@cryptexlabs/codex-nodejs-common 0.1.15 → 0.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/lib/package.json +1 -1
  2. package/lib/src/auth/authorization-allowance.d.ts +0 -1
  3. package/lib/src/auth/authorization-allowance.js +22 -13
  4. package/lib/src/auth/authorization-allowance.js.map +1 -1
  5. package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.d.ts +11 -0
  6. package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js +55 -0
  7. package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js.map +1 -0
  8. package/lib/src/auth/http-authz.attach-objects.guard.util.d.ts +10 -0
  9. package/lib/src/auth/http-authz.attach-objects.guard.util.js +24 -0
  10. package/lib/src/auth/http-authz.attach-objects.guard.util.js.map +1 -0
  11. package/lib/src/auth/http-authz.detach-objects.guard.util.d.ts +10 -0
  12. package/lib/src/auth/http-authz.detach-objects.guard.util.js +24 -0
  13. package/lib/src/auth/http-authz.detach-objects.guard.util.js.map +1 -0
  14. package/lib/src/auth/{http-authz-guard.util.d.ts → http-authz.guard.util.d.ts} +1 -0
  15. package/lib/src/auth/{http-authz-guard.util.js → http-authz.guard.util.js} +2 -1
  16. package/lib/src/auth/http-authz.guard.util.js.map +1 -0
  17. package/lib/src/auth/index.d.ts +2 -1
  18. package/lib/src/auth/index.js +2 -1
  19. package/lib/src/auth/index.js.map +1 -1
  20. package/lib/src/config/default-config.js +6 -6
  21. package/lib/src/config/default-config.js.map +1 -1
  22. package/package.json +1 -1
  23. package/src/auth/authorization-allowance.ts +30 -18
  24. package/src/auth/http-authz.action-to-sub-objects.guard.util.ts +78 -0
  25. package/src/auth/http-authz.attach-objects.guard.util.spec.ts +369 -0
  26. package/src/auth/http-authz.attach-objects.guard.util.ts +48 -0
  27. package/src/auth/http-authz.detach-objects.guard.util.spec.ts +369 -0
  28. package/src/auth/http-authz.detach-objects.guard.util.ts +48 -0
  29. package/src/auth/{http-authz-guard.util.spec.ts → http-authz.guard.util.spec.ts} +3 -3
  30. package/src/auth/{http-authz-guard.util.ts → http-authz.guard.util.ts} +2 -0
  31. package/src/auth/index.ts +2 -1
  32. package/src/config/default-config.ts +6 -6
  33. package/lib/src/auth/http-authz-guard.util.js.map +0 -1
package/src/auth/http-authz.attach-objects.guard.util.spec.ts ADDED
@@ -0,0 +1,369 @@
1
+ import { ExecutionContext } from "@nestjs/common";
2
+ import * as jwt from "jsonwebtoken";
3
+ import { HttpAuthzAttachObjectsGuardUtil } from "./http-authz.attach-objects.guard.util";
4
+
5
+ describe(HttpAuthzAttachObjectsGuardUtil.name, () => {
6
+ it("Should allow super admin to attach a group to a user", () => {
7
+ const token = jwt.sign(
8
+ {
9
+ scopes: [`cool-app:::any:any:any:any:any:any`],
10
+ },
11
+ "hello"
12
+ );
13
+
14
+ const context = {
15
+ switchToHttp: () => ({
16
+ getRequest: () => ({
17
+ headers: {
18
+ authorization: `Bearer ${token}`,
19
+ },
20
+ params: {
21
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
22
+ },
23
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
24
+ }),
25
+ }),
26
+ } as ExecutionContext;
27
+
28
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
29
+
30
+ expect(
31
+ util.isAuthorized(
32
+ "user",
33
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
34
+ "group",
35
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
36
+ "cool-app"
37
+ )
38
+ ).toBe(true);
39
+ });
40
+
41
+ it("Should allow someone with permission to attach any group to a user to attach a group to the user", () => {
42
+ const token = jwt.sign(
43
+ {
44
+ scopes: [
45
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:create`,
46
+ ],
47
+ },
48
+ "hello"
49
+ );
50
+
51
+ const context = {
52
+ switchToHttp: () => ({
53
+ getRequest: () => ({
54
+ headers: {
55
+ authorization: `Bearer ${token}`,
56
+ },
57
+ }),
58
+ }),
59
+ } as ExecutionContext;
60
+
61
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
62
+
63
+ expect(
64
+ util.isAuthorized(
65
+ "user",
66
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
67
+ "group",
68
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
69
+ "cool-app"
70
+ )
71
+ ).toBe(true);
72
+ });
73
+
74
+ it("Should allow someone with permission to do anything to any group on a user to attach a group to the user", () => {
75
+ const token = jwt.sign(
76
+ {
77
+ scopes: [
78
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:any`,
