@cryptexlabs/codex-nodejs-common 0.1.15 → 0.1.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/package.json +1 -1
- package/lib/src/auth/authorization-allowance.d.ts +0 -1
- package/lib/src/auth/authorization-allowance.js +22 -13
- package/lib/src/auth/authorization-allowance.js.map +1 -1
- package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.d.ts +11 -0
- package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js +55 -0
- package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js.map +1 -0
- package/lib/src/auth/http-authz.attach-objects.guard.util.d.ts +10 -0
- package/lib/src/auth/http-authz.attach-objects.guard.util.js +24 -0
- package/lib/src/auth/http-authz.attach-objects.guard.util.js.map +1 -0
- package/lib/src/auth/http-authz.detach-objects.guard.util.d.ts +10 -0
- package/lib/src/auth/http-authz.detach-objects.guard.util.js +24 -0
- package/lib/src/auth/http-authz.detach-objects.guard.util.js.map +1 -0
- package/lib/src/auth/{http-authz-guard.util.d.ts → http-authz.guard.util.d.ts} +1 -0
- package/lib/src/auth/{http-authz-guard.util.js → http-authz.guard.util.js} +2 -1
- package/lib/src/auth/http-authz.guard.util.js.map +1 -0
- package/lib/src/auth/index.d.ts +2 -1
- package/lib/src/auth/index.js +2 -1
- package/lib/src/auth/index.js.map +1 -1
- package/lib/src/config/default-config.js +6 -6
- package/lib/src/config/default-config.js.map +1 -1
- package/package.json +1 -1
- package/src/auth/authorization-allowance.ts +30 -18
- package/src/auth/http-authz.action-to-sub-objects.guard.util.ts +78 -0
- package/src/auth/http-authz.attach-objects.guard.util.spec.ts +369 -0
- package/src/auth/http-authz.attach-objects.guard.util.ts +48 -0
- package/src/auth/http-authz.detach-objects.guard.util.spec.ts +369 -0
- package/src/auth/http-authz.detach-objects.guard.util.ts +48 -0
- package/src/auth/{http-authz-guard.util.spec.ts → http-authz.guard.util.spec.ts} +3 -3
- package/src/auth/{http-authz-guard.util.ts → http-authz.guard.util.ts} +2 -0
- package/src/auth/index.ts +2 -1
- package/src/config/default-config.ts +6 -6
- package/lib/src/auth/http-authz-guard.util.js.map +0 -1
package/lib/package.json
CHANGED
|
@@ -9,24 +9,33 @@ class AuthorizationAllowance {
|
|
|
9
9
|
this.action = action;
|
|
10
10
|
}
|
|
11
11
|
isRequestAllowed(request) {
|
|
12
|
-
if (
|
|
13
|
-
|
|
12
|
+
if (request.object &&
|
|
13
|
+
request.object.trim() !== "" &&
|
|
14
|
+
this.object &&
|
|
15
|
+
this.object.trim() !== "") {
|
|
16
|
+
if (this.object !== "any" && request.object !== this.object) {
|
|
17
|
+
return false;
|
|
18
|
+
}
|
|
14
19
|
}
|
|
15
|
-
if (
|
|
16
|
-
request.objectId.toString()
|
|
17
|
-
|
|
18
|
-
|
|
20
|
+
if (request.objectId &&
|
|
21
|
+
request.objectId.toString().trim() !== "" &&
|
|
22
|
+
this.objectId &&
|
|
23
|
+
this.objectId.toString().trim() !== "") {
|
|
24
|
+
if (this.objectId !== "any" &&
|
|
25
|
+
request.objectId.toString() !== this.objectId.toString()) {
|
|
26
|
+
return false;
|
|
27
|
+
}
|
|
19
28
|
}
|
|
20
|
-
if (
|
|
21
|
-
|
|
29
|
+
if (request.action &&
|
|
30
|
+
request.action.trim() !== "" &&
|
|
31
|
+
this.action &&
|
|
32
|
+
this.action !== "") {
|
|
33
|
+
if (this.action !== "any" && request.action !== this.action) {
|
|
34
|
+
return false;
|
|
35
|
+
}
|
|
22
36
|
}
|
|
23
37
|
return true;
|
|
24
38
|
}
|
|
25
|
-
_isRequestingSelf(request) {
|
|
26
|
-
return (request.object === "user" &&
|
|
27
|
-
