@backstage/plugin-permission-backend 0.5.9-next.1 → 0.5.10-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +33 -0
  2. package/dist/index.cjs.js +83 -50
  3. package/dist/index.cjs.js.map +1 -1
  4. package/package.json +9 -9
package/CHANGELOG.md CHANGED
@@ -1,5 +1,38 @@
1
1
  # @backstage/plugin-permission-backend
2
2
 
3
+ ## 0.5.10-next.0
4
+
5
+ ### Patch Changes
6
+
7
+ - Updated dependencies
8
+ - @backstage/backend-common@0.15.0-next.0
9
+ - @backstage/plugin-auth-node@0.2.4-next.0
10
+ - @backstage/plugin-permission-node@0.6.4-next.0
11
+
12
+ ## 0.5.9
13
+
14
+ ### Patch Changes
15
+
16
+ - a70869e775: Updated dependency `msw` to `^0.43.0`.
17
+ - 8006d0f9bf: Updated dependency `msw` to `^0.44.0`.
18
+ - Updated dependencies
19
+ - @backstage/backend-common@0.14.1
20
+ - @backstage/plugin-auth-node@0.2.3
21
+ - @backstage/plugin-permission-common@0.6.3
22
+ - @backstage/plugin-permission-node@0.6.3
23
+ - @backstage/errors@1.1.0
24
+
25
+ ## 0.5.9-next.2
26
+
27
+ ### Patch Changes
28
+
29
+ - a70869e775: Updated dependency `msw` to `^0.43.0`.
30
+ - Updated dependencies
31
+ - @backstage/backend-common@0.14.1-next.3
32
+ - @backstage/plugin-auth-node@0.2.3-next.2
33
+ - @backstage/plugin-permission-common@0.6.3-next.1
34
+ - @backstage/plugin-permission-node@0.6.3-next.2
35
+
3
36
  ## 0.5.9-next.1
4
37
 
5
38
  ### Patch Changes
package/dist/index.cjs.js CHANGED
@@ -21,26 +21,32 @@ var fetch__default = /*#__PURE__*/_interopDefaultLegacy(fetch);
21
21
  var DataLoader__default = /*#__PURE__*/_interopDefaultLegacy(DataLoader);
22
22
 
23
23
  const responseSchema = zod.z.object({
24
- items: zod.z.array(zod.z.object({
25
- id: zod.z.string(),
26
- result: zod.z.literal(pluginPermissionCommon.AuthorizeResult.ALLOW).or(zod.z.literal(pluginPermissionCommon.AuthorizeResult.DENY))
27
- }))
24
+ items: zod.z.array(
25
+ zod.z.object({
26
+ id: zod.z.string(),
27
+ result: zod.z.literal(pluginPermissionCommon.AuthorizeResult.ALLOW).or(zod.z.literal(pluginPermissionCommon.AuthorizeResult.DENY))
28
+ })
29
+ )
28
30
  });
29
31
  class PermissionIntegrationClient {
30
32
  constructor(options) {
31
33
  this.discovery = options.discovery;
32
34
  }
33
35
  async applyConditions(pluginId, decisions, authHeader) {
34
- const endpoint = `${await this.discovery.getBaseUrl(pluginId)}/.well-known/backstage/permissions/apply-conditions`;
36
+ const endpoint = `${await this.discovery.getBaseUrl(
37
+ pluginId
38
+ )}/.well-known/backstage/permissions/apply-conditions`;
35
39
  const response = await fetch__default["default"](endpoint, {
36
40
  method: "POST",
37
41
  body: JSON.stringify({
38
- items: decisions.map(({ id, resourceRef, resourceType, conditions }) => ({
39
- id,
40
- resourceRef,
41
- resourceType,
42
- conditions
43
- }))
42
+ items: decisions.map(
43
+ ({ id, resourceRef, resourceType, conditions }) => ({
44
+ id,
45
+ resourceRef,
46
+ resourceType,
47
+ conditions
48
+ })
49
+ )
44
50
  }),
45
51
  headers: {
46
52
  ...authHeader ? { authorization: authHeader } : {},
@@ -48,7 +54,9 @@ class PermissionIntegrationClient {
48
54
  }
49
55
  });
50
56
  if (!response.ok) {
51
- throw new Error(`Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`);
57
+ throw new Error(
58
+ `Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`
59
+ );
52
60
  }
53
61
  const result = responseSchema.parse(await response.json());
54
62
  return result.items;
@@ -86,38 +94,50 @@ const evaluatePermissionRequestBatchSchema = zod.z.object({
86
94
  });
87
95
  const handleRequest = async (requests, user, policy, permissionIntegrationClient, authHeader) => {
88
96
  const applyConditionsLoaderFor = lodash.memoize((pluginId) => {
89
- return new DataLoader__default["default"]((batch) => permissionIntegrationClient.applyConditions(pluginId, batch, authHeader));
97
+ return new DataLoader__default["default"](
98
+ (batch) => permissionIntegrationClient.applyConditions(pluginId, batch, authHeader)
99
+ );
90
100
  });
91
- return Promise.all(requests.map(({ id, resourceRef, ...request }) => policy.handle(request, user).then((decision) => {
92
- if (decision.result !== pluginPermissionCommon.AuthorizeResult.CONDITIONAL) {
