@atls/nestjs-keto 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/decorators/get-guarding-relation.helper.d.ts +2 -0
- package/dist/decorators/get-guarding-relation.helper.js +6 -0
- package/dist/decorators/guarded-by-keto.constants.d.ts +1 -0
- package/dist/decorators/guarded-by-keto.constants.js +4 -0
- package/dist/decorators/guarded-by-keto.decorator.d.ts +2 -0
- package/dist/decorators/guarded-by-keto.decorator.js +7 -0
- package/dist/decorators/guarded-by-keto.interfaces.d.ts +5 -0
- package/dist/decorators/guarded-by-keto.interfaces.js +2 -0
- package/dist/decorators/index.d.ts +5 -1
- package/dist/decorators/index.js +6 -1
- package/dist/exceptions/exception-message.constants.d.ts +4 -0
- package/dist/exceptions/exception-message.constants.js +8 -0
- package/dist/exceptions/general.exception.d.ts +5 -0
- package/dist/exceptions/general.exception.js +11 -0
- package/dist/exceptions/index.d.ts +2 -0
- package/dist/exceptions/index.js +18 -0
- package/dist/exceptions/relation-tuple-invalid.exception.d.ts +5 -0
- package/dist/exceptions/relation-tuple-invalid.exception.js +11 -0
- package/dist/guards/index.d.ts +1 -1
- package/dist/guards/index.js +1 -1
- package/dist/guards/keto.guard.d.ts +11 -0
- package/dist/guards/keto.guard.js +65 -0
- package/dist/index.d.ts +4 -4
- package/dist/index.js +4 -4
- package/dist/module/index.d.ts +3 -0
- package/dist/module/index.js +19 -0
- package/dist/module/keto-module.interfaces.d.ts +30 -0
- package/dist/module/keto-module.interfaces.js +2 -0
- package/dist/module/keto.constants.d.ts +5 -0
- package/dist/module/keto.constants.js +8 -0
- package/dist/module/keto.module.d.ts +9 -0
- package/dist/module/keto.module.js +66 -0
- package/dist/module/keto.providers.d.ts +4 -0
- package/dist/module/keto.providers.js +43 -0
- package/dist/services/index.d.ts +5 -1
- package/dist/services/index.js +5 -1
- package/dist/services/keto-configuration.service.d.ts +6 -0
- package/dist/services/{resource.service.js → keto-configuration.service.js} +12 -35
- package/dist/services/keto-permissions.service.d.ts +6 -0
- package/dist/services/keto-permissions.service.js +32 -0
- package/dist/services/keto-read-client.service.d.ts +7 -0
- package/dist/services/keto-read-client.service.js +61 -0
- package/dist/services/keto-relations.service.d.ts +6 -0
- package/dist/services/keto-relations.service.js +32 -0
- package/dist/services/keto-write-client.service.d.ts +11 -0
- package/dist/services/keto-write-client.service.js +70 -0
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.js +17 -0
- package/dist/utils/relation-tuple-converter.d.ts +19 -0
- package/dist/utils/relation-tuple-converter.js +88 -0
- package/package.json +19 -13
- package/dist/constants.d.ts +0 -2
- package/dist/constants.js +0 -5
- package/dist/decorators/access-policy.decorator.d.ts +0 -1
- package/dist/decorators/access-policy.decorator.js +0 -7
- package/dist/guards/keto-access-control.guard.d.ts +0 -13
- package/dist/guards/keto-access-control.guard.js +0 -61
- package/dist/keto.module.d.ts +0 -4
- package/dist/keto.module.js +0 -40
- package/dist/services/resource.service.d.ts +0 -7
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getGuardingRelationTuple = void 0;
|
|
4
|
+
const guarded_by_keto_constants_1 = require("./guarded-by-keto.constants");
|
|
5
|
+
const getGuardingRelationTuple = (reflector, handler) => reflector.get(guarded_by_keto_constants_1.GUARDED_BY_METADATA_KEY, handler) ?? null;
|
|
6
|
+
exports.getGuardingRelationTuple = getGuardingRelationTuple;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const GUARDED_BY_METADATA_KEY: unique symbol;
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.GuardedByKeto = void 0;
|
|
4
|
+
const common_1 = require("@nestjs/common");
|
|
5
|
+
const guarded_by_keto_constants_1 = require("./guarded-by-keto.constants");
|
|
6
|
+
const GuardedByKeto = (relationTuple) => (0, common_1.SetMetadata)(guarded_by_keto_constants_1.GUARDED_BY_METADATA_KEY, relationTuple);
|
|
7
|
+
exports.GuardedByKeto = GuardedByKeto;
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { CustomDecorator } from '@nestjs/common';
|
|
2
|
+
import { Reflector } from '@nestjs/core';
|
|
3
|
+
export declare type GetGuardingRelationTuple = (reflector: Reflector, handler: Parameters<Reflector['get']>[1]) => string | ReplaceGenerator;
|
|
4
|
+
export declare type ReplaceGenerator = (value: string) => string;
|
|
5
|
+
export declare type GuardedByKetoFunction = (relationTuple: string | ReplaceGenerator) => CustomDecorator<symbol>;
|
|
@@ -1 +1,5 @@
|
|
|
1
|
-
export * from './
|
|
1
|
+
export * from './guarded-by-keto.decorator';
|
|
2
|
+
export { GuardedByKetoFunction } from './guarded-by-keto.interfaces';
|
|
3
|
+
export { GetGuardingRelationTuple } from './guarded-by-keto.interfaces';
|
|
4
|
+
export { GUARDED_BY_METADATA_KEY } from './guarded-by-keto.constants';
|
|
5
|
+
export { getGuardingRelationTuple } from './get-guarding-relation.helper';
|
package/dist/decorators/index.js
CHANGED
|
@@ -14,4 +14,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
