npm - @backstage/plugin-permission-backend - Versions diffs - 0.4.2 → 0.5.1 - Mend

@backstage/plugin-permission-backend 0.4.2 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,72 @@
 # @backstage/plugin-permission-backend
+## 0.5.1
+### Patch Changes
+- Fix for the previous release with missing type declarations.
+- Updated dependencies
+  - @backstage/backend-common@0.10.9
+  - @backstage/config@0.1.15
+  - @backstage/errors@0.2.2
+  - @backstage/plugin-auth-node@0.1.2
+  - @backstage/plugin-permission-common@0.5.1
+  - @backstage/plugin-permission-node@0.5.1
+## 0.5.0
+### Minor Changes
+- e2cf0662eb: Add a warning if the permission backend is used without setting `permission.enabled=true`.
+  **BREAKING** Permission backend's `createRouter` now requires a `config` option.
+  ```diff
+  // packages/backend/src/plugins/permission.ts
+  ...
+  export default async function createPlugin({
+    ...
+  + config,
+  }: PluginEnvironment) {
+    return createRouter({
+      ...
+  +   config,
+    });
+  }
+  ```
+### Patch Changes
+- 1ed305728b: Bump `node-fetch` to version 2.6.7 and `cross-fetch` to version 3.1.5
+- c77c5c7eb6: Added `backstage.role` to `package.json`
+- Updated dependencies
+  - @backstage/backend-common@0.10.8
+  - @backstage/errors@0.2.1
+  - @backstage/plugin-auth-node@0.1.1
+  - @backstage/plugin-permission-common@0.5.0
+  - @backstage/config@0.1.14
+  - @backstage/plugin-permission-node@0.5.0
+## 0.4.3
+### Patch Changes
+- b3f3e42036: Use `getBearerTokenFromAuthorizationHeader` from `@backstage/plugin-auth-node` instead of the deprecated `IdentityClient` method.
+- Updated dependencies
+  - @backstage/backend-common@0.10.7
+  - @backstage/plugin-auth-node@0.1.0
+  - @backstage/plugin-permission-node@0.4.3
+## 0.4.3-next.0
+### Patch Changes
+- Updated dependencies
+  - @backstage/plugin-auth-backend@0.10.0-next.0
+  - @backstage/backend-common@0.10.7-next.0
+  - @backstage/plugin-permission-node@0.4.3-next.0
 ## 0.4.2
 ### Patch Changes

package/dist/index.cjs.js CHANGED Viewed

@@ -7,7 +7,7 @@ var express = require('express');
 var Router = require('express-promise-router');
 var backendCommon = require('@backstage/backend-common');
 var errors = require('@backstage/errors');
-var pluginAuthBackend = require('@backstage/plugin-auth-backend');
+var pluginAuthNode = require('@backstage/plugin-auth-node');
 var pluginPermissionCommon = require('@backstage/plugin-permission-common');
 var fetch = require('node-fetch');
 var lodash = require('lodash');
@@ -102,7 +102,10 @@ const handleRequest = async (requests, user, policy, permissionIntegrationClient
   })));
 };
 async function createRouter(options) {
-  const { policy, discovery, identity } = options;
+  const { policy, discovery, identity, config, logger } = options;
+  if (!config.getOptionalBoolean("permission.enabled")) {
+    logger.warn("Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.");
+  }
   const permissionIntegrationClient = new PermissionIntegrationClient({
     discovery
   });
@@ -112,7 +115,7 @@ async function createRouter(options) {
     response.send({ status: "ok" });
   });
   router.post("/authorize", async (req, res) => {