93
- return {
94
- id,
95
- ...decision
96
- };
97
- }
98
- if (!pluginPermissionCommon.isResourcePermission(request.permission)) {
99
- throw new Error(`Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`);
100
- }
101
- if (decision.resourceType !== request.permission.resourceType) {
102
- throw new Error(`Invalid resource conditions returned from permission policy for permission ${request.permission.name}`);
103
- }
104
- if (!resourceRef) {
105
- return {
106
- id,
107
- ...decision
108
- };
109
- }
110
- return applyConditionsLoaderFor(decision.pluginId).load({
111
- id,
112
- resourceRef,
113
- ...decision
114
- });
115
- })));
101
+ return Promise.all(
102
+ requests.map(
103
+ ({ id, resourceRef, ...request }) => policy.handle(request, user).then((decision) => {
104
+ if (decision.result !== pluginPermissionCommon.AuthorizeResult.CONDITIONAL) {
105
+ return {
106
+ id,
107
+ ...decision
108
+ };
109
+ }
110
+ if (!pluginPermissionCommon.isResourcePermission(request.permission)) {
111
+ throw new Error(
112
+ `Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`
113
+ );
114
+ }
115
+ if (decision.resourceType !== request.permission.resourceType) {
116
+ throw new Error(
117
+ `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`
118
+ );
119
+ }
120
+ if (!resourceRef) {
121
+ return {
122
+ id,
123
+ ...decision
124
+ };
125
+ }
126
+ return applyConditionsLoaderFor(decision.pluginId).load({
127
+ id,
128
+ resourceRef,
129
+ ...decision
130
+ });
131
+ })
132
+ )
133
+ );
116
134
  };
117
135
  async function createRouter(options) {
118
136
  const { policy, discovery, identity, config, logger } = options;
119
137
  if (!config.getOptionalBoolean("permission.enabled")) {
120
- logger.warn("Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.");
138
+ logger.warn(
139
+ "Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true."
140
+ );
121
141
  }
122
142
  const permissionIntegrationClient = new PermissionIntegrationClient({
123
143
  discovery
@@ -127,18 +147,31 @@ async function createRouter(options) {
127
147
  router.get("/health", (_, response) => {
128
148
  response.send({ status: "ok" });
129
149
  });
130
- router.post("/authorize", async (req, res) => {
131
- const token = pluginAuthNode.getBearerTokenFromAuthorizationHeader(req.header("authorization"));
132
- const user = token ? await identity.authenticate(token) : void 0;
133
- const parseResult = evaluatePermissionRequestBatchSchema.safeParse(req.body);
134
- if (!parseResult.success) {
135
- throw new errors.InputError(parseResult.error.toString());
150
+ router.post(
151
+ "/authorize",
152
+ async (req, res) => {
153
+ const token = pluginAuthNode.getBearerTokenFromAuthorizationHeader(
154
+ req.header("authorization")
155
+ );
156
+ const user = token ? await identity.authenticate(token) : void 0;
157
+ const parseResult = evaluatePermissionRequestBatchSchema.safeParse(
158
+ req.body
159
+ );
160
+ if (!parseResult.success) {
161
+ throw new errors.InputError(parseResult.error.toString());
162
+ }
163
+ const body = parseResult.data;
164
+ res.json({
165
+ items: await handleRequest(
166
+ body.items,
167
+ user,
168
+ policy,
169
+ permissionIntegrationClient,
170
+ req.header("authorization")
171
+ )
172
+ });
136
173
  }
137
- const body = parseResult.data;
138
- res.json({
139
- items: await handleRequest(body.items, user, policy, permissionIntegrationClient, req.header("authorization"))
140
- });
141
- });
174
+ );
142
175
  router.use(backendCommon.errorHandler());
143
176
  return router;
144
177
  }