request.objectId.toString() === this.subject.toString() &&
|
|
28
|
-
this.objectId === "self");
|
|
29
|
-
}
|
|
30
39
|
}
|
|
31
40
|
exports.AuthorizationAllowance = AuthorizationAllowance;
|
|
32
41
|
//# sourceMappingURL=authorization-allowance.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-allowance.js","sourceRoot":"","sources":["../../../src/auth/authorization-allowance.ts"],"names":[],"mappings":";;;AAEA,MAAa,sBAAsB;IACjC,YACmB,OAAO,EACP,MAAM,EACN,QAAQ,EACR,MAAM;QAHN,YAAO,GAAP,OAAO,CAAA;QACP,WAAM,GAAN,MAAM,CAAA;QACN,aAAQ,GAAR,QAAQ,CAAA;QACR,WAAM,GAAN,MAAM,CAAA;IACtB,CAAC;IAEG,gBAAgB,CAAC,OAAsC;
|
|
1
|
+
{"version":3,"file":"authorization-allowance.js","sourceRoot":"","sources":["../../../src/auth/authorization-allowance.ts"],"names":[],"mappings":";;;AAEA,MAAa,sBAAsB;IACjC,YACmB,OAAO,EACP,MAAM,EACN,QAAQ,EACR,MAAM;QAHN,YAAO,GAAP,OAAO,CAAA;QACP,WAAM,GAAN,MAAM,CAAA;QACN,aAAQ,GAAR,QAAQ,CAAA;QACR,WAAM,GAAN,MAAM,CAAA;IACtB,CAAC;IAEG,gBAAgB,CAAC,OAAsC;QAC5D,IACE,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;YAC5B,IAAI,CAAC,MAAM;YACX,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EACzB;YAEA,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE;gBAC3D,OAAO,KAAK,CAAC;aACd;SACF;QAGD,IACE,OAAO,CAAC,QAAQ;YAChB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE;YACzC,IAAI,CAAC,QAAQ;YACb,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EACtC;YACA,IACE,IAAI,CAAC,QAAQ,KAAK,KAAK;gBACvB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EACxD;gBACA,OAAO,KAAK,CAAC;aACd;SACF;QAED,IACE,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;YAC5B,IAAI,CAAC,MAAM;YACX,IAAI,CAAC,MAAM,KAAK,EAAE,EAClB;YAEA,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE;gBAC3D,OAAO,KAAK,CAAC;aACd;SACF;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAlDD,wDAkDC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzActionToSubObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private readonly action;
|
|
5
|
+
private _authzGuard;
|
|
6
|
+
constructor(context: ExecutionContext, action: string);
|
|
7
|
+
isAuthorized(object: string, objectId: string, subObject: string, subObjectIds: string[], namespace?: string): boolean;
|
|
8
|
+
get params(): any;
|
|
9
|
+
get query(): any;
|
|
10
|
+
get body(): any;
|
|
11
|
+
}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzActionToSubObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_guard_util_1 = require("./http-authz.guard.util");
|
|
5
|
+
class HttpAuthzActionToSubObjectsGuardUtil {
|
|
6
|
+
constructor(context, action) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this.action = action;
|
|
9
|
+
this._authzGuard = new http_authz_guard_util_1.HttpAuthzGuardUtil(context);
|
|
10
|
+
}
|
|
11
|
+
isAuthorized(object, objectId, subObject, subObjectIds, namespace) {
|
|
12
|
+
for (const id of subObjectIds) {
|
|
13
|
+
let requests = [];
|
|
14
|
+
if (namespace) {
|
|
15
|
+
requests = [
|
|
16
|
+
{
|
|
17
|
+
action: "",
|
|
18
|
+
object: namespace,
|
|
19
|
+
objectId: "",
|
|
20
|
+
},
|
|
21
|
+
];
|
|
22
|
+
}
|
|
23
|
+
requests = [
|
|
24
|
+
...requests,
|
|
25
|
+
...[
|
|
26
|
+
{
|
|
27
|
+
action: "",
|
|
28
|
+
object,
|
|
29
|
+
objectId,
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
action: this.action,
|
|
33
|
+
object: subObject,
|
|
34
|
+
objectId: id,
|
|
35
|
+
},
|
|
36
|
+
],
|
|
37
|
+
];
|
|
38
|
+
if (!this._authzGuard.isAuthorized(...requests)) {
|
|
39
|
+
