@atproto/oauth-scopes 0.0.2 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +25 -0
- package/dist/atproto-oauth-scope.d.ts +12 -0
- package/dist/atproto-oauth-scope.d.ts.map +1 -0
- package/dist/atproto-oauth-scope.js +32 -0
- package/dist/atproto-oauth-scope.js.map +1 -0
- package/dist/index.d.ts +9 -13
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -13
- package/dist/index.js.map +1 -1
- package/dist/lib/lexicon.d.ts +2 -0
- package/dist/lib/lexicon.d.ts.map +1 -0
- package/dist/lib/lexicon.js +3 -0
- package/dist/lib/lexicon.js.map +1 -0
- package/dist/lib/mime.d.ts +1 -1
- package/dist/lib/mime.d.ts.map +1 -1
- package/dist/lib/mime.js +2 -0
- package/dist/lib/mime.js.map +1 -1
- package/dist/lib/nsid.d.ts +2 -2
- package/dist/lib/nsid.d.ts.map +1 -1
- package/dist/lib/nsid.js +4 -6
- package/dist/lib/nsid.js.map +1 -1
- package/dist/lib/parser.d.ts +29 -0
- package/dist/lib/parser.d.ts.map +1 -0
- package/dist/lib/parser.js +152 -0
- package/dist/lib/parser.js.map +1 -0
- package/dist/lib/resource-permission.d.ts +10 -0
- package/dist/lib/resource-permission.d.ts.map +1 -0
- package/dist/lib/resource-permission.js +3 -0
- package/dist/lib/resource-permission.js.map +1 -0
- package/dist/lib/syntax-lexicon.d.ts +26 -0
- package/dist/lib/syntax-lexicon.d.ts.map +1 -0
- package/dist/lib/syntax-lexicon.js +58 -0
- package/dist/lib/syntax-lexicon.js.map +1 -0
- package/dist/lib/syntax-string.d.ts +16 -0
- package/dist/lib/syntax-string.d.ts.map +1 -0
- package/dist/lib/syntax-string.js +121 -0
- package/dist/lib/syntax-string.js.map +1 -0
- package/dist/lib/syntax.d.ts +23 -0
- package/dist/lib/syntax.d.ts.map +1 -0
- package/dist/lib/syntax.js +22 -0
- package/dist/lib/syntax.js.map +1 -0
- package/dist/lib/util.d.ts +4 -1
- package/dist/lib/util.d.ts.map +1 -1
- package/dist/lib/util.js +4 -12
- package/dist/lib/util.js.map +1 -1
- package/dist/scope-permissions-transition.d.ts +15 -0
- package/dist/scope-permissions-transition.d.ts.map +1 -0
- package/dist/{permission-set-transition.js → scope-permissions-transition.js} +5 -5
- package/dist/scope-permissions-transition.js.map +1 -0
- package/dist/scope-permissions.d.ts +22 -0
- package/dist/scope-permissions.d.ts.map +1 -0
- package/dist/{permission-set.js → scope-permissions.js} +20 -16
- package/dist/scope-permissions.js.map +1 -0
- package/dist/scopes/account-permission.d.ts +35 -0
- package/dist/scopes/account-permission.d.ts.map +1 -0
- package/dist/scopes/account-permission.js +71 -0
- package/dist/scopes/account-permission.js.map +1 -0
- package/dist/scopes/blob-permission.d.ts +27 -0
- package/dist/scopes/blob-permission.d.ts.map +1 -0
- package/dist/scopes/blob-permission.js +86 -0
- package/dist/scopes/blob-permission.js.map +1 -0
- package/dist/scopes/identity-permission.d.ts +25 -0
- package/dist/scopes/identity-permission.d.ts.map +1 -0
- package/dist/scopes/identity-permission.js +53 -0
- package/dist/scopes/identity-permission.js.map +1 -0
- package/dist/scopes/include-scope.d.ts +54 -0
- package/dist/scopes/include-scope.d.ts.map +1 -0
- package/dist/scopes/include-scope.js +156 -0
- package/dist/scopes/include-scope.js.map +1 -0
- package/dist/scopes/repo-permission.d.ts +40 -0
- package/dist/scopes/repo-permission.d.ts.map +1 -0
- package/dist/scopes/repo-permission.js +101 -0
- package/dist/scopes/repo-permission.js.map +1 -0
- package/dist/scopes/rpc-permission.d.ts +38 -0
- package/dist/scopes/rpc-permission.d.ts.map +1 -0
- package/dist/scopes/rpc-permission.js +81 -0
- package/dist/scopes/rpc-permission.js.map +1 -0
- package/dist/scopes-set.d.ts +12 -1
- package/dist/scopes-set.d.ts.map +1 -1
- package/dist/scopes-set.js +49 -3
- package/dist/scopes-set.js.map +1 -1
- package/package.json +7 -3
- package/src/atproto-oauth-scope.ts +43 -0
- package/src/index.ts +10 -14
- package/src/lib/lexicon.ts +1 -0
- package/src/lib/mime.ts +2 -1
- package/src/lib/nsid.ts +5 -6
- package/src/lib/parser.ts +176 -0
- package/src/lib/resource-permission.ts +10 -0
- package/src/lib/syntax-lexicon.ts +55 -0
- package/src/lib/syntax-string.test.ts +130 -0
- package/src/lib/syntax-string.ts +132 -0
- package/src/lib/syntax.test.ts +43 -0
- package/src/lib/syntax.ts +47 -0
- package/src/lib/util.ts +7 -12
- package/src/{permission-set-transition.test.ts → scope-permissions-transition.test.ts} +33 -20
- package/src/{permission-set-transition.ts → scope-permissions-transition.ts} +11 -11
- package/src/{permission-set.test.ts → scope-permissions.test.ts} +77 -35
- package/src/scope-permissions.ts +91 -0
- package/src/{resources/account-scope.test.ts → scopes/account-permission.test.ts} +45 -33
- package/src/scopes/account-permission.ts +75 -0
- package/src/{resources/blob-scope.test.ts → scopes/blob-permission.test.ts} +31 -23
- package/src/scopes/blob-permission.ts +105 -0
- package/src/{resources/identity-scope.test.ts → scopes/identity-permission.test.ts} +13 -13
- package/src/scopes/identity-permission.ts +54 -0
- package/src/scopes/include-scope.test.ts +626 -0
- package/src/scopes/include-scope.ts +168 -0
- package/src/{resources/repo-scope.test.ts → scopes/repo-permission.test.ts} +77 -65
- package/src/scopes/repo-permission.ts +111 -0
- package/src/scopes/rpc-permission.test.ts +323 -0
- package/src/scopes/rpc-permission.ts +85 -0
- package/src/scopes-set.test.ts +5 -5
- package/src/scopes-set.ts +79 -5
- package/tsconfig.build.tsbuildinfo +1 -1
- package/tsconfig.tests.tsbuildinfo +1 -1
- package/dist/lib/did.d.ts +0 -3
- package/dist/lib/did.d.ts.map +0 -1
- package/dist/lib/did.js +0 -6
- package/dist/lib/did.js.map +0 -1
- package/dist/parser.d.ts +0 -31
- package/dist/parser.d.ts.map +0 -1
- package/dist/parser.js +0 -118
- package/dist/parser.js.map +0 -1
- package/dist/permission-set-transition.d.ts +0 -15
- package/dist/permission-set-transition.d.ts.map +0 -1
- package/dist/permission-set-transition.js.map +0 -1
- package/dist/permission-set.d.ts +0 -22
- package/dist/permission-set.d.ts.map +0 -1
- package/dist/permission-set.js.map +0 -1
- package/dist/resources/account-scope.d.ts +0 -35
- package/dist/resources/account-scope.d.ts.map +0 -1
- package/dist/resources/account-scope.js +0 -60
- package/dist/resources/account-scope.js.map +0 -1
- package/dist/resources/blob-scope.d.ts +0 -25
- package/dist/resources/blob-scope.d.ts.map +0 -1
- package/dist/resources/blob-scope.js +0 -74
- package/dist/resources/blob-scope.js.map +0 -1
- package/dist/resources/identity-scope.d.ts +0 -25
- package/dist/resources/identity-scope.d.ts.map +0 -1
- package/dist/resources/identity-scope.js +0 -46
- package/dist/resources/identity-scope.js.map +0 -1
- package/dist/resources/repo-scope.d.ts +0 -37
