@cryptexlabs/codex-nodejs-common 0.1.16 → 0.1.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/package.json +1 -1
- package/lib/src/auth/authorization-allowance.d.ts +0 -1
- package/lib/src/auth/authorization-allowance.js +1 -7
- package/lib/src/auth/authorization-allowance.js.map +1 -1
- package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.d.ts +11 -0
- package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js +55 -0
- package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js.map +1 -0
- package/lib/src/auth/http-authz.attach-objects.guard.util.d.ts +10 -0
- package/lib/src/auth/http-authz.attach-objects.guard.util.js +24 -0
- package/lib/src/auth/http-authz.attach-objects.guard.util.js.map +1 -0
- package/lib/src/auth/http-authz.detach-objects.guard.util.d.ts +10 -0
- package/lib/src/auth/http-authz.detach-objects.guard.util.js +24 -0
- package/lib/src/auth/http-authz.detach-objects.guard.util.js.map +1 -0
- package/lib/src/auth/{http-authz-guard.util.d.ts → http-authz.guard.util.d.ts} +1 -0
- package/lib/src/auth/{http-authz-guard.util.js → http-authz.guard.util.js} +2 -1
- package/lib/src/auth/http-authz.guard.util.js.map +1 -0
- package/lib/src/auth/index.d.ts +4 -1
- package/lib/src/auth/index.js +4 -1
- package/lib/src/auth/index.js.map +1 -1
- package/lib/src/config/default-config.js +1 -1
- package/lib/src/config/default-config.js.map +1 -1
- package/package.json +1 -1
- package/src/auth/authorization-allowance.ts +1 -10
- package/src/auth/http-authz.action-to-sub-objects.guard.util.ts +78 -0
- package/src/auth/http-authz.attach-objects.guard.util.spec.ts +369 -0
- package/src/auth/http-authz.attach-objects.guard.util.ts +48 -0
- package/src/auth/http-authz.detach-objects.guard.util.spec.ts +369 -0
- package/src/auth/http-authz.detach-objects.guard.util.ts +48 -0
- package/src/auth/{http-authz-guard.util.spec.ts → http-authz.guard.util.spec.ts} +3 -3
- package/src/auth/{http-authz-guard.util.ts → http-authz.guard.util.ts} +2 -0
- package/src/auth/index.ts +4 -1
- package/src/config/default-config.ts +1 -1
- package/lib/src/auth/http-authz-guard.util.js.map +0 -1
package/lib/package.json
CHANGED
|
@@ -22,8 +22,7 @@ class AuthorizationAllowance {
|
|
|
22
22
|
this.objectId &&
|
|
23
23
|
this.objectId.toString().trim() !== "") {
|
|
24
24
|
if (this.objectId !== "any" &&
|
|
25
|
-
request.objectId.toString() !== this.objectId.toString()
|
|
26
|
-
!this._isRequestingSelf(request)) {
|
|
25
|
+
request.objectId.toString() !== this.objectId.toString()) {
|
|
27
26
|
return false;
|
|
28
27
|
}
|
|
29
28
|
}
|
|
@@ -37,11 +36,6 @@ class AuthorizationAllowance {
|
|
|
37
36
|
}
|
|
38
37
|
return true;
|
|
39
38
|
}
|
|
40
|
-
_isRequestingSelf(request) {
|
|
41
|
-
return (request.object === "user" &&
|
|
42
|
-
request.objectId.toString() === this.subject.toString() &&
|
|
43
|
-
this.objectId === "self");
|
|
44
|
-
}
|
|
45
39
|
}
|
|
46
40
|
exports.AuthorizationAllowance = AuthorizationAllowance;
|
|
47
41
|
//# sourceMappingURL=authorization-allowance.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-allowance.js","sourceRoot":"","sources":["../../../src/auth/authorization-allowance.ts"],"names":[],"mappings":";;;AAEA,MAAa,sBAAsB;IACjC,YACmB,OAAO,EACP,MAAM,EACN,QAAQ,EACR,MAAM;QAHN,YAAO,GAAP,OAAO,CAAA;QACP,WAAM,GAAN,MAAM,CAAA;QACN,aAAQ,GAAR,QAAQ,CAAA;QACR,WAAM,GAAN,MAAM,CAAA;IACtB,CAAC;IAEG,gBAAgB,CAAC,OAAsC;QAC5D,IACE,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;YAC5B,IAAI,CAAC,MAAM;YACX,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EACzB;YAEA,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE;gBAC3D,OAAO,KAAK,CAAC;aACd;SACF;QAGD,IACE,OAAO,CAAC,QAAQ;YAChB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE;YACzC,IAAI,CAAC,QAAQ;YACb,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EACtC;YACA,IACE,IAAI,CAAC,QAAQ,KAAK,KAAK;gBACvB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE
|
|
1
|
+