return false;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
return true;
|
|
43
|
+
}
|
|
44
|
+
get params() {
|
|
45
|
+
return this._authzGuard.params;
|
|
46
|
+
}
|
|
47
|
+
get query() {
|
|
48
|
+
return this._authzGuard.query;
|
|
49
|
+
}
|
|
50
|
+
get body() {
|
|
51
|
+
return this._authzGuard.body;
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
exports.HttpAuthzActionToSubObjectsGuardUtil = HttpAuthzActionToSubObjectsGuardUtil;
|
|
55
|
+
//# sourceMappingURL=http-authz.action-to-sub-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.action-to-sub-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.action-to-sub-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,mEAA6D;AAK7D,MAAa,oCAAoC;IAG/C,YACmB,OAAyB,EACzB,MAAc;QADd,YAAO,GAAP,OAAO,CAAkB;QACzB,WAAM,GAAN,MAAM,CAAQ;QAE/B,IAAI,CAAC,WAAW,GAAG,IAAI,0CAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,SAAiB,EACjB,YAAsB,EACtB,SAAkB;QAElB,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;YAC7B,IAAI,QAAQ,GAAG,EAAE,CAAC;YAElB,IAAI,SAAS,EAAE;gBACb,QAAQ,GAAG;oBACT;wBACE,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,EAAE;qBACb;iBACF,CAAC;aACH;YAED,QAAQ,GAAG;gBACT,GAAG,QAAQ;gBACX,GAAG;oBACD;wBACE,MAAM,EAAE,EAAE;wBACV,MAAM;wBACN,QAAQ;qBACT;oBACD;wBACE,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,EAAE;qBACb;iBACF;aACF,CAAC;YAEF,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,EAAE;gBAC/C,OAAO,KAAK,CAAC;aACd;SACF;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;IACjC,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/B,CAAC;CACF;AAvED,oFAuEC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzAttachObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private _util;
|
|
5
|
+
constructor(context: ExecutionContext);
|
|
6
|
+
isAuthorized(object: string, objectId: string, attachObject: string, attachObjectIds: string[], namespace?: string): boolean;
|
|
7
|
+
get params(): any;
|
|
8
|
+
get query(): any;
|
|
9
|
+
get body(): any;
|
|
10
|
+
}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzAttachObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_action_to_sub_objects_guard_util_1 = require("./http-authz.action-to-sub-objects.guard.util");
|
|
5
|
+
class HttpAuthzAttachObjectsGuardUtil {
|
|
6
|
+
constructor(context) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this._util = new http_authz_action_to_sub_objects_guard_util_1.HttpAuthzActionToSubObjectsGuardUtil(context, "create");
|
|
9
|
+
}
|
|
10
|
+
isAuthorized(object, objectId, attachObject, attachObjectIds, namespace) {
|
|
11
|
+
return this._util.isAuthorized(object, objectId, attachObject, attachObjectIds, namespace);
|
|
12
|
+
}
|
|
13
|
+
get params() {
|
|
14
|
+
return this._util.params;
|
|
15
|
+
}
|
|
16
|
+
get query() {
|
|
17
|
+
return this._util.query;
|
|
18
|
+
}
|
|
19
|
+
get body() {
|
|
20
|
+
return this._util.body;
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
exports.HttpAuthzAttachObjectsGuardUtil = HttpAuthzAttachObjectsGuardUtil;
|
|
24
|
+
//# sourceMappingURL=http-authz.attach-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.attach-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.attach-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,+GAAqG;AAKrG,MAAa,+BAA+B;IAG1C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,kFAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,eAAyB,EACzB,SAAkB;QAElB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAC5B,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,SAAS,CACV,CAAC;IACJ,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAzCD,0EAyCC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzDetachObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private _util;