- package/dist/resources/repo-scope.d.ts.map +0 -1
- package/dist/resources/repo-scope.js +0 -92
- package/dist/resources/repo-scope.js.map +0 -1
- package/dist/resources/rpc-scope.d.ts +0 -31
- package/dist/resources/rpc-scope.d.ts.map +0 -1
- package/dist/resources/rpc-scope.js +0 -74
- package/dist/resources/rpc-scope.js.map +0 -1
- package/dist/syntax.d.ts +0 -76
- package/dist/syntax.d.ts.map +0 -1
- package/dist/syntax.js +0 -249
- package/dist/syntax.js.map +0 -1
- package/dist/utilities.d.ts +0 -17
- package/dist/utilities.d.ts.map +0 -1
- package/dist/utilities.js +0 -108
- package/dist/utilities.js.map +0 -1
- package/src/lib/did.ts +0 -3
- package/src/parser.ts +0 -150
- package/src/permission-set.ts +0 -78
- package/src/resources/account-scope.ts +0 -66
- package/src/resources/blob-scope.ts +0 -86
- package/src/resources/identity-scope.ts +0 -49
- package/src/resources/repo-scope.ts +0 -101
- package/src/resources/rpc-scope.test.ts +0 -280
- package/src/resources/rpc-scope.ts +0 -77
- package/src/syntax.test.ts +0 -203
- package/src/syntax.ts +0 -325
- package/src/utilities.ts +0 -109
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"blob-permission.js","sourceRoot":"","sources":["../../src/scopes/blob-permission.ts"],"names":[],"mappings":";;;AAAA,4CAAmE;AACnE,gDAAyC;AAEzC,8DAA2D;AAC3D,gDAMyB;AAIZ,QAAA,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAU,CAAC,CAAA;AAM7D,MAAa,cAAc;IAGzB,YAA4B,MAAyB;QAAzC;;;;mBAAgB,MAAM;WAAmB;IAAG,CAAC;IAEzD,OAAO,CAAC,OAA4B;QAClC,OAAO,IAAA,0BAAgB,EAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,CAAA;IACpD,CAAC;IAED,QAAQ;QACN,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC3C,CAAC;IAuBD,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,IAAA,4BAAgB,EAAC,KAAK,EAAE,MAAM,CAAC;YAAE,OAAO,IAAI,CAAA;QACjD,MAAM,MAAM,GAAG,oCAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA2B;QAC3C,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAA4B;QAChD,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC;YAClC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAc,CAAC;SACjC,CAAC,CAAA;IACJ,CAAC;;AAnDH,wCAoDC;AAvC2B;;;;WAAS,IAAI,kBAAM,CAC3C,MAAM,EACN;QACE,MAAM,EAAE;YACN,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,kBAAQ;YAClB,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;gBACnB,8DAA8D;gBAC9D,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAAE,OAAO,sBAAc,CAAA;gBAEhD,OAAO,KAAK;qBACT,GAAG,CAAC,WAAW,CAAC;qBAChB,MAAM,CAAC,cAAc,CAAC;qBACtB,IAAI,EAAqB,CAAA;YAC9B,CAAC;SACF;KACF,EACD,QAAQ,CACT;EAnB+B,CAmB/B;AAsBH,SAAS,WAAW,CAClB,KAAQ;IAER,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CACvB,CAAA;AACpC,CAAC;AAED,SAAS,cAAc,CACrB,KAAiB,EACjB,KAAa,EACb,GAA0B;IAE1B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,4EAA4E;QAC5E,8DAA8D;QAC9D,OAAO,IAAI,CAAA;IACb,CAAC;IACD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACnC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,IAAI,CAAC,EAAE,CAAC;QAC9B,wEAAwE;QACxE,2EAA2E;QAC3E,0EAA0E;QAC1E,MAAM;QACN,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { Parser } from '../lib/parser.js';
|
|
2
|
+
import { ResourcePermission } from '../lib/resource-permission.js';
|
|
3
|
+
import { ScopeSyntax } from '../lib/syntax.js';
|
|
4
|
+
export declare const IDENTITY_ATTRIBUTES: readonly ["handle", "*"];
|
|
5
|
+
export type IdentityAttribute = (typeof IDENTITY_ATTRIBUTES)[number];
|
|
6
|
+
export type IdentityPermissionMatch = {
|
|
7
|
+
attr: IdentityAttribute;
|
|
8
|
+
};
|
|
9
|
+
export declare class IdentityPermission implements ResourcePermission<'identity', IdentityPermissionMatch> {
|
|
10
|
+
readonly attr: IdentityAttribute;
|
|
11
|
+
constructor(attr: IdentityAttribute);
|
|
12
|
+
matches(options: IdentityPermissionMatch): boolean;
|
|
13
|
+
toString(): import("../lib/syntax.js").ScopeStringFor<"identity">;
|
|
14
|
+
protected static readonly parser: Parser<"identity", {
|
|
15
|
+
attr: {
|
|
16
|
+
multiple: false;
|
|
17
|
+
required: true;
|
|
18
|
+
validate: (value: unknown) => value is "*" | "handle";
|
|
19
|
+
};
|
|
20
|
+
}>;
|
|
21
|
+
static fromString(scope: string): IdentityPermission | null;
|
|
22
|
+
static fromSyntax(syntax: ScopeSyntax<'identity'>): IdentityPermission | null;
|
|
23
|
+
static scopeNeededFor(options: IdentityPermissionMatch): string;
|
|
24
|
+
}
|
|
25
|
+
//# sourceMappingURL=identity-permission.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/identity-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EAAE,WAAW,EAAoB,MAAM,kBAAkB,CAAA;AAGhE,eAAO,MAAM,mBAAmB,0BAA0C,CAAA;AAC1E,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,CAAC,CAAA;AAEpE,MAAM,MAAM,uBAAuB,GAAG;IACpC,IAAI,EAAE,iBAAiB,CAAA;CACxB,CAAA;AAED,qBAAa,kBACX,YAAW,kBAAkB,CAAC,UAAU,EAAE,uBAAuB,CAAC;aAEtC,IAAI,EAAE,iBAAiB;gBAAvB,IAAI,EAAE,iBAAiB;IAEnD,OAAO,CAAC,OAAO,EAAE,uBAAuB;IAIxC,QAAQ;IAIR,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;;;OAU/B;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM;IAM/B,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,UAAU,CAAC;IAMjD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,uBAAuB,GAAG,MAAM;CAGhE"}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.IdentityPermission = exports.IDENTITY_ATTRIBUTES = void 0;
|
|
4
|
+
const parser_js_1 = require("../lib/parser.js");
|
|
5
|
+
const syntax_string_js_1 = require("../lib/syntax-string.js");
|
|
6
|
+
const syntax_js_1 = require("../lib/syntax.js");
|
|
7
|
+
const util_js_1 = require("../lib/util.js");
|
|
8
|
+
exports.IDENTITY_ATTRIBUTES = Object.freeze(['handle', '*']);
|
|
9
|
+
class IdentityPermission {
|
|
10
|
+
constructor(attr) {
|
|
11
|
+
Object.defineProperty(this, "attr", {
|
|
12
|
+
enumerable: true,
|
|
13
|
+
configurable: true,
|
|
14
|
+
writable: true,
|
|
15
|
+
value: attr
|
|
16
|
+
});
|
|
17
|
+
}
|
|
18
|
+
matches(options) {
|
|
19
|
+
return this.attr === '*' || this.attr === options.attr;
|
|
20
|
+
}
|
|
21
|
+
toString() {
|
|
22
|
+
return IdentityPermission.parser.format(this);
|
|
23
|
+
}
|
|
24
|
+
static fromString(scope) {
|
|
25
|
+
if (!(0, syntax_js_1.isScopeStringFor)(scope, 'identity'))
|
|
26
|
+
return null;
|
|
27
|
+
const syntax = syntax_string_js_1.ScopeStringSyntax.fromString(scope);
|
|
28
|
+
return IdentityPermission.fromSyntax(syntax);
|
|
29
|
+
}
|
|
30
|
+
static fromSyntax(syntax) {
|
|
31
|
+
const result = IdentityPermission.parser.parse(syntax);
|
|
32
|
+
if (!result)
|
|
33
|
+
return null;
|
|
34
|
+
return new IdentityPermission(result.attr);
|
|
35
|
+
}
|
|
36
|
+
static scopeNeededFor(options) {
|
|
37
|
+
return IdentityPermission.parser.format(options);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
