@backstage/plugin-permission-backend 0.5.19-next.1 → 0.5.19-next.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/alpha/package.json +6 -0
- package/dist/alpha.cjs.js +81 -0
- package/dist/alpha.cjs.js.map +1 -0
- package/dist/alpha.d.ts +16 -0
- package/dist/cjs/router-458717b6.cjs.js +174 -0
- package/dist/cjs/router-458717b6.cjs.js.map +1 -0
- package/dist/index.cjs.js +11 -168
- package/dist/index.cjs.js.map +1 -1
- package/package.json +21 -6
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,19 @@
|
|
|
1
1
|
# @backstage/plugin-permission-backend
|
|
2
2
|
|
|
3
|
+
## 0.5.19-next.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 84946a580c4: Introduced alpha export of the `permissionPlugin` for use in the new backend system, along with a `permissionModuleAllowAllPolicy` that can be used to allow all requests.
|
|
8
|
+
- Updated dependencies
|
|
9
|
+
- @backstage/backend-common@0.18.4-next.2
|
|
10
|
+
- @backstage/plugin-permission-node@0.7.7-next.2
|
|
11
|
+
- @backstage/backend-plugin-api@0.5.1-next.2
|
|
12
|
+
- @backstage/config@1.0.7
|
|
13
|
+
- @backstage/errors@1.1.5
|
|
14
|
+
- @backstage/plugin-auth-node@0.2.13-next.2
|
|
15
|
+
- @backstage/plugin-permission-common@0.7.5-next.0
|
|
16
|
+
|
|
3
17
|
## 0.5.19-next.1
|
|
4
18
|
|
|
5
19
|
### Patch Changes
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
|
+
|
|
5
|
+
var backendCommon = require('@backstage/backend-common');
|
|
6
|
+
var backendPluginApi = require('@backstage/backend-plugin-api');
|
|
7
|
+
var pluginPermissionCommon = require('@backstage/plugin-permission-common');
|
|
8
|
+
var alpha = require('@backstage/plugin-permission-node/alpha');
|
|
9
|
+
var router = require('./cjs/router-458717b6.cjs.js');
|
|
10
|
+
require('zod');
|
|
11
|
+
require('express');
|
|
12
|
+
require('express-promise-router');
|
|
13
|
+
require('@backstage/errors');
|
|
14
|
+
require('node-fetch');
|
|
15
|
+
require('lodash');
|
|
16
|
+
require('dataloader');
|
|
17
|
+
|
|
18
|
+
class PolicyExtensionPointImpl {
|
|
19
|
+
setPolicy(policy) {
|
|
20
|
+
if (this.policy) {
|
|
21
|
+
throw new Error("Policy already set");
|
|
22
|
+
}
|
|
23
|
+
this.policy = policy;
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
const permissionModuleAllowAllPolicy = backendPluginApi.createBackendModule({
|
|
27
|
+
moduleId: "allowAllPolicy",
|
|
28
|
+
pluginId: "permission",
|
|
29
|
+
register(reg) {
|
|
30
|
+
class AllowAllPermissionPolicy {
|
|
31
|
+
async handle(_request, _user) {
|
|
32
|
+
return {
|
|
33
|
+
result: pluginPermissionCommon.AuthorizeResult.ALLOW
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
reg.registerInit({
|
|
38
|
+
deps: { policy: alpha.policyExtensionPoint },
|
|
39
|
+
async init({ policy }) {
|
|
40
|
+
policy.setPolicy(new AllowAllPermissionPolicy());
|
|
41
|
+
}
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
});
|
|
45
|
+
const permissionPlugin = backendPluginApi.createBackendPlugin(() => ({
|
|
46
|
+
pluginId: "permission",
|
|
47
|
+
register(env) {
|
|
48
|
+
const policies = new PolicyExtensionPointImpl();
|
|
49
|
+
env.registerExtensionPoint(alpha.policyExtensionPoint, policies);
|
|
50
|
+
env.registerInit({
|
|
51
|
+
deps: {
|
|
52
|
+
http: backendPluginApi.coreServices.httpRouter,
|
|
53
|
+
config: backendPluginApi.coreServices.config,
|
|
54
|
+
logger: backendPluginApi.coreServices.logger,
|
|
55
|
+
discovery: backendPluginApi.coreServices.discovery,
|
|
56
|
+
identity: backendPluginApi.coreServices.identity
|
|
57
|
+
},
|
|
58
|
+
async init({ http, config, logger, discovery, identity }) {
|
|
59
|
+
const winstonLogger = backendCommon.loggerToWinstonLogger(logger);
|
|
60
|
+
if (!policies.policy) {
|
|
61
|
+
throw new Error(
|
|
62
|
+
"No policy module installed! Please install a policy module. If you want to allow all requests, use permissionModuleAllowAllPolicy"
|
|
63
|
+
);
|
|
64
|
+
}
|
|
65
|
+
http.use(
|
|
66
|
+
await router.createRouter({
|
|
67
|
+
config,
|
|
68
|
+
discovery,
|
|
69
|
+
identity,
|
|
70
|
+
logger: winstonLogger,
|
|
71
|
+
policy: policies.policy
|
|
72
|
+
})
|
|
73
|
+
);
|
|
74
|
+
}
|
|
75
|
+
});
|
|
76
|
+
}
|
|
77
|
+
}));
|
|
78
|
+
|
|
79
|
+
exports.permissionModuleAllowAllPolicy = permissionModuleAllowAllPolicy;
|
|
80
|
+
exports.permissionPlugin = permissionPlugin;
|
|
81
|
+
//# sourceMappingURL=alpha.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"alpha.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { loggerToWinstonLogger } from '@backstage/backend-common';\nimport {\n coreServices,\n createBackendModule,\n createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport { BackstageIdentityResponse } from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n PolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n PermissionPolicy,\n PolicyQuery,\n} from '@backstage/plugin-permission-node';\nimport {\n policyExtensionPoint,\n PolicyExtensionPoint,\n} from '@backstage/plugin-permission-node/alpha';\nimport { createRouter } from './service';\n\nclass PolicyExtensionPointImpl implements PolicyExtensionPoint {\n public policy: PermissionPolicy | undefined;\n\n setPolicy(policy: PermissionPolicy): void {\n if (this.policy) {\n throw new Error('Policy already set');\n }\n this.policy = policy;\n }\n}\n\n/**\n * A permission policy module that allows all requests.\n *\n * @alpha\n */\nexport const permissionModuleAllowAllPolicy = createBackendModule({\n moduleId: 'allowAllPolicy',\n pluginId: 'permission',\n register(reg) {\n class AllowAllPermissionPolicy implements PermissionPolicy {\n async handle(\n _request: PolicyQuery,\n _user?: BackstageIdentityResponse,\n ): Promise<PolicyDecision> {\n return {\n result: AuthorizeResult.ALLOW,\n };\n }\n }\n\n reg.registerInit({\n deps: { policy: policyExtensionPoint },\n async init({ policy }) {\n policy.setPolicy(new AllowAllPermissionPolicy());\n },\n });\n },\n});\n\n/**\n * Permission plugin\n *\n * @alpha\n */\nexport const permissionPlugin = createBackendPlugin(() => ({\n pluginId: 'permission',\n register(env) {\n const policies = new PolicyExtensionPointImpl();\n\n env.registerExtensionPoint(policyExtensionPoint, policies);\n\n env.registerInit({\n deps: {\n http: coreServices.httpRouter,\n config: coreServices.config,\n logger: coreServices.logger,\n discovery: coreServices.discovery,\n identity: coreServices.identity,\n },\n async init({ http, config, logger, discovery, identity }) {\n const winstonLogger = loggerToWinstonLogger(logger);\n if (!policies.policy) {\n throw new Error(\n 'No policy module installed! Please install a policy module. If you want to allow all requests, use permissionModuleAllowAllPolicy',\n );\n }\n\n http.use(\n await createRouter({\n config,\n discovery,\n identity,\n logger: winstonLogger,\n policy: policies.policy,\n }),\n );\n },\n });\n },\n}));\n"],"names":["createBackendModule","AuthorizeResult","policyExtensionPoint","createBackendPlugin","coreServices","loggerToWinstonLogger","createRouter"],"mappings":";;;;;;;;;;;;;;;;;AAqCA,MAAM,wBAAyD,CAAA;AAAA,EAG7D,UAAU,MAAgC,EAAA;AACxC,IAAA,IAAI,KAAK,MAAQ,EAAA;AACf,MAAM,MAAA,IAAI,MAAM,oBAAoB,CAAA,CAAA;AAAA,KACtC;AACA,IAAA,IAAA,CAAK,MAAS,GAAA,MAAA,CAAA;AAAA,GAChB;AACF,CAAA;AAOO,MAAM,iCAAiCA,oCAAoB,CAAA;AAAA,EAChE,QAAU,EAAA,gBAAA;AAAA,EACV,QAAU,EAAA,YAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,MAAM,wBAAqD,CAAA;AAAA,MACzD,MAAM,MACJ,CAAA,QAAA,EACA,KACyB,EAAA;AACzB,QAAO,OAAA;AAAA,UACL,QAAQC,sCAAgB,CAAA,KAAA;AAAA,SAC1B,CAAA;AAAA,OACF;AAAA,KACF;AAEA,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAA,EAAM,EAAE,MAAA,EAAQC,0BAAqB,EAAA;AAAA,MACrC,MAAM,IAAA,CAAK,EAAE,MAAA,EAAU,EAAA;AACrB,QAAO,MAAA,CAAA,SAAA,CAAU,IAAI,wBAAA,EAA0B,CAAA,CAAA;AAAA,OACjD;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC,EAAA;AAOY,MAAA,gBAAA,GAAmBC,qCAAoB,OAAO;AAAA,EACzD,QAAU,EAAA,YAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAM,MAAA,QAAA,GAAW,IAAI,wBAAyB,EAAA,CAAA;AAE9C,IAAI,GAAA,CAAA,sBAAA,CAAuBD,4BAAsB,QAAQ,CAAA,CAAA;AAEzD,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,MAAME,6BAAa,CAAA,UAAA;AAAA,QACnB,QAAQA,6BAAa,CAAA,MAAA;AAAA,QACrB,QAAQA,6BAAa,CAAA,MAAA;AAAA,QACrB,WAAWA,6BAAa,CAAA,SAAA;AAAA,QACxB,UAAUA,6BAAa,CAAA,QAAA;AAAA,OACzB;AAAA,MACA,MAAM,KAAK,EAAE,IAAA,EAAM,QAAQ,MAAQ,EAAA,SAAA,EAAW,UAAY,EAAA;AACxD,QAAM,MAAA,aAAA,GAAgBC,oCAAsB,MAAM,CAAA,CAAA;AAClD,QAAI,IAAA,CAAC,SAAS,MAAQ,EAAA;AACpB,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,mIAAA;AAAA,WACF,CAAA;AAAA,SACF;AAEA,QAAK,IAAA,CAAA,GAAA;AAAA,UACH,MAAMC,mBAAa,CAAA;AAAA,YACjB,MAAA;AAAA,YACA,SAAA;AAAA,YACA,QAAA;AAAA,YACA,MAAQ,EAAA,aAAA;AAAA,YACR,QAAQ,QAAS,CAAA,MAAA;AAAA,WAClB,CAAA;AAAA,SACH,CAAA;AAAA,OACF;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAE,CAAA;;;;;"}
|
package/dist/alpha.d.ts
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* A permission policy module that allows all requests.
|
|
5
|
+
*
|
|
6
|
+
* @alpha
|
|
7
|
+
*/
|
|
8
|
+
declare const permissionModuleAllowAllPolicy: () => _backstage_backend_plugin_api.BackendFeature;
|
|
9
|
+
/**
|
|
10
|
+
* Permission plugin
|
|
11
|
+
*
|
|
12
|
+
* @alpha
|
|
13
|
+
*/
|
|
14
|
+
declare const permissionPlugin: () => _backstage_backend_plugin_api.BackendFeature;
|
|
15
|
+
|
|
16
|
+
export { permissionModuleAllowAllPolicy, permissionPlugin };
|
|
@@ -0,0 +1,174 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var zod = require('zod');
|
|
4
|
+
var express = require('express');
|
|
5
|
+
var Router = require('express-promise-router');
|
|
6
|
+
var backendCommon = require('@backstage/backend-common');
|
|
7
|
+
var errors = require('@backstage/errors');
|
|
8
|
+
var pluginPermissionCommon = require('@backstage/plugin-permission-common');
|
|
9
|
+
var fetch = require('node-fetch');
|
|
10
|
+
var lodash = require('lodash');
|
|
11
|
+
var DataLoader = require('dataloader');
|
|
12
|
+
|
|
13
|
+
function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
|
|
14
|
+
|
|
15
|
+
var express__default = /*#__PURE__*/_interopDefaultLegacy(express);
|
|
16
|
+
var Router__default = /*#__PURE__*/_interopDefaultLegacy(Router);
|
|
17
|
+
var fetch__default = /*#__PURE__*/_interopDefaultLegacy(fetch);
|
|
18
|
+
var DataLoader__default = /*#__PURE__*/_interopDefaultLegacy(DataLoader);
|
|
19
|
+
|
|
20
|
+
const responseSchema = zod.z.object({
|
|
21
|
+
items: zod.z.array(
|
|
22
|
+
zod.z.object({
|
|
23
|
+
id: zod.z.string(),
|
|
24
|
+
result: zod.z.literal(pluginPermissionCommon.AuthorizeResult.ALLOW).or(zod.z.literal(pluginPermissionCommon.AuthorizeResult.DENY))
|
|
25
|
+
})
|
|
26
|
+
)
|
|
27
|
+
});
|
|
28
|
+
class PermissionIntegrationClient {
|
|
29
|
+
constructor(options) {
|
|
30
|
+
this.discovery = options.discovery;
|
|
31
|
+
}
|
|
32
|
+
async applyConditions(pluginId, decisions, authHeader) {
|
|
33
|
+
const endpoint = `${await this.discovery.getBaseUrl(
|
|
34
|
+
pluginId
|
|
35
|
+
)}/.well-known/backstage/permissions/apply-conditions`;
|
|
36
|
+
const response = await fetch__default["default"](endpoint, {
|
|
37
|
+
method: "POST",
|
|
38
|
+
body: JSON.stringify({
|
|
39
|
+
items: decisions.map(
|
|
40
|
+
({ id, resourceRef, resourceType, conditions }) => ({
|
|
41
|
+
id,
|
|
42
|
+
resourceRef,
|
|
43
|
+
resourceType,
|
|
44
|
+
conditions
|
|
45
|
+
})
|
|
46
|
+
)
|
|
47
|
+
}),
|
|
48
|
+
headers: {
|
|
49
|
+
...authHeader ? { authorization: authHeader } : {},
|
|
50
|
+
"content-type": "application/json"
|
|
51
|
+
}
|
|
52
|
+
});
|
|
53
|
+
if (!response.ok) {
|
|
54
|
+
throw new Error(
|
|
55
|
+
`Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`
|
|
56
|
+
);
|
|
57
|
+
}
|
|
58
|
+
const result = responseSchema.parse(await response.json());
|
|
59
|
+
return result.items;
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
const attributesSchema = zod.z.object({
|
|
64
|
+
action: zod.z.union([
|
|
65
|
+
zod.z.literal("create"),
|
|
66
|
+
zod.z.literal("read"),
|
|
67
|
+
zod.z.literal("update"),
|
|
68
|
+
zod.z.literal("delete")
|
|
69
|
+
]).optional()
|
|
70
|
+
});
|
|
71
|
+
const permissionSchema = zod.z.union([
|
|
72
|
+
zod.z.object({
|
|
73
|
+
type: zod.z.literal("basic"),
|
|
74
|
+
name: zod.z.string(),
|
|
75
|
+
attributes: attributesSchema
|
|
76
|
+
}),
|
|
77
|
+
zod.z.object({
|
|
78
|
+
type: zod.z.literal("resource"),
|
|
79
|
+
name: zod.z.string(),
|
|
80
|
+
attributes: attributesSchema,
|
|
81
|
+
resourceType: zod.z.string()
|
|
82
|
+
})
|
|
83
|
+
]);
|
|
84
|
+
const evaluatePermissionRequestSchema = zod.z.object({
|
|
85
|
+
id: zod.z.string(),
|
|
86
|
+
resourceRef: zod.z.string().optional(),
|
|
87
|
+
permission: permissionSchema
|
|
88
|
+
});
|
|
89
|
+
const evaluatePermissionRequestBatchSchema = zod.z.object({
|
|
90
|
+
items: zod.z.array(evaluatePermissionRequestSchema)
|
|
91
|
+
});
|
|
92
|
+
const handleRequest = async (requests, user, policy, permissionIntegrationClient, authHeader) => {
|
|
93
|
+
const applyConditionsLoaderFor = lodash.memoize((pluginId) => {
|
|
94
|
+
return new DataLoader__default["default"](
|
|
95
|
+
(batch) => permissionIntegrationClient.applyConditions(pluginId, batch, authHeader)
|
|
96
|
+
);
|
|
97
|
+
});
|
|
98
|
+
return Promise.all(
|
|
99
|
+
requests.map(
|
|
100
|
+
({ id, resourceRef, ...request }) => policy.handle(request, user).then((decision) => {
|
|
101
|
+
if (decision.result !== pluginPermissionCommon.AuthorizeResult.CONDITIONAL) {
|
|
102
|
+
return {
|
|
103
|
+
id,
|
|
104
|
+
...decision
|
|
105
|
+
};
|
|
106
|
+
}
|
|
107
|
+
if (!pluginPermissionCommon.isResourcePermission(request.permission)) {
|
|
108
|
+
throw new Error(
|
|
109
|
+
`Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`
|
|
110
|
+
);
|
|
111
|
+
}
|
|
112
|
+
if (decision.resourceType !== request.permission.resourceType) {
|
|
113
|
+
throw new Error(
|
|
114
|
+
`Invalid resource conditions returned from permission policy for permission ${request.permission.name}`
|
|
115
|
+
);
|
|
116
|
+
}
|
|
117
|
+
if (!resourceRef) {
|
|
118
|
+
return {
|
|
119
|
+
id,
|
|
120
|
+
...decision
|
|
121
|
+
};
|
|
122
|
+
}
|
|
123
|
+
return applyConditionsLoaderFor(decision.pluginId).load({
|
|
124
|
+
id,
|
|
125
|
+
resourceRef,
|
|
126
|
+
...decision
|
|
127
|
+
});
|
|
128
|
+
})
|
|
129
|
+
)
|
|
130
|
+
);
|
|
131
|
+
};
|
|
132
|
+
async function createRouter(options) {
|
|
133
|
+
const { policy, discovery, identity, config, logger } = options;
|
|
134
|
+
if (!config.getOptionalBoolean("permission.enabled")) {
|
|
135
|
+
logger.warn(
|
|
136
|
+
"Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true."
