npm - @blazedpath/commons - Versions diffs - 0.0.4 - Mend

@blazedpath/commons 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (224) hide show

package/README.md +3 -0
package/blz-base/health/index.js +215 -0
package/blz-base/index.js +1466 -0
package/blz-cache/LruCache.js +44 -0
package/blz-cache/index.js +29 -0
package/blz-config/index.js +434 -0
package/blz-core/index.js +364 -0
package/blz-cryptography/index.js +54 -0
package/blz-datetimes/index.js +356 -0
package/blz-file/example.dat +2545 -0
package/blz-file/fileService.js +205 -0
package/blz-file/index.js +94 -0
package/blz-file/index.test.js +31 -0
package/blz-file/lab.js +33 -0
package/blz-hazelcast/index.js +189 -0
package/blz-hazelcast/lib/credentials.js +25 -0
package/blz-hazelcast/lib/credentialsFactory.js +12 -0
package/blz-hazelcast/lib/hazelcastCache.js +234 -0
package/blz-iterable/index.js +446 -0
package/blz-json-schema/index.js +11 -0
package/blz-jwt/index.js +121 -0
package/blz-kafka/index.js +522 -0
package/blz-math/index.js +131 -0
package/blz-mongodb/index.js +326 -0
package/blz-rds/__test__/scape.test.js +58 -0
package/blz-rds/blz-rds-executor.js +578 -0
package/blz-rds/blz-rds-helper.js +310 -0
package/blz-rds/commands/core/add.js +13 -0
package/blz-rds/commands/core/and.js +18 -0
package/blz-rds/commands/core/asc.js +10 -0
package/blz-rds/commands/core/avg.js +10 -0
package/blz-rds/commands/core/column-ref.js +8 -0
package/blz-rds/commands/core/count-distinct.js +10 -0
package/blz-rds/commands/core/count.js +10 -0
package/blz-rds/commands/core/decimal.js +8 -0
package/blz-rds/commands/core/desc.js +10 -0
package/blz-rds/commands/core/distinct.js +10 -0
package/blz-rds/commands/core/divide.js +11 -0
package/blz-rds/commands/core/embedded-exists.js +17 -0
package/blz-rds/commands/core/embedded-select.js +17 -0
package/blz-rds/commands/core/equals.js +9 -0
package/blz-rds/commands/core/false.js +8 -0
package/blz-rds/commands/core/greater-or-equal.js +9 -0
package/blz-rds/commands/core/greater.js +9 -0
package/blz-rds/commands/core/in.js +9 -0
package/blz-rds/commands/core/integer.js +8 -0
package/blz-rds/commands/core/is-not-null.js +11 -0
package/blz-rds/commands/core/is-null-or-value.js +10 -0
package/blz-rds/commands/core/is-null.js +11 -0
package/blz-rds/commands/core/less-or-equal.js +9 -0
package/blz-rds/commands/core/less-unary.js +12 -0
package/blz-rds/commands/core/less.js +9 -0
package/blz-rds/commands/core/like.js +12 -0
package/blz-rds/commands/core/max.js +10 -0
package/blz-rds/commands/core/min.js +10 -0
package/blz-rds/commands/core/multiply.js +13 -0
package/blz-rds/commands/core/not-equals.js +9 -0
package/blz-rds/commands/core/not-in.js +9 -0
package/blz-rds/commands/core/not.js +13 -0
package/blz-rds/commands/core/null.js +8 -0
package/blz-rds/commands/core/nvl.js +11 -0
package/blz-rds/commands/core/or.js +13 -0
package/blz-rds/commands/core/parameter.js +34 -0
package/blz-rds/commands/core/remainder.js +16 -0
package/blz-rds/commands/core/string.js +8 -0
package/blz-rds/commands/core/subtract.js +13 -0
package/blz-rds/commands/core/sum.js +10 -0
package/blz-rds/commands/core/true.js +8 -0
package/blz-rds/commands/core/tuple.js +13 -0
package/blz-rds/commands/datetimes/add-days.js +11 -0
package/blz-rds/commands/datetimes/add-hours.js +11 -0
package/blz-rds/commands/datetimes/add-milliseconds.js +11 -0
package/blz-rds/commands/datetimes/add-minutes.js +11 -0
package/blz-rds/commands/datetimes/add-months.js +11 -0
package/blz-rds/commands/datetimes/add-seconds.js +11 -0
package/blz-rds/commands/datetimes/add-years.js +11 -0
package/blz-rds/commands/datetimes/date-diff.js +11 -0
package/blz-rds/commands/datetimes/date.js +12 -0
package/blz-rds/commands/datetimes/datetime-diff.js +11 -0
package/blz-rds/commands/datetimes/datetime.js +15 -0
package/blz-rds/commands/datetimes/day.js +10 -0
package/blz-rds/commands/datetimes/hour.js +10 -0
package/blz-rds/commands/datetimes/millisecond.js +10 -0
package/blz-rds/commands/datetimes/minute.js +10 -0
package/blz-rds/commands/datetimes/month-text.js +10 -0