exports.IdentityPermission = IdentityPermission;
|
|
41
|
+
Object.defineProperty(IdentityPermission, "parser", {
|
|
42
|
+
enumerable: true,
|
|
43
|
+
configurable: true,
|
|
44
|
+
writable: true,
|
|
45
|
+
value: new parser_js_1.Parser('identity', {
|
|
46
|
+
attr: {
|
|
47
|
+
multiple: false,
|
|
48
|
+
required: true,
|
|
49
|
+
validate: (0, util_js_1.knownValuesValidator)(exports.IDENTITY_ATTRIBUTES),
|
|
50
|
+
},
|
|
51
|
+
}, 'attr')
|
|
52
|
+
});
|
|
53
|
+
//# sourceMappingURL=identity-permission.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-permission.js","sourceRoot":"","sources":["../../src/scopes/identity-permission.ts"],"names":[],"mappings":";;;AAAA,gDAAyC;AAEzC,8DAA2D;AAC3D,gDAAgE;AAChE,4CAAqD;AAExC,QAAA,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAU,CAAC,CAAA;AAO1E,MAAa,kBAAkB;IAG7B,YAA4B,IAAuB;QAAvC;;;;mBAAgB,IAAI;WAAmB;IAAG,CAAC;IAEvD,OAAO,CAAC,OAAgC;QACtC,OAAO,IAAI,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAA;IACxD,CAAC;IAED,QAAQ;QACN,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC/C,CAAC;IAcD,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,IAAA,4BAAgB,EAAC,KAAK,EAAE,UAAU,CAAC;YAAE,OAAO,IAAI,CAAA;QACrD,MAAM,MAAM,GAAG,oCAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC9C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA+B;QAC/C,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACtD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAAgC;QACpD,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAClD,CAAC;;AAvCH,gDAwCC;AA3B2B;;;;WAAS,IAAI,kBAAM,CAC3C,UAAU,EACV;QACE,IAAI,EAAE;YACJ,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAA,8BAAoB,EAAC,2BAAmB,CAAC;SACpD;KACF,EACD,MAAM,CACP;EAV+B,CAU/B"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import { AtprotoAudience } from '@atproto/did';
|
|
2
|
+
import { LexPermission, LexPermissionSet } from '../lib/lexicon.js';
|
|
3
|
+
import { Nsid, isNsid } from '../lib/nsid.js';
|
|
4
|
+
import { Parser } from '../lib/parser.js';
|
|
5
|
+
import { ScopeSyntax } from '../lib/syntax.js';
|
|
6
|
+
import { BlobPermission } from './blob-permission.js';
|
|
7
|
+
import { RepoPermission } from './repo-permission.js';
|
|
8
|
+
import { RpcPermission } from './rpc-permission.js';
|
|
9
|
+
export { type LexPermission, type LexPermissionSet, type Nsid, isNsid };
|
|
10
|
+
/**
|
|
11
|
+
* This is used to handle "include:" oauth scope values, used to include
|
|
12
|
+
* permissions from a lexicon defined permission set. Not being a resource
|
|
13
|
+
* permission, it does not implement `Matchable`.
|
|
14
|
+
*/
|
|
15
|
+
export declare class IncludeScope {
|
|
16
|
+
readonly nsid: Nsid;
|
|
17
|
+
readonly aud: undefined | AtprotoAudience;
|
|
18
|
+
constructor(nsid: Nsid, aud?: undefined | AtprotoAudience);
|
|
19
|
+
toString(): import("../lib/syntax.js").ScopeStringFor<"include">;
|
|
20
|
+
/**
|
|
21
|
+
* Converts an "include:" to the list of permissions it includes, based on the
|
|
22
|
+
* lexicon defined permission set.
|
|
23
|
+
*/
|
|
24
|
+
toPermissions(permissionSet: LexPermissionSet): (BlobPermission | RepoPermission | RpcPermission)[];
|
|
25
|
+
protected parsePermission(permission: LexPermission): BlobPermission | RepoPermission | RpcPermission | null;
|
|
26
|
+
/**
|
|
27
|
+
* Verifies that a permission included through a lexicon permission set is
|
|
28
|
+
* allowed in the context of the `include:` scope. This basically checks that
|
|
29
|
+
* the permission is "under" the namespace authority of the `include:` scope,
|
|
30
|
+
* and that it only contains "repo:", "rpc:", or "blob:" permissions.
|
|
31
|
+
*/
|
|
32
|
+
protected isAllowedPermission(permission: unknown): permission is RpcPermission | RepoPermission | BlobPermission;
|
|
33
|
+
/**
|
|
34
|
+
* Verifies that a permission item's nsid is under the same authority as the
|
|
35
|
+
* nsid of the lexicon itself (which is the same as the nsid of the `include:`
|
|
36
|
+
* scope).
|
|
37
|
+
*/
|
|
38
|
+
isParentAuthorityOf(otherNsid: '*' | Nsid): boolean;
|
|
39
|
+
protected static readonly parser: Parser<"include", {
|
|
40
|
+
nsid: {
|
|
41
|
+
multiple: false;
|
|
42
|
+
required: true;
|
|
43
|
+
validate: (v: unknown) => v is Nsid;
|
|
44
|
+
};
|
|
45
|
+
aud: {
|
|
46
|
+
multiple: false;
|
|
47
|
+
required: false;
|
|
48
|
+
validate: (value: unknown) => value is AtprotoAudience;
|
|
49
|
+
};
|
|
50
|
+
}>;
|
|
51
|
+
static fromString(scope: string): IncludeScope | null;
|
|
52
|
+
static fromSyntax(syntax: ScopeSyntax<'include'>): IncludeScope | null;
|
|
53
|
+
}
|
|
54
|
+
//# sourceMappingURL=include-scope.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"include-scope.d.ts","sourceRoot":"","sources":["../../src/scopes/include-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAqB,MAAM,cAAc,CAAA;AACjE,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AACnE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAGzC,OAAO,EAAE,WAAW,EAAoB,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,gBAAgB,EAAE,KAAK,IAAI,EAAE,MAAM,EAAE,CAAA;AAEvE;;;;GAIG;AACH,qBAAa,YAAY;aAEL,IAAI,EAAE,IAAI;aACV,GAAG,EAAE,SAAS,GAAG,eAAe;gBADhC,IAAI,EAAE,IAAI,EACV,GAAG,GAAE,SAAS,GAAG,eAA2B;IAG9D,QAAQ;IAIR;;;OAGG;IACH,aAAa,CAAC,aAAa,EAAE,gBAAgB;IAM7C,SAAS,CAAC,eAAe,CAAC,UAAU,EAAE,aAAa;IAoBnD;;;;;OAKG;IACH,SAAS,CAAC,mBAAmB,CAC3B,UAAU,EAAE,OAAO,GAClB,UAAU,IAAI,aAAa,GAAG,cAAc,GAAG,cAAc;IAgBhE;;;;OAIG;IACI,mBAAmB,CAAC,SAAS,EAAE,GAAG,GAAG,IAAI;IAgChD,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;;;;;;;;OAe/B;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM;IAM/B,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC;CAKjD"}
|
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.IncludeScope = exports.isNsid = void 0;
|
|
4
|
+
const did_1 = require("@atproto/did");
|
|
5
|
+
const nsid_js_1 = require("../lib/nsid.js");
|
|
6
|
+
Object.defineProperty(exports, "isNsid", { enumerable: true, get: function () { return nsid_js_1.isNsid; } });
|
|
7
|
+
const parser_js_1 = require("../lib/parser.js");
|
|
8
|
+
const syntax_lexicon_js_1 = require("../lib/syntax-lexicon.js");
|
|
9
|
+
const syntax_string_js_1 = require("../lib/syntax-string.js");
|
|
10
|
+
const syntax_js_1 = require("../lib/syntax.js");
|
|
11
|
+
const blob_permission_js_1 = require("./blob-permission.js");
|
|
12
|
+
const repo_permission_js_1 = require("./repo-permission.js");
|
|
13
|
+
const rpc_permission_js_1 = require("./rpc-permission.js");
|
|
14
|
+
/**
|
|
15
|
+
* This is used to handle "include:" oauth scope values, used to include
|
|
16
|
+
* permissions from a lexicon defined permission set. Not being a resource
|
|
17
|
+
* permission, it does not implement `Matchable`.