-    const token = pluginAuthBackend.IdentityClient.getBearerToken(req.header("authorization"));
+    const token = pluginAuthNode.getBearerTokenFromAuthorizationHeader(req.header("authorization"));
     const user = token ? await identity.authenticate(token) : void 0;
     const parseResult = requestSchema.safeParse(req.body);
     if (!parseResult.success) {

package/dist/index.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.cjs.js","sources":["../src/service/PermissionIntegrationClient.ts","../src/service/router.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport fetch from 'node-fetch';\nimport { z } from 'zod';\nimport { PluginEndpointDiscovery } from '@backstage/backend-common';\nimport { AuthorizeResult } from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n ConditionalPolicyDecision,\n} from '@backstage/plugin-permission-node';\n\nconst responseSchema = z.object({\n items: z.array(\n z.object({\n id: z.string(),\n result: z\n .literal(AuthorizeResult.ALLOW)\n .or(z.literal(AuthorizeResult.DENY)),\n }),\n ),\n});\n\nexport type ResourcePolicyDecision = ConditionalPolicyDecision & {\n resourceRef: string;\n};\n\nexport class PermissionIntegrationClient {\n private readonly discovery: PluginEndpointDiscovery;\n\n constructor(options: { discovery: PluginEndpointDiscovery }) {\n this.discovery = options.discovery;\n }\n\n async applyConditions(\n pluginId: string,\n decisions: readonly ApplyConditionsRequestEntry[],\n authHeader?: string,\n ): Promise<ApplyConditionsResponseEntry[]> {\n const endpoint = `${await this.discovery.getBaseUrl(\n pluginId,\n )}/.well-known/backstage/permissions/apply-conditions`;\n\n const response = await fetch(endpoint, {\n method: 'POST',\n body: JSON.stringify({\n items: decisions.map(\n ({ id, resourceRef, resourceType, conditions }) => ({\n id,\n resourceRef,\n resourceType,\n conditions,\n }),\n ),\n }),\n headers: {\n ...(authHeader ? { authorization: authHeader } : {}),\n 'content-type': 'application/json',\n },\n });\n\n if (!response.ok) {\n throw new Error(\n `Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`,\n );\n }\n\n const result = responseSchema.parse(await response.json());\n\n return result.items;\n }\n}\n","/\n * Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { Logger } from 'winston';\nimport {\n errorHandler,\n PluginEndpointDiscovery,\n} from '@backstage/backend-common';\nimport { InputError } from '@backstage/errors';\nimport {\n BackstageIdentityResponse,\n IdentityClient,\n} from '@backstage/plugin-auth-backend';\nimport {\n AuthorizeResult,\n AuthorizeDecision,\n AuthorizeQuery,\n Identified,\n AuthorizeRequest,\n AuthorizeResponse,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n PermissionPolicy,\n} from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\nimport { memoize } from 'lodash';\nimport DataLoader from 'dataloader';\n\nconst querySchema: z.ZodSchema<Identified<AuthorizeQuery>> = z.object({\n id: z.string(),\n resourceRef: z.string().optional(),\n permission: z.object({\n name: z.string(),\n resourceType: z.string().optional(),\n attributes: z.object({\n action: z\n .union([\n z.literal('create'),\n z.literal('read'),\n z.literal('update'),\n