package/blz-rds/commands/datetimes/month.js +10 -0
package/blz-rds/commands/datetimes/now.js +9 -0
package/blz-rds/commands/datetimes/second.js +10 -0
package/blz-rds/commands/datetimes/subtract-days.js +11 -0
package/blz-rds/commands/datetimes/subtract-hours.js +11 -0
package/blz-rds/commands/datetimes/subtract-milliseconds.js +11 -0
package/blz-rds/commands/datetimes/subtract-minutes.js +11 -0
package/blz-rds/commands/datetimes/subtract-seconds.js +11 -0
package/blz-rds/commands/datetimes/time-diff.js +11 -0
package/blz-rds/commands/datetimes/time.js +13 -0
package/blz-rds/commands/datetimes/today.js +9 -0
package/blz-rds/commands/datetimes/week-day-text.js +10 -0
package/blz-rds/commands/datetimes/week-day.js +10 -0
package/blz-rds/commands/datetimes/week.js +10 -0
package/blz-rds/commands/datetimes/year.js +10 -0
package/blz-rds/commands/math/abs.js +10 -0
package/blz-rds/commands/math/acos.js +10 -0
package/blz-rds/commands/math/asin.js +10 -0
package/blz-rds/commands/math/atan.js +10 -0
package/blz-rds/commands/math/atan2.js +11 -0
package/blz-rds/commands/math/ceil.js +10 -0
package/blz-rds/commands/math/cos.js +10 -0
package/blz-rds/commands/math/cosh.js +10 -0
package/blz-rds/commands/math/exp.js +10 -0
package/blz-rds/commands/math/floor.js +10 -0
package/blz-rds/commands/math/log.js +18 -0
package/blz-rds/commands/math/log10.js +10 -0
package/blz-rds/commands/math/pow.js +11 -0
package/blz-rds/commands/math/random.js +9 -0
package/blz-rds/commands/math/round.js +18 -0
package/blz-rds/commands/math/sign.js +10 -0
package/blz-rds/commands/math/sin.js +10 -0
package/blz-rds/commands/math/sinh.js +10 -0
package/blz-rds/commands/math/sqrt.js +10 -0
package/blz-rds/commands/math/tan.js +10 -0
package/blz-rds/commands/math/tanh.js +10 -0
package/blz-rds/commands/math/trunc.js +18 -0
package/blz-rds/commands/strings/concat.js +20 -0
package/blz-rds/commands/strings/contains.js +12 -0
package/blz-rds/commands/strings/ends-with.js +12 -0
package/blz-rds/commands/strings/index-of.js +11 -0
package/blz-rds/commands/strings/is-null-or-empty.js +11 -0
package/blz-rds/commands/strings/is-null-or-white-space.js +11 -0
package/blz-rds/commands/strings/join.js +22 -0
package/blz-rds/commands/strings/last-index-of.js +11 -0
package/blz-rds/commands/strings/length.js +10 -0
package/blz-rds/commands/strings/pad-left.js +20 -0
package/blz-rds/commands/strings/pad-right.js +20 -0
package/blz-rds/commands/strings/replace.js +12 -0
package/blz-rds/commands/strings/starts-with.js +12 -0
package/blz-rds/commands/strings/substring.js +12 -0
package/blz-rds/commands/strings/to-lower.js +10 -0
package/blz-rds/commands/strings/to-upper.js +10 -0
package/blz-rds/commands/strings/trim-end.js +10 -0
package/blz-rds/commands/strings/trim-start.js +10 -0
package/blz-rds/commands/strings/trim.js +10 -0
package/blz-rds/index.js +744 -0
package/blz-rds-mysql/base.js +857 -0
package/blz-rds-mysql/connection-manager.js +129 -0
package/blz-rds-mysql/execute-bulk-insert.js +35 -0
package/blz-rds-mysql/execute-bulk-merge.js +45 -0
package/blz-rds-mysql/execute-non-query.js +34 -0
package/blz-rds-mysql/execute-query.js +50 -0
package/blz-rds-mysql/index.js +41 -0
package/blz-rds-mysql/stored-procedure.js +207 -0
package/blz-rds-mysql/syntaxis.json +114 -0
package/blz-rds-mysqlx/base.js +846 -0
package/blz-rds-mysqlx/connection-manager.js +141 -0
package/blz-rds-mysqlx/execute-bulk-insert.js +35 -0
package/blz-rds-mysqlx/execute-bulk-merge.js +45 -0
package/blz-rds-mysqlx/execute-non-query.js +29 -0
package/blz-rds-mysqlx/execute-query.js +39 -0
package/blz-rds-mysqlx/index.js +41 -0
package/blz-rds-mysqlx/stored-procedure.js +179 -0
package/blz-rds-mysqlx/syntaxis.json +105 -0
package/blz-rds-oracle/index.js +540 -0
package/blz-rds-oracle/syntaxis.json +112 -0
package/blz-rds-postgres/base.js +861 -0
package/blz-rds-postgres/connection-manager.js +225 -0
package/blz-rds-postgres/execute-bulk-insert.js +81 -0
package/blz-rds-postgres/execute-bulk-merge.js +93 -0
package/blz-rds-postgres/execute-non-query.js +23 -0
package/blz-rds-postgres/execute-query.js +37 -0
