@axinom/mosaic-id-guard 0.28.0-rc.6 → 0.28.0-rc.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/common/guard-utils.d.ts.map +1 -1
- package/dist/common/guard-utils.js +3 -2
- package/dist/common/guard-utils.js.map +1 -1
- package/dist/common/id-guard-errors.d.ts +8 -0
- package/dist/common/id-guard-errors.d.ts.map +1 -1
- package/dist/common/id-guard-errors.js +8 -0
- package/dist/common/id-guard-errors.js.map +1 -1
- package/dist/graphql/generate-permissions-file-plugin.d.ts.map +1 -1
- package/dist/graphql/generate-permissions-file-plugin.js +5 -1
- package/dist/graphql/generate-permissions-file-plugin.js.map +1 -1
- package/dist/message-bus/message-handler-authentication.d.ts.map +1 -1
- package/dist/message-bus/message-handler-authentication.js +5 -1
- package/dist/message-bus/message-handler-authentication.js.map +1 -1
- package/dist/message-bus/message-handler-permissions.d.ts.map +1 -1
- package/dist/message-bus/message-handler-permissions.js +15 -3
- package/dist/message-bus/message-handler-permissions.js.map +1 -1
- package/package.json +7 -7
- package/src/common/guard-utils.ts +6 -3
- package/src/common/id-guard-errors.ts +9 -0
- package/src/common/parse-jwt-token.spec.ts +6 -4
- package/src/graphql/generate-permissions-file-plugin.ts +5 -3
- package/src/message-bus/guarded-transactional-inbox-message-handler.spec.ts +9 -2
- package/src/message-bus/message-handler-authentication.spec.ts +7 -3
- package/src/message-bus/message-handler-authentication.ts +7 -4
- package/src/message-bus/message-handler-managed-authentication.spec.ts +7 -3
- package/src/message-bus/message-handler-permissions.ts +15 -9
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard-utils.d.ts","sourceRoot":"","sources":["../../src/common/guard-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,
|
|
1
|
+
{"version":3,"file":"guard-utils.d.ts","sourceRoot":"","sources":["../../src/common/guard-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,eAAe,EAEhB,MAAM,+BAA+B,CAAC;AAIvC,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC;AACnF;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,oBAAoB,EAAE,oBAAoB,CAAC;IAE3C;;OAEG;IACH,0BAA0B,EAAE,0BAA0B,CAAC;CACxD;AAED,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,wBAAwB,EAAE,OAAO,CAAC;IAElC;;OAEG;IACH,oBAAoB,EAAE,uBAAuB,CAAC;CAC/C;AAED;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,cACpB,MAAM,uBACI,MAAM,EAAE,GAAG,SAAS,KACxC,OAQF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,0BAA0B,SAC/B,2BAA2B,GAAG,SAAS,aAClC,MAAM,aACN,eAAe,GAAG,SAAS,KACrC,IAgBF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,gBACnB,2BAA2B,aAC7B,MAAM,KAChB,IAOF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,gCAAgC,YAClC,2BAA2B,GAAG,SAAS,KAC/C,OAsBF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,YACxB,2BAA2B,GAAG,SAAS,KAC/C,OAsBF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,gCAAgC,YAClC,cAAc,KACtB,IAsBF,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.validatePostgraphileBuildOptions = exports.isAuthenticatedEndUser = exports.isAuthenticatedManagementSubject = exports.assertTokenNotExpired = exports.assertSubjectAuthenticated = exports.isAnonymousOperation = void 0;
|
|
4
|
+
const mosaic_service_common_1 = require("@axinom/mosaic-service-common");
|
|
4
5
|
const id_guard_error_1 = require("./id-guard-error");
|
|
5
6
|
const id_guard_errors_1 = require("./id-guard-errors");
|
|
6
7
|
const subject_type_1 = require("./subject-type");
|
|
@@ -78,7 +79,7 @@ const isAuthenticatedManagementSubject = (subject) => {
|
|
|
78
79
|
default: {
|
|
79
80
|
// This block would never execute in runtime, and used as a build-time exhaustive switch-case check for the `SubjectType` ENUM.
|
|
80
81
|
const exhaustiveCheck = subject.subjectType;
|
|
81
|
-
throw new
|
|
82
|
+
throw new mosaic_service_common_1.UnreachableCaseError(exhaustiveCheck);
|
|
82
83
|
}
|
|
83
84
|
}
|
|
84
85
|
}
|
|
@@ -108,7 +109,7 @@ const isAuthenticatedEndUser = (subject) => {
|
|
|
108
109
|
default: {
|
|
109
110
|
// This block would never execute in runtime, and used as a build-time exhaustive switch-case check for the `SubjectType` ENUM.
|
|
110
111
|
const exhaustiveCheck = subject.subjectType;
|
|
111
|
-
throw new
|
|
112
|
+
throw new mosaic_service_common_1.UnreachableCaseError(exhaustiveCheck);
|
|
112
113
|
}
|
|
113
114
|
}
|
|
114
115