|
|
137
|
+
);
|
|
138
|
+
}
|
|
139
|
+
const permissionIntegrationClient = new PermissionIntegrationClient({
|
|
140
|
+
discovery
|
|
141
|
+
});
|
|
142
|
+
const router = Router__default["default"]();
|
|
143
|
+
router.use(express__default["default"].json());
|
|
144
|
+
router.get("/health", (_, response) => {
|
|
145
|
+
response.json({ status: "ok" });
|
|
146
|
+
});
|
|
147
|
+
router.post(
|
|
148
|
+
"/authorize",
|
|
149
|
+
async (req, res) => {
|
|
150
|
+
const user = await identity.getIdentity({ request: req });
|
|
151
|
+
const parseResult = evaluatePermissionRequestBatchSchema.safeParse(
|
|
152
|
+
req.body
|
|
153
|
+
);
|
|
154
|
+
if (!parseResult.success) {
|
|
155
|
+
throw new errors.InputError(parseResult.error.toString());
|
|
156
|
+
}
|
|
157
|
+
const body = parseResult.data;
|
|
158
|
+
res.json({
|
|
159
|
+
items: await handleRequest(
|
|
160
|
+
body.items,
|
|
161
|
+
user,
|
|
162
|
+
policy,
|
|
163
|
+
permissionIntegrationClient,
|
|
164
|
+
req.header("authorization")
|
|
165
|
+
)
|
|
166
|
+
});
|
|
167
|
+
}
|
|
168
|
+
);
|
|
169
|
+
router.use(backendCommon.errorHandler());
|
|
170
|
+
return router;
|
|
171
|
+
}
|
|
172
|
+
|
|
173
|
+
exports.createRouter = createRouter;
|
|
174
|
+
//# sourceMappingURL=router-458717b6.cjs.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"router-458717b6.cjs.js","sources":["../../src/service/PermissionIntegrationClient.ts","../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fetch from 'node-fetch';\nimport { z } from 'zod';\nimport { PluginEndpointDiscovery } from '@backstage/backend-common';\nimport {\n AuthorizeResult,\n ConditionalPolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n} from '@backstage/plugin-permission-node';\n\nconst responseSchema = z.object({\n items: z.array(\n z.object({\n id: z.string(),\n result: z\n .literal(AuthorizeResult.ALLOW)\n .or(z.literal(AuthorizeResult.DENY)),\n }),\n ),\n});\n\nexport type ResourcePolicyDecision = ConditionalPolicyDecision & {\n resourceRef: string;\n};\n\nexport class PermissionIntegrationClient {\n private readonly discovery: PluginEndpointDiscovery;\n\n constructor(options: { discovery: PluginEndpointDiscovery }) {\n this.discovery = options.discovery;\n }\n\n async applyConditions(\n pluginId: string,\n decisions: readonly ApplyConditionsRequestEntry[],\n authHeader?: string,\n ): Promise<ApplyConditionsResponseEntry[]> {\n const endpoint = `${await this.discovery.getBaseUrl(\n pluginId,\n )}/.well-known/backstage/permissions/apply-conditions`;\n\n const response = await fetch(endpoint, {\n method: 'POST',\n body: JSON.stringify({\n items: decisions.map(\n ({ id, resourceRef, resourceType, conditions }) => ({\n id,\n resourceRef,\n resourceType,\n conditions,\n }),\n ),\n }),\n headers: {\n ...(authHeader ? { authorization: authHeader } : {}),\n 'content-type': 'application/json',\n },\n });\n\n if (!response.ok) {\n throw new Error(\n `Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`,\n );\n }\n\n const result = responseSchema.parse(await response.json());\n\n return result.items;\n }\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { Logger } from 'winston';\nimport {\n errorHandler,\n PluginEndpointDiscovery,\n} from '@backstage/backend-common';\nimport { InputError } from '@backstage/errors';\nimport {\n BackstageIdentityResponse,\n IdentityApi,\n} from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n EvaluatePermissionResponse,\n EvaluatePermissionRequest,\n IdentifiedPermissionMessage,\n EvaluatePermissionRequestBatch,\n EvaluatePermissionResponseBatch,\n isResourcePermission,\n PermissionAttributes,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n PermissionPolicy,\n} from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\nimport { memoize } from 'lodash';\nimport DataLoader from 'dataloader';\nimport { Config } from '@backstage/config';\n\nconst attributesSchema: z.ZodSchema<PermissionAttributes> = z.object({\n action: z\n .union([\n z.literal('create'),\n z.literal('read'),\n z.literal('update'),\n z.literal('delete'),\n ])\n .optional(),\n});\n\nconst permissionSchema = z.union([\n z.object({\n type: z.literal('basic'),\n name: z.string(),\n attributes: attributesSchema,\n }),\n z.object({\n type: z.literal('resource'),\n name: z.string(),\n attributes: attributesSchema,\n resourceType: z.string(),\n }),\n]);\n\nconst evaluatePermissionRequestSchema: z.ZodSchema<\n IdentifiedPermissionMessage<EvaluatePermissionRequest>\n> = z.object({\n id: z.string(),\n resourceRef: z.string().optional(),\n permission: permissionSchema,\n});\n\nconst evaluatePermissionRequestBatchSchema: z.ZodSchema<EvaluatePermissionRequestBatch> =\n z.object({\n items: z.array(evaluatePermissionRequestSchema),\n });\n\n/**\n * Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n *\n * @public\n */\nexport interface RouterOptions {\n logger: Logger;\n discovery: PluginEndpointDiscovery;\n policy: PermissionPolicy;\n identity: IdentityApi;\n config: Config;\n}\n\nconst handleRequest = async (\n requests: IdentifiedPermissionMessage<EvaluatePermissionRequest>[],\n user: BackstageIdentityResponse | undefined,\n policy: PermissionPolicy,\n permissionIntegrationClient: PermissionIntegrationClient,\n authHeader?: string,\n): Promise<IdentifiedPermissionMessage<EvaluatePermissionResponse>[]> => {\n const applyConditionsLoaderFor = memoize((pluginId: string) => {\n return new DataLoader<\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry\n >(batch =>\n permissionIntegrationClient.applyConditions(pluginId, batch, authHeader),\n );\n });\n\n return Promise.all(\n requests.map(({ id, resourceRef, ...request }) =>\n policy.handle(request, user).then(decision => {\n if (decision.result !