@clairejs/server 3.25.1 → 3.25.3

package/README.md

@@ -1,7 +1,12 @@
 ## Change Log
 
-#### 3.25.1
+#### 3.25.3
 
+-   Fix AWS job scheduler cancel job rule id
+
+#### 3.25.2
+
+-   add AbstractRbacAuthorizer
 -   add other security access condition classes
 
 #### 3.24.0

package/dist/http/auth/AbstractRbacAuthorizer.d.ts

@@ -0,0 +1,22 @@
+import { HttpRequest } from "../common/HttpRequest";
+import { EndpointMetadata } from "../../common/request/endpoint-metadata";
+import { AbstractRequestAuthorizer } from "./AbstractHttpAuthorizer";
+interface UserPrincipal {
+    principalId: string;
+    tfa?: boolean;
+}
+interface PermissionDetailResponse {
+    isSuperUser?: boolean;
+    permissions?: {
+        conditions?: {
+            conditionName: string;
+            conditionValue: string;
+        }[];
+    }[];
+}
+export declare abstract class AbstractRbacAuthorizer extends AbstractRequestAuthorizer {
+    abstract getPermissionDetail(principal: string, endpoint: string): Promise<PermissionDetailResponse>;
+    abstract getUserFromRequest(req: HttpRequest): Promise<UserPrincipal>;
+    authorize(req: HttpRequest, endpoint: EndpointMetadata): Promise<void>;
+}
+export {};

package/dist/http/auth/AbstractRbacAuthorizer.js

@@ -0,0 +1,59 @@
+import { Errors } from "@clairejs/core";
+import { AbstractRequestAuthorizer } from "./AbstractHttpAuthorizer";
+export class AbstractRbacAuthorizer extends AbstractRequestAuthorizer {
+    async authorize(req, endpoint) {
+        if (endpoint.publicAccess) {
+            return;
+        }
+        const user = await this.getUserFromRequest(req);
+        if (endpoint.tfaRequired && !user.tfa) {
+            throw Errors.TFA_REQUIRED();
+        }
+        const detail = await this.getPermissionDetail(user.principalId, endpoint.id);
+        if (detail.isSuperUser) {
+            return;
+        }
+        if (!detail.permissions?.length) {
+            throw Errors.ACCESS_DENIED();
+        }
+        let passed = false;
+        let failedCondition = "";
+        for (const permission of detail.permissions) {
+            if (!permission.conditions?.length) {
+                passed = true;
+            }
+            else {
+                let allConditionCheckPassed = true;
+                for (const condition of permission.conditions) {
+                    const matchedCondition = endpoint.accessConditionInstances?.find((c) => c.getConditionMetadata().name === condition.conditionName);
+                    if (!matchedCondition) {
+                        //-- condition not found, skip
+                        continue;
+                    }
+                    try {
+                        const requestedConditionValue = await matchedCondition.resolveConditionValue(req);
+                        const permittedConditionValue = JSON.parse(condition.conditionValue);
+                        allConditionCheckPassed = await matchedCondition.validate(requestedConditionValue, permittedConditionValue);
+                    }
+                    catch (err) {
+                        //-- this condition does not passed, skip
+                        allConditionCheckPassed = false;
+                    }
+                    if (!allConditionCheckPassed) {
+                        //-- at least one condition not satisfied, stop condition checking
+                        failedCondition = condition.conditionName;
+                        break;
+                    }
+                }
+                passed = allConditionCheckPassed;
+            }
+            if (passed) {
+                //-- at least one permission and conditions suit checked passed
+                break;
+            }
+        }
+        if (!passed) {
+            throw Errors.ACCESS_DENIED(`Condition check failed: ${failedCondition}`);
+        }
+    }
+}

package/dist/index.d.ts

@@ -23,6 +23,7 @@ export * from "./http/security/abstract-access-condition";
 export * from "./http/security/access-condition-metadata";
 export * from "./http/security/access-condition-value-type";
 export * from "./http/auth/AbstractHttpAuthorizer";
+export * from "./http/auth/AbstractRbacAuthorizer";
 export * from "./http/repository/ModelRepository";
 export * from "./http/repository/DtoRepository";
 export * from "./http/repository/ICrudRepository";

package/dist/index.js

@@ -25,6 +25,7 @@ export * from "./http/security/abstract-access-condition";
 export * from "./http/security/access-condition-metadata";
 export * from "./http/security/access-condition-value-type";
 export * from "./http/auth/AbstractHttpAuthorizer";
+export * from "./http/auth/AbstractRbacAuthorizer";
 export * from "./http/repository/ModelRepository";
 export * from "./http/repository/DtoRepository";
 export * from "./http/repository/ICrudRepository";

package/dist/job/AwsJobScheduler.js

@@ -126,17 +126,18 @@ let AwsJobScheduler = class AwsJobScheduler extends AbstractJobScheduler {
         }
     }
     async cancelJob(jobId) {
+        const ruleId = `${this.jobNamespace}${jobId}`;
         await this.eventbridge
             .removeTargets({
             EventBusName: this.eventBusName,
-            Rule: jobId,
-            Ids: [jobId],
+            Rule: ruleId,
+            Ids: [ruleId],
         })
             .promise();
         await this.eventbridge
             .deleteRule({
             EventBusName: this.eventBusName,
-            Name: jobId,
+            Name: ruleId,
         })
             .promise();
     }

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@clairejs/server",
-    "version": "3.25.1",
+    "version": "3.25.3",
     "description": "Claire server NodeJs framework written in Typescript.",
     "types": "dist/index.d.ts",
     "main": "dist/index.js",