@backstage/plugin-permission-backend 0.6.0 → 0.7.0-next.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/CHANGELOG.md +32 -0
  2. package/dist/index.cjs.js +0 -2
  3. package/dist/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +1 -31
  5. package/dist/service/PermissionIntegrationClient.cjs.js +11 -9
  6. package/dist/service/PermissionIntegrationClient.cjs.js.map +1 -1
  7. package/dist/service/router.cjs.js +8 -10
  8. package/dist/service/router.cjs.js.map +1 -1
  9. package/package.json +11 -12
package/CHANGELOG.md CHANGED
@@ -1,5 +1,37 @@
1
1
  # @backstage/plugin-permission-backend
2
2
 
3
+ ## 0.7.0-next.1
4
+
5
+ ### Minor Changes
6
+
7
+ - 4da2965: Fixed an issue causing the `PermissionClient` to exhaust the request body size limit too quickly when making many requests.
8
+
9
+ ### Patch Changes
10
+
11
+ - Updated dependencies
12
+ - @backstage/plugin-auth-node@0.6.3-next.1
13
+ - @backstage/backend-plugin-api@1.3.1-next.1
14
+ - @backstage/plugin-permission-common@0.9.0-next.0
15
+ - @backstage/plugin-permission-node@0.10.0-next.1
16
+ - @backstage/config@1.3.2
17
+ - @backstage/errors@1.2.7
18
+
19
+ ## 0.7.0-next.0
20
+
21
+ ### Minor Changes
22
+
23
+ - cf8fd51: **BREAKING** Removed support for the legacy backend system, please [migrate to the new backend system](https://backstage.io/docs/backend-system/building-backends/migrating)
24
+
25
+ ### Patch Changes
26
+
27
+ - Updated dependencies
28
+ - @backstage/backend-plugin-api@1.3.1-next.0
29
+ - @backstage/plugin-auth-node@0.6.3-next.0
30
+ - @backstage/plugin-permission-node@0.9.2-next.0
31
+ - @backstage/config@1.3.2
32
+ - @backstage/errors@1.2.7
33
+ - @backstage/plugin-permission-common@0.8.4
34
+
3
35
  ## 0.6.0
4
36
 
5
37
  ### Minor Changes
package/dist/index.cjs.js CHANGED
@@ -3,10 +3,8 @@
3
3
  Object.defineProperty(exports, '__esModule', { value: true });
4
4
 
5
5
  var plugin = require('./plugin.cjs.js');
6
- var router = require('./service/router.cjs.js');
7
6
 
8
7
 
9
8
 
10
9
  exports.default = plugin.permissionPlugin;
11
- exports.createRouter = router.createRouter;
12
10
  //# sourceMappingURL=index.cjs.js.map
package/dist/index.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;"}
1
+ {"version":3,"file":"index.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;"}
package/dist/index.d.ts CHANGED
@@ -1,8 +1,4 @@
1
1
  import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
2
- import { LoggerService, DiscoveryService, RootConfigService, AuthService, HttpAuthService, UserInfoService } from '@backstage/backend-plugin-api';
3
- import express from 'express';
4
- import { IdentityApi } from '@backstage/plugin-auth-node';
5
- import { PermissionPolicy } from '@backstage/plugin-permission-node';
6
2
 
7
3
  /**
8
4
  * Permission plugin
@@ -11,30 +7,4 @@ import { PermissionPolicy } from '@backstage/plugin-permission-node';
11
7
  */
12
8
  declare const permissionPlugin: _backstage_backend_plugin_api.BackendFeature;
13
9
 
14
- /**
15
- * Options required when constructing a new {@link express#Router} using
16
- * {@link createRouter}.
17
- *
18
- * @public
19
- * @deprecated Please migrate to the new backend system as this will be removed in the future.
20
- */
21
- interface RouterOptions {
22
- logger: LoggerService;
23
- discovery: DiscoveryService;
24
- policy: PermissionPolicy;
25
- identity?: IdentityApi;
26
- config: RootConfigService;
27
- auth?: AuthService;
28
- httpAuth?: HttpAuthService;
29
- userInfo?: UserInfoService;
30
- }
31
- /**
32
- * Creates a new {@link express#Router} which provides the backend API
33
- * for the permission system.
34
- *
35
- * @deprecated Please migrate to the new backend system as this will be removed in the future.
36
- * @public
37
- */
38
- declare function createRouter(options: RouterOptions): Promise<express.Router>;
39
-
40
- export { type RouterOptions, createRouter, permissionPlugin as default };
10
+ export { permissionPlugin as default };
package/dist/service/PermissionIntegrationClient.cjs.js CHANGED
@@ -8,7 +8,16 @@ const responseSchema = zod.z.object({
8
8
  items: zod.z.array(
9
9
  zod.z.object({
10
10
  id: zod.z.string(),
11
- result: zod.z.literal(pluginPermissionCommon.AuthorizeResult.ALLOW).or(zod.z.literal(pluginPermissionCommon.AuthorizeResult.DENY))
11
+ result: zod.z.union([
12
+ zod.z.literal(pluginPermissionCommon.AuthorizeResult.ALLOW),
13
+ zod.z.literal(pluginPermissionCommon.AuthorizeResult.DENY),
14
+ zod.z.array(
15
+ zod.z.union([
16
+ zod.z.literal(pluginPermissionCommon.AuthorizeResult.ALLOW),
17
+ zod.z.literal(pluginPermissionCommon.AuthorizeResult.DENY)
18
+ ])
19
+ )
20
+ ])
12
21
  })
13
22
  )
14
23
  });
@@ -29,14 +38,7 @@ class PermissionIntegrationClient {
29
38
  const response = await fetch(endpoint, {
30
39
  method: "POST",
31
40
  body: JSON.stringify({
32
- items: decisions.map(
33
- ({ id, resourceRef, resourceType, conditions }) => ({
34
- id,
35
- resourceRef,
36
- resourceType,
37
- conditions
38
- })
39
- )
41
+ items: decisions
40
42
  }),
41
43
  headers: {
42
44
