAAS;AAC1C,OAAC,KAAK,KAAK,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI;AACrC,aAAO;AAAA,IACX,GAAG,CAAC,CAAC;AAEL,eAAW,OAAO,UAAU;AACxB,UAAI,IAAI,KAAK,sBAAsB,GAAG,EAAE;AAExC,iBAAW,WAAW,SAAS,GAAG,GAAG;AAEjC,cAAM,EAAE,QAAQ,UAAU,MAAM,GAAG,MAAM,IAAI;AAC7C,YAAI,IAAI,KAAK,IAAK,UAAU,SAAS,KAAK,GAAG,CAAC,KAAK,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,MAC9E;AAAA,IACJ;AAEA,UAAM,kBAAkB,OAAO,KAAK,IAAI,aAAa,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEpH,QAAI,gBAAgB,QAAQ;AACxB,UAAI,IAAI,KAAK,+BAA+B,gBAAgB,KAAK,IAAI,CAAC,EAAE;AAAA,IAC5E;AAEA,QAAI,IAAI,MAAM,wBAAwB;AACtC,QAAI,IAAI,MAAM,KAAK;AACnB,WAAO;AAAA,EACX;AAEA,MAAI,gBAAgB,4BAA4B,SAAS;AAEzD,iBAAe,YAAY;AAEvB,UAAM,KAAK,YAAY;AAGvB,QAAI,iBAAiB;AACrB,QAAI,eAAe,KAAK,QAAQ,6BAA6B,MAAM,aAAa;AAC5E,UAAI,KAAK,UAAU,KAAK;AACpB,yBAAiB;AAAA,MACrB,OAAO;AACH,aAAK,IAAI,KAAK,uBAAuB;AACrC,aAAK,OAAO,IAAI,MAAM,KAAK,SAAS;AAAA,UAChC,KAAK,CAAC,QAAQ,QAAQ;AAClB,gBAAI;AACJ,gBAAI,CAAC,OAAO,IAAI,SAAS,CAAC,GAAG;AACzB,oBAAM,SAAS,IAAI,SAAS,EAAE,YAAY;AAC1C,sBAAQ,OAAO,MAAM;AAAA,YACzB,OAAO;AACH,sBAAQ,OAAO,IAAI,SAAS,CAAC;AAAA,YACjC;AAEA,gBAAI,CAAC,SAAS,IAAI,SAAS,EAAE,YAAY,MAAM,QAAQ,YAAY,GAAG;AAClE,sBAAQ;AAAA,YACZ;AACA,mBAAO;AAAA,UACX;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAEA,QAAI,gBAAgB;AAEhB,WAAK,OAAO;AAAA;AAAA,QAER,CAAC,OAAO,GAAG,KAAK,QAAQ,qBAAqB,KAAK;AAAA,MACtD;AAAA,IACJ;AAAA,EACJ;AAEA,MAAI,QAAQ,WAAW,iBAAkB;AACrC,UAAM,QAAQ,MAAM,kBAAkB;AAEtC,QAAI,aAAa,QAAQ;AAGzB,UAAM,cAAc,CAAC;AACrB,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACnC,YAAM,OAAO,MAAM,CAAC;AAEpB,UAAI,eAAe;AACnB,UAAI,KAAK,QAAQ;AACb,uBAAe,CAAC,KAAK,MAAM;AAAA,MAC/B,WAAW,KAAK,UAAU;AACtB,uBAAe,CAAC,GAAG,KAAK,QAAQ;AAAA,MACpC,OAAO;AACH,cAAM,IAAI,MAAM,wCAAwC,CAAC,EAAE;AAAA,MAC/D;AAEA,iBAAW,cAAc,cAAc;AACnC,cAAM,UAAU,EAAE,GAAG,MAAM,QAAQ,YAAY,UAAU,OAAU;AACnE,YAAI,CAAC,IAAI,aAAa,SAAS,QAAQ,MAAM,GAAG;AAC5C,gBAAM,IAAI,MAAM,mBAAmB,UAAU,2BAA2B,CAAC,EAAE;AAAA,QAC/E;AAEA,YAAI,CAAC,YAAY,UAAU,GAAG;AAC1B,sBAAY,UAAU,IAAI,CAAC;AAAA,QAC/B;AACA,oBAAY,UAAU,EAAE,KAAK,OAAO;AAAA,MACxC;AAAA,IACJ;AAEA,eAAW,aAAa,OAAO,KAAK,IAAI,aAAa,QAAQ,GAAG;AAiD5D,UAAS,cAAT,SAAqB,KAA0B;AAC3C,eAAO,CAAC;AAAA,MACZ;AAlDA,YAAMC,SAAQ,YAAY,SAAS,KAAK,CAAC;AACzC,YAAM,OAAO,IAAI,aAAa,SAAS,SAAS;AAGhD,UAAI;AACJ,YAAM,sBAAsB;AAwB5B,UAAI,4BAA4B,qBAAqB;AACjD,cAAM,IAAI,MAAM,4BAA4B,SAAS,wCAAwC;AAAA,MACjG;AAGA,UAAI,aAAa;AACb,QAAAA,OAAM,KAAK;AAAA,UACP,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,YAAY;AAAA,QAChB,CAAC;AAAA,MACL;AAIA,sCAAgC,MAAMA,MAAK;AAM3C,UAAI,aAAa,eAAe,WAAW;AAAA,QACvC,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,IAAI,CAAC,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AACxF,8BAAoB,KAAK,MAAM,UAAU,OAAO,KAAK,IAAI,aAAa,SAAS,SAAS,EAAE,MAAM,CAAC;AACjG,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,OAAO,QAAQ,IAAI;AAEjE,iBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QAC3D;AAAA,QACA,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC1D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,KAAK,OAAO,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AACA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,KAAK;AAEzC,cAAI,KAAK,UAAU;AACf,uBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,oBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,kBAAI,OAAO,aAAa,YAAY;AAChC,sBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,cAClE,OAAO;AACH,sBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,cACtC;AAAA,YACJ;AAAA,UACJ;AAEA,gBAAM,oBAAoB,MAAM,KAAK,UAAU,MAAM;AACrD,gBAAM,kBAAkB,CAAC;AACzB,0BAAgB,KAAK,UAAU,IAAI,EAAE,IAAI,MAAM,KAAK,UAAU,EAAE;AAEhE,cAAI,mBAAmB;AACnB,kBAAM,QAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,iBAAiB,QAAQ,IAAI;AAEjF,kBAAM,QAAQ,MAAM,KAAK,KAAK;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,YACJ,CAAC;AAED,gBAAI,MAAM,WAAW,GAAG;AACpB,oBAAM,IAAI,aAAa;AAAA,YAC3B;AAEA,mBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AAEA,iBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC3D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC9D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AAEA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,MAAM;AAG1C,cAAI,KAAK,UAAU;AACf,uBAAW,SAAS,QAAQ;AACxB,yBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,sBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,oBAAI,OAAO,aAAa,YAAY;AAChC,wBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,gBAClE,OAAO;AACH,wBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,gBACtC;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEA,iBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC9D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC9D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC7D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,QAAQ,OAAO,QAAQ,IAAI;AAEnE,iBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7D;AAAA,QAEA,MAAM,WAAW,oBAAoB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AACtE,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UACjE;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,YAAY,OAAO,QAAQ,IAAI;AAEvE,iBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QACjE;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ,CAAC;AACL,GAAG,EAAE,MAAM,8BAA8B,CAAC;AAE1C,eAAe,gBAAgB,KAA0B,MAAM,OAAO,MAAM;AACxE,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,UAAU,sBAAsB,GAAG;AAEzC,UAAQ,SAAS,CAAC;AAElB,MAAI,OAAO,SAAS,UAAU;AAC1B,UAAM,EAAE,OAAO,IAAI;AAGnB,QAAI,QAAQ;AACR,iBAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACnC,cAAM,UAAU,OAAO,GAAG;AAC1B,YAAI,OAAO,YAAY,UAAU;AAE7B,gBAAM,GAAG,IAAI;AAAA,YACT,IAAI,QAAQ,KAAK,OAAO;AAAA,UAC5B;AAAA,QACJ,OAAO;AAKH,qBAAW,aAAa,OAAO,KAAK,OAAO,GAAG;AAC1C,kBAAM,SAAS,QAAQ,SAAS;AAChC,kBAAM,GAAG,IAAI;AAAA,cACT,CAAC,SAAS,GAAG,QAAQ,KAAK,MAAM;AAAA,YACpC;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS,YAAY;AACnC,YAAQ,MAAM,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC;AAAA,EAC3C;AACA,SAAO;AACX;AAEA,eAAsB,uBAAuB,KAA0B,OAA2B,SAAiB,eAAuB,aAAa,OAAO;AAC1J,QAAM,UAAU,sBAAsB,GAAG;AACzC,QAAM,QAAQ,yBAAyB;AACvC,QAAM,QAAQ,SAAS,SAAS,SAAS,eAAe,UAAU;AAClE,QAAM,OAAO,kBAAS,OAAO,KAAK;AAClC,MAAI,CAAC,MAAM;AACP,QAAI,MAAM,QAAQ,IAAI,KAAK,EAAE,OAAO,MAAM,GAAG,mBAAmB;AAChE,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,MAAI,MAAM,QAAQ,IAAI,MAAM,EAAE,OAAO,KAAK,GAAG,YAAY;AACzD,SAAO;AACX;AAEO,SAAS,oBAAoB,MAAM,QAAQ;AAC9C,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,eAAW,SAAS,QAAQ;AACxB,UAAI,CAAC,eAAe,SAAS,KAAK,GAAG;AACjC,cAAM,IAAI,kBAAkB,KAAK;AAAA,MACrC;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAM,iBAAiB,CAAC,QAAQ,mBAAmB;AAC/C,aAAW,SAAS,QAAQ;AACxB,UAAM,cAAc,OAAO,KAAK,KAAK;AACrC,eAAW,cAAc,aAAa;AAClC,UAAI,CAAC,eAAe,SAAS,UAAU,GAAG;AACtC,cAAM,IAAI,kBAAkB,UAAU;AAAA,MAC1C;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,SAAS,yBAAyB,MAAM,QAAQ;AAC5C,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,QAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AAExB,qBAAe,CAAC,MAAM,GAAG,cAAc;AAAA,IAC3C,OAAO;AAEH,qBAAe,QAAQ,cAAc;AAAA,IACzC;AAAA,EACJ;AACJ;AAEA,SAAS,gCAAgC,MAAc,OAAO;AAE1D,QAAM,kBACF,OAAO,OAAO,KAAK,MAAM,EACpB,OAAO,OAAM,CAAC,EAAE,cAAc,CAAC,EAAE,UAAW,EAC5C,IAAI,CAAC,EAAE,UAAU,MAAO,SAAU;AAE3C,aAAW,QAAQ,OAAO;AACtB,UAAM,EAAE,QAAQ,KAAK,IAAI;AACzB,QAAI,QAAQ,KAAK,QAAQ;AACrB,YAAM,SAAS,KAAK;AACpB,iBAAW,UAAU,iBAAiB;AAClC,YAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC1B,gBAAM,IAAI,wBAAwB,QAAQ,MAAM;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAO,gBAAQ;","names":["createError","import_fastify_logto","fp","fastifyLogto","rules"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/utils/find-rule.ts","../src/utils/errors.ts","../src/utils/utils.ts"],"sourcesContent":["import fp from 'fastify-plugin'\nimport * as fastifyUser from 'fastify-user'\n\nimport findRule from './utils/find-rule.js'\nimport { Unauthorized, UnauthorizedField, MissingNotNullableError } from './utils/errors.js'\nimport fastifyLogto from '@albirex/fastify-logto';\nimport { FastifyInstance, FastifyPluginAsync } from 'fastify'\nimport type { FastifyUserPluginOptions } from 'fastify-user';\nimport type { Entity, PlatformaticContext } from '@platformatic/sql-mapper'\nexport { fastifyLogto } from '@albirex/fastify-logto';\n\nimport { getRequestFromContext, getRoles } from './utils/utils.js'\nexport { getRequestFromContext, getRoles } from './utils/utils.js'\n\nconst PLT_ADMIN_ROLE = 'platformatic-admin'\n\nexport type PlatformaticRule = {\n role: string;\n entity?: string;\n entities?: string[];\n defaults?: Record<string, string>;\n checks?: boolean;\n find?: boolean;\n save?: boolean;\n delete?: boolean;\n [action: string]: unknown;\n};\n\nexport type PlatformaticLogtoAuthOptions = {\n logtoBaseUrl?: string;\n logtoAppId?: string;\n logtoAppSecret?: string;\n adminSecret?: string;\n rolePath?: string;\n roleKey?: string;\n userPath?: string;\n userKey?: string;\n anonymousRole?: string;\n allowAnonymous?: boolean;\n checks?: boolean;\n defaults?: boolean;\n jwtPlugin: FastifyUserPluginOptions\n};\n\nexport const platformaticLogto: FastifyPluginAsync<PlatformaticLogtoAuthOptions> = fp(async (app: FastifyInstance, opts: PlatformaticLogtoAuthOptions) => {\n app.decorate('platformaticLogTo', {\n opts\n })\n\n app.register(fastifyLogto, {\n endpoint: opts.logtoBaseUrl || 'https://auth.example.com',\n appId: opts.logtoAppId || 'your-app-id',\n appSecret: opts.logtoAppSecret || 'your-app-secret',\n });\n\n await app.register(fastifyUser as unknown as FastifyPluginAsync, opts.jwtPlugin);\n\n const adminSecret = opts.adminSecret\n const roleKey = opts.rolePath || opts.roleKey || 'X-PLATFORMATIC-ROLE'\n const userKey = opts.userPath || opts.userKey || 'X-PLATFORMATIC-USER-ID'\n const isRolePath = !!opts.rolePath // if `true` the role is intepreted as path like `user.role`\n const anonymousRole = opts.anonymousRole || 'anonymous'\n\n async function composeLogToRules() {\n const rolesResp = await app.logto.callAPI('/api/roles?type=User', 'GET');\n\n if (!rolesResp.ok) {\n throw rolesResp;\n }\n\n const roles = await rolesResp.json();\n const rules: PlatformaticRule[] = [{\n role: anonymousRole,\n entities: Object.keys(app.platformatic.entities),\n find: opts.allowAnonymous,\n save: opts.allowAnonymous,\n delete: opts.allowAnonymous,\n }];\n\n for (const role of roles) {\n const scopesResp = await app.logto.callAPI(`/api/roles/${role.id}/scopes`, 'GET');\n\n if (!scopesResp.ok) {\n throw scopesResp;\n }\n\n const scopes = await scopesResp.json();\n\n for (const scope of scopes) {\n const roleName = role.name;\n // eslint-disable-next-line prefer-const\n let [scopeAction, entity] = scope.name.split(':');\n\n if (!app.platformatic.entities[entity]) {\n app.log.debug(`Unknown entity '${entity}' in authorization rule`)\n continue;\n }\n\n switch (scopeAction) {\n case 'create':\n scopeAction = 'save'\n break;\n case 'read':\n scopeAction = 'find'\n break;\n case 'update':\n scopeAction = 'updateMany'\n break;\n }\n\n const checkExists = rules.find(r => r.role === roleName && r.entity === entity);\n if (checkExists) {\n if (opts.checks) {\n checkExists[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n checkExists[scopeAction] = true;\n }\n } else {\n const newRule: PlatformaticRule = {\n role: roleName,\n entity,\n };\n\n if (opts.checks) {\n newRule[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n newRule[scopeAction] = true;\n }\n\n if (opts.defaults) {\n newRule.defaults = {\n userId: userKey\n };\n }\n\n rules.push(newRule);\n }\n }\n }\n\n const logRules = rules.reduce((prev, curr) => {\n (prev[curr['role']] ??