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard-utils.js","sourceRoot":"","sources":["../../src/common/guard-utils.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"guard-utils.js","sourceRoot":"","sources":["../../src/common/guard-utils.ts"],"names":[],"mappings":";;;AAIA,yEAGuC;AACvC,qDAAgD;AAChD,uDAAkD;AAClD,iDAA6C;AAwC7C;;;;;GAKG;AACI,MAAM,oBAAoB,GAAG,CAClC,SAAiB,EACjB,mBAAyC,EAChC,EAAE;IACX,MAAM,oBAAoB,GAAG,mBAAmB,aAAnB,mBAAmB,uBAAnB,mBAAmB,CAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEtE,IAAI,oBAAoB,EAAE;QACxB,OAAO,IAAI,CAAC;KACb;IAED,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAXW,QAAA,oBAAoB,wBAW/B;AAEF;;;;;;;;GAQG;AACI,MAAM,0BAA0B,GAAG,CACxC,IAA6C,EAC7C,SAAiB,EACjB,SAAsC,EAChC,EAAE;IACR,8EAA8E;IAC9E,IAAI,SAAS,KAAK,SAAS,EAAE;QAC3B,MAAM,IAAI,6BAAY,CAAC,SAAS,CAAC,CAAC;KACnC;SAAM,IAAI,CAAC,IAAI,EAAE;QAChB,MAAM,IAAI,6BAAY,iCACjB,+BAAa,CAAC,iBAAiB,KAClC,OAAO,EAAE;gBACP,IAAI,EAAE,oJAAoJ;gBAC1J,SAAS,EAAE,SAAS;aACrB,IACD,CAAC;KACJ;IAED,+BAA+B;IAC/B,IAAA,6BAAqB,EAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AACzC,CAAC,CAAC;AApBW,QAAA,0BAA0B,8BAoBrC;AAEF;;;;;GAKG;AACI,MAAM,qBAAqB,GAAG,CACnC,WAAwC,EACxC,SAAiB,EACX,EAAE;IACR,IAAI,WAAW,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE;QACjD,MAAM,IAAI,6BAAY,iCACjB,+BAAa,CAAC,kBAAkB,KACnC,OAAO,EAAE,EAAE,SAAS,EAAE,IACtB,CAAC;KACJ;AACH,CAAC,CAAC;AAVW,QAAA,qBAAqB,yBAUhC;AAEF;;;;GAIG;AACI,MAAM,gCAAgC,GAAG,CAC9C,OAAgD,EACvC,EAAE;IACX,IAAI,OAAO,KAAK,SAAS,EAAE;QACzB,OAAO,KAAK,CAAC;KACd;SAAM;QACL,QAAQ,OAAO,CAAC,WAAW,EAAE;YAC3B,KAAK,0BAAW,CAAC,WAAW,CAAC;YAC7B,KAAK,0BAAW,CAAC,cAAc,CAAC;YAChC,KAAK,0BAAW,CAAC,qBAAqB,CAAC;YACvC,KAAK,0BAAW,CAAC,uBAAuB,CAAC;YACzC,KAAK,0BAAW,CAAC,gBAAgB,CAAC;YAClC,KAAK,0BAAW,CAAC,uBAAuB;gBACtC,OAAO,IAAI,CAAC;YACd,KAAK,0BAAW,CAAC,cAAc,CAAC;YAChC,KAAK,0BAAW,CAAC,kBAAkB;gBACjC,OAAO,KAAK,CAAC;YACf,OAAO,CAAC,CAAC;gBACP,+HAA+H;gBAC/H,MAAM,eAAe,GAAU,OAAO,CAAC,WAAW,CAAC;gBACnD,MAAM,IAAI,4CAAoB,CAAC,eAAe,CAAC,CAAC;aACjD;SACF;KACF;AACH,CAAC,CAAC;AAxBW,QAAA,gCAAgC,oCAwB3C;AAEF;;;;GAIG;AACI,MAAM,sBAAsB,GAAG,CACpC,OAAgD,EACvC,EAAE;IACX,IAAI,OAAO,KAAK,SAAS,EAAE;QACzB,OAAO,KAAK,CAAC;KACd;SAAM;QACL,QAAQ,OAAO,CAAC,WAAW,EAAE;YAC3B,KAAK,0BAAW,CAAC,cAAc,CAAC;YAChC,KAAK,0BAAW,CAAC,kBAAkB;gBACjC,OAAO,IAAI,CAAC;YACd,KAAK,0BAAW,CAAC,WAAW,CAAC;YAC7B,KAAK,0BAAW,CAAC,cAAc,CAAC;YAChC,KAAK,0BAAW,CAAC,qBAAqB,CAAC;YACvC,KAAK,0BAAW,CAAC,uBAAuB,CAAC;YACzC,KAAK,0BAAW,CAAC,gBAAgB,CAAC;YAClC,KAAK,0BAAW,CAAC,uBAAuB;gBACtC,OAAO,KAAK,CAAC;YACf,OAAO,CAAC,CAAC;gBACP,+HAA+H;gBAC/H,MAAM,eAAe,GAAU,OAAO,CAAC,WAAW,CAAC;gBACnD,MAAM,IAAI,4CAAoB,CAAC,eAAe,CAAC,CAAC;aACjD;SACF;KACF;AACH,CAAC,CAAC;AAxBW,QAAA,sBAAsB,0BAwBjC;AAEF;;;;GAIG;AACI,MAAM,gCAAgC,GAAG,CAC9C,OAAuB,EACjB,EAAE;IACR,IACE,OAAO,CAAC,oBAAoB,CAAC,0BAA0B,KAAK,SAAS;QACrE,OAAO,CAAC,oBAAoB,CAAC,oBAAoB,KAAK,SAAS,EAC/D;QACA,MAAM,IAAI,6BAAY,CAAC;YACrB,IAAI,EAAE,+BAAa,CAAC,iBAAiB,CAAC,IAAI;YAC1C,OAAO,EACL,8LAA8L;SACjM,CAAC,CAAC;KACJ;IAED,IACE,OAAO,CAAC,oBAAoB,CAAC,0BAA0B,KAAK,SAAS;QACrE,OAAO,CAAC,oBAAoB,CAAC,oBAAoB,KAAK,SAAS,EAC/D;QACA,MAAM,IAAI,6BAAY,CAAC;YACrB,IAAI,EAAE,+BAAa,CAAC,iBAAiB,CAAC,IAAI;YAC1C,OAAO,EACL,sLAAsL;SACzL,CAAC,CAAC;KACJ;AACH,CAAC,CAAC;AAxBW,QAAA,gCAAgC,oCAwB3C"}
|
|
@@ -91,5 +91,13 @@ export declare const IdGuardErrors: {
|
|
|
91
91
|
readonly message: "A Permission Definition or an EndUserAuthorizationConfig was not found to be passed into Postgraphile build options. This is a development time issue.";
|
|
92
92
|
readonly code: "AUTHORIZATION_OPTIONS_MISCONFIGURED";
|
|
93
93
|
};
|
|
94
|
+
readonly Unauthorized: {
|
|
95
|
+
readonly message: "The subject has no permissions.";
|
|
96
|
+
readonly code: "UNAUTHORIZED";
|
|
97
|
+
};
|
|
98
|
+
readonly SubjectNotFound: {
|
|
99
|
+
readonly message: "User is authenticated, but subject information was not found. Please contact Axinom Support.";
|
|
100
|
+
readonly code: "SUBJECT_NOT_FOUND";
|
|
101
|
+
};
|
|
94
102
|
};
|
|
95
103
|
//# sourceMappingURL=id-guard-errors.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"id-guard-errors.d.ts","sourceRoot":"","sources":["../../src/common/id-guard-errors.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,aAAa
|
|
1
|
+
{"version":3,"file":"id-guard-errors.d.ts","sourceRoot":"","sources":["../../src/common/id-guard-errors.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4GhB,CAAC"}
|
|
@@ -94,5 +94,13 @@ exports.IdGuardErrors = {
|
|
|
94
94
|
message: 'A Permission Definition or an EndUserAuthorizationConfig was not found to be passed into Postgraphile build options. This is a development time issue.',
|
|
95
95
|
code: 'AUTHORIZATION_OPTIONS_MISCONFIGURED',
|
|
96
96
|
},
|
|
97
|
+
Unauthorized: {
|
|
98
|
+