|
|
17
|
+
exports.getGuardingRelationTuple = exports.GUARDED_BY_METADATA_KEY = void 0;
|
|
18
|
+
__exportStar(require("./guarded-by-keto.decorator"), exports);
|
|
19
|
+
var guarded_by_keto_constants_1 = require("./guarded-by-keto.constants");
|
|
20
|
+
Object.defineProperty(exports, "GUARDED_BY_METADATA_KEY", { enumerable: true, get: function () { return guarded_by_keto_constants_1.GUARDED_BY_METADATA_KEY; } });
|
|
21
|
+
var get_guarding_relation_helper_1 = require("./get-guarding-relation.helper");
|
|
22
|
+
Object.defineProperty(exports, "getGuardingRelationTuple", { enumerable: true, get: function () { return get_guarding_relation_helper_1.getGuardingRelationTuple; } });
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.KetoExceptionMessage = void 0;
|
|
4
|
+
var KetoExceptionMessage;
|
|
5
|
+
(function (KetoExceptionMessage) {
|
|
6
|
+
KetoExceptionMessage["GENERAL_ERROR"] = "General Keto error";
|
|
7
|
+
KetoExceptionMessage["RELATION_TUPLE_INVALID"] = "Provided relation tuple is invalid";
|
|
8
|
+
})(KetoExceptionMessage = exports.KetoExceptionMessage || (exports.KetoExceptionMessage = {}));
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.KetoGeneralException = void 0;
|
|
4
|
+
const assert_1 = require("assert");
|
|
5
|
+
const exception_message_constants_1 = require("./exception-message.constants");
|
|
6
|
+
class KetoGeneralException extends assert_1.AssertionError {
|
|
7
|
+
constructor(message) {
|
|
8
|
+
super({ message: `${exception_message_constants_1.KetoExceptionMessage.GENERAL_ERROR}: ${message}` });
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
exports.KetoGeneralException = KetoGeneralException;
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./general.exception"), exports);
|
|
18
|
+
__exportStar(require("./relation-tuple-invalid.exception"), exports);
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.KetoRelationTupleInvalidException = void 0;
|
|
4
|
+
const assert_1 = require("assert");
|
|
5
|
+
const exception_message_constants_1 = require("./exception-message.constants");
|
|
6
|
+
class KetoRelationTupleInvalidException extends assert_1.AssertionError {
|
|
7
|
+
constructor() {
|
|
8
|
+
super({ message: `${exception_message_constants_1.KetoExceptionMessage.RELATION_TUPLE_INVALID}` });
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
exports.KetoRelationTupleInvalidException = KetoRelationTupleInvalidException;
|
package/dist/guards/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export * from './keto
|
|
1
|
+
export * from './keto.guard';
|
package/dist/guards/index.js
CHANGED
|
@@ -14,4 +14,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./keto
|
|
17
|
+
__exportStar(require("./keto.guard"), exports);
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { CanActivate } from '@nestjs/common';
|
|
3
|
+
import { Reflector } from '@nestjs/core';
|
|
4
|
+
import { KetoReadClientService } from '../services';
|
|
5
|
+
export declare class KetoGuard implements CanActivate {
|
|
6
|
+
private readonly reflector;
|
|
7
|
+
private readonly ketoReadClient;
|
|
8
|
+
constructor(reflector: Reflector, ketoReadClient: KetoReadClientService);
|
|
9
|
+
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
10
|
+
private getUserId;
|
|
11
|
+
}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.KetoGuard = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const common_2 = require("@nestjs/common");
|
|
18
|
+
const core_1 = require("@nestjs/core");
|
|
19
|
+
const graphql_1 = require("@nestjs/graphql");
|
|
20
|
+
const exceptions_1 = require("../exceptions");
|
|
21
|
+
const module_1 = require("../module");
|
|
22
|
+
const services_1 = require("../services");
|
|
23
|
+
const utils_1 = require("../utils");
|
|
24
|
+
const decorators_1 = require("../decorators");
|
|
25
|
+
let KetoGuard = class KetoGuard {
|
|
26
|
+
constructor(reflector, ketoReadClient) {
|
|
27
|
+
this.reflector = reflector;
|
|
28
|
+
this.ketoReadClient = ketoReadClient;
|
|
29
|
+
}
|
|
30
|
+
async canActivate(context) {
|
|
31
|
+
try {
|
|
32
|
+
const userId = this.getUserId(context);
|
|
33
|
+
if (!userId)
|
|
34
|
+
return false;
|
|
35
|
+
const relationTuple = (0, decorators_1.getGuardingRelationTuple)(this.reflector, context.getHandler());
|
|
36
|
+
if (relationTuple === null)
|
|
37
|
+
return false;
|
|
38
|
+
const converter = new utils_1.RelationTupleConverter(relationTuple, userId);
|
|
39
|
+
const tuple = converter.run();
|
|
40
|
+
return await this.ketoReadClient.validateRelationTuple(tuple);
|
|
41
|
+
}
|
|
42
|
+
catch (err) {
|
|
43
|
+
throw new exceptions_1.KetoGeneralException(err.toString());
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
getUserId(ctx) {
|
|
47
|
+
const contextType = ctx.getType();
|
|
48
|
+
let metadata;
|
|
49
|
+
switch (contextType) {
|
|
50
|
+
case 'graphql':
|
|
51
|
+
metadata = graphql_1.GqlExecutionContext.create(ctx).getContext();
|
|
52
|
+
return metadata.user;
|
|
53
|
+
default:
|
|
54
|
+
metadata = ctx.switchToHttp().getRequest();