== AuthorizeResult.CONDITIONAL) {\n return {\n id,\n ...decision,\n };\n }\n\n if (!isResourcePermission(request.permission)) {\n throw new Error(\n `Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`,\n );\n }\n\n if (decision.resourceType !== request.permission.resourceType) {\n throw new Error(\n `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n );\n }\n\n if (!resourceRef) {\n return {\n id,\n ...decision,\n };\n }\n\n return applyConditionsLoaderFor(decision.pluginId).load({\n id,\n resourceRef,\n ...decision,\n });\n }),\n ),\n );\n};\n\n/**\n * Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n *\n * @public\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { policy, discovery, identity, config, logger } = options;\n\n if (!config.getOptionalBoolean('permission.enabled')) {\n logger.warn(\n 'Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.',\n );\n }\n\n const permissionIntegrationClient = new PermissionIntegrationClient({\n discovery,\n });\n\n const router = Router();\n router.use(express.json());\n\n router.get('/health', (_, response) => {\n response.json({ status: 'ok' });\n });\n\n router.post(\n '/authorize',\n async (\n req: Request<EvaluatePermissionRequestBatch>,\n res: Response<EvaluatePermissionResponseBatch>,\n ) => {\n const user = await identity.getIdentity({ request: req });\n\n const parseResult = evaluatePermissionRequestBatchSchema.safeParse(\n req.body,\n );\n\n if (!parseResult.success) {\n throw new InputError(parseResult.error.toString());\n }\n\n const body = parseResult.data;\n\n res.json({\n items: await handleRequest(\n body.items,\n user,\n policy,\n permissionIntegrationClient,\n req.header('authorization'),\n ),\n });\n },\n );\n\n router.use(errorHandler());\n\n return router;\n}\n"],"names":["z","AuthorizeResult","fetch","memoize","DataLoader","isResourcePermission","Router","express","InputError","errorHandler"],"mappings":";;;;;;;;;;;;;;;;;;;AA4BA,MAAM,cAAA,GAAiBA,MAAE,MAAO,CAAA;AAAA,EAC9B,OAAOA,KAAE,CAAA,KAAA;AAAA,IACPA,MAAE,MAAO,CAAA;AAAA,MACP,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,MACb,MAAA,EAAQA,KACL,CAAA,OAAA,CAAQC,sCAAgB,CAAA,KAAK,CAC7B,CAAA,EAAA,CAAGD,KAAE,CAAA,OAAA,CAAQC,sCAAgB,CAAA,IAAI,CAAC,CAAA;AAAA,KACtC,CAAA;AAAA,GACH;AACF,CAAC,CAAA,CAAA;AAMM,MAAM,2BAA4B,CAAA;AAAA,EAGvC,YAAY,OAAiD,EAAA;AAC3D,IAAA,IAAA,CAAK,YAAY,OAAQ,CAAA,SAAA,CAAA;AAAA,GAC3B;AAAA,EAEA,MAAM,eAAA,CACJ,QACA,EAAA,SAAA,EACA,UACyC,EAAA;AACzC,IAAA,MAAM,QAAW,GAAA,CAAA,EAAG,MAAM,IAAA,CAAK,SAAU,CAAA,UAAA;AAAA,MACvC,QAAA;AAAA,KACF,CAAA,mDAAA,CAAA,CAAA;AAEA,IAAM,MAAA,QAAA,GAAW,MAAMC,yBAAA,CAAM,QAAU,EAAA;AAAA,MACrC,MAAQ,EAAA,MAAA;AAAA,MACR,IAAA,EAAM,KAAK,SAAU,CAAA;AAAA,QACnB,OAAO,SAAU,CAAA,GAAA;AAAA,UACf,CAAC,EAAE,EAAA,EAAI,WAAa,EAAA,YAAA,EAAc,YAAkB,MAAA;AAAA,YAClD,EAAA;AAAA,YACA,WAAA;AAAA,YACA,YAAA;AAAA,YACA,UAAA;AAAA,WACF,CAAA;AAAA,SACF;AAAA,OACD,CAAA;AAAA,MACD,OAAS,EAAA;AAAA,QACP,GAAI,UAAa,GAAA,EAAE,aAAe,EAAA,UAAA,KAAe,EAAC;AAAA,QAClD,cAAgB,EAAA,kBAAA;AAAA,OAClB;AAAA,KACD,CAAA,CAAA;AAED,IAAI,IAAA,CAAC,SAAS,EAAI,EAAA;AAChB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,wFAAA,EAA2F,QAAS,CAAA,MAAA,CAAA,GAAA,EAAY,QAAS,CAAA,UAAA,CAAA,CAAA;AAAA,OAC3H,CAAA;AAAA,KACF;AAEA,IAAA,MAAM,SAAS,cAAe,CAAA,KAAA,CAAM,MAAM,QAAA,CAAS,MAAM,CAAA,CAAA;AAEzD,IAAA,OAAO,MAAO,CAAA,KAAA,CAAA;AAAA,GAChB;AACF;;ACtCA,MAAM,gBAAA,GAAsDF,MAAE,MAAO,CAAA;AAAA,EACnE,MAAA,EAAQA,MACL,KAAM,CAAA;AAAA,IACLA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,IAClBA,KAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,IAClBA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,GACnB,EACA,QAAS,EAAA;AACd,CAAC,CAAA,CAAA;AAED,MAAM,gBAAA,GAAmBA,MAAE,KAAM,CAAA;AAAA,EAC/BA,MAAE,MAAO,CAAA;AAAA,IACP,IAAA,EAAMA,KAAE,CAAA,OAAA,CAAQ,OAAO,CAAA;AAAA,IACvB,IAAA,EAAMA,MAAE,MAAO,EAAA;AAAA,IACf,UAAY,EAAA,gBAAA;AAAA,GACb,CAAA;AAAA,EACDA,MAAE,MAAO,CAAA;AAAA,IACP,IAAA,EAAMA,KAAE,CAAA,OAAA,CAAQ,UAAU,CAAA;AAAA,IAC1B,IAAA,EAAMA,MAAE,MAAO,EAAA;AAAA,IACf,UAAY,EAAA,gBAAA;AAAA,IACZ,YAAA,EAAcA,MAAE,MAAO,EAAA;AAAA,GACxB,CAAA;AACH,CAAC,CAAA,CAAA;AAED,MAAM,+BAAA,GAEFA,MAAE,MAAO,CAAA;AAAA,EACX,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,EACb,WAAa,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,EACjC,UAAY,EAAA,gBAAA;AACd,CAAC,CAAA,CAAA;AAED,MAAM,oCAAA,GACJA,MAAE,MAAO,CAAA;AAAA,EACP,KAAA,EAAOA,KAAE,CAAA,KAAA,CAAM,+BAA+B,CAAA;AAChD,CAAC,CAAA,CAAA;AAgBH,MAAM,gBAAgB,OACpB,QAAA,EACA,IACA,EAAA,MAAA,EACA,6BACA,UACuE,KAAA;AACvE,EAAM,MAAA,wBAAA,GAA2BG,cAAQ,CAAA,CAAC,QAAqB,KAAA;AAC7D,IAAA,OAAO,IAAIC,8BAAA;AAAA,MAGT,CACA,KAAA,KAAA,2BAAA,CAA4B,eAAgB,CAAA,QAAA,EAAU,OAAO,UAAU,CAAA;AAAA,KACzE,CAAA;AAAA,GACD,CAAA,CAAA;AAED,EAAA,OAAO,OAAQ,CAAA,GAAA;AAAA,IACb,QAAS,CAAA,GAAA;AAAA,MAAI,CAAC,EAAE,EAAI,EAAA,WAAA,EAAa,GAAG,OAAA,EAClC,KAAA,MAAA,CAAO,MAAO,CAAA,OAAA,EAAS,IAAI,CAAA,CAAE,KAAK,CAAY,QAAA,KAAA;AAC5C,QAAI,IAAA,QAAA,CAAS,MAAW,KAAAH,sCAAA,CAAgB,WAAa,EAAA;AACnD,UAAO,OAAA;AAAA,YACL,EAAA;AAAA,YACA,GAAG,QAAA;AAAA,WACL,CAAA;AAAA,SACF;AAEA,QAAA,IAAI,CAACI,2CAAA,CAAqB,OAAQ,CAAA,UAAU,CAAG,EAAA;AAC7C,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,iFAAA,EAAoF,QAAQ,UAAW,CAAA,IAAA,CAAA,CAAA;AAAA,WACzG,CAAA;AAAA,SACF;AAEA,QAAA,IAAI,QAAS,CAAA,YAAA,KAAiB,OAAQ,CAAA,UAAA,CAAW,YAAc,EAAA;AAC7D,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,2EAAA,EAA8E,QAAQ,UAAW,CAAA,IAAA,CAAA,CAAA;AAAA,WACnG,CAAA;AAAA,SACF;AAEA,QAAA,IAAI,CAAC,WAAa,EAAA;AAChB,UAAO,OAAA;AAAA,YACL,EAAA;AAAA,YACA,GAAG,QAAA;AAAA,WACL,CAAA;AAAA,SACF;AAEA,QAAA,OAAO,wBAAyB,CAAA,QAAA,CAAS,QAAQ,CAAA,CAAE,IAAK,CAAA;AAAA,UACtD,EAAA;AAAA,UACA,WAAA;AAAA,UACA,GAAG,QAAA;AAAA,SACJ,CAAA,CAAA;AAAA,OACF,CAAA;AAAA,KACH;AAAA,GACF,CAAA;AACF,CAAA,CAAA;AAQA,eAAsB,aACpB,OACyB,EAAA;AACzB,EAAA,MAAM,EAAE,MAAQ,EAAA,SAAA,EAAW,QAAU,EAAA,MAAA,EAAQ,QAAW,GAAA,OAAA,CAAA;AAExD,EAAA,IAAI,CAAC,MAAA,CAAO,kBAAmB,CAAA,oBAAoB,CAAG,EAAA;AACpD,IAAO,MAAA,CAAA,IAAA;AAAA,MACL,8GAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAM,MAAA,2BAAA,GAA8B,IAAI,2BAA4B,CAAA;AAAA,IAClE,SAAA;AAAA,GACD,CAAA,CAAA;AAED,EAAA,MAAM,SAASC,0BAAO,EAAA,CAAA;AACtB,EAAO,MAAA,CAAA,GAAA,CAAIC,2BAAQ,CAAA,IAAA,EAAM,CAAA,CAAA;AAEzB,EAAA,MAAA,CAAO,GAAI,CAAA,SAAA,EAAW,CAAC,CAAA,EAAG,QAAa,KAAA;AACrC,IAAA,QAAA,CAAS,IAAK,CAAA,EAAE,MAAQ,EAAA,IAAA,EAAM,CAAA,CAAA;AAAA,GAC/B,CAAA,CAAA;AAED,EAAO,MAAA,CAAA,IAAA;AAAA,IACL,YAAA;AAAA,IACA,OACE,KACA,GACG,KAAA;AACH,MAAA,MAAM,OAAO,MAAM,QAAA,CAAS,YAAY,EAAE,OAAA,EAAS,KAAK,CAAA,CAAA;AAExD,MAAA,MAAM,cAAc,oCAAqC,CAAA,SAAA;AAAA,QACvD,GAAI,CAAA,IAAA;AAAA,OACN,CAAA;AAEA,MAAI,IAAA,CAAC,YAAY,OAAS,EAAA;AACxB,QAAA,MAAM,IAAIC,iBAAA,CAAW,WAAY,CAAA,KAAA,CAAM,UAAU,CAAA,CAAA;AAAA,OACnD;AAEA,MAAA,MAAM,OAAO,WAAY,CAAA,IAAA,CAAA;AAEzB,MAAA,GAAA,CAAI,IAAK,CAAA;AAAA,QACP,OAAO,MAAM,aAAA;AAAA,UACX,IAAK,CAAA,KAAA;AAAA,UACL,IAAA;AAAA,UACA,MAAA;AAAA,UACA,2BAAA;AAAA,UACA,GAAA,CAAI,OAAO,eAAe,CAAA;AAAA,SAC5B;AAAA,OACD,CAAA,CAAA;AAAA,KACH;AAAA,GACF,CAAA;AAEA,EAAO,MAAA,CAAA,GAAA,CAAIC,4BAAc,CAAA,CAAA;AAEzB,EAAO,OAAA,MAAA,CAAA;AACT;;;;"}
|
package/dist/index.cjs.js
CHANGED
|
@@ -2,175 +2,18 @@
|
|
|
2
2
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
|
-
var
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
5
|
+
var router = require('./cjs/router-458717b6.cjs.js');
|
|
6
|
+
require('zod');
|
|
7
|
+
require('express');
|
|
8
|
+
require('express-promise-router');
|
|
9
|
+
require('@backstage/backend-common');
|
|
10
|
+
require('@backstage/errors');
|
|
11
|
+
require('@backstage/plugin-permission-common');
|
|
12
|
+
require('node-fetch');
|
|
13
|
+
require('lodash');
|
|
14
|
+
require('dataloader');
|
|
14
15
|
|
|
15
|
-
function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
|
|
16
16
|
|
|
17
|
-
var express__default = /*#__PURE__*/_interopDefaultLegacy(express);
|
|
18
|
-
var Router__default = /*#__PURE__*/_interopDefaultLegacy(Router);
|
|
19
|
-
var fetch__default = /*#__PURE__*/_interopDefaultLegacy(fetch);
|
|
20
|
-
var DataLoader__default = /*#__PURE__*/_interopDefaultLegacy(DataLoader);
|
|
21
17
|
|
|
22
|
-
|
|
23
|
-
items: zod.z.array(
|
|
24
|
-
zod.z.object({
|
|
25
|
-
id: zod.z.string(),
|
|
26
|
-
result: zod.z.literal(pluginPermissionCommon.AuthorizeResult.ALLOW).or(zod.z.literal(pluginPermissionCommon.AuthorizeResult.DENY))
|
|
27
|
-
})
|
|
28
|
-
)
|
|
29
|
-
});
|
|
30
|
-
class PermissionIntegrationClient {
|
|
31
|
-
constructor(options) {
|
|
32
|
-
this.discovery = options.discovery;
|
|
33
|
-
}
|
|
34
|
-
async applyConditions(pluginId, decisions, authHeader) {
|
|
35
|
-
const endpoint = `${await this.discovery.getBaseUrl(
|
|
36
|
-
pluginId
|
|
37
|
-
)}/.well-known/backstage/permissions/apply-conditions`;
|
|
38
|
-
const response = await fetch__default["default"](endpoint, {
|
|
39
|
-
method: "POST",
|
|
40
|
-
body: JSON.stringify({
|
|
41
|
-
items: decisions.map(
|
|
42
|
-
({ id, resourceRef, resourceType, conditions }) => ({
|
|
43
|
-
id,
|
|
44
|
-
resourceRef,
|
|
45
|
-
resourceType,
|
|
46
|
-
conditions
|
|
47
|
-
})
|
|
48
|
-
)
|
|
49
|
-
}),
|
|
50
|
-
headers: {
|
|
51
|
-
...authHeader ? { authorization: authHeader } : {},
|
|
52
|
-
"content-type": "application/json"
|
|
53
|
-
}
|
|
54
|
-
});
|
|
55
|
-
if (!response.ok) {
|
|
56
|
-
throw new Error(
|
|
57
|
-
`Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`
|
|
58
|
-
);
|
|
59
|
-
}
|
|
60
|
-
const result = responseSchema.parse(await response.json());
|
|
61
|
-
return result.items;
|
|
62
|
-
}
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
const attributesSchema = zod.z.object({
|
|
66
|
-
action: zod.z.union([
|
|
67
|
-
zod.z.literal("create"),
|
|
68
|
-
zod.z.literal("read"),
|
|
69
|
-
zod.z.literal("update"),
|
|
70
|
-
zod.z.literal("delete")
|
|
71
|
-
]).optional()
|
|
72
|
-
});
|
|
73
|
-
const permissionSchema = zod.z.union([
|
|
74
|
-
zod.z.object({
|
|
75
|
-
type: zod.z.literal("basic"),
|
|
76
|
-
name: zod.z.string(),
|
|
77
|
-
attributes: attributesSchema
|
|
78
|
-
}),
|
|
79
|
-
zod.z.object({
|
|
80
|
-
type: zod.z.literal("resource"),
|
|
81
|
-
name: zod.z.string(),
|
|
82
|
-
attributes: attributesSchema,
|
|
83
|
-
resourceType: zod.z.string()
|
|
84
|
-
})
|
|
85
|
-
]);
|
|
86
|
-
const evaluatePermissionRequestSchema = zod.z.object({
|
|
87
|
-
id: zod.z.string(),
|
|
88
|
-
resourceRef: zod.z.string().optional(),
|
|
89
|
-
permission: permissionSchema
|
|
90
|
-
});
|
|
91
|
-
const evaluatePermissionRequestBatchSchema = zod.z.object({
|
|
92
|
-
items: zod.z.array(evaluatePermissionRequestSchema)
|
|
93
|
-
});
|
|
94
|
-
const handleRequest = async (requests, user, policy, permissionIntegrationClient, authHeader) => {
|
|
95
|
-
const applyConditionsLoaderFor = lodash.memoize((pluginId) => {
|
|
96
|
-
return new DataLoader__default["default"](