= []).push(curr);\n return prev;\n }, {})\n\n for (const key in logRules) {\n app.log.info(`Rules set for role ${key}`);\n\n for (const element of logRules[key]) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { entity, entities, role, ...other } = element;\n app.log.info(`\\t${entity ?? entities.join(',')}: ${JSON.stringify(other)}`);\n }\n }\n\n const missingEntities = Object.keys(app.platformatic.entities).filter((e) => !rules.map((r) => r.entity).includes(e));\n\n if (missingEntities.length) {\n app.log.warn(`Missing rules for entities: ${missingEntities.join(', ')}`);\n }\n\n app.log.debug('LogTo calculated rules');\n app.log.debug(rules);\n return rules;\n }\n\n app.decorateRequest('setupDBAuthorizationUser', setupUser)\n\n async function setupUser() {\n // if (!adminSecret) {\n await this.extractUser()\n // }\n\n let forceAdminRole = false\n if (adminSecret && this.headers['x-platformatic-admin-secret'] === adminSecret) {\n if (opts.jwtPlugin.jwt) {\n forceAdminRole = true\n } else {\n this.log.info('admin secret is valid')\n this.user = new Proxy(this.headers, {\n get: (target, key) => {\n let value;\n if (!target[key.toString()]) {\n const newKey = key.toString().toLowerCase()\n value = target[newKey]\n } else {\n value = target[key.toString()]\n }\n\n if (!value && key.toString().toLowerCase() === roleKey.toLowerCase()) {\n value = PLT_ADMIN_ROLE\n }\n return value\n },\n })\n }\n }\n\n if (forceAdminRole) {\n // We replace just the role in `request.user`, all the rest is untouched\n this.user = {\n // ...request.user,\n [roleKey]: this.headers['x-platformatic-role'] ?? PLT_ADMIN_ROLE\n }\n }\n }\n\n app.addHook('onReady', async function () {\n const logToRules = await composeLogToRules();\n\n app.platformaticLogTo.rules = logToRules;\n\n // TODO validate that there is at most a rule for a given role\n const entityRules = {};\n for (let i = 0; i < logToRules.length; i++) {\n const rule = logToRules[i]\n\n let ruleEntities = null\n if (rule.entity) {\n ruleEntities = [rule.entity]\n } else if (rule.entities) {\n ruleEntities = [...rule.entities]\n } else {\n throw new Error(`Missing entity in authorization rule ${i}`)\n }\n\n for (const ruleEntity of ruleEntities) {\n const newRule = { ...rule, entity: ruleEntity, entities: undefined }\n if (!app.platformatic.entities[newRule.entity]) {\n throw new Error(`Unknown entity '${ruleEntity}' in authorization rule ${i}`)\n }\n\n if (!entityRules[ruleEntity]) {\n entityRules[ruleEntity] = []\n }\n entityRules[ruleEntity].push(newRule)\n }\n }\n\n for (const entityKey of Object.keys(app.platformatic.entities)) {\n const rules = entityRules[entityKey] || []\n const type = app.platformatic.entities[entityKey]\n\n // We have subscriptions!\n let userPropToFillForPublish\n const topicsWithoutChecks = false\n\n // mqtt\n // if (app.platformatic.mq) {\n // for (const rule of rules) {\n // const checks = rule.find?.checks\n // if (typeof checks !== 'object') {\n // topicsWithoutChecks = !!rule.find\n // continue\n // }\n // const keys = Object.keys(checks)\n // if (keys.length !== 1) {\n // throw new Error(`Subscription requires that the role \"${rule.role}\" has only one check in the find rule for entity \"${rule.entity}\"`)\n // }\n // const key = keys[0]\n\n // const val = typeof checks[key] === 'object' ? checks[key].eq : checks[key]\n // if (userPropToFillForPublish && userPropToFillForPublish.val !== val) {\n // throw new Error('Unable to configure subscriptions and authorization due to multiple check clauses in find')\n // }\n // userPropToFillForPublish = { key, val }\n // }\n // }\n\n if (userPropToFillForPublish && topicsWithoutChecks) {\n throw new Error(`Subscription for entity \"${entityKey}\" have conflictling rules across roles`)\n }\n\n // MUST set this after doing the security checks on the subscriptions\n if (adminSecret) {\n rules.push({\n role: PLT_ADMIN_ROLE,\n find: true,\n save: true,\n delete: true,\n updateMany: true\n })\n }\n\n // If we have `fields` in save rules, we need to check if all the not-nullable\n // fields are specified\n checkSaveMandatoryFieldsInRules(type, rules)\n\n function useOriginal(ctx: PlatformaticContext) {\n return !ctx\n }\n\n app.platformatic.addEntityHooks(entityKey, {\n async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {\n if (useOriginal(ctx)) {\n return originalFind({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields))\n where = await fromRuleToWhere(ctx, rule.find, where, request.user)\n\n return originalFind({ ...restOpts, where, ctx, fields })\n },\n async save(originalSave, { input, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalSave({ ctx, input, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, input)\n\n if (rule.defaults) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n\n const hasAllPrimaryKeys = input[type.primaryKey] !== undefined;\n const whereConditions = {}\n whereConditions[type.primaryKey] = { eq: input[type.primaryKey] }\n\n if (hasAllPrimaryKeys) {\n const where = await fromRuleToWhere(ctx, rule.save, whereConditions, request.user)\n\n const found = await type.find({\n where,\n ctx,\n fields,\n })\n\n if (found.length === 0) {\n throw new Unauthorized()\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n },\n\n async insert(originalInsert, { inputs, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, inputs)\n\n /* istanbul ignore else */\n if (rule.defaults) {\n for (const input of inputs) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n }\n\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n },\n\n async delete(originalDelete, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalDelete({ where, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.delete, where, request.user)\n\n return originalDelete({ where, ctx, fields, ...restOpts })\n },\n\n async updateMany(originalUpdateMany, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user)\n\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n },\n })\n }\n })\n}, { name: '@albirex/platformatic-logto' });\n\nasync function fromRuleToWhere(ctx: PlatformaticContext, rule, where, user) {\n if (!rule) {\n throw new Unauthorized()\n }\n const request = getRequestFromContext(ctx)\n /* istanbul ignore next */\n where = where || {}\n\n if (typeof rule === 'object') {\n const { checks } = rule\n\n /* istanbul ignore else */\n if (checks) {\n for (const key of Object.keys(checks)) {\n const clauses = checks[key]\n if (typeof clauses === 'string') {\n // case: \"userId\": \"X-PLATFORMATIC-USER-ID\"\n where[key] = {\n eq: request.user[clauses],\n }\n } else {\n // case:\n // userId: {\n // eq: 'X-PLATFORMATIC-USER-ID'\n // }\n for (const clauseKey of Object.keys(clauses)) {\n const clause = clauses[clauseKey]\n where[key] = {\n [clauseKey]: request.user[clause],\n }\n }\n }\n }\n }\n } else if (typeof rule === 'function') {\n where = await rule({ user, ctx, where })\n }\n return where\n}\n\nexport async function findRuleForRequestUser(ctx: PlatformaticContext, rules: PlatformaticRule[], roleKey: string, anonymousRole: string, isRolePath = false) {\n const request = getRequestFromContext(ctx)\n await request.setupDBAuthorizationUser()\n const roles = getRoles(request, roleKey, anonymousRole, isRolePath)\n const rule = findRule(rules, roles)\n if (!rule) {\n ctx.reply.request.log.warn({ roles, rules }, 'no rule for roles')\n throw new Unauthorized()\n }\n ctx.reply.request.log.trace({ roles, rule }, 'found rule')\n return rule\n}\n\nexport function checkFieldsFromRule(rule, fields) {\n if (!rule) {\n throw new Unauthorized()\n }\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n for (const field of fields) {\n if (!fieldsFromRule.includes(field)) {\n throw new UnauthorizedField(field)\n }\n }\n }\n}\n\nconst validateInputs = (inputs, fieldsFromRule) => {\n for (const input of inputs) {\n const inputFields = Object.keys(input)\n for (const inputField of inputFields) {\n if (!fieldsFromRule.includes(inputField)) {\n throw new UnauthorizedField(inputField)\n }\n }\n }\n}\n\nfunction checkInputFromRuleFields(rule, inputs) {\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n if (!Array.isArray(inputs)) {\n // save\n validateInputs([inputs], fieldsFromRule)\n } else {\n // insert\n validateInputs(inputs, fieldsFromRule)\n }\n }\n}\n\nfunction checkSaveMandatoryFieldsInRules(type: Entity, rules) {\n // List of not nullable, not PKs field to validate save/insert when allowed fields are specified on the rule\n const mandatoryFields =\n Object.values(type.fields)\n .filter(k => (!k.isNullable && !k.primaryKey))\n .map(({ camelcase }) => (camelcase))\n\n for (const rule of rules) {\n const { entity, save } = rule\n if (save && save.fields) {\n const fields = save.fields\n for (const mField of mandatoryFields) {\n if (!fields.includes(mField)) {\n throw new MissingNotNullableError(mField, entity)\n }\n }\n }\n }\n}\n\nexport default platformaticLogto;\n\ndeclare module 'fastify' {\n interface FastifyInstance {\n platformaticLogTo: {\n opts: PlatformaticLogtoAuthOptions,\n rules?: PlatformaticRule[]\n }\n }\n}","'use strict'\n\nimport { PlatformaticRule } from '../index.js'\n\nfunction findRule(rules: PlatformaticRule[], roles: string[]) {\n let found = null\n for (const rule of rules) {\n for (const role of roles) {\n if (rule.role === role) {\n found = rule\n break\n }\n }\n if (found) {\n break\n }\n }\n return found\n}\n\nexport default findRule\n","'use strict'\n\nimport createError from '@fastify/error'\n\nconst ERROR_PREFIX = 'PLT_DB_AUTH'\n\nexport const Unauthorized = createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401)\nexport const UnauthorizedField = createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401)\nexport const MissingNotNullableError = createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`, 'missing not nullable field: \"%s\" in save rule for entity \"%s\"')\n","'use strict'\n\nexport function getRequestFromContext (ctx) {\n if (ctx && !ctx.reply) {\n throw new Error('Missing reply in context. You should call this function with { ctx: { reply }}')\n }\n return ctx.reply.request\n}\n\nexport function getRoles (request, roleKey, anonymousRole, isRolePath = false) {\n let output = []\n const user = request.user\n if (!user) {\n output.push(anonymousRole)\n return output\n }\n\n let rolesRaw\n if (isRolePath) {\n const roleKeys = roleKey.split('.')