z.literal('delete'),\n ])\n .optional(),\n }),\n }),\n});\n\nconst requestSchema: z.ZodSchema<AuthorizeRequest> = z.object({\n items: z.array(querySchema),\n});\n\n/\n Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n \n @public\n /\nexport interface RouterOptions {\n logger: Logger;\n discovery: PluginEndpointDiscovery;\n policy: PermissionPolicy;\n identity: IdentityClient;\n}\n\nconst handleRequest = async (\n requests: Identified<AuthorizeQuery>[],\n user: BackstageIdentityResponse \| undefined,\n policy: PermissionPolicy,\n permissionIntegrationClient: PermissionIntegrationClient,\n authHeader?: string,\n): Promise<Identified<AuthorizeDecision>[]> => {\n const applyConditionsLoaderFor = memoize((pluginId: string) => {\n return new DataLoader<\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry\n >(batch =>\n permissionIntegrationClient.applyConditions(pluginId, batch, authHeader),\n );\n });\n\n return Promise.all(\n requests.map(({ id, resourceRef, ...request }) =>\n policy.handle(request, user).then(decision => {\n if (decision.result !== AuthorizeResult.CONDITIONAL) {\n return {\n id,\n ...decision,\n };\n }\n\n if (decision.resourceType !== request.permission.resourceType) {\n throw new Error(\n `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n );\n }\n\n if (!resourceRef) {\n return {\n id,\n ...decision,\n };\n }\n\n return applyConditionsLoaderFor(decision.pluginId).load({\n id,\n resourceRef,\n ...decision,\n });\n }),\n ),\n );\n};\n\n/\n Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n \n @public\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { policy, discovery, identity } = options;\n\n const permissionIntegrationClient = new PermissionIntegrationClient({\n discovery,\n });\n\n const router = Router();\n router.use(express.json());\n\n router.get('/health', (_, response) => {\n response.send({ status: 'ok' });\n });\n\n router.post(\n '/authorize',\n async (\n req: Request<AuthorizeRequest>,\n res: Response<AuthorizeResponse>,\n ) => {\n const token = IdentityClient.getBearerToken(req.header('authorization'));\n const user = token ? await identity.authenticate(token) : undefined;\n\n const parseResult = requestSchema.safeParse(req.body);\n\n if (!parseResult.success) {\n throw new InputError(parseResult.error.toString());\n }\n\n const body = parseResult.data;\n\n res.json({\n items: await handleRequest(\n body.items,\n user,\n policy,\n permissionIntegrationClient,\n req.header('authorization'),\n ),\n });\n },\n );\n\n router.use(errorHandler());\n\n return router;\n}\n"],"names":["z","AuthorizeResult","fetch","memoize","DataLoader","Router","express","IdentityClient","InputError","errorHandler"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AA0BA,MAAM,iBAAiBA,MAAE,OAAO;AAAA,EAC9B,OAAOA,MAAE,MACPA,MAAE,OAAO;AAAA,IACP,IAAIA,MAAE;AAAA,IACN,QAAQA,MACL,QAAQC,uCAAgB,OACxB,GAAGD,MAAE,QAAQC,uCAAgB;AAAA;AAAA;kCASG;AAAA,EAGvC,YAAY,SAAiD;AAC3D,SAAK,YAAY,QAAQ;AAAA;AAAA,QAGrB,gBACJ,UACA,WACA,YACyC;AACzC,UAAM,WAAW,GAAG,MAAM,KAAK,UAAU,WACvC;AAGF,UAAM,WAAW,MAAMC,0BAAM,UAAU;AAAA,MACrC,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO,UAAU,IACf,CAAC,EAAE,IAAI,aAAa,cAAc;AAAkB,UAClD;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAAA,MAIN,SAAS;AAAA,WACH,aAAa,EAAE,eAAe,eAAe;AAAA,QACjD,gBAAgB;AAAA;AAAA;AAIpB,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI,MACR,2FAA2F,SAAS,YAAY,SAAS;AAAA;AAI7H,UAAM,SAAS,eAAe,MAAM,MAAM,SAAS;AAEnD,WAAO,OAAO;AAAA;AAAA;;ACrClB,MAAM,cAAuDF,MAAE,OAAO;AAAA,EACpE,IAAIA,MAAE;AAAA,EACN,aAAaA,MAAE,SAAS;AAAA,EACxB,YAAYA,MAAE,OAAO;AAAA,IACnB,MAAMA,MAAE;AAAA,IACR,cAAcA,MAAE,SAAS;AAAA,IACzB,YAAYA,MAAE,OAAO;AAAA,MACnB,QAAQA,MACL,MAAM;AAAA,QACLA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,SAEX;AAAA;AAAA;AAAA;AAKT,MAAM,gBAA+CA,MAAE,OAAO;AAAA,EAC5D,OAAOA,MAAE,MAAM;AAAA;AAgBjB,MAAM,gBAAgB,OACpB,UACA,MACA,QACA,6BACA,eAC6C;AAC7C,QAAM,2BAA2BG,eAAQ,CAAC,aAAqB;AAC7D,WAAO,IAAIC,+BAGT,WACA,4BAA4B,gBAAgB,UAAU,OAAO;AAAA;AAIjE,SAAO,QAAQ,IACb,SAAS,IAAI,CAAC,EAAE,IAAI,gBAAgB,cAClC,OAAO,OAAO,SAAS,MAAM,KAAK,cAAY;AAC5C,QAAI,SAAS,WAAWH,uCAAgB,aAAa;AACnD,aAAO;AAAA,QACL;AAAA,WACG;AAAA;AAAA;AAIP,QAAI,SAAS,iBAAiB,QAAQ,WAAW,cAAc;AAC7D,YAAM,IAAI,MACR,8EAA8E,QAAQ,WAAW;AAAA;AAIrG,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL;AAAA,WACG;AAAA;AAAA;AAIP,WAAO,yBAAyB,SAAS,UAAU,KAAK;AAAA,MACtD;AAAA,MACA;AAAA,SACG;AAAA;AAAA;AAAA;4BAcX,SACyB;AACzB,QAAM,EAAE,QAAQ,WAAW,aAAa;AAExC,QAAM,8BAA8B,IAAI,4BAA4B;AAAA,IAClE;AAAA;AAGF,QAAM,SAASI;AACf,SAAO,IAAIC,4BAAQ;AAEnB,SAAO,IAAI,WAAW,CAAC,GAAG,aAAa;AACrC,aAAS,KAAK,EAAE,QAAQ;AAAA;AAG1B,SAAO,KACL,cACA,OACE,KACA,QACG;AACH,UAAM,QAAQC,iCAAe,eAAe,IAAI,OAAO;AACvD,UAAM,OAAO,QAAQ,MAAM,SAAS,aAAa,SAAS;AAE1D,UAAM,cAAc,cAAc,UAAU,IAAI;AAEhD,QAAI,CAAC,YAAY,SAAS;AACxB,YAAM,IAAIC,kBAAW,YAAY,MAAM;AAAA;AAGzC,UAAM,OAAO,YAAY;AAEzB,QAAI,KAAK;AAAA,MACP,OAAO,MAAM,cACX,KAAK,OACL,MACA,QACA,6BACA,IAAI,OAAO;AAAA;AAAA;AAMnB,SAAO,IAAIC;AAEX,SAAO;AAAA;;;;"}
1	+ {"version":3,"file":"index.cjs.js","sources":["../src/service/PermissionIntegrationClient.ts","../src/service/router.ts"],"sourcesContent":["/\n Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport fetch from 'node-fetch';\nimport { z } from 'zod';\nimport { PluginEndpointDiscovery } from '@backstage/backend-common';\nimport { AuthorizeResult } from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n ConditionalPolicyDecision,\n} from '@backstage/plugin-permission-node';\n\nconst responseSchema = z.object({\n items: z.array(\n z.object({\n id: z.string(),\n result: z\n .literal(AuthorizeResult.ALLOW)\n .or(z.literal(AuthorizeResult.DENY)),\n }),\n ),\n});\n\nexport type ResourcePolicyDecision = ConditionalPolicyDecision & {\n resourceRef: string;\n};\n\nexport class PermissionIntegrationClient {\n private readonly discovery: PluginEndpointDiscovery;\n\n constructor(options: { discovery: PluginEndpointDiscovery }) {\n this.discovery = options.discovery;\n }\n\n async applyConditions(\n pluginId: string,\n decisions: readonly ApplyConditionsRequestEntry[],\n authHeader?: string,\n ): Promise<ApplyConditionsResponseEntry[]> {\n const endpoint = `${await this.discovery.getBaseUrl(\n pluginId,\n )}/.well-known/backstage/permissions/apply-conditions`;\n\n const response = await fetch(endpoint, {\n method: 'POST',\n body: JSON.stringify({\n items: decisions.map(\n ({ id, resourceRef, resourceType, conditions }) => ({\n id,\n resourceRef,\n resourceType,\n conditions,\n }),\n ),\n }),\n headers: {\n ...