|
|
55
|
+
return metadata.get('x_user') ?? metadata.get('x-user');
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
};
|
|
59
|
+
KetoGuard = __decorate([
|
|
60
|
+
(0, common_2.Injectable)(),
|
|
61
|
+
__param(1, (0, common_1.Inject)(module_1.KETO_READ_CLIENT)),
|
|
62
|
+
__metadata("design:paramtypes", [core_1.Reflector,
|
|
63
|
+
services_1.KetoReadClientService])
|
|
64
|
+
], KetoGuard);
|
|
65
|
+
exports.KetoGuard = KetoGuard;
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export * from './
|
|
2
|
-
export * from '
|
|
3
|
-
export * from './decorators';
|
|
4
|
-
export * from './services';
|
|
1
|
+
export * from './module';
|
|
2
|
+
export * from '@ory/keto-client';
|
|
5
3
|
export * from './guards';
|
|
4
|
+
export * from './decorators';
|
|
5
|
+
export * from './utils';
|
package/dist/index.js
CHANGED
|
@@ -14,8 +14,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./
|
|
18
|
-
__exportStar(require("
|
|
19
|
-
__exportStar(require("./decorators"), exports);
|
|
20
|
-
__exportStar(require("./services"), exports);
|
|
17
|
+
__exportStar(require("./module"), exports);
|
|
18
|
+
__exportStar(require("@ory/keto-client"), exports);
|
|
21
19
|
__exportStar(require("./guards"), exports);
|
|
20
|
+
__exportStar(require("./decorators"), exports);
|
|
21
|
+
__exportStar(require("./utils"), exports);
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./keto.module"), exports);
|
|
18
|
+
__exportStar(require("./keto.constants"), exports);
|
|
19
|
+
__exportStar(require("./keto-module.interfaces"), exports);
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import { Type } from '@nestjs/common/interfaces';
|
|
2
|
+
import { ModuleMetadata } from '@nestjs/common/interfaces';
|
|
3
|
+
import { ConfigurationParameters } from '@ory/keto-client';
|
|
4
|
+
import { SubjectSet } from '@ory/keto-client';
|
|
5
|
+
export interface KetoModuleOptions extends ConfigurationParameters {
|
|
6
|
+
global?: boolean;
|
|
7
|
+
}
|
|
8
|
+
export interface KetoOptionsFactory {
|
|
9
|
+
createKetoOptions(): Promise<KetoModuleOptions> | KetoModuleOptions;
|
|
10
|
+
}
|
|
11
|
+
export interface KetoModuleAsyncOptions extends Pick<ModuleMetadata, 'imports'> {
|
|
12
|
+
useExisting?: Type<KetoOptionsFactory>;
|
|
13
|
+
useClass?: Type<KetoOptionsFactory>;
|
|
14
|
+
useFactory?: (...args: any[]) => Promise<KetoModuleOptions> | KetoModuleOptions;
|
|
15
|
+
inject?: any[];
|
|
16
|
+
global?: boolean;
|
|
17
|
+
}
|
|
18
|
+
export declare type RelationShipTuple = RelationShipTupleWithId | RelationShipTupleWithSet;
|
|
19
|
+
export declare type RelationShipTupleWithId = {
|
|
20
|
+
namespace: string;
|
|
21
|
+
object: string;
|
|
22
|
+
relation: string;
|
|
23
|
+
subject_id: string;
|
|
24
|
+
};
|
|
25
|
+
export declare type RelationShipTupleWithSet = {
|
|
26
|
+
namespace: string;
|
|
27
|
+
object: string;
|
|
28
|
+
relation: string;
|
|
29
|
+
subject_set: SubjectSet;
|
|
30
|
+
};
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export declare const KETO_MODULE_CONFIGURATION = "KETO_MODULE_CONFIGURATION";
|
|
2
|
+
export declare const KETO_READ_CLIENT = "KETO_READ_CLIENT";
|
|
3
|
+
export declare const KETO_PERMISSIONS = "KETO_PERMISSIONS";
|
|
4
|
+
export declare const KETO_WRITE_CLIENT = "KETO_WRITE_CLIENT";
|
|
5
|
+
export declare const KETO_RELATIONS = "KETO_RELATIONS";
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.KETO_RELATIONS = exports.KETO_WRITE_CLIENT = exports.KETO_PERMISSIONS = exports.KETO_READ_CLIENT = exports.KETO_MODULE_CONFIGURATION = void 0;
|
|
4
|
+
exports.KETO_MODULE_CONFIGURATION = 'KETO_MODULE_CONFIGURATION';
|
|
5
|
+
exports.KETO_READ_CLIENT = 'KETO_READ_CLIENT';
|
|
6
|
+
exports.KETO_PERMISSIONS = 'KETO_PERMISSIONS';
|
|
7
|
+
exports.KETO_WRITE_CLIENT = 'KETO_WRITE_CLIENT';
|
|
8
|
+
exports.KETO_RELATIONS = 'KETO_RELATIONS';
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { DynamicModule } from '@nestjs/common';
|
|
2
|
+
import { KetoModuleAsyncOptions } from './keto-module.interfaces';
|
|
3
|
+
import { KetoModuleOptions } from './keto-module.interfaces';
|
|
4
|
+
export declare class KetoModule {
|
|
5
|
+
static register(options: KetoModuleOptions): DynamicModule;
|
|
6
|
+
static registerAsync(options: KetoModuleAsyncOptions): DynamicModule;
|
|
7
|
+
private static createAsyncProviders;
|
|
8
|
+
private static createAsyncOptionsProvider;
|
|
9
|
+
}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var KetoModule_1;
|
|
9
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
+
exports.KetoModule = void 0;
|
|
11
|
+
const common_1 = require("@nestjs/common");
|
|
12
|
+
const keto_constants_1 = require("./keto.constants");
|
|
13
|
+
const keto_providers_1 = require("./keto.providers");
|
|
14
|
+
const keto_providers_2 = require("./keto.providers");
|
|
15
|
+
let KetoModule = KetoModule_1 = class KetoModule {
|
|
16
|
+
static register(options) {
|
|
17
|
+
const optionsProvider = (0, keto_providers_2.createKetoConfigurationProvider)(options);
|
|
18
|