message: 'The subject has no permissions.',
|
|
99
|
+
code: 'UNAUTHORIZED',
|
|
100
|
+
},
|
|
101
|
+
SubjectNotFound: {
|
|
102
|
+
message: 'User is authenticated, but subject information was not found. Please contact Axinom Support.',
|
|
103
|
+
code: 'SUBJECT_NOT_FOUND',
|
|
104
|
+
},
|
|
97
105
|
};
|
|
98
106
|
//# sourceMappingURL=id-guard-errors.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"id-guard-errors.js","sourceRoot":"","sources":["../../src/common/id-guard-errors.ts"],"names":[],"mappings":";;;AAAa,QAAA,aAAa,GAAG;IAC3B,mBAAmB,EAAE;QACnB,OAAO,EAAE,8BAA8B;QACvC,IAAI,EAAE,uBAAuB;KAC9B;IACD,kBAAkB,EAAE;QAClB,OAAO,EAAE,yBAAyB;QAClC,IAAI,EAAE,sBAAsB;KAC7B;IACD,kBAAkB,EAAE;QAClB,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,sBAAsB;KAC7B;IACD,iBAAiB,EAAE;QACjB,OAAO,EAAE,iDAAiD;QAC1D,IAAI,EAAE,qBAAqB;KAC5B;IACD,kBAAkB,EAAE;QAClB,OAAO,EACL,oMAAoM;QACtM,IAAI,EAAE,uBAAuB;KAC9B;IACD,SAAS,EAAE;QACT,OAAO,EACL,kHAAkH;QACpH,IAAI,EAAE,YAAY;KACnB;IACD,6BAA6B,EAAE;QAC7B,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,kCAAkC;KACzC;IACD,4BAA4B,EAAE;QAC5B,OAAO,EACL,wEAAwE;QAC1E,IAAI,EAAE,iCAAiC;KACxC;IACD,wBAAwB,EAAE;QACxB,OAAO,EACL,oEAAoE;QACtE,IAAI,EAAE,6BAA6B;KACpC;IACD,iBAAiB,EAAE;QACjB,OAAO,EAAE,yBAAyB;QAClC,IAAI,EAAE,qBAAqB;KAC5B;IACD,0BAA0B,EAAE;QAC1B,OAAO,EAAE,gEAAgE;QACzE,IAAI,EAAE,yBAAyB;KAChC;IACD,sCAAsC,EAAE;QACtC,OAAO,EAAE,6CAA6C;QACtD,IAAI,EAAE,4CAA4C;KACnD;IACD,uBAAuB,EAAE;QACvB,OAAO,EAAE,4CAA4C;QACrD,IAAI,EAAE,4BAA4B;KACnC;IACD,qBAAqB,EAAE;QACrB,OAAO,EAAE,0CAA0C;QACnD,IAAI,EAAE,0BAA0B;KACjC;IACD,8BAA8B,EAAE;QAC9B,OAAO,EAAE,iDAAiD;QAC1D,IAAI,EAAE,mCAAmC;KAC1C;IACD,iCAAiC,EAAE;QACjC,OAAO,EAAE,oDAAoD;QAC7D,IAAI,EAAE,sCAAsC;KAC7C;IACD,uBAAuB,EAAE;QACvB,OAAO,EAAE,0CAA0C;QACnD,IAAI,EAAE,2BAA2B;KAClC;IACD,kCAAkC,EAAE;QAClC,OAAO,EAAE,qDAAqD;QAC9D,IAAI,EAAE,uCAAuC;KAC9C;IACD,+BAA+B,EAAE;QAC/B,OAAO,EAAE,mDAAmD;QAC5D,IAAI,EAAE,qCAAqC;KAC5C;IACD,cAAc,EAAE;QACd,OAAO,EAAE,iCAAiC;QAC1C,IAAI,EAAE,iBAAiB;KACxB;IACD,4BAA4B,EAAE;QAC5B,OAAO,EAAE,mCAAmC;QAC5C,IAAI,EAAE,kCAAkC;KACzC;IACD,iBAAiB,EAAE;QACjB,OAAO,EACL,+JAA+J;QACjK,IAAI,EAAE,qBAAqB;KAC5B;IACD,iCAAiC,EAAE;QACjC,OAAO,EACL,wJAAwJ;QAC1J,IAAI,EAAE,qCAAqC;KAC5C;CACO,CAAC"}
|
|
1
|
+
{"version":3,"file":"id-guard-errors.js","sourceRoot":"","sources":["../../src/common/id-guard-errors.ts"],"names":[],"mappings":";;;AAAa,QAAA,aAAa,GAAG;IAC3B,mBAAmB,EAAE;QACnB,OAAO,EAAE,8BAA8B;QACvC,IAAI,EAAE,uBAAuB;KAC9B;IACD,kBAAkB,EAAE;QAClB,OAAO,EAAE,yBAAyB;QAClC,IAAI,EAAE,sBAAsB;KAC7B;IACD,kBAAkB,EAAE;QAClB,OAAO,EAAE,2BAA2B;QACpC,IAAI,EAAE,sBAAsB;KAC7B;IACD,iBAAiB,EAAE;QACjB,OAAO,EAAE,iDAAiD;QAC1D,IAAI,EAAE,qBAAqB;KAC5B;IACD,kBAAkB,EAAE;QAClB,OAAO,EACL,oMAAoM;QACtM,IAAI,EAAE,uBAAuB;KAC9B;IACD,SAAS,EAAE;QACT,OAAO,EACL,kHAAkH;QACpH,IAAI,EAAE,YAAY;KACnB;IACD,6BAA6B,EAAE;QAC7B,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,kCAAkC;KACzC;IACD,4BAA4B,EAAE;QAC5B,OAAO,EACL,wEAAwE;QAC1E,IAAI,EAAE,iCAAiC;KACxC;IACD,wBAAwB,EAAE;QACxB,OAAO,EACL,oEAAoE;QACtE,IAAI,EAAE,6BAA6B;KACpC;IACD,iBAAiB,EAAE;QACjB,OAAO,EAAE,yBAAyB;QAClC,IAAI,EAAE,qBAAqB;KAC5B;IACD,0BAA0B,EAAE;QAC1B,OAAO,EAAE,gEAAgE;QACzE,IAAI,EAAE,yBAAyB;KAChC;IACD,sCAAsC,EAAE;QACtC,OAAO,EAAE,6CAA6C;QACtD,IAAI,EAAE,4CAA4C;KACnD;IACD,uBAAuB,EAAE;QACvB,OAAO,EAAE,4CAA4C;QACrD,IAAI,EAAE,4BAA4B;KACnC;IACD,qBAAqB,EAAE;QACrB,OAAO,EAAE,0CAA0C;QACnD,IAAI,EAAE,0BAA0B;KACjC;IACD,8BAA8B,EAAE;QAC9B,OAAO,EAAE,iDAAiD;QAC1D,IAAI,EAAE,mCAAmC;KAC1C;IACD,iCAAiC,EAAE;QACjC,OAAO,EAAE,oDAAoD;QAC7D,IAAI,EAAE,sCAAsC;KAC7C;IACD,uBAAuB,EAAE;QACvB,OAAO,EAAE,0CAA0C;QACnD,IAAI,EAAE,2BAA2B;KAClC;IACD,kCAAkC,EAAE;QAClC,OAAO,EAAE,qDAAqD;QAC9D,IAAI,EAAE,uCAAuC;KAC9C;IACD,+BAA+B,EAAE;QAC/B,OAAO,EAAE,mDAAmD;QAC5D,IAAI,EAAE,qCAAqC;KAC5C;IACD,cAAc,EAAE;QACd,OAAO,EAAE,iCAAiC;QAC1C,IAAI,EAAE,iBAAiB;KACxB;IACD,4BAA4B,EAAE;QAC5B,OAAO,EAAE,mCAAmC;QAC5C,IAAI,EAAE,kCAAkC;KACzC;IACD,iBAAiB,EAAE;QACjB,OAAO,EACL,+JAA+J;QACjK,IAAI,EAAE,qBAAqB;KAC5B;IACD,iCAAiC,EAAE;QACjC,OAAO,EACL,wJAAwJ;QAC1J,IAAI,EAAE,qCAAqC;KAC5C;IACD,YAAY,EAAE;QACZ,OAAO,EAAE,iCAAiC;QAC1C,IAAI,EAAE,cAAc;KACrB;IACD,eAAe,EAAE;QACf,OAAO,EACL,8FAA8F;QAChG,IAAI,EAAE,mBAAmB;KAC1B;CACO,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generate-permissions-file-plugin.d.ts","sourceRoot":"","sources":["../../src/graphql/generate-permissions-file-plugin.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"generate-permissions-file-plugin.d.ts","sourceRoot":"","sources":["../../src/graphql/generate-permissions-file-plugin.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC;;;;GAIG;AACH,wBAAgB,kCAAkC,CAChD,MAAM,CAAC,EAAE,WAAW,EACpB,8BAA8B,CAAC,EAAE,MAAM,GACtC,MAAM,CAsBR"}
