@axium/server 0.34.2 → 0.35.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api/acl.js +4 -4
- package/dist/auth.d.ts +2 -1
- package/dist/auth.js +12 -9
- package/dist/linking.js +2 -2
- package/dist/main.js +0 -3
- package/package.json +1 -1
package/dist/api/acl.js
CHANGED
|
@@ -2,7 +2,7 @@ import * as z from 'zod';
|
|
|
2
2
|
import * as acl from '../acl.js';
|
|
3
3
|
import { error, parseBody, withError } from '../requests.js';
|
|
4
4
|
import { addRoute } from '../routes.js';
|
|
5
|
-
import {
|
|
5
|
+
import { authRequestForItem } from '../auth.js';
|
|
6
6
|
import { AccessControlUpdate, AccessTarget } from '@axium/core';
|
|
7
7
|
function getTable(itemType) {
|
|
8
8
|
const tables = acl.listTables();
|
|
@@ -23,19 +23,19 @@ addRoute({
|
|
|
23
23
|
async PATCH(request, { itemType, itemId }) {
|
|
24
24
|
const table = getTable(itemType);
|
|
25
25
|
const { target, permissions } = await parseBody(request, AccessControlUpdate);
|
|
26
|
-
await
|
|
26
|
+
await authRequestForItem(request, itemType, itemId, { manage: true });
|
|
27
27
|
return await acl.update(table, itemId, target, permissions);
|
|
28
28
|
},
|
|
29
29
|
async PUT(request, { itemType, itemId }) {
|
|
30
30
|
const table = getTable(itemType);
|
|
31
31
|
const target = await parseBody(request, AccessTarget);
|
|
32
|
-
await
|
|
32
|
+
await authRequestForItem(request, itemType, itemId, { manage: true });
|
|
33
33
|
return await acl.add(table, itemId, target);
|
|
34
34
|
},
|
|
35
35
|
async DELETE(request, { itemType, itemId }) {
|
|
36
36
|
const table = getTable(itemType);
|
|
37
37
|
const target = await parseBody(request, AccessTarget);
|
|
38
|
-
await
|
|
38
|
+
await authRequestForItem(request, itemType, itemId, { manage: true });
|
|
39
39
|
return await acl.remove(table, itemId, target);
|
|
40
40
|
},
|
|
41
41
|
});
|
package/dist/auth.d.ts
CHANGED
|
@@ -41,8 +41,9 @@ export interface ItemAuthResult<TB extends acl.TargetName> {
|
|
|
41
41
|
user?: UserInternal;
|
|
42
42
|
session?: SessionInternal;
|
|
43
43
|
}
|
|
44
|
+
export declare function authSessionForItem<const TB extends acl.TargetName>(itemType: TB, itemId: string, permissions: Partial<acl.PermissionsFor<`acl.${TB}`>>, session?: SessionAndUser | null): Promise<ItemAuthResult<TB>>;
|
|
44
45
|
/**
|
|
45
46
|
* Authenticate a request against an "item" which has an ACL table.
|
|
46
47
|
* This will fetch the item, ACLs, users, and the authenticating session.
|
|
47
48
|
*/
|
|
48
|
-
export declare function
|
|
49
|
+
export declare function authRequestForItem<const TB extends acl.TargetName>(request: Request, itemType: TB, itemId: string, permissions: Partial<acl.PermissionsFor<`acl.${TB}`>>): Promise<ItemAuthResult<TB>>;
|
package/dist/auth.js
CHANGED
|
@@ -110,15 +110,7 @@ export async function checkAuthForUser(request, userId, sensitive = false) {
|
|
|
110
110
|
error(403, 'This token can not be used for sensitive actions');
|
|
111
111
|
return Object.assign(session, { accessor: session.user });
|
|
112
112
|
}
|
|
113
|
-
|
|
114
|
-
* Authenticate a request against an "item" which has an ACL table.
|
|
115
|
-
* This will fetch the item, ACLs, users, and the authenticating session.