\n rolesRaw = user\n for (const key of roleKeys) {\n rolesRaw = rolesRaw[key]\n }\n } else {\n rolesRaw = user[roleKey]\n }\n\n if (typeof rolesRaw === 'string') {\n output = rolesRaw.split(',')\n } else if (Array.isArray(rolesRaw)) {\n output = rolesRaw\n }\n if (output.length === 0) {\n output.push(anonymousRole)\n }\n\n return output\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAAe;AACf,kBAA6B;;;ACG7B,SAAS,SAAS,OAA2B,OAAiB;AAC5D,MAAI,QAAQ;AACZ,aAAW,QAAQ,OAAO;AACxB,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,MAAM;AACtB,gBAAQ;AACR;AAAA,MACF;AAAA,IACF;AACA,QAAI,OAAO;AACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAO,oBAAQ;;;AClBf,mBAAwB;AAExB,IAAM,eAAe;AAEd,IAAM,mBAAe,aAAAA,SAAY,GAAG,YAAY,iBAAiB,yBAAyB,GAAG;AAC7F,IAAM,wBAAoB,aAAAA,SAAY,GAAG,YAAY,uBAAuB,yBAAyB,GAAG;AACxG,IAAM,8BAA0B,aAAAA,SAAY,GAAG,YAAY,yBAAyB,+DAA+D;;;AFH1J,2BAAyB;AAIzB,IAAAC,wBAA6B;;;AGPtB,SAAS,sBAAuB,KAAK;AAC1C,MAAI,OAAO,CAAC,IAAI,OAAO;AACrB,UAAM,IAAI,MAAM,gFAAgF;AAAA,EAClG;AACA,SAAO,IAAI,MAAM;AACnB;AAEO,SAAS,SAAU,SAAS,SAAS,eAAe,aAAa,OAAO;AAC7E,MAAI,SAAS,CAAC;AACd,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM;AACT,WAAO,KAAK,aAAa;AACzB,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI,YAAY;AACd,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,eAAW;AACX,eAAW,OAAO,UAAU;AAC1B,iBAAW,SAAS,GAAG;AAAA,IACzB;AAAA,EACF,OAAO;AACL,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,MAAI,OAAO,aAAa,UAAU;AAChC,aAAS,SAAS,MAAM,GAAG;AAAA,EAC7B,WAAW,MAAM,QAAQ,QAAQ,GAAG;AAClC,aAAS;AAAA,EACX;AACA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,KAAK,aAAa;AAAA,EAC3B;AAEA,SAAO;AACT;;;AHxBA,IAAM,iBAAiB;AA8BhB,IAAM,wBAAsE,sBAAAC,SAAG,OAAO,KAAsB,SAAuC;AACtJ,MAAI,SAAS,qBAAqB;AAAA,IAC9B;AAAA,EACJ,CAAC;AAED,MAAI,SAAS,qBAAAC,SAAc;AAAA,IACvB,UAAU,KAAK,gBAAgB;AAAA,IAC/B,OAAO,KAAK,cAAc;AAAA,IAC1B,WAAW,KAAK,kBAAkB;AAAA,EACtC,CAAC;AAED,QAAM,IAAI,SAAS,aAA8C,KAAK,SAAS;AAE/E,QAAM,cAAc,KAAK;AACzB,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,aAAa,CAAC,CAAC,KAAK;AAC1B,QAAM,gBAAgB,KAAK,iBAAiB;AAE5C,iBAAe,oBAAoB;AAC/B,UAAM,YAAY,MAAM,IAAI,MAAM,QAAQ,wBAAwB,KAAK;AAEvE,QAAI,CAAC,UAAU,IAAI;AACf,YAAM;AAAA,IACV;AAEA,UAAM,QAAQ,MAAM,UAAU,KAAK;AACnC,UAAM,QAA4B,CAAC;AAAA,MAC/B,MAAM;AAAA,MACN,UAAU,OAAO,KAAK,IAAI,aAAa,QAAQ;AAAA,MAC/C,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACjB,CAAC;AAED,eAAW,QAAQ,OAAO;AACtB,YAAM,aAAa,MAAM,IAAI,MAAM,QAAQ,cAAc,KAAK,EAAE,WAAW,KAAK;AAEhF,UAAI,CAAC,WAAW,IAAI;AAChB,cAAM;AAAA,MACV;AAEA,YAAM,SAAS,MAAM,WAAW,KAAK;AAErC,iBAAW,SAAS,QAAQ;AACxB,cAAM,WAAW,KAAK;AAEtB,YAAI,CAAC,aAAa,MAAM,IAAI,MAAM,KAAK,MAAM,GAAG;AAEhD,YAAI,CAAC,IAAI,aAAa,SAAS,MAAM,GAAG;AACpC,cAAI,IAAI,MAAM,mBAAmB,MAAM,yBAAyB;AAChE;AAAA,QACJ;AAEA,gBAAQ,aAAa;AAAA,UACjB,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,QACR;AAEA,cAAM,cAAc,MAAM,KAAK,OAAK,EAAE,SAAS,YAAY,EAAE,WAAW,MAAM;AAC9E,YAAI,aAAa;AACb,cAAI,KAAK,QAAQ;AACb,wBAAY,WAAW,IAAI;AAAA,cACvB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,wBAAY,WAAW,IAAI;AAAA,UAC/B;AAAA,QACJ,OAAO;AACH,gBAAM,UAA4B;AAAA,YAC9B,MAAM;AAAA,YACN;AAAA,UACJ;AAEA,cAAI,KAAK,QAAQ;AACb,oBAAQ,WAAW,IAAI;AAAA,cACnB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,oBAAQ,WAAW,IAAI;AAAA,UAC3B;AAEA,cAAI,KAAK,UAAU;AACf,oBAAQ,WAAW;AAAA,cACf,QAAQ;AAAA,YACZ;AAAA,UACJ;AAEA,gBAAM,KAAK,OAAO;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,WAAW,MAAM,OAAO,CAAC,MAAM,SAAS;AAC1C,OAAC,KAAK,KAAK,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI;AACrC,aAAO;AAAA,IACX,GAAG,CAAC,CAAC;AAEL,eAAW,OAAO,UAAU;AACxB,UAAI,IAAI,KAAK,sBAAsB,GAAG,EAAE;AAExC,iBAAW,WAAW,SAAS,GAAG,GAAG;AAEjC,cAAM,EAAE,QAAQ,UAAU,MAAM,GAAG,MAAM,IAAI;AAC7C,YAAI,IAAI,KAAK,IAAK,UAAU,SAAS,KAAK,GAAG,CAAC,KAAK,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,MAC9E;AAAA,IACJ;AAEA,UAAM,kBAAkB,OAAO,KAAK,IAAI,aAAa,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEpH,QAAI,gBAAgB,QAAQ;AACxB,UAAI,IAAI,KAAK,+BAA+B,gBAAgB,KAAK,IAAI,CAAC,EAAE;AAAA,IAC5E;AAEA,QAAI,IAAI,MAAM,wBAAwB;AACtC,QAAI,IAAI,MAAM,KAAK;AACnB,WAAO;AAAA,EACX;AAEA,MAAI,gBAAgB,4BAA4B,SAAS;AAEzD,iBAAe,YAAY;AAEvB,UAAM,KAAK,YAAY;AAGvB,QAAI,iBAAiB;AACrB,QAAI,eAAe,KAAK,QAAQ,6BAA6B,MAAM,aAAa;AAC5E,UAAI,KAAK,UAAU,KAAK;AACpB,yBAAiB;AAAA,MACrB,OAAO;AACH,aAAK,IAAI,KAAK,uBAAuB;AACrC,aAAK,OAAO,IAAI,MAAM,KAAK,SAAS;AAAA,UAChC,KAAK,CAAC,QAAQ,QAAQ;AAClB,gBAAI;AACJ,gBAAI,CAAC,OAAO,IAAI,SAAS,CAAC,GAAG;AACzB,oBAAM,SAAS,IAAI,SAAS,EAAE,YAAY;AAC1C,sBAAQ,OAAO,MAAM;AAAA,YACzB,OAAO;AACH,sBAAQ,OAAO,IAAI,SAAS,CAAC;AAAA,YACjC;AAEA,gBAAI,CAAC,SAAS,IAAI,SAAS,EAAE,YAAY,MAAM,QAAQ,YAAY,GAAG;AAClE,sBAAQ;AAAA,YACZ;AACA,mBAAO;AAAA,UACX;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAEA,QAAI,gBAAgB;AAEhB,WAAK,OAAO;AAAA;AAAA,QAER,CAAC,OAAO,GAAG,KAAK,QAAQ,qBAAqB,KAAK;AAAA,MACtD;AAAA,IACJ;AAAA,EACJ;AAEA,MAAI,QAAQ,WAAW,iBAAkB;AACrC,UAAM,aAAa,MAAM,kBAAkB;AAE3C,QAAI,kBAAkB,QAAQ;AAG9B,UAAM,cAAc,CAAC;AACrB,aAAS,IAAI,GAAG,IAAI,WAAW,QAAQ,KAAK;AACxC,YAAM,OAAO,WAAW,CAAC;AAEzB,UAAI,eAAe;AACnB,UAAI,KAAK,QAAQ;AACb,uBAAe,CAAC,KAAK,MAAM;AAAA,MAC/B,WAAW,KAAK,UAAU;AACtB,uBAAe,CAAC,GAAG,KAAK,QAAQ;AAAA,MACpC,OAAO;AACH,cAAM,IAAI,MAAM,wCAAwC,CAAC,EAAE;AAAA,MAC/D;AAEA,iBAAW,cAAc,cAAc;AACnC,cAAM,UAAU,EAAE,GAAG,MAAM,QAAQ,YAAY,UAAU,OAAU;AACnE,YAAI,CAAC,IAAI,aAAa,SAAS,QAAQ,MAAM,GAAG;AAC5C,gBAAM,IAAI,MAAM,mBAAmB,UAAU,2BAA2B,CAAC,EAAE;AAAA,QAC/E;AAEA,YAAI,CAAC,YAAY,UAAU,GAAG;AAC1B,sBAAY,UAAU,IAAI,CAAC;AAAA,QAC/B;AACA,oBAAY,UAAU,EAAE,KAAK,OAAO;AAAA,MACxC;AAAA,IACJ;AAEA,eAAW,aAAa,OAAO,KAAK,IAAI,aAAa,QAAQ,GAAG;AAiD5D,UAAS,cAAT,SAAqB,KAA0B;AAC3C,eAAO,CAAC;AAAA,MACZ;AAlDA,YAAM,QAAQ,YAAY,SAAS,KAAK,CAAC;AACzC,YAAM,OAAO,IAAI,aAAa,SAAS,SAAS;AAGhD,UAAI;AACJ,YAAM,sBAAsB;AAwB5B,UAAI,4BAA4B,qBAAqB;AACjD,cAAM,IAAI,MAAM,4BAA4B,SAAS,wCAAwC;AAAA,MACjG;AAGA,UAAI,aAAa;AACb,cAAM,KAAK;AAAA,UACP,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,YAAY;AAAA,QAChB,CAAC;AAAA,MACL;AAIA,sCAAgC,MAAM,KAAK;AAM3C,UAAI,aAAa,eAAe,WAAW;AAAA,QACvC,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,IAAI,CAAC,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AACxF,8BAAoB,KAAK,MAAM,UAAU,OAAO,KAAK,IAAI,aAAa,SAAS,SAAS,EAAE,MAAM,CAAC;AACjG,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,OAAO,QAAQ,IAAI;AAEjE,iBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QAC3D;AAAA,QACA,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC1D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,KAAK,OAAO,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AACA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,KAAK;AAEzC,cAAI,KAAK,UAAU;AACf,uBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,oBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,kBAAI,OAAO,aAAa,YAAY;AAChC,sBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,cAClE,OAAO;AACH,sBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,cACtC;AAAA,YACJ;AAAA,UACJ;AAEA,gBAAM,oBAAoB,MAAM,KAAK,UAAU,MAAM;AACrD,gBAAM,kBAAkB,CAAC;AACzB,0BAAgB,KAAK,UAAU,IAAI,EAAE,IAAI,MAAM,KAAK,UAAU,EAAE;AAEhE,cAAI,mBAAmB;AACnB,kBAAM,QAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,iBAAiB,QAAQ,IAAI;AAEjF,kBAAM,QAAQ,MAAM,KAAK,KAAK;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,YACJ,CAAC;AAED,gBAAI,MAAM,WAAW,GAAG;AACpB,oBAAM,IAAI,aAAa;AAAA,YAC3B;AAEA,mBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AAEA,iBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC3D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC9D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AAEA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,MAAM;AAG1C,cAAI,KAAK,UAAU;AACf,uBAAW,SAAS,QAAQ;AACxB,yBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,sBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,oBAAI,OAAO,aAAa,YAAY;AAChC,wBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,gBAClE,OAAO;AACH,wBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,gBACtC;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEA,iBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC9D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC9D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC7D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,QAAQ,OAAO,QAAQ,IAAI;AAEnE,iBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7D;AAAA,QAEA,MAAM,WAAW,oBAAoB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AACtE,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UACjE;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,YAAY,OAAO,QAAQ,IAAI;AAEvE,iBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QACjE;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ,CAAC;AACL,GAAG,EAAE,MAAM,8BAA8B,CAAC;AAE1C,eAAe,gBAAgB,KAA0B,MAAM,OAAO,MAAM;AACxE,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,UAAU,sBAAsB,GAAG;AAEzC,UAAQ,SAAS,CAAC;AAElB,MAAI,OAAO,SAAS,UAAU;AAC1B,UAAM,EAAE,OAAO,IAAI;AAGnB,QAAI,QAAQ;AACR,iBAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACnC,cAAM,UAAU,OAAO,GAAG;AAC1B,YAAI,OAAO,YAAY,UAAU;AAE7B,gBAAM,GAAG,IAAI;AAAA,YACT,IAAI,QAAQ,KAAK,OAAO;AAAA,UAC5B;AAAA,QACJ,OAAO;AAKH,qBAAW,aAAa,OAAO,KAAK,OAAO,GAAG;AAC1C,kBAAM,SAAS,QAAQ,SAAS;AAChC,kBAAM,GAAG,IAAI;AAAA,cACT,CAAC,SAAS,GAAG,QAAQ,KAAK,MAAM;AAAA,YACpC;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS,YAAY;AACnC,YAAQ,MAAM,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC;AAAA,EAC3C;AACA,SAAO;AACX;AAEA,eAAsB,uBAAuB,KAA0B,OAA2B,SAAiB,eAAuB,aAAa,OAAO;AAC1J,QAAM,UAAU,sBAAsB,GAAG;AACzC,QAAM,QAAQ,yBAAyB;AACvC,QAAM,QAAQ,SAAS,SAAS,SAAS,eAAe,UAAU;AAClE,QAAM,OAAO,kBAAS,OAAO,KAAK;AAClC,MAAI,CAAC,MAAM;AACP,QAAI,MAAM,QAAQ,IAAI,KAAK,EAAE,OAAO,MAAM,GAAG,mBAAmB;AAChE,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,MAAI,MAAM,QAAQ,IAAI,MAAM,EAAE,OAAO,KAAK,GAAG,YAAY;AACzD,SAAO;AACX;AAEO,SAAS,oBAAoB,MAAM,QAAQ;AAC9C,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,eAAW,SAAS,QAAQ;AACxB,UAAI,CAAC,eAAe,SAAS,KAAK,GAAG;AACjC,cAAM,IAAI,kBAAkB,KAAK;AAAA,MACrC;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAM,iBAAiB,CAAC,QAAQ,mBAAmB;AAC/C,aAAW,SAAS,QAAQ;AACxB,UAAM,cAAc,OAAO,KAAK,KAAK;AACrC,eAAW,cAAc,aAAa;AAClC,UAAI,CAAC,eAAe,SAAS,UAAU,GAAG;AACtC,cAAM,IAAI,kBAAkB,UAAU;AAAA,MAC1C;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,SAAS,yBAAyB,MAAM,QAAQ;AAC5C,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,QAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AAExB,qBAAe,CAAC,MAAM,GAAG,cAAc;AAAA,IAC3C,OAAO;AAEH,qBAAe,QAAQ,cAAc;AAAA,IACzC;AAAA,EACJ;AACJ;AAEA,SAAS,gCAAgC,MAAc,OAAO;AAE1D,QAAM,kBACF,OAAO,OAAO,KAAK,MAAM,EACpB,OAAO,OAAM,CAAC,EAAE,cAAc,CAAC,EAAE,UAAW,EAC5C,IAAI,CAAC,EAAE,UAAU,MAAO,SAAU;AAE3C,aAAW,QAAQ,OAAO;AACtB,UAAM,EAAE,QAAQ,KAAK,IAAI;AACzB,QAAI,QAAQ,KAAK,QAAQ;AACrB,YAAM,SAAS,KAAK;AACpB,iBAAW,UAAU,iBAAiB;AAClC,YAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC1B,gBAAM,IAAI,wBAAwB,QAAQ,MAAM;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAO,gBAAQ;","names":["createError","import_fastify_logto","fp","fastifyLogto"]}
package/lib/index.d.cts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { FastifyPluginAsync } from 'fastify';
2
2
  import { FastifyUserPluginOptions } from 'fastify-user';
3
- import { SQLMapperPluginInterface, Entities, PlatformaticContext } from '@platformatic/sql-mapper';
3
+ import { PlatformaticContext } from '@platformatic/sql-mapper';
4
4
  export { fastifyLogto } from '@albirex/fastify-logto';
5
5
 
6
6
  declare function getRequestFromContext(ctx: any): any;
@@ -40,8 +40,6 @@ declare module 'fastify' {
40
40
  interface FastifyInstance {
41
41
  platformaticLogTo: {
42
42
  opts: PlatformaticLogtoAuthOptions;
43
- };
44
- platformatic: SQLMapperPluginInterface<Entities> & {
45
43
  rules?: PlatformaticRule[];
46
44
  };
47
45
  }
package/lib/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { FastifyPluginAsync } from 'fastify';
2
2
  import { FastifyUserPluginOptions } from 'fastify-user';
3
- import { SQLMapperPluginInterface, Entities, PlatformaticContext } from '@platformatic/sql-mapper';
3
+ import { PlatformaticContext } from '@platformatic/sql-mapper';
4
4
  export { fastifyLogto } from '@albirex/fastify-logto';