package/dist/index.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs.js","sources":["../src/service/PermissionIntegrationClient.ts","../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fetch from 'node-fetch';\nimport { z } from 'zod';\nimport { PluginEndpointDiscovery } from '@backstage/backend-common';\nimport {\n AuthorizeResult,\n ConditionalPolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n} from '@backstage/plugin-permission-node';\n\nconst responseSchema = z.object({\n items: z.array(\n z.object({\n id: z.string(),\n result: z\n .literal(AuthorizeResult.ALLOW)\n .or(z.literal(AuthorizeResult.DENY)),\n }),\n ),\n});\n\nexport type ResourcePolicyDecision = ConditionalPolicyDecision & {\n resourceRef: string;\n};\n\nexport class PermissionIntegrationClient {\n private readonly discovery: PluginEndpointDiscovery;\n\n constructor(options: { discovery: PluginEndpointDiscovery }) {\n this.discovery = options.discovery;\n }\n\n async applyConditions(\n pluginId: string,\n decisions: readonly ApplyConditionsRequestEntry[],\n authHeader?: string,\n ): Promise<ApplyConditionsResponseEntry[]> {\n const endpoint = `${await this.discovery.getBaseUrl(\n pluginId,\n )}/.well-known/backstage/permissions/apply-conditions`;\n\n const response = await fetch(endpoint, {\n method: 'POST',\n body: JSON.stringify({\n items: decisions.map(\n ({ id, resourceRef, resourceType, conditions }) => ({\n id,\n resourceRef,\n resourceType,\n conditions,\n }),\n ),\n }),\n headers: {\n ...(authHeader ? { authorization: authHeader } : {}),\n 'content-type': 'application/json',\n },\n });\n\n if (!response.ok) {\n throw new Error(\n `Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`,\n );\n }\n\n const result = responseSchema.parse(await response.json());\n\n return result.items;\n }\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { Logger } from 'winston';\nimport {\n errorHandler,\n PluginEndpointDiscovery,\n} from '@backstage/backend-common';\nimport { InputError } from '@backstage/errors';\nimport {\n getBearerTokenFromAuthorizationHeader,\n BackstageIdentityResponse,\n IdentityClient,\n} from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n EvaluatePermissionResponse,\n EvaluatePermissionRequest,\n IdentifiedPermissionMessage,\n EvaluatePermissionRequestBatch,\n EvaluatePermissionResponseBatch,\n isResourcePermission,\n PermissionAttributes,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n PermissionPolicy,\n} from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\nimport { memoize } from 'lodash';\nimport DataLoader from 'dataloader';\nimport { Config } from '@backstage/config';\n\nconst attributesSchema: z.ZodSchema<PermissionAttributes> = z.object({\n action: z\n .union([\n z.literal('create'),\n z.literal('read'),\n z.literal('update'),\n z.literal('delete'),\n ])\n .optional(),\n});\n\nconst permissionSchema = z.union([\n z.object({\n type: z.literal('basic'),\n name: z.string(),\n attributes: attributesSchema,\n }),\n z.object({\n type: z.literal('resource'),\n name: z.string(),\n attributes: attributesSchema,\n resourceType: z.string(),\n }),\n]);\n\nconst evaluatePermissionRequestSchema: z.ZodSchema<\n IdentifiedPermissionMessage<EvaluatePermissionRequest>\n> = z.object({\n id: z.string(),\n resourceRef: z.string().optional(),\n permission: permissionSchema,\n});\n\nconst evaluatePermissionRequestBatchSchema: z.ZodSchema<EvaluatePermissionRequestBatch> =\n z.object({\n items: z.array(evaluatePermissionRequestSchema),\n });\n\n/**\n * Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n *\n * @public\n */\nexport interface RouterOptions {\n logger: Logger;\n discovery: PluginEndpointDiscovery;\n policy: PermissionPolicy;\n identity: IdentityClient;\n config: Config;\n}\n\nconst handleRequest = async (\n requests: IdentifiedPermissionMessage<EvaluatePermissionRequest>[],\n user: BackstageIdentityResponse | undefined,\n policy: PermissionPolicy,\n permissionIntegrationClient: PermissionIntegrationClient,\n authHeader?: string,\n): Promise<IdentifiedPermissionMessage<EvaluatePermissionResponse>[]> => {\n const applyConditionsLoaderFor = memoize((pluginId: string) => {\n return new DataLoader<\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry\n >(batch =>\n permissionIntegrationClient.applyConditions(pluginId, batch, authHeader),\n );\n });\n\n return Promise.all(\n requests.map(({ id, resourceRef, ...request }) =>\n policy.handle(request, user).then(decision => {\n if (decision.result !== AuthorizeResult.CONDITIONAL) {\n return {\n id,\n ...decision,\n };\n }\n\n if (!isResourcePermission(request.permission)) {\n throw new Error(\n `Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`,\n );\n }\n\n if (decision.resourceType !