(authHeader ? { authorization: authHeader } : {}),\n 'content-type': 'application/json',\n },\n });\n\n if (!response.ok) {\n throw new Error(\n `Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`,\n );\n }\n\n const result = responseSchema.parse(await response.json());\n\n return result.items;\n }\n}\n","/\n * Copyright 2021 The Backstage Authors\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n /\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { Logger } from 'winston';\nimport {\n errorHandler,\n PluginEndpointDiscovery,\n} from '@backstage/backend-common';\nimport { InputError } from '@backstage/errors';\nimport {\n getBearerTokenFromAuthorizationHeader,\n BackstageIdentityResponse,\n IdentityClient,\n} from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n AuthorizeDecision,\n AuthorizeQuery,\n Identified,\n AuthorizeRequest,\n AuthorizeResponse,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n PermissionPolicy,\n} from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\nimport { memoize } from 'lodash';\nimport DataLoader from 'dataloader';\nimport { Config } from '@backstage/config';\n\nconst querySchema: z.ZodSchema<Identified<AuthorizeQuery>> = z.object({\n id: z.string(),\n resourceRef: z.string().optional(),\n permission: z.object({\n name: z.string(),\n resourceType: z.string().optional(),\n attributes: z.object({\n action: z\n .union([\n z.literal('create'),\n z.literal('read'),\n z.literal('update'),\n z.literal('delete'),\n ])\n .optional(),\n }),\n }),\n});\n\nconst requestSchema: z.ZodSchema<AuthorizeRequest> = z.object({\n items: z.array(querySchema),\n});\n\n/\n Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n \n @public\n /\nexport interface RouterOptions {\n logger: Logger;\n discovery: PluginEndpointDiscovery;\n policy: PermissionPolicy;\n identity: IdentityClient;\n config: Config;\n}\n\nconst handleRequest = async (\n requests: Identified<AuthorizeQuery>[],\n user: BackstageIdentityResponse \| undefined,\n policy: PermissionPolicy,\n permissionIntegrationClient: PermissionIntegrationClient,\n authHeader?: string,\n): Promise<Identified<AuthorizeDecision>[]> => {\n const applyConditionsLoaderFor = memoize((pluginId: string) => {\n return new DataLoader<\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry\n >(batch =>\n permissionIntegrationClient.applyConditions(pluginId, batch, authHeader),\n );\n });\n\n return Promise.all(\n requests.map(({ id, resourceRef, ...request }) =>\n policy.handle(request, user).then(decision => {\n if (decision.result !== AuthorizeResult.CONDITIONAL) {\n return {\n id,\n ...decision,\n };\n }\n\n if (decision.resourceType !== request.permission.resourceType) {\n throw new Error(\n `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n );\n }\n\n if (!resourceRef) {\n return {\n id,\n ...decision,\n };\n }\n\n return applyConditionsLoaderFor(decision.pluginId).load({\n id,\n resourceRef,\n ...decision,\n });\n }),\n ),\n );\n};\n\n/\n Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n \n @public\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { policy, discovery, identity, config, logger } = options;\n\n if (!config.getOptionalBoolean('permission.enabled')) {\n logger.warn(\n 'Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.',\n );\n }\n\n const permissionIntegrationClient = new PermissionIntegrationClient({\n discovery,\n });\n\n const router = Router();\n router.use(express.json());\n\n router.get('/health', (_, response) => {\n response.send({ status: 'ok' });\n });\n\n router.post(\n '/authorize',\n async (\n req: Request<AuthorizeRequest>,\n res: Response<AuthorizeResponse>,\n ) => {\n const token = getBearerTokenFromAuthorizationHeader(\n req.header('authorization'),\n );\n const user = token ? await identity.authenticate(token) : undefined;\n\n const parseResult = requestSchema.safeParse(req.body);\n\n if (!parseResult.success) {\n throw new InputError(parseResult.error.toString());\n }\n\n const body = parseResult.data;\n\n res.json({\n items: await handleRequest(\n body.items,\n user,\n policy,\n permissionIntegrationClient,\n req.header('authorization'),\n ),\n });\n },\n );\n\n router.use(errorHandler());\n\n return router;\n}\n"],"names":["z","AuthorizeResult","fetch","memoize","DataLoader","Router","express","getBearerTokenFromAuthorizationHeader","InputError","errorHandler"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AA0BA,MAAM,iBAAiBA,MAAE,OAAO;AAAA,EAC9B,OAAOA,MAAE,MACPA,MAAE,OAAO;AAAA,IACP,IAAIA,MAAE;AAAA,IACN,QAAQA,MACL,QAAQC,uCAAgB,OACxB,GAAGD,MAAE,QAAQC,uCAAgB;AAAA;AAAA;kCASG;AAAA,EAGvC,YAAY,SAAiD;AAC3D,SAAK,YAAY,QAAQ;AAAA;AAAA,QAGrB,gBACJ,UACA,WACA,YACyC;AACzC,UAAM,WAAW,GAAG,MAAM,KAAK,UAAU,WACvC;AAGF,UAAM,WAAW,MAAMC,0BAAM,UAAU;AAAA,MACrC,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU;AAAA,QACnB,OAAO,UAAU,IACf,CAAC,EAAE,IAAI,aAAa,cAAc;AAAkB,UAClD;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA;AAAA;AAAA,MAIN,SAAS;AAAA,WACH,aAAa,EAAE,eAAe,eAAe;AAAA,QACjD,gBAAgB;AAAA;AAAA;AAIpB,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI,MACR,2FAA2F,SAAS,YAAY,SAAS;AAAA;AAI7H,UAAM,SAAS,eAAe,MAAM,MAAM,SAAS;AAEnD,WAAO,OAAO;AAAA;AAAA;;ACnClB,MAAM,cAAuDF,MAAE,OAAO;AAAA,EACpE,IAAIA,MAAE;AAAA,EACN,aAAaA,MAAE,SAAS;AAAA,EACxB,YAAYA,MAAE,OAAO;AAAA,IACnB,MAAMA,MAAE;AAAA,IACR,cAAcA,MAAE,SAAS;AAAA,IACzB,YAAYA,MAAE,OAAO;AAAA,MACnB,QAAQA,MACL,MAAM;AAAA,QACLA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,QACVA,MAAE,QAAQ;AAAA,SAEX;AAAA;AAAA;AAAA;AAKT,MAAM,gBAA+CA,MAAE,OAAO;AAAA,EAC5D,OAAOA,MAAE,MAAM;AAAA;AAiBjB,MAAM,gBAAgB,OACpB,UACA,MACA,QACA,6BACA,eAC6C;AAC7C,QAAM,2BAA2BG,eAAQ,CAAC,aAAqB;AAC7D,WAAO,IAAIC,+BAGT,WACA,4BAA4B,gBAAgB,UAAU,OAAO;AAAA;AAIjE,SAAO,QAAQ,IACb,SAAS,IAAI,CAAC,EAAE,IAAI,gBAAgB,cAClC,OAAO,OAAO,SAAS,MAAM,KAAK,cAAY;AAC5C,QAAI,SAAS,WAAWH,uCAAgB,aAAa;AACnD,aAAO;AAAA,QACL;AAAA,WACG;AAAA;AAAA;AAIP,QAAI,SAAS,iBAAiB,QAAQ,WAAW,cAAc;AAC7D,YAAM,IAAI,MACR,8EAA8E,QAAQ,WAAW;AAAA;AAIrG,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL;AAAA,WACG;AAAA;AAAA;AAIP,WAAO,yBAAyB,SAAS,UAAU,KAAK;AAAA,MACtD;AAAA,MACA;AAAA,SACG;AAAA;AAAA;AAAA;4BAcX,SACyB;AACzB,QAAM,EAAE,QAAQ,WAAW,UAAU,QAAQ,WAAW;AAExD,MAAI,CAAC,OAAO,mBAAmB,uBAAuB;AACpD,WAAO,KACL;AAAA;AAIJ,QAAM,8BAA8B,IAAI,4BAA4B;AAAA,IAClE;AAAA;AAGF,QAAM,SAASI;AACf,SAAO,IAAIC,4BAAQ;AAEnB,SAAO,IAAI,WAAW,CAAC,GAAG,aAAa;AACrC,aAAS,KAAK,EAAE,QAAQ;AAAA;AAG1B,SAAO,KACL,cACA,OACE,KACA,QACG;AACH,UAAM,QAAQC,qDACZ,IAAI,OAAO;AAEb,UAAM,OAAO,QAAQ,MAAM,SAAS,aAAa,SAAS;AAE1D,UAAM,cAAc,cAAc,UAAU,IAAI;AAEhD,QAAI,CAAC,YAAY,SAAS;AACxB,YAAM,IAAIC,kBAAW,YAAY,MAAM;AAAA;AAGzC,UAAM,OAAO,YAAY;AAEzB,QAAI,KAAK;AAAA,MACP,OAAO,MAAM,cACX,KAAK,OACL,MACA,QACA,6BACA,IAAI,OAAO;AAAA;AAAA;AAMnB,SAAO,IAAIC;AAEX,SAAO;AAAA;;;;"}