|
|
97
|
-
(batch) => permissionIntegrationClient.applyConditions(pluginId, batch, authHeader)
|
|
98
|
-
);
|
|
99
|
-
});
|
|
100
|
-
return Promise.all(
|
|
101
|
-
requests.map(
|
|
102
|
-
({ id, resourceRef, ...request }) => policy.handle(request, user).then((decision) => {
|
|
103
|
-
if (decision.result !== pluginPermissionCommon.AuthorizeResult.CONDITIONAL) {
|
|
104
|
-
return {
|
|
105
|
-
id,
|
|
106
|
-
...decision
|
|
107
|
-
};
|
|
108
|
-
}
|
|
109
|
-
if (!pluginPermissionCommon.isResourcePermission(request.permission)) {
|
|
110
|
-
throw new Error(
|
|
111
|
-
`Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`
|
|
112
|
-
);
|
|
113
|
-
}
|
|
114
|
-
if (decision.resourceType !== request.permission.resourceType) {
|
|
115
|
-
throw new Error(
|
|
116
|
-
`Invalid resource conditions returned from permission policy for permission ${request.permission.name}`
|
|
117
|
-
);
|
|
118
|
-
}
|
|
119
|
-
if (!resourceRef) {
|
|
120
|
-
return {
|
|
121
|
-
id,
|
|
122
|
-
...decision
|
|
123
|
-
};
|
|
124
|
-
}
|
|
125
|
-
return applyConditionsLoaderFor(decision.pluginId).load({
|
|
126
|
-
id,
|
|
127
|
-
resourceRef,
|
|
128
|
-
...decision
|
|
129
|
-
});
|
|
130
|
-
})
|
|
131
|
-
)
|
|
132
|
-
);
|
|
133
|
-
};
|
|
134
|
-
async function createRouter(options) {
|
|
135
|
-
const { policy, discovery, identity, config, logger } = options;
|
|
136
|
-
if (!config.getOptionalBoolean("permission.enabled")) {
|
|
137
|
-
logger.warn(
|
|
138
|
-
"Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true."
|
|
139
|
-
);
|
|
140
|
-
}
|
|
141
|
-
const permissionIntegrationClient = new PermissionIntegrationClient({
|
|
142
|
-
discovery
|
|
143
|
-
});
|
|
144
|
-
const router = Router__default["default"]();
|
|
145
|
-
router.use(express__default["default"].json());
|
|
146
|
-
router.get("/health", (_, response) => {
|
|
147
|
-
response.json({ status: "ok" });
|
|
148
|
-
});
|
|
149
|
-
router.post(
|
|
150
|
-
"/authorize",
|
|
151
|
-
async (req, res) => {
|
|
152
|
-
const user = await identity.getIdentity({ request: req });
|
|
153
|
-
const parseResult = evaluatePermissionRequestBatchSchema.safeParse(
|
|
154
|
-
req.body
|
|
155
|
-
);
|
|
156
|
-
if (!parseResult.success) {
|
|
157
|
-
throw new errors.InputError(parseResult.error.toString());
|
|
158
|
-
}
|
|
159
|
-
const body = parseResult.data;
|
|
160
|
-
res.json({
|
|
161
|
-
items: await handleRequest(
|
|
162
|
-
body.items,
|
|
163
|
-
user,
|
|
164
|
-
policy,
|
|
165
|
-
permissionIntegrationClient,
|
|
166
|
-
req.header("authorization")
|
|
167
|
-
)
|
|
168
|
-
});
|
|
169
|
-
}
|
|
170
|
-
);
|
|
171
|
-
router.use(backendCommon.errorHandler());
|
|
172
|
-
return router;
|
|
173
|
-
}
|
|
174
|
-
|
|
175
|
-
exports.createRouter = createRouter;
|
|
18
|
+
exports.createRouter = router.createRouter;
|
|
176
19
|
//# sourceMappingURL=index.cjs.js.map
|
package/dist/index.cjs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.cjs.js","sources":["../src/service/PermissionIntegrationClient.ts","../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fetch from 'node-fetch';\nimport { z } from 'zod';\nimport { PluginEndpointDiscovery } from '@backstage/backend-common';\nimport {\n AuthorizeResult,\n ConditionalPolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n} from '@backstage/plugin-permission-node';\n\nconst responseSchema = z.object({\n items: z.array(\n z.object({\n id: z.string(),\n result: z\n .literal(AuthorizeResult.ALLOW)\n .or(z.literal(AuthorizeResult.DENY)),\n }),\n ),\n});\n\nexport type ResourcePolicyDecision = ConditionalPolicyDecision & {\n resourceRef: string;\n};\n\nexport class PermissionIntegrationClient {\n private readonly discovery: PluginEndpointDiscovery;\n\n constructor(options: { discovery: PluginEndpointDiscovery }) {\n this.discovery = options.discovery;\n }\n\n async applyConditions(\n pluginId: string,\n decisions: readonly ApplyConditionsRequestEntry[],\n authHeader?: string,\n ): Promise<ApplyConditionsResponseEntry[]> {\n const endpoint = `${await this.discovery.getBaseUrl(\n pluginId,\n )}/.well-known/backstage/permissions/apply-conditions`;\n\n const response = await fetch(endpoint, {\n method: 'POST',\n body: JSON.stringify({\n items: decisions.map(\n ({ id, resourceRef, resourceType, conditions }) => ({\n id,\n resourceRef,\n resourceType,\n conditions,\n }),\n ),\n }),\n headers: {\n ...(authHeader ? { authorization: authHeader } : {}),\n 'content-type': 'application/json',\n },\n });\n\n if (!response.ok) {\n throw new Error(\n `Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`,\n );\n }\n\n const result = responseSchema.parse(await response.json());\n\n return result.items;\n }\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { Logger } from 'winston';\nimport {\n errorHandler,\n PluginEndpointDiscovery,\n} from '@backstage/backend-common';\nimport { InputError } from '@backstage/errors';\nimport {\n BackstageIdentityResponse,\n IdentityApi,\n} from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n EvaluatePermissionResponse,\n EvaluatePermissionRequest,\n IdentifiedPermissionMessage,\n EvaluatePermissionRequestBatch,\n EvaluatePermissionResponseBatch,\n isResourcePermission,\n PermissionAttributes,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n PermissionPolicy,\n} from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\nimport { memoize } from 'lodash';\nimport