5
5
 
6
6
  declare function getRequestFromContext(ctx: any): any;
@@ -40,8 +40,6 @@ declare module 'fastify' {
40
40
  interface FastifyInstance {
41
41
  platformaticLogTo: {
42
42
  opts: PlatformaticLogtoAuthOptions;
43
- };
44
- platformatic: SQLMapperPluginInterface<Entities> & {
45
43
  rules?: PlatformaticRule[];
46
44
  };
47
45
  }
package/lib/index.js CHANGED
@@ -207,11 +207,11 @@ var platformaticLogto = fp(async (app, opts) => {
207
207
  }
208
208
  }
209
209
  app.addHook("onReady", async function() {
210
- const rules = await composeLogToRules();
211
- app.platformatic.rules = rules;
210
+ const logToRules = await composeLogToRules();
211
+ app.platformaticLogTo.rules = logToRules;
212
212
  const entityRules = {};
213
- for (let i = 0; i < rules.length; i++) {
214
- const rule = rules[i];
213
+ for (let i = 0; i < logToRules.length; i++) {
214
+ const rule = logToRules[i];
215
215
  let ruleEntities = null;
216
216
  if (rule.entity) {
217
217
  ruleEntities = [rule.entity];
@@ -235,7 +235,7 @@ var platformaticLogto = fp(async (app, opts) => {
235
235
  let useOriginal = function(ctx) {
236
236
  return !ctx;
237
237
  };
238
- const rules2 = entityRules[entityKey] || [];
238
+ const rules = entityRules[entityKey] || [];
239
239
  const type = app.platformatic.entities[entityKey];
240
240
  let userPropToFillForPublish;
241
241
  const topicsWithoutChecks = false;
@@ -243,7 +243,7 @@ var platformaticLogto = fp(async (app, opts) => {
243
243
  throw new Error(`Subscription for entity "${entityKey}" have conflictling rules across roles`);
244
244
  }
245
245
  if (adminSecret) {
246
- rules2.push({
246
+ rules.push({
247
247
  role: PLT_ADMIN_ROLE,
248
248
  find: true,
249
249
  save: true,
@@ -251,14 +251,14 @@ var platformaticLogto = fp(async (app, opts) => {
251
251
  updateMany: true
252
252
  });
253
253
  }
254
- checkSaveMandatoryFieldsInRules(type, rules2);
254
+ checkSaveMandatoryFieldsInRules(type, rules);
255
255
  app.platformatic.addEntityHooks(entityKey, {
256
256
  async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {
257
257
  if (useOriginal(ctx)) {
258
258
  return originalFind({ ...restOpts, where, ctx, fields });
259
259
  }
260
260
  const request = getRequestFromContext(ctx);
261
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
261
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
262
262
  checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields));
263
263
  where = await fromRuleToWhere(ctx, rule.find, where, request.user);
264
264
  return originalFind({ ...restOpts, where, ctx, fields });
@@ -268,7 +268,7 @@ var platformaticLogto = fp(async (app, opts) => {
268
268
  return originalSave({ ctx, input, fields, ...restOpts });
269
269
  }
270
270
  const request = getRequestFromContext(ctx);
271
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
271
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
272
272
  if (!rule.save) {
273
273
  throw new Unauthorized();
274
274
  }
@@ -306,7 +306,7 @@ var platformaticLogto = fp(async (app, opts) => {
306
306
  return originalInsert({ inputs, ctx, fields, ...restOpts });
307
307
  }
308
308
  const request = getRequestFromContext(ctx);
309
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
309
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
310
310
  if (!rule.save) {
311
311
  throw new Unauthorized();
312
312
  }
@@ -331,7 +331,7 @@ var platformaticLogto = fp(async (app, opts) => {
331
331
  return originalDelete({ where, ctx, fields, ...restOpts });
332
332
  }
333
333
  const request = getRequestFromContext(ctx);
334
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
334
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
335
335
  where = await fromRuleToWhere(ctx, rule.delete, where, request.user);
336
336
  return originalDelete({ where, ctx, fields, ...restOpts });
337
337
  },
@@ -340,7 +340,7 @@ var platformaticLogto = fp(async (app, opts) => {
340
340
  return originalUpdateMany({ ...restOpts, where, ctx, fields });
341
341
  }
342
342
  const request = getRequestFromContext(ctx);
343
- const rule = await findRuleForRequestUser(ctx, rules2, roleKey, anonymousRole, isRolePath);
343
+ const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath);
344
344
  where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user);
345
345
  return originalUpdateMany({ ...restOpts, where, ctx, fields });
346
346
  }
package/lib/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/utils/find-rule.ts","../src/utils/errors.ts","../src/utils/utils.ts"],"sourcesContent":["import fp from 'fastify-plugin'\nimport * as fastifyUser from 'fastify-user'\n\nimport findRule from './utils/find-rule.js'\nimport { Unauthorized, UnauthorizedField, MissingNotNullableError } from './utils/errors.js'\nimport fastifyLogto from '@albirex/fastify-logto';\nimport { FastifyInstance, FastifyPluginAsync } from 'fastify'\nimport type { FastifyUserPluginOptions } from 'fastify-user';\nimport type { Entities, Entity, PlatformaticContext, SQLMapperPluginInterface } from '@platformatic/sql-mapper'\nexport { fastifyLogto } from '@albirex/fastify-logto';\n\nimport { getRequestFromContext, getRoles } from './utils/utils.js'\nexport { getRequestFromContext, getRoles } from './utils/utils.js'\n\nconst PLT_ADMIN_ROLE = 'platformatic-admin'\n\nexport type PlatformaticRule = {\n role: string;\n entity?: string;\n entities?: string[];\n defaults?: Record<string, string>;\n checks?: boolean;\n find?: boolean;\n save?: boolean;\n delete?: boolean;\n [action: string]: unknown;\n};\n\nexport type PlatformaticLogtoAuthOptions = {\n logtoBaseUrl?: string;\n logtoAppId?: string;\n logtoAppSecret?: string;\n adminSecret?: string;\n rolePath?: string;\n roleKey?: string;\n userPath?: string;\n userKey?: string;\n anonymousRole?: string;\n allowAnonymous?: boolean;\n checks?: boolean;\n defaults?: boolean;\n jwtPlugin: FastifyUserPluginOptions\n};\n\nexport const platformaticLogto: FastifyPluginAsync<PlatformaticLogtoAuthOptions> = fp(async (app: FastifyInstance, opts: PlatformaticLogtoAuthOptions) => {\n app.decorate('platformaticLogTo', {\n opts\n })\n\n app.register(fastifyLogto, {\n endpoint: opts.logtoBaseUrl || 'https://auth.example.com',\n appId: opts.logtoAppId || 'your-app-id',\n appSecret: opts.logtoAppSecret || 'your-app-secret',\n });\n\n await app.register(fastifyUser as unknown as FastifyPluginAsync, opts.jwtPlugin);\n\n const adminSecret = opts.adminSecret\n const roleKey = opts.rolePath || opts.roleKey || 'X-PLATFORMATIC-ROLE'\n const userKey = opts.userPath || opts.userKey || 'X-PLATFORMATIC-USER-ID'\n const isRolePath = !!opts.rolePath // if `true` the role is intepreted as path like `user.role`\n const anonymousRole = opts.anonymousRole || 'anonymous'\n\n async function composeLogToRules() {\n const rolesResp = await app.logto.callAPI('/api/roles?type=User', 'GET');\n\n if (!rolesResp.ok) {\n throw rolesResp;\n }\n\n const roles = await rolesResp.json();\n const rules: PlatformaticRule[] = [{\n role: anonymousRole,\n entities: Object.keys(app.platformatic.entities),\n find: opts.allowAnonymous,\n save: opts.allowAnonymous,\n delete: opts.allowAnonymous,\n }];\n\n for (const role of roles) {\n const scopesResp = await app.logto.callAPI(`/api/roles/${role.id}/scopes`, 'GET');\n\n if (!scopesResp.ok) {\n throw scopesResp;\n }\n\n const scopes = await scopesResp.json();\n\n for (const scope of scopes) {\n const roleName = role.name;\n // eslint-disable-next-line prefer-const\n let [scopeAction, entity] = scope.name.split(':');\n\n if (!app.platformatic.entities[entity]) {\n app.log.debug(`Unknown entity '${entity}' in authorization rule`)\n continue;\n }\n\n switch (scopeAction) {\n case 'create':\n scopeAction = 'save'\n break;\n case 'read':\n scopeAction = 'find'\n break;\n case 'update':\n scopeAction = 'updateMany'\n break;\n }\n\n const checkExists = rules.find(r => r.role === roleName && r.entity === entity);\n if (checkExists) {\n if (opts.checks) {\n checkExists[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n checkExists[scopeAction] = true;\n }\n } else {\n const newRule: PlatformaticRule = {\n role: roleName,\n entity,\n };\n\n if (opts.checks) {\n newRule[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n newRule[scopeAction] = true;\n }\n\n if (opts.defaults) {\n newRule.defaults = {\n userId: userKey\n };\n }\n\n rules.push(newRule);\n }\n }\n }\n\n const logRules = rules.reduce((prev, curr) => {\n (prev[curr['role']] ??= []).push(curr);\n return prev;\n }, {})\n\n for (const key in logRules) {\n app.log.info(`Rules set for role ${key}`);\n\n for (const element of logRules[key]) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { entity, entities, role, ...other } = element;\n app.log.info(`\\t${entity ?? entities.join(',')}: ${JSON.stringify(other)}`);\n }\n }\n\n const missingEntities = Object.keys(app.platformatic.entities).filter((e) => !rules.map((r) => r.entity).includes(e));\n\n if (missingEntities.length) {\n app.log.warn(`Missing rules for entities: ${missingEntities.join(', ')}`);\n }\n\n app.log.debug('LogTo calculated rules');\n app.log.debug(rules);\n return rules;\n }\n\n app.decorateRequest('setupDBAuthorizationUser', setupUser)\n\n async function setupUser() {\n // if (!adminSecret) {\n await this.extractUser()\n // }\n\n let forceAdminRole = false\n if (adminSecret && this.headers['x-platformatic-admin-secret'] === adminSecret) {\n if (opts.jwtPlugin.jwt) {\n forceAdminRole = true\n } else {\n this.log.info('admin secret is valid')\n this.user = new Proxy(this.headers, {\n get: (target, key) => {\n let value;\n if (!target[key.toString()]) {\n const newKey = key.toString().toLowerCase()\n value = target[newKey]\n } else {\n value = target[key.toString()]\n }\n\n if (!value && key.toString().toLowerCase() === roleKey.toLowerCase()) {\n value = PLT_ADMIN_ROLE\n }\n return value\n },\n })\n }\n }\n\n if (forceAdminRole) {\n // We replace just the role in `request.user`, all the rest is untouched\n this.user = {\n // ...request.user,\n [roleKey]: this.headers['x-platformatic-role'] ?? PLT_ADMIN_ROLE\n }\n }\n }\n\n app.addHook('onReady', async function () {\n const rules = await composeLogToRules();\n\n app.platformatic.rules = rules;\n\n // TODO validate that there is at most a rule for a given role\n const entityRules = {};\n for (let i = 0; i < rules.length; i++) {\n const rule = rules[i]\n\n let ruleEntities = null\n if (rule.entity) {\n ruleEntities = [rule.entity]\n } else if (rule.entities) {\n ruleEntities = [...rule.entities]\n } else {\n throw new Error(`Missing entity in authorization rule ${i}`)\n }\n\n for (const ruleEntity of ruleEntities) {\n const newRule = { ...rule, entity: ruleEntity, entities: undefined }\n if (!app.platformatic.entities[newRule.entity]) {\n throw new Error(`Unknown entity '${ruleEntity}' in authorization rule ${i}`)\n }\n\n if (!entityRules[ruleEntity]) {\n entityRules[ruleEntity] = []\n }\n entityRules[ruleEntity].push(newRule)\n }\n }\n\n for (const entityKey of Object.keys(app.platformatic.entities)) {\n const rules = entityRules[entityKey] || []\n const type = app.platformatic.entities[entityKey]\n\n // We have subscriptions!