  ...token ? { authorization: `Bearer ${token}` } : {},
package/dist/service/PermissionIntegrationClient.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"PermissionIntegrationClient.cjs.js","sources":["../../src/service/PermissionIntegrationClient.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport {\n AuthorizeResult,\n ConditionalPolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n} from '@backstage/plugin-permission-node';\nimport {\n AuthService,\n BackstageCredentials,\n DiscoveryService,\n} from '@backstage/backend-plugin-api';\nimport { ResponseError } from '@backstage/errors';\n\nconst responseSchema = z.object({\n items: z.array(\n z.object({\n id: z.string(),\n result: z\n .literal(AuthorizeResult.ALLOW)\n .or(z.literal(AuthorizeResult.DENY)),\n }),\n ),\n});\n\nexport type ResourcePolicyDecision = ConditionalPolicyDecision & {\n resourceRef: string;\n};\n\nexport class PermissionIntegrationClient {\n private readonly discovery: DiscoveryService;\n private readonly auth: AuthService;\n\n constructor(options: { discovery: DiscoveryService; auth: AuthService }) {\n this.discovery = options.discovery;\n this.auth = options.auth;\n }\n\n async applyConditions(\n pluginId: string,\n credentials: BackstageCredentials,\n decisions: readonly ApplyConditionsRequestEntry[],\n ): Promise<ApplyConditionsResponseEntry[]> {\n const baseUrl = await this.discovery.getBaseUrl(pluginId);\n const endpoint = `${baseUrl}/.well-known/backstage/permissions/apply-conditions`;\n\n const token = this.auth.isPrincipal(credentials, 'none')\n ? undefined\n : await this.auth\n .getPluginRequestToken({\n onBehalfOf: credentials,\n targetPluginId: pluginId,\n })\n .then(t => t.token);\n\n const response = await fetch(endpoint, {\n method: 'POST',\n body: JSON.stringify({\n items: decisions.map(\n ({ id, resourceRef, resourceType, conditions }) => ({\n id,\n resourceRef,\n resourceType,\n conditions,\n }),\n ),\n }),\n headers: {\n ...(token ? { authorization: `Bearer ${token}` } : {}),\n 'content-type': 'application/json',\n },\n });\n\n if (!response.ok) {\n throw await ResponseError.fromResponse(response);\n }\n\n const result = responseSchema.parse(await response.json());\n\n return result.items;\n }\n}\n"],"names":["z","AuthorizeResult","ResponseError"],"mappings":";;;;;;AAgCA,MAAM,cAAA,GAAiBA,MAAE,MAAO,CAAA;AAAA,EAC9B,OAAOA,KAAE,CAAA,KAAA;AAAA,IACPA,MAAE,MAAO,CAAA;AAAA,MACP,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,MACb,MAAA,EAAQA,KACL,CAAA,OAAA,CAAQC,sCAAgB,CAAA,KAAK,CAC7B,CAAA,EAAA,CAAGD,KAAE,CAAA,OAAA,CAAQC,sCAAgB,CAAA,IAAI,CAAC;AAAA,KACtC;AAAA;AAEL,CAAC,CAAA;AAMM,MAAM,2BAA4B,CAAA;AAAA,EACtB,SAAA;AAAA,EACA,IAAA;AAAA,EAEjB,YAAY,OAA6D,EAAA;AACvE,IAAA,IAAA,CAAK,YAAY,OAAQ,CAAA,SAAA;AACzB,IAAA,IAAA,CAAK,OAAO,OAAQ,CAAA,IAAA;AAAA;AACtB,EAEA,MAAM,eAAA,CACJ,QACA,EAAA,WAAA,EACA,SACyC,EAAA;AACzC,IAAA,MAAM,OAAU,GAAA,MAAM,IAAK,CAAA,SAAA,CAAU,WAAW,QAAQ,CAAA;AACxD,IAAM,MAAA,QAAA,GAAW,GAAG,OAAO,CAAA,mDAAA,CAAA;AAE3B,IAAM,MAAA,KAAA,GAAQ,IAAK,CAAA,IAAA,CAAK,WAAY,CAAA,WAAA,EAAa,MAAM,CAAA,GACnD,KACA,CAAA,GAAA,MAAM,IAAK,CAAA,IAAA,CACR,qBAAsB,CAAA;AAAA,MACrB,UAAY,EAAA,WAAA;AAAA,MACZ,cAAgB,EAAA;AAAA,KACjB,CAAA,CACA,IAAK,CAAA,CAAA,CAAA,KAAK,EAAE,KAAK,CAAA;AAExB,IAAM,MAAA,QAAA,GAAW,MAAM,KAAA,CAAM,QAAU,EAAA;AAAA,MACrC,MAAQ,EAAA,MAAA;AAAA,MACR,IAAA,EAAM,KAAK,SAAU,CAAA;AAAA,QACnB,OAAO,SAAU,CAAA,GAAA;AAAA,UACf,CAAC,EAAE,EAAA,EAAI,WAAa,EAAA,YAAA,EAAc,YAAkB,MAAA;AAAA,YAClD,EAAA;AAAA,YACA,WAAA;AAAA,YACA,YAAA;AAAA,YACA;AAAA,WACF;AAAA;AACF,OACD,CAAA;AAAA,MACD,OAAS,EAAA;AAAA,QACP,GAAI,QAAQ,EAAE,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA,KAAO,EAAC;AAAA,QACpD,cAAgB,EAAA;AAAA;AAClB,KACD,CAAA;AAED,IAAI,IAAA,CAAC,SAAS,EAAI,EAAA;AAChB,MAAM,MAAA,MAAMC,oBAAc,CAAA,YAAA,CAAa,QAAQ,CAAA;AAAA;AAGjD,IAAA,MAAM,SAAS,cAAe,CAAA,KAAA,CAAM,MAAM,QAAA,CAAS,MAAM,CAAA;AAEzD,IAAA,OAAO,MAAO,CAAA,KAAA;AAAA;AAElB;;;;"}
1
+ {"version":3,"file":"PermissionIntegrationClient.cjs.js","sources":["../../src/service/PermissionIntegrationClient.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport {\n AuthorizeResult,\n ConditionalPolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n} from '@backstage/plugin-permission-node';\nimport {\n AuthService,\n BackstageCredentials,\n DiscoveryService,\n} from '@backstage/backend-plugin-api';\nimport { ResponseError } from '@backstage/errors';\n\nconst responseSchema = z.object({\n items: z.array(\n z.object({\n id: z.string(),\n result: z.union([\n z.literal(AuthorizeResult.ALLOW),\n z.literal(AuthorizeResult.DENY),\n z.array(\n z.union([\n z.literal(AuthorizeResult.ALLOW),\n z.literal(AuthorizeResult.DENY),\n ]),\n ),\n ]),\n }),\n ),\n});\n\nexport type ResourcePolicyDecision = ConditionalPolicyDecision & {\n resourceRef: string;\n};\n\n/**\n * @internal\n */\nexport class PermissionIntegrationClient {\n private readonly discovery: DiscoveryService;\n private readonly auth: AuthService;\n\n constructor(options: { discovery: DiscoveryService; auth: AuthService }) {\n this.discovery = options.discovery;\n this.auth = options.auth;\n }\n\n async applyConditions(\n pluginId: string,\n credentials: BackstageCredentials,\n decisions: readonly ApplyConditionsRequestEntry[],\n ): Promise<ApplyConditionsResponseEntry[]> {\n const baseUrl = await this.discovery.getBaseUrl(pluginId);\n const endpoint = `${baseUrl}/.well-known/backstage/permissions/apply-conditions`;\n\n const token = this.auth.isPrincipal(credentials, 'none')\n ? undefined\n : await this.auth\n .getPluginRequestToken({\n onBehalfOf: credentials,\n targetPluginId: pluginId,\n })\n .then(t => t.token);\n\n const response = await fetch(endpoint, {\n method: 'POST',\n body: JSON.stringify({\n items: decisions,\n }),\n headers: {\n ...