@commercetools/connect-payments-sdk 0.0.5 → 0.0.7

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @commercetools/connect-payments-sdk
 
+## 0.0.7
+
+### Patch Changes
+
+- 8110cc2: Enable AuthorityAuthorizationHook in Payment SDK
+
+## 0.0.6
+
+### Patch Changes
+
+- 11ae367: Export authorization hook AuthorityAuthorizationHook in the root path
+
 ## 0.0.5
 
 ### Patch Changes

package/dist/api/hooks/authorize.hook.d.ts

@@ -0,0 +1,12 @@
+import { AuthorityAuthorizationManager } from '../../security/authz/authorization-manager';
+import { ContextProvider, RequestContextData } from '../context/types/request-context.type';
+import { AuthorizationHook } from './types/hook.type';
+export declare class AuthorityAuthorizationHook implements AuthorizationHook {
+    private authorizationManager;
+    private contextProvider;
+    constructor(opts: {
+        authorizationManager: AuthorityAuthorizationManager;
+        contextProvider: ContextProvider<RequestContextData>;
+    });
+    authorize(...authorities: string[]): () => Promise<void>;
+}

package/dist/api/hooks/authorize.hook.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorityAuthorizationHook = void 0;
+const errorx_1 = require("../../errorx");
+class AuthorityAuthorizationHook {
+    authorizationManager;
+    contextProvider;
+    constructor(opts) {
+        this.authorizationManager = opts.authorizationManager;
+        this.contextProvider = opts.contextProvider;
+    }
+    authorize(...authorities) {
+        return async () => {
+            const authn = this.contextProvider.getContextData().authentication;
+            if (!authn) {
+                throw new errorx_1.ErrorAuthErrorResponse('Authentication is required.');
+            }
+            this.authorizationManager.verify(authn, authorities);
+        };
+    }
+}
+exports.AuthorityAuthorizationHook = AuthorityAuthorizationHook;

package/dist/api/index.d.ts

@@ -6,3 +6,4 @@ export * from './hooks/jwt-auth.hook';
 export * from './hooks/oauth2-auth.hook';
 export * from './hooks/session-auth.hook';
 export * from './hooks/types/hook.type';
+export * from './hooks/authorize.hook';

package/dist/api/index.js

@@ -22,3 +22,4 @@ __exportStar(require("./hooks/jwt-auth.hook"), exports);
 __exportStar(require("./hooks/oauth2-auth.hook"), exports);
 __exportStar(require("./hooks/session-auth.hook"), exports);
 __exportStar(require("./hooks/types/hook.type"), exports);
+__exportStar(require("./hooks/authorize.hook"), exports);

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { JWTAuthenticationHook, Oauth2AuthenticationHook, RequestContextData, RequestContextProvider, SessionAuthenticationHook } from './api';
+import { JWTAuthenticationHook, Oauth2AuthenticationHook, RequestContextData, RequestContextProvider, SessionAuthenticationHook, AuthorityAuthorizationHook } from './api';
 import { DefaultCommercetoolsAPI } from './commercetools/api/root-api';
 import { DefaultAuthorizationService } from './commercetools/services/ct-authorization.service';
 import { DefaultCartService } from './commercetools/services/ct-cart.service';
@@ -30,4 +30,5 @@ export declare const setupPaymentSDK: (opts: {
     sessionAuthHookFn: SessionAuthenticationHook;
     jwtAuthHookFn: JWTAuthenticationHook;
     oauth2AuthHookFn: Oauth2AuthenticationHook;
+    authorityAuthorizationHookFn: AuthorityAuthorizationHook;
 };

package/dist/index.js

@@ -70,6 +70,7 @@ const setupPaymentSDK = (opts) => {
         clientSecret: opts.clientSecret,
         authUrl: opts.authUrl,
     });
+    const authorityAuthorizationManager = new security_1.AuthorityAuthorizationManager();
     const jwtAuthenticationManager = new security_1.JWTAuthenticationManager({
         jwtService,
         iss: opts.jwtIssuer,
@@ -87,6 +88,10 @@ const setupPaymentSDK = (opts) => {
         authenticationManager: oauth2AuthenticationManager,
         contextProvider,
     });
+    const authorityAuthorizationHookFn = new api_1.AuthorityAuthorizationHook({
+        authorizationManager: authorityAuthorizationManager,
+        contextProvider,
+    });
     return {
         ctAPI,
         ctCartService,
@@ -96,6 +101,7 @@ const setupPaymentSDK = (opts) => {
         sessionAuthHookFn,
         jwtAuthHookFn,
         oauth2AuthHookFn,
+        authorityAuthorizationHookFn,
     };
 };
 exports.setupPaymentSDK = setupPaymentSDK;

package/dist/security/authz/authorization-manager.d.ts

@@ -0,0 +1,6 @@
+import { Authentication } from '../authn/types/authn.type';
+import { AuthorizationManager } from './types/authz.type';
+export declare class AuthorityAuthorizationManager implements AuthorizationManager<string[]> {
+    verify(authentication: Authentication, authorities: string[]): void;
+    check(authentication: Authentication, authorities: string[]): boolean;
+}

package/dist/security/authz/authorization-manager.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorityAuthorizationManager = void 0;
+const errorx_1 = require("../../errorx");
+class AuthorityAuthorizationManager {
+    verify(authentication, authorities) {
+        const isAuthorized = this.check(authentication, authorities);
+        if (!isAuthorized) {
+            throw new errorx_1.ErrorAuthErrorResponse('Not authorized', {
+                skipLog: true,
+                fields: {
+                    validAuthorities: authorities,
+                },
+                privateFields: {
+                    grantedAuthorities: authentication.getAuthorities(),
+                    requiredAuthorities: authorities,
+                },
+            });
+        }
+    }
+    check(authentication, authorities) {
+        const grantedAuthorities = authentication.getAuthorities();
+        const hasGrantedAuthorities = authorities.some((authority) => {
+            return grantedAuthorities.find((grantedAuthority) => grantedAuthority === authority);
+        });
+        return hasGrantedAuthorities;
+    }
+}
+exports.AuthorityAuthorizationManager = AuthorityAuthorizationManager;

package/dist/security/authz/types/authz.type.d.ts

@@ -0,0 +1,11 @@
+import { Authentication } from '../../authn/types/authn.type';
+export interface AuthorizationManager<T> {
+    /**
+     * Determines if access should be granted for a specific authentication and object.
+     */
+    verify(authentication: Authentication, object: T): void;
+    /**
+     * Determines if access is granted for a specific object.
+     */
+    check(authentication: Authentication, object: T): boolean;
+}

package/dist/security/authz/types/authz.type.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/security/index.d.ts

@@ -5,3 +5,4 @@ export * from './authn/session-authn-manager';
 export * from './authn/types/authn.type';
 export * from './services/jwt.service';
 export * from './services/oauth2.service';
+export * from './authz/authorization-manager';

package/dist/security/index.js

@@ -21,3 +21,4 @@ __exportStar(require("./authn/session-authn-manager"), exports);
 __exportStar(require("./authn/types/authn.type"), exports);
 __exportStar(require("./services/jwt.service"), exports);
 __exportStar(require("./services/oauth2.service"), exports);
+__exportStar(require("./authz/authorization-manager"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commercetools/connect-payments-sdk",
-  "version": "0.0.5",
+  "version": "0.0.7",
   "description": "Payment SDK for commercetools payment connectors",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",