@axium/server 0.26.3 → 0.28.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/acl.d.ts +26 -45
- package/dist/acl.js +50 -52
- package/dist/api/acl.js +16 -8
- package/dist/api/admin.js +9 -12
- package/dist/api/metadata.js +4 -11
- package/dist/api/passkeys.js +6 -6
- package/dist/api/register.js +1 -1
- package/dist/api/users.js +16 -30
- package/dist/audit.d.ts +3 -3
- package/dist/audit.js +8 -9
- package/dist/auth.d.ts +10 -5
- package/dist/auth.js +29 -23
- package/dist/cli.d.ts +8 -2
- package/dist/cli.js +18 -605
- package/dist/config.d.ts +2 -2
- package/dist/config.js +8 -7
- package/dist/database.d.ts +417 -29
- package/dist/database.js +546 -247
- package/dist/db.json +71 -0
- package/dist/internal_requests.js +1 -1
- package/dist/main.d.ts +2 -0
- package/dist/main.js +833 -0
- package/dist/requests.d.ts +1 -1
- package/dist/requests.js +8 -1
- package/dist/routes.d.ts +20 -20
- package/dist/routes.js +2 -1
- package/dist/serve.js +1 -1
- package/package.json +6 -4
- package/routes/account/+page.svelte +11 -13
- package/routes/admin/audit/[id]/+page.svelte +6 -1
- package/routes/admin/plugins/+page.svelte +5 -1
- package/schemas/config.json +207 -0
- package/schemas/db.json +636 -0
- package/svelte.config.js +3 -0
package/dist/auth.js
CHANGED
|
@@ -46,6 +46,15 @@ export async function getSession(sessionId) {
|
|
|
46
46
|
.where('sessions.expires', '>', new Date())
|
|
47
47
|
.executeTakeFirstOrThrow();
|
|
48
48
|
}
|
|
49
|
+
export async function requireSession(request, sensitive = false) {
|
|
50
|
+
const token = getToken(request, sensitive);
|
|
51
|
+
if (!token)
|
|
52
|
+
error(401, 'Missing session token');
|
|
53
|
+
const session = await getSessionAndUser(token).catch(withError('Invalid or expired session token', 401));
|
|
54
|
+
if (session.user.isSuspended)
|
|
55
|
+
error(403, 'User is suspended');
|
|
56
|
+
return session;
|
|
57
|
+
}
|
|
49
58
|
export async function getSessions(userId) {
|
|
50
59
|
return await db.selectFrom('sessions').selectAll().where('userId', '=', userId).where('sessions.expires', '>', new Date()).execute();
|
|
51
60
|
}
|
|
@@ -88,12 +97,7 @@ export async function updatePasskeyCounter(id, newCounter) {
|
|
|
88
97
|
return passkey;
|
|
89
98
|
}
|
|
90
99
|
export async function checkAuthForUser(request, userId, sensitive = false) {
|
|
91
|
-
const
|
|
92
|
-
if (!token)
|
|
93
|
-
throw error(401, 'Missing token');
|
|
94
|
-
const session = await getSessionAndUser(token).catch(withError('Invalid or expired session', 401));
|
|
95
|
-
if (session.user.isSuspended)
|
|
96
|
-
error(403, 'User is suspended');
|
|
100
|
+
const session = await requireSession(request);
|
|
97
101
|
if (session.userId !== userId) {
|
|
98
102
|
if (!session.user?.isAdmin)
|
|
99
103
|
error(403, 'User ID mismatch');
|
|
@@ -106,42 +110,44 @@ export async function checkAuthForUser(request, userId, sensitive = false) {
|
|
|
106
110
|
error(403, 'This token can not be used for sensitive actions');
|
|
107
111
|
return Object.assign(session, { accessor: session.user });
|
|
108
112
|
}
|
|
109
|
-
|
|
113
|
+
/**
|
|
114
|
+
* Authenticate a request against an "item" which has an ACL table.
|
|
115
|
+
* This will fetch the item, ACLs, users, and the authenticating session.
|
|
116
|
+
*/
|
|
117
|
+
export async function checkAuthForItem(request, itemType, itemId, permissions) {
|
|
110
118
|
const token = getToken(request, false);
|
|
111
119
|
if (!token)
|
|
112
120
|
error(401, 'Missing token');
|
|
113
121
|
const session = await getSessionAndUser(token).catch(() => null);
|
|
122
|
+
const { userId, user } = session ?? {};
|
|
114
123
|
const item = await db
|
|
115
124
|
.selectFrom(itemType)
|
|
116
125
|
.selectAll()
|
|
117
126
|
.where('id', '=', itemId)
|
|
118
|
-
.$if(!!
|
|
127
|
+
.$if(!!userId, eb => eb.select(acl.from(itemType, { user })))
|
|
119
128
|
.$castTo()
|
|
120
129
|
.executeTakeFirstOrThrow()
|
|
121
|
-
.catch(
|
|
130
|
+
.catch(e => {
|
|
131
|
+
if (e.message.includes('no rows'))
|
|
132
|
+
error(404, itemType + ' not found');
|
|
133
|
+
throw e;
|
|
134
|
+
});
|
|
122
135
|
const result = {
|
|
123
136
|
session: session ? omit(session, 'user') : undefined,
|
|
124
137
|
item: omit(item, 'acl'),
|
|
125
|
-
user
|
|
138
|
+
user,
|
|
126
139
|
fromACL: false,
|
|
127
140
|
};
|
|
128
|
-
if (
|
|
129
|
-
return result;
|
|
130
|
-
if (!session)
|
|
141
|
+
if (!session || !user)
|
|
131
142
|
error(403, 'Access denied');
|
|
132
|
-
if (
|
|
143
|
+
if (user.isSuspended)
|
|
133
144
|
error(403, 'User is suspended');
|
|
134
|
-
if (
|
|
145
|
+
if (userId == item.userId)
|
|
135
146
|
return result;
|
|
136
147
|
result.fromACL = true;
|
|
137
148
|
if (!item.acl || !item.acl.length)
|
|
138
149
|
error(403, 'Access denied');
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
error(500, 'Access control entry does not match session user');
|
|
143
|
-
}
|
|
144
|
-
if (control.permission >= permission)
|
|
145
|
-
return result;
|
|
146
|
-
error(403, 'Access denied');
|
|
150
|
+
if (acl.check(item.acl, permissions).size)
|
|
151
|
+
error(403, 'Access denied');
|
|
152
|
+
return result;
|
|
147
153
|
}
|
package/dist/cli.d.ts
CHANGED
|
@@ -1,2 +1,8 @@
|
|
|
1
|
-
|
|
2
|
-
export
|
|
1
|
+
import type { UserInternal } from '@axium/core';
|
|
2
|
+
export declare function userText(user: UserInternal, bold?: boolean): string;
|
|
3
|
+
export declare function lookupUser(lookup: string): Promise<UserInternal>;
|
|
4
|
+
/**
|
|
5
|
+
* Updates an array of strings by adding or removing items.
|
|
6
|
+
* Only returns whether the array was updated and diff text for what actually changed.
|
|
7
|
+
*/
|
|
8
|
+
export declare function diffUpdate(original: string[], add?: string[], remove?: string[]): [updated: boolean, newValue: string[], diffText: string];
|