== request.permission.resourceType) {\n throw new Error(\n `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n );\n }\n\n if (!resourceRef) {\n return {\n id,\n ...decision,\n };\n }\n\n return applyConditionsLoaderFor(decision.pluginId).load({\n id,\n resourceRef,\n ...decision,\n });\n }),\n ),\n );\n};\n\n/**\n * Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n *\n * @public\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { policy, discovery, identity, config, logger } = options;\n\n if (!config.getOptionalBoolean('permission.enabled')) {\n logger.warn(\n 'Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.',\n );\n }\n\n const permissionIntegrationClient = new PermissionIntegrationClient({\n discovery,\n });\n\n const router = Router();\n router.use(express.json());\n\n router.get('/health', (_, response) => {\n response.send({ status: 'ok' });\n });\n\n router.post(\n '/authorize',\n async (\n req: Request<EvaluatePermissionRequestBatch>,\n res: Response<EvaluatePermissionResponseBatch>,\n ) => {\n const token = getBearerTokenFromAuthorizationHeader(\n req.header('authorization'),\n );\n const user = token ? await identity.authenticate(token) : undefined;\n\n const parseResult = evaluatePermissionRequestBatchSchema.safeParse(\n req.body,\n );\n\n if (!parseResult.success) {\n throw new InputError(parseResult.error.toString());\n }\n\n const body = parseResult.data;\n\n res.json({\n items: await handleRequest(\n body.items,\n user,\n policy,\n permissionIntegrationClient,\n req.header('authorization'),\n ),\n });\n },\n );\n\n router.use(errorHandler());\n\n return router;\n}\n"],"names":["z","AuthorizeResult","fetch","memoize","DataLoader","isResourcePermission","Router","express","getBearerTokenFromAuthorizationHeader","InputError","errorHandler"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAKA,MAAM,cAAc,GAAGA,KAAC,CAAC,MAAM,CAAC;AAChC,EAAE,KAAK,EAAEA,KAAC,CAAC,KAAK,CAACA,KAAC,CAAC,MAAM,CAAC;AAC1B,IAAI,EAAE,EAAEA,KAAC,CAAC,MAAM,EAAE;AAClB,IAAI,MAAM,EAAEA,KAAC,CAAC,OAAO,CAACC,sCAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAACD,KAAC,CAAC,OAAO,CAACC,sCAAe,CAAC,IAAI,CAAC,CAAC;AAChF,GAAG,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AACI,MAAM,2BAA2B,CAAC;AACzC,EAAE,WAAW,CAAC,OAAO,EAAE;AACvB,IAAI,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;AACvC,GAAG;AACH,EAAE,MAAM,eAAe,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE;AACzD,IAAI,MAAM,QAAQ,GAAG,CAAC,EAAE,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,mDAAmD,CAAC,CAAC;AACvH,IAAI,MAAM,QAAQ,GAAG,MAAMC,yBAAK,CAAC,QAAQ,EAAE;AAC3C,MAAM,MAAM,EAAE,MAAM;AACpB,MAAM,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;AAC3B,QAAQ,KAAK,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM;AACjF,UAAU,EAAE;AACZ,UAAU,WAAW;AACrB,UAAU,YAAY;AACtB,UAAU,UAAU;AACpB,SAAS,CAAC,CAAC;AACX,OAAO,CAAC;AACR,MAAM,OAAO,EAAE;AACf,QAAQ,GAAG,UAAU,GAAG,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,EAAE;AAC1D,QAAQ,cAAc,EAAE,kBAAkB;AAC1C,OAAO;AACP,KAAK,CAAC,CAAC;AACP,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AACtB,MAAM,MAAM,IAAI,KAAK,CAAC,CAAC,wFAAwF,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAC7J,KAAK;AACL,IAAI,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AAC/D,IAAI,OAAO,MAAM,CAAC,KAAK,CAAC;AACxB,GAAG;AACH;;ACrBA,MAAM,gBAAgB,GAAGF,KAAC,CAAC,MAAM,CAAC;AAClC,EAAE,MAAM,EAAEA,KAAC,CAAC,KAAK,CAAC;AAClB,IAAIA,KAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;AACvB,IAAIA,KAAC,CAAC,OAAO,CAAC,MAAM,CAAC;AACrB,IAAIA,KAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;AACvB,IAAIA,KAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;AACvB,GAAG,CAAC,CAAC,QAAQ,EAAE;AACf,CAAC,CAAC,CAAC;AACH,MAAM,gBAAgB,GAAGA,KAAC,CAAC,KAAK,CAAC;AACjC,EAAEA,KAAC,CAAC,MAAM,CAAC;AACX,IAAI,IAAI,EAAEA,KAAC,CAAC,OAAO,CAAC,OAAO,CAAC;AAC5B,IAAI,IAAI,EAAEA,KAAC,CAAC,MAAM,EAAE;AACpB,IAAI,UAAU,EAAE,gBAAgB;AAChC,GAAG,CAAC;AACJ,EAAEA,KAAC,CAAC,MAAM,CAAC;AACX,IAAI,IAAI,EAAEA,KAAC,CAAC,OAAO,CAAC,UAAU,CAAC;AAC/B,IAAI,IAAI,EAAEA,KAAC,CAAC,MAAM,EAAE;AACpB,IAAI,UAAU,EAAE,gBAAgB;AAChC,IAAI,YAAY,EAAEA,KAAC,CAAC,MAAM,EAAE;AAC5B,GAAG,CAAC;AACJ,CAAC,CAAC,CAAC;AACH,MAAM,+BAA+B,GAAGA,KAAC,CAAC,MAAM,CAAC;AACjD,EAAE,EAAE,EAAEA,KAAC,CAAC,MAAM,EAAE;AAChB,EAAE,WAAW,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AACpC,EAAE,UAAU,EAAE,gBAAgB;AAC9B,CAAC,CAAC,CAAC;AACH,MAAM,oCAAoC,GAAGA,KAAC,CAAC,MAAM,CAAC;AACtD,EAAE,KAAK,EAAEA,KAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC;AACjD,CAAC,CAAC,CAAC;AACH,MAAM,aAAa,GAAG,OAAO,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,2BAA2B,EAAE,UAAU,KAAK;AACjG,EAAE,MAAM,wBAAwB,GAAGG,cAAO,CAAC,CAAC,QAAQ,KAAK;AACzD,IAAI,OAAO,IAAIC,8BAAU,CAAC,CAAC,KAAK,KAAK,2BAA2B,CAAC,eAAe,CAAC,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;AAC/G,GAAG,CAAC,CAAC;AACL,EAAE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,OAAO,EAAE,KAAK,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAK;AACvH,IAAI,IAAI,QAAQ,CAAC,MAAM,KAAKH,sCAAe,CAAC,WAAW,EAAE;AACzD,MAAM,OAAO;AACb,QAAQ,EAAE;AACV,QAAQ,GAAG,QAAQ;AACnB,OAAO,CAAC;AACR,KAAK;AACL,IAAI,IAAI,CAACI,2CAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;AACnD,MAAM,MAAM,IAAI,KAAK,CAAC,CAAC,iFAAiF,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACrI,KAAK;AACL,IAAI,IAAI,QAAQ,CAAC,YAAY,KAAK,OAAO,CAAC,UAAU,CAAC,YAAY,EAAE;AACnE,MAAM,MAAM,IAAI,KAAK,CAAC,CAAC,2EAA2E,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC/H,KAAK;AACL,IAAI,IAAI,CAAC,WAAW,EAAE;AACtB,MAAM,OAAO;AACb,QAAQ,EAAE;AACV,QAAQ,GAAG,QAAQ;AACnB,OAAO,CAAC;AACR,KAAK;AACL,IAAI,OAAO,wBAAwB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC;AAC5D,MAAM,EAAE;AACR,MAAM,WAAW;AACjB,MAAM,GAAG,QAAQ;AACjB,KAAK,CAAC,CAAC;AACP,GAAG,CAAC,CAAC,CAAC,CAAC;AACP,CAAC,CAAC;AACK,eAAe,YAAY,CAAC,OAAO,EAAE;AAC5C,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;AAClE,EAAE,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;AACxD,IAAI,MAAM,CAAC,IAAI,CAAC,8GAA8G,CAAC,CAAC;AAChI,GAAG;AACH,EAAE,MAAM,2BAA2B,GAAG,IAAI,2BAA2B,CAAC;AACtE,IAAI,SAAS;AACb,GAAG,CAAC,CAAC;AACL,EAAE,MAAM,MAAM,GAAGC,0BAAM,EAAE,CAAC;AAC1B,EAAE,MAAM,CAAC,GAAG,CAACC,2BAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AAC7B,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,QAAQ,KAAK;AACzC,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;AACpC,GAAG,CAAC,CAAC;AACL,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,GAAG,EAAE,GAAG,KAAK;AAChD,IAAI,MAAM,KAAK,GAAGC,oDAAqC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;AACrF,IAAI,MAAM,IAAI,GAAG,KAAK,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC;AACrE,IAAI,MAAM,WAAW,GAAG,oCAAoC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACjF,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE;AAC9B,MAAM,MAAM,IAAIC,iBAAU,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;AACzD,KAAK;AACL,IAAI,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;AAClC,IAAI,GAAG,CAAC,IAAI,CAAC;AACb,MAAM,KAAK,EAAE,MAAM,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,2BAA2B,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;AACpH,KAAK,CAAC,CAAC;AACP,GAAG,CAAC,CAAC;AACL,EAAE,MAAM,CAAC,GAAG,CAACC,0BAAY,EAAE,CAAC,CAAC;AAC7B,EAAE,OAAO,MAAM,CAAC;AAChB;;;;"}
1
+ {"version":3,"file":"index.cjs.js","sources":["../src/service/PermissionIntegrationClient.ts","../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fetch from 'node-fetch';\nimport { z } from 'zod';\nimport { PluginEndpointDiscovery } from '@backstage/backend-common';\nimport {\n AuthorizeResult,\n ConditionalPolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n} from '@backstage/plugin-permission-node';\n\nconst responseSchema = z.object({\n items: z.array(\n z.object({\n id: z.string(),\n result: z\n .literal(AuthorizeResult.ALLOW)\n .or(z.literal(AuthorizeResult.DENY)),\n }),\n ),\n});\n\nexport type ResourcePolicyDecision = ConditionalPolicyDecision & {\n resourceRef: string;\n};\n\nexport class PermissionIntegrationClient {\n private readonly discovery: PluginEndpointDiscovery;\n\n constructor(options: { discovery: PluginEndpointDiscovery }) {\n this.discovery = options.discovery;\n }\n\n async applyConditions(\n pluginId: string,\n decisions: readonly ApplyConditionsRequestEntry[],\n authHeader?: string,\n ): Promise<ApplyConditionsResponseEntry[]> {\n const endpoint = `${await this.discovery.getBaseUrl(\n pluginId,\n )}/.well-known/backstage/permissions/apply-conditions`;\n\n const response = await fetch(endpoint, {\n method: 'POST',\n body: JSON.stringify({\n items: decisions.map(\n ({ id, resourceRef, resourceType, conditions }) => ({\n id,\n resourceRef,\n resourceType,\n conditions,\n }),\n ),\n }),\n headers: {\n ...