+
const exportsProvider = (0, keto_providers_1.createKetoExportsProvider)();
|
|
19
|
+
return {
|
|
20
|
+
global: options?.global ?? true,
|
|
21
|
+
module: KetoModule_1,
|
|
22
|
+
providers: [...optionsProvider, ...exportsProvider],
|
|
23
|
+
exports: exportsProvider,
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
static registerAsync(options) {
|
|
27
|
+
const exportsProvider = (0, keto_providers_1.createKetoExportsProvider)();
|
|
28
|
+
return {
|
|
29
|
+
global: options?.global ?? true,
|
|
30
|
+
module: KetoModule_1,
|
|
31
|
+
imports: options.imports || [],
|
|
32
|
+
providers: [...this.createAsyncProviders(options), ...exportsProvider],
|
|
33
|
+
exports: exportsProvider,
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
static createAsyncProviders(options) {
|
|
37
|
+
if (options.useExisting || options.useFactory) {
|
|
38
|
+
return [this.createAsyncOptionsProvider(options)];
|
|
39
|
+
}
|
|
40
|
+
return [
|
|
41
|
+
this.createAsyncOptionsProvider(options),
|
|
42
|
+
{
|
|
43
|
+
provide: options.useClass,
|
|
44
|
+
useClass: options.useClass,
|
|
45
|
+
},
|
|
46
|
+
];
|
|
47
|
+
}
|
|
48
|
+
static createAsyncOptionsProvider(options) {
|
|
49
|
+
if (options.useFactory) {
|
|
50
|
+
return {
|
|
51
|
+
provide: keto_constants_1.KETO_MODULE_CONFIGURATION,
|
|
52
|
+
useFactory: options.useFactory,
|
|
53
|
+
inject: options.inject || [],
|
|
54
|
+
};
|
|
55
|
+
}
|
|
56
|
+
return {
|
|
57
|
+
provide: keto_constants_1.KETO_MODULE_CONFIGURATION,
|
|
58
|
+
useFactory: (optionsFactory) => optionsFactory.createKetoOptions(),
|
|
59
|
+
inject: [options.useExisting || options.useClass],
|
|
60
|
+
};
|
|
61
|
+
}
|
|
62
|
+
};
|
|
63
|
+
KetoModule = KetoModule_1 = __decorate([
|
|
64
|
+
(0, common_1.Module)({})
|
|
65
|
+
], KetoModule);
|
|
66
|
+
exports.KetoModule = KetoModule;
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import { Provider } from '@nestjs/common';
|
|
2
|
+
import { KetoModuleOptions } from './keto-module.interfaces';
|
|
3
|
+
export declare const createKetoConfigurationProvider: (options: KetoModuleOptions) => Provider[];
|
|
4
|
+
export declare const createKetoExportsProvider: () => Provider[];
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.createKetoExportsProvider = exports.createKetoConfigurationProvider = void 0;
|
|
4
|
+
const services_1 = require("../services");
|
|
5
|
+
const services_2 = require("../services");
|
|
6
|
+
const services_3 = require("../services");
|
|
7
|
+
const services_4 = require("../services");
|
|
8
|
+
const services_5 = require("../services");
|
|
9
|
+
const keto_constants_1 = require("./keto.constants");
|
|
10
|
+
const keto_constants_2 = require("./keto.constants");
|
|
11
|
+
const keto_constants_3 = require("./keto.constants");
|
|
12
|
+
const keto_constants_4 = require("./keto.constants");
|
|
13
|
+
const keto_constants_5 = require("./keto.constants");
|
|
14
|
+
const createKetoConfigurationProvider = (options) => [
|
|
15
|
+
{
|
|
16
|
+
provide: keto_constants_5.KETO_MODULE_CONFIGURATION,
|
|
17
|
+
useFactory: () => new services_1.KetoConfigurationService(options),
|
|
18
|
+
},
|
|
19
|
+
];
|
|
20
|
+
exports.createKetoConfigurationProvider = createKetoConfigurationProvider;
|
|
21
|
+
const createKetoExportsProvider = () => [
|
|
22
|
+
{
|
|
23
|
+
provide: keto_constants_2.KETO_PERMISSIONS,
|
|
24
|
+
useFactory: (options) => new services_2.KetoPermissionsService(options),
|
|
25
|
+
inject: [keto_constants_5.KETO_MODULE_CONFIGURATION],
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
provide: keto_constants_1.KETO_RELATIONS,
|
|
29
|
+
useFactory: (options) => new services_5.KetoRelationsService(options),
|
|
30
|
+
inject: [keto_constants_5.KETO_MODULE_CONFIGURATION],
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
provide: keto_constants_4.KETO_READ_CLIENT,
|
|
34
|
+
useFactory: (permissionsService) => new services_4.KetoReadClientService(permissionsService),
|
|
35
|
+
inject: [keto_constants_2.KETO_PERMISSIONS],
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
provide: keto_constants_3.KETO_WRITE_CLIENT,
|
|
39
|
+
useFactory: (relationshipsService) => new services_3.KetoWriteClientService(relationshipsService),
|
|
40
|
+
inject: [keto_constants_1.KETO_RELATIONS],
|
|
41
|
+
},
|
|
42
|
+
];
|
|
43
|
+
exports.createKetoExportsProvider = createKetoExportsProvider;
|
package/dist/services/index.d.ts
CHANGED
package/dist/services/index.js
CHANGED
|
@@ -14,4 +14,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./
|
|
17
|
+
__exportStar(require("./keto-read-client.service"), exports);
|
|
18
|
+
__exportStar(require("./keto-write-client.service"), exports);
|
|
19
|
+
__exportStar(require("./keto-configuration.service"), exports);
|
|
20
|
+
__exportStar(require("./keto-permissions.service"), exports);
|
|
21
|
+
__exportStar(require("./keto-relations.service"), exports);
|
|
@@ -12,43 +12,20 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
|
12
12
|
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
-
exports.