\n let userPropToFillForPublish\n const topicsWithoutChecks = false\n\n // mqtt\n // if (app.platformatic.mq) {\n // for (const rule of rules) {\n // const checks = rule.find?.checks\n // if (typeof checks !== 'object') {\n // topicsWithoutChecks = !!rule.find\n // continue\n // }\n // const keys = Object.keys(checks)\n // if (keys.length !== 1) {\n // throw new Error(`Subscription requires that the role \"${rule.role}\" has only one check in the find rule for entity \"${rule.entity}\"`)\n // }\n // const key = keys[0]\n\n // const val = typeof checks[key] === 'object' ? checks[key].eq : checks[key]\n // if (userPropToFillForPublish && userPropToFillForPublish.val !== val) {\n // throw new Error('Unable to configure subscriptions and authorization due to multiple check clauses in find')\n // }\n // userPropToFillForPublish = { key, val }\n // }\n // }\n\n if (userPropToFillForPublish && topicsWithoutChecks) {\n throw new Error(`Subscription for entity \"${entityKey}\" have conflictling rules across roles`)\n }\n\n // MUST set this after doing the security checks on the subscriptions\n if (adminSecret) {\n rules.push({\n role: PLT_ADMIN_ROLE,\n find: true,\n save: true,\n delete: true,\n updateMany: true\n })\n }\n\n // If we have `fields` in save rules, we need to check if all the not-nullable\n // fields are specified\n checkSaveMandatoryFieldsInRules(type, rules)\n\n function useOriginal(ctx: PlatformaticContext) {\n return !ctx\n }\n\n app.platformatic.addEntityHooks(entityKey, {\n async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {\n if (useOriginal(ctx)) {\n return originalFind({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields))\n where = await fromRuleToWhere(ctx, rule.find, where, request.user)\n\n return originalFind({ ...restOpts, where, ctx, fields })\n },\n async save(originalSave, { input, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalSave({ ctx, input, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, input)\n\n if (rule.defaults) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n\n const hasAllPrimaryKeys = input[type.primaryKey] !== undefined;\n const whereConditions = {}\n whereConditions[type.primaryKey] = { eq: input[type.primaryKey] }\n\n if (hasAllPrimaryKeys) {\n const where = await fromRuleToWhere(ctx, rule.save, whereConditions, request.user)\n\n const found = await type.find({\n where,\n ctx,\n fields,\n })\n\n if (found.length === 0) {\n throw new Unauthorized()\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n },\n\n async insert(originalInsert, { inputs, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, inputs)\n\n /* istanbul ignore else */\n if (rule.defaults) {\n for (const input of inputs) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n }\n\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n },\n\n async delete(originalDelete, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalDelete({ where, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.delete, where, request.user)\n\n return originalDelete({ where, ctx, fields, ...restOpts })\n },\n\n async updateMany(originalUpdateMany, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user)\n\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n },\n })\n }\n })\n}, { name: '@albirex/platformatic-logto' });\n\nasync function fromRuleToWhere(ctx: PlatformaticContext, rule, where, user) {\n if (!rule) {\n throw new Unauthorized()\n }\n const request = getRequestFromContext(ctx)\n /* istanbul ignore next */\n where = where || {}\n\n if (typeof rule === 'object') {\n const { checks } = rule\n\n /* istanbul ignore else */\n if (checks) {\n for (const key of Object.keys(checks)) {\n const clauses = checks[key]\n if (typeof clauses === 'string') {\n // case: \"userId\": \"X-PLATFORMATIC-USER-ID\"\n where[key] = {\n eq: request.user[clauses],\n }\n } else {\n // case:\n // userId: {\n // eq: 'X-PLATFORMATIC-USER-ID'\n // }\n for (const clauseKey of Object.keys(clauses)) {\n const clause = clauses[clauseKey]\n where[key] = {\n [clauseKey]: request.user[clause],\n }\n }\n }\n }\n }\n } else if (typeof rule === 'function') {\n where = await rule({ user, ctx, where })\n }\n return where\n}\n\nexport async function findRuleForRequestUser(ctx: PlatformaticContext, rules: PlatformaticRule[], roleKey: string, anonymousRole: string, isRolePath = false) {\n const request = getRequestFromContext(ctx)\n await request.setupDBAuthorizationUser()\n const roles = getRoles(request, roleKey, anonymousRole, isRolePath)\n const rule = findRule(rules, roles)\n if (!rule) {\n ctx.reply.request.log.warn({ roles, rules }, 'no rule for roles')\n throw new Unauthorized()\n }\n ctx.reply.request.log.trace({ roles, rule }, 'found rule')\n return rule\n}\n\nexport function checkFieldsFromRule(rule, fields) {\n if (!rule) {\n throw new Unauthorized()\n }\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n for (const field of fields) {\n if (!fieldsFromRule.includes(field)) {\n throw new UnauthorizedField(field)\n }\n }\n }\n}\n\nconst validateInputs = (inputs, fieldsFromRule) => {\n for (const input of inputs) {\n const inputFields = Object.keys(input)\n for (const inputField of inputFields) {\n if (!fieldsFromRule.includes(inputField)) {\n throw new UnauthorizedField(inputField)\n }\n }\n }\n}\n\nfunction checkInputFromRuleFields(rule, inputs) {\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n if (!Array.isArray(inputs)) {\n // save\n validateInputs([inputs], fieldsFromRule)\n } else {\n // insert\n validateInputs(inputs, fieldsFromRule)\n }\n }\n}\n\nfunction checkSaveMandatoryFieldsInRules(type: Entity, rules) {\n // List of not nullable, not PKs field to validate save/insert when allowed fields are specified on the rule\n const mandatoryFields =\n Object.values(type.fields)\n .filter(k => (!k.isNullable && !k.primaryKey))\n .map(({ camelcase }) => (camelcase))\n\n for (const rule of rules) {\n const { entity, save } = rule\n if (save && save.fields) {\n const fields = save.fields\n for (const mField of mandatoryFields) {\n if (!fields.includes(mField)) {\n throw new MissingNotNullableError(mField, entity)\n }\n }\n }\n }\n}\n\nexport default platformaticLogto;\n\ndeclare module 'fastify' {\n interface FastifyInstance {\n platformaticLogTo: {\n opts: PlatformaticLogtoAuthOptions\n },\n platformatic: SQLMapperPluginInterface<Entities> & {\n rules?: PlatformaticRule[]\n };\n }\n}","'use strict'\n\nimport { PlatformaticRule } from '../index.js'\n\nfunction findRule(rules: PlatformaticRule[], roles: string[]) {\n let found = null\n for (const rule of rules) {\n for (const role of roles) {\n if (rule.role === role) {\n found = rule\n break\n }\n }\n if (found) {\n break\n }\n }\n return found\n}\n\nexport default findRule\n","'use strict'\n\nimport createError from '@fastify/error'\n\nconst ERROR_PREFIX = 'PLT_DB_AUTH'\n\nexport const Unauthorized = createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401)\nexport const UnauthorizedField = createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401)\nexport const MissingNotNullableError = createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`, 'missing not nullable field: \"%s\" in save rule for entity \"%s\"')\n","'use strict'\n\nexport function getRequestFromContext (ctx) {\n if (ctx && !ctx.reply) {\n throw new Error('Missing reply in context. You should call this function with { ctx: { reply }}')\n }\n return ctx.reply.request\n}\n\nexport function getRoles (request, roleKey, anonymousRole, isRolePath = false) {\n let output = []\n const user = request.user\n if (!user) {\n output.push(anonymousRole)\n return output\n }\n\n let rolesRaw\n if (isRolePath) {\n const roleKeys = roleKey.split('.')\n rolesRaw = user\n for (const key of roleKeys) {\n rolesRaw = rolesRaw[key]\n }\n } else {\n rolesRaw = user[roleKey]\n }\n\n if (typeof rolesRaw === 'string') {\n output = rolesRaw.split(',')\n } else if (Array.isArray(rolesRaw)) {\n output = rolesRaw\n }\n if (output.length === 0) {\n output.push(anonymousRole)\n }\n\n return output\n}\n"],"mappings":";AAAA,OAAO,QAAQ;AACf,YAAY,iBAAiB;;;ACG7B,SAAS,SAAS,OAA2B,OAAiB;AAC5D,MAAI,QAAQ;AACZ,aAAW,QAAQ,OAAO;AACxB,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,MAAM;AACtB,gBAAQ;AACR;AAAA,MACF;AAAA,IACF;AACA,QAAI,OAAO;AACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAO,oBAAQ;;;AClBf,OAAO,iBAAiB;AAExB,IAAM,eAAe;AAEd,IAAM,eAAe,YAAY,GAAG,YAAY,iBAAiB,yBAAyB,GAAG;AAC7F,IAAM,oBAAoB,YAAY,GAAG,YAAY,uBAAuB,yBAAyB,GAAG;AACxG,IAAM,0BAA0B,YAAY,GAAG,YAAY,yBAAyB,+DAA+D;;;AFH1J,OAAO,kBAAkB;AAIzB,SAAS,gBAAAA,qBAAoB;;;AGPtB,SAAS,sBAAuB,KAAK;AAC1C,MAAI,OAAO,CAAC,IAAI,OAAO;AACrB,UAAM,IAAI,MAAM,gFAAgF;AAAA,EAClG;AACA,SAAO,IAAI,MAAM;AACnB;AAEO,SAAS,SAAU,SAAS,SAAS,eAAe,aAAa,OAAO;AAC7E,MAAI,SAAS,CAAC;AACd,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM;AACT,WAAO,KAAK,aAAa;AACzB,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI,YAAY;AACd,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,eAAW;AACX,eAAW,OAAO,UAAU;AAC1B,iBAAW,SAAS,GAAG;AAAA,IACzB;AAAA,EACF,OAAO;AACL,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,MAAI,OAAO,aAAa,UAAU;AAChC,aAAS,SAAS,MAAM,GAAG;AAAA,EAC7B,WAAW,MAAM,QAAQ,QAAQ,GAAG;AAClC,aAAS;AAAA,EACX;AACA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,KAAK,aAAa;AAAA,EAC3B;AAEA,SAAO;AACT;;;AHxBA,IAAM,iBAAiB;AA8BhB,IAAM,oBAAsE,GAAG,OAAO,KAAsB,SAAuC;AACtJ,MAAI,SAAS,qBAAqB;AAAA,IAC9B;AAAA,EACJ,CAAC;AAED,MAAI,SAAS,cAAc;AAAA,IACvB,UAAU,KAAK,gBAAgB;AAAA,IAC/B,OAAO,KAAK,cAAc;AAAA,IAC1B,WAAW,KAAK,kBAAkB;AAAA,EACtC,CAAC;AAED,QAAM,IAAI,SAAS,aAA8C,KAAK,SAAS;AAE/E,QAAM,cAAc,KAAK;AACzB,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,aAAa,CAAC,CAAC,KAAK;AAC1B,QAAM,gBAAgB,KAAK,iBAAiB;AAE5C,iBAAe,oBAAoB;AAC/B,UAAM,YAAY,MAAM,IAAI,MAAM,QAAQ,wBAAwB,KAAK;AAEvE,QAAI,CAAC,UAAU,IAAI;AACf,YAAM;AAAA,IACV;AAEA,UAAM,QAAQ,MAAM,UAAU,KAAK;AACnC,UAAM,QAA4B,CAAC;AAAA,MAC/B,MAAM;AAAA,MACN,UAAU,OAAO,KAAK,IAAI,aAAa,QAAQ;AAAA,MAC/C,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACjB,CAAC;AAED,eAAW,QAAQ,OAAO;AACtB,YAAM,aAAa,MAAM,IAAI,MAAM,QAAQ,cAAc,KAAK,EAAE,WAAW,KAAK;AAEhF,UAAI,CAAC,WAAW,IAAI;AAChB,cAAM;AAAA,MACV;AAEA,YAAM,SAAS,MAAM,WAAW,KAAK;AAErC,iBAAW,SAAS,QAAQ;AACxB,cAAM,WAAW,KAAK;AAEtB,YAAI,CAAC,aAAa,MAAM,IAAI,MAAM,KAAK,MAAM,GAAG;AAEhD,YAAI,CAAC,IAAI,aAAa,SAAS,MAAM,GAAG;AACpC,cAAI,IAAI,MAAM,mBAAmB,MAAM,yBAAyB;AAChE;AAAA,QACJ;AAEA,gBAAQ,aAAa;AAAA,UACjB,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,QACR;AAEA,cAAM,cAAc,MAAM,KAAK,OAAK,EAAE,SAAS,YAAY,EAAE,WAAW,MAAM;AAC9E,YAAI,aAAa;AACb,cAAI,KAAK,QAAQ;AACb,wBAAY,WAAW,IAAI;AAAA,cACvB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,wBAAY,WAAW,IAAI;AAAA,UAC/B;AAAA,QACJ,OAAO;AACH,gBAAM,UAA4B;AAAA,YAC9B,MAAM;AAAA,YACN;AAAA,UACJ;AAEA,cAAI,KAAK,QAAQ;AACb,oBAAQ,WAAW,IAAI;AAAA,cACnB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,oBAAQ,WAAW,IAAI;AAAA,UAC3B;AAEA,cAAI,KAAK,UAAU;AACf,oBAAQ,WAAW;AAAA,cACf,QAAQ;AAAA,YACZ;AAAA,UACJ;AAEA,gBAAM,KAAK,OAAO;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,WAAW,MAAM,OAAO,CAAC,MAAM,SAAS;AAC1C,OAAC,KAAK,KAAK,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI;AACrC,aAAO;AAAA,IACX,GAAG,CAAC,CAAC;AAEL,eAAW,OAAO,UAAU;AACxB,UAAI,IAAI,KAAK,sBAAsB,GAAG,EAAE