package/blz-rds-postgres/index.js +41 -0
package/blz-rds-postgres/result-set.js +51 -0
package/blz-rds-postgres/stored-procedure.js +116 -0
package/blz-rds-postgres/syntaxis.json +114 -0
package/blz-redis/index.js +217 -0
package/blz-redis/lib/redisCache.js +265 -0
package/blz-regex/index.js +25 -0
package/blz-security/.eslintrc.js +15 -0
package/blz-security/__test__/AuthorizationKpn.yaml +1043 -0
package/blz-security/__test__/FinancingSetting.yaml +177 -0
package/blz-security/__test__/KpnConfigPortal.yaml +330 -0
package/blz-security/__test__/OrderManagement.yaml +5190 -0
package/blz-security/__test__/Security.yaml +128 -0
package/blz-security/__test__/autorization.test.js +105 -0
package/blz-security/__test__/orderManagement.test.js +26 -0
package/blz-security/__test__/secureUrl.test.js +79 -0
package/blz-security/__test__/solveMergeRule.test.js +109 -0
package/blz-security/__test__/sqlInjectionGuard.test.js +203 -0
package/blz-security/__test__/xssGuard.test.js +204 -0
package/blz-security/authorizationService.js +536 -0
package/blz-security/config/global.js +8 -0
package/blz-security/config/welcome +8 -0
package/blz-security/doc/README.md +75 -0
package/blz-security/filescanner/index.js +46 -0
package/blz-security/helpers/consts.js +229 -0
package/blz-security/helpers/utils.js +267 -0
package/blz-security/implementations/cache.js +90 -0
package/blz-security/implementations/oidc.js +404 -0
package/blz-security/implementations/pkceCacheStore.js +23 -0
package/blz-security/implementations/saml.js +10 -0
package/blz-security/implementations/uma.js +63 -0
package/blz-security/implementations/webAuthn.js +9 -0
package/blz-security/implementations/wstg.js +72 -0
package/blz-security/index.js +77 -0
package/blz-security/lab/index.js +27 -0
package/blz-security/middleware/HapiServerAzureAd.js +641 -0
package/blz-security/middleware/HapiServerKeycloak.js +840 -0
package/blz-security/middleware/HapiServerSimToken.js +247 -0
package/blz-security/middleware/hapi.js +515 -0
package/blz-security/middleware/hapiServer.js +974 -0
package/blz-security/navigationMemoryRepository.js +15 -0
package/blz-security/navigationMongoDbRepository.js +73 -0
package/blz-security/secureUrlService.js +47 -0
package/blz-security/securityService.js +409 -0
package/blz-security/sqlInjectionGuard.js +162 -0
package/blz-security/templates/forbidden.html +0 -0
package/blz-security/templates/session-iframe-azure-ad.html +7 -0
package/blz-security/templates/session-iframe.html +73 -0
package/blz-security/templates/unauthorized.html +1 -0
package/blz-security/xssGuard.js +87 -0
package/blz-strings/index.js +167 -0
package/blz-uuid/index.js +7 -0
package/blz-yaml/index.js +19 -0
package/index.js +84 -0
package/package.json +97 -0
package/process-managers/index.js +422 -0

package/blz-security/authorizationService.js ADDED Viewed

@@ -0,0 +1,536 @@
+#!/usr/bin/env node
+module.exports = class AuthorizationService {
+  constructor (utils, logger) {
+    this.utils = utils
+    this.logger = logger
+    this.config = { roles: [], permissions: [] }
+    this.WIDGET_SEPARATOR = '|'
+    this.WIDGET_SEPARATOR_REPLACE = new RegExp(this.WIDGET_SEPARATOR + '.*$')
+  }
+  extendConfig (config) {
+    // extend permissions
+    for (const permission of config.permissions) {
+      if (permission.extends && !permission._completed) {
+        this.extendPermission(config, permission)
+      }
+    }
+    // extend roles
+    for (const role of config.roles) {
+      if (role.extends && !role._completed) {
+        this.extendRole(config, role)
+      }
+    }
+    // remove flags
+    for (const permission of config.permissions) {
+      delete permission._completed
+    }
+    for (const role of config.roles) {
+      delete role._completed
+    }
+  }
+  extendPermission (config, permission) {
+    for (const extend of permission.extends) {
+      const base = config.permissions.find(p => p.name === extend)
+      if (!base) {
+        throw new Error(`Permission ${permission.name} extends ${extend} but not exists`)
+      }