(token ? { authorization: `Bearer ${token}` } : {}),\n 'content-type': 'application/json',\n },\n });\n\n if (!response.ok) {\n throw await ResponseError.fromResponse(response);\n }\n\n const result = responseSchema.parse(await response.json());\n\n return result.items;\n }\n}\n"],"names":["z","AuthorizeResult","ResponseError"],"mappings":";;;;;;AAgCA,MAAM,cAAA,GAAiBA,MAAE,MAAO,CAAA;AAAA,EAC9B,OAAOA,KAAE,CAAA,KAAA;AAAA,IACPA,MAAE,MAAO,CAAA;AAAA,MACP,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,MACb,MAAA,EAAQA,MAAE,KAAM,CAAA;AAAA,QACdA,KAAA,CAAE,OAAQ,CAAAC,sCAAA,CAAgB,KAAK,CAAA;AAAA,QAC/BD,KAAA,CAAE,OAAQ,CAAAC,sCAAA,CAAgB,IAAI,CAAA;AAAA,QAC9BD,KAAE,CAAA,KAAA;AAAA,UACAA,MAAE,KAAM,CAAA;AAAA,YACNA,KAAA,CAAE,OAAQ,CAAAC,sCAAA,CAAgB,KAAK,CAAA;AAAA,YAC/BD,KAAA,CAAE,OAAQ,CAAAC,sCAAA,CAAgB,IAAI;AAAA,WAC/B;AAAA;AACH,OACD;AAAA,KACF;AAAA;AAEL,CAAC,CAAA;AASM,MAAM,2BAA4B,CAAA;AAAA,EACtB,SAAA;AAAA,EACA,IAAA;AAAA,EAEjB,YAAY,OAA6D,EAAA;AACvE,IAAA,IAAA,CAAK,YAAY,OAAQ,CAAA,SAAA;AACzB,IAAA,IAAA,CAAK,OAAO,OAAQ,CAAA,IAAA;AAAA;AACtB,EAEA,MAAM,eAAA,CACJ,QACA,EAAA,WAAA,EACA,SACyC,EAAA;AACzC,IAAA,MAAM,OAAU,GAAA,MAAM,IAAK,CAAA,SAAA,CAAU,WAAW,QAAQ,CAAA;AACxD,IAAM,MAAA,QAAA,GAAW,GAAG,OAAO,CAAA,mDAAA,CAAA;AAE3B,IAAM,MAAA,KAAA,GAAQ,IAAK,CAAA,IAAA,CAAK,WAAY,CAAA,WAAA,EAAa,MAAM,CAAA,GACnD,KACA,CAAA,GAAA,MAAM,IAAK,CAAA,IAAA,CACR,qBAAsB,CAAA;AAAA,MACrB,UAAY,EAAA,WAAA;AAAA,MACZ,cAAgB,EAAA;AAAA,KACjB,CAAA,CACA,IAAK,CAAA,CAAA,CAAA,KAAK,EAAE,KAAK,CAAA;AAExB,IAAM,MAAA,QAAA,GAAW,MAAM,KAAA,CAAM,QAAU,EAAA;AAAA,MACrC,MAAQ,EAAA,MAAA;AAAA,MACR,IAAA,EAAM,KAAK,SAAU,CAAA;AAAA,QACnB,KAAO,EAAA;AAAA,OACR,CAAA;AAAA,MACD,OAAS,EAAA;AAAA,QACP,GAAI,QAAQ,EAAE,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA,KAAO,EAAC;AAAA,QACpD,cAAgB,EAAA;AAAA;AAClB,KACD,CAAA;AAED,IAAI,IAAA,CAAC,SAAS,EAAI,EAAA;AAChB,MAAM,MAAA,MAAMC,oBAAc,CAAA,YAAA,CAAa,QAAQ,CAAA;AAAA;AAGjD,IAAA,MAAM,SAAS,cAAe,CAAA,KAAA,CAAM,MAAM,QAAA,CAAS,MAAM,CAAA;AAEzD,IAAA,OAAO,MAAO,CAAA,KAAA;AAAA;AAElB;;;;"}
package/dist/service/router.cjs.js CHANGED
@@ -3,7 +3,6 @@
3
3
  var zod = require('zod');
4
4
  var express = require('express');
5
5
  var Router = require('express-promise-router');
6
- var backendCommon = require('@backstage/backend-common');
7
6
  var errors = require('@backstage/errors');
8
7
  var pluginPermissionCommon = require('@backstage/plugin-permission-common');
9
8
  var PermissionIntegrationClient = require('./PermissionIntegrationClient.cjs.js');
@@ -43,7 +42,7 @@ const evaluatePermissionRequestSchema = zod.z.union([
43
42
  }),
44
43
  zod.z.object({
45
44
  id: zod.z.string(),
46
- resourceRef: zod.z.string().optional(),
45
+ resourceRef: zod.z.union([zod.z.string(), zod.z.array(zod.z.string()).nonempty()]).optional(),
47
46
  permission: resourcePermissionSchema
48
47
  })
49
48
  ]);
@@ -77,10 +76,10 @@ const handleRequest = async (requests, policy, permissionIntegrationClient, cred
77
76
  }
78
77
  return Promise.all(
79
78
  requests.map(
80
- ({ id, resourceRef, ...request }) => policy.handle(request, user).then((decision) => {
79
+ (request) => policy.handle({ permission: request.permission }, user).then(async (decision) => {
81
80
  if (decision.result !== pluginPermissionCommon.AuthorizeResult.CONDITIONAL) {
82
81
  return {
83
- id,
82
+ id: request.id,
84
83
  ...decision
85
84
  };
86
85
  }
@@ -94,15 +93,15 @@ const handleRequest = async (requests, policy, permissionIntegrationClient, cred
94
93
  `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`
95
94
  );
96
95
  }
97
- if (!resourceRef) {
96
+ if (!request.resourceRef) {
98
97
  return {
99
- id,
98
+ id: request.id,
100
99
  ...decision
101
100
  };
102
101
  }
103
102
  return applyConditionsLoaderFor(decision.pluginId).load({
104
- id,
105
- resourceRef,
103
+ id: request.id,
104
+ resourceRef: request.resourceRef,
106
105
  ...decision
107
106
  });
108
107
  })
@@ -110,8 +109,7 @@ const handleRequest = async (requests, policy, permissionIntegrationClient, cred
110
109
  );
111
110
  };
112
111
  async function createRouter(options) {
113
- const { policy, discovery, config, logger } = options;
114
- const { auth, httpAuth, userInfo } = backendCommon.createLegacyAuthAdapters(options);
112
+ const { policy, discovery, config, logger, auth, httpAuth, userInfo } = options;
115
113
  if (!config.getOptionalBoolean("permission.enabled")) {
116
114
  logger.warn(
117
115
  "Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true."