79
+ ],
80
+ },
81
+ "hello"
82
+ );
83
+
84
+ const context = {
85
+ switchToHttp: () => ({
86
+ getRequest: () => ({
87
+ headers: {
88
+ authorization: `Bearer ${token}`,
89
+ },
90
+ params: {
91
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
92
+ },
93
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
94
+ }),
95
+ }),
96
+ } as ExecutionContext;
97
+
98
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
99
+
100
+ expect(
101
+ util.isAuthorized(
102
+ "user",
103
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
104
+ "group",
105
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
106
+ "cool-app"
107
+ )
108
+ ).toBe(true);
109
+ });
110
+
111
+ it("Should allow someone with permission to do anything to any sub object for a user to attach a group to the user", () => {
112
+ const token = jwt.sign(
113
+ {
114
+ scopes: [
115
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::any:any:any`,
116
+ ],
117
+ },
118
+ "hello"
119
+ );
120
+
121
+ const context = {
122
+ switchToHttp: () => ({
123
+ getRequest: () => ({
124
+ headers: {
125
+ authorization: `Bearer ${token}`,
126
+ },
127
+ params: {
128
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
129
+ },
130
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
131
+ }),
132
+ }),
133
+ } as ExecutionContext;
134
+
135
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
136
+
137
+ expect(
138
+ util.isAuthorized(
139
+ "user",
140
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
141
+ "group",
142
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
143
+ "cool-app"
144
+ )
145
+ ).toBe(true);
146
+ });
147
+
148
+ it("Should allow someone with permission to attach a specific group to a user to attach the group to the user", () => {
149
+ const token = jwt.sign(
150
+ {
151
+ scopes: [
152
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
153
+ ],
154
+ },
155
+ "hello"
156
+ );
157
+
158
+ const context = {
159
+ switchToHttp: () => ({
160
+ getRequest: () => ({
161
+ headers: {
162
+ authorization: `Bearer ${token}`,
163
+ },
164
+ params: {
165
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
166
+ },
167
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
168
+ }),
169
+ }),
170
+ } as ExecutionContext;
171
+
172
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
173
+
174
+ expect(
175
+ util.isAuthorized(
176
+ "user",
177
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
178
+ "group",
179
+ ["680dddec-f0b9-4a01-b8b5-be725f946935"],
180
+ "cool-app"
181
+ )
182
+ ).toBe(true);
183
+ });
184
+
185
+ it("Should not allow someone with permission to attach any group to a different user to attach a group to the user", () => {
186
+ const token = jwt.sign(
187
+ {
188
+ scopes: [
189
+ `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:create`,
190
+ ],
191
+ },
192
+ "hello"
193
+ );
194
+
195
+ const context = {
196
+ switchToHttp: () => ({
197
+ getRequest: () => ({
198
+ headers: {
199
+ authorization: `Bearer ${token}`,
200
+ },
201
+ params: {
202
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
203
+ },
204
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
205
+ }),
206
+ }),
207
+ } as ExecutionContext;
208
+
209
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
210
+
211
+ expect(
212
+ util.isAuthorized(
213
+ "user",
214
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
215
+ "group",
216
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
217
+ "cool-app"
218
+ )
219
+ ).toBe(false);
220
+ });
221
+
222
+ it("Should not allow someone with permission to do anything to a different user to attach a group to the user", () => {
223
+ const token = jwt.sign(
224
+ {
225
+ scopes: [
226
+ `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:any`,
227
+ ],
228
+ },
229
+ "hello"
230
+ );
231
+
232
+ const context = {
233
+ switchToHttp: () => ({
234
+ getRequest: () => ({
235
+ headers: {
236
+ authorization: `Bearer ${token}`,
237
+ },
238
+ params: {
239
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
240
+ },
241
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
242
+ }),
243
+ }),
244
+ } as ExecutionContext;
245
+
246
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
247
+
248
+ expect(
249
+ util.isAuthorized(
250
+ "user",
251
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
252
+ "group",
253
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
254
+ "cool-app"
