@atls/nestjs-keto 0.0.3

package/dist/constants.d.ts

@@ -0,0 +1,2 @@
+export declare const ACCESS_POLICY_METADATA = "__ketoAccessPolicy__";
+export declare const RESOURCES_SCOPE = "__ketoResourcesStope__";

package/dist/constants.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RESOURCES_SCOPE = exports.ACCESS_POLICY_METADATA = void 0;
+exports.ACCESS_POLICY_METADATA = '__ketoAccessPolicy__';
+exports.RESOURCES_SCOPE = '__ketoResourcesStope__';

package/dist/decorators/access-policy.decorator.d.ts

@@ -0,0 +1 @@
+export declare const AccessPolicy: (flavor: string, resource: string, action: string) => import("@nestjs/common").CustomDecorator<string>;

package/dist/decorators/access-policy.decorator.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessPolicy = void 0;
+const common_1 = require("@nestjs/common");
+const constants_1 = require("../constants");
+const AccessPolicy = (flavor, resource, action) => common_1.SetMetadata(constants_1.ACCESS_POLICY_METADATA, { flavor, resource, action });
+exports.AccessPolicy = AccessPolicy;

package/dist/decorators/index.d.ts

@@ -0,0 +1 @@
+export * from './access-policy.decorator';

package/dist/decorators/index.js

@@ -0,0 +1,13 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./access-policy.decorator"), exports);

package/dist/guards/index.d.ts

@@ -0,0 +1 @@
+export * from './keto-access-control.guard';

package/dist/guards/index.js

@@ -0,0 +1,13 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./keto-access-control.guard"), exports);

package/dist/guards/keto-access-control.guard.d.ts

@@ -0,0 +1,12 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { EnginesApi } from '@oryd/keto-client';
+import { ResourceService } from '../services';
+export declare class KetoAccessControlGuard implements CanActivate {
+    private reflector;
+    private keto;
+    private resourceService;
+    constructor(reflector: Reflector, keto: EnginesApi, resourceService: ResourceService);
+    getSubject(context: ExecutionContext): any;
+    canActivate(context: ExecutionContext): Promise<boolean>;
+}

package/dist/guards/keto-access-control.guard.js

@@ -0,0 +1,61 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KetoAccessControlGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const graphql_1 = require("@nestjs/graphql");
+const keto_client_1 = require("@oryd/keto-client");
+const constants_1 = require("../constants");
+const services_1 = require("../services");
+let KetoAccessControlGuard = class KetoAccessControlGuard {
+    constructor(reflector, keto, resourceService) {
+        this.reflector = reflector;
+        this.keto = keto;
+        this.resourceService = resourceService;
+    }
+    getSubject(context) {
+        if (context.getType() === 'graphql') {
+            const gqlContext = graphql_1.GqlExecutionContext.create(context);
+            return gqlContext.getContext().user;
+        }
+        return context.switchToHttp().getRequest().get('x-user');
+    }
+    async canActivate(context) {
+        const subject = this.getSubject(context);
+        const policy = this.reflector.get(constants_1.ACCESS_POLICY_METADATA, context.getHandler());
+        if (!policy) {
+            return true;
+        }
+        if (!subject) {
+            return false;
+        }
+        try {
+            const { body } = await this.keto.doOryAccessControlPoliciesAllow(policy.flavor, {
+                subject,
+                resource: this.resourceService.withScope(policy.resource),
+                action: policy.action,
+                context: {},
+            });
+            return body.allowed;
+        }
+        catch (error) {
+            return false;
+        }
+    }
+};
+KetoAccessControlGuard = __decorate([
+    common_1.Injectable(),
+    __metadata("design:paramtypes", [core_1.Reflector,
+        keto_client_1.EnginesApi,
+        services_1.ResourceService])
+], KetoAccessControlGuard);
+exports.KetoAccessControlGuard = KetoAccessControlGuard;