{"version":3,"file":"authorization-allowance.js","sourceRoot":"","sources":["../../../src/auth/authorization-allowance.ts"],"names":[],"mappings":";;;AAEA,MAAa,sBAAsB;IACjC,YACmB,OAAO,EACP,MAAM,EACN,QAAQ,EACR,MAAM;QAHN,YAAO,GAAP,OAAO,CAAA;QACP,WAAM,GAAN,MAAM,CAAA;QACN,aAAQ,GAAR,QAAQ,CAAA;QACR,WAAM,GAAN,MAAM,CAAA;IACtB,CAAC;IAEG,gBAAgB,CAAC,OAAsC;QAC5D,IACE,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;YAC5B,IAAI,CAAC,MAAM;YACX,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EACzB;YAEA,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE;gBAC3D,OAAO,KAAK,CAAC;aACd;SACF;QAGD,IACE,OAAO,CAAC,QAAQ;YAChB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE;YACzC,IAAI,CAAC,QAAQ;YACb,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EACtC;YACA,IACE,IAAI,CAAC,QAAQ,KAAK,KAAK;gBACvB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EACxD;gBACA,OAAO,KAAK,CAAC;aACd;SACF;QAED,IACE,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;YAC5B,IAAI,CAAC,MAAM;YACX,IAAI,CAAC,MAAM,KAAK,EAAE,EAClB;YAEA,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE;gBAC3D,OAAO,KAAK,CAAC;aACd;SACF;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAlDD,wDAkDC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzActionToSubObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private readonly action;
|
|
5
|
+
private _authzGuard;
|
|
6
|
+
constructor(context: ExecutionContext, action: string);
|
|
7
|
+
isAuthorized(object: string, objectId: string, subObject: string, subObjectIds: string[], namespace?: string): boolean;
|
|
8
|
+
get params(): any;
|
|
9
|
+
get query(): any;
|
|
10
|
+
get body(): any;
|
|
11
|
+
}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzActionToSubObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_guard_util_1 = require("./http-authz.guard.util");
|
|
5
|
+
class HttpAuthzActionToSubObjectsGuardUtil {
|
|
6
|
+
constructor(context, action) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this.action = action;
|
|
9
|
+
this._authzGuard = new http_authz_guard_util_1.HttpAuthzGuardUtil(context);
|
|
10
|
+
}
|
|
11
|
+
isAuthorized(object, objectId, subObject, subObjectIds, namespace) {
|
|
12
|
+
for (const id of subObjectIds) {
|
|
13
|
+
let requests = [];
|
|
14
|
+
if (namespace) {
|
|
15
|
+
requests = [
|
|
16
|
+
{
|
|
17
|
+
action: "",
|
|
18
|
+
object: namespace,
|
|
19
|
+
objectId: "",
|
|
20
|
+
},
|
|
21
|
+
];
|
|
22
|
+
}
|
|
23
|
+
requests = [
|
|
24
|
+
...requests,
|
|
25
|
+
...[
|
|
26
|
+
{
|
|
27
|
+
action: "",
|
|
28
|
+
object,
|
|
29
|
+
objectId,
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
action: this.action,
|
|
33
|
+
object: subObject,
|
|
34
|
+
objectId: id,
|
|
35
|
+
},
|
|
36
|
+
],
|
|
37
|
+
];
|
|
38
|
+
if (!this._authzGuard.isAuthorized(...requests)) {
|
|
39
|
+
return false;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
return true;
|
|
43
|
+
}
|
|
44
|
+
get params() {
|
|
45
|
+
return this._authzGuard.params;
|
|
46
|
+
}
|
|
47
|
+
get query() {
|
|
48
|
+
return this._authzGuard.query;
|
|
49
|
+
}
|
|
50
|
+
get body() {
|
|
51
|
+
return this._authzGuard.body;
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
exports.HttpAuthzActionToSubObjectsGuardUtil = HttpAuthzActionToSubObjectsGuardUtil;
|
|
55
|
+
//# sourceMappingURL=http-authz.action-to-sub-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.action-to-sub-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.action-to-sub-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,mEAA6D;AAK7D,MAAa,oCAAoC;IAG/C,YACmB,OAAyB,EACzB,MAAc;QADd,YAAO,GAAP,OAAO,CAAkB;QACzB,WAAM,GAAN,MAAM,CAAQ;QAE/B,IAAI,CAAC,WAAW,GAAG,IAAI,0CAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,SAAiB,EACjB,YAAsB,EACtB,SAAkB;QAElB,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;YAC7B,IAAI,QAAQ,GAAG,EAAE,CAAC;YAElB,IAAI,SAAS,EAAE;gBACb,QAAQ,GAAG;oBACT;wBACE,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,EAAE;qBACb;iBACF,CAAC;aACH;YAED,QAAQ,GAAG;gBACT,GAAG,QAAQ;gBACX,GAAG;oBACD;wBACE,MAAM,EAAE,EAAE;wBACV,MAAM;wBACN,QAAQ;qBACT;oBACD;wBACE,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,EAAE;qBACb;iBACF;aACF,CAAC;YAEF,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,EAAE;gBAC/C,OAAO,KAAK,CAAC;aACd;SACF;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;IACjC,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/B,CAAC;CACF;AAvED,oFAuEC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzAttachObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private _util;
|
|
5
|
+
constructor(context: ExecutionContext);
|
|
6
|
+