|
|
5
|
+
constructor(context: ExecutionContext);
|
|
6
|
+
isAuthorized(object: string, objectId: string, detachObject: string, detachObjectIds: string[], namespace?: string): boolean;
|
|
7
|
+
get params(): any;
|
|
8
|
+
get query(): any;
|
|
9
|
+
get body(): any;
|
|
10
|
+
}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzDetachObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_action_to_sub_objects_guard_util_1 = require("./http-authz.action-to-sub-objects.guard.util");
|
|
5
|
+
class HttpAuthzDetachObjectsGuardUtil {
|
|
6
|
+
constructor(context) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this._util = new http_authz_action_to_sub_objects_guard_util_1.HttpAuthzActionToSubObjectsGuardUtil(context, "delete");
|
|
9
|
+
}
|
|
10
|
+
isAuthorized(object, objectId, detachObject, detachObjectIds, namespace) {
|
|
11
|
+
return this._util.isAuthorized(object, objectId, detachObject, detachObjectIds, namespace);
|
|
12
|
+
}
|
|
13
|
+
get params() {
|
|
14
|
+
return this._util.params;
|
|
15
|
+
}
|
|
16
|
+
get query() {
|
|
17
|
+
return this._util.query;
|
|
18
|
+
}
|
|
19
|
+
get body() {
|
|
20
|
+
return this._util.body;
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
exports.HttpAuthzDetachObjectsGuardUtil = HttpAuthzDetachObjectsGuardUtil;
|
|
24
|
+
//# sourceMappingURL=http-authz.detach-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.detach-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.detach-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,+GAAqG;AAKrG,MAAa,+BAA+B;IAG1C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,kFAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,eAAyB,EACzB,SAAkB;QAElB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAC5B,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,SAAS,CACV,CAAC;IACJ,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAzCD,0EAyCC"}
|
|
@@ -5,6 +5,7 @@ export declare class HttpAuthzGuardUtil {
|
|
|
5
5
|
private _token;
|
|
6
6
|
readonly params: any;
|
|
7
7
|
readonly query: any;
|
|
8
|
+
readonly body: any;
|
|
8
9
|
constructor(context: ExecutionContext);
|
|
9
10
|
isAuthorized(...authzRequests: AuthorizationRequestInterface[]): boolean;
|
|
10
11
|
private _doesScopeAuthorizeRequest;
|
|
@@ -24,6 +24,7 @@ class HttpAuthzGuardUtil {
|
|
|
24
24
|
this._token = decodedToken;
|
|
25
25
|
this.params = request.params;
|
|
26
26
|
this.query = request.query;
|
|
27
|
+
this.body = request.body;
|
|
27
28
|
}
|
|
28
29
|
isAuthorized(...authzRequests) {
|
|
29
30
|
const scopes = this._token.scopes;
|
|
@@ -54,4 +55,4 @@ class HttpAuthzGuardUtil {
|
|
|
54
55
|
}
|
|
55
56
|
}
|
|
56
57
|
exports.HttpAuthzGuardUtil = HttpAuthzGuardUtil;
|
|
57
|
-
//# sourceMappingURL=http-authz
|
|
58
|
+