package/dist/service/router.cjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"router.cjs.js","sources":["../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { createLegacyAuthAdapters } from '@backstage/backend-common';\nimport { InputError } from '@backstage/errors';\nimport { IdentityApi } from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n EvaluatePermissionRequest,\n EvaluatePermissionRequestBatch,\n EvaluatePermissionResponse,\n EvaluatePermissionResponseBatch,\n IdentifiedPermissionMessage,\n isResourcePermission,\n PermissionAttributes,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n PermissionPolicy,\n PolicyQueryUser,\n} from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\nimport { memoize } from 'lodash';\nimport DataLoader from 'dataloader';\nimport {\n AuthService,\n BackstageCredentials,\n BackstageNonePrincipal,\n BackstageUserPrincipal,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n RootConfigService,\n UserInfoService,\n} from '@backstage/backend-plugin-api';\n\nconst attributesSchema: z.ZodSchema<PermissionAttributes> = z.object({\n action: z\n .union([\n z.literal('create'),\n z.literal('read'),\n z.literal('update'),\n z.literal('delete'),\n ])\n .optional(),\n});\n\nconst basicPermissionSchema = z.object({\n type: z.literal('basic'),\n name: z.string(),\n attributes: attributesSchema,\n});\n\nconst resourcePermissionSchema = z.object({\n type: z.literal('resource'),\n name: z.string(),\n attributes: attributesSchema,\n resourceType: z.string(),\n});\n\nconst evaluatePermissionRequestSchema: z.ZodSchema<\n IdentifiedPermissionMessage<EvaluatePermissionRequest>\n> = z.union([\n z.object({\n id: z.string(),\n resourceRef: z.undefined().optional(),\n permission: basicPermissionSchema,\n }),\n z.object({\n id: z.string(),\n resourceRef: z.string().optional(),\n permission: resourcePermissionSchema,\n }),\n]);\n\nconst evaluatePermissionRequestBatchSchema: z.ZodSchema<EvaluatePermissionRequestBatch> =\n z.object({\n items: z.array(evaluatePermissionRequestSchema),\n });\n\n/**\n * Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n *\n * @public\n * @deprecated Please migrate to the new backend system as this will be removed in the future.\n */\nexport interface RouterOptions {\n logger: LoggerService;\n discovery: DiscoveryService;\n policy: PermissionPolicy;\n identity?: IdentityApi;\n config: RootConfigService;\n auth?: AuthService;\n httpAuth?: HttpAuthService;\n userInfo?: UserInfoService;\n}\n\nconst handleRequest = async (\n requests: IdentifiedPermissionMessage<EvaluatePermissionRequest>[],\n policy: PermissionPolicy,\n permissionIntegrationClient: PermissionIntegrationClient,\n credentials: BackstageCredentials<\n BackstageNonePrincipal | BackstageUserPrincipal\n >,\n auth: AuthService,\n userInfo: UserInfoService,\n): Promise<IdentifiedPermissionMessage<EvaluatePermissionResponse>[]> => {\n const applyConditionsLoaderFor = memoize((pluginId: string) => {\n return new DataLoader<\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry\n >(batch =>\n permissionIntegrationClient.applyConditions(pluginId, credentials, batch),\n );\n });\n\n let user: PolicyQueryUser | undefined;\n if (auth.isPrincipal(credentials, 'user')) {\n const info = await userInfo.getUserInfo(credentials);\n const { token } = await auth.getPluginRequestToken({\n onBehalfOf: credentials,\n targetPluginId: 'catalog', // TODO: unknown at this point\n });\n user = {\n identity: {\n type: 'user',\n userEntityRef: credentials.principal.userEntityRef,\n ownershipEntityRefs: info.ownershipEntityRefs,\n },\n token,\n credentials,\n info,\n };\n }\n\n return Promise.all(\n requests.map(({ id, resourceRef, ...request }) =>\n policy.handle(request, user).then(decision => {\n if (decision.result !== AuthorizeResult.CONDITIONAL) {\n return {\n id,\n ...decision,\n };\n }\n\n if (!isResourcePermission(request.permission)) {\n throw new Error(\n `Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`,\n );\n }\n\n if (decision.resourceType !== request.permission.resourceType) {\n throw new Error(\n `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n );\n }\n\n if (!resourceRef) {\n return {\n id,\n ...decision,\n };\n }\n\n return applyConditionsLoaderFor(decision.pluginId).load({\n id,\n resourceRef,\n ...decision,\n });\n }),\n ),\n );\n};\n\n/**\n * Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n *\n * @deprecated Please migrate to the new backend system as this will be removed in the future.