;AAExC,iBAAW,WAAW,SAAS,GAAG,GAAG;AAEjC,cAAM,EAAE,QAAQ,UAAU,MAAM,GAAG,MAAM,IAAI;AAC7C,YAAI,IAAI,KAAK,IAAK,UAAU,SAAS,KAAK,GAAG,CAAC,KAAK,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,MAC9E;AAAA,IACJ;AAEA,UAAM,kBAAkB,OAAO,KAAK,IAAI,aAAa,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEpH,QAAI,gBAAgB,QAAQ;AACxB,UAAI,IAAI,KAAK,+BAA+B,gBAAgB,KAAK,IAAI,CAAC,EAAE;AAAA,IAC5E;AAEA,QAAI,IAAI,MAAM,wBAAwB;AACtC,QAAI,IAAI,MAAM,KAAK;AACnB,WAAO;AAAA,EACX;AAEA,MAAI,gBAAgB,4BAA4B,SAAS;AAEzD,iBAAe,YAAY;AAEvB,UAAM,KAAK,YAAY;AAGvB,QAAI,iBAAiB;AACrB,QAAI,eAAe,KAAK,QAAQ,6BAA6B,MAAM,aAAa;AAC5E,UAAI,KAAK,UAAU,KAAK;AACpB,yBAAiB;AAAA,MACrB,OAAO;AACH,aAAK,IAAI,KAAK,uBAAuB;AACrC,aAAK,OAAO,IAAI,MAAM,KAAK,SAAS;AAAA,UAChC,KAAK,CAAC,QAAQ,QAAQ;AAClB,gBAAI;AACJ,gBAAI,CAAC,OAAO,IAAI,SAAS,CAAC,GAAG;AACzB,oBAAM,SAAS,IAAI,SAAS,EAAE,YAAY;AAC1C,sBAAQ,OAAO,MAAM;AAAA,YACzB,OAAO;AACH,sBAAQ,OAAO,IAAI,SAAS,CAAC;AAAA,YACjC;AAEA,gBAAI,CAAC,SAAS,IAAI,SAAS,EAAE,YAAY,MAAM,QAAQ,YAAY,GAAG;AAClE,sBAAQ;AAAA,YACZ;AACA,mBAAO;AAAA,UACX;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAEA,QAAI,gBAAgB;AAEhB,WAAK,OAAO;AAAA;AAAA,QAER,CAAC,OAAO,GAAG,KAAK,QAAQ,qBAAqB,KAAK;AAAA,MACtD;AAAA,IACJ;AAAA,EACJ;AAEA,MAAI,QAAQ,WAAW,iBAAkB;AACrC,UAAM,QAAQ,MAAM,kBAAkB;AAEtC,QAAI,aAAa,QAAQ;AAGzB,UAAM,cAAc,CAAC;AACrB,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACnC,YAAM,OAAO,MAAM,CAAC;AAEpB,UAAI,eAAe;AACnB,UAAI,KAAK,QAAQ;AACb,uBAAe,CAAC,KAAK,MAAM;AAAA,MAC/B,WAAW,KAAK,UAAU;AACtB,uBAAe,CAAC,GAAG,KAAK,QAAQ;AAAA,MACpC,OAAO;AACH,cAAM,IAAI,MAAM,wCAAwC,CAAC,EAAE;AAAA,MAC/D;AAEA,iBAAW,cAAc,cAAc;AACnC,cAAM,UAAU,EAAE,GAAG,MAAM,QAAQ,YAAY,UAAU,OAAU;AACnE,YAAI,CAAC,IAAI,aAAa,SAAS,QAAQ,MAAM,GAAG;AAC5C,gBAAM,IAAI,MAAM,mBAAmB,UAAU,2BAA2B,CAAC,EAAE;AAAA,QAC/E;AAEA,YAAI,CAAC,YAAY,UAAU,GAAG;AAC1B,sBAAY,UAAU,IAAI,CAAC;AAAA,QAC/B;AACA,oBAAY,UAAU,EAAE,KAAK,OAAO;AAAA,MACxC;AAAA,IACJ;AAEA,eAAW,aAAa,OAAO,KAAK,IAAI,aAAa,QAAQ,GAAG;AAiD5D,UAAS,cAAT,SAAqB,KAA0B;AAC3C,eAAO,CAAC;AAAA,MACZ;AAlDA,YAAMC,SAAQ,YAAY,SAAS,KAAK,CAAC;AACzC,YAAM,OAAO,IAAI,aAAa,SAAS,SAAS;AAGhD,UAAI;AACJ,YAAM,sBAAsB;AAwB5B,UAAI,4BAA4B,qBAAqB;AACjD,cAAM,IAAI,MAAM,4BAA4B,SAAS,wCAAwC;AAAA,MACjG;AAGA,UAAI,aAAa;AACb,QAAAA,OAAM,KAAK;AAAA,UACP,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,YAAY;AAAA,QAChB,CAAC;AAAA,MACL;AAIA,sCAAgC,MAAMA,MAAK;AAM3C,UAAI,aAAa,eAAe,WAAW;AAAA,QACvC,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,IAAI,CAAC,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AACxF,8BAAoB,KAAK,MAAM,UAAU,OAAO,KAAK,IAAI,aAAa,SAAS,SAAS,EAAE,MAAM,CAAC;AACjG,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,OAAO,QAAQ,IAAI;AAEjE,iBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QAC3D;AAAA,QACA,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC1D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,KAAK,OAAO,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AACA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,KAAK;AAEzC,cAAI,KAAK,UAAU;AACf,uBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,oBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,kBAAI,OAAO,aAAa,YAAY;AAChC,sBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,cAClE,OAAO;AACH,sBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,cACtC;AAAA,YACJ;AAAA,UACJ;AAEA,gBAAM,oBAAoB,MAAM,KAAK,UAAU,MAAM;AACrD,gBAAM,kBAAkB,CAAC;AACzB,0BAAgB,KAAK,UAAU,IAAI,EAAE,IAAI,MAAM,KAAK,UAAU,EAAE;AAEhE,cAAI,mBAAmB;AACnB,kBAAM,QAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,iBAAiB,QAAQ,IAAI;AAEjF,kBAAM,QAAQ,MAAM,KAAK,KAAK;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,YACJ,CAAC;AAED,gBAAI,MAAM,WAAW,GAAG;AACpB,oBAAM,IAAI,aAAa;AAAA,YAC3B;AAEA,mBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AAEA,iBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC3D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC9D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AAEA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,MAAM;AAG1C,cAAI,KAAK,UAAU;AACf,uBAAW,SAAS,QAAQ;AACxB,yBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,sBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,oBAAI,OAAO,aAAa,YAAY;AAChC,wBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,gBAClE,OAAO;AACH,wBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,gBACtC;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEA,iBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC9D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC9D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC7D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,QAAQ,OAAO,QAAQ,IAAI;AAEnE,iBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7D;AAAA,QAEA,MAAM,WAAW,oBAAoB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AACtE,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UACjE;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAKA,QAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,YAAY,OAAO,QAAQ,IAAI;AAEvE,iBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QACjE;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ,CAAC;AACL,GAAG,EAAE,MAAM,8BAA8B,CAAC;AAE1C,eAAe,gBAAgB,KAA0B,MAAM,OAAO,MAAM;AACxE,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,UAAU,sBAAsB,GAAG;AAEzC,UAAQ,SAAS,CAAC;AAElB,MAAI,OAAO,SAAS,UAAU;AAC1B,UAAM,EAAE,OAAO,IAAI;AAGnB,QAAI,QAAQ;AACR,iBAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACnC,cAAM,UAAU,OAAO,GAAG;AAC1B,YAAI,OAAO,YAAY,UAAU;AAE7B,gBAAM,GAAG,IAAI;AAAA,YACT,IAAI,QAAQ,KAAK,OAAO;AAAA,UAC5B;AAAA,QACJ,OAAO;AAKH,qBAAW,aAAa,OAAO,KAAK,OAAO,GAAG;AAC1C,kBAAM,SAAS,QAAQ,SAAS;AAChC,kBAAM,GAAG,IAAI;AAAA,cACT,CAAC,SAAS,GAAG,QAAQ,KAAK,MAAM;AAAA,YACpC;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS,YAAY;AACnC,YAAQ,MAAM,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC;AAAA,EAC3C;AACA,SAAO;AACX;AAEA,eAAsB,uBAAuB,KAA0B,OAA2B,SAAiB,eAAuB,aAAa,OAAO;AAC1J,QAAM,UAAU,sBAAsB,GAAG;AACzC,QAAM,QAAQ,yBAAyB;AACvC,QAAM,QAAQ,SAAS,SAAS,SAAS,eAAe,UAAU;AAClE,QAAM,OAAO,kBAAS,OAAO,KAAK;AAClC,MAAI,CAAC,MAAM;AACP,QAAI,MAAM,QAAQ,IAAI,KAAK,EAAE,OAAO,MAAM,GAAG,mBAAmB;AAChE,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,MAAI,MAAM,QAAQ,IAAI,MAAM,EAAE,OAAO,KAAK,GAAG,YAAY;AACzD,SAAO;AACX;AAEO,SAAS,oBAAoB,MAAM,QAAQ;AAC9C,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,eAAW,SAAS,QAAQ;AACxB,UAAI,CAAC,eAAe,SAAS,KAAK,GAAG;AACjC,cAAM,IAAI,kBAAkB,KAAK;AAAA,MACrC;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAM,iBAAiB,CAAC,QAAQ,mBAAmB;AAC/C,aAAW,SAAS,QAAQ;AACxB,UAAM,cAAc,OAAO,KAAK,KAAK;AACrC,eAAW,cAAc,aAAa;AAClC,UAAI,CAAC,eAAe,SAAS,UAAU,GAAG;AACtC,cAAM,IAAI,kBAAkB,UAAU;AAAA,MAC1C;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,SAAS,yBAAyB,MAAM,QAAQ;AAC5C,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,QAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AAExB,qBAAe,CAAC,MAAM,GAAG,cAAc;AAAA,IAC3C,OAAO;AAEH,qBAAe,QAAQ,cAAc;AAAA,IACzC;AAAA,EACJ;AACJ;AAEA,SAAS,gCAAgC,MAAc,OAAO;AAE1D,QAAM,kBACF,OAAO,OAAO,KAAK,MAAM,EACpB,OAAO,OAAM,CAAC,EAAE,cAAc,CAAC,EAAE,UAAW,EAC5C,IAAI,CAAC,EAAE,UAAU,MAAO,SAAU;AAE3C,aAAW,QAAQ,OAAO;AACtB,UAAM,EAAE,QAAQ,KAAK,IAAI;AACzB,QAAI,QAAQ,KAAK,QAAQ;AACrB,YAAM,SAAS,KAAK;AACpB,iBAAW,UAAU,iBAAiB;AAClC,YAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC1B,gBAAM,IAAI,wBAAwB,QAAQ,MAAM;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAO,gBAAQ;","names":["fastifyLogto","rules"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/utils/find-rule.ts","../src/utils/errors.ts","../src/utils/utils.ts"],"sourcesContent":["import fp from 'fastify-plugin'\nimport * as fastifyUser from 'fastify-user'\n\nimport findRule from './utils/find-rule.js'\nimport { Unauthorized, UnauthorizedField, MissingNotNullableError } from './utils/errors.js'\nimport fastifyLogto from '@albirex/fastify-logto';\nimport { FastifyInstance, FastifyPluginAsync } from 'fastify'\nimport type { FastifyUserPluginOptions } from 'fastify-user';\nimport type { Entity, PlatformaticContext } from '@platformatic/sql-mapper'\nexport { fastifyLogto } from '@albirex/fastify-logto';\n\nimport { getRequestFromContext, getRoles } from './utils/utils.js'\nexport { getRequestFromContext, getRoles } from './utils/utils.js'\n\nconst PLT_ADMIN_ROLE = 'platformatic-admin'\n\nexport type PlatformaticRule = {\n role: string;\n entity?: string;\n entities?: string[];\n defaults?: Record<string, string>;\n checks?: boolean;\n find?: boolean;\n save?: boolean;\n delete?: boolean;\n [action: string]: unknown;\n};\n\nexport type PlatformaticLogtoAuthOptions = {\n logtoBaseUrl?: string;\n logtoAppId?: string;\n logtoAppSecret?: string;\n adminSecret?: string;\n rolePath?: string;\n roleKey?: string;\n userPath?: string;\n userKey?: string;\n anonymousRole?: string;\n allowAnonymous?: boolean;\n checks?: boolean;\n defaults?: boolean;\n jwtPlugin: FastifyUserPluginOptions\n};\n\nexport const platformaticLogto: FastifyPluginAsync<PlatformaticLogtoAuthOptions> = fp(async (app: FastifyInstance, opts: PlatformaticLogtoAuthOptions) => {\n app.decorate('platformaticLogTo', {\n opts\n })\n\n app.register(fastifyLogto, {\n endpoint: opts.logtoBaseUrl || 'https://auth.example.com',\n appId: opts.logtoAppId || 'your-app-id',\n appSecret: opts.logtoAppSecret || 'your-app-secret',\n });\n\n await app.register(fastifyUser as unknown as FastifyPluginAsync, opts.jwtPlugin);\n\n const adminSecret = opts.adminSecret\n const roleKey = opts.rolePath || opts.roleKey || 'X-PLATFORMATIC-ROLE'\n const userKey = opts.userPath || opts.userKey || 'X-PLATFORMATIC-USER-ID'\n const isRolePath = !!opts.rolePath // if `true` the role is intepreted as path like `user.role`\n const anonymousRole = opts.anonymousRole || 'anonymous'\n\n async function composeLogToRules() {\n const rolesResp = await app.logto.callAPI('/api/roles?type=User', 'GET');\n\n if (!rolesResp.ok) {\n throw rolesResp;\n }\n\n const roles = await rolesResp.json();\n const rules: PlatformaticRule[] = [{\n role: anonymousRole,\n entities: Object.keys(app.platformatic.entities),\n find: opts.allowAnonymous,\n save: opts.allowAnonymous,\n delete: opts.allowAnonymous,\n }];\n\n for (const role of roles) {\n const scopesResp = await app.logto.callAPI(`/api/roles/${role.id}/scopes`, 'GET');\n\n if (!scopesResp.ok) {\n throw scopesResp;\n }\n\n const scopes = await scopesResp.json();\n\n for (const scope of scopes) {\n const roleName = role.name;\n // eslint-disable-next-line prefer-const\n let [scopeAction, entity] = scope.name.split(':');\n\n if (!app.platformatic.entities[entity]) {\n app.log.debug(`Unknown entity '${entity}' in authorization rule`)\n continue;\n }\n\n switch (scopeAction) {\n case 'create':\n scopeAction = 'save'\n break;\n case 'read':\n scopeAction = 'find'\n break;\n case 'update':\n scopeAction = 'updateMany'\n break;\n }\n\n const checkExists = rules.find(r => r.role === roleName && r.entity === entity);\n if (checkExists) {\n if (opts.checks) {\n checkExists[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n checkExists[scopeAction] = true;\n }\n } else {\n const newRule: PlatformaticRule = {\n role: roleName,\n entity,\n };\n\n if (opts.checks) {\n newRule[scopeAction] = {\n checks: {\n userId: userKey\n }\n };\n } else {\n newRule[scopeAction] = true;\n }\n\n if (opts.defaults) {\n newRule.defaults = {\n userId: userKey\n };\n }\n\n rules.push(newRule);\n }\n }\n }\n\n const logRules = rules.reduce((prev, curr) => {\n (prev[curr['role']] ??