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export * from './keto.module';
+export * from './decorators';
+export * from './constants';
+export * from './services';
+export * from './guards';

package/dist/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./keto.module"), exports);
+__exportStar(require("./decorators"), exports);
+__exportStar(require("./constants"), exports);
+__exportStar(require("./services"), exports);
+__exportStar(require("./guards"), exports);

package/dist/keto.module.d.ts

@@ -0,0 +1,4 @@
+import { DynamicModule } from '@nestjs/common';
+export declare class KetoModule {
+    static forRoot(options?: any): DynamicModule;
+}

package/dist/keto.module.js

@@ -0,0 +1,40 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var KetoModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KetoModule = void 0;
+const common_1 = require("@nestjs/common");
+const keto_client_1 = require("@oryd/keto-client");
+const constants_1 = require("./constants");
+const services_1 = require("./services");
+let KetoModule = KetoModule_1 = class KetoModule {
+    static forRoot(options = {}) {
+        const enginesApiProvider = {
+            provide: keto_client_1.EnginesApi,
+            useFactory: () => new keto_client_1.EnginesApi((options.url || process.env.KETO_ENGINES_URL || '').replace(/\/+$/, '')),
+        };
+        const resourcesScopeProvider = {
+            provide: constants_1.RESOURCES_SCOPE,
+            useValue: options.scope,
+        };
+        const resourceServiceProvider = {
+            provide: services_1.ResourceService,
+            useClass: services_1.ResourceService,
+        };
+        return {
+            module: KetoModule_1,
+            providers: [enginesApiProvider, resourceServiceProvider, resourcesScopeProvider],
+            exports: [enginesApiProvider, resourceServiceProvider],
+            global: true,
+        };
+    }
+};
+KetoModule = KetoModule_1 = __decorate([
+    common_1.Module({})
+], KetoModule);
+exports.KetoModule = KetoModule;

package/dist/services/index.d.ts

@@ -0,0 +1 @@
+export * from './resource.service';

package/dist/services/index.js

@@ -0,0 +1,13 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./resource.service"), exports);

package/dist/services/resource.service.d.ts

@@ -0,0 +1,7 @@
+export declare class ResourceService {
+    private scope;
+    constructor(scope: string);
+    withScope(resource: string): string;
+    withoutScope(resource: string): string | undefined;
+    isMatchScope(resource: string): boolean;
+}

package/dist/services/resource.service.js

@@ -0,0 +1,53 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ResourceService = void 0;
+const common_1 = require("@nestjs/common");
+const constants_1 = require("../constants");
+const SEPARATOR = ':';
+let ResourceService = class ResourceService {
+    constructor(scope) {
+        this.scope = scope;
+    }
+    withScope(resource) {
+        if (!resource) {
+            return resource;
+        }
+        if (!this.scope) {
+            return resource;
+        }
+        return [this.scope, resource].join(SEPARATOR);
+    }
+    withoutScope(resource) {
+        if (!resource) {
+            return resource;
+        }
+        if (!this.scope) {
+            return resource;
+        }
+        if (resource.includes(this.scope)) {
+            return resource.replace(this.scope, '').split(SEPARATOR).pop();
+        }
+        return resource;
+    }
+    isMatchScope(resource) {
+        return resource.startsWith(this.scope);
+    }
+};
+ResourceService = __decorate([
+    common_1.Injectable(),
+    __param(0, common_1.Inject(constants_1.RESOURCES_SCOPE)),
+    __metadata("design:paramtypes", [String])
+], ResourceService);
+exports.ResourceService = ResourceService;

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@atls/nestjs-keto",
+  "version": "0.0.3",
+  "license": "BSD-3-Clause",
+  "main": "dist/index.js",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "yarn app library build",
+    "postpack": "rm -rf dist",
+    "prepack": "yarn run build"
+  },
+  "dependencies": {
+    "@oryd/keto-client": "^0.5.6-alpha.1"
+  },
+  "peerDependencies": {
+    "@nestjs/common": "^8.0.4",
+    "@nestjs/core": "^8.0.4",
+    "reflect-metadata": "^0.1.12",
+    "rxjs": "^7.2.0"
+  },
+  "devDependencies": {
+    "@nestjs/common": "^8.0.4",
+    "@nestjs/core": "^8.0.4",
+    "@nestjs/graphql": "^7.0.0",
+    "@types/node": "13.13.4",
+    "apollo-server-core": "^3.3.0",
+    "graphql": "^15.5.3",
+    "reflect-metadata": "0.1.13",
+    "rimraf": "3.0.2",
+    "rxjs": "^7.2.0",
+    "typescript": "^3.8.3"
+  },
+  "publishConfig": {
+    "main": "dist/index.js",
+    "typings": "dist/index.d.ts"
+  },
+  "typings": "dist/index.d.ts"
+}