|
|
18
|
+
*/
|
|
19
|
+
class IncludeScope {
|
|
20
|
+
constructor(nsid, aud = undefined) {
|
|
21
|
+
Object.defineProperty(this, "nsid", {
|
|
22
|
+
enumerable: true,
|
|
23
|
+
configurable: true,
|
|
24
|
+
writable: true,
|
|
25
|
+
value: nsid
|
|
26
|
+
});
|
|
27
|
+
Object.defineProperty(this, "aud", {
|
|
28
|
+
enumerable: true,
|
|
29
|
+
configurable: true,
|
|
30
|
+
writable: true,
|
|
31
|
+
value: aud
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
toString() {
|
|
35
|
+
return IncludeScope.parser.format(this);
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Converts an "include:" to the list of permissions it includes, based on the
|
|
39
|
+
* lexicon defined permission set.
|
|
40
|
+
*/
|
|
41
|
+
toPermissions(permissionSet) {
|
|
42
|
+
return permissionSet.permissions
|
|
43
|
+
.map(this.parsePermission, this)
|
|
44
|
+
.filter(this.isAllowedPermission, this);
|
|
45
|
+
}
|
|
46
|
+
parsePermission(permission) {
|
|
47
|
+
if (permission.resource === 'rpc' &&
|
|
48
|
+
permission.inheritAud === true &&
|
|
49
|
+
permission.aud === undefined &&
|
|
50
|
+
this.aud !== undefined) {
|
|
51
|
+
// "rpc" permissions can "inherit" their audience from "aud" param defined
|
|
52
|
+
// in the "include:<nsid>?aud=<audience>" scope the permission set was
|
|
53
|
+
// loaded from.
|
|
54
|
+
return parsePermission({
|
|
55
|
+
...permission,
|
|
56
|
+
inheritAud: undefined,
|
|
57
|
+
aud: this.aud,
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
return parsePermission(permission);
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Verifies that a permission included through a lexicon permission set is
|
|
64
|
+
* allowed in the context of the `include:` scope. This basically checks that
|
|
65
|
+
* the permission is "under" the namespace authority of the `include:` scope,
|
|
66
|
+
* and that it only contains "repo:", "rpc:", or "blob:" permissions.
|
|
67
|
+
*/
|
|
68
|
+
isAllowedPermission(permission) {
|
|
69
|
+
if (permission instanceof rpc_permission_js_1.RpcPermission) {
|
|
70
|
+
return permission.lxm.every(this.isParentAuthorityOf, this);
|
|
71
|
+
}
|
|
72
|
+
if (permission instanceof repo_permission_js_1.RepoPermission) {
|
|
73
|
+
return permission.collection.every(this.isParentAuthorityOf, this);
|
|
74
|
+
}
|
|
75
|
+
if (permission instanceof blob_permission_js_1.BlobPermission) {
|
|
76
|
+
return true;
|
|
77
|
+
}
|
|
78
|
+
return false;
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
81
|
+
* Verifies that a permission item's nsid is under the same authority as the
|
|
82
|
+
* nsid of the lexicon itself (which is the same as the nsid of the `include:`
|
|
83
|
+
* scope).
|
|
84
|
+
*/
|
|
85
|
+
isParentAuthorityOf(otherNsid) {
|
|
86
|
+
if (otherNsid === '*') {
|
|
87
|
+
return false;
|
|
88
|
+
}
|
|
89
|
+
const lexiconNsid = this.nsid;
|
|
90
|
+
const groupPrefixEnd = lexiconNsid.lastIndexOf('.');
|
|
91
|
+
// There should always be a dot, but since this is a security feature, let's
|
|
92
|
+
// be strict about it.
|
|
93
|
+
if (groupPrefixEnd === -1) {
|
|
94
|
+
throw new TypeError('Dot character (".") missing from lexicon NSID');
|
|
95
|
+
}
|
|
96
|
+
// Make sure that otherNsid is at least as long as the "group prefix"
|
|
97
|
+
if (groupPrefixEnd >= otherNsid.length - 1) {
|
|
98
|
+
return false;
|
|
99
|
+
}
|
|
100
|
+
// Make sure that the "otherNsid" starts with the group of the lexiconNsid,
|
|
101
|
+
// up to the dot itself. We check in reverse order as nsids tend to have
|
|
102
|
+
// long common prefixes.
|
|
103
|
+
for (let i = groupPrefixEnd; i >= 0; i--) {
|
|
104
|
+
if (lexiconNsid.charCodeAt(i) !== otherNsid.charCodeAt(i)) {
|
|
105
|
+
return false;
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
return true;
|
|
109
|
+
}
|
|
110
|
+
static fromString(scope) {
|
|
111
|
+
if (!(0, syntax_js_1.isScopeStringFor)(scope, 'include'))
|
|
112
|
+
return null;
|
|
113
|
+
const syntax = syntax_string_js_1.ScopeStringSyntax.fromString(scope);
|
|
114
|
+
return IncludeScope.fromSyntax(syntax);
|
|
115
|
+
}
|
|
116
|
+
static fromSyntax(syntax) {
|
|
117
|
+
const result = IncludeScope.parser.parse(syntax);
|
|
118
|
+
if (!result)
|
|
119
|
+
return null;
|
|
120
|
+
return new IncludeScope(result.nsid, result.aud);
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
exports.IncludeScope = IncludeScope;
|
|
124
|
+
Object.defineProperty(IncludeScope, "parser", {
|
|
125
|
+
enumerable: true,
|
|
126
|
+
configurable: true,
|
|
127
|
+
writable: true,
|
|
128
|
+
value: new parser_js_1.Parser('include', {
|
|
129
|
+
nsid: {
|
|
130
|
+
multiple: false,
|
|
131
|
+
required: true,
|
|
132
|
+
validate: nsid_js_1.isNsid,
|
|
133
|
+
},
|
|
134
|
+
aud: {
|
|
135
|
+
multiple: false,
|
|
136
|
+
required: false,
|
|
137
|
+
validate: did_1.isAtprotoAudience,
|
|
138
|
+
},
|
|
139
|
+
}, 'nsid')
|
|
140
|
+
});
|
|
141
|
+
function parsePermission(permission) {
|
|
142
|
+
if (isPermissionForResource(permission, 'repo')) {
|
|
143
|
+
return repo_permission_js_1.RepoPermission.fromSyntax(new syntax_lexicon_js_1.LexPermissionSyntax(permission));
|
|
144
|
+
}
|
|
145
|
+
if (isPermissionForResource(permission, 'rpc')) {
|
|
146
|
+
return rpc_permission_js_1.RpcPermission.fromSyntax(new syntax_lexicon_js_1.LexPermissionSyntax(permission));
|
|
147
|
+
}
|
|
148
|
+
if (isPermissionForResource(permission, 'blob')) {
|
|
149
|
+
return blob_permission_js_1.BlobPermission.fromSyntax(new syntax_lexicon_js_1.LexPermissionSyntax(permission));
|
|
150
|
+