(authHeader ? { authorization: authHeader } : {}),\n 'content-type': 'application/json',\n },\n });\n\n if (!response.ok) {\n throw new Error(\n `Unexpected response from plugin upstream when applying conditions. Expected 200 but got ${response.status} - ${response.statusText}`,\n );\n }\n\n const result = responseSchema.parse(await response.json());\n\n return result.items;\n }\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { Logger } from 'winston';\nimport {\n errorHandler,\n PluginEndpointDiscovery,\n} from '@backstage/backend-common';\nimport { InputError } from '@backstage/errors';\nimport {\n getBearerTokenFromAuthorizationHeader,\n BackstageIdentityResponse,\n IdentityClient,\n} from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n EvaluatePermissionResponse,\n EvaluatePermissionRequest,\n IdentifiedPermissionMessage,\n EvaluatePermissionRequestBatch,\n EvaluatePermissionResponseBatch,\n isResourcePermission,\n PermissionAttributes,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n PermissionPolicy,\n} from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\nimport { memoize } from 'lodash';\nimport DataLoader from 'dataloader';\nimport { Config } from '@backstage/config';\n\nconst attributesSchema: z.ZodSchema<PermissionAttributes> = z.object({\n action: z\n .union([\n z.literal('create'),\n z.literal('read'),\n z.literal('update'),\n z.literal('delete'),\n ])\n .optional(),\n});\n\nconst permissionSchema = z.union([\n z.object({\n type: z.literal('basic'),\n name: z.string(),\n attributes: attributesSchema,\n }),\n z.object({\n type: z.literal('resource'),\n name: z.string(),\n attributes: attributesSchema,\n resourceType: z.string(),\n }),\n]);\n\nconst evaluatePermissionRequestSchema: z.ZodSchema<\n IdentifiedPermissionMessage<EvaluatePermissionRequest>\n> = z.object({\n id: z.string(),\n resourceRef: z.string().optional(),\n permission: permissionSchema,\n});\n\nconst evaluatePermissionRequestBatchSchema: z.ZodSchema<EvaluatePermissionRequestBatch> =\n z.object({\n items: z.array(evaluatePermissionRequestSchema),\n });\n\n/**\n * Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n *\n * @public\n */\nexport interface RouterOptions {\n logger: Logger;\n discovery: PluginEndpointDiscovery;\n policy: PermissionPolicy;\n identity: IdentityClient;\n config: Config;\n}\n\nconst handleRequest = async (\n requests: IdentifiedPermissionMessage<EvaluatePermissionRequest>[],\n user: BackstageIdentityResponse | undefined,\n policy: PermissionPolicy,\n permissionIntegrationClient: PermissionIntegrationClient,\n authHeader?: string,\n): Promise<IdentifiedPermissionMessage<EvaluatePermissionResponse>[]> => {\n const applyConditionsLoaderFor = memoize((pluginId: string) => {\n return new DataLoader<\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry\n >(batch =>\n permissionIntegrationClient.applyConditions(pluginId, batch, authHeader),\n );\n });\n\n return Promise.all(\n requests.map(({ id, resourceRef, ...request }) =>\n policy.handle(request, user).then(decision => {\n if (decision.result !== AuthorizeResult.CONDITIONAL) {\n return {\n id,\n ...decision,\n };\n }\n\n if (!isResourcePermission(request.permission)) {\n throw new Error(\n `Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`,\n );\n }\n\n if (decision.resourceType !