|
|
15
|
+
exports.KetoConfigurationService = void 0;
|
|
16
16
|
const common_1 = require("@nestjs/common");
|
|
17
17
|
const common_2 = require("@nestjs/common");
|
|
18
|
-
const
|
|
19
|
-
const
|
|
20
|
-
let
|
|
21
|
-
constructor(
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
withScope(resource) {
|
|
25
|
-
if (!resource) {
|
|
26
|
-
return resource;
|
|
27
|
-
}
|
|
28
|
-
if (!this.scope) {
|
|
29
|
-
return resource;
|
|
30
|
-
}
|
|
31
|
-
return [this.scope, resource].join(SEPARATOR);
|
|
32
|
-
}
|
|
33
|
-
withoutScope(resource) {
|
|
34
|
-
if (!resource) {
|
|
35
|
-
return resource;
|
|
36
|
-
}
|
|
37
|
-
if (!this.scope) {
|
|
38
|
-
return resource;
|
|
39
|
-
}
|
|
40
|
-
if (resource.includes(this.scope)) {
|
|
41
|
-
return resource.replace(this.scope, '').split(SEPARATOR).pop();
|
|
42
|
-
}
|
|
43
|
-
return resource;
|
|
44
|
-
}
|
|
45
|
-
isMatchScope(resource) {
|
|
46
|
-
return resource.startsWith(this.scope);
|
|
18
|
+
const keto_client_1 = require("@ory/keto-client");
|
|
19
|
+
const module_1 = require("../module");
|
|
20
|
+
let KetoConfigurationService = class KetoConfigurationService extends keto_client_1.Configuration {
|
|
21
|
+
constructor(options) {
|
|
22
|
+
super(options);
|
|
23
|
+
this.options = options;
|
|
47
24
|
}
|
|
48
25
|
};
|
|
49
|
-
|
|
26
|
+
KetoConfigurationService = __decorate([
|
|
50
27
|
(0, common_2.Injectable)(),
|
|
51
|
-
__param(0, (0, common_1.Inject)(
|
|
52
|
-
__metadata("design:paramtypes", [
|
|
53
|
-
],
|
|
54
|
-
exports.
|
|
28
|
+
__param(0, (0, common_1.Inject)(module_1.KETO_MODULE_CONFIGURATION)),
|
|
29
|
+
__metadata("design:paramtypes", [Object])
|
|
30
|
+
], KetoConfigurationService);
|
|
31
|
+
exports.KetoConfigurationService = KetoConfigurationService;
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { PermissionApi } from '@ory/keto-client';
|
|
2
|
+
import { KetoConfigurationService } from './keto-configuration.service';
|
|
3
|
+
export declare class KetoPermissionsService extends PermissionApi {
|
|
4
|
+
readonly configuration: KetoConfigurationService;
|
|
5
|
+
constructor(configuration: KetoConfigurationService);
|
|
6
|
+
}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.KetoPermissionsService = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const common_2 = require("@nestjs/common");
|
|
18
|
+
const keto_client_1 = require("@ory/keto-client");
|
|
19
|
+
const module_1 = require("../module");
|
|
20
|
+
const keto_configuration_service_1 = require("./keto-configuration.service");
|
|
21
|
+
let KetoPermissionsService = class KetoPermissionsService extends keto_client_1.PermissionApi {
|
|
22
|
+
constructor(configuration) {
|
|
23
|
+
super(configuration);
|
|
24
|
+
this.configuration = configuration;
|
|
25
|
+
}
|
|
26
|
+
};
|
|
27
|
+
KetoPermissionsService = __decorate([
|
|
28
|
+
(0, common_2.Injectable)(),
|
|
29
|
+
__param(0, (0, common_1.Inject)(module_1.KETO_MODULE_CONFIGURATION)),
|
|
30
|
+
__metadata("design:paramtypes", [keto_configuration_service_1.KetoConfigurationService])
|
|
31
|
+
], KetoPermissionsService);
|
|
32
|
+
exports.KetoPermissionsService = KetoPermissionsService;
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { RelationShipTuple } from '../module';
|
|
2
|
+
import { KetoPermissionsService } from './keto-permissions.service';
|
|
3
|
+
export declare class KetoReadClientService {
|
|
4
|
+
private readonly permissionService;
|
|
5
|
+
constructor(permissionService: KetoPermissionsService);
|
|
6
|
+
validateRelationTuple(request: RelationShipTuple): Promise<boolean>;
|
|
7
|
+
}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.KetoReadClientService = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const common_2 = require("@nestjs/common");
|
|
18
|
+
const exceptions_1 = require("../exceptions");
|
|
19
|
+
const module_1 = require("../module");
|
|
20
|
+
const keto_permissions_service_1 = require("./keto-permissions.service");
|
|
21
|
+
let KetoReadClientService = class KetoReadClientService {
|
|
22
|
+
constructor(permissionService) {
|
|
23
|
+
this.permissionService = permissionService;
|
|
24
|
+
}
|
|
25
|
+
async validateRelationTuple(request) {
|
|
26
|
+
try {
|
|
27
|
+
let data;
|
|
28
|
+
if (request.subject_id !== undefined) {
|
|
29
|
+
const req = request;
|
|
30
|
+
data = {
|
|
31
|
+
relation: req.relation,
|
|
32
|
+
object: req.object,
|
|
33
|
+
namespace: req.namespace,
|
|
34
|
+
subjectId: req.subject_id,
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
else {
|
|
38
|
+
const req = request;
|
|
39
|
+
data = {
|
|
40
|
+
relation: req.relation,
|
|
41
|
+
object: req.object,
|
|
42
|
+
namespace: req.namespace,
|
|
43
|
+
subjectSetNamespace: req.subject_set.namespace,
|
|
44
|
+
subjectSetObject: req.subject_set.object,
|
|
45
|
+
subjectSetRelation: req.subject_set.relation,
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
const response = await this.permissionService.checkPermissionOrError(data);
|
|
49
|
+