//# sourceMappingURL=http-authz.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.guard.util.ts"],"names":[],"mappings":";;;AAAA,2CAA6E;AAC7E,oCAAoC;AAEpC,uEAAmE;AAEnE,MAAa,kBAAkB;IAM7B,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QAC1D,IAAI,CAAC,mBAAmB,EAAE;YACxB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QACD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrE,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,CAAmB,CAAC;QAC/D,IAAI,CAAC,YAAY,EAAE;YACjB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAEM,YAAY,CAAC,GAAG,aAA8C;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAElC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;YAC1B,IAAI,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE;gBACzD,OAAO,IAAI,CAAC;aACb;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,0BAA0B,CAChC,KAAa,EACb,aAA8C;QAE9C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE/B,MAAM,uBAAuB,GAAG,EAAE,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;YACxC,uBAAuB,CAAC,IAAI,CAC1B,IAAI,gDAAsB,CACxB,IAAI,CAAC,MAAM,CAAC,GAAG,EACf,KAAK,CAAC,CAAC,CAAC,EACR,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EACZ,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CACb,CACF,CAAC;SACH;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,EAAE;gBAC/B,OAAO,KAAK,CAAC;aACd;YACD,MAAM,SAAS,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE;gBACxC,OAAO,KAAK,CAAC;aACd;SACF;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAxED,gDAwEC"}
|
package/lib/src/auth/index.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export * from "./authenticator.interface";
|
|
2
2
|
export * from "./topic-authorizor.interface";
|
|
3
3
|
export * from "./fake-authenticator";
|
|
4
|
-
export * from "./http-authz
|
|
4
|
+
export * from "./http-authz.guard.util";
|
|
5
|
+
export * from "./http-authz.attach-objects.guard.util";
|
package/lib/src/auth/index.js
CHANGED
|
@@ -13,5 +13,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
13
13
|
__exportStar(require("./authenticator.interface"), exports);
|
|
14
14
|
__exportStar(require("./topic-authorizor.interface"), exports);
|
|
15
15
|
__exportStar(require("./fake-authenticator"), exports);
|
|
16
|
-
__exportStar(require("./http-authz
|
|
16
|
+
__exportStar(require("./http-authz.guard.util"), exports);
|
|
17
|
+
__exportStar(require("./http-authz.attach-objects.guard.util"), exports);
|
|
17
18
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC;AACxC,yEAAuD"}
|
|
@@ -89,13 +89,13 @@ let DefaultConfig = class DefaultConfig {
|
|
|
89
89
|
return this._clientId;
|
|
90
90
|
}
|
|
91
91
|
get apiVersion() {
|
|
92
|
-
return process.env.API_VERSION;
|
|
92
|
+
return process.env.API_VERSION || "v1";
|
|
93
93
|
}
|
|
94
94
|
get appPrefix() {
|
|
95
|
-
return process.env.APP_PREFIX;
|
|
95
|
+
return process.env.APP_PREFIX || "api";
|
|
96
96
|
}
|
|
97
97
|
get docsPrefix() {
|
|
98
|
-
return process.env.DOCS_PREFIX;
|
|
98
|
+
return process.env.DOCS_PREFIX || "docs";
|
|
99
99
|
}
|
|
100
100
|
get docsEnabled() {
|
|
101
101
|
return process.env.DOCS_ENABLED === "true";
|
|
@@ -111,10 +111,10 @@ let DefaultConfig = class DefaultConfig {
|
|
|
111
111
|
return process.env.ENV_NAME;
|
|
112
112
|
}
|
|
113
113
|
get logLevels() {
|
|
114
|
-
return process.env.LOG_LEVELS.trim().split(",");
|
|
114
|
+
return (process.env.LOG_LEVELS || "debug,info,error").trim().split(",");
|
|
115
115
|
}
|
|
116
116
|
get httpPort() {
|
|
117
|
-
return parseInt(process.env.HTTP_PORT, 10);
|
|
117
|
+
return parseInt(process.env.HTTP_PORT || "3000", 10);
|
|
118
118
|
}
|
|
119
119
|
get metrics() {
|
|
120
120
|
return new metrics_host_config_1.MetricsHostConfig(process.env.GRAPHITE_HOST, process.env.GRAPHITE_PORT, process.env.METRICS_ENABLED);
|
|
@@ -126,7 +126,7 @@ let DefaultConfig = class DefaultConfig {
|
|
|
126
126
|