}
|
|
151
|
+
return null;
|
|
152
|
+
}
|
|
153
|
+
function isPermissionForResource(permission, type) {
|
|
154
|
+
return permission.resource === type;
|
|
155
|
+
}
|
|
156
|
+
//# sourceMappingURL=include-scope.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"include-scope.js","sourceRoot":"","sources":["../../src/scopes/include-scope.ts"],"names":[],"mappings":";;;AAAA,sCAAiE;AAEjE,4CAA6C;AASkB,uFAThD,gBAAM,OASgD;AARrE,gDAAyC;AACzC,gEAA8D;AAC9D,8DAA2D;AAC3D,gDAAgE;AAChE,6DAAqD;AACrD,6DAAqD;AACrD,2DAAmD;AAInD;;;;GAIG;AACH,MAAa,YAAY;IACvB,YACkB,IAAU,EACV,MAAmC,SAAS;QAD5D;;;;mBAAgB,IAAI;WAAM;QAC1B;;;;mBAAgB,GAAG;WAAyC;IAC3D,CAAC;IAEJ,QAAQ;QACN,OAAO,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IACzC,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,aAA+B;QAC3C,OAAO,aAAa,CAAC,WAAW;aAC7B,GAAG,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC;aAC/B,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA;IAC3C,CAAC;IAES,eAAe,CAAC,UAAyB;QACjD,IACE,UAAU,CAAC,QAAQ,KAAK,KAAK;YAC7B,UAAU,CAAC,UAAU,KAAK,IAAI;YAC9B,UAAU,CAAC,GAAG,KAAK,SAAS;YAC5B,IAAI,CAAC,GAAG,KAAK,SAAS,EACtB,CAAC;YACD,0EAA0E;YAC1E,sEAAsE;YACtE,eAAe;YACf,OAAO,eAAe,CAAC;gBACrB,GAAG,UAAU;gBACb,UAAU,EAAE,SAAS;gBACrB,GAAG,EAAE,IAAI,CAAC,GAAG;aACd,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,eAAe,CAAC,UAAU,CAAC,CAAA;IACpC,CAAC;IAED;;;;;OAKG;IACO,mBAAmB,CAC3B,UAAmB;QAEnB,IAAI,UAAU,YAAY,iCAAa,EAAE,CAAC;YACxC,OAAO,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA;QAC7D,CAAC;QAED,IAAI,UAAU,YAAY,mCAAc,EAAE,CAAC;YACzC,OAAO,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA;QACpE,CAAC;QAED,IAAI,UAAU,YAAY,mCAAc,EAAE,CAAC;YACzC,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,SAAqB;QAC9C,IAAI,SAAS,KAAK,GAAG,EAAE,CAAC;YACtB,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAA;QAE7B,MAAM,cAAc,GAAG,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QAEnD,4EAA4E;QAC5E,sBAAsB;QACtB,IAAI,cAAc,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAA;QACtE,CAAC;QAED,qEAAqE;QACrE,IAAI,cAAc,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAA;QACd,CAAC;QAED,2EAA2E;QAC3E,wEAAwE;QACxE,wBAAwB;QACxB,KAAK,IAAI,CAAC,GAAG,cAAc,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,IAAI,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1D,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAmBD,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,IAAA,4BAAgB,EAAC,KAAK,EAAE,SAAS,CAAC;YAAE,OAAO,IAAI,CAAA;QACpD,MAAM,MAAM,GAAG,oCAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACxC,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA8B;QAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,OAAO,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;IAClD,CAAC;;AAhIH,oCAiIC;AA5B2B;;;;WAAS,IAAI,kBAAM,CAC3C,SAAS,EACT;QACE,IAAI,EAAE;YACJ,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,gBAAM;SACjB;QACD,GAAG,EAAE;YACH,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,uBAAiB;SAC5B;KACF,EACD,MAAM,CACP;EAf+B,CAe/B;AAeH,SAAS,eAAe,CAAC,UAAyB;IAChD,IAAI,uBAAuB,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;QAChD,OAAO,mCAAc,CAAC,UAAU,CAAC,IAAI,uCAAmB,CAAC,UAAU,CAAC,CAAC,CAAA;IACvE,CAAC;IACD,IAAI,uBAAuB,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC;QAC/C,OAAO,iCAAa,CAAC,UAAU,CAAC,IAAI,uCAAmB,CAAC,UAAU,CAAC,CAAC,CAAA;IACtE,CAAC;IACD,IAAI,uBAAuB,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;QAChD,OAAO,mCAAc,CAAC,UAAU,CAAC,IAAI,uCAAmB,CAAC,UAAU,CAAC,CAAC,CAAA;IACvE,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,uBAAuB,CAC9B,UAAa,EACb,IAAO;IAEP,OAAO,UAAU,CAAC,QAAQ,KAAK,IAAI,CAAA;AACrC,CAAC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import { Nsid, isNsid } from '../lib/nsid.js';
|
|
2
|
+
import { Parser } from '../lib/parser.js';
|
|
3
|
+
import { ResourcePermission } from '../lib/resource-permission.js';
|
|
4
|
+
import { NeArray, NeRoArray, ScopeSyntax } from '../lib/syntax.js';
|
|
5
|
+
export { type Nsid, isNsid };
|
|
6
|
+
export declare const REPO_ACTIONS: readonly ["create", "update", "delete"];
|
|
7
|
+
export type RepoAction = (typeof REPO_ACTIONS)[number];
|
|
8
|
+
export declare const isRepoAction: (value: unknown) => value is "delete" | "create" | "update";
|
|
9
|
+
export type CollectionParam = '*' | Nsid;
|
|
10
|
+
export declare const isCollectionParam: (value: unknown) => value is CollectionParam;
|
|
11
|
+
export type RepoPermissionMatch = {
|
|
12
|
+
collection: string;
|
|
13
|
+
action: RepoAction;
|
|
14
|
+
};
|
|
15
|
+
export declare class RepoPermission implements ResourcePermission<'repo', RepoPermissionMatch> {
|
|
16
|
+
readonly collection: NeRoArray<'*' | Nsid>;
|
|
17
|
+
readonly action: NeRoArray<RepoAction>;
|
|
18
|
+
constructor(collection: NeRoArray<'*' | Nsid>, action: NeRoArray<RepoAction>);
|
|
19
|
+
matches({ action, collection }: RepoPermissionMatch): boolean;
|
|
20
|
+
toString(): import("../lib/syntax.js").ScopeStringFor<"repo">;
|
|
21
|
+
protected static readonly parser: Parser<"repo", {
|
|
22
|
+
collection: {
|
|
23
|
+
multiple: true;
|
|
24
|
+
required: true;
|
|
25
|
+
validate: (value: unknown) => value is CollectionParam;
|
|
26
|
+
normalize: (value: NeRoArray<import("../lib/syntax.js").ParamValue>) => readonly ["*"] | NeArray<`${string}.${string}.${string}`> | ["*" | `${string}.${string}.${string}`];
|
|
27
|
+
};
|
|
28
|
+
action: {
|
|
29
|
+
multiple: true;
|
|
30
|
+
required: false;
|
|
31
|
+
validate: (value: unknown) => value is "delete" | "create" | "update";
|
|
32
|
+
default: readonly ["create", "update", "delete"];
|
|
33
|
+