\n * @public\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { policy, discovery, config, logger } = options;\n const { auth, httpAuth, userInfo } = createLegacyAuthAdapters(options);\n\n if (!config.getOptionalBoolean('permission.enabled')) {\n logger.warn(\n 'Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.',\n );\n }\n\n const disabledDefaultAuthPolicy =\n config.getOptionalBoolean(\n 'backend.auth.dangerouslyDisableDefaultAuthPolicy',\n ) ?? false;\n\n const permissionIntegrationClient = new PermissionIntegrationClient({\n discovery,\n auth,\n });\n\n const router = Router();\n router.use(express.json());\n\n router.get('/health', (_, response) => {\n response.json({ status: 'ok' });\n });\n\n router.post(\n '/authorize',\n async (\n req: Request<EvaluatePermissionRequestBatch>,\n res: Response<EvaluatePermissionResponseBatch>,\n ) => {\n const credentials = await httpAuth.credentials(req, {\n allow: ['user', 'none'],\n });\n\n const parseResult = evaluatePermissionRequestBatchSchema.safeParse(\n req.body,\n );\n\n if (!parseResult.success) {\n throw new InputError(parseResult.error.toString());\n }\n\n const body = parseResult.data;\n\n if (\n (auth.isPrincipal(credentials, 'none') && !disabledDefaultAuthPolicy) ||\n (auth.isPrincipal(credentials, 'user') && !credentials.principal.actor)\n ) {\n if (\n body.items.some(\n r =>\n isResourcePermission(r.permission) && r.resourceRef === undefined,\n )\n ) {\n throw new InputError(\n 'Resource permissions require a resourceRef to be set. Direct user requests without a resourceRef are not allowed.',\n );\n }\n }\n\n res.json({\n items: await handleRequest(\n body.items,\n policy,\n permissionIntegrationClient,\n credentials,\n auth,\n userInfo,\n ),\n });\n },\n );\n\n return router;\n}\n"],"names":["z","memoize","DataLoader","AuthorizeResult","isResourcePermission","createLegacyAuthAdapters","PermissionIntegrationClient","Router","express","InputError"],"mappings":";;;;;;;;;;;;;;;;;;AAqDA,MAAM,gBAAA,GAAsDA,MAAE,MAAO,CAAA;AAAA,EACnE,MAAA,EAAQA,MACL,KAAM,CAAA;AAAA,IACLA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,IAClBA,KAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,IAClBA,KAAA,CAAE,QAAQ,QAAQ;AAAA,GACnB,EACA,QAAS;AACd,CAAC,CAAA;AAED,MAAM,qBAAA,GAAwBA,MAAE,MAAO,CAAA;AAAA,EACrC,IAAA,EAAMA,KAAE,CAAA,OAAA,CAAQ,OAAO,CAAA;AAAA,EACvB,IAAA,EAAMA,MAAE,MAAO,EAAA;AAAA,EACf,UAAY,EAAA;AACd,CAAC,CAAA;AAED,MAAM,wBAAA,GAA2BA,MAAE,MAAO,CAAA;AAAA,EACxC,IAAA,EAAMA,KAAE,CAAA,OAAA,CAAQ,UAAU,CAAA;AAAA,EAC1B,IAAA,EAAMA,MAAE,MAAO,EAAA;AAAA,EACf,UAAY,EAAA,gBAAA;AAAA,EACZ,YAAA,EAAcA,MAAE,MAAO;AACzB,CAAC,CAAA;AAED,MAAM,+BAAA,GAEFA,MAAE,KAAM,CAAA;AAAA,EACVA,MAAE,MAAO,CAAA;AAAA,IACP,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,IACb,WAAa,EAAAA,KAAA,CAAE,SAAU,EAAA,CAAE,QAAS,EAAA;AAAA,IACpC,UAAY,EAAA;AAAA,GACb,CAAA;AAAA,EACDA,MAAE,MAAO,CAAA;AAAA,IACP,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,IACb,WAAa,EAAAA,KAAA,CAAE,MAAO,EAAA,CAAE,QAAS,EAAA;AAAA,IACjC,UAAY,EAAA;AAAA,GACb;AACH,CAAC,CAAA;AAED,MAAM,oCAAA,GACJA,MAAE,MAAO,CAAA;AAAA,EACP,KAAA,EAAOA,KAAE,CAAA,KAAA,CAAM,+BAA+B;AAChD,CAAC,CAAA;AAoBH,MAAM,gBAAgB,OACpB,QAAA,EACA,QACA,2BACA,EAAA,WAAA,EAGA,MACA,QACuE,KAAA;AACvE,EAAM,MAAA,wBAAA,GAA2BC,cAAQ,CAAA,CAAC,QAAqB,KAAA;AAC7D,IAAA,OAAO,IAAIC,2BAAA;AAAA,MAGT,CACA,KAAA,KAAA,2BAAA,CAA4B,eAAgB,CAAA,QAAA,EAAU,aAAa,KAAK;AAAA,KAC1E;AAAA,GACD,CAAA;AAED,EAAI,IAAA,IAAA;AACJ,EAAA,IAAI,IAAK,CAAA,WAAA,CAAY,WAAa,EAAA,MAAM,CAAG,EAAA;AACzC,IAAA,MAAM,IAAO,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,WAAW,CAAA;AACnD,IAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,KAAK,qBAAsB,CAAA;AAAA,MACjD,UAAY,EAAA,WAAA;AAAA,MACZ,cAAgB,EAAA;AAAA;AAAA,KACjB,CAAA;AACD,IAAO,IAAA,GAAA;AAAA,MACL,QAAU,EAAA;AAAA,QACR,IAAM,EAAA,MAAA;AAAA,QACN,aAAA,EAAe,YAAY,SAAU,CAAA,aAAA;AAAA,QACrC,qBAAqB,IAAK,CAAA;AAAA,OAC5B;AAAA,MACA,KAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACF;AAAA;AAGF,EAAA,OAAO,OAAQ,CAAA,GAAA;AAAA,IACb,QAAS,CAAA,GAAA;AAAA,MAAI,CAAC,EAAE,EAAI,EAAA,WAAA,EAAa,GAAG,OAAA,EAClC,KAAA,MAAA,CAAO,MAAO,CAAA,OAAA,EAAS,IAAI,CAAA,CAAE,KAAK,CAAY,QAAA,KAAA;AAC5C,QAAI,IAAA,QAAA,CAAS,MAAW,KAAAC,sCAAA,CAAgB,WAAa,EAAA;AACnD,UAAO,OAAA;AAAA,YACL,EAAA;AAAA,YACA,GAAG;AAAA,WACL;AAAA;AAGF,QAAA,IAAI,CAACC,2CAAA,CAAqB,OAAQ,CAAA,UAAU,CAAG,EAAA;AAC7C,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,iFAAA,EAAoF,OAAQ,CAAA,UAAA,CAAW,IAAI,CAAA;AAAA,WAC7G;AAAA;AAGF,QAAA,IAAI,QAAS,CAAA,YAAA,KAAiB,OAAQ,CAAA,UAAA,CAAW,YAAc,EAAA;AAC7D,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,2EAAA,EAA8E,OAAQ,CAAA,UAAA,CAAW,IAAI,CAAA;AAAA,WACvG;AAAA;AAGF,QAAA,IAAI,CAAC,WAAa,EAAA;AAChB,UAAO,OAAA;AAAA,YACL,EAAA;AAAA,YACA,GAAG;AAAA,WACL;AAAA;AAGF,QAAA,OAAO,wBAAyB,CAAA,QAAA,CAAS,QAAQ,CAAA,CAAE,IAAK,CAAA;AAAA,UACtD,EAAA;AAAA,UACA,WAAA;AAAA,UACA,GAAG;AAAA,SACJ,CAAA;AAAA,OACF;AAAA;AACH,GACF;AACF,CAAA;AASA,eAAsB,aACpB,OACyB,EAAA;AACzB,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAW,EAAA,MAAA,EAAQ,QAAW,GAAA,OAAA;AAC9C,EAAA,MAAM,EAAE,IAAM,EAAA,QAAA,EAAU,QAAS,EAAA,GAAIC,uCAAyB,OAAO,CAAA;AAErE,EAAA,IAAI,CAAC,MAAA,CAAO,kBAAmB,CAAA,oBAAoB,CAAG,EAAA;AACpD,IAAO,MAAA,CAAA,IAAA;AAAA,MACL;AAAA,KACF;AAAA;AAGF,EAAA,MAAM,4BACJ,MAAO,CAAA,kBAAA;AAAA,IACL;AAAA,GACG,IAAA,KAAA;AAEP,EAAM,MAAA,2BAAA,GAA8B,IAAIC,uDAA4B,CAAA;AAAA,IAClE,SAAA;AAAA,IACA;AAAA,GACD,CAAA;AAED,EAAA,MAAM,SAASC,uBAAO,EAAA;AACtB,EAAO,MAAA,CAAA,GAAA,CAAIC,wBAAQ,CAAA,IAAA,EAAM,CAAA;AAEzB,EAAA,MAAA,CAAO,GAAI,CAAA,SAAA,EAAW,CAAC,CAAA,EAAG,QAAa,KAAA;AACrC,IAAA,QAAA,CAAS,IAAK,CAAA,EAAE,MAAQ,EAAA,IAAA,EAAM,CAAA;AAAA,GAC/B,CAAA;AAED,EAAO,MAAA,CAAA,IAAA;AAAA,IACL,YAAA;AAAA,IACA,OACE,KACA,GACG,KAAA;AACH,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAK,EAAA;AAAA,QAClD,KAAA,EAAO,CAAC,MAAA,EAAQ,MAAM;AAAA,OACvB,CAAA;AAED,MAAA,MAAM,cAAc,oCAAqC,CAAA,SAAA;AAAA,QACvD,GAAI,CAAA;AAAA,OACN;AAEA,MAAI,IAAA,CAAC,YAAY,OAAS,EAAA;AACxB,QAAA,MAAM,IAAIC,iBAAA,CAAW,WAAY,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAGnD,MAAA,MAAM,OAAO,WAAY,CAAA,IAAA;AAEzB,MAAA,IACG,IAAK,CAAA,WAAA,CAAY,WAAa,EAAA,MAAM,KAAK,CAAC,yBAAA,IAC1C,IAAK,CAAA,WAAA,CAAY,aAAa,MAAM,CAAA,IAAK,CAAC,WAAA,CAAY,UAAU,KACjE,EAAA;AACA,QAAA,IACE,KAAK,KAAM,CAAA,IAAA;AAAA,UACT,OACEL,2CAAqB,CAAA,CAAA,CAAE,UAAU,CAAA,IAAK,EAAE,WAAgB,KAAA,KAAA;AAAA,SAE5D,EAAA;AACA,UAAA,MAAM,IAAIK,iBAAA;AAAA,YACR;AAAA,WACF;AAAA;AACF;AAGF,MAAA,GAAA,CAAI,IAAK,CAAA;AAAA,QACP,OAAO,MAAM,aAAA;AAAA,UACX,IAAK,CAAA,KAAA;AAAA,UACL,MAAA;AAAA,UACA,2BAAA;AAAA,UACA,WAAA;AAAA,UACA,IAAA;AAAA,UACA;AAAA;AACF,OACD,CAAA;AAAA;AACH,GACF;AAEA,EAAO,OAAA,MAAA;AACT;;;;"}
1
+ {"version":3,"file":"router.cjs.js","sources":["../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { z } from 'zod';\nimport express, { Request, Response } from 'express';\nimport Router from 'express-promise-router';\nimport { InputError } from '@backstage/errors';\nimport { IdentityApi } from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n EvaluatePermissionResponse,\n IdentifiedPermissionMessage,\n isResourcePermission,\n PermissionAttributes,\n PermissionMessageBatch,\n} from '@backstage/plugin-permission-common';\nimport {\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry,\n PermissionPolicy,\n PolicyQueryUser,\n} from '@backstage/plugin-permission-node';\nimport { PermissionIntegrationClient } from './PermissionIntegrationClient';\nimport { memoize } from 'lodash';\nimport DataLoader from 'dataloader';\nimport {\n AuthService,\n BackstageCredentials,\n BackstageNonePrincipal,\n BackstageUserPrincipal,\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n RootConfigService,\n UserInfoService,\n} from '@backstage/backend-plugin-api';\n\nconst attributesSchema: z.ZodSchema<PermissionAttributes> = z.object({\n action: z\n .union([\n z.literal('create'),\n z.literal('read'),\n z.literal('update'),\n z.literal('delete'),\n ])\n .optional(),\n});\n\nconst basicPermissionSchema = z.object({\n type: z.literal('basic'),\n name: z.string(),\n attributes: attributesSchema,\n});\n\nconst resourcePermissionSchema = z.object({\n type: z.literal('resource'),\n name: z.string(),\n attributes: attributesSchema,\n resourceType: z.string(),\n});\n\nconst evaluatePermissionRequestSchema = z.union([\n z.object({\n id: z.string(),\n resourceRef: z.undefined().optional(),\n permission: basicPermissionSchema,\n }),\n z.object({\n id: z.string(),\n resourceRef: z\n .union([z.string(), z.array(z.string()).nonempty()])\n .optional(),\n permission: resourcePermissionSchema,\n }),\n]);\n\nconst evaluatePermissionRequestBatchSchema = z.object({\n items: z.array(evaluatePermissionRequestSchema),\n});\n\n/**\n * Options required when constructing a new {@link express#Router} using\n * {@link createRouter}.\n *\n * @internal\n */\nexport interface RouterOptions {\n logger: LoggerService;\n discovery: DiscoveryService;\n policy: PermissionPolicy;\n identity?: IdentityApi;\n config: RootConfigService;\n auth: AuthService;\n httpAuth: HttpAuthService;\n userInfo: UserInfoService;\n}\n\nconst handleRequest = async (\n requests: z.infer<typeof evaluatePermissionRequestBatchSchema>['items'],\n policy: PermissionPolicy,\n permissionIntegrationClient: PermissionIntegrationClient,\n credentials: BackstageCredentials<\n BackstageNonePrincipal | BackstageUserPrincipal\n >,\n auth: AuthService,\n userInfo: UserInfoService,\n): Promise<\n IdentifiedPermissionMessage<InternalEvaluatePermissionResponse>[]\n> => {\n const applyConditionsLoaderFor = memoize((pluginId: string) => {\n return new DataLoader<\n ApplyConditionsRequestEntry,\n ApplyConditionsResponseEntry\n >(batch =>\n permissionIntegrationClient.applyConditions(pluginId, credentials, batch),\n );\n });\n\n let user: PolicyQueryUser | undefined;\n if (auth.isPrincipal(credentials, 'user')) {\n const info = await userInfo.getUserInfo(credentials);\n const { token } = await auth.getPluginRequestToken({\n onBehalfOf: credentials,\n targetPluginId: 'catalog', // TODO: unknown at this point\n });\n user = {\n identity: {\n type: 'user',\n userEntityRef: credentials.principal.userEntityRef,\n ownershipEntityRefs: info.ownershipEntityRefs,\n },\n token,\n credentials,\n info,\n };\n }\n\n return Promise.all(\n requests.map(request =>\n policy\n .handle({ permission: request.permission }, user)\n .then(async decision => {\n if (decision.result !