= []).push(curr);\n return prev;\n }, {})\n\n for (const key in logRules) {\n app.log.info(`Rules set for role ${key}`);\n\n for (const element of logRules[key]) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { entity, entities, role, ...other } = element;\n app.log.info(`\\t${entity ?? entities.join(',')}: ${JSON.stringify(other)}`);\n }\n }\n\n const missingEntities = Object.keys(app.platformatic.entities).filter((e) => !rules.map((r) => r.entity).includes(e));\n\n if (missingEntities.length) {\n app.log.warn(`Missing rules for entities: ${missingEntities.join(', ')}`);\n }\n\n app.log.debug('LogTo calculated rules');\n app.log.debug(rules);\n return rules;\n }\n\n app.decorateRequest('setupDBAuthorizationUser', setupUser)\n\n async function setupUser() {\n // if (!adminSecret) {\n await this.extractUser()\n // }\n\n let forceAdminRole = false\n if (adminSecret && this.headers['x-platformatic-admin-secret'] === adminSecret) {\n if (opts.jwtPlugin.jwt) {\n forceAdminRole = true\n } else {\n this.log.info('admin secret is valid')\n this.user = new Proxy(this.headers, {\n get: (target, key) => {\n let value;\n if (!target[key.toString()]) {\n const newKey = key.toString().toLowerCase()\n value = target[newKey]\n } else {\n value = target[key.toString()]\n }\n\n if (!value && key.toString().toLowerCase() === roleKey.toLowerCase()) {\n value = PLT_ADMIN_ROLE\n }\n return value\n },\n })\n }\n }\n\n if (forceAdminRole) {\n // We replace just the role in `request.user`, all the rest is untouched\n this.user = {\n // ...request.user,\n [roleKey]: this.headers['x-platformatic-role'] ?? PLT_ADMIN_ROLE\n }\n }\n }\n\n app.addHook('onReady', async function () {\n const logToRules = await composeLogToRules();\n\n app.platformaticLogTo.rules = logToRules;\n\n // TODO validate that there is at most a rule for a given role\n const entityRules = {};\n for (let i = 0; i < logToRules.length; i++) {\n const rule = logToRules[i]\n\n let ruleEntities = null\n if (rule.entity) {\n ruleEntities = [rule.entity]\n } else if (rule.entities) {\n ruleEntities = [...rule.entities]\n } else {\n throw new Error(`Missing entity in authorization rule ${i}`)\n }\n\n for (const ruleEntity of ruleEntities) {\n const newRule = { ...rule, entity: ruleEntity, entities: undefined }\n if (!app.platformatic.entities[newRule.entity]) {\n throw new Error(`Unknown entity '${ruleEntity}' in authorization rule ${i}`)\n }\n\n if (!entityRules[ruleEntity]) {\n entityRules[ruleEntity] = []\n }\n entityRules[ruleEntity].push(newRule)\n }\n }\n\n for (const entityKey of Object.keys(app.platformatic.entities)) {\n const rules = entityRules[entityKey] || []\n const type = app.platformatic.entities[entityKey]\n\n // We have subscriptions!\n let userPropToFillForPublish\n const topicsWithoutChecks = false\n\n // mqtt\n // if (app.platformatic.mq) {\n // for (const rule of rules) {\n // const checks = rule.find?.checks\n // if (typeof checks !== 'object') {\n // topicsWithoutChecks = !!rule.find\n // continue\n // }\n // const keys = Object.keys(checks)\n // if (keys.length !== 1) {\n // throw new Error(`Subscription requires that the role \"${rule.role}\" has only one check in the find rule for entity \"${rule.entity}\"`)\n // }\n // const key = keys[0]\n\n // const val = typeof checks[key] === 'object' ? checks[key].eq : checks[key]\n // if (userPropToFillForPublish && userPropToFillForPublish.val !== val) {\n // throw new Error('Unable to configure subscriptions and authorization due to multiple check clauses in find')\n // }\n // userPropToFillForPublish = { key, val }\n // }\n // }\n\n if (userPropToFillForPublish && topicsWithoutChecks) {\n throw new Error(`Subscription for entity \"${entityKey}\" have conflictling rules across roles`)\n }\n\n // MUST set this after doing the security checks on the subscriptions\n if (adminSecret) {\n rules.push({\n role: PLT_ADMIN_ROLE,\n find: true,\n save: true,\n delete: true,\n updateMany: true\n })\n }\n\n // If we have `fields` in save rules, we need to check if all the not-nullable\n // fields are specified\n checkSaveMandatoryFieldsInRules(type, rules)\n\n function useOriginal(ctx: PlatformaticContext) {\n return !ctx\n }\n\n app.platformatic.addEntityHooks(entityKey, {\n async find(originalFind, { where, ctx, fields, ...restOpts } = {}) {\n if (useOriginal(ctx)) {\n return originalFind({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n checkFieldsFromRule(rule.find, fields || Object.keys(app.platformatic.entities[entityKey].fields))\n where = await fromRuleToWhere(ctx, rule.find, where, request.user)\n\n return originalFind({ ...restOpts, where, ctx, fields })\n },\n async save(originalSave, { input, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalSave({ ctx, input, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, input)\n\n if (rule.defaults) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n\n const hasAllPrimaryKeys = input[type.primaryKey] !== undefined;\n const whereConditions = {}\n whereConditions[type.primaryKey] = { eq: input[type.primaryKey] }\n\n if (hasAllPrimaryKeys) {\n const where = await fromRuleToWhere(ctx, rule.save, whereConditions, request.user)\n\n const found = await type.find({\n where,\n ctx,\n fields,\n })\n\n if (found.length === 0) {\n throw new Unauthorized()\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n }\n\n return originalSave({ input, ctx, fields, ...restOpts })\n },\n\n async insert(originalInsert, { inputs, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n if (!rule.save) {\n throw new Unauthorized()\n }\n\n checkFieldsFromRule(rule.save, fields)\n checkInputFromRuleFields(rule.save, inputs)\n\n /* istanbul ignore else */\n if (rule.defaults) {\n for (const input of inputs) {\n for (const key of Object.keys(rule.defaults)) {\n const defaults = rule.defaults[key]\n if (typeof defaults === 'function') {\n input[key] = await defaults({ user: request.user, ctx, input })\n } else {\n input[key] = request.user[defaults]\n }\n }\n }\n }\n\n return originalInsert({ inputs, ctx, fields, ...restOpts })\n },\n\n async delete(originalDelete, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalDelete({ where, ctx, fields, ...restOpts })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.delete, where, request.user)\n\n return originalDelete({ where, ctx, fields, ...restOpts })\n },\n\n async updateMany(originalUpdateMany, { where, ctx, fields, ...restOpts }) {\n if (useOriginal(ctx)) {\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n }\n const request = getRequestFromContext(ctx)\n const rule = await findRuleForRequestUser(ctx, rules, roleKey, anonymousRole, isRolePath)\n\n where = await fromRuleToWhere(ctx, rule.updateMany, where, request.user)\n\n return originalUpdateMany({ ...restOpts, where, ctx, fields })\n },\n })\n }\n })\n}, { name: '@albirex/platformatic-logto' });\n\nasync function fromRuleToWhere(ctx: PlatformaticContext, rule, where, user) {\n if (!rule) {\n throw new Unauthorized()\n }\n const request = getRequestFromContext(ctx)\n /* istanbul ignore next */\n where = where || {}\n\n if (typeof rule === 'object') {\n const { checks } = rule\n\n /* istanbul ignore else */\n if (checks) {\n for (const key of Object.keys(checks)) {\n const clauses = checks[key]\n if (typeof clauses === 'string') {\n // case: \"userId\": \"X-PLATFORMATIC-USER-ID\"\n where[key] = {\n eq: request.user[clauses],\n }\n } else {\n // case:\n // userId: {\n // eq: 'X-PLATFORMATIC-USER-ID'\n // }\n for (const clauseKey of Object.keys(clauses)) {\n const clause = clauses[clauseKey]\n where[key] = {\n [clauseKey]: request.user[clause],\n }\n }\n }\n }\n }\n } else if (typeof rule === 'function') {\n where = await rule({ user, ctx, where })\n }\n return where\n}\n\nexport async function findRuleForRequestUser(ctx: PlatformaticContext, rules: PlatformaticRule[], roleKey: string, anonymousRole: string, isRolePath = false) {\n const request = getRequestFromContext(ctx)\n await request.setupDBAuthorizationUser()\n const roles = getRoles(request, roleKey, anonymousRole, isRolePath)\n const rule = findRule(rules, roles)\n if (!rule) {\n ctx.reply.request.log.warn({ roles, rules }, 'no rule for roles')\n throw new Unauthorized()\n }\n ctx.reply.request.log.trace({ roles, rule }, 'found rule')\n return rule\n}\n\nexport function checkFieldsFromRule(rule, fields) {\n if (!rule) {\n throw new Unauthorized()\n }\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n for (const field of fields) {\n if (!fieldsFromRule.includes(field)) {\n throw new UnauthorizedField(field)\n }\n }\n }\n}\n\nconst validateInputs = (inputs, fieldsFromRule) => {\n for (const input of inputs) {\n const inputFields = Object.keys(input)\n for (const inputField of inputFields) {\n if (!fieldsFromRule.includes(inputField)) {\n throw new UnauthorizedField(inputField)\n }\n }\n }\n}\n\nfunction checkInputFromRuleFields(rule, inputs) {\n const { fields: fieldsFromRule } = rule\n /* istanbul ignore else */\n if (fieldsFromRule) {\n if (!Array.isArray(inputs)) {\n // save\n validateInputs([inputs], fieldsFromRule)\n } else {\n // insert\n validateInputs(inputs, fieldsFromRule)\n }\n }\n}\n\nfunction checkSaveMandatoryFieldsInRules(type: Entity, rules) {\n // List of not nullable, not PKs field to validate save/insert when allowed fields are specified on the rule\n const mandatoryFields =\n Object.values(type.fields)\n .filter(k => (!k.isNullable && !k.primaryKey))\n .map(({ camelcase }) => (camelcase))\n\n for (const rule of rules) {\n const { entity, save } = rule\n if (save && save.fields) {\n const fields = save.fields\n for (const mField of mandatoryFields) {\n if (!fields.includes(mField)) {\n throw new MissingNotNullableError(mField, entity)\n }\n }\n }\n }\n}\n\nexport default platformaticLogto;\n\ndeclare module 'fastify' {\n interface FastifyInstance {\n platformaticLogTo: {\n opts: PlatformaticLogtoAuthOptions,\n rules?: PlatformaticRule[]\n }\n }\n}","'use strict'\n\nimport { PlatformaticRule } from '../index.js'\n\nfunction findRule(rules: PlatformaticRule[], roles: string[]) {\n let found = null\n for (const rule of rules) {\n for (const role of roles) {\n if (rule.role === role) {\n found = rule\n break\n }\n }\n if (found) {\n break\n }\n }\n return found\n}\n\nexport default findRule\n","'use strict'\n\nimport createError from '@fastify/error'\n\nconst ERROR_PREFIX = 'PLT_DB_AUTH'\n\nexport const Unauthorized = createError(`${ERROR_PREFIX}_UNAUTHORIZED`, 'operation not allowed', 401)\nexport const UnauthorizedField = createError(`${ERROR_PREFIX}_FIELD_UNAUTHORIZED`, 'field not allowed: %s', 401)\nexport const MissingNotNullableError = createError(`${ERROR_PREFIX}_NOT_NULLABLE_MISSING`, 'missing not nullable field: \"%s\" in save rule for entity \"%s\"')\n","'use strict'\n\nexport function getRequestFromContext (ctx) {\n if (ctx && !ctx.reply) {\n throw new Error('Missing reply in context. You should call this function with { ctx: { reply }}')\n }\n return ctx.reply.request\n}\n\nexport function getRoles (request, roleKey, anonymousRole, isRolePath = false) {\n let output = []\n const user = request.user\n if (!user) {\n output.push(anonymousRole)\n return output\n }\n\n let rolesRaw\n if (isRolePath) {\n const roleKeys = roleKey.split('.')