normalize: (value: NeRoArray<import("../lib/syntax.js").ParamValue>) => readonly ["create", "update", "delete"] | NeArray<"delete" | "create" | "update">;
|
|
34
|
+
};
|
|
35
|
+
}>;
|
|
36
|
+
static fromString(scope: string): RepoPermission | null;
|
|
37
|
+
static fromSyntax(syntax: ScopeSyntax<'repo'>): RepoPermission | null;
|
|
38
|
+
static scopeNeededFor(options: RepoPermissionMatch): string;
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=repo-permission.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"repo-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/repo-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EACL,OAAO,EACP,SAAS,EACT,WAAW,EAEZ,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EAAE,KAAK,IAAI,EAAE,MAAM,EAAE,CAAA;AAE5B,eAAO,MAAM,YAAY,yCAId,CAAA;AACX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAAA;AACtD,eAAO,MAAM,YAAY,6DAAqC,CAAA;AAE9D,MAAM,MAAM,eAAe,GAAG,GAAG,GAAG,IAAI,CAAA;AACxC,eAAO,MAAM,iBAAiB,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,eAC5B,CAAA;AAEhC,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,UAAU,CAAA;CACnB,CAAA;AAED,qBAAa,cACX,YAAW,kBAAkB,CAAC,MAAM,EAAE,mBAAmB,CAAC;aAGxC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC;aACjC,MAAM,EAAE,SAAS,CAAC,UAAU,CAAC;gBAD7B,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,EACjC,MAAM,EAAE,SAAS,CAAC,UAAU,CAAC;IAG/C,OAAO,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,mBAAmB;IAQnD,QAAQ;IAIR,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;8BA5BO,OAAO,KAAG,KAAK,IAAI,eAAe;;;;;;;;;;OAwDxE;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IAMvD,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,cAAc,GAAG,IAAI;IAOrE,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM;CAM5D"}
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RepoPermission = exports.isCollectionParam = exports.isRepoAction = exports.REPO_ACTIONS = exports.isNsid = void 0;
|
|
4
|
+
const nsid_js_1 = require("../lib/nsid.js");
|
|
5
|
+
Object.defineProperty(exports, "isNsid", { enumerable: true, get: function () { return nsid_js_1.isNsid; } });
|
|
6
|
+
const parser_js_1 = require("../lib/parser.js");
|
|
7
|
+
const syntax_string_js_1 = require("../lib/syntax-string.js");
|
|
8
|
+
const syntax_js_1 = require("../lib/syntax.js");
|
|
9
|
+
const util_js_1 = require("../lib/util.js");
|
|
10
|
+
exports.REPO_ACTIONS = Object.freeze([
|
|
11
|
+
'create',
|
|
12
|
+
'update',
|
|
13
|
+
'delete',
|
|
14
|
+
]);
|
|
15
|
+
exports.isRepoAction = (0, util_js_1.knownValuesValidator)(exports.REPO_ACTIONS);
|
|
16
|
+
const isCollectionParam = (value) => value === '*' || (0, nsid_js_1.isNsid)(value);
|
|
17
|
+
exports.isCollectionParam = isCollectionParam;
|
|
18
|
+
class RepoPermission {
|
|
19
|
+
constructor(collection, action) {
|
|
20
|
+
Object.defineProperty(this, "collection", {
|
|
21
|
+
enumerable: true,
|
|
22
|
+
configurable: true,
|
|
23
|
+
writable: true,
|
|
24
|
+
value: collection
|
|
25
|
+
});
|
|
26
|
+
Object.defineProperty(this, "action", {
|
|
27
|
+
enumerable: true,
|
|
28
|
+
configurable: true,
|
|
29
|
+
writable: true,
|
|
30
|
+
value: action
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
matches({ action, collection }) {
|
|
34
|
+
return (this.action.includes(action) &&
|
|
35
|
+
(this.collection.includes('*') ||
|
|
36
|
+
this.collection.includes(collection)));
|
|
37
|
+
}
|
|
38
|
+
toString() {
|
|
39
|
+
return RepoPermission.parser.format(this);
|
|
40
|
+
}
|
|
41
|
+
static fromString(scope) {
|
|
42
|
+
if (!(0, syntax_js_1.isScopeStringFor)(scope, 'repo'))
|
|
43
|
+
return null;
|
|
44
|
+
const syntax = syntax_string_js_1.ScopeStringSyntax.fromString(scope);
|
|
45
|
+
return RepoPermission.fromSyntax(syntax);
|
|
46
|
+
}
|
|
47
|
+
static fromSyntax(syntax) {
|
|
48
|
+
const result = RepoPermission.parser.parse(syntax);
|
|
49
|
+
if (!result)
|
|
50
|
+
return null;
|
|
51
|
+
return new RepoPermission(result.collection, result.action);
|
|
52
|
+
}
|
|
53
|
+
static scopeNeededFor(options) {
|
|
54
|
+
return RepoPermission.parser.format({
|
|
55
|
+
collection: [options.collection],
|
|
56
|
+
action: [options.action],
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
exports.RepoPermission = RepoPermission;
|
|
61
|
+
Object.defineProperty(RepoPermission, "parser", {
|
|
62
|
+
enumerable: true,
|
|
63
|
+
configurable: true,
|
|
64
|
+
writable: true,
|
|
65
|
+
value: new parser_js_1.Parser('repo', {
|
|
66
|
+
collection: {
|
|
67
|
+
multiple: true,
|
|
68
|
+
required: true,
|
|
69
|
+
validate: exports.isCollectionParam,
|
|
70
|
+
normalize: (value) => {
|
|
71
|
+
if (value.length > 1) {
|
|
72
|
+
if (value.includes('*'))
|
|
73
|
+
return ['*'];
|
|
74
|
+
return [...new Set(value)].sort();
|
|
75
|
+
}
|
|
76
|
+
return value;
|
|
77
|
+
},
|
|
78
|
+
},
|
|
79
|
+
action: {
|
|
80
|
+
multiple: true,
|
|
81
|
+
required: false,
|
|
82
|
+
validate: exports.isRepoAction,
|
|
83
|
+
default: exports.REPO_ACTIONS,
|
|
84
|
+
normalize: (value) => {
|
|
85
|
+
return value === exports.REPO_ACTIONS
|
|
86
|
+
? exports.REPO_ACTIONS // No need to filter if the default was used
|
|
87
|
+
: exports.REPO_ACTIONS.filter(includedIn, value);
|
|
88
|
+
},
|
|
89
|
+
},
|
|
90
|
+
}, 'collection')
|
|
91
|
+
});
|
|
92
|
+
/**
|
|
93
|
+
* Special utility function to be used as predicate for array methods like
|
|
94
|
+
* `Array.prototype.includes`, etc. When used as predicate, it expects that
|
|
95
|
+
* the array method is called with a `thisArg` that is a readonly array of
|
|
96
|
+
* the same type as the `value` parameter.