return response.data.allowed;
|
|
50
|
+
}
|
|
51
|
+
catch (error) {
|
|
52
|
+
throw new exceptions_1.KetoGeneralException(error.toString());
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
};
|
|
56
|
+
KetoReadClientService = __decorate([
|
|
57
|
+
(0, common_2.Injectable)(),
|
|
58
|
+
__param(0, (0, common_1.Inject)(module_1.KETO_PERMISSIONS)),
|
|
59
|
+
__metadata("design:paramtypes", [keto_permissions_service_1.KetoPermissionsService])
|
|
60
|
+
], KetoReadClientService);
|
|
61
|
+
exports.KetoReadClientService = KetoReadClientService;
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.KetoRelationsService = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const common_2 = require("@nestjs/common");
|
|
18
|
+
const keto_client_1 = require("@ory/keto-client");
|
|
19
|
+
const keto_client_2 = require("@ory/keto-client");
|
|
20
|
+
const module_1 = require("../module");
|
|
21
|
+
let KetoRelationsService = class KetoRelationsService extends keto_client_1.RelationshipApi {
|
|
22
|
+
constructor(options) {
|
|
23
|
+
super(options);
|
|
24
|
+
this.options = options;
|
|
25
|
+
}
|
|
26
|
+
};
|
|
27
|
+
KetoRelationsService = __decorate([
|
|
28
|
+
(0, common_2.Injectable)(),
|
|
29
|
+
__param(0, (0, common_1.Inject)(module_1.KETO_MODULE_CONFIGURATION)),
|
|
30
|
+
__metadata("design:paramtypes", [keto_client_2.Configuration])
|
|
31
|
+
], KetoRelationsService);
|
|
32
|
+
exports.KetoRelationsService = KetoRelationsService;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { RelationshipPatchActionEnum } from '@ory/keto-client';
|
|
2
|
+
import { Relationship } from '@ory/keto-client';
|
|
3
|
+
import { RelationShipTuple } from '../module';
|
|
4
|
+
import { KetoRelationsService } from './keto-relations.service';
|
|
5
|
+
export declare class KetoWriteClientService {
|
|
6
|
+
private readonly relationsService;
|
|
7
|
+
constructor(relationsService: KetoRelationsService);
|
|
8
|
+
addRelationTuple(tuple: RelationShipTuple): Promise<Relationship>;
|
|
9
|
+
removeRelationTuple(tuple: RelationShipTuple): Promise<boolean>;
|
|
10
|
+
patchRelationTuple(tuple: RelationShipTuple, action: RelationshipPatchActionEnum): Promise<boolean>;
|
|
11
|
+
}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.KetoWriteClientService = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const common_2 = require("@nestjs/common");
|
|
18
|
+
const exceptions_1 = require("../exceptions");
|
|
19
|
+
const module_1 = require("../module");
|
|
20
|
+
const keto_relations_service_1 = require("./keto-relations.service");
|
|
21
|
+
let KetoWriteClientService = class KetoWriteClientService {
|
|
22
|
+
constructor(relationsService) {
|
|
23
|
+
this.relationsService = relationsService;
|
|
24
|
+
}
|
|
25
|
+
async addRelationTuple(tuple) {
|
|
26
|
+
try {
|
|
27
|
+
const data = {
|
|
28
|
+
createRelationshipBody: tuple,
|
|
29
|
+
};
|
|
30
|
+
const response = await this.relationsService.createRelationship(data);
|
|
31
|
+
return response.data;
|
|
32
|
+
}
|
|
33
|
+
catch (error) {
|
|
34
|
+
throw new exceptions_1.KetoGeneralException(error.toString());
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
async removeRelationTuple(tuple) {
|
|
38
|
+
try {
|
|
39
|
+
const data = tuple;
|
|
40
|
+
await this.relationsService.deleteRelationships(data);
|
|
41
|
+
return true;
|
|
42
|
+
}
|
|
43
|
+
catch (error) {
|
|
44
|
+
throw new exceptions_1.KetoGeneralException(error.toString());
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
async patchRelationTuple(tuple, action) {
|
|
48
|
+
try {
|
|
49
|
+
const data = {
|
|
50
|
+
relationshipPatch: [
|
|
51
|
+
{
|
|
52
|
+
action,
|
|
53
|
+
relation_tuple: tuple,
|
|
54
|
+
},
|
|
55
|
+
],
|
|
56
|
+
};
|
|
57
|
+
await this.relationsService.patchRelationships(data);
|
|
58
|
+
return true;
|
|
59
|
+
}
|
|
60
|
+
catch (error) {
|
|
61
|
+
throw new exceptions_1.KetoGeneralException(error.toString());
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
};
|
|
65
|
+
KetoWriteClientService = __decorate([
|
|
66
|
+
(0, common_2.Injectable)(),
|
|
67
|
+
__param(0, (0, common_1.Inject)(module_1.KETO_RELATIONS)),
|
|
68
|
+
__metadata("design:paramtypes", [keto_relations_service_1.KetoRelationsService])
|
|
69
|
+
], KetoWriteClientService);
|
|
70
|
+
exports.KetoWriteClientService = KetoWriteClientService;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './relation-tuple-converter';
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./relation-tuple-converter"), exports);
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { RelationShipTuple } from '../module';
|
|
2
|
+
declare type Tuple = string | ((...args: string[]) => string);
|
|
3
|
+
export declare class RelationTupleConverter {
|
|
4
|
+
private readonly tuple;
|
|
5
|
+
private readonly replacement;
|
|
6
|
+
private tupleString;
|
|
7
|
+
private result;
|
|
8
|
+
constructor(tuple: Tuple, replacement?: string);
|
|
9
|
+
private get subjectId();
|
|
10
|
+
run(): RelationShipTuple;