|
|
@@ -4,6 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.PermissionDefinitionExporterPlugin = void 0;
|
|
7
|
+
const mosaic_service_common_1 = require("@axinom/mosaic-service-common");
|
|
7
8
|
const fs_1 = __importDefault(require("fs"));
|
|
8
9
|
const path_1 = __importDefault(require("path"));
|
|
9
10
|
/**
|
|
@@ -18,7 +19,10 @@ function PermissionDefinitionExporterPlugin(config, permissionDefinitionExportPa
|
|
|
18
19
|
if (config === null || config === void 0 ? void 0 : config.isDev) {
|
|
19
20
|
if (permissionDefinitionExportPath !== undefined) {
|
|
20
21
|
if (options.permissionDefinition === undefined) {
|
|
21
|
-
throw new
|
|
22
|
+
throw new mosaic_service_common_1.MosaicError({
|
|
23
|
+
code: 'PERMISSION_DEFINITION_REQUIRED',
|
|
24
|
+
message: `When a permissionDefinitionExportPath is provided to AxGuard Plugin, permissionDefinition must be defined in the Postgraphile options.`,
|
|
25
|
+
});
|
|
22
26
|
}
|
|
23
27
|
writeSourceFile(permissionDefinitionExportPath, JSON.stringify(options.permissionDefinition, null, 2));
|
|
24
28
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generate-permissions-file-plugin.js","sourceRoot":"","sources":["../../src/graphql/generate-permissions-file-plugin.ts"],"names":[],"mappings":";;;;;;AAAA,4CAAoB;AAEpB,gDAAwB;AAGxB;;;;GAIG;AACH,SAAgB,kCAAkC,CAChD,MAAoB,EACpB,8BAAuC;IAEvC,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE;QAC1B,sDAAsD;QACtD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;YACpD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,EAAE;gBACjB,IAAI,8BAA8B,KAAK,SAAS,EAAE;oBAChD,IAAI,OAAO,CAAC,oBAAoB,KAAK,SAAS,EAAE;wBAC9C,MAAM,IAAI,
|
|
1
|
+
{"version":3,"file":"generate-permissions-file-plugin.js","sourceRoot":"","sources":["../../src/graphql/generate-permissions-file-plugin.ts"],"names":[],"mappings":";;;;;;AAAA,yEAA4D;AAC5D,4CAAoB;AAEpB,gDAAwB;AAGxB;;;;GAIG;AACH,SAAgB,kCAAkC,CAChD,MAAoB,EACpB,8BAAuC;IAEvC,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE;QAC1B,sDAAsD;QACtD,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;YACpD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,EAAE;gBACjB,IAAI,8BAA8B,KAAK,SAAS,EAAE;oBAChD,IAAI,OAAO,CAAC,oBAAoB,KAAK,SAAS,EAAE;wBAC9C,MAAM,IAAI,mCAAW,CAAC;4BACpB,IAAI,EAAE,gCAAgC;4BACtC,OAAO,EAAE,wIAAwI;yBAClJ,CAAC,CAAC;qBACJ;oBACD,eAAe,CACb,8BAA8B,EAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,oBAAoB,EAAE,IAAI,EAAE,CAAC,CAAC,CACtD,CAAC;iBACH;aACF;YAED,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAzBD,gFAyBC;AAED;;;;GAIG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,QAAgB;IACxD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,EAAE;QACzC,YAAE,CAAC,SAAS,CAAC,cAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;KAC1D;IACD,yFAAyF;IACzF,IAAI,YAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QAC1B,MAAM,eAAe,GAAG,YAAE,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACxE,IAAI,eAAe,CAAC,QAAQ,EAAE,KAAK,QAAQ,EAAE;YAC3C,OAAO;SACR;KACF;IACD,YAAE,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"message-handler-authentication.d.ts","sourceRoot":"","sources":["../../src/message-bus/message-handler-authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,mBAAmB,EACpB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,oBAAoB,EACpB,8BAA8B,EAC9B,oBAAoB,EAErB,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"message-handler-authentication.d.ts","sourceRoot":"","sources":["../../src/message-bus/message-handler-authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,WAAW,EACX,mBAAmB,EACpB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EACL,oBAAoB,EACpB,8BAA8B,EAC9B,oBAAoB,EAErB,MAAM,WAAW,CAAC;AAGnB,MAAM,WAAW,yCAA0C,SAAQ,WAAW;IAC5E,OAAO,EAAE,8BAA8B,CAAC;CACzC;AAED,MAAM,WAAW,+BAAgC,SAAQ,WAAW;IAClE,OAAO,EAAE,oBAAoB,CAAC;CAC/B;AAED;;;;GAIG;AACH,eAAO,MAAM,+BAA+B,YACjC,WAAW,KACnB,8BAWF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,mCACvB,MAAM,GAAG,oBAAoB,mEAmC1C,CAAC"}
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.authenticationMiddleware = exports.getMessageInfoManagementSubject = void 0;
|
|
4
4
|
const mosaic_service_common_1 = require("@axinom/mosaic-service-common");
|
|
5
5
|
const common_1 = require("../common");
|
|
6
|
+
const id_guard_errors_1 = require("../common/id-guard-errors");
|
|
6
7
|
/**
|
|
7
8
|
* Get the ManagementSubject that was extracted through the authenticationMiddleware. Throws an error if subject property is not present or empty.
