@axinom/mosaic-id-guard 0.22.0 → 0.23.0-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/message-bus/message-handler-permissions.d.ts +8 -0
  2. package/dist/message-bus/message-handler-permissions.d.ts.map +1 -1
  3. package/dist/message-bus/message-handler-permissions.js +22 -13
  4. package/dist/message-bus/message-handler-permissions.js.map +1 -1
  5. package/package.json +6 -6
  6. package/src/message-bus/message-handler-permissions.ts +32 -22
package/dist/message-bus/message-handler-permissions.d.ts CHANGED
@@ -1,8 +1,16 @@
1
1
  import { OnMessageMiddleware } from '@axinom/mosaic-message-bus';
2
+ import { AuthenticatedManagementSubject } from '../common';
2
3
  /**
3
4
  * Ensures that the subject contains the required permissions to execute the message handler
4
5
  * @param permissions - the list of permissions that allow to use that message handler
5
6
  * @param serviceId - the service ID of this service
6
7
  */
7
8
  export declare const permissionsMiddleware: <TContent = unknown>(permissions: string[], serviceId: string) => OnMessageMiddleware<TContent>;
9
+ /**
10
+ * Ensures that the subject contains the required permissions to execute a piece of code
11
+ * @param subject The management subject - most often parsed from a JWT
12
+ * @param permissions - the list of permissions that allow to use that message handler
13
+ * @param serviceId - the service ID of this service
14
+ */
15
+ export declare const permissionsCheck: (subject: AuthenticatedManagementSubject | undefined, permissions: string[], serviceId: string) => Promise<void>;
8
16
  //# sourceMappingURL=message-handler-permissions.d.ts.map
package/dist/message-bus/message-handler-permissions.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"message-handler-permissions.d.ts","sourceRoot":"","sources":["../../src/message-bus/message-handler-permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,mBAAmB,EACpB,MAAM,4BAA4B,CAAC;AAIpC;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,oCACnB,MAAM,EAAE,aACV,MAAM,kCAmClB,CAAC"}
1
+ {"version":3,"file":"message-handler-permissions.d.ts","sourceRoot":"","sources":["../../src/message-bus/message-handler-permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,mBAAmB,EACpB,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EAAE,8BAA8B,EAAE,MAAM,WAAW,CAAC;AAG3D;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,oCACnB,MAAM,EAAE,aACV,MAAM,kCAalB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,YAClB,8BAA8B,GAAG,SAAS,eACtC,MAAM,EAAE,aACV,MAAM,KAChB,QAAQ,IAAI,CAmBd,CAAC"}
package/dist/message-bus/message-handler-permissions.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.permissionsMiddleware = void 0;
3
+ exports.permissionsCheck = exports.permissionsMiddleware = void 0;
4
4
  /**
5
5
  * Ensures that the subject contains the required permissions to execute the message handler
6
6
  * @param permissions - the list of permissions that allow to use that message handler
@@ -8,22 +8,31 @@ exports.permissionsMiddleware = void 0;
8
8
  */
9
9
  const permissionsMiddleware = (permissions, serviceId) => {
10
10
  return async (content, message, ackOrNack, next) => {
11
- var _a;
12
11
  const subject = message
13
12
  .subject;
14
- if (subject === undefined) {
15
- throw new Error('Permission check failed as no authentication subject was provided.');
16
- }
17
- const subjectPermissions = (_a = subject.permissions) === null || _a === void 0 ? void 0 : _a[serviceId];
18
- if (subjectPermissions === undefined ||
19
- !Array.isArray(subjectPermissions)) {
20
- throw new Error('Permission check failed as the subject has no permissions for this service.');
21
- }
22
- if (!permissions.some((p) => subjectPermissions.includes(p))) {
23
- throw new Error(`Permission check failed as the subject has no permissions for this message handler. The subject permissions are "${subjectPermissions}" while the required permissions are "${permissions}".`);