isAuthorized(object: string, objectId: string, attachObject: string, attachObjectIds: string[], namespace?: string): boolean;
|
|
7
|
+
get params(): any;
|
|
8
|
+
get query(): any;
|
|
9
|
+
get body(): any;
|
|
10
|
+
}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzAttachObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_action_to_sub_objects_guard_util_1 = require("./http-authz.action-to-sub-objects.guard.util");
|
|
5
|
+
class HttpAuthzAttachObjectsGuardUtil {
|
|
6
|
+
constructor(context) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this._util = new http_authz_action_to_sub_objects_guard_util_1.HttpAuthzActionToSubObjectsGuardUtil(context, "create");
|
|
9
|
+
}
|
|
10
|
+
isAuthorized(object, objectId, attachObject, attachObjectIds, namespace) {
|
|
11
|
+
return this._util.isAuthorized(object, objectId, attachObject, attachObjectIds, namespace);
|
|
12
|
+
}
|
|
13
|
+
get params() {
|
|
14
|
+
return this._util.params;
|
|
15
|
+
}
|
|
16
|
+
get query() {
|
|
17
|
+
return this._util.query;
|
|
18
|
+
}
|
|
19
|
+
get body() {
|
|
20
|
+
return this._util.body;
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
exports.HttpAuthzAttachObjectsGuardUtil = HttpAuthzAttachObjectsGuardUtil;
|
|
24
|
+
//# sourceMappingURL=http-authz.attach-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.attach-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.attach-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,+GAAqG;AAKrG,MAAa,+BAA+B;IAG1C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,kFAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,eAAyB,EACzB,SAAkB;QAElB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAC5B,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,SAAS,CACV,CAAC;IACJ,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAzCD,0EAyCC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzDetachObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private _util;
|
|
5
|
+
constructor(context: ExecutionContext);
|
|
6
|
+
isAuthorized(object: string, objectId: string, detachObject: string, detachObjectIds: string[], namespace?: string): boolean;
|
|
7
|
+
get params(): any;
|
|
8
|
+
get query(): any;
|
|
9
|
+
get body(): any;
|
|
10
|
+
}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzDetachObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_action_to_sub_objects_guard_util_1 = require("./http-authz.action-to-sub-objects.guard.util");
|
|
5
|
+
class HttpAuthzDetachObjectsGuardUtil {
|
|
6
|
+
constructor(context) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this._util = new http_authz_action_to_sub_objects_guard_util_1.HttpAuthzActionToSubObjectsGuardUtil(context, "delete");
|
|
9
|
+
}
|
|
10
|
+
isAuthorized(object, objectId, detachObject, detachObjectIds, namespace) {
|
|
11
|
+
return this._util.isAuthorized(object, objectId, detachObject, detachObjectIds, namespace);
|
|
12
|
+
}
|
|
13
|
+
get params() {
|
|
14
|
+
return this._util.params;
|
|
15
|
+
}
|
|
16
|
+
get query() {
|
|
17
|
+
return this._util.query;
|
|
18
|
+
}
|
|
19
|
+
get body() {
|
|
20
|
+
return this._util.body;
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
exports.HttpAuthzDetachObjectsGuardUtil = HttpAuthzDetachObjectsGuardUtil;
|
|
24
|
+
//# sourceMappingURL=http-authz.detach-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.detach-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.detach-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,+GAAqG;AAKrG,MAAa,+BAA+B;IAG1C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,kFAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,eAAyB,EACzB,SAAkB;QAElB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAC5B,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,SAAS,CACV,CAAC;IACJ,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAzCD,0EAyCC"}
|
|
@@ -5,6 +5,7 @@ export declare class HttpAuthzGuardUtil {
|
|
|
5
5
|
private _token;
|
|
6
6
|
readonly params: any;
|
|
7
7
|
readonly query: any;
|
|
8
|
+
readonly body: any;
|
|
8
9
|
constructor(context: ExecutionContext);
|
|
9
10
|
isAuthorized(...authzRequests: AuthorizationRequestInterface[]): boolean;
|
|
10
11
|
private _doesScopeAuthorizeRequest;
|
|
@@ -24,6 +24,7 @@ class HttpAuthzGuardUtil {
|
|
|
24
24
|
this._token = decodedToken;
|
|
25
25
|