|
|
11
|
+
private convertToString;
|
|
12
|
+
private isTupleCorrect;
|
|
13
|
+
private getNamespace;
|
|
14
|
+
private getObject;
|
|
15
|
+
private getRelation;
|
|
16
|
+
private getSubjectSet;
|
|
17
|
+
private isSubjectSet;
|
|
18
|
+
}
|
|
19
|
+
export {};
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RelationTupleConverter = void 0;
|
|
4
|
+
const exceptions_1 = require("../exceptions");
|
|
5
|
+
class RelationTupleConverter {
|
|
6
|
+
constructor(tuple, replacement = '') {
|
|
7
|
+
this.tuple = tuple;
|
|
8
|
+
this.replacement = replacement;
|
|
9
|
+
this.convertToString();
|
|
10
|
+
}
|
|
11
|
+
get subjectId() {
|
|
12
|
+
return this.tupleString;
|
|
13
|
+
}
|
|
14
|
+
run() {
|
|
15
|
+
if (!this.isTupleCorrect()) {
|
|
16
|
+
throw new exceptions_1.KetoRelationTupleInvalidException();
|
|
17
|
+
}
|
|
18
|
+
const namespace = this.getNamespace();
|
|
19
|
+
const object = this.getObject();
|
|
20
|
+
const relation = this.getRelation();
|
|
21
|
+
if (this.isSubjectSet()) {
|
|
22
|
+
const subjectSet = this.getSubjectSet();
|
|
23
|
+
this.result = this.result;
|
|
24
|
+
this.result = {
|
|
25
|
+
namespace,
|
|
26
|
+
object,
|
|
27
|
+
relation,
|
|
28
|
+
subject_set: subjectSet,
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
else {
|
|
32
|
+
const { subjectId } = this;
|
|
33
|
+
this.result = this.result;
|
|
34
|
+
this.result = {
|
|
35
|
+
namespace,
|
|
36
|
+
object,
|
|
37
|
+
relation,
|
|
38
|
+
subject_id: subjectId,
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
return this.result;
|
|
42
|
+
}
|
|
43
|
+
convertToString() {
|
|
44
|
+
if (typeof this.tuple === 'string') {
|
|
45
|
+
this.tupleString = this.tuple;
|
|
46
|
+
}
|
|
47
|
+
else {
|
|
48
|
+
this.tupleString = this.tuple(this.replacement);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
isTupleCorrect() {
|
|
52
|
+
const regex = /^\w+:\w+#\w+@[\w\W]+/i;
|
|
53
|
+
return regex.test(this.tupleString);
|
|
54
|
+
}
|
|
55
|
+
getNamespace() {
|
|
56
|
+
const endOfNamespace = this.tupleString.indexOf(':');
|
|
57
|
+
const namespace = this.tupleString.substring(0, endOfNamespace);
|
|
58
|
+
this.tupleString = this.tupleString.slice(endOfNamespace + 1);
|
|
59
|
+
return namespace;
|
|
60
|
+
}
|
|
61
|
+
getObject() {
|
|
62
|
+
const endOfObject = this.tupleString.indexOf('#');
|
|
63
|
+
const object = this.tupleString.substring(0, endOfObject);
|
|
64
|
+
this.tupleString = this.tupleString.slice(endOfObject + 1);
|
|
65
|
+
return object;
|
|
66
|
+
}
|
|
67
|
+
getRelation() {
|
|
68
|
+
const endOfRelation = this.tupleString.indexOf('@');
|
|
69
|
+
const relation = this.tupleString.substring(0, endOfRelation > 0 ? endOfRelation : undefined);
|
|
70
|
+
this.tupleString = this.tupleString.slice(endOfRelation + 1);
|
|
71
|
+
return relation;
|
|
72
|
+
}
|
|
73
|
+
getSubjectSet() {
|
|
74
|
+
const namespace = this.getNamespace();
|
|
75
|
+
const object = this.getObject();
|
|
76
|
+
const relation = this.getRelation();
|
|
77
|
+
const subjectSet = {
|
|
78
|
+
namespace,
|
|
79
|
+
object,
|
|
80
|
+
relation,
|
|
81
|
+
};
|
|
82
|
+
return subjectSet;
|
|
83
|
+
}
|
|
84
|
+
isSubjectSet() {
|
|
85
|
+
return this.tupleString.includes(':') || this.tupleString.includes('#');
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
exports.RelationTupleConverter = RelationTupleConverter;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atls/nestjs-keto",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.6",
|
|
4
4
|
"license": "BSD-3-Clause",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"files": [
|
|
@@ -12,25 +12,31 @@
|
|
|
12
12
|
"postpack": "rm -rf dist"
|
|
13
13
|
},
|
|
14
14
|
"dependencies": {
|
|
15
|
-
"@
|
|
15
|
+
"@ory/keto-client": "0.11.0-alpha.0"
|
|
16
16
|
},
|
|
17
17
|
"devDependencies": {
|
|
18
18
|
"@nestjs/common": "patch:@nestjs/common@npm%3A10.2.5#~/.yarn/patches/@nestjs-common-npm-10.2.5-816dceeade.patch",
|
|
19
19
|
"@nestjs/core": "10.2.5",
|
|
20
|
-
"@nestjs/graphql": "
|
|
21
|
-
"@
|
|
22
|
-
"
|
|
23
|
-
"
|
|
24
|
-
"
|
|
20
|
+
"@nestjs/graphql": "12.0.10",
|
|
21
|
+
"@nestjs/testing": "10.2.5",
|
|
22
|
+
"@types/node": "18.19.6",
|
|
23
|
+
"@types/supertest": "6",
|
|
24
|
+
"apollo-server-core": "3.3.0",
|
|
25
|
+
"get-port": "5.1.1",
|
|
26
|
+
"graphql": "16.8.1",
|
|
27
|
+
"reflect-metadata": "0.2.1",
|
|
25
28
|
"rimraf": "3.0.2",
|
|
26
|
-
"rxjs": "
|
|
27
|
-
"
|
|
29
|
+
"rxjs": "7.8.1",
|
|
30
|
+
"supertest": "6.3.3",
|
|
31
|
+
"testcontainers": "10.4.0",
|
|
32
|
+
"ts-morph": "21.0.1",
|
|
33
|
+
"typescript": "4.6.4"
|
|
28
34
|
},
|
|
29
35
|
"peerDependencies": {
|
|
30
|
-
"@nestjs/common": "
|
|
31
|
-
"@nestjs/core": "
|
|
32
|
-
"reflect-metadata": "
|
|
33
|
-
"rxjs": "
|
|
36
|
+
"@nestjs/common": "*",
|
|
37
|
+
"@nestjs/core": "*",
|
|
38
|
+
"reflect-metadata": "*",
|
|
39
|
+
"rxjs": "*"
|
|
34
40
|
},
|
|
35
41
|
"publishConfig": {
|
|
36
42
|
"main": "dist/index.js",
|
package/dist/constants.d.ts