+      if (base.extends && base.extends.includes(base.name)) {
+        throw new Error(`Permission ${permission.name} extends ${base.name} but it is a circular reference`)
+      }
+      if (base.extends && !base._completed) {
+        this.extendPermission(config, base)
+      }
+      // Agrega las reglas que existen en el permiso base y no en el actual
+      for (const rule of base.rules) {
+        const exists = permission.rules.find(p => p.path === rule.path && p.actions === rule.actions)
+        if (!exists) {
+          permission.rules.push(rule)
+        }
+      }
+    }
+    permission._completed = true
+  }
+  extendRole (config, role) {
+    for (const extend of role.extends) {
+      const base = config.roles.find(p => p.name === extend)
+      if (!base) {
+        throw new Error(`Role ${role.name} extends ${extend} but not exists`)
+      }
+      if (base.extends && base.extends.includes(base.name)) {
+        throw new Error(`Rome ${role.name} extends ${base.name} but it is a circular reference`)
+      }
+      if (base.extends && !base._completed) {
+        this.extendRole(config, base)
+      }
+      // Agrega los permisos que existen en el role base y no en el actual
+      for (const permission of base.permissions) {
+        if (!role.permissions.includes(permission)) {
+          role.permissions.push(permission)
+        }
+      }
+    }
+    role._completed = true
+  }
+  importSecurityConfig (config) {
+    this._solveRoleId(config)
+    this._validateAndNormalizeConfig(config)
+    this.extendConfig(config)
+    this._solveRulesByRole(config)
+    this._solveMergeRulesByRole(config)
+    this.config = config
+    let defaultUserRole = process.env.blz_defaultUserRole;
+    if (defaultUserRole)
+      this.config.defaultUserRole = defaultUserRole;
+    return this.config
+  }
+  getFrontendSecurityRules (roles, domains) {
+    const _roles = this._getRoles(roles)
+    const frontendRules = []
+    for (const role of _roles) {
+      const rules = this._getSecurityRulesByRole(role, 'frontend', domains)
+      for (const rule of rules) {
+        const previousRule = frontendRules.find(p => p.path === rule.path && p.actions === rule.actions)
+        if (!previousRule) {
+          frontendRules.push(rule)
+        } else if (!previousRule.enable && rule.enable) {
+          previousRule.enable = rule.enable
+        }
+      }
+    }
+    const arr = []
+    // Resuelve las reglas por acciones
+    for (const rule of frontendRules) {
+      if (rule.actions && rule.actions.trim() !== '') {
+        const actions = rule.actions.split(',')
+        for (const action of actions) {
+          arr.push({ path: rule.path.trim() + '|' + action.trim(), enable: rule.enable })
+        }
+      }
+    }
+    // Resuelve las reglas sin acciones a nivel de path
+    for (const rule of frontendRules) {
+      if (!rule.actions || rule.actions.trim() === '') {
+        const enableRule = arr.some(p => p.path.split('|')[0] === rule.path && p.enable)
+        const previousRule = arr.find(p => p.path === rule.path && (!p.actions || p.actions.trim() === ''))
+        if (!previousRule) {
+          // Si no existe una regla previa, se agrega
+          arr.push({ path: rule.path.trim(), enable: enableRule || rule.enable })
+        } else if (previousRule && !previousRule.enable && enableRule) {
+          // Si existe una regla previa que habilita el path, se habilita
+          previousRule.enable = true
+        }
+      }
+    }
+    const map = new Map();
+    arr.forEach(item => {
+      // Si no existe el path en el mapa, lo agregamos.
+      if (!map.has(item.path)) {
+        map.set(item.path, item);
+      } else {
+        // Si ya existe, verificamos el flag enable.
+        const existing = map.get(item.path);
+        // Si el existente es false y el nuevo es true, reemplazamos.
+        if (!existing.enable && item.enable) {
+          map.set(item.path, item);
+        }
+        // En caso contrario, dejamos el existente.
+      }
+    });
+    // Convertimos el mapa a un array.