this.params = request.params;
|
|
26
26
|
this.query = request.query;
|
|
27
|
+
this.body = request.body;
|
|
27
28
|
}
|
|
28
29
|
isAuthorized(...authzRequests) {
|
|
29
30
|
const scopes = this._token.scopes;
|
|
@@ -54,4 +55,4 @@ class HttpAuthzGuardUtil {
|
|
|
54
55
|
}
|
|
55
56
|
}
|
|
56
57
|
exports.HttpAuthzGuardUtil = HttpAuthzGuardUtil;
|
|
57
|
-
//# sourceMappingURL=http-authz
|
|
58
|
+
//# sourceMappingURL=http-authz.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.guard.util.ts"],"names":[],"mappings":";;;AAAA,2CAA6E;AAC7E,oCAAoC;AAEpC,uEAAmE;AAEnE,MAAa,kBAAkB;IAM7B,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QAC1D,IAAI,CAAC,mBAAmB,EAAE;YACxB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QACD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrE,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,CAAmB,CAAC;QAC/D,IAAI,CAAC,YAAY,EAAE;YACjB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAEM,YAAY,CAAC,GAAG,aAA8C;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAElC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;YAC1B,IAAI,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE;gBACzD,OAAO,IAAI,CAAC;aACb;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,0BAA0B,CAChC,KAAa,EACb,aAA8C;QAE9C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE/B,MAAM,uBAAuB,GAAG,EAAE,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;YACxC,uBAAuB,CAAC,IAAI,CAC1B,IAAI,gDAAsB,CACxB,IAAI,CAAC,MAAM,CAAC,GAAG,EACf,KAAK,CAAC,CAAC,CAAC,EACR,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EACZ,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CACb,CACF,CAAC;SACH;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,EAAE;gBAC/B,OAAO,KAAK,CAAC;aACd;YACD,MAAM,SAAS,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE;gBACxC,OAAO,KAAK,CAAC;aACd;SACF;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAxED,gDAwEC"}
|
package/lib/src/auth/index.d.ts
CHANGED
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
export * from "./authenticator.interface";
|
|
2
2
|
export * from "./topic-authorizor.interface";
|
|
3
3
|
export * from "./fake-authenticator";
|
|
4
|
-
export * from "./http-authz
|
|
4
|
+
export * from "./http-authz.guard.util";
|
|
5
|
+
export * from "./http-authz.attach-objects.guard.util";
|
|
6
|
+
export * from "./http-authz.detach-objects.guard.util";
|
|
7
|
+
export * from "./http-authz.action-to-sub-objects.guard.util";
|
package/lib/src/auth/index.js
CHANGED
|
@@ -13,5 +13,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
13
13
|
__exportStar(require("./authenticator.interface"), exports);
|
|
14
14
|
__exportStar(require("./topic-authorizor.interface"), exports);
|
|
15
15
|
__exportStar(require("./fake-authenticator"), exports);
|
|
16
|
-
__exportStar(require("./http-authz
|
|
16
|
+
__exportStar(require("./http-authz.guard.util"), exports);
|
|
17
|
+
__exportStar(require("./http-authz.attach-objects.guard.util"), exports);
|
|
18
|
+
__exportStar(require("./http-authz.detach-objects.guard.util"), exports);
|
|
19
|
+
__exportStar(require("./http-authz.action-to-sub-objects.guard.util"), exports);
|
|
17
20
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC;AACxC,yEAAuD;AACvD,yEAAuD;AACvD,gFAA8D"}
|
|
@@ -114,7 +114,7 @@ let DefaultConfig = class DefaultConfig {
|
|
|
114
114
|
return (process.env.LOG_LEVELS || "debug,info,error").trim().split(",");
|
|
115
115
|
}
|
|
116
116
|
get httpPort() {
|
|
117
|
-
return parseInt(process.env.HTTP_PORT, 10);
|
|
117
|
+
return parseInt(process.env.HTTP_PORT || "3000", 10);
|
|
118
118
|
}
|
|
119
119
|
get metrics() {
|
|
120
120
|
return new metrics_host_config_1.MetricsHostConfig(process.env.GRAPHITE_HOST, process.env.GRAPHITE_PORT, process.env.METRICS_ENABLED);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"default-config.js","sourceRoot":"","sources":["../../../src/config/default-config.