DELETED
package/dist/constants.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export declare const AccessPolicy: (flavor: string, resource: string, action: string) => import("@nestjs/common").CustomDecorator<string>;
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.AccessPolicy = void 0;
|
|
4
|
-
const common_1 = require("@nestjs/common");
|
|
5
|
-
const constants_1 = require("../constants");
|
|
6
|
-
const AccessPolicy = (flavor, resource, action) => (0, common_1.SetMetadata)(constants_1.ACCESS_POLICY_METADATA, { flavor, resource, action });
|
|
7
|
-
exports.AccessPolicy = AccessPolicy;
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
import { CanActivate } from '@nestjs/common';
|
|
2
|
-
import { ExecutionContext } from '@nestjs/common';
|
|
3
|
-
import { Reflector } from '@nestjs/core';
|
|
4
|
-
import { EnginesApi } from '@oryd/keto-client';
|
|
5
|
-
import { ResourceService } from '../services';
|
|
6
|
-
export declare class KetoAccessControlGuard implements CanActivate {
|
|
7
|
-
private reflector;
|
|
8
|
-
private keto;
|
|
9
|
-
private resourceService;
|
|
10
|
-
constructor(reflector: Reflector, keto: EnginesApi, resourceService: ResourceService);
|
|
11
|
-
getSubject(context: ExecutionContext): any;
|
|
12
|
-
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
13
|
-
}
|
|
@@ -1,61 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
-
};
|
|
8
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.KetoAccessControlGuard = void 0;
|
|
13
|
-
const common_1 = require("@nestjs/common");
|
|
14
|
-
const core_1 = require("@nestjs/core");
|
|
15
|
-
const graphql_1 = require("@nestjs/graphql");
|
|
16
|
-
const keto_client_1 = require("@oryd/keto-client");
|
|
17
|
-
const constants_1 = require("../constants");
|
|
18
|
-
const services_1 = require("../services");
|
|
19
|
-
let KetoAccessControlGuard = class KetoAccessControlGuard {
|
|
20
|
-
constructor(reflector, keto, resourceService) {
|
|
21
|
-
this.reflector = reflector;
|
|
22
|
-
this.keto = keto;
|
|
23
|
-
this.resourceService = resourceService;
|
|
24
|
-
}
|
|
25
|
-
getSubject(context) {
|
|
26
|
-
if (context.getType() === 'graphql') {
|
|
27
|
-
const gqlContext = graphql_1.GqlExecutionContext.create(context);
|
|
28
|
-
return gqlContext.getContext().user;
|
|
29
|
-
}
|
|
30
|
-
return context.switchToHttp().getRequest().get('x-user');
|
|
31
|
-
}
|
|
32
|
-
async canActivate(context) {
|
|
33
|
-
const subject = this.getSubject(context);
|
|
34
|
-
const policy = this.reflector.get(constants_1.ACCESS_POLICY_METADATA, context.getHandler());
|
|
35
|
-
if (!policy) {
|
|
36
|
-
return true;
|
|
37
|
-
}
|
|
38
|
-
if (!subject) {
|
|
39
|
-
return false;
|
|
40
|
-
}
|
|
41
|
-
try {
|
|
42
|
-
const { body } = await this.keto.doOryAccessControlPoliciesAllow(policy.flavor, {
|
|
43
|
-
subject,
|
|
44
|
-
resource: this.resourceService.withScope(policy.resource),
|
|
45
|
-
action: policy.action,
|
|
46
|
-
context: {},
|
|
47
|
-
});
|
|
48
|
-
return body.allowed;
|
|
49
|
-
}
|
|
50
|
-
catch (error) {
|
|
51
|
-
return false;
|
|
52
|
-
}
|
|
53
|
-
}
|
|
54
|
-
};
|
|
55
|
-
KetoAccessControlGuard = __decorate([
|
|
56
|
-
(0, common_1.Injectable)(),
|
|
57
|
-
__metadata("design:paramtypes", [core_1.Reflector,
|
|
58
|
-
keto_client_1.EnginesApi,
|
|
59
|
-
services_1.ResourceService])
|
|
60
|
-
], KetoAccessControlGuard);
|
|
61
|
-
exports.KetoAccessControlGuard = KetoAccessControlGuard;
|
package/dist/keto.module.d.ts
DELETED
package/dist/keto.module.js
DELETED
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
-
};
|
|
8
|
-
var KetoModule_1;
|
|
9
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
-
exports.KetoModule = void 0;
|
|
11
|
-
const common_1 = require("@nestjs/common");
|
|
12
|
-
const keto_client_1 = require("@oryd/keto-client");
|
|
13
|
-
const constants_1 = require("./constants");
|
|
14
|
-
const services_1 = require("./services");
|
|
15
|
-
let KetoModule = KetoModule_1 = class KetoModule {
|
|
16
|
-
static forRoot(options = {}) {
|
|
17
|
-
const enginesApiProvider = {
|
|
18
|
-
provide: keto_client_1.EnginesApi,
|
|
19
|
-
useFactory: () => new keto_client_1.EnginesApi((options.url || process.env.KETO_ENGINES_URL || '').replace(/\/+$/, '')),
|
|
20
|
-
};
|
|
21
|
-
const resourcesScopeProvider = {
|
|
22
|
-
provide: constants_1.RESOURCES_SCOPE,
|
|
23
|
-
useValue: options.scope,
|
|
24
|
-
};
|
|
25
|
-
const resourceServiceProvider = {
|
|
26
|
-
provide: services_1.ResourceService,
|
|
27
|
-
useClass: services_1.ResourceService,
|
|
28
|
-
};
|
|
29
|
-
return {
|
|
30
|
-
module: KetoModule_1,
|
|
31
|
-
providers: [enginesApiProvider, resourceServiceProvider, resourcesScopeProvider],
|
|
32
|
-
exports: [enginesApiProvider, resourceServiceProvider],
|
|
33
|
-
global: true,
|
|
34
|
-
};
|
|
35
|
-
}
|
|
36
|
-
};
|
|
37
|
-
KetoModule = KetoModule_1 = __decorate([
|
|
38
|
-
(0, common_1.Module)({})
|
|
39
|
-
], KetoModule);
|
|
40
|
-
exports.KetoModule = KetoModule;
|