|
|
8
9
|
* @param message the RabbitMQ message that contains a JWT token
|
|
@@ -13,7 +14,10 @@ const getMessageInfoManagementSubject = (message) => {
|
|
|
13
14
|
if (authenticatedMessage === null || authenticatedMessage === void 0 ? void 0 : authenticatedMessage.subject) {
|
|
14
15
|
return authenticatedMessage.subject;
|
|
15
16
|
}
|
|
16
|
-
throw new
|
|
17
|
+
throw new mosaic_service_common_1.MosaicError({
|
|
18
|
+
code: id_guard_errors_1.IdGuardErrors.SubjectNotFound.code,
|
|
19
|
+
message: `Message info has no subject property. It is possible that authentication messaging middleware was not used to extract it from auth token.`,
|
|
20
|
+
});
|
|
17
21
|
};
|
|
18
22
|
exports.getMessageInfoManagementSubject = getMessageInfoManagementSubject;
|
|
19
23
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"message-handler-authentication.js","sourceRoot":"","sources":["../../src/message-bus/message-handler-authentication.ts"],"names":[],"mappings":";;;AAKA,
|
|
1
|
+
{"version":3,"file":"message-handler-authentication.js","sourceRoot":"","sources":["../../src/message-bus/message-handler-authentication.ts"],"names":[],"mappings":";;;AAKA,yEAAyE;AAEzE,sCAKmB;AACnB,+DAA0D;AAU1D;;;;GAIG;AACI,MAAM,+BAA+B,GAAG,CAC7C,OAAoB,EACY,EAAE;IAClC,MAAM,oBAAoB,GACxB,OAAoD,CAAC;IACvD,IAAI,oBAAoB,aAApB,oBAAoB,uBAApB,oBAAoB,CAAE,OAAO,EAAE;QACjC,OAAO,oBAAoB,CAAC,OAAO,CAAC;KACrC;IAED,MAAM,IAAI,mCAAW,CAAC;QACpB,IAAI,EAAE,+BAAa,CAAC,eAAe,CAAC,IAAI;QACxC,OAAO,EAAE,2IAA2I;KACrJ,CAAC,CAAC;AACL,CAAC,CAAC;AAbW,QAAA,+BAA+B,mCAa1C;AAEF;;;;;;GAMG;AACI,MAAM,wBAAwB,GAAG,CACtC,UAAyC,EACzC,qBAAqB,GAAG,IAAI,EACG,EAAE;IACjC,OAAO,KAAK,EACV,OAAkC,EAClC,OAA8B,EAC9B,SAAoB,EACpB,IAAoC,EACrB,EAAE;QACjB,IAAI,KAAK,GAAsB,SAAS,CAAC;QACzC,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;QAC1C,IAAI,KAAK,KAAK,SAAS,EAAE;YACvB,KAAK,GAAG,IAAI,KAAK,CACf,4EAA4E,CAC7E,CAAC;SACH;aAAM;YACL,IAAI;gBACF,MAAM,OAAO,GAAG,MAAM,IAAA,0CAAiC,EACrD,KAAK,EACL,UAAU,CACX,CAAC;gBACD,OAAqD,CAAC,OAAO;oBAC5D,OAAO,CAAC;aACX;YAAC,OAAO,CAAC,EAAE;gBACV,IAAA,mCAAW,EAAC,CAAC,CAAC,CAAC;gBACf,KAAK,GAAG,CAAC,CAAC;aACX;SACF;QAED,IAAI,qBAAqB,IAAI,KAAK,KAAK,SAAS,EAAE;YAChD,MAAM,KAAK,CAAC;SACb;QAED,MAAM,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAG,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA,CAAC;IAC5C,CAAC,CAAC;AACJ,CAAC,CAAC;AApCW,QAAA,wBAAwB,4BAoCnC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"message-handler-permissions.d.ts","sourceRoot":"","sources":["../../src/message-bus/message-handler-permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,mBAAmB,EACpB,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"message-handler-permissions.d.ts","sourceRoot":"","sources":["../../src/message-bus/message-handler-permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,mBAAmB,EACpB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EAAE,8BAA8B,EAAE,MAAM,WAAW,CAAC;AAI3D;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,oCACnB,MAAM,EAAE,aACV,MAAM,kCAalB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,YAClB,8BAA8B,GAAG,SAAS,eACtC,MAAM,EAAE,aACV,MAAM,KAChB,QAAQ,IAAI,CAuBd,CAAC"}
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.permissionsCheck = exports.permissionsMiddleware = void 0;
|
|
4
|
+
const mosaic_service_common_1 = require("@axinom/mosaic-service-common");
|
|
5
|
+
const id_guard_errors_1 = require("../common/id-guard-errors");
|
|
4
6
|
/**
|
|
5
7
|
* Ensures that the subject contains the required permissions to execute the message handler
|
|
6
8
|
* @param permissions - the list of permissions that allow to use that message handler
|
|
@@ -24,14 +26,24 @@ exports.permissionsMiddleware = permissionsMiddleware;
|
|
|
24
26
|
const permissionsCheck = async (subject, permissions, serviceId) => {
|
|
25
27
|
var _a;
|
|
26
28
|
if (subject === undefined) {
|
|
27
|
-
throw new
|
|
29
|
+
throw new mosaic_service_common_1.MosaicError({
|
|
30
|
+
code: id_guard_errors_1.IdGuardErrors.SubjectNotFound.code,
|
|
31
|
+
message: `Permission check failed as no authentication subject was provided.`,
|
|
32
|
+
});
|
|
28
33
|
}
|
|
29
34
|
const subjectPermissions = (_a = subject.permissions) === null || _a === void 0 ? void 0 : _a[serviceId];
|
|
30
35
|
if (subjectPermissions === undefined || !Array.isArray(subjectPermissions)) {
|
|
31
|
-
throw new
|
|
36
|
+
throw new mosaic_service_common_1.MosaicError({
|
|
37
|
+
code: id_guard_errors_1.IdGuardErrors.Unauthorized.code,
|
|
38
|
+
message: `Permission check failed as the subject has no permissions for this service.`,