|
|
97
|
+
*/
|
|
98
|
+
function includedIn(value) {
|
|
99
|
+
return this.includes(value);
|
|
100
|
+
}
|
|
101
|
+
//# sourceMappingURL=repo-permission.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"repo-permission.js","sourceRoot":"","sources":["../../src/scopes/repo-permission.ts"],"names":[],"mappings":";;;AAAA,4CAA6C;AAYzB,uFAZL,gBAAM,OAYK;AAX1B,gDAAyC;AAEzC,8DAA2D;AAC3D,gDAKyB;AACzB,4CAAqD;AAIxC,QAAA,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;IACxC,QAAQ;IACR,QAAQ;IACR,QAAQ;CACA,CAAC,CAAA;AAEE,QAAA,YAAY,GAAG,IAAA,8BAAoB,EAAC,oBAAY,CAAC,CAAA;AAGvD,MAAM,iBAAiB,GAAG,CAAC,KAAc,EAA4B,EAAE,CAC5E,KAAK,KAAK,GAAG,IAAI,IAAA,gBAAM,EAAC,KAAK,CAAC,CAAA;AADnB,QAAA,iBAAiB,qBACE;AAOhC,MAAa,cAAc;IAGzB,YACkB,UAAiC,EACjC,MAA6B;QAD7C;;;;mBAAgB,UAAU;WAAuB;QACjD;;;;mBAAgB,MAAM;WAAuB;IAC5C,CAAC;IAEJ,OAAO,CAAC,EAAE,MAAM,EAAE,UAAU,EAAuB;QACjD,OAAO,CACL,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5B,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC3B,IAAI,CAAC,UAAgC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAC/D,CAAA;IACH,CAAC;IAED,QAAQ;QACN,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC3C,CAAC;IAgCD,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,IAAA,4BAAgB,EAAC,KAAK,EAAE,MAAM,CAAC;YAAE,OAAO,IAAI,CAAA;QACjD,MAAM,MAAM,GAAG,oCAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA2B;QAC3C,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;IAC7D,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAA4B;QAChD,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC;YAClC,UAAU,EAAE,CAAC,OAAO,CAAC,UAAwB,CAAC;YAC9C,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;SACzB,CAAC,CAAA;IACJ,CAAC;;AApEH,wCAqEC;AAjD2B;;;;WAAS,IAAI,kBAAM,CAC3C,MAAM,EACN;QACE,UAAU,EAAE;YACV,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,yBAAiB;YAC3B,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;gBACnB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;wBAAE,OAAO,CAAC,GAAG,CAAU,CAAA;oBAC9C,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAmB,CAAA;gBACpD,CAAC;gBACD,OAAO,KAAqB,CAAA;YAC9B,CAAC;SACF;QACD,MAAM,EAAE;YACN,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,oBAAY;YACtB,OAAO,EAAE,oBAAY;YACrB,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;gBACnB,OAAO,KAAK,KAAK,oBAAY;oBAC3B,CAAC,CAAC,oBAAY,CAAC,4CAA4C;oBAC3D,CAAC,CAAE,oBAAY,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAyB,CAAA;YACrE,CAAC;SACF;KACF,EACD,YAAY,CACb;EA5B+B,CA4B/B;AAuBH;;;;;GAKG;AACH,SAAS,UAAU,CAAwB,KAAQ;IACjD,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC7B,CAAC"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import { AtprotoAudience, isAtprotoAudience } from '@atproto/did';
|
|
2
|
+
import { Nsid, isNsid } from '../lib/nsid.js';
|
|
3
|
+
import { Parser } from '../lib/parser.js';
|
|
4
|
+
import { ResourcePermission } from '../lib/resource-permission.js';
|
|
5
|
+
import { NeRoArray, ScopeSyntax } from '../lib/syntax.js';
|
|
6
|
+
export { type AtprotoAudience, type Nsid, isAtprotoAudience, isNsid };
|
|
7
|
+
export type LxmParam = '*' | Nsid;
|
|
8
|
+
export declare const isLxmParam: (value: unknown) => value is LxmParam;
|
|
9
|
+
export type AudParam = '*' | AtprotoAudience;
|
|
10
|
+
export declare const isAudParam: (value: unknown) => value is AudParam;
|
|
11
|
+
export type RpcPermissionMatch = {
|
|
12
|
+
lxm: string;
|
|
13
|
+
aud: string;
|
|
14
|
+
};
|
|
15
|
+
export declare class RpcPermission implements ResourcePermission<'rpc', RpcPermissionMatch> {
|
|
16
|
+
readonly aud: '*' | AtprotoAudience;
|
|
17
|
+
readonly lxm: NeRoArray<'*' | Nsid>;
|
|
18
|
+
constructor(aud: '*' | AtprotoAudience, lxm: NeRoArray<'*' | Nsid>);
|
|
19
|
+
matches(options: RpcPermissionMatch): boolean;
|
|
20
|
+
toString(): import("../lib/syntax.js").ScopeStringFor<"rpc">;
|
|
21
|
+
protected static readonly parser: Parser<"rpc", {
|
|
22
|
+
lxm: {
|
|
23
|
+
multiple: true;
|
|
24
|
+
required: true;
|
|
25
|
+
validate: (value: unknown) => value is LxmParam;
|
|
26
|
+
normalize: (value: NeRoArray<import("../lib/syntax.js").ParamValue>) => readonly ["*"] | [`${string}.${string}.${string}`, ...`${string}.${string}.${string}`[]];
|
|
27
|
+
};
|
|
28
|
+
aud: {
|
|
29
|
+
multiple: false;
|
|
30
|
+
required: true;
|
|
31
|
+
validate: (value: unknown) => value is AudParam;
|
|
32
|
+
};
|
|
33
|
+
}>;
|
|
34
|
+
static fromString(scope: string): RpcPermission | null;
|
|
35
|
+
static fromSyntax(syntax: ScopeSyntax<'rpc'>): RpcPermission | null;
|
|
36
|
+
static scopeNeededFor(options: RpcPermissionMatch): string;
|
|
37
|
+
}
|
|
38
|
+
//# sourceMappingURL=rpc-permission.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rpc-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/rpc-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AACjE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAoB,MAAM,kBAAkB,CAAA;AAE3E,OAAO,EAAE,KAAK,eAAe,EAAE,KAAK,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,CAAA;AAErE,MAAM,MAAM,QAAQ,GAAG,GAAG,GAAG,IAAI,CAAA;AACjC,eAAO,MAAM,UAAU,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,QACrB,CAAA;AAChC,MAAM,MAAM,QAAQ,GAAG,GAAG,GAAG,eAAe,CAAA;AAC5C,eAAO,MAAM,UAAU,GAAI,OAAO,OAAO,KAAG,KAAK,IAAI,QACV,CAAA;AAE3C,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,qBAAa,aACX,YAAW,kBAAkB,CAAC,KAAK,EAAE,kBAAkB,CAAC;aAGtC,GAAG,EAAE,GAAG,GAAG,eAAe;aAC1B,GAAG,EAAE,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC;gBAD1B,GAAG,EAAE,GAAG,GAAG,eAAe,EAC1B,GAAG,EAAE,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC;IAG5C,OAAO,CAAC,OAAO,EAAE,kBAAkB;IAQnC,QAAQ;IAIR,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;8BA/BA,OAAO,KAAG,KAAK,IAAI,QAAQ;;;;;;8BAG3B,OAAO,KAAG,KAAK,IAAI,QAAQ;;OA+C1D;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;IAMtD,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,GAAG,aAAa,GAAG,IAAI;IAUnE,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,MAAM;CAM3D"}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RpcPermission = exports.isAudParam = exports.isLxmParam = exports.isNsid = exports.isAtprotoAudience = void 0;
|
|
4
|
+
const did_1 = require("@atproto/did");
|
|
5
|
+
Object.defineProperty(exports, "isAtprotoAudience", { enumerable: true, get: function () { return did_1.isAtprotoAudience; } });
|
|
6
|
+
const nsid_js_1 = require("../lib/nsid.js");
|
|
7
|
+
Object.defineProperty(exports, "isNsid", { enumerable: true, get: function () { return nsid_js_1.isNsid; } });
|
|
8
|
+
const parser_js_1 = require("../lib/parser.js");
|
|
9
|
+
const syntax_string_js_1 = require("../lib/syntax-string.js");
|
|
10
|
+
const syntax_js_1 = require("../lib/syntax.js");
|
|
11
|
+
const isLxmParam = (value) => value === '*' || (0, nsid_js_1.isNsid)(value);
|
|
12
|
+
exports.isLxmParam = isLxmParam;
|
|
13
|
+
const isAudParam = (value) => value === '*' || (0, did_1.isAtprotoAudience)(value);
|
|
14
|
+
exports.isAudParam = isAudParam;
|
|