== AuthorizeResult.CONDITIONAL) {\n return {\n id: request.id,\n ...decision,\n };\n }\n\n if (!isResourcePermission(request.permission)) {\n throw new Error(\n `Conditional decision returned from permission policy for non-resource permission ${request.permission.name}`,\n );\n }\n\n if (decision.resourceType !== request.permission.resourceType) {\n throw new Error(\n `Invalid resource conditions returned from permission policy for permission ${request.permission.name}`,\n );\n }\n\n if (!request.resourceRef) {\n return {\n id: request.id,\n ...decision,\n };\n }\n\n return applyConditionsLoaderFor(decision.pluginId).load({\n id: request.id,\n resourceRef: request.resourceRef,\n ...decision,\n });\n }),\n ),\n );\n};\n\n/**\n * Creates a new {@link express#Router} which provides the backend API\n * for the permission system.\n *\n * @internal\n */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { policy, discovery, config, logger, auth, httpAuth, userInfo } =\n options;\n\n if (!config.getOptionalBoolean('permission.enabled')) {\n logger.warn(\n 'Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true.',\n );\n }\n\n const disabledDefaultAuthPolicy =\n config.getOptionalBoolean(\n 'backend.auth.dangerouslyDisableDefaultAuthPolicy',\n ) ?? false;\n\n const permissionIntegrationClient = new PermissionIntegrationClient({\n discovery,\n auth,\n });\n\n const router = Router();\n router.use(express.json());\n\n router.get('/health', (_, response) => {\n response.json({ status: 'ok' });\n });\n\n router.post(\n '/authorize',\n async (\n req: Request,\n res: Response<PermissionMessageBatch<InternalEvaluatePermissionResponse>>,\n ) => {\n const credentials = await httpAuth.credentials(req, {\n allow: ['user', 'none'],\n });\n\n const parseResult = evaluatePermissionRequestBatchSchema.safeParse(\n req.body,\n );\n\n if (!parseResult.success) {\n throw new InputError(parseResult.error.toString());\n }\n\n const body = parseResult.data;\n\n if (\n (auth.isPrincipal(credentials, 'none') && !disabledDefaultAuthPolicy) ||\n (auth.isPrincipal(credentials, 'user') && !credentials.principal.actor)\n ) {\n if (\n body.items.some(\n r =>\n isResourcePermission(r.permission) && r.resourceRef === undefined,\n )\n ) {\n throw new InputError(\n 'Resource permissions require a resourceRef to be set. Direct user requests without a resourceRef are not allowed.',\n );\n }\n }\n\n res.json({\n items: await handleRequest(\n body.items,\n policy,\n permissionIntegrationClient,\n credentials,\n auth,\n userInfo,\n ),\n });\n },\n );\n\n return router;\n}\n\n/**\n * @internal\n */\ntype InternalEvaluatePermissionResponse =\n | EvaluatePermissionResponse\n | {\n result: Array<AuthorizeResult.ALLOW | AuthorizeResult.DENY>;\n };\n"],"names":["z","memoize","DataLoader","AuthorizeResult","isResourcePermission","PermissionIntegrationClient","Router","express","InputError"],"mappings":";;;;;;;;;;;;;;;;;AAkDA,MAAM,gBAAA,GAAsDA,MAAE,MAAO,CAAA;AAAA,EACnE,MAAA,EAAQA,MACL,KAAM,CAAA;AAAA,IACLA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,IAClBA,KAAA,CAAE,QAAQ,MAAM,CAAA;AAAA,IAChBA,KAAA,CAAE,QAAQ,QAAQ,CAAA;AAAA,IAClBA,KAAA,CAAE,QAAQ,QAAQ;AAAA,GACnB,EACA,QAAS;AACd,CAAC,CAAA;AAED,MAAM,qBAAA,GAAwBA,MAAE,MAAO,CAAA;AAAA,EACrC,IAAA,EAAMA,KAAE,CAAA,OAAA,CAAQ,OAAO,CAAA;AAAA,EACvB,IAAA,EAAMA,MAAE,MAAO,EAAA;AAAA,EACf,UAAY,EAAA;AACd,CAAC,CAAA;AAED,MAAM,wBAAA,GAA2BA,MAAE,MAAO,CAAA;AAAA,EACxC,IAAA,EAAMA,KAAE,CAAA,OAAA,CAAQ,UAAU,CAAA;AAAA,EAC1B,IAAA,EAAMA,MAAE,MAAO,EAAA;AAAA,EACf,UAAY,EAAA,gBAAA;AAAA,EACZ,YAAA,EAAcA,MAAE,MAAO;AACzB,CAAC,CAAA;AAED,MAAM,+BAAA,GAAkCA,MAAE,KAAM,CAAA;AAAA,EAC9CA,MAAE,MAAO,CAAA;AAAA,IACP,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,IACb,WAAa,EAAAA,KAAA,CAAE,SAAU,EAAA,CAAE,QAAS,EAAA;AAAA,IACpC,UAAY,EAAA;AAAA,GACb,CAAA;AAAA,EACDA,MAAE,MAAO,CAAA;AAAA,IACP,EAAA,EAAIA,MAAE,MAAO,EAAA;AAAA,IACb,aAAaA,KACV,CAAA,KAAA,CAAM,CAACA,KAAA,CAAE,QAAU,EAAAA,KAAA,CAAE,KAAM,CAAAA,KAAA,CAAE,QAAQ,CAAA,CAAE,UAAU,CAAC,EAClD,QAAS,EAAA;AAAA,IACZ,UAAY,EAAA;AAAA,GACb;AACH,CAAC,CAAA;AAED,MAAM,oCAAA,GAAuCA,MAAE,MAAO,CAAA;AAAA,EACpD,KAAA,EAAOA,KAAE,CAAA,KAAA,CAAM,+BAA+B;AAChD,CAAC,CAAA;AAmBD,MAAM,gBAAgB,OACpB,QAAA,EACA,QACA,2BACA,EAAA,WAAA,EAGA,MACA,QAGG,KAAA;AACH,EAAM,MAAA,wBAAA,GAA2BC,cAAQ,CAAA,CAAC,QAAqB,KAAA;AAC7D,IAAA,OAAO