return process.env.HEALTHZ_FILE_PATH || "/tmp/healthz";
|
|
127
127
|
}
|
|
128
128
|
get elasticsearch() {
|
|
129
|
-
return new elasticsearch_config_1.ElasticsearchConfig(process.env.ELASTICSEARCH_URL, process.env.ELASTICSEARCH_PING_INTERVAL_SECONDS || "10");
|
|
129
|
+
return new elasticsearch_config_1.ElasticsearchConfig(process.env.ELASTICSEARCH_URL || "http://elasticsearch:9200", process.env.ELASTICSEARCH_PING_INTERVAL_SECONDS || "10");
|
|
130
130
|
}
|
|
131
131
|
get consumerType() {
|
|
132
132
|
return (process.env.CONSUMER_TYPE ||
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"default-config.js","sourceRoot":"","sources":["../../../src/config/default-config.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,+DAA0D;AAG1D,yBAAyB;AACzB,mCAAuC;AACvC,iDAA6C;AAE7C,6CAAyC;AAEzC,2CAA4C;AAE5C,iEAA6D;AAE7D,6DAAwD;AAIxD,IAAa,aAAa,GAA1B,MAAa,aAAa;IAKxB,YACE,QAAgB,EAChB,OAAe,EACE,SAAiB,EAClC,mBAA4B;QADX,cAAS,GAAT,SAAS,CAAQ;QAGlC,IAAI,CAAC,KAAK,CACR,QAAQ,EACR,OAAO,EACP,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,mBAAmB,IAAI,EAAE,CAClD,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAEM,MAAM;QACX,OAAO;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,QAAgB,EAAE,OAAe,EAAE,WAAmB;QACpE,MAAM,WAAW,GAAG,GAAG,QAAQ,MAAM,CAAC;QACtC,MAAM,UAAU,GAAG,GAAG,WAAW,IAAI,WAAW,MAAM,CAAC;QACvD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;YAC7B,eAAM,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;SAC9B;QAED,MAAM,WAAW,GAAG,GAAG,WAAW,IAAI,WAAW,GAC/C,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EACtB,aAAa,CAAC;QACd,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;YAC9B,MAAM,SAAS,GAAG,cAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC;YAEtD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;aAC/B;SACF;QAED,MAAM,kBAAkB,GAAG,GAAG,WAAW,IAAI,WAAW,eAAe,CAAC;QACxE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;YACrC,MAAM,SAAS,GAAG,cAAK,CAAC,EAAE,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAE7D,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;aAC/B;SACF;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,OAAO,eAAe,CAAC,CAAC;QACvD,IAAI,CAAC,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC;QACjC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,OAAO,CAAC;IAC7C,CAAC;IAED,IAAW,gBAAgB;QACzB,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwC,CAAC;IAC9D,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAsC,CAAC;IAC5D,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC,eAAe,CAAC;IACzD,CAAC;IAED,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"default-config.js","sourceRoot":"","sources":["../../../src/config/default-config.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,+DAA0D;AAG1D,yBAAyB;AACzB,mCAAuC;AACvC,iDAA6C;AAE7C,6CAAyC;AAEzC,2CAA4C;AAE5C,iEAA6D;AAE7D,6DAAwD;AAIxD,IAAa,aAAa,GAA1B,MAAa,aAAa;IAKxB,YACE,QAAgB,EAChB,OAAe,EACE,SAAiB,EAClC,mBAA4B;QADX,cAAS,GAAT,SAAS,CAAQ;QAGlC,IAAI,CAAC,KAAK,CACR,QAAQ,EACR,OAAO,EACP,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,mBAAmB,IAAI,EAAE,CAClD,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAEM,MAAM;QACX,OAAO;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,QAAgB,EAAE,OAAe,EAAE,WAAmB;QACpE,MAAM,WAAW,GAAG,GAAG,QAAQ,MAAM,CAAC;QACtC,MAAM,UAAU,GAAG,GAAG,WAAW,IAAI,WAAW,MAAM,CAAC;QACvD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;YAC7B,eAAM,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;SAC9B;QAED,MAAM,WAAW,GAAG,GAAG,WAAW,IAAI,WAAW,GAC/C,