|
|
39
|
+
});
|
|
32
40
|
}
|
|
33
41
|
if (!permissions.some((p) => subjectPermissions.includes(p))) {
|
|
34
|
-
throw new
|
|
42
|
+
throw new mosaic_service_common_1.MosaicError({
|
|
43
|
+
code: id_guard_errors_1.IdGuardErrors.Unauthorized.code,
|
|
44
|
+
message: `Permission check failed as the subject has no permissions for this message handler. The subject permissions are [%s] while the required permissions are [%s].`,
|
|
45
|
+
messageParams: [subjectPermissions, permissions],
|
|
46
|
+
});
|
|
35
47
|
}
|
|
36
48
|
};
|
|
37
49
|
exports.permissionsCheck = permissionsCheck;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"message-handler-permissions.js","sourceRoot":"","sources":["../../src/message-bus/message-handler-permissions.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"message-handler-permissions.js","sourceRoot":"","sources":["../../src/message-bus/message-handler-permissions.ts"],"names":[],"mappings":";;;AAKA,yEAA4D;AAG5D,+DAA0D;AAG1D;;;;GAIG;AACI,MAAM,qBAAqB,GAAG,CACnC,WAAqB,EACrB,SAAiB,EACc,EAAE;IACjC,OAAO,KAAK,EACV,OAAkC,EAClC,OAA8B,EAC9B,SAAoB,EACpB,IAAoC,EACrB,EAAE;QACjB,MAAM,OAAO,GAAI,OAAqD;aACnE,OAAO,CAAC;QACX,MAAM,IAAA,wBAAgB,EAAC,OAAO,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QACxD,MAAM,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAG,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA,CAAC;IAC5C,CAAC,CAAC;AACJ,CAAC,CAAC;AAfW,QAAA,qBAAqB,yBAehC;AAEF;;;;;GAKG;AACI,MAAM,gBAAgB,GAAG,KAAK,EACnC,OAAmD,EACnD,WAAqB,EACrB,SAAiB,EACF,EAAE;;IACjB,IAAI,OAAO,KAAK,SAAS,EAAE;QACzB,MAAM,IAAI,mCAAW,CAAC;YACpB,IAAI,EAAE,+BAAa,CAAC,eAAe,CAAC,IAAI;YACxC,OAAO,EAAE,oEAAoE;SAC9E,CAAC,CAAC;KACJ;IAED,MAAM,kBAAkB,GAAG,MAAA,OAAO,CAAC,WAAW,0CAAG,SAAS,CAAC,CAAC;IAC5D,IAAI,kBAAkB,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE;QAC1E,MAAM,IAAI,mCAAW,CAAC;YACpB,IAAI,EAAE,+BAAa,CAAC,YAAY,CAAC,IAAI;YACrC,OAAO,EAAE,6EAA6E;SACvF,CAAC,CAAC;KACJ;IAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;QAC5D,MAAM,IAAI,mCAAW,CAAC;YACpB,IAAI,EAAE,+BAAa,CAAC,YAAY,CAAC,IAAI;YACrC,OAAO,EAAE,+JAA+J;YACxK,aAAa,EAAE,CAAC,kBAAkB,EAAE,WAAW,CAAC;SACjD,CAAC,CAAC;KACJ;AACH,CAAC,CAAC;AA3BW,QAAA,gBAAgB,oBA2B3B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@axinom/mosaic-id-guard",
|
|
3
|
-
"version": "0.28.0-rc.
|
|
3
|
+
"version": "0.28.0-rc.8",
|
|
4
4
|
"description": "Authentication and authorization helpers for Axinom Mosaic services",
|
|
5
5
|
"author": "Axinom",
|
|
6
6
|
"license": "PROPRIETARY",
|
|
@@ -28,10 +28,10 @@
|
|
|
28
28
|
"lint": "eslint . --ext .ts,.tsx,.js --color --cache"
|
|
29
29
|
},
|
|
30
30
|
"dependencies": {
|
|
31
|
-
"@axinom/mosaic-id-utils": "^0.15.13-rc.
|
|
32
|
-
"@axinom/mosaic-message-bus": "^0.23.0-rc.
|
|
33
|
-
"@axinom/mosaic-service-common": "^0.45.0-rc.
|
|
34
|
-
"@axinom/mosaic-transactional-inbox-outbox": "^0.5.0-rc.
|
|
31
|
+
"@axinom/mosaic-id-utils": "^0.15.13-rc.8",
|
|
32
|
+
"@axinom/mosaic-message-bus": "^0.23.0-rc.8",
|
|
33
|
+
"@axinom/mosaic-service-common": "^0.45.0-rc.8",
|
|
34
|
+
"@axinom/mosaic-transactional-inbox-outbox": "^0.5.0-rc.8",
|
|
35
35
|
"amqplib": "^0.10.3",
|
|
36
36
|
"express": "^4.17.1",
|
|
37
37
|
"express-bearer-token": "^2.4.0",
|
|
@@ -44,7 +44,7 @@
|
|
|
44
44
|
"jwks-rsa": "^1.8.1",
|
|
45
45
|
"lru-cache": "^7.18.3",
|
|
46
46
|
"pg": "^8.11.3",
|
|
47
|
-
"pg-transactional-outbox": "0.5.0
|
|
47
|
+
"pg-transactional-outbox": "^0.5.0",
|
|
48
48
|
"postgraphile": "^4.13.0",
|
|
49
49
|
"rascal": "^14.0.1",
|
|
50
50
|
"subscriptions-transport-ws": "^0.9.19"
|
|
@@ -64,5 +64,5 @@
|
|
|
64
64
|
"publishConfig": {
|
|
65
65
|
"access": "public"
|
|
66
66
|
},
|
|
67
|
-
"gitHead": "
|
|
67
|
+
"gitHead": "e6cebed2fb7c6a31d1069b88d7ed34ade07b3b23"
|
|
68
68
|
}
|
|
@@ -2,7 +2,10 @@ import {
|
|
|
2
2
|
EndUserAuthorizationConfig,
|
|
3
3
|
PermissionDefinition,
|
|
4
4
|
} from '@axinom/mosaic-id-utils';
|
|
5
|
-
import {
|
|
5
|
+
import {
|
|
6
|
+
MosaicErrorInfo,
|
|
7
|
+
UnreachableCaseError,
|
|
8
|
+
} from '@axinom/mosaic-service-common';
|
|
6
9
|
import { IdGuardError } from './id-guard-error';
|
|
7
10
|
import { IdGuardErrors } from './id-guard-errors';
|
|
8
11
|
import { SubjectType } from './subject-type';
|
|
@@ -138,7 +141,7 @@ export const isAuthenticatedManagementSubject = (
|
|
|
138
141
|
default: {
|
|
139
142
|
// This block would never execute in runtime, and used as a build-time exhaustive switch-case check for the `SubjectType` ENUM.