24
- }
13
+ await (0, exports.permissionsCheck)(subject, permissions, serviceId);
25
14
  await (next === null || next === void 0 ? void 0 : next(content, message, ackOrNack));
26
15
  };
27
16
  };
28
17
  exports.permissionsMiddleware = permissionsMiddleware;
18
+ /**
19
+ * Ensures that the subject contains the required permissions to execute a piece of code
20
+ * @param subject The management subject - most often parsed from a JWT
21
+ * @param permissions - the list of permissions that allow to use that message handler
22
+ * @param serviceId - the service ID of this service
23
+ */
24
+ const permissionsCheck = async (subject, permissions, serviceId) => {
25
+ var _a;
26
+ if (subject === undefined) {
27
+ throw new Error('Permission check failed as no authentication subject was provided.');
28
+ }
29
+ const subjectPermissions = (_a = subject.permissions) === null || _a === void 0 ? void 0 : _a[serviceId];
30
+ if (subjectPermissions === undefined || !Array.isArray(subjectPermissions)) {
31
+ throw new Error('Permission check failed as the subject has no permissions for this service.');
32
+ }
33
+ if (!permissions.some((p) => subjectPermissions.includes(p))) {
34
+ throw new Error(`Permission check failed as the subject has no permissions for this message handler. The subject permissions are "${subjectPermissions}" while the required permissions are "${permissions}".`);
35
+ }
36
+ };
37
+ exports.permissionsCheck = permissionsCheck;
29
38
  //# sourceMappingURL=message-handler-permissions.js.map
package/dist/message-bus/message-handler-permissions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"message-handler-permissions.js","sourceRoot":"","sources":["../../src/message-bus/message-handler-permissions.ts"],"names":[],"mappings":";;;AAQA;;;;GAIG;AACI,MAAM,qBAAqB,GAAG,CACnC,WAAqB,EACrB,SAAiB,EACc,EAAE;IACjC,OAAO,KAAK,EACV,OAAkC,EAClC,OAA8B,EAC9B,SAAoB,EACpB,IAAoC,EACrB,EAAE;;QACjB,MAAM,OAAO,GAAI,OAAqD;aACnE,OAAO,CAAC;QAEX,IAAI,OAAO,KAAK,SAAS,EAAE;YACzB,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;SACH;QAED,MAAM,kBAAkB,GAAG,MAAA,OAAO,CAAC,WAAW,0CAAG,SAAS,CAAC,CAAC;QAC5D,IACE,kBAAkB,KAAK,SAAS;YAChC,CAAC,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAClC;YACA,MAAM,IAAI,KAAK,CACb,6EAA6E,CAC9E,CAAC;SACH;QAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;YAC5D,MAAM,IAAI,KAAK,CACb,oHAAoH,kBAAkB,yCAAyC,WAAW,IAAI,CAC/L,CAAC;SACH;QAED,MAAM,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAG,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA,CAAC;IAC5C,CAAC,CAAC;AACJ,CAAC,CAAC;AArCW,QAAA,qBAAqB,yBAqChC"}
1
+ {"version":3,"file":"message-handler-permissions.js","sourceRoot":"","sources":["../../src/message-bus/message-handler-permissions.ts"],"names":[],"mappings":";;;AASA;;;;GAIG;AACI,MAAM,qBAAqB,GAAG,CACnC,WAAqB,EACrB,SAAiB,EACc,EAAE;IACjC,OAAO,KAAK,EACV,OAAkC,EAClC,OAA8B,EAC9B,SAAoB,EACpB,IAAoC,EACrB,EAAE;QACjB,MAAM,OAAO,GAAI,OAAqD;aACnE,OAAO,CAAC;QACX,MAAM,IAAA,wBAAgB,EAAC,OAAO,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QACxD,MAAM,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAG,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA,CAAC;IAC5C,CAAC,CAAC;AACJ,CAAC,CAAC;AAfW,QAAA,qBAAqB,yBAehC;AAEF;;;;;GAKG;AACI,MAAM,gBAAgB,GAAG,KAAK,EACnC,OAAmD,EACnD,WAAqB,EACrB,SAAiB,EACF,EAAE;;IACjB,IAAI,OAAO,KAAK,SAAS,EAAE;QACzB,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;KACH;IAED,MAAM,kBAAkB,GAAG,MAAA,OAAO,CAAC,WAAW,0CAAG,SAAS,CAAC,CAAC;IAC5D,IAAI,kBAAkB,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE;QAC1E,MAAM,IAAI,KAAK,CACb,6EAA6E,CAC9E,CAAC;KACH;IAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;QAC5D,MAAM,IAAI,KAAK,CACb,oHAAoH,kBAAkB,yCAAyC,WAAW,IAAI,CAC/L,CAAC;KACH;AACH,CAAC,CAAC;AAvBW,QAAA,gBAAgB,oBAuB3B"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axinom/mosaic-id-guard",
3
- "version": "0.22.0",
3
+ "version": "0.23.0-rc.0",
4
4