DataLoader from 'dataloader';\nimport { Config } from '@backstage/config';\n\nconst attributesSchema: z.ZodSchema<PermissionAttributes> = z.object({\n action: z\n .union([\n z.literal('create'),\n z.literal('read'),\n z.literal('update'),\n z.literal('delete'),\n ])\n .optional(),\n});\n\nconst permissionSchema = z.union([\n z.object({\n type: z.literal('basic'),\n name: z.string(),\n attributes: attributesSchema,\n }),\n z.object({\n type: z.literal('resource'),\n name: z.string(),\n attributes: attributesSchema,\n resourceType: z.string(),\n }),\n]);\n\nconst evaluatePermissionRequestSchema: z.ZodSchema<\n IdentifiedPermissionMessage<EvaluatePermissionRequest>\n> = z.object({\n id: z.string(),\n resourceRef: z.string().optional(),\n permission: permissionSchema,\n});\n\nconst evaluatePermissionRequestBatchSchema: z.ZodSchema<EvaluatePermissionRequestBatch> =\n z.object({\n items: z.array(evaluatePermissionRequestSchema),\n });\n\n/**\n * Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n *\n * @public\n */\nexport interface RouterOptions {\n logger: Logger;\n discovery: PluginEndpointDiscovery;\n policy: PermissionPolicy;\n identity: IdentityApi;\n config: Config;\n}\n\nconst handleRequest = async (\n requests: IdentifiedPermissionMessage<EvaluatePermissionRequest>[],\n user: BackstageIdentityResponse | undefined,\n policy: PermissionPolicy,\n permissionIntegrationClient: PermissionIntegrationClient,\n authHeader?: string,\n): Promise<IdentifiedPermissionMessage<EvaluatePermissionResponse>[]> => {\n const applyConditionsLoaderFor = memoize((pluginId: string) => {\n return new DataLoader<\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry\n >(batch =>\n permissionIntegrationClient.applyConditions(pluginId, batch, authHeader),\n );\n });\n\n return Promise.all(\n requests.map(({ id, resourceRef, ...request }) =>\n policy.handle(request, user).then(decision => {\n if (decision.result !== AuthorizeResult.CONDITIONAL) {\n return {\n id,\n ...decision,\n };\n }\n\n if (!isResourcePermission(request.permission)) {\n throw new Error(\n `Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`,\n );\n }\n\n if (decision.resourceType !== request.permission.resourceType) {\n throw new Error(\n `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n );\n }\n\n if (!resourceRef) {\n return {\n id,\n ...decision,\n };\n }\n\n return applyConditionsLoaderFor(decision.pluginId).load({\n id,\n resourceRef,\n ...decision,\n });\n }),\n ),\n );\n};\n\n/**\n * Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n *\n * @public\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { policy, discovery, identity, config, logger } = options;\n\n if (!config.getOptionalBoolean('permission.enabled')) {\n logger.warn(\n 'Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.',\n );\n }\n\n const permissionIntegrationClient = new PermissionIntegrationClient({\n discovery,\n });\n\n const router = Router();\n router.use(express.json());\n\n router.get('/health', (_, response) => {\n response.json({ status: 'ok' });\n });\n\n router.post(\n '/authorize',\n async (\n req: Request<EvaluatePermissionRequestBatch>,\n res: Response<EvaluatePermissionResponseBatch>,\n ) => {\n const user = await identity.getIdentity({ request: req });\n\n const parseResult = evaluatePermissionRequestBatchSchema.safeParse(\n req.body,\n );\n\n if (!parseResult.success) {\n throw new InputError(parseResult.error.toString());\n }\n\n const body = parseResult.data;\n\n res.json({\n items: await handleRequest(\n body.items,\n user,\n policy,\n permissionIntegrationClient,\n req.header('authorization'),\n ),\n });\n },\n );\n\n router.use(errorHandler());\n\n return router;\n}\n"],"names":["z","AuthorizeResult","fetch","memoize","DataLoader","isResourcePermission","Router","express","InputError","errorHandler"],"mappings":";;;;;;;;;;;;;;;;;;;;;AA4BA,MAAM,cAAA,GAAiBA,MAAE,MAAO,CAAA;AAAA,EAC9B,OAAOA,KAAE,CAAA,KAAA;AAAA,IACPA,MAAE,MAAO,CAAA;AAAA,MACP,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,MACb,MAAA,EAAQA,KACL,CAAA,OAAA,CAAQC,sCAAgB,CAAA,KAAK,CAC7B,CAAA,EAAA,CAAGD,KAAE,CAAA,OAAA,CAAQC,sCAAgB,CAAA,IAAI,CAAC,CAAA;AAAA,KACtC,CAAA;AAAA,GACH;AACF,CAAC,CAAA,CAAA;AAMM,MAAM,2BAA4B,CAAA;AAAA,EAGvC,YAAY,OAAiD,EAAA;AAC3D,IAAA,IAAA,CAAK,YAAY,OAAQ,CAAA,SAAA,CAAA;AAAA,GAC3B;AAAA,EAEA,MAAM,eAAA,CACJ,QACA,EAAA,SAAA,EACA,UACyC,EAAA;AACzC,IAAA,MAAM,QAAW,GAAA,CAAA,EAAG,MAAM,IAAA,CAAK,SAAU,CAAA,UAAA;AAAA,MACvC,QAAA;AAAA,KACF,CAAA,mDAAA,CAAA,CAAA;AAEA,IAAM,MAAA,QAAA,GAAW,MAAMC,yBAAA,CAAM,QAAU,EAAA;AAAA,MACrC,MAAQ,EAAA,MAAA;AAAA,MACR,IAAA,EAAM,KAAK,SAAU,CAAA;AAAA,QACnB,OAAO,SAAU,CAAA,GAAA;AAAA,UACf,CAAC,EAAE,EAAA,EAAI,WAAa,EAAA,YAAA,EAAc,YAAkB,MAAA;AAAA,YAClD,EAAA;AAAA,YACA,WAAA;AAAA,YACA,YAAA;AAAA,YACA,UAAA;AAAA,WACF,CAAA;AAAA,SACF;AAAA,OACD,CAAA;AAAA,MACD,OAAS,EAAA;AAAA,QACP,GAAI,UAAa,GAAA,EAAE,aAAe,EAAA,UAAA,KAAe,EAAC;AAAA,QAClD,cAAgB,EAAA,kBAAA;AAAA,OAClB;AAAA,KACD,CAAA,CAAA;AAED,IAAI,IAAA,CAAC,SAAS,EAAI,EAAA;AAChB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,wFAAA,EAA2F,QAAS,CAAA,MAAA,CAAA,GAAA,EAAY,QAAS,CAAA,UAAA,CAAA,CAAA;AAAA,OAC3H,CAAA;AAAA,KACF;AAEA,IAAA,MAAM,SAAS,cAAe,CAAA,KAAA,CAAM,MAAM,QAAA,CAAS,MAAM,CAAA,CAAA;AAEzD,IAAA,OAAO,MAAO,CAAA,KAAA,CAAA;AAAA,GAChB;AACF;;ACtCA,MAAM,gBAAA,GAAsDF,MAAE,MAAO,CAAA;AAAA,EACnE,MAAA,EAAQA,MACL,KAAM,CAAA;AAAA,IACLA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,IAClBA,KAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,IAClBA