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,+DAA0D;AAG1D,yBAAyB;AACzB,mCAAuC;AACvC,iDAA6C;AAE7C,6CAAyC;AAEzC,2CAA4C;AAE5C,iEAA6D;AAE7D,6DAAwD;AAIxD,IAAa,aAAa,GAA1B,MAAa,aAAa;IAKxB,YACE,QAAgB,EAChB,OAAe,EACE,SAAiB,EAClC,mBAA4B;QADX,cAAS,GAAT,SAAS,CAAQ;QAGlC,IAAI,CAAC,KAAK,CACR,QAAQ,EACR,OAAO,EACP,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,mBAAmB,IAAI,EAAE,CAClD,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAEM,MAAM;QACX,OAAO;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,QAAgB,EAAE,OAAe,EAAE,WAAmB;QACpE,MAAM,WAAW,GAAG,GAAG,QAAQ,MAAM,CAAC;QACtC,MAAM,UAAU,GAAG,GAAG,WAAW,IAAI,WAAW,MAAM,CAAC;QACvD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;YAC7B,eAAM,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;SAC9B;QAED,MAAM,WAAW,GAAG,GAAG,WAAW,IAAI,WAAW,GAC/C,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EACtB,aAAa,CAAC;QACd,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;YAC9B,MAAM,SAAS,GAAG,cAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC;YAEtD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;aAC/B;SACF;QAED,MAAM,kBAAkB,GAAG,GAAG,WAAW,IAAI,WAAW,eAAe,CAAC;QACxE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;YACrC,MAAM,SAAS,GAAG,cAAK,CAAC,EAAE,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAE7D,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;aAC/B;SACF;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,OAAO,eAAe,CAAC,CAAC;QACvD,IAAI,CAAC,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC;QACjC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,OAAO,CAAC;IAC7C,CAAC;IAED,IAAW,gBAAgB;QACzB,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwC,CAAC;IAC9D,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAsC,CAAC;IAC5D,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC,eAAe,CAAC;IACzD,CAAC;IAED,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC;IACzC,CAAC;IAED,IAAW,SAAS;QAClB,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,KAAK,CAAC;IACzC,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;IAC3C,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,MAAM,CAAC;IAC7C,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,0BAAW,CACpB,OAAO,CAAC,GAAG,CAAC,aAAa,EACzB,OAAO,CAAC,GAAG,CAAC,UAAU,EACtB,OAAO,CAAC,GAAG,CAAC,UAAU,EACtB,OAAO,CAAC,GAAG,CAAC,cAAc,EAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,EAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,EAC1B,OAAO,CAAC,GAAG,CAAC,wBAAwB;YAClC,GAAG,IAAI,CAAC,QAAQ,qBAAqB,EACvC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CACpE,CAAC;IACJ,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED,IAAW,SAAS;QAClB,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,kBAAkB,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"default-config.js","sourceRoot":"","sources":["../../../src/config/default-config.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,+DAA0D;AAG1D,yBAAyB;AACzB,mCAAuC;AACvC,iDAA6C;AAE7C,6CAAyC;AAEzC,2CAA4C;AAE5C,iEAA6D;AAE7D,6DAAwD;AAIxD,IAAa,aAAa,GAA1B,MAAa,aAAa;IAKxB,YACE,QAAgB,EAChB,OAAe,EACE,SAAiB,EAClC,mBAA4B;QADX,cAAS,GAAT,SAAS,CAAQ;QAGlC,IAAI,CAAC,KAAK,CACR,QAAQ,EACR,OAAO,EACP,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,mBAAmB,IAAI,EAAE,CAClD,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC1B,CAAC;IAEM,MAAM;QACX,OAAO;YACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC;IACJ,CAAC;IAES,KAAK,CAAC,QAAgB,EAAE,OAAe,EAAE,WAAmB;QACpE,MAAM,WAAW,GAAG,GAAG,QAAQ,MAAM,CAAC;QACtC,MAAM,UAAU,GAAG,GAAG,WAAW,IAAI,WAAW,MAAM,CAAC;QACvD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;YAC7B,eAAM,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;SAC9B;QAED,MAAM,WAAW,GAAG,GAAG,WAAW,IAAI,WAAW,GAC/C,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EACtB,aAAa,CAAC;QACd,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;YAC9B,MAAM,SAAS,GAAG,cAAK,CAAC,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC;YAEtD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;aAC/B;SACF;QAED,MAAM,kBAAkB,GAAG,GAAG,WAAW,IAAI,WAAW,eAAe,CAAC;QACxE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;YACrC,MAAM,SAAS,GAAG,cAAK,CAAC,EAAE,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAE7D,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE;gBACzB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;aAC/B;SACF;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,OAAO,eAAe,CAAC,CAAC;QACvD,IAAI,CAAC,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC;QACjC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,OAAO,CAAC;IAC7C,CAAC;IAED,IAAW,gBAAgB;QACzB,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwC,CAAC;IAC9D,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAsC,CAAC;IAC5D,