  "description": "Authentication and authorization helpers for Axinom Mosaic services",
5
5
  "author": "Axinom",
6
6
  "license": "PROPRIETARY",
@@ -28,9 +28,9 @@
28
28
  "lint": "eslint . --ext .ts,.tsx,.js --color --cache"
29
29
  },
30
30
  "dependencies": {
31
- "@axinom/mosaic-id-utils": "^0.15.7",
32
- "@axinom/mosaic-message-bus": "^0.17.0",
33
- "@axinom/mosaic-service-common": "^0.39.0",
31
+ "@axinom/mosaic-id-utils": "^0.15.8-rc.0",
32
+ "@axinom/mosaic-message-bus": "^0.18.0-rc.0",
33
+ "@axinom/mosaic-service-common": "^0.40.0-rc.0",
34
34
  "amqplib": "^0.10.3",
35
35
  "express": "^4.17.1",
36
36
  "express-bearer-token": "^2.4.0",
@@ -42,7 +42,7 @@
42
42
  "jsonwebtoken": "^9.0.0",
43
43
  "jwks-rsa": "^1.8.1",
44
44
  "lru-cache": "^7.18.3",
45
- "pg": "^8.5.1",
45
+ "pg": "^8.11.3",
46
46
  "postgraphile": "^4.13.0",
47
47
  "rascal": "^14.0.1",
48
48
  "subscriptions-transport-ws": "^0.9.19"
@@ -62,5 +62,5 @@
62
62
  "publishConfig": {
63
63
  "access": "public"
64
64
  },
65
- "gitHead": "7eb762e7cec90f882c2fe11f5c294c44fc2c3bc3"
65
+ "gitHead": "0818b5a39695ec1b66f6284b7e69300a625729b4"
66
66
  }
package/src/message-bus/message-handler-permissions.ts CHANGED
@@ -4,6 +4,7 @@ import {
4
4
  OnMessageMiddleware,
5
5
  } from '@axinom/mosaic-message-bus';
6
6
  import { AckOrNack } from 'rascal';
7
+ import { AuthenticatedManagementSubject } from '../common';
7
8
  import { AuthenticatedManagementSubjectMessageInfo } from './message-handler-authentication';
8
9
 
9
10
  /**
@@ -23,29 +24,38 @@ export const permissionsMiddleware = <TContent = unknown>(
23
24
  ): Promise<void> => {
24
25
  const subject = (message as AuthenticatedManagementSubjectMessageInfo)
25
26
  .subject;
27
+ await permissionsCheck(subject, permissions, serviceId);
28
+ await next?.(content, message, ackOrNack);
29
+ };
30
+ };
26
31
 
27
- if (subject === undefined) {
28
- throw new Error(
29
- 'Permission check failed as no authentication subject was provided.',
30
- );
31
- }
32
-
33
- const subjectPermissions = subject.permissions?.[serviceId];
34
- if (
35
- subjectPermissions === undefined ||
36
- !Array.isArray(subjectPermissions)
37
- ) {
38
- throw new Error(
39
- 'Permission check failed as the subject has no permissions for this service.',
40
- );
41
- }
32
+ /**
33
+ * Ensures that the subject contains the required permissions to execute a piece of code
34
+ * @param subject The management subject - most often parsed from a JWT
35
+ * @param permissions - the list of permissions that allow to use that message handler
36
+ * @param serviceId - the service ID of this service
37
+ */
38
+ export const permissionsCheck = async (
39
+ subject: AuthenticatedManagementSubject | undefined,
40
+ permissions: string[],
41
+ serviceId: string,
42
+ ): Promise<void> => {
43
+ if (subject === undefined) {
44
+ throw new Error(
45
+ 'Permission check failed as no authentication subject was provided.',
46
+ );
47
+ }
42
48
 
43
- if (!permissions.some((p) => subjectPermissions.includes(p))) {
44
- throw new Error(
45
- `Permission check failed as the subject has no permissions for this message handler. The subject permissions are "${subjectPermissions}" while the required permissions are "${permissions}".`,
46
- );
47
- }
49
+ const subjectPermissions = subject.permissions?.[serviceId];
50
+ if (subjectPermissions === undefined || !Array.isArray(subjectPermissions)) {
51
+ throw new Error(
52
+ 'Permission check failed as the subject has no permissions for this service.',
53
+ );
54
+ }
48
55
 
49
- await next?.(content, message, ackOrNack);
50
- };
56
+ if (!permissions.some((p) => subjectPermissions.includes(p))) {
57
+ throw new Error(
58
+ `Permission check failed as the subject has no permissions for this message handler. The subject permissions are "${subjectPermissions}" while the required permissions are "${permissions}".`,
59
+ );
60
+ }
51
61
  };