,IAAIC,2BAAA;AAAA,MAGT,CACA,KAAA,KAAA,2BAAA,CAA4B,eAAgB,CAAA,QAAA,EAAU,aAAa,KAAK;AAAA,KAC1E;AAAA,GACD,CAAA;AAED,EAAI,IAAA,IAAA;AACJ,EAAA,IAAI,IAAK,CAAA,WAAA,CAAY,WAAa,EAAA,MAAM,CAAG,EAAA;AACzC,IAAA,MAAM,IAAO,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,WAAW,CAAA;AACnD,IAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,KAAK,qBAAsB,CAAA;AAAA,MACjD,UAAY,EAAA,WAAA;AAAA,MACZ,cAAgB,EAAA;AAAA;AAAA,KACjB,CAAA;AACD,IAAO,IAAA,GAAA;AAAA,MACL,QAAU,EAAA;AAAA,QACR,IAAM,EAAA,MAAA;AAAA,QACN,aAAA,EAAe,YAAY,SAAU,CAAA,aAAA;AAAA,QACrC,qBAAqB,IAAK,CAAA;AAAA,OAC5B;AAAA,MACA,KAAA;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACF;AAAA;AAGF,EAAA,OAAO,OAAQ,CAAA,GAAA;AAAA,IACb,QAAS,CAAA,GAAA;AAAA,MAAI,CACX,OAAA,KAAA,MAAA,CACG,MAAO,CAAA,EAAE,UAAY,EAAA,OAAA,CAAQ,UAAW,EAAA,EAAG,IAAI,CAAA,CAC/C,IAAK,CAAA,OAAM,QAAY,KAAA;AACtB,QAAI,IAAA,QAAA,CAAS,MAAW,KAAAC,sCAAA,CAAgB,WAAa,EAAA;AACnD,UAAO,OAAA;AAAA,YACL,IAAI,OAAQ,CAAA,EAAA;AAAA,YACZ,GAAG;AAAA,WACL;AAAA;AAGF,QAAA,IAAI,CAACC,2CAAA,CAAqB,OAAQ,CAAA,UAAU,CAAG,EAAA;AAC7C,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,iFAAA,EAAoF,OAAQ,CAAA,UAAA,CAAW,IAAI,CAAA;AAAA,WAC7G;AAAA;AAGF,QAAA,IAAI,QAAS,CAAA,YAAA,KAAiB,OAAQ,CAAA,UAAA,CAAW,YAAc,EAAA;AAC7D,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,2EAAA,EAA8E,OAAQ,CAAA,UAAA,CAAW,IAAI,CAAA;AAAA,WACvG;AAAA;AAGF,QAAI,IAAA,CAAC,QAAQ,WAAa,EAAA;AACxB,UAAO,OAAA;AAAA,YACL,IAAI,OAAQ,CAAA,EAAA;AAAA,YACZ,GAAG;AAAA,WACL;AAAA;AAGF,QAAA,OAAO,wBAAyB,CAAA,QAAA,CAAS,QAAQ,CAAA,CAAE,IAAK,CAAA;AAAA,UACtD,IAAI,OAAQ,CAAA,EAAA;AAAA,UACZ,aAAa,OAAQ,CAAA,WAAA;AAAA,UACrB,GAAG;AAAA,SACJ,CAAA;AAAA,OACF;AAAA;AACL,GACF;AACF,CAAA;AAQA,eAAsB,aACpB,OACyB,EAAA;AACzB,EAAM,MAAA,EAAE,QAAQ,SAAW,EAAA,MAAA,EAAQ,QAAQ,IAAM,EAAA,QAAA,EAAU,UACzD,GAAA,OAAA;AAEF,EAAA,IAAI,CAAC,MAAA,CAAO,kBAAmB,CAAA,oBAAoB,CAAG,EAAA;AACpD,IAAO,MAAA,CAAA,IAAA;AAAA,MACL;AAAA,KACF;AAAA;AAGF,EAAA,MAAM,4BACJ,MAAO,CAAA,kBAAA;AAAA,IACL;AAAA,GACG,IAAA,KAAA;AAEP,EAAM,MAAA,2BAAA,GAA8B,IAAIC,uDAA4B,CAAA;AAAA,IAClE,SAAA;AAAA,IACA;AAAA,GACD,CAAA;AAED,EAAA,MAAM,SAASC,uBAAO,EAAA;AACtB,EAAO,MAAA,CAAA,GAAA,CAAIC,wBAAQ,CAAA,IAAA,EAAM,CAAA;AAEzB,EAAA,MAAA,CAAO,GAAI,CAAA,SAAA,EAAW,CAAC,CAAA,EAAG,QAAa,KAAA;AACrC,IAAA,QAAA,CAAS,IAAK,CAAA,EAAE,MAAQ,EAAA,IAAA,EAAM,CAAA;AAAA,GAC/B,CAAA;AAED,EAAO,MAAA,CAAA,IAAA;AAAA,IACL,YAAA;AAAA,IACA,OACE,KACA,GACG,KAAA;AACH,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAK,EAAA;AAAA,QAClD,KAAA,EAAO,CAAC,MAAA,EAAQ,MAAM;AAAA,OACvB,CAAA;AAED,MAAA,MAAM,cAAc,oCAAqC,CAAA,SAAA;AAAA,QACvD,GAAI,CAAA;AAAA,OACN;AAEA,MAAI,IAAA,CAAC,YAAY,OAAS,EAAA;AACxB,QAAA,MAAM,IAAIC,iBAAA,CAAW,WAAY,CAAA,KAAA,CAAM,UAAU,CAAA;AAAA;AAGnD,MAAA,MAAM,OAAO,WAAY,CAAA,IAAA;AAEzB,MAAA,IACG,IAAK,CAAA,WAAA,CAAY,WAAa,EAAA,MAAM,KAAK,CAAC,yBAAA,IAC1C,IAAK,CAAA,WAAA,CAAY,aAAa,MAAM,CAAA,IAAK,CAAC,WAAA,CAAY,UAAU,KACjE,EAAA;AACA,QAAA,IACE,KAAK,KAAM,CAAA,IAAA;AAAA,UACT,OACEJ,2CAAqB,CAAA,CAAA,CAAE,UAAU,CAAA,IAAK,EAAE,WAAgB,KAAA,KAAA;AAAA,SAE5D,EAAA;AACA,UAAA,MAAM,IAAII,iBAAA;AAAA,YACR;AAAA,WACF;AAAA;AACF;AAGF,MAAA,GAAA,CAAI,IAAK,CAAA;AAAA,QACP,OAAO,MAAM,aAAA;AAAA,UACX,IAAK,CAAA,KAAA;AAAA,UACL,MAAA;AAAA,UACA,2BAAA;AAAA,UACA,WAAA;AAAA,UACA,IAAA;AAAA,UACA;AAAA;AACF,OACD,CAAA;AAAA;AACH,GACF;AAEA,EAAO,OAAA,MAAA;AACT;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@backstage/plugin-permission-backend",
3
- "version": "0.6.0",
3
+ "version": "0.7.0-next.1",
4
4
  "backstage": {
5
5
  "role": "backend-plugin",
6
6
  "pluginId": "permission",
@@ -65,14 +65,12 @@
65
65
  "test": "backstage-cli package test"
66
66
  },
67
67
  "dependencies": {
68
- "@backstage/backend-common": "^0.25.0",
69
- "@backstage/backend-plugin-api": "^1.3.0",
70
- "@backstage/config": "^1.3.2",
71
- "@backstage/errors": "^1.2.7",
72
- "@backstage/plugin-auth-node": "^0.6.2",
73
- "@backstage/plugin-permission-common": "^0.8.4",
74
- "@backstage/plugin-permission-node": "^0.9.1",
75
- "@types/express": "^4.17.6",
68
+ "@backstage/backend-plugin-api": "1.3.1-next.1",
69
+ "@backstage/config": "1.3.2",
70
+ "@backstage/errors": "1.2.7",
71
+ "@backstage/plugin-auth-node": "0.6.3-next.1",
72
+ "@backstage/plugin-permission-common": "0.9.0-next.0",
73
+ "@backstage/plugin-permission-node": "0.10.0-next.1",
76
74
  "dataloader": "^2.0.0",
77
75
  "express": "^4.17.1",
78
76
  "express-promise-router": "^4.1.0",
@@ -81,9 +79,10 @@
81
79
  "zod": "^3.22.4"
82
80
  },
83
81
  "devDependencies": {
84
- "@backstage/backend-defaults": "^0.9.0",
85
- "@backstage/backend-test-utils": "^1.4.0",
86
- "@backstage/cli": "^0.32.0",
82
+ "@backstage/backend-defaults": "0.10.0-next.1",
83
+ "@backstage/backend-test-utils": "1.5.0-next.1",
84
+ "@backstage/cli": "0.32.1-next.1",
85
+ "@types/express": "^4.17.6",
87
86
  "@types/lodash": "^4.14.151",
88
87
  "@types/supertest": "^2.0.8",
89
88
  "msw": "^1.0.0",