15
|
+
class RpcPermission {
|
|
16
|
+
constructor(aud, lxm) {
|
|
17
|
+
Object.defineProperty(this, "aud", {
|
|
18
|
+
enumerable: true,
|
|
19
|
+
configurable: true,
|
|
20
|
+
writable: true,
|
|
21
|
+
value: aud
|
|
22
|
+
});
|
|
23
|
+
Object.defineProperty(this, "lxm", {
|
|
24
|
+
enumerable: true,
|
|
25
|
+
configurable: true,
|
|
26
|
+
writable: true,
|
|
27
|
+
value: lxm
|
|
28
|
+
});
|
|
29
|
+
}
|
|
30
|
+
matches(options) {
|
|
31
|
+
const { aud, lxm } = this;
|
|
32
|
+
return ((aud === '*' || aud === options.aud) &&
|
|
33
|
+
(lxm.includes('*') || lxm.includes(options.lxm)));
|
|
34
|
+
}
|
|
35
|
+
toString() {
|
|
36
|
+
return RpcPermission.parser.format(this);
|
|
37
|
+
}
|
|
38
|
+
static fromString(scope) {
|
|
39
|
+
if (!(0, syntax_js_1.isScopeStringFor)(scope, 'rpc'))
|
|
40
|
+
return null;
|
|
41
|
+
const syntax = syntax_string_js_1.ScopeStringSyntax.fromString(scope);
|
|
42
|
+
return RpcPermission.fromSyntax(syntax);
|
|
43
|
+
}
|
|
44
|
+
static fromSyntax(syntax) {
|
|
45
|
+
const result = RpcPermission.parser.parse(syntax);
|
|
46
|
+
if (!result)
|
|
47
|
+
return null;
|
|
48
|
+
// rpc:*?aud=* is forbidden
|
|
49
|
+
if (result.aud === '*' && result.lxm.includes('*'))
|
|
50
|
+
return null;
|
|
51
|
+
return new RpcPermission(result.aud, result.lxm);
|
|
52
|
+
}
|
|
53
|
+
static scopeNeededFor(options) {
|
|
54
|
+
return RpcPermission.parser.format({
|
|
55
|
+
aud: options.aud,
|
|
56
|
+
lxm: [options.lxm],
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
exports.RpcPermission = RpcPermission;
|
|
61
|
+
Object.defineProperty(RpcPermission, "parser", {
|
|
62
|
+
enumerable: true,
|
|
63
|
+
configurable: true,
|
|
64
|
+
writable: true,
|
|
65
|
+
value: new parser_js_1.Parser('rpc', {
|
|
66
|
+
lxm: {
|
|
67
|
+
multiple: true,
|
|
68
|
+
required: true,
|
|
69
|
+
validate: exports.isLxmParam,
|
|
70
|
+
normalize: (value) => value.length > 1 && value.includes('*')
|
|
71
|
+
? ['*']
|
|
72
|
+
: [...new Set(value)].sort(),
|
|
73
|
+
},
|
|
74
|
+
aud: {
|
|
75
|
+
multiple: false,
|
|
76
|
+
required: true,
|
|
77
|
+
validate: exports.isAudParam,
|
|
78
|
+
},
|
|
79
|
+
}, 'lxm')
|
|
80
|
+
});
|
|
81
|
+
//# sourceMappingURL=rpc-permission.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rpc-permission.js","sourceRoot":"","sources":["../../src/scopes/rpc-permission.ts"],"names":[],"mappings":";;;AAAA,sCAAiE;AAOvB,kGAPhB,uBAAiB,OAOgB;AAN3D,4CAA6C;AAMgB,uFAN9C,gBAAM,OAM8C;AALnE,gDAAyC;AAEzC,8DAA2D;AAC3D,gDAA2E;AAKpE,MAAM,UAAU,GAAG,CAAC,KAAc,EAAqB,EAAE,CAC9D,KAAK,KAAK,GAAG,IAAI,IAAA,gBAAM,EAAC,KAAK,CAAC,CAAA;AADnB,QAAA,UAAU,cACS;AAEzB,MAAM,UAAU,GAAG,CAAC,KAAc,EAAqB,EAAE,CAC9D,KAAK,KAAK,GAAG,IAAI,IAAA,uBAAiB,EAAC,KAAK,CAAC,CAAA;AAD9B,QAAA,UAAU,cACoB;AAO3C,MAAa,aAAa;IAGxB,YACkB,GAA0B,EAC1B,GAA0B;QAD1C;;;;mBAAgB,GAAG;WAAuB;QAC1C;;;;mBAAgB,GAAG;WAAuB;IACzC,CAAC;IAEJ,OAAO,CAAC,OAA2B;QACjC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QACzB,OAAO,CACL,CAAC,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC;YACpC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAK,GAAyB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CACxE,CAAA;IACH,CAAC;IAED,QAAQ;QACN,OAAO,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1C,CAAC;IAuBD,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,IAAA,4BAAgB,EAAC,KAAK,EAAE,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAChD,MAAM,MAAM,GAAG,oCAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACzC,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA0B;QAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,2BAA2B;QAC3B,IAAI,MAAM,CAAC,GAAG,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QAE/D,OAAO,IAAI,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;IAClD,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAA2B;QAC/C,OAAO,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC;YACjC,GAAG,EAAE,OAAO,CAAC,GAAsB;YACnC,GAAG,EAAE,CAAC,OAAO,CAAC,GAAW,CAAC;SAC3B,CAAC,CAAA;IACJ,CAAC;;AA9DH,sCA+DC;AA3C2B;;;;WAAS,IAAI,kBAAM,CAC3C,KAAK,EACL;QACE,GAAG,EAAE;YACH,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,kBAAU;YACpB,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CACnB,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACrC,CAAC,CAAE,CAAC,GAAG,CAAW;gBAClB,CAAC,CAAE,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAwB;SACxD;QACD,GAAG,EAAE;YACH,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,kBAAU;SACrB;KACF,EACD,KAAK,CACN;EAnB+B,CAmB/B"}
|
package/dist/scopes-set.d.ts
CHANGED
|
@@ -1,6 +1,17 @@
|
|
|
1
1
|
import { ScopeMissingError } from './scope-missing-error.js';
|
|
2
|
-
import {
|
|
2
|
+
import { AccountPermissionMatch } from './scopes/account-permission.js';
|
|
3
|
+
import { BlobPermissionMatch } from './scopes/blob-permission.js';
|
|
4
|
+
import { IdentityPermissionMatch } from './scopes/identity-permission.js';
|
|
5
|
+
import { RepoPermissionMatch } from './scopes/repo-permission.js';
|
|
6
|
+
import { RpcPermissionMatch } from './scopes/rpc-permission.js';
|
|
3
7
|
export { ScopeMissingError };
|
|
8
|
+
export type ScopeMatchingOptionsByResource = {
|
|
9
|
+
account: AccountPermissionMatch;
|
|
10
|
+
identity: IdentityPermissionMatch;
|
|
11
|
+
repo: RepoPermissionMatch;
|
|
12
|
+
rpc: RpcPermissionMatch;
|
|
13
|
+
blob: BlobPermissionMatch;
|
|
14
|
+
};
|
|
4
15
|
/**
|
|
5
16
|
* Utility class to manage a set of scopes and check if they match specific
|
|
6
17
|
* options for a given resource.
|
package/dist/scopes-set.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scopes-set.d.ts","sourceRoot":"","sources":["../src/scopes-set.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AAC5D,OAAO,
|
|
1
|
+
{"version":3,"file":"scopes-set.d.ts","sourceRoot":"","sources":["../src/scopes-set.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AAC5D,OAAO,EAEL,sBAAsB,EACvB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAEL,uBAAuB,EACxB,MAAM,iCAAiC,CAAA;AACxC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAAiB,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAE9E,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,MAAM,MAAM,8BAA8B,GAAG;IAC3C,OAAO,EAAE,sBAAsB,CAAA;IAC/B,QAAQ,EAAE,uBAAuB,CAAA;IACjC,IAAI,EAAE,mBAAmB,CAAA;IACzB,GAAG,EAAE,kBAAkB,CAAA;IACvB,IAAI,EAAE,mBAAmB,CAAA;CAC1B,CAAA;AAED;;;GAGG;AACH,qBAAa,SAAU,SAAQ,GAAG,CAAC,MAAM,CAAC;IACxC;;;OAGG;IACI,OAAO,CAAC,CAAC,SAAS,MAAM,8BAA8B,EAC3D,QAAQ,EAAE,CAAC,EACX,OAAO,EAAE,8BAA8B,CAAC,CAAC,CAAC,GACzC,OAAO;IAOH,MAAM,CAAC,CAAC,SAAS,MAAM,8BAA8B,EAC1D,QAAQ,EAAE,CAAC,EACX,OAAO,EAAE,8BAA8B,CAAC,CAAC,CAAC;IAQrC,IAAI,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO;IAK7C,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO;IAK7C,MAAM,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO;IAIrC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,CAAC;IAIvC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS;CAG9C"}
|