|
|
140
143
|
const exhaustiveCheck: never = subject.subjectType;
|
|
141
|
-
throw new
|
|
144
|
+
throw new UnreachableCaseError(exhaustiveCheck);
|
|
142
145
|
}
|
|
143
146
|
}
|
|
144
147
|
}
|
|
@@ -169,7 +172,7 @@ export const isAuthenticatedEndUser = (
|
|
|
169
172
|
default: {
|
|
170
173
|
// This block would never execute in runtime, and used as a build-time exhaustive switch-case check for the `SubjectType` ENUM.
|
|
171
174
|
const exhaustiveCheck: never = subject.subjectType;
|
|
172
|
-
throw new
|
|
175
|
+
throw new UnreachableCaseError(exhaustiveCheck);
|
|
173
176
|
}
|
|
174
177
|
}
|
|
175
178
|
}
|
|
@@ -97,4 +97,13 @@ export const IdGuardErrors = {
|
|
|
97
97
|
'A Permission Definition or an EndUserAuthorizationConfig was not found to be passed into Postgraphile build options. This is a development time issue.',
|
|
98
98
|
code: 'AUTHORIZATION_OPTIONS_MISCONFIGURED',
|
|
99
99
|
},
|
|
100
|
+
Unauthorized: {
|
|
101
|
+
message: 'The subject has no permissions.',
|
|
102
|
+
code: 'UNAUTHORIZED',
|
|
103
|
+
},
|
|
104
|
+
SubjectNotFound: {
|
|
105
|
+
message:
|
|
106
|
+
'User is authenticated, but subject information was not found. Please contact Axinom Support.',
|
|
107
|
+
code: 'SUBJECT_NOT_FOUND',
|
|
108
|
+
},
|
|
100
109
|
} as const;
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { MosaicError } from '@axinom/mosaic-service-common';
|
|
1
2
|
import * as fs from 'fs';
|
|
2
3
|
import jwt, { TokenExpiredError } from 'jsonwebtoken';
|
|
3
4
|
import { JwksError, SigningKeyNotFoundError } from 'jwks-rsa';
|
|
@@ -537,9 +538,10 @@ describe('parse-jwt-token', () => {
|
|
|
537
538
|
|
|
538
539
|
getAuthenticatedManagementSubjectMock.mockImplementation(
|
|
539
540
|
(_token, _authParams) => {
|
|
540
|
-
throw new
|
|
541
|
-
|
|
542
|
-
|
|
541
|
+
throw new MosaicError({
|
|
542
|
+
code: 'TEST_CODE',
|
|
543
|
+
message: `Some unknown error thrown by the method or the library.`,
|
|
544
|
+
});
|
|
543
545
|
},
|
|
544
546
|
);
|
|
545
547
|
const authContext = await parseJwtToken(
|
|
@@ -555,7 +557,7 @@ describe('parse-jwt-token', () => {
|
|
|
555
557
|
code: 'ACCESS_TOKEN_VERIFICATION_FAILED',
|
|
556
558
|
message: `Access token verification failed`,
|
|
557
559
|
error: {
|
|
558
|
-
message: 'Some unknown error thrown by the method or the library',
|
|
560
|
+
message: 'Some unknown error thrown by the method or the library.',
|
|
559
561
|
},
|
|
560
562
|
});
|
|
561
563
|
getAuthenticatedManagementSubjectMock.mockRestore();
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { MosaicError } from '@axinom/mosaic-service-common';
|
|
1
2
|
import fs from 'fs';
|
|
2
3
|
import { BasicConfig } from 'libs/service-common/dist';
|
|
3
4
|
import path from 'path';
|
|
@@ -18,9 +19,10 @@ export function PermissionDefinitionExporterPlugin(
|
|
|
18
19
|
if (config?.isDev) {
|
|
19
20
|
if (permissionDefinitionExportPath !== undefined) {
|
|
20
21
|
if (options.permissionDefinition === undefined) {
|
|
21
|
-
throw new
|
|
22
|
-
|
|
23
|
-
|
|
22
|
+
throw new MosaicError({
|
|
23
|
+
code: 'PERMISSION_DEFINITION_REQUIRED',
|
|
24
|
+
message: `When a permissionDefinitionExportPath is provided to AxGuard Plugin, permissionDefinition must be defined in the Postgraphile options.`,
|
|
25
|
+
});
|
|
24
26
|
}
|
|
25
27
|
writeSourceFile(
|
|
26
28
|
permissionDefinitionExportPath,
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
/* eslint-disable no-console */
|
|
2
|
+
import { MosaicError } from '@axinom/mosaic-service-common';
|
|
2
3
|
import 'jest-extended';
|
|
3
4
|
import { GuardedTransactionalInboxMessageHandler } from './guarded-transactional-inbox-message-handler';
|
|
4
5
|
|
|
@@ -7,11 +8,17 @@ class TestTransactionalInboxMessageHandler extends GuardedTransactionalInboxMess
|
|
|
7
8
|
any
|
|
8
9
|
> {
|
|
9
10
|
override handleMessage(): Promise<void> {
|
|
10
|
-
throw new
|
|
11
|
+
throw new MosaicError({
|
|
12
|
+
message: 'Method not implemented.',
|
|
13
|
+
code: 'TEST_CODE',
|
|
14
|
+
});
|
|
11
15
|
}
|
|
12
16
|
|
|
13
17
|
override setPgSettings(): Promise<void> {
|
|
14
|
-
throw new
|
|
18
|
+
throw new MosaicError({
|
|
19
|
+
message: 'Method not implemented.',
|
|
20
|
+
code: 'TEST_CODE',
|
|
21
|
+
});
|
|
15
22
|
}
|
|
16
23
|
}
|
|
17
24
|
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import { MessageEnvelope, MessageInfo } from '@axinom/mosaic-message-bus';
|
|
2
|
+
import { MosaicError } from '@axinom/mosaic-service-common';
|
|
2
3
|
import { AckOrNack, Recovery } from 'rascal';
|
|
3
4
|
import { getAuthenticatedManagementSubject } from '../common/get-authenticated-subject';
|
|
4
5
|
import {
|
|
5
|
-
createTestMessage,
|
|
6
|
-
createTestUser,
|
|
7
6
|
DEFAULT_SYSTEM_USERNAME,