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EACtB,aAAa,CAAC;QACd,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;YAC9B,MAAM,SAAS,GAAG,cAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC;YAEtD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;aAC/B;SACF;QAED,MAAM,kBAAkB,GAAG,GAAG,WAAW,IAAI,WAAW,eAAe,CAAC;QACxE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;YACrC,MAAM,SAAS,GAAG,cAAK,CAAC,EAAE,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAE7D,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;aAC/B;SACF;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,OAAO,eAAe,CAAC,CAAC;QACvD,IAAI,CAAC,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC;QACjC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,OAAO,CAAC;IAC7C,CAAC;IAED,IAAW,gBAAgB;QACzB,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwC,CAAC;IAC9D,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAsC,CAAC;IAC5D,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC,eAAe,CAAC;IACzD,CAAC;IAED,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC;IACzC,CAAC;IAED,IAAW,SAAS;QAClB,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,KAAK,CAAC;IACzC,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;IAC3C,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,MAAM,CAAC;IAC7C,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,0BAAW,CACpB,OAAO,CAAC,GAAG,CAAC,aAAa,EACzB,OAAO,CAAC,GAAG,CAAC,UAAU,EACtB,OAAO,CAAC,GAAG,CAAC,UAAU,EACtB,OAAO,CAAC,GAAG,CAAC,cAAc,EAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,EAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,EAC1B,OAAO,CAAC,GAAG,CAAC,wBAAwB;YAClC,GAAG,IAAI,CAAC,QAAQ,qBAAqB,EACvC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CACpE,CAAC;IACJ,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED,IAAW,SAAS;QAClB,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,kBAAkB,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,IAAW,OAAO;QAChB,OAAO,IAAI,uCAAiB,CAC1B,OAAO,CAAC,GAAG,CAAC,aAAa,EACzB,OAAO,CAAC,GAAG,CAAC,aAAa,EACzB,OAAO,CAAC,GAAG,CAAC,eAAe,CAC5B,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO,IAAI,sBAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACpE,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,cAAc,CAAC;IACzD,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,IAAI,0CAAmB,CAC5B,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B,EAC5D,OAAO,CAAC,GAAG,CAAC,mCAAmC,IAAI,IAAI,CACxD,CAAC;IACJ,CAAC;IAED,IAAW,YAAY;QACrB,OAAO,CACJ,OAAO,CAAC,GAAG,CAAC,aAAkC;YAC/C,qCAAgB,CAAC,OAAO,CACzB,CAAC;IACJ,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,MAAM,CAAC;IAC5C,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC;IAC/C,CAAC;CACF,CAAA;AApLY,aAAa;IADzB,mBAAU,EAAE;;GACA,aAAa,CAoLzB;AApLY,sCAAa"}
|
package/package.json
CHANGED
|
@@ -9,33 +9,45 @@ export class AuthorizationAllowance {
|
|
|
9
9
|
) {}
|
|
10
10
|
|
|
11
11
|
public isRequestAllowed(request: AuthorizationRequestInterface): boolean {
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
if (
|
|
13
|
+
request.object &&
|
|
14
|
+
request.object.trim() !== "" &&
|
|
15
|
+
this.object &&
|
|
16
|
+
this.object.trim() !== ""
|
|
17
|
+
) {
|
|
18
|
+
// Check object
|
|
19
|
+
if (this.object !== "any" && request.object !== this.object) {
|
|
20
|
+
return false;
|
|
21
|
+
}
|
|
15
22
|
}
|
|
16
23
|
|
|
17
24
|
// Check object id
|
|
18
25
|
if (
|
|
19
|
-
|
|
20
|
-
request.objectId.toString()
|
|
21
|
-
|
|
26
|
+
request.objectId &&