package/dist/index.d.ts CHANGED Viewed

@@ -1,8 +1,9 @@
 import express from 'express';
 import { Logger } from 'winston';
 import { PluginEndpointDiscovery } from '@backstage/backend-common';
-import { IdentityClient } from '@backstage/plugin-auth-backend';
+import { IdentityClient } from '@backstage/plugin-auth-node';
 import { PermissionPolicy } from '@backstage/plugin-permission-node';
+import { Config } from '@backstage/config';
 /**
  * Options required when constructing a new {@link express#Router} using
@@ -15,6 +16,7 @@ interface RouterOptions {
     discovery: PluginEndpointDiscovery;
     policy: PermissionPolicy;
     identity: IdentityClient;
+    config: Config;
 }
 /**
  * Creates a new {@link express#Router} which provides the backend API

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-permission-backend",
-  "version": "0.4.2",
+  "version": "0.5.1",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",
@@ -9,34 +9,37 @@
     "main": "dist/index.cjs.js",
     "types": "dist/index.d.ts"
   },
+  "backstage": {
+    "role": "backend-plugin"
+  },
   "scripts": {
-    "start": "backstage-cli backend:dev",
-    "build": "backstage-cli backend:build",
-    "lint": "backstage-cli lint",
-    "test": "backstage-cli test",
-    "prepack": "backstage-cli prepack",
-    "postpack": "backstage-cli postpack",
-    "clean": "backstage-cli clean"
+    "start": "backstage-cli package start",
+    "build": "backstage-cli package build",
+    "lint": "backstage-cli package lint",
+    "test": "backstage-cli package test",
+    "prepack": "backstage-cli package prepack",
+    "postpack": "backstage-cli package postpack",
+    "clean": "backstage-cli package clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.10.6",
-    "@backstage/config": "^0.1.13",
-    "@backstage/errors": "^0.2.0",
-    "@backstage/plugin-auth-backend": "^0.9.0",
-    "@backstage/plugin-permission-common": "^0.4.0",
-    "@backstage/plugin-permission-node": "^0.4.2",
+    "@backstage/backend-common": "^0.10.9",
+    "@backstage/config": "^0.1.15",
+    "@backstage/errors": "^0.2.2",
+    "@backstage/plugin-auth-node": "^0.1.2",
+    "@backstage/plugin-permission-common": "^0.5.1",
+    "@backstage/plugin-permission-node": "^0.5.1",
     "@types/express": "*",
     "dataloader": "^2.0.0",
     "express": "^4.17.1",
     "express-promise-router": "^4.1.0",
     "lodash": "^4.17.21",
-    "node-fetch": "^2.6.1",
+    "node-fetch": "^2.6.7",
     "winston": "^3.2.1",
     "yn": "^4.0.0",
     "zod": "^3.11.6"
   },
   "devDependencies": {
-    "@backstage/cli": "^0.13.1",
+    "@backstage/cli": "^0.14.0",
     "@types/lodash": "^4.14.151",
     "@types/supertest": "^2.0.8",
     "msw": "^0.35.0",
@@ -45,5 +48,5 @@
   "files": [
     "dist"
   ],
-  "gitHead": "f944a625c4a8ec7f6a6237502691da9209ce6b14"
+  "gitHead": "e244b348c473700e7d5e5fbcef38bd9f9fd1d0ba"
 }