+    const result =  Array.from(map.values());
+    return result
+  }
+  getSecurityRules (roles, side, domains) {
+    const rules = []
+    for (const role of roles) {
+      const rulesByRole = this._getSecurityRulesByRole(role, side, domains)
+      for (const rule of rulesByRole) {
+        if (!rules.map(p => p.path).includes(rule.path)) {
+          rules.push(rule)
+        }
+      }
+    }
+    return rules
+  }
+  getPermissions () {
+    if (!this.config || !this.config.permissions || this.config.permissions.length === 0) {
+      return []
+    }
+    return this.config.permissions.filter(p => p.visible || p.visible === null || p.visible === undefined ).map(p => p.name).sort()
+  }
+  authorized (path, action, roles) {
+    if (this.config.defaultUserRole)
+      roles.push(this.config.defaultUserRole);
+    if (path.startsWith('/api')) {
+      return this._checkApi(path, action, roles)
+    } else {
+      if (!action || action.trim() === '') {
+        return this._checkPath(path, roles)
+      } else {
+        return this._checkWidget(path, action, roles)
+      }
+    }
+  }
+  defaultAuthorized (path, action, roles) {
+    const result = this.authorized(path, action, roles)
+    if (result === null || result === undefined) {
+      return true
+    }
+    return result
+  }
+  // Private methods //////////////////////////////////////////////////////////////////////////////////////////////
+  _getSecurityRulesByRole (roleId, side, domains) {
+    const role = this.config.roles.find(p => p.externalId === roleId)
+    if (!role || !role.rules) {
+      return []
+    }
+    const securityRules = role.rules[side]
+    if (!securityRules) {
+      return []
+    }
+    if (!domains || domains.length === 0) {
+      return securityRules
+    }
+    return securityRules.filter(p => domains.includes(p.domain))
+  }
+  _solveRulesByRole (config) {
+    for (const role of config.roles) {
+      role.rules = { backend: [], frontend: [] }
+      for (const permissionName of role.permissions) {
+        const permission = config.permissions.find(p => p.name === permissionName)
+        if (!permission) {
+          continue
+        }
+        for (const rule of permission.rules) {
+          if (rule.path.startsWith('/api')) {
+            const exists = role.rules.backend.find(p => p.path === rule.path && p.actions === rule.actions && p.enable === rule.enable)
+            if (!exists) {
+              rule.domain = permission.domain || 'default'
+              role.rules.backend.push(rule)
+            }
+          } else {
+            const exists = role.rules.frontend.find(p => p.path === rule.path && p.actions === rule.actions && p.enable === rule.enable)
+            if (!exists) {
+              rule.domain = permission.domain || 'default'
+              role.rules.frontend.push(rule)
+            }
+          }
+        }
+      }
+    }
+  }
+  _solveMergeRulesByRole (config) {
+    for (const role of config.roles) {
+      for (const rule of role.rules.frontend) {
+        role.rules.frontend = this._solveMergeRule(role.rules.frontend, rule)
+      }
+      for (const rule of role.rules.backend) {
+        role.rules.backend = this._solveMergeRule(role.rules.backend, rule)
+      }
+    }
+  }
+  _solveRoleId (config) {
+    for (const role of config.roles) {
+      if (!role.externalId) {
+        role.externalId = role.name
+      }
+    }
+  }
+  _getRoles (roles) {
+    // If you do not have roles assigned, the default roles are assigned.
+    const _roles = !roles || roles.length === 0 ? this.config.roles.filter(p => p.default).map(p => p.name) : roles
+    // If there are roles that apply to all, they are added
+    const applyToAll = this.config.roles.filter(p => p.applyToAll)
+    if (applyToAll && applyToAll.length > 0) {
+      for (const roleToAdd of applyToAll) {
+        if (!_roles.includes(roleToAdd.name)) {
+          _roles.push(roleToAdd.name)
+        }
+      }
+    }
+    return _roles
+  }
+  _getBackendSecurityRules (roles, action, domains) {
+    let rules = []
+    const _roles = this._getRoles(roles)
+    for (const role of _roles) {
+      const securityRules = this._getSecurityRulesByRole(role, 'backend', domains)
+      const _rules = securityRules.filter(p => p.actions.includes('*') || p.actions.includes(action))
+      for (const rule of _rules) {
+        rules = this._solveMergeRule(rules, rule)
+      }
+    }
+    return rules.sort((a, b) => (a.path > b.path) ? 1 : -1)
+  }
+  _solveMergeRule (rules, rule) {
+    let _rules = JSON.parse(JSON.stringify(rules))
+    const previousRules = _rules.filter(p => p.path === rule.path)
+    if (!previousRules.length === 0) {
+      _rules.push(rule)
+    } else {
+      if (previousRules.some(p => p.actions.includes('*') && p.enable)) {
+        // If a rule already exists that enables all paths
+        return _rules
+      } else if (rule.actions.includes('*') && rule.enable) {
+        // remove rules with the same path and add rule with all actions
+        _rules = _rules.filter(p => p.path !== rule.path)
+        _rules.push(rule)
+      } else if (rule.actions.includes('*') && !rule.enable) {
+        // If the rule denies all permissions, it replaces the previous rules that it overrides with this one.