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC,eAAe,CAAC;IACzD,CAAC;IAED,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,IAAI,CAAC;IACzC,CAAC;IAED,IAAW,SAAS;QAClB,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,KAAK,CAAC;IACzC,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;IAC3C,CAAC;IAED,IAAW,WAAW;QACpB,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,MAAM,CAAC;IAC7C,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,0BAAW,CACpB,OAAO,CAAC,GAAG,CAAC,aAAa,EACzB,OAAO,CAAC,GAAG,CAAC,UAAU,EACtB,OAAO,CAAC,GAAG,CAAC,UAAU,EACtB,OAAO,CAAC,GAAG,CAAC,cAAc,EAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,EAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,EAC1B,OAAO,CAAC,GAAG,CAAC,wBAAwB;YAClC,GAAG,IAAI,CAAC,QAAQ,qBAAqB,EACvC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CACpE,CAAC;IACJ,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IAC9B,CAAC;IAED,IAAW,SAAS;QAClB,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,kBAAkB,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1E,CAAC;IAED,IAAW,QAAQ;QACjB,OAAO,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,IAAW,OAAO;QAChB,OAAO,IAAI,uCAAiB,CAC1B,OAAO,CAAC,GAAG,CAAC,aAAa,EACzB,OAAO,CAAC,GAAG,CAAC,aAAa,EACzB,OAAO,CAAC,GAAG,CAAC,eAAe,CAC5B,CAAC;IACJ,CAAC;IAED,IAAW,GAAG;QACZ,OAAO,IAAI,sBAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACpE,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,cAAc,CAAC;IACzD,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,IAAI,0CAAmB,CAC5B,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,2BAA2B,EAC5D,OAAO,CAAC,GAAG,CAAC,mCAAmC,IAAI,IAAI,CACxD,CAAC;IACJ,CAAC;IAED,IAAW,YAAY;QACrB,OAAO,CACJ,OAAO,CAAC,GAAG,CAAC,aAAkC;YAC/C,qCAAgB,CAAC,OAAO,CACzB,CAAC;IACJ,CAAC;IAED,IAAW,UAAU;QACnB,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,MAAM,CAAC;IAC5C,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC;IAC/C,CAAC;CACF,CAAA;AApLY,aAAa;IADzB,mBAAU,EAAE;;GACA,aAAa,CAoLzB;AApLY,sCAAa"}
|
package/package.json
CHANGED
|
@@ -30,8 +30,7 @@ export class AuthorizationAllowance {
|
|
|
30
30
|
) {
|
|
31
31
|
if (
|
|
32
32
|
this.objectId !== "any" &&
|
|
33
|
-
request.objectId.toString() !== this.objectId.toString()
|
|
34
|
-
!this._isRequestingSelf(request)
|
|
33
|
+
request.objectId.toString() !== this.objectId.toString()
|
|
35
34
|
) {
|
|
36
35
|
return false;
|
|
37
36
|
}
|
|
@@ -51,12 +50,4 @@ export class AuthorizationAllowance {
|
|
|
51
50
|
|
|
52
51
|
return true;
|
|
53
52
|
}
|
|
54
|
-
|
|
55
|
-
private _isRequestingSelf(request: AuthorizationRequestInterface) {
|
|
56
|
-
return (
|
|
57
|
-
request.object === "user" &&
|
|
58
|
-
request.objectId.toString() === this.subject.toString() &&
|
|
59
|
-
this.objectId === "self"
|
|
60
|
-
);
|
|
61
|
-
}
|
|
62
53
|
}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import { HttpAuthzGuardUtil } from "./http-authz.guard.util";
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Authorizes attachments of objects to another object by object id
|
|
6
|
+
*/
|
|
7
|
+
export class HttpAuthzActionToSubObjectsGuardUtil {
|
|
8
|
+
private _authzGuard: HttpAuthzGuardUtil;
|
|
9
|
+
|
|
10
|
+
constructor(
|
|
11
|
+
private readonly context: ExecutionContext,
|
|
12
|
+
private readonly action: string
|
|
13
|
+
) {
|
|
14
|
+
this._authzGuard = new HttpAuthzGuardUtil(context);
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
/**
|
|
18
|
+
* @param {string} object The object name of object A
|
|
19
|
+
* @param {string} objectId The object ID of object A
|
|
20
|
+
* @param {string} subObject The object name of objects B
|
|
21
|
+
* @param {string[]} subObjectIds The object IDs of Objects B to attach to object A
|
|
22
|
+
* @param {string?} namespace (Optional) The namespace of objects A and B
|
|
23
|
+
*/
|
|
24
|
+
public isAuthorized(
|
|
25
|
+
object: string,
|
|
26
|
+
objectId: string,
|
|
27
|
+
subObject: string,
|
|
28
|
+
subObjectIds: string[],
|
|
29
|
+
namespace?: string
|
|
30
|
+
) {
|
|
31
|
+
for (const id of subObjectIds) {
|
|
32
|
+
let requests = [];
|
|
33
|
+
|
|
34
|
+
if (namespace) {
|
|
35
|
+
requests = [
|
|
36
|
+
{
|
|
37
|
+
action: "",
|
|
38
|
+
object: namespace,
|
|
39
|
+
objectId: "",
|
|
40
|
+
},
|
|
41
|
+
];
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