|
|
27
|
+
request.objectId.toString().trim() !== "" &&
|
|
28
|
+
this.objectId &&
|
|
29
|
+
this.objectId.toString().trim() !== ""
|
|
22
30
|
) {
|
|
23
|
-
|
|
31
|
+
if (
|
|
32
|
+
this.objectId !== "any" &&
|
|
33
|
+
request.objectId.toString() !== this.objectId.toString()
|
|
34
|
+
) {
|
|
35
|
+
return false;
|
|
36
|
+
}
|
|
24
37
|
}
|
|
25
38
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
39
|
+
if (
|
|
40
|
+
request.action &&
|
|
41
|
+
request.action.trim() !== "" &&
|
|
42
|
+
this.action &&
|
|
43
|
+
this.action !== ""
|
|
44
|
+
) {
|
|
45
|
+
// Check action
|
|
46
|
+
if (this.action !== "any" && request.action !== this.action) {
|
|
47
|
+
return false;
|
|
48
|
+
}
|
|
29
49
|
}
|
|
30
50
|
|
|
31
51
|
return true;
|
|
32
52
|
}
|
|
33
|
-
|
|
34
|
-
private _isRequestingSelf(request: AuthorizationRequestInterface) {
|
|
35
|
-
return (
|
|
36
|
-
request.object === "user" &&
|
|
37
|
-
request.objectId.toString() === this.subject.toString() &&
|
|
38
|
-
this.objectId === "self"
|
|
39
|
-
);
|
|
40
|
-
}
|
|
41
53
|
}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import { HttpAuthzGuardUtil } from "./http-authz.guard.util";
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Authorizes attachments of objects to another object by object id
|
|
6
|
+
*/
|
|
7
|
+
export class HttpAuthzActionToSubObjectsGuardUtil {
|
|
8
|
+
private _authzGuard: HttpAuthzGuardUtil;
|
|
9
|
+
|
|
10
|
+
constructor(
|
|
11
|
+
private readonly context: ExecutionContext,
|
|
12
|
+
private readonly action: string
|
|
13
|
+
) {
|
|
14
|
+
this._authzGuard = new HttpAuthzGuardUtil(context);
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
/**
|
|
18
|
+
* @param {string} object The object name of object A
|
|
19
|
+
* @param {string} objectId The object ID of object A
|
|
20
|
+
* @param {string} subObject The object name of objects B
|
|
21
|
+
* @param {string[]} subObjectIds The object IDs of Objects B to attach to object A
|
|
22
|
+
* @param {string?} namespace (Optional) The namespace of objects A and B
|
|
23
|
+
*/
|
|
24
|
+
public isAuthorized(
|
|
25
|
+
object: string,
|
|
26
|
+
objectId: string,
|
|
27
|
+
subObject: string,
|
|
28
|
+
subObjectIds: string[],
|
|
29
|
+
namespace?: string
|
|
30
|
+
) {
|
|
31
|
+
for (const id of subObjectIds) {
|
|
32
|
+
let requests = [];
|
|
33
|
+
|
|
34
|
+
if (namespace) {
|
|
35
|
+
requests = [
|
|
36
|
+
{
|
|
37
|
+
action: "",
|
|
38
|
+
object: namespace,
|
|
39
|
+
objectId: "",
|
|
40
|
+
},
|
|
41
|
+
];
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
requests = [
|
|
45
|
+
...requests,
|
|
46
|
+
...[
|
|
47
|
+
{
|
|
48
|
+
action: "",
|
|
49
|
+
object,
|
|
50
|
+
objectId,
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
action: this.action,
|
|
54
|
+
object: subObject,
|
|
55
|
+
objectId: id,
|
|
56
|
+
},
|
|
57
|
+
],
|
|
58
|
+
];
|
|
59
|
+
|
|
60
|
+
if (!this._authzGuard.isAuthorized(...requests)) {
|
|
61
|
+
return false;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
return true;
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
public get params() {
|
|
68
|
+
return this._authzGuard.params;
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
public get query() {
|
|
72
|
+
return this._authzGuard.query;
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
public get body() {
|
|
76
|
+
return this._authzGuard.body;
|
|
77
|
+
}
|
|
78
|
+
}
|