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,GACnB,EACA,QAAS,EAAA;AACd,CAAC,CAAA,CAAA;AAED,MAAM,gBAAA,GAAmBA,MAAE,KAAM,CAAA;AAAA,EAC/BA,MAAE,MAAO,CAAA;AAAA,IACP,IAAA,EAAMA,KAAE,CAAA,OAAA,CAAQ,OAAO,CAAA;AAAA,IACvB,IAAA,EAAMA,MAAE,MAAO,EAAA;AAAA,IACf,UAAY,EAAA,gBAAA;AAAA,GACb,CAAA;AAAA,EACDA,MAAE,MAAO,CAAA;AAAA,IACP,IAAA,EAAMA,KAAE,CAAA,OAAA,CAAQ,UAAU,CAAA;AAAA,IAC1B,IAAA,EAAMA,MAAE,MAAO,EAAA;AAAA,IACf,UAAY,EAAA,gBAAA;AAAA,IACZ,YAAA,EAAcA,MAAE,MAAO,EAAA;AAAA,GACxB,CAAA;AACH,CAAC,CAAA,CAAA;AAED,MAAM,+BAAA,GAEFA,MAAE,MAAO,CAAA;AAAA,EACX,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,EACb,WAAa,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,EACjC,UAAY,EAAA,gBAAA;AACd,CAAC,CAAA,CAAA;AAED,MAAM,oCAAA,GACJA,MAAE,MAAO,CAAA;AAAA,EACP,KAAA,EAAOA,KAAE,CAAA,KAAA,CAAM,+BAA+B,CAAA;AAChD,CAAC,CAAA,CAAA;AAgBH,MAAM,gBAAgB,OACpB,QAAA,EACA,IACA,EAAA,MAAA,EACA,6BACA,UACuE,KAAA;AACvE,EAAM,MAAA,wBAAA,GAA2BG,cAAQ,CAAA,CAAC,QAAqB,KAAA;AAC7D,IAAA,OAAO,IAAIC,8BAAA;AAAA,MAGT,CACA,KAAA,KAAA,2BAAA,CAA4B,eAAgB,CAAA,QAAA,EAAU,OAAO,UAAU,CAAA;AAAA,KACzE,CAAA;AAAA,GACD,CAAA,CAAA;AAED,EAAA,OAAO,OAAQ,CAAA,GAAA;AAAA,IACb,QAAS,CAAA,GAAA;AAAA,MAAI,CAAC,EAAE,EAAI,EAAA,WAAA,EAAa,GAAG,OAAA,EAClC,KAAA,MAAA,CAAO,MAAO,CAAA,OAAA,EAAS,IAAI,CAAA,CAAE,KAAK,CAAY,QAAA,KAAA;AAC5C,QAAI,IAAA,QAAA,CAAS,MAAW,KAAAH,sCAAA,CAAgB,WAAa,EAAA;AACnD,UAAO,OAAA;AAAA,YACL,EAAA;AAAA,YACA,GAAG,QAAA;AAAA,WACL,CAAA;AAAA,SACF;AAEA,QAAA,IAAI,CAACI,2CAAA,CAAqB,OAAQ,CAAA,UAAU,CAAG,EAAA;AAC7C,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,iFAAA,EAAoF,QAAQ,UAAW,CAAA,IAAA,CAAA,CAAA;AAAA,WACzG,CAAA;AAAA,SACF;AAEA,QAAA,IAAI,QAAS,CAAA,YAAA,KAAiB,OAAQ,CAAA,UAAA,CAAW,YAAc,EAAA;AAC7D,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,2EAAA,EAA8E,QAAQ,UAAW,CAAA,IAAA,CAAA,CAAA;AAAA,WACnG,CAAA;AAAA,SACF;AAEA,QAAA,IAAI,CAAC,WAAa,EAAA;AAChB,UAAO,OAAA;AAAA,YACL,EAAA;AAAA,YACA,GAAG,QAAA;AAAA,WACL,CAAA;AAAA,SACF;AAEA,QAAA,OAAO,wBAAyB,CAAA,QAAA,CAAS,QAAQ,CAAA,CAAE,IAAK,CAAA;AAAA,UACtD,EAAA;AAAA,UACA,WAAA;AAAA,UACA,GAAG,QAAA;AAAA,SACJ,CAAA,CAAA;AAAA,OACF,CAAA;AAAA,KACH;AAAA,GACF,CAAA;AACF,CAAA,CAAA;AAQA,eAAsB,aACpB,OACyB,EAAA;AACzB,EAAA,MAAM,EAAE,MAAQ,EAAA,SAAA,EAAW,QAAU,EAAA,MAAA,EAAQ,QAAW,GAAA,OAAA,CAAA;AAExD,EAAA,IAAI,CAAC,MAAA,CAAO,kBAAmB,CAAA,oBAAoB,CAAG,EAAA;AACpD,IAAO,MAAA,CAAA,IAAA;AAAA,MACL,8GAAA;AAAA,KACF,CAAA;AAAA,GACF;AAEA,EAAM,MAAA,2BAAA,GAA8B,IAAI,2BAA4B,CAAA;AAAA,IAClE,SAAA;AAAA,GACD,CAAA,CAAA;AAED,EAAA,MAAM,SAASC,0BAAO,EAAA,CAAA;AACtB,EAAO,MAAA,CAAA,GAAA,CAAIC,2BAAQ,CAAA,IAAA,EAAM,CAAA,CAAA;AAEzB,EAAA,MAAA,CAAO,GAAI,CAAA,SAAA,EAAW,CAAC,CAAA,EAAG,QAAa,KAAA;AACrC,IAAA,QAAA,CAAS,IAAK,CAAA,EAAE,MAAQ,EAAA,IAAA,EAAM,CAAA,CAAA;AAAA,GAC/B,CAAA,CAAA;AAED,EAAO,MAAA,CAAA,IAAA;AAAA,IACL,YAAA;AAAA,IACA,OACE,KACA,GACG,KAAA;AACH,MAAA,MAAM,OAAO,MAAM,QAAA,CAAS,YAAY,EAAE,OAAA,EAAS,KAAK,CAAA,CAAA;AAExD,MAAA,MAAM,cAAc,oCAAqC,CAAA,SAAA;AAAA,QACvD,GAAI,CAAA,IAAA;AAAA,OACN,CAAA;AAEA,MAAI,IAAA,CAAC,YAAY,OAAS,EAAA;AACxB,QAAA,MAAM,IAAIC,iBAAA,CAAW,WAAY,CAAA,KAAA,CAAM,UAAU,CAAA,CAAA;AAAA,OACnD;AAEA,MAAA,MAAM,OAAO,WAAY,CAAA,IAAA,CAAA;AAEzB,MAAA,GAAA,CAAI,IAAK,CAAA;AAAA,QACP,OAAO,MAAM,aAAA;AAAA,UACX,IAAK,CAAA,KAAA;AAAA,UACL,IAAA;AAAA,UACA,MAAA;AAAA,UACA,2BAAA;AAAA,UACA,GAAA,CAAI,OAAO,eAAe,CAAA;AAAA,SAC5B;AAAA,OACD,CAAA,CAAA;AAAA,KACH;AAAA,GACF,CAAA;AAEA,EAAO,MAAA,CAAA,GAAA,CAAIC,4BAAc,CAAA,CAAA;AAEzB,EAAO,OAAA,MAAA,CAAA;AACT;;;;"}
|
|
1
|
+
{"version":3,"file":"index.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage/plugin-permission-backend",
|
|
3
|
-
"version": "0.5.19-next.
|
|
3
|
+
"version": "0.5.19-next.2",
|
|
4
4
|
"main": "dist/index.cjs.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -9,6 +9,19 @@
|
|
|
9
9
|
"main": "dist/index.cjs.js",
|
|
10
10
|
"types": "dist/index.d.ts"
|
|
11
11
|
},
|
|
12
|
+
"exports": {
|
|
13
|
+
".": {
|
|
14
|
+
"require": "./dist/index.cjs.js",
|
|
15
|
+
"types": "./dist/index.d.ts",
|
|
16
|
+
"default": "./dist/index.cjs.js"
|
|
17
|
+
},
|
|
18
|
+
"./alpha": {
|
|
19
|
+
"require": "./dist/alpha.cjs.js",
|
|
20
|
+
"types": "./dist/alpha.d.ts",
|
|
21
|
+
"default": "./dist/alpha.cjs.js"
|
|
22
|
+
},
|
|
23
|
+
"./package.json": "./package.json"
|
|
24
|
+
},
|
|
12
25
|
"backstage": {
|
|
13
26
|
"role": "backend-plugin"
|
|
14
27
|
},
|
|
@@ -22,12 +35,13 @@
|
|
|
22
35
|
"clean": "backstage-cli package clean"
|
|
23
36
|
},
|
|
24
37
|
"dependencies": {
|
|
25
|
-
"@backstage/backend-common": "^0.18.4-next.
|
|
38
|
+
"@backstage/backend-common": "^0.18.4-next.2",
|
|
39
|
+
"@backstage/backend-plugin-api": "^0.5.1-next.2",
|
|
26
40
|
"@backstage/config": "^1.0.7",
|
|
27
41
|
"@backstage/errors": "^1.1.5",
|
|
28
|
-
"@backstage/plugin-auth-node": "^0.2.13-next.
|
|
42
|
+
"@backstage/plugin-auth-node": "^0.2.13-next.2",
|
|
29
43
|
"@backstage/plugin-permission-common": "^0.7.5-next.0",
|
|
30
|
-
"@backstage/plugin-permission-node": "^0.7.7-next.
|
|
44
|
+
"@backstage/plugin-permission-node": "^0.7.7-next.2",
|
|
31
45
|
"@types/express": "*",
|
|
32
46
|
"dataloader": "^2.0.0",
|
|
33
47
|
"express": "^4.17.1",
|
|
@@ -39,13 +53,14 @@
|
|
|
39
53
|
"zod": "^3.21.4"
|
|
40
54
|
},
|
|
41
55
|
"devDependencies": {
|
|
42
|
-
"@backstage/cli": "^0.22.6-next.
|
|
56
|
+
"@backstage/cli": "^0.22.6-next.2",
|
|
43
57
|
"@types/lodash": "^4.14.151",
|
|
44
58
|
"@types/supertest": "^2.0.8",
|
|
45
59
|
"msw": "^1.0.0",
|
|
46
60
|
"supertest": "^6.1.6"
|
|
47
61
|
},
|
|
48
62
|
"files": [
|
|
49
|
-
"dist"
|
|
63
|
+
"dist",
|
|
64
|
+
"alpha"
|
|
50
65
|
]
|
|
51
66
|
}
|