255
+ )
256
+ ).toBe(false);
257
+ });
258
+
259
+ it("Should not allow someone with permission to do anything to any sub object for a different user to attach a group to the user", () => {
260
+ const token = jwt.sign(
261
+ {
262
+ scopes: [
263
+ `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::any:any:any`,
264
+ ],
265
+ },
266
+ "hello"
267
+ );
268
+
269
+ const context = {
270
+ switchToHttp: () => ({
271
+ getRequest: () => ({
272
+ headers: {
273
+ authorization: `Bearer ${token}`,
274
+ },
275
+ params: {
276
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
277
+ },
278
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
279
+ }),
280
+ }),
281
+ } as ExecutionContext;
282
+
283
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
284
+
285
+ expect(
286
+ util.isAuthorized(
287
+ "user",
288
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
289
+ "group",
290
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
291
+ "cool-app"
292
+ )
293
+ ).toBe(false);
294
+ });
295
+
296
+ it("Should not allow someone with permission to attach a specific group to a different user to attach the group to the user", () => {
297
+ const token = jwt.sign(
298
+ {
299
+ scopes: [
300
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
301
+ ],
302
+ },
303
+ "hello"
304
+ );
305
+
306
+ const context = {
307
+ switchToHttp: () => ({
308
+ getRequest: () => ({
309
+ headers: {
310
+ authorization: `Bearer ${token}`,
311
+ },
312
+ params: {
313
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
314
+ },
315
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
316
+ }),
317
+ }),
318
+ } as ExecutionContext;
319
+
320
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
321
+
322
+ expect(
323
+ util.isAuthorized(
324
+ "user",
325
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
326
+ "group",
327
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
328
+ "cool-app"
329
+ )
330
+ ).toBe(false);
331
+ });
332
+
333
+ it("Should not allow someone with permission to attach a different specific permission to a user to attach the group to the user", () => {
334
+ const token = jwt.sign(
335
+ {
336
+ scopes: [
337
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
338
+ ],
339
+ },
340
+ "hello"
341
+ );
342
+
343
+ const context = {
344
+ switchToHttp: () => ({
345
+ getRequest: () => ({
346
+ headers: {
347
+ authorization: `Bearer ${token}`,
348
+ },
349
+ params: {
350
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
351
+ },
352
+ body: ["5be3176f-c066-4418-b682-18e16fd07b84"],
353
+ }),
354
+ }),
355
+ } as ExecutionContext;
356
+
357
+ const util = new HttpAuthzAttachObjectsGuardUtil(context);
358
+
359
+ expect(
360
+ util.isAuthorized(
361
+ "user",
362
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
363
+ "group",
364
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
365
+ "cool-app"
366
+ )
367
+ ).toBe(false);
368
+ });
369
+ });
package/src/auth/http-authz.attach-objects.guard.util.ts ADDED
@@ -0,0 +1,48 @@
1
+ import { ExecutionContext } from "@nestjs/common";
2
+ import { HttpAuthzActionToSubObjectsGuardUtil } from "./http-authz.action-to-sub-objects.guard.util";
3
+
4
+ /**
5
+ * Authorizes attachments of objects to another object by object id
6
+ */
7
+ export class HttpAuthzAttachObjectsGuardUtil {
8
+ private _util: HttpAuthzActionToSubObjectsGuardUtil;
9
+
10
+ constructor(private readonly context: ExecutionContext) {
11
+ this._util = new HttpAuthzActionToSubObjectsGuardUtil(context, "create");
12
+ }
13
+
14
+ /**
15
+ * @param {string} object The object name of object A
16
+ * @param {string} objectId The object ID of object A
17
+ * @param {string} attachObject The object name of objects B
18
+ * @param {string[]} attachObjectIds The object IDs of Objects B to attach to object A
19
+ * @param {string?} namespace (Optional) The namespace of objects A and B
20
+ */
21
+ public isAuthorized(
22
+ object: string,
23
+ objectId: string,
24
+ attachObject: string,
25
+ attachObjectIds: string[],
26
+ namespace?: string
27
+ ) {
28
+ return this._util.isAuthorized(
29
+ object,
30
+ objectId,
31
+ attachObject,
32
+ attachObjectIds,
33
+ namespace
34
+ );
35
+ }
36
+
37
+ public get params() {
38
+ return this._util.params;
39
+ }
40
+
41
+ public get query() {
42
+ return this._util.query;
43
+ }
44
+
45
+ public get body() {
46
+ return this._util.body;
47
+ }
48
+ }