== request.permission.resourceType) {\n throw new Error(\n `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n );\n }\n\n if (!resourceRef) {\n return {\n id,\n ...decision,\n };\n }\n\n return applyConditionsLoaderFor(decision.pluginId).load({\n id,\n resourceRef,\n ...decision,\n });\n }),\n ),\n );\n};\n\n/**\n * Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n *\n * @public\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { policy, discovery, identity, config, logger } = options;\n\n if (!config.getOptionalBoolean('permission.enabled')) {\n logger.warn(\n 'Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.',\n );\n }\n\n const permissionIntegrationClient = new PermissionIntegrationClient({\n discovery,\n });\n\n const router = Router();\n router.use(express.json());\n\n router.get('/health', (_, response) => {\n response.send({ status: 'ok' });\n });\n\n router.post(\n '/authorize',\n async (\n req: Request<EvaluatePermissionRequestBatch>,\n res: Response<EvaluatePermissionResponseBatch>,\n ) => {\n const token = getBearerTokenFromAuthorizationHeader(\n req.header('authorization'),\n );\n const user = token ? await identity.authenticate(token) : undefined;\n\n const parseResult = evaluatePermissionRequestBatchSchema.safeParse(\n req.body,\n );\n\n if (!parseResult.success) {\n throw new InputError(parseResult.error.toString());\n }\n\n const body = parseResult.data;\n\n res.json({\n items: await handleRequest(\n body.items,\n user,\n policy,\n permissionIntegrationClient,\n req.header('authorization'),\n ),\n });\n },\n );\n\n router.use(errorHandler());\n\n return router;\n}\n"],"names":["z","AuthorizeResult","fetch","memoize","DataLoader","isResourcePermission","Router","express","getBearerTokenFromAuthorizationHeader","InputError","errorHandler"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAKA,MAAM,cAAc,GAAGA,KAAC,CAAC,MAAM,CAAC;AAChC,EAAE,KAAK,EAAEA,KAAC,CAAC,KAAK;AAChB,IAAIA,KAAC,CAAC,MAAM,CAAC;AACb,MAAM,EAAE,EAAEA,KAAC,CAAC,MAAM,EAAE;AACpB,MAAM,MAAM,EAAEA,KAAC,CAAC,OAAO,CAACC,sCAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAACD,KAAC,CAAC,OAAO,CAACC,sCAAe,CAAC,IAAI,CAAC,CAAC;AAClF,KAAK,CAAC;AACN,GAAG;AACH,CAAC,CAAC,CAAC;AACI,MAAM,2BAA2B,CAAC;AACzC,EAAE,WAAW,CAAC,OAAO,EAAE;AACvB,IAAI,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;AACvC,GAAG;AACH,EAAE,MAAM,eAAe,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE;AACzD,IAAI,MAAM,QAAQ,GAAG,CAAC,EAAE,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU;AACvD,MAAM,QAAQ;AACd,KAAK,CAAC,mDAAmD,CAAC,CAAC;AAC3D,IAAI,MAAM,QAAQ,GAAG,MAAMC,yBAAK,CAAC,QAAQ,EAAE;AAC3C,MAAM,MAAM,EAAE,MAAM;AACpB,MAAM,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;AAC3B,QAAQ,KAAK,EAAE,SAAS,CAAC,GAAG;AAC5B,UAAU,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM;AAC9D,YAAY,EAAE;AACd,YAAY,WAAW;AACvB,YAAY,YAAY;AACxB,YAAY,UAAU;AACtB,WAAW,CAAC;AACZ,SAAS;AACT,OAAO,CAAC;AACR,MAAM,OAAO,EAAE;AACf,QAAQ,GAAG,UAAU,GAAG,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,EAAE;AAC1D,QAAQ,cAAc,EAAE,kBAAkB;AAC1C,OAAO;AACP,KAAK,CAAC,CAAC;AACP,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AACtB,MAAM,MAAM,IAAI,KAAK;AACrB,QAAQ,CAAC,wFAAwF,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;AAC7I,OAAO,CAAC;AACR,KAAK;AACL,IAAI,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AAC/D,IAAI,OAAO,MAAM,CAAC,KAAK,CAAC;AACxB,GAAG;AACH;;AC7BA,MAAM,gBAAgB,GAAGF,KAAC,CAAC,MAAM,CAAC;AAClC,EAAE,MAAM,EAAEA,KAAC,CAAC,KAAK,CAAC;AAClB,IAAIA,KAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;AACvB,IAAIA,KAAC,CAAC,OAAO,CAAC,MAAM,CAAC;AACrB,IAAIA,KAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;AACvB,IAAIA,KAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;AACvB,GAAG,CAAC,CAAC,QAAQ,EAAE;AACf,CAAC,CAAC,CAAC;AACH,MAAM,gBAAgB,GAAGA,KAAC,CAAC,KAAK,CAAC;AACjC,EAAEA,KAAC,CAAC,MAAM,CAAC;AACX,IAAI,IAAI,EAAEA,KAAC,CAAC,OAAO,CAAC,OAAO,CAAC;AAC5B,IAAI,IAAI,EAAEA,KAAC,CAAC,MAAM,EAAE;AACpB,IAAI,UAAU,EAAE,gBAAgB;AAChC,GAAG,CAAC;AACJ,EAAEA,KAAC,CAAC,MAAM,CAAC;AACX,IAAI,IAAI,EAAEA,KAAC,CAAC,OAAO,CAAC,UAAU,CAAC;AAC/B,IAAI,IAAI,EAAEA,KAAC,CAAC,MAAM,EAAE;AACpB,IAAI,UAAU,EAAE,gBAAgB;AAChC,IAAI,YAAY,EAAEA,KAAC,CAAC,MAAM,EAAE;AAC5B,GAAG,CAAC;AACJ,CAAC,CAAC,CAAC;AACH,MAAM,+BAA+B,GAAGA,KAAC,CAAC,MAAM,CAAC;AACjD,EAAE,EAAE,EAAEA,KAAC,CAAC,MAAM,EAAE;AAChB,EAAE,WAAW,EAAEA,KAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;AACpC,EAAE,UAAU,EAAE,gBAAgB;AAC9B,CAAC,CAAC,CAAC;AACH,MAAM,oCAAoC,GAAGA,KAAC,CAAC,MAAM,CAAC;AACtD,EAAE,KAAK,EAAEA,KAAC,CAAC,KAAK,CAAC,+BAA+B,CAAC;AACjD,CAAC,CAAC,CAAC;AACH,MAAM,aAAa,GAAG,OAAO,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,2BAA2B,EAAE,UAAU,KAAK;AACjG,EAAE,MAAM,wBAAwB,GAAGG,cAAO,CAAC,CAAC,QAAQ,KAAK;AACzD,IAAI,OAAO,IAAIC,8BAAU;AACzB,MAAM,CAAC,KAAK,KAAK,2BAA2B,CAAC,eAAe,CAAC,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC;AACzF,KAAK,CAAC;AACN,GAAG,CAAC,CAAC;AACL,EAAE,OAAO,OAAO,CAAC,GAAG;AACpB,IAAI,QAAQ,CAAC,GAAG;AAChB,MAAM,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,OAAO,EAAE,KAAK,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAK;AAC3F,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAKH,sCAAe,CAAC,WAAW,EAAE;AAC7D,UAAU,OAAO;AACjB,YAAY,EAAE;AACd,YAAY,GAAG,QAAQ;AACvB,WAAW,CAAC;AACZ,SAAS;AACT,QAAQ,IAAI,CAACI,2CAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;AACvD,UAAU,MAAM,IAAI,KAAK;AACzB,YAAY,CAAC,iFAAiF,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AACzH,WAAW,CAAC;AACZ,SAAS;AACT,QAAQ,IAAI,QAAQ,CAAC,YAAY,KAAK,OAAO,CAAC,UAAU,CAAC,YAAY,EAAE;AACvE,UAAU,MAAM,IAAI,KAAK;AACzB,YAAY,CAAC,2EAA2E,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AACnH,WAAW,CAAC;AACZ,SAAS;AACT,QAAQ,IAAI,CAAC,WAAW,EAAE;AAC1B,UAAU,OAAO;AACjB,YAAY,EAAE;AACd,YAAY,GAAG,QAAQ;AACvB,WAAW,CAAC;AACZ,SAAS;AACT,QAAQ,OAAO,wBAAwB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC;AAChE,UAAU,EAAE;AACZ,UAAU,WAAW;AACrB,UAAU,GAAG,QAAQ;AACrB,SAAS,CAAC,CAAC;AACX,OAAO,CAAC;AACR,KAAK;AACL,GAAG,CAAC;AACJ,CAAC,CAAC;AACK,eAAe,YAAY,CAAC,OAAO,EAAE;AAC5C,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;AAClE,EAAE,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,EAAE;AACxD,IAAI,MAAM,CAAC,IAAI;AACf,MAAM,8GAA8G;AACpH,KAAK,CAAC;AACN,GAAG;AACH,EAAE,MAAM,2BAA2B,GAAG,IAAI,2BAA2B,CAAC;AACtE,IAAI,SAAS;AACb,GAAG,CAAC,CAAC;AACL,EAAE,MAAM,MAAM,GAAGC,0BAAM,EAAE,CAAC;AAC1B,EAAE,MAAM,CAAC,GAAG,CAACC,2BAAO,CAAC,IAAI,EAAE,CAAC,CAAC;AAC7B,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,QAAQ,KAAK;AACzC,IAAI,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;AACpC,GAAG,CAAC,CAAC;AACL,EAAE,MAAM,CAAC,IAAI;AACb,IAAI,YAAY;AAChB,IAAI,OAAO,GAAG,EAAE,GAAG,KAAK;AACxB,MAAM,MAAM,KAAK,GAAGC,oDAAqC;AACzD,QAAQ,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC;AACnC,OAAO,CAAC;AACR,MAAM,MAAM,IAAI,GAAG,KAAK,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC;AACvE,MAAM,MAAM,WAAW,GAAG,oCAAoC,CAAC,SAAS;AACxE,QAAQ,GAAG,CAAC,IAAI;AAChB,OAAO,CAAC;AACR,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE;AAChC,QAAQ,MAAM,IAAIC,iBAAU,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;AAC3D,OAAO;AACP,MAAM,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;AACpC,MAAM,GAAG,CAAC,IAAI,CAAC;AACf,QAAQ,KAAK,EAAE,MAAM,aAAa;AAClC,UAAU,IAAI,CAAC,KAAK;AACpB,UAAU,IAAI;AACd,UAAU,MAAM;AAChB,UAAU,2BAA2B;AACrC,UAAU,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC;AACrC,SAAS;AACT,OAAO,CAAC,CAAC;AACT,KAAK;AACL,GAAG,CAAC;AACJ,EAAE,MAAM,CAAC,GAAG,CAACC,0BAAY,EAAE,CAAC,CAAC;AAC7B,EAAE,OAAO,MAAM,CAAC;AAChB;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/plugin-permission-backend",
3
- "version": "0.5.9-next.1",
3
+ "version": "0.5.10-next.0",
4
4
  "main": "dist/index.cjs.js",
5
5
  "types": "dist/index.d.ts",
6
6
  "license": "Apache-2.0",
@@ -22,12 +22,12 @@
22
22
  "clean": "backstage-cli package clean"
23
23
  },
24
24
  "dependencies": {
25
- "@backstage/backend-common": "^0.14.1-next.1",
25
+ "@backstage/backend-common": "^0.15.0-next.0",
26
26
  "@backstage/config": "^1.0.1",
27
- "@backstage/errors": "^1.1.0-next.0",
28
- "@backstage/plugin-auth-node": "^0.2.3-next.1",
29
- "@backstage/plugin-permission-common": "^0.6.3-next.0",
30
- "@backstage/plugin-permission-node": "^0.6.3-next.1",
27
+ "@backstage/errors": "^1.1.0",
28
+ "@backstage/plugin-auth-node": "^0.2.4-next.0",
29
+ "@backstage/plugin-permission-common": "^0.6.3",
30
+ "@backstage/plugin-permission-node": "^0.6.4-next.0",
31
31
  "@types/express": "*",
32
32
  "dataloader": "^2.0.0",
33
33
  "express": "^4.17.1",
@@ -39,14 +39,14 @@
39
39
  "zod": "^3.11.6"
40
40
  },
41
41
  "devDependencies": {
42
- "@backstage/cli": "^0.18.0-next.1",
42
+ "@backstage/cli": "^0.18.1-next.0",
43
43
  "@types/lodash": "^4.14.151",
44
44
  "@types/supertest": "^2.0.8",
45
- "msw": "^0.42.0",
45
+ "msw": "^0.44.0",
46
46
  "supertest": "^6.1.6"
47
47
  },
48
48
  "files": [
49
49
  "dist"
50
50
  ],
51
- "gitHead": "e0a993834c31487a97a1ae6878eaf3685f03fc1a"
51
+ "gitHead": "fc3229c49caf6eced02ed9516199015bf4682664"
52
52
  }