+        _rules = _rules.filter(p => !(p.path === rule.path && p.enable === rule.enable))
+        _rules.push(rule)
+      } else if (!rule.enable && previousRules.some(p => p.actions.includes('*') && !p.enable)) {
+        // If the rule disables and a disabling rule already exists, it does not exclude the rule
+        return _rules
+      } else {
+        for (const action of rule.actions.split(',')) {
+          const previousRules = _rules.filter(p => p.path === rule.path)
+          if (previousRules.some(p => (p.actions.includes('*') || p.actions.includes(action)) && (p.enable || (p.enable === rule.enable)))) {
+            // If the action already exists in the previous rule with the same enable state, it is not added
+            // If the action exists in the previous rule and is enabled
+            continue
+          } else if (previousRules.some(p => (p.actions.includes(action) && !p.enable && rule.enable))) {
+            // If the action is included but with a disable status and the new rule is enabled, it must be extracted from the previous one and added to the new rule
+            const ruleToRemoveAction = previousRules.find(p => (p.actions.includes(action) && !p.enable))
+            const newActions = ruleToRemoveAction.actions.split(',').filter(p => p !== action)
+            if (newActions.length === 0) {
+              // Remove the previous rule
+              _rules = _rules.filter(p => !(p.path === rule.path && p.actions === action && !p.enable))
+            } else {
+              ruleToRemoveAction.actions = newActions.join(',')
+            }
+            // Search if there is a rule with the same path and enable state
+            const previousEnableRule = previousRules.find(p => p.enable === rule.enable)
+            if (previousEnableRule) {
+              // If it exists, the action is added
+              previousEnableRule.actions = previousEnableRule.actions + ',' + action
+            } else {
+              // If it does not exist, the rule is added
+              _rules.push({ path: rule.path, actions: action, enable: rule.enable })
+            }
+          } else if (previousRules.some(p => (!p.actions.includes(action) && p.enable === rule.enable))) {
+            // If the action is not included and the enable state is the same, the action will be added
+            const previousRule = previousRules.find(p => p.enable === rule.enable)
+            previousRule.actions = previousRule.actions + ',' + action
+          } else {
+            // Search if there is a rule with the same path and enable state
+            const previousEnableRule = previousRules.find(p => p.enable === rule.enable)
+            if (previousEnableRule) {
+              // If it exists, the action is added
+              previousEnableRule.actions = previousEnableRule.actions + ',' + action
+            } else {
+              // If it does not exist, the rule is added
+              _rules.push({ path: rule.path, actions: action, enable: rule.enable })
+            }
+          }
+        }
+      }
+    }
+    return _rules
+  }
+  _cleanPath (fullUrl) {
+    const indexOfQuestionMark = fullUrl.indexOf('?')
+    return indexOfQuestionMark !== -1 ? fullUrl.substring(0, indexOfQuestionMark) : fullUrl
+  }
+  _cretaeExpression (route) {
+    if (this.utils.isRegExp(route)) {
+      return route
+    }
+     // Verifica si la ruta termina con "/**"
+    if (route.endsWith('/**')) {
+      const baseRoute = route
+        .replace(/\|.*$/gm, '')  // Remueve los parámetros
+        .replace(/\/\*\*$/, ''); // Elimina el "/**" del final
+      // Crea la expresión regular que incluye la ruta base y cualquier subruta
+      return new RegExp(`^${baseRoute}(\/.*)?$`);
+    }
+    const expression = (
+      route
+        /**
+         * Remueve todos los parámetros (si es que existen) que se pasan a la URL:
+         * "/customers|add" -> "/customers"
+         * "/customers|*" -> "/customers"
+         * "/customers|" -> "/customers"
+         * "/customers" -> "/customers"
+         */
+        .replace(/\|.*$/gm, '')
+        /**
+         * Remueve todos los "/" que tiene al final la URL
+         * "/customers////" -> "/customers"
+         * "/customers/" -> "/customers"
+         * "/customers" -> "/customers"
+         */
+        .replace(/\/+$/, '')
+        /**
+         * Remueve todos los "/" que tiene al principio la URL y lo lo reemplaza por
+         * '^/':
+         * "/customers////" -> "/customers"
+         * "/customers/" -> "/customers"
+         * "/customers" -> "/customers"
+         */
+        .replace(/^\/+/, '^/')
+    )
+    return expression
+  }
+  _replaceDynamicURLParts (route) {
+    let regexp = null
+    if (this.utils.isRegExp(route)) {
+      regexp = route
+    } else {
+      regexp = new RegExp(
+        route
+          .replace(/\*\*/gm, '.*')
+          .replace(/\*/gm, function (match, offset, string) {
+            if (string[offset - 1] === '.') {
+              return '*'
+            }