requests = [
|
|
45
|
+
...requests,
|
|
46
|
+
...[
|
|
47
|
+
{
|
|
48
|
+
action: "",
|
|
49
|
+
object,
|
|
50
|
+
objectId,
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
action: this.action,
|
|
54
|
+
object: subObject,
|
|
55
|
+
objectId: id,
|
|
56
|
+
},
|
|
57
|
+
],
|
|
58
|
+
];
|
|
59
|
+
|
|
60
|
+
if (!this._authzGuard.isAuthorized(...requests)) {
|
|
61
|
+
return false;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
return true;
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
public get params() {
|
|
68
|
+
return this._authzGuard.params;
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
public get query() {
|
|
72
|
+
return this._authzGuard.query;
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
public get body() {
|
|
76
|
+
return this._authzGuard.body;
|
|
77
|
+
}
|
|
78
|
+
}
|
|
@@ -0,0 +1,369 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import * as jwt from "jsonwebtoken";
|
|
3
|
+
import { HttpAuthzAttachObjectsGuardUtil } from "./http-authz.attach-objects.guard.util";
|
|
4
|
+
|
|
5
|
+
describe(HttpAuthzAttachObjectsGuardUtil.name, () => {
|
|
6
|
+
it("Should allow super admin to attach a group to a user", () => {
|
|
7
|
+
const token = jwt.sign(
|
|
8
|
+
{
|
|
9
|
+
scopes: [`cool-app:::any:any:any:any:any:any`],
|
|
10
|
+
},
|
|
11
|
+
"hello"
|
|
12
|
+
);
|
|
13
|
+
|
|
14
|
+
const context = {
|
|
15
|
+
switchToHttp: () => ({
|
|
16
|
+
getRequest: () => ({
|
|
17
|
+
headers: {
|
|
18
|
+
authorization: `Bearer ${token}`,
|
|
19
|
+
},
|
|
20
|
+
params: {
|
|
21
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
22
|
+
},
|
|
23
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
24
|
+
}),
|
|
25
|
+
}),
|
|
26
|
+
} as ExecutionContext;
|
|
27
|
+
|
|
28
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
29
|
+
|
|
30
|
+
expect(
|
|
31
|
+
util.isAuthorized(
|
|
32
|
+
"user",
|
|
33
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
34
|
+
"group",
|
|
35
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
36
|
+
"cool-app"
|
|
37
|
+
)
|
|
38
|
+
).toBe(true);
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
it("Should allow someone with permission to attach any group to a user to attach a group to the user", () => {
|
|
42
|
+
const token = jwt.sign(
|
|
43
|
+
{
|
|
44
|
+
scopes: [
|
|
45
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:create`,
|
|
46
|
+
],
|
|
47
|
+
},
|
|
48
|
+
"hello"
|
|
49
|
+
);
|
|
50
|
+
|
|
51
|
+
const context = {
|
|
52
|
+
switchToHttp: () => ({
|
|
53
|
+
getRequest: () => ({
|
|
54
|
+
headers: {
|
|
55
|
+
authorization: `Bearer ${token}`,
|
|
56
|
+
},
|
|
57
|
+
}),
|
|
58
|
+
}),
|
|
59
|
+
} as ExecutionContext;
|
|
60
|
+
|
|
61
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
62
|
+
|
|
63
|
+
expect(
|
|
64
|
+
util.isAuthorized(
|
|
65
|
+
"user",
|
|
66
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
67
|
+
"group",
|
|
68
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
69
|
+
"cool-app"
|
|
70
|
+
)
|
|
71
|
+
).toBe(true);
|
|
72
|
+
});
|
|
73
|
+
|
|
74
|
+
it("Should allow someone with permission to do anything to any group on a user to attach a group to the user", () => {
|
|
75
|
+
const token = jwt.sign(
|
|
76
|
+
{
|
|
77
|
+
scopes: [
|
|
78
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:any`,
|
|
79
|
+
],
|
|
80
|
+
},
|
|
81
|
+
"hello"
|
|
82
|
+
);
|
|
83
|
+
|
|
84
|
+
const context = {
|
|
85
|
+
switchToHttp: () => ({
|
|
86
|
+
getRequest: () => ({
|
|
87
|
+
headers: {
|
|
88
|
+
authorization: `Bearer ${token}`,
|
|
89
|
+
},
|
|
90
|
+
params: {
|
|
91
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
92
|
+
},
|
|
93
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
94
|
+
}),
|
|
95
|
+
}),
|
|
96
|
+
} as ExecutionContext;
|
|
97
|
+
|
|
98
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
99
|
+
|
|
100
|
+
expect(
|
|
101
|
+
util.isAuthorized(
|
|
102
|
+
"user",
|
|
103
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
104
|
+
"group",
|
|
105
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
106
|
+
"cool-app"
|
|
107
|
+
)
|
|
108
|
+
).toBe(true);
|
|
109
|
+
});
|
|
110
|
+
|
|
111
|
+
it("Should allow someone with permission to do anything to any sub object for a user to attach a group to the user", () => {