|
|
116
|
-
*/
|
|
117
|
-
export async function checkAuthForItem(request, itemType, itemId, permissions) {
|
|
118
|
-
const token = getToken(request, false);
|
|
119
|
-
if (!token)
|
|
120
|
-
error(401, 'Missing token');
|
|
121
|
-
const session = await getSessionAndUser(token).catch(() => null);
|
|
113
|
+
export async function authSessionForItem(itemType, itemId, permissions, session) {
|
|
122
114
|
const { userId, user } = session ?? {};
|
|
123
115
|
// Note: we need to do casting because of TS limitations with generics
|
|
124
116
|
const item = await db
|
|
@@ -152,3 +144,14 @@ export async function checkAuthForItem(request, itemType, itemId, permissions) {
|
|
|
152
144
|
error(403, 'Access denied');
|
|
153
145
|
return result;
|
|
154
146
|
}
|
|
147
|
+
/**
|
|
148
|
+
* Authenticate a request against an "item" which has an ACL table.
|
|
149
|
+
* This will fetch the item, ACLs, users, and the authenticating session.
|
|
150
|
+
*/
|
|
151
|
+
export async function authRequestForItem(request, itemType, itemId, permissions) {
|
|
152
|
+
const token = getToken(request, false);
|
|
153
|
+
if (!token)
|
|
154
|
+
error(401, 'Missing token');
|
|
155
|
+
const session = await getSessionAndUser(token).catch(() => null);
|
|
156
|
+
return await authSessionForItem(itemType, itemId, permissions, session);
|
|
157
|
+
}
|
package/dist/linking.js
CHANGED
|
@@ -12,14 +12,14 @@ function info(id) {
|
|
|
12
12
|
return [text, link];
|
|
13
13
|
}
|
|
14
14
|
export function* listRouteLinks(options = {}) {
|
|
15
|
-
if (!options.only) {
|
|
15
|
+
if (!options.only || !options.only.length) {
|
|
16
16
|
const [text, link] = info('#builtin');
|
|
17
17
|
yield { text, id: '#builtin', from: link, to: resolve(import.meta.dirname, '../routes') };
|
|
18
18
|
}
|
|
19
19
|
for (const plugin of plugins.values()) {
|
|
20
20
|
if (!plugin.server?.routes)
|
|
21
21
|
continue;
|
|
22
|
-
if (options.only && !options.only.includes(plugin.name))
|
|
22
|
+
if (options.only && options.only.length && !options.only.includes(plugin.name))
|
|
23
23
|
continue;
|
|
24
24
|
const [text, link] = info(plugin.name);
|
|
25
25
|
const to = resolve(join(plugin.dirname, plugin.server.routes));
|
package/dist/main.js
CHANGED
|
@@ -186,7 +186,6 @@ try {
|
|
|
186
186
|
io.warn('Invalid timeout value, using default.');
|
|
187
187
|
io.setCommandTimeout(timeout);
|
|
188
188
|
}),
|
|
189
|
-
packagesDir: new Option('-p, --packages-dir <dir>', 'the directory to look for packages in'),
|
|
190
189
|
};
|
|
191
190
|
axiumDB = program.command('db').alias('database').description('Manage the database').addOption(opts.timeout);
|
|
192
191
|
axiumDB
|
|
@@ -755,7 +754,6 @@ try {
|
|
|
755
754
|
.description('Install Axium server')
|
|
756
755
|
.addOption(opts.force)
|
|
757
756
|
.addOption(opts.check)
|
|
758
|
-
.addOption(opts.packagesDir)
|
|
759
757
|
.option('-s, --skip', 'Skip already initialized steps', false)
|
|
760
758
|
.action(async (opt) => {
|
|
761
759
|
await db.init(opt).catch(io.exit);
|
|
@@ -789,7 +787,6 @@ try {
|
|
|
789
787
|
program
|
|
790
788
|
.command('link')
|
|
791
789
|
.description('Link routes provided by plugins and the server')
|
|
792
|
-
.addOption(opts.packagesDir)
|
|
793
790
|
.addOption(new Option('-l, --list', 'list route links').conflicts('delete'))
|
|
794
791
|
.option('-d, --delete', 'delete route links')
|
|
795
792
|
.argument('[name...]', 'List of plugin names to operate on. If not specified, operates on all plugins and built-in routes.')
|