+            return '[^/]*'
+          }) + '$',
+        ''
+      )
+    }
+    return { regexp }
+  }
+  _findMatchedRoutes (url, routes = []) {
+    const cleanUrl = url.replace(/^\/+/, '/')
+    return routes
+      .map((route) => {
+        const pathExpression = this._cretaeExpression(route.path)
+        const { regexp } = this._replaceDynamicURLParts(pathExpression)
+        const match = regexp.test(cleanUrl)
+        return match ? route : false
+      })
+      .filter((route) => route)
+  }
+  _checkApi (path, action, roles) {
+    const cleanedPath = this._cleanPath(path)
+    const _action = action.toUpperCase()
+    const securityRules = this._getBackendSecurityRules(roles, _action)
+    const matchedRoutes = this._findMatchedRoutes(cleanedPath, securityRules)
+    const list = this.utils
+      .chain(matchedRoutes)
+      .filter(p => p.actions.includes('*') || p.actions.includes(_action))
+      .value()
+    const enabled = list.some(p => p.enable)
+    const disabled = list.some(p => !p.enable)
+    if (enabled || (!enabled && !disabled)) {
+      return true
+    }
+    if (disabled) {
+      this.logger.error(`can't access to ${action} ${path}`)
+      return false
+    }
+    return null
+  }
+  _checkPath (path, roles) {
+    const securityRules = this.getFrontendSecurityRules(roles)
+    const list = this.utils
+      .chain(this._findMatchedRoutes(path, securityRules))
+      .value()
+    const enabled = list.some(p => p.enable)
+    const disabled = list.some(p => !p.enable)
+    if (enabled || (!enabled && !disabled)) {
+      return true
+    }
+    if (disabled) {
+      return false
+    }
+    return null
+  }
+  _checkWidget (path, securityOption, roles) {
+    const _securityOption = securityOption.toUpperCase()
+    const securityRules = this.getFrontendSecurityRules(roles)
+    const rules = this.utils
+      .chain(this._findMatchedRoutes(path, securityRules))
+      .filter(({ path }) => path.includes(this.WIDGET_SEPARATOR))
+      .filter(({ path }) => {
+        const expression = path.substring(path.indexOf(this.WIDGET_SEPARATOR) + 1).replace(/\*\*/gm, '.*')
+        return new RegExp(`^${expression}$`, 'gm').test(_securityOption)
+      })
+      .value()
+    const allActions = rules.find(p => p.path === path + '|**' && p.enable)
+    if (allActions) {
+      return true
+    }
+    const exactlyAction = rules.find(p => p.path === path + '|' + _securityOption)
+    if (exactlyAction) {
+      return exactlyAction.enable
+    }
+    const last = this.utils.chain(rules).reverse().first().value()
+    if (last) {
+      return last.enable
+    }
+    return null
+  }
+  _validateAndNormalizeConfig (config) {
+    if (!config) {
+      throw new Error('config is undefined')
+    }
+    if (config.roles === undefined || config.roles === null || config.roles.length === 0) {
+      throw new Error('config.roles is undefined')
+    }
+    if (config.permissions === undefined || config.permissions === null || config.permissions.length === 0) {
+      throw new Error('config.permissions is undefined')
+    }
+    // Validation and normalization of permissions
+    for (const permission of config.permissions) {
+      if (!permission.name) {
+        throw new Error('Permission has not name')
+      }
+      if (!permission.rules) {
+        permission.rules = []
+      }
+      if (!permission.visible) {
+        permission.visible = true
+      }
+      for (const rule of permission.rules) {
+        if (rule.enable === undefined || rule.enable === null) {
+          rule.enable = true
+        }
+        if (rule.actions === undefined || rule.actions === null) {
+          rule.actions = rule.path.startsWith('/api') ? '*' : ''
+        } else {
+          rule.actions = rule.actions.toUpperCase()
+        }
+        if (!rule.path) {
+          throw new Error(`Rule in permission ${permission.name} has not path`)
+        }
+      }
+    }
+    // initialize permissions in roles
+    for (const role of config.roles) {
+      if (!role.permissions)role.permissions = []
+    }
+  }
+}

package/blz-security/config/global.js ADDED Viewed

@@ -0,0 +1,8 @@
+module.exports = {
+  startupBoxOptions: {
+    padding: 1,
+    margin: 1,
+    borderStyle: 'round',
+    borderColor: 'yellow'
+  }
+}

package/blz-security/config/welcome ADDED Viewed

@@ -0,0 +1,8 @@
+██████╗ ██╗      █████╗ ███████╗███████╗██████╗ ██████╗  █████╗ ████████╗██╗  ██╗
+██╔══██╗██║     ██╔══██╗╚══███╔╝██╔════╝██╔══██╗██╔══██╗██╔══██╗╚══██╔══╝██║  ██║
+██████╔╝██║     ███████║  ███╔╝ █████╗  ██║  ██║██████╔╝███████║   ██║   ███████║
+██╔══██╗██║     ██╔══██║ ███╔╝  ██╔══╝  ██║  ██║██╔═══╝ ██╔══██║   ██║   ██╔══██║
+██████╔╝███████╗██║  ██║███████╗███████╗██████╔╝██║     ██║  ██║   ██║   ██║  ██║
+╚═════╝ ╚══════╝╚═╝  ╚═╝╚══════╝╚══════╝╚═════╝ ╚═╝     ╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═╝

package/blz-security/doc/README.md ADDED Viewed

@@ -0,0 +1,75 @@
+# Security
+## Actual solution
+- Se establece un conjunto de permisos de acuerdo a security rules.