|
|
8
7
|
TestMessage,
|
|
8
|
+
createTestMessage,
|
|
9
|
+
createTestUser,
|
|
9
10
|
} from '../tests/test-utils';
|
|
10
11
|
import {
|
|
11
12
|
AuthenticatedManagementSubjectMessageInfo,
|
|
@@ -20,7 +21,10 @@ const validToken = 'Bearer 9624bf1a-629a-457d-bf91-d923f6aad2a3';
|
|
|
20
21
|
if (token === validToken) {
|
|
21
22
|
return createTestUser();
|
|
22
23
|
}
|
|
23
|
-
throw new
|
|
24
|
+
throw new MosaicError({
|
|
25
|
+
message: 'Invalid token.',
|
|
26
|
+
code: 'TEST_CODE',
|
|
27
|
+
});
|
|
24
28
|
},
|
|
25
29
|
);
|
|
26
30
|
|
|
@@ -3,7 +3,7 @@ import {
|
|
|
3
3
|
MessageInfo,
|
|
4
4
|
OnMessageMiddleware,
|
|
5
5
|
} from '@axinom/mosaic-message-bus';
|
|
6
|
-
import { assertError } from '@axinom/mosaic-service-common';
|
|
6
|
+
import { MosaicError, assertError } from '@axinom/mosaic-service-common';
|
|
7
7
|
import { AckOrNack } from 'rascal';
|
|
8
8
|
import {
|
|
9
9
|
AuthenticatedEndUser,
|
|
@@ -11,6 +11,7 @@ import {
|
|
|
11
11
|
AuthenticationConfig,
|
|
12
12
|
getAuthenticatedManagementSubject,
|
|
13
13
|
} from '../common';
|
|
14
|
+
import { IdGuardErrors } from '../common/id-guard-errors';
|
|
14
15
|
|
|
15
16
|
export interface AuthenticatedManagementSubjectMessageInfo extends MessageInfo {
|
|
16
17
|
subject: AuthenticatedManagementSubject;
|
|
@@ -33,9 +34,11 @@ export const getMessageInfoManagementSubject = (
|
|
|
33
34
|
if (authenticatedMessage?.subject) {
|
|
34
35
|
return authenticatedMessage.subject;
|
|
35
36
|
}
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
37
|
+
|
|
38
|
+
throw new MosaicError({
|
|
39
|
+
code: IdGuardErrors.SubjectNotFound.code,
|
|
40
|
+
message: `Message info has no subject property. It is possible that authentication messaging middleware was not used to extract it from auth token.`,
|
|
41
|
+
});
|
|
39
42
|
};
|
|
40
43
|
|
|
41
44
|
/**
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import { MessageEnvelope, MessageInfo } from '@axinom/mosaic-message-bus';
|
|
2
|
+
import { MosaicError } from '@axinom/mosaic-service-common';
|
|
2
3
|
import { AckOrNack, Recovery } from 'rascal';
|
|
3
4
|
import { getAuthenticatedManagementSubject } from '../common/get-authenticated-subject';
|
|
4
5
|
import {
|
|
5
|
-
createTestMessage,
|
|
6
|
-
createTestUser,
|
|
7
6
|
DEFAULT_SYSTEM_USERNAME,
|
|
8
7
|
TestMessage,
|
|
8
|
+
createTestMessage,
|
|
9
|
+
createTestUser,
|
|
9
10
|
} from '../tests/test-utils';
|
|
10
11
|
import {
|
|
11
12
|
AuthenticatedManagementSubjectMessageInfo,
|
|
@@ -20,7 +21,10 @@ const validToken = 'Bearer 9624bf1a-629a-457d-bf91-d923f6aad2a3';
|
|
|
20
21
|
if (token === validToken) {
|
|
21
22
|
return createTestUser();
|
|
22
23
|
}
|
|
23
|
-
throw new
|
|
24
|
+
throw new MosaicError({
|
|
25
|
+
message: 'Invalid token.',
|
|
26
|
+
code: 'TEST_CODE',
|
|
27
|
+
});
|
|
24
28
|
},
|
|
25
29
|
);
|
|
26
30
|
|
|
@@ -3,8 +3,10 @@ import {
|
|
|
3
3
|
MessageInfo,
|
|
4
4
|
OnMessageMiddleware,
|
|
5
5
|
} from '@axinom/mosaic-message-bus';
|
|
6
|
+
import { MosaicError } from '@axinom/mosaic-service-common';
|
|
6
7
|
import { AckOrNack } from 'rascal';
|
|
7
8
|
import { AuthenticatedManagementSubject } from '../common';
|
|
9
|
+
import { IdGuardErrors } from '../common/id-guard-errors';
|
|
8
10
|
import { AuthenticatedManagementSubjectMessageInfo } from './message-handler-authentication';
|
|
9
11
|
|
|
10
12
|
/**
|
|
@@ -41,21 +43,25 @@ export const permissionsCheck = async (
|
|
|
41
43
|
serviceId: string,
|
|
42
44
|
): Promise<void> => {
|
|
43
45
|
if (subject === undefined) {
|
|
44
|
-
throw new
|
|
45
|
-
|
|
46
|
-
|
|
46
|
+
throw new MosaicError({
|
|
47
|
+
code: IdGuardErrors.SubjectNotFound.code,
|
|
48
|
+
message: `Permission check failed as no authentication subject was provided.`,
|
|
49
|
+
});
|
|
47
50
|
}
|
|
48
51
|
|
|
49
52
|
const subjectPermissions = subject.permissions?.[serviceId];
|
|
50
53
|
if (subjectPermissions === undefined || !Array.isArray(subjectPermissions)) {
|
|
51
|
-
throw new
|
|
52
|
-
|
|
53
|
-
|
|
54
|
+
throw new MosaicError({
|
|
55
|
+
code: IdGuardErrors.Unauthorized.code,
|
|
56
|
+
message: `Permission check failed as the subject has no permissions for this service.`,
|
|
57
|
+
});
|
|
54
58
|
}
|
|
55
59
|
|
|
56
60
|
if (!permissions.some((p) => subjectPermissions.includes(p))) {
|
|
57
|
-
throw new
|
|
58
|
-
|
|
59
|
-
|
|
61
|
+
throw new MosaicError({
|
|
62
|
+
code: IdGuardErrors.Unauthorized.code,
|
|
63
|
+
message: `Permission check failed as the subject has no permissions for this message handler. The subject permissions are [%s] while the required permissions are [%s].`,
|
|
64
|
+
messageParams: [subjectPermissions, permissions],
|
|
65
|
+
});
|
|
60
66
|
}
|
|
61
67
|
};
|