\n rolesRaw = user\n for (const key of roleKeys) {\n rolesRaw = rolesRaw[key]\n }\n } else {\n rolesRaw = user[roleKey]\n }\n\n if (typeof rolesRaw === 'string') {\n output = rolesRaw.split(',')\n } else if (Array.isArray(rolesRaw)) {\n output = rolesRaw\n }\n if (output.length === 0) {\n output.push(anonymousRole)\n }\n\n return output\n}\n"],"mappings":";AAAA,OAAO,QAAQ;AACf,YAAY,iBAAiB;;;ACG7B,SAAS,SAAS,OAA2B,OAAiB;AAC5D,MAAI,QAAQ;AACZ,aAAW,QAAQ,OAAO;AACxB,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,MAAM;AACtB,gBAAQ;AACR;AAAA,MACF;AAAA,IACF;AACA,QAAI,OAAO;AACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAO,oBAAQ;;;AClBf,OAAO,iBAAiB;AAExB,IAAM,eAAe;AAEd,IAAM,eAAe,YAAY,GAAG,YAAY,iBAAiB,yBAAyB,GAAG;AAC7F,IAAM,oBAAoB,YAAY,GAAG,YAAY,uBAAuB,yBAAyB,GAAG;AACxG,IAAM,0BAA0B,YAAY,GAAG,YAAY,yBAAyB,+DAA+D;;;AFH1J,OAAO,kBAAkB;AAIzB,SAAS,gBAAAA,qBAAoB;;;AGPtB,SAAS,sBAAuB,KAAK;AAC1C,MAAI,OAAO,CAAC,IAAI,OAAO;AACrB,UAAM,IAAI,MAAM,gFAAgF;AAAA,EAClG;AACA,SAAO,IAAI,MAAM;AACnB;AAEO,SAAS,SAAU,SAAS,SAAS,eAAe,aAAa,OAAO;AAC7E,MAAI,SAAS,CAAC;AACd,QAAM,OAAO,QAAQ;AACrB,MAAI,CAAC,MAAM;AACT,WAAO,KAAK,aAAa;AACzB,WAAO;AAAA,EACT;AAEA,MAAI;AACJ,MAAI,YAAY;AACd,UAAM,WAAW,QAAQ,MAAM,GAAG;AAClC,eAAW;AACX,eAAW,OAAO,UAAU;AAC1B,iBAAW,SAAS,GAAG;AAAA,IACzB;AAAA,EACF,OAAO;AACL,eAAW,KAAK,OAAO;AAAA,EACzB;AAEA,MAAI,OAAO,aAAa,UAAU;AAChC,aAAS,SAAS,MAAM,GAAG;AAAA,EAC7B,WAAW,MAAM,QAAQ,QAAQ,GAAG;AAClC,aAAS;AAAA,EACX;AACA,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,KAAK,aAAa;AAAA,EAC3B;AAEA,SAAO;AACT;;;AHxBA,IAAM,iBAAiB;AA8BhB,IAAM,oBAAsE,GAAG,OAAO,KAAsB,SAAuC;AACtJ,MAAI,SAAS,qBAAqB;AAAA,IAC9B;AAAA,EACJ,CAAC;AAED,MAAI,SAAS,cAAc;AAAA,IACvB,UAAU,KAAK,gBAAgB;AAAA,IAC/B,OAAO,KAAK,cAAc;AAAA,IAC1B,WAAW,KAAK,kBAAkB;AAAA,EACtC,CAAC;AAED,QAAM,IAAI,SAAS,aAA8C,KAAK,SAAS;AAE/E,QAAM,cAAc,KAAK;AACzB,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,UAAU,KAAK,YAAY,KAAK,WAAW;AACjD,QAAM,aAAa,CAAC,CAAC,KAAK;AAC1B,QAAM,gBAAgB,KAAK,iBAAiB;AAE5C,iBAAe,oBAAoB;AAC/B,UAAM,YAAY,MAAM,IAAI,MAAM,QAAQ,wBAAwB,KAAK;AAEvE,QAAI,CAAC,UAAU,IAAI;AACf,YAAM;AAAA,IACV;AAEA,UAAM,QAAQ,MAAM,UAAU,KAAK;AACnC,UAAM,QAA4B,CAAC;AAAA,MAC/B,MAAM;AAAA,MACN,UAAU,OAAO,KAAK,IAAI,aAAa,QAAQ;AAAA,MAC/C,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,IACjB,CAAC;AAED,eAAW,QAAQ,OAAO;AACtB,YAAM,aAAa,MAAM,IAAI,MAAM,QAAQ,cAAc,KAAK,EAAE,WAAW,KAAK;AAEhF,UAAI,CAAC,WAAW,IAAI;AAChB,cAAM;AAAA,MACV;AAEA,YAAM,SAAS,MAAM,WAAW,KAAK;AAErC,iBAAW,SAAS,QAAQ;AACxB,cAAM,WAAW,KAAK;AAEtB,YAAI,CAAC,aAAa,MAAM,IAAI,MAAM,KAAK,MAAM,GAAG;AAEhD,YAAI,CAAC,IAAI,aAAa,SAAS,MAAM,GAAG;AACpC,cAAI,IAAI,MAAM,mBAAmB,MAAM,yBAAyB;AAChE;AAAA,QACJ;AAEA,gBAAQ,aAAa;AAAA,UACjB,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,UACJ,KAAK;AACD,0BAAc;AACd;AAAA,QACR;AAEA,cAAM,cAAc,MAAM,KAAK,OAAK,EAAE,SAAS,YAAY,EAAE,WAAW,MAAM;AAC9E,YAAI,aAAa;AACb,cAAI,KAAK,QAAQ;AACb,wBAAY,WAAW,IAAI;AAAA,cACvB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,wBAAY,WAAW,IAAI;AAAA,UAC/B;AAAA,QACJ,OAAO;AACH,gBAAM,UAA4B;AAAA,YAC9B,MAAM;AAAA,YACN;AAAA,UACJ;AAEA,cAAI,KAAK,QAAQ;AACb,oBAAQ,WAAW,IAAI;AAAA,cACnB,QAAQ;AAAA,gBACJ,QAAQ;AAAA,cACZ;AAAA,YACJ;AAAA,UACJ,OAAO;AACH,oBAAQ,WAAW,IAAI;AAAA,UAC3B;AAEA,cAAI,KAAK,UAAU;AACf,oBAAQ,WAAW;AAAA,cACf,QAAQ;AAAA,YACZ;AAAA,UACJ;AAEA,gBAAM,KAAK,OAAO;AAAA,QACtB;AAAA,MACJ;AAAA,IACJ;AAEA,UAAM,WAAW,MAAM,OAAO,CAAC,MAAM,SAAS;AAC1C,OAAC,KAAK,KAAK,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI;AACrC,aAAO;AAAA,IACX,GAAG,CAAC,CAAC;AAEL,eAAW,OAAO,UAAU;AACxB,UAAI,IAAI,KAAK,sBAAsB,GAAG,EAAE;AAExC,iBAAW,WAAW,SAAS,GAAG,GAAG;AAEjC,cAAM,EAAE,QAAQ,UAAU,MAAM,GAAG,MAAM,IAAI;AAC7C,YAAI,IAAI,KAAK,IAAK,UAAU,SAAS,KAAK,GAAG,CAAC,KAAK,KAAK,UAAU,KAAK,CAAC,EAAE;AAAA,MAC9E;AAAA,IACJ;AAEA,UAAM,kBAAkB,OAAO,KAAK,IAAI,aAAa,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;AAEpH,QAAI,gBAAgB,QAAQ;AACxB,UAAI,IAAI,KAAK,+BAA+B,gBAAgB,KAAK,IAAI,CAAC,EAAE;AAAA,IAC5E;AAEA,QAAI,IAAI,MAAM,wBAAwB;AACtC,QAAI,IAAI,MAAM,KAAK;AACnB,WAAO;AAAA,EACX;AAEA,MAAI,gBAAgB,4BAA4B,SAAS;AAEzD,iBAAe,YAAY;AAEvB,UAAM,KAAK,YAAY;AAGvB,QAAI,iBAAiB;AACrB,QAAI,eAAe,KAAK,QAAQ,6BAA6B,MAAM,aAAa;AAC5E,UAAI,KAAK,UAAU,KAAK;AACpB,yBAAiB;AAAA,MACrB,OAAO;AACH,aAAK,IAAI,KAAK,uBAAuB;AACrC,aAAK,OAAO,IAAI,MAAM,KAAK,SAAS;AAAA,UAChC,KAAK,CAAC,QAAQ,QAAQ;AAClB,gBAAI;AACJ,gBAAI,CAAC,OAAO,IAAI,SAAS,CAAC,GAAG;AACzB,oBAAM,SAAS,IAAI,SAAS,EAAE,YAAY;AAC1C,sBAAQ,OAAO,MAAM;AAAA,YACzB,OAAO;AACH,sBAAQ,OAAO,IAAI,SAAS,CAAC;AAAA,YACjC;AAEA,gBAAI,CAAC,SAAS,IAAI,SAAS,EAAE,YAAY,MAAM,QAAQ,YAAY,GAAG;AAClE,sBAAQ;AAAA,YACZ;AACA,mBAAO;AAAA,UACX;AAAA,QACJ,CAAC;AAAA,MACL;AAAA,IACJ;AAEA,QAAI,gBAAgB;AAEhB,WAAK,OAAO;AAAA;AAAA,QAER,CAAC,OAAO,GAAG,KAAK,QAAQ,qBAAqB,KAAK;AAAA,MACtD;AAAA,IACJ;AAAA,EACJ;AAEA,MAAI,QAAQ,WAAW,iBAAkB;AACrC,UAAM,aAAa,MAAM,kBAAkB;AAE3C,QAAI,kBAAkB,QAAQ;AAG9B,UAAM,cAAc,CAAC;AACrB,aAAS,IAAI,GAAG,IAAI,WAAW,QAAQ,KAAK;AACxC,YAAM,OAAO,WAAW,CAAC;AAEzB,UAAI,eAAe;AACnB,UAAI,KAAK,QAAQ;AACb,uBAAe,CAAC,KAAK,MAAM;AAAA,MAC/B,WAAW,KAAK,UAAU;AACtB,uBAAe,CAAC,GAAG,KAAK,QAAQ;AAAA,MACpC,OAAO;AACH,cAAM,IAAI,MAAM,wCAAwC,CAAC,EAAE;AAAA,MAC/D;AAEA,iBAAW,cAAc,cAAc;AACnC,cAAM,UAAU,EAAE,GAAG,MAAM,QAAQ,YAAY,UAAU,OAAU;AACnE,YAAI,CAAC,IAAI,aAAa,SAAS,QAAQ,MAAM,GAAG;AAC5C,gBAAM,IAAI,MAAM,mBAAmB,UAAU,2BAA2B,CAAC,EAAE;AAAA,QAC/E;AAEA,YAAI,CAAC,YAAY,UAAU,GAAG;AAC1B,sBAAY,UAAU,IAAI,CAAC;AAAA,QAC/B;AACA,oBAAY,UAAU,EAAE,KAAK,OAAO;AAAA,MACxC;AAAA,IACJ;AAEA,eAAW,aAAa,OAAO,KAAK,IAAI,aAAa,QAAQ,GAAG;AAiD5D,UAAS,cAAT,SAAqB,KAA0B;AAC3C,eAAO,CAAC;AAAA,MACZ;AAlDA,YAAM,QAAQ,YAAY,SAAS,KAAK,CAAC;AACzC,YAAM,OAAO,IAAI,aAAa,SAAS,SAAS;AAGhD,UAAI;AACJ,YAAM,sBAAsB;AAwB5B,UAAI,4BAA4B,qBAAqB;AACjD,cAAM,IAAI,MAAM,4BAA4B,SAAS,wCAAwC;AAAA,MACjG;AAGA,UAAI,aAAa;AACb,cAAM,KAAK;AAAA,UACP,MAAM;AAAA,UACN,MAAM;AAAA,UACN,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,YAAY;AAAA,QAChB,CAAC;AAAA,MACL;AAIA,sCAAgC,MAAM,KAAK;AAM3C,UAAI,aAAa,eAAe,WAAW;AAAA,QACvC,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,IAAI,CAAC,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AACxF,8BAAoB,KAAK,MAAM,UAAU,OAAO,KAAK,IAAI,aAAa,SAAS,SAAS,EAAE,MAAM,CAAC;AACjG,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,OAAO,QAAQ,IAAI;AAEjE,iBAAO,aAAa,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QAC3D;AAAA,QACA,MAAM,KAAK,cAAc,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC1D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,aAAa,EAAE,KAAK,OAAO,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AACA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,KAAK;AAEzC,cAAI,KAAK,UAAU;AACf,uBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,oBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,kBAAI,OAAO,aAAa,YAAY;AAChC,sBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,cAClE,OAAO;AACH,sBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,cACtC;AAAA,YACJ;AAAA,UACJ;AAEA,gBAAM,oBAAoB,MAAM,KAAK,UAAU,MAAM;AACrD,gBAAM,kBAAkB,CAAC;AACzB,0BAAgB,KAAK,UAAU,IAAI,EAAE,IAAI,MAAM,KAAK,UAAU,EAAE;AAEhE,cAAI,mBAAmB;AACnB,kBAAM,QAAQ,MAAM,gBAAgB,KAAK,KAAK,MAAM,iBAAiB,QAAQ,IAAI;AAEjF,kBAAM,QAAQ,MAAM,KAAK,KAAK;AAAA,cAC1B;AAAA,cACA;AAAA,cACA;AAAA,YACJ,CAAC;AAED,gBAAI,MAAM,WAAW,GAAG;AACpB,oBAAM,IAAI,aAAa;AAAA,YAC3B;AAEA,mBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC3D;AAEA,iBAAO,aAAa,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC3D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC/D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC9D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AAExF,cAAI,CAAC,KAAK,MAAM;AACZ,kBAAM,IAAI,aAAa;AAAA,UAC3B;AAEA,8BAAoB,KAAK,MAAM,MAAM;AACrC,mCAAyB,KAAK,MAAM,MAAM;AAG1C,cAAI,KAAK,UAAU;AACf,uBAAW,SAAS,QAAQ;AACxB,yBAAW,OAAO,OAAO,KAAK,KAAK,QAAQ,GAAG;AAC1C,sBAAM,WAAW,KAAK,SAAS,GAAG;AAClC,oBAAI,OAAO,aAAa,YAAY;AAChC,wBAAM,GAAG,IAAI,MAAM,SAAS,EAAE,MAAM,QAAQ,MAAM,KAAK,MAAM,CAAC;AAAA,gBAClE,OAAO;AACH,wBAAM,GAAG,IAAI,QAAQ,KAAK,QAAQ;AAAA,gBACtC;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAEA,iBAAO,eAAe,EAAE,QAAQ,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC9D;AAAA,QAEA,MAAM,OAAO,gBAAgB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AAC9D,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,UAC7D;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,QAAQ,OAAO,QAAQ,IAAI;AAEnE,iBAAO,eAAe,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,CAAC;AAAA,QAC7D;AAAA,QAEA,MAAM,WAAW,oBAAoB,EAAE,OAAO,KAAK,QAAQ,GAAG,SAAS,GAAG;AACtE,cAAI,YAAY,GAAG,GAAG;AAClB,mBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,UACjE;AACA,gBAAM,UAAU,sBAAsB,GAAG;AACzC,gBAAM,OAAO,MAAM,uBAAuB,KAAK,OAAO,SAAS,eAAe,UAAU;AAExF,kBAAQ,MAAM,gBAAgB,KAAK,KAAK,YAAY,OAAO,QAAQ,IAAI;AAEvE,iBAAO,mBAAmB,EAAE,GAAG,UAAU,OAAO,KAAK,OAAO,CAAC;AAAA,QACjE;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ,CAAC;AACL,GAAG,EAAE,MAAM,8BAA8B,CAAC;AAE1C,eAAe,gBAAgB,KAA0B,MAAM,OAAO,MAAM;AACxE,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,UAAU,sBAAsB,GAAG;AAEzC,UAAQ,SAAS,CAAC;AAElB,MAAI,OAAO,SAAS,UAAU;AAC1B,UAAM,EAAE,OAAO,IAAI;AAGnB,QAAI,QAAQ;AACR,iBAAW,OAAO,OAAO,KAAK,MAAM,GAAG;AACnC,cAAM,UAAU,OAAO,GAAG;AAC1B,YAAI,OAAO,YAAY,UAAU;AAE7B,gBAAM,GAAG,IAAI;AAAA,YACT,IAAI,QAAQ,KAAK,OAAO;AAAA,UAC5B;AAAA,QACJ,OAAO;AAKH,qBAAW,aAAa,OAAO,KAAK,OAAO,GAAG;AAC1C,kBAAM,SAAS,QAAQ,SAAS;AAChC,kBAAM,GAAG,IAAI;AAAA,cACT,CAAC,SAAS,GAAG,QAAQ,KAAK,MAAM;AAAA,YACpC;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS,YAAY;AACnC,YAAQ,MAAM,KAAK,EAAE,MAAM,KAAK,MAAM,CAAC;AAAA,EAC3C;AACA,SAAO;AACX;AAEA,eAAsB,uBAAuB,KAA0B,OAA2B,SAAiB,eAAuB,aAAa,OAAO;AAC1J,QAAM,UAAU,sBAAsB,GAAG;AACzC,QAAM,QAAQ,yBAAyB;AACvC,QAAM,QAAQ,SAAS,SAAS,SAAS,eAAe,UAAU;AAClE,QAAM,OAAO,kBAAS,OAAO,KAAK;AAClC,MAAI,CAAC,MAAM;AACP,QAAI,MAAM,QAAQ,IAAI,KAAK,EAAE,OAAO,MAAM,GAAG,mBAAmB;AAChE,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,MAAI,MAAM,QAAQ,IAAI,MAAM,EAAE,OAAO,KAAK,GAAG,YAAY;AACzD,SAAO;AACX;AAEO,SAAS,oBAAoB,MAAM,QAAQ;AAC9C,MAAI,CAAC,MAAM;AACP,UAAM,IAAI,aAAa;AAAA,EAC3B;AACA,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,eAAW,SAAS,QAAQ;AACxB,UAAI,CAAC,eAAe,SAAS,KAAK,GAAG;AACjC,cAAM,IAAI,kBAAkB,KAAK;AAAA,MACrC;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAM,iBAAiB,CAAC,QAAQ,mBAAmB;AAC/C,aAAW,SAAS,QAAQ;AACxB,UAAM,cAAc,OAAO,KAAK,KAAK;AACrC,eAAW,cAAc,aAAa;AAClC,UAAI,CAAC,eAAe,SAAS,UAAU,GAAG;AACtC,cAAM,IAAI,kBAAkB,UAAU;AAAA,MAC1C;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,SAAS,yBAAyB,MAAM,QAAQ;AAC5C,QAAM,EAAE,QAAQ,eAAe,IAAI;AAEnC,MAAI,gBAAgB;AAChB,QAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AAExB,qBAAe,CAAC,MAAM,GAAG,cAAc;AAAA,IAC3C,OAAO;AAEH,qBAAe,QAAQ,cAAc;AAAA,IACzC;AAAA,EACJ;AACJ;AAEA,SAAS,gCAAgC,MAAc,OAAO;AAE1D,QAAM,kBACF,OAAO,OAAO,KAAK,MAAM,EACpB,OAAO,OAAM,CAAC,EAAE,cAAc,CAAC,EAAE,UAAW,EAC5C,IAAI,CAAC,EAAE,UAAU,MAAO,SAAU;AAE3C,aAAW,QAAQ,OAAO;AACtB,UAAM,EAAE,QAAQ,KAAK,IAAI;AACzB,QAAI,QAAQ,KAAK,QAAQ;AACrB,YAAM,SAAS,KAAK;AACpB,iBAAW,UAAU,iBAAiB;AAClC,YAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC1B,gBAAM,IAAI,wBAAwB,QAAQ,MAAM;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AACJ;AAEA,IAAO,gBAAQ;","names":["fastifyLogto"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@albirex/platformatic-logto",
3
- "version": "1.5.3",
3
+ "version": "1.5.4",
4
4
  "description": "LogTo roles and scopes integrated in Platformatic authorization",
5
5
  "type": "module",
6
6
  "main": "./lib/index.cjs",