+- Estos security rules permiten habilitar o denegar el acceso vinculado a un path.
+  - este path incluye la ruta del web-component y una security option.
+  - esa security option puede estar asociado a un widget, una action o una parte de ese widget.
+### Detected problems
+- La configuración de seguridad como su resolución están del lado del cliente, por lo cual es vulnerable a ataques.
+- El widget al que se aplica seguridad siempre debe tener definido un path.
+  - No se puede definir seguridad en sub-componentes, los cuales no tienen una ruta asociada y pueden ser incluidos en otros componentes.
+- No hay un mecanismo de configuración masivo de seguridad.
+  - En IPLAN se estableció una estrategia agregando la configuración en archivos de recursos
+## Proposal
+### Requirements
+- Establecer un conjunto de permisos de acuerdo a un role.
+- Establecer diferentes estrategias de como obtener los roles asociados a un usuario.
+  - Una de estas estrategias sera a traves de jwt.
+- Establecer diferentes estrategias de como obtener la configuración de seguridad.
+  - A traves de un archivo de recursos (Del lado del servidor)
+  - A traves de consumir un servicio rest.
+- Permitir definir seguridad en sub-componentes.
+- Permitir definir seguridad en componentes que no tienen una ruta asociada.
+- Establecer funcionalidad de importar y exportar configuración de seguridad
+- Agregar UI para administrar la configuración de seguridad.
+  - Lo mas probable es que esta UI este en un paquete aparte.
+## Se modifica comando para que se pueda consumir desde el backend
+- Se modifica la definición del comando para que se pueda consumir desde el backend
+  - path: ~/blazedapth/blz/blz-suite/frontend/suite/javascripts/descriptors/commands/set-security-rule.js
+  - path: ~/blazedapth/blz/blz-suite/frontend/suite/javascripts/descriptors/commands/reset-security-rules.js
+- Se Renombra SecurityClient por BlzSecurity
+  - path: ~/blazedapth/blz/blz-builder/burners/web-frontend/sources/startup/index.js
+  - path: ~/blazedapth/blz/blz-suite/backend/servers/web-frontend/index.js
+- Se modifica Blz.setSecurityRule por BlzSecurity.setSecurityRule
+  - path: ~/blazedapth/blz/blz-shared/js-generator/commands/set-security-rule.js
+- Se modifica Blz.clearSecurityRules por BlzSecurity.clearSecurityRules
+  - path: ~/blazedapth/blz/blz-shared/js-generator/commands/reset-security-rules.js
+- Se agrega BlzSecurity en Blz_controls_RouteResolver
+  - path: ~/blazedapth/blz/blz-ui/assets/js/blz-wrappers/Blz_controls_RouteResolver.js
+## Agregar archivo de seguridad para importación masiva
+## Update blzUi
+Build Dev:
+```sh
+cd blz-ui/
+grunt prod-dev
+```
+Build Prod:
+```sh
+cd blz-ui/
+grunt prod-prod
+```
+## References
+- Documentation
+  - [security rules and options](https://docs-blz.bsn-dev.beesion.team/#/doc/security-rules-and-options)
+- Demo
+  - [DemoAuth](~/blazedapth/blz/blz-shared/essentials/solutions/DemoAuth)

package/blz-security/filescanner/index.js ADDED Viewed

@@ -0,0 +1,46 @@
+const clamav = require('clamav.js');
+const path = require('path');
+/**
+ * Scans a readable stream for viruses using ClamAV over TCP.
+ *
+ * @param {ReadableStream} stream - A Node.js readable stream to scan.
+ * @param {Object} [options]
+ * @param {number} [options.port=3310] - TCP port where clamd is listening.
+ * @param {string} [options.host='127.0.0.1'] - Clamd host.
+ * @param {number} [options.timeout=60000] - Timeout in milliseconds.
+ * @returns {Promise<{ clean: boolean, name: string }>} - Scan result.
+ */
+async function scanStream(stream, options = {}) {
+  const port = options.port || 3310;
+  const host = options.host || '127.0.0.1';
+  const timeout = options.timeout || 60000;
+  const scanner = clamav.createScanner(port, host, timeout);
+  return new Promise((resolve, reject) => {
+    scanner.scan(stream, (err, name, isInfected) => {
+      if (err) return reject(err);
+      resolve({
+        clean: !isInfected,
+        name,
+      });
+    });
+  });
+}
+/**
+ * Checks if a file extension is allowed.
+ * @param {string} filename - Name of the file to check.
+ * @returns {boolean}
+ */
+function fileExtensionAllowed(filename) {
+  const ext = path.extname(filename).toLowerCase();
+  const allowed = process.env.blz_fileScannerAllowedExtension;
+  return allowed ? allowed.split(',').includes(ext) : true;
+}
+module.exports = {
+  scanStream,
+  fileExtensionAllowed,
+};