|
|
112
|
+
const token = jwt.sign(
|
|
113
|
+
{
|
|
114
|
+
scopes: [
|
|
115
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::any:any:any`,
|
|
116
|
+
],
|
|
117
|
+
},
|
|
118
|
+
"hello"
|
|
119
|
+
);
|
|
120
|
+
|
|
121
|
+
const context = {
|
|
122
|
+
switchToHttp: () => ({
|
|
123
|
+
getRequest: () => ({
|
|
124
|
+
headers: {
|
|
125
|
+
authorization: `Bearer ${token}`,
|
|
126
|
+
},
|
|
127
|
+
params: {
|
|
128
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
129
|
+
},
|
|
130
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
131
|
+
}),
|
|
132
|
+
}),
|
|
133
|
+
} as ExecutionContext;
|
|
134
|
+
|
|
135
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
136
|
+
|
|
137
|
+
expect(
|
|
138
|
+
util.isAuthorized(
|
|
139
|
+
"user",
|
|
140
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
141
|
+
"group",
|
|
142
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
143
|
+
"cool-app"
|
|
144
|
+
)
|
|
145
|
+
).toBe(true);
|
|
146
|
+
});
|
|
147
|
+
|
|
148
|
+
it("Should allow someone with permission to attach a specific group to a user to attach the group to the user", () => {
|
|
149
|
+
const token = jwt.sign(
|
|
150
|
+
{
|
|
151
|
+
scopes: [
|
|
152
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
|
|
153
|
+
],
|
|
154
|
+
},
|
|
155
|
+
"hello"
|
|
156
|
+
);
|
|
157
|
+
|
|
158
|
+
const context = {
|
|
159
|
+
switchToHttp: () => ({
|
|
160
|
+
getRequest: () => ({
|
|
161
|
+
headers: {
|
|
162
|
+
authorization: `Bearer ${token}`,
|
|
163
|
+
},
|
|
164
|
+
params: {
|
|
165
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
166
|
+
},
|
|
167
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
168
|
+
}),
|
|
169
|
+
}),
|
|
170
|
+
} as ExecutionContext;
|
|
171
|
+
|
|
172
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
173
|
+
|
|
174
|
+
expect(
|
|
175
|
+
util.isAuthorized(
|
|
176
|
+
"user",
|
|
177
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
178
|
+
"group",
|
|
179
|
+
["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
180
|
+
"cool-app"
|
|
181
|
+
)
|
|
182
|
+
).toBe(true);
|
|
183
|
+
});
|
|
184
|
+
|
|
185
|
+
it("Should not allow someone with permission to attach any group to a different user to attach a group to the user", () => {
|
|
186
|
+
const token = jwt.sign(
|
|
187
|
+
{
|
|
188
|
+
scopes: [
|
|
189
|
+
`cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:create`,
|
|
190
|
+
],
|
|
191
|
+
},
|
|
192
|
+
"hello"
|
|
193
|
+
);
|
|
194
|
+
|
|
195
|
+
const context = {
|
|
196
|
+
switchToHttp: () => ({
|
|
197
|
+
getRequest: () => ({
|
|
198
|
+
headers: {
|
|
199
|
+
authorization: `Bearer ${token}`,
|
|
200
|
+
},
|
|
201
|
+
params: {
|
|
202
|
+
userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
|
|
203
|
+
},
|
|
204
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
205
|
+
}),
|
|
206
|
+
}),
|
|
207
|
+
} as ExecutionContext;
|
|
208
|
+
|
|
209
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
210
|
+
|
|
211
|
+
expect(
|
|
212
|
+
util.isAuthorized(
|
|
213
|
+
"user",
|
|
214
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
215
|
+
"group",
|
|
216
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
217
|
+
"cool-app"
|
|
218
|
+
)
|
|
219
|
+
).toBe(false);
|
|
220
|
+
});
|
|
221
|
+
|
|
222
|
+
it("Should not allow someone with permission to do anything to a different user to attach a group to the user", () => {
|
|
223
|
+
const token = jwt.sign(
|
|
224
|
+
{
|
|
225
|
+
scopes: [
|
|
226
|
+
`cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:any`,
|
|
227
|
+
],
|
|
228
|
+
},
|
|
229
|
+
"hello"
|
|
230
|
+
);
|
|
231
|
+
|
|
232
|
+
const context = {
|
|
233
|
+
switchToHttp: () => ({
|
|
234
|
+
getRequest: () => ({
|
|
235
|
+
headers: {
|
|
236
|
+
authorization: `Bearer ${token}`,
|
|
237
|
+
},
|
|
238
|
+
params: {
|
|
239
|
+
userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
|
|
240
|
+
},
|
|
241
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
242
|
+
}),
|
|
243
|
+
}),
|
|
244
|
+
} as ExecutionContext;
|
|
245
|
+
|
|
246
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
247
|
+
|
|
248
|
+
expect(
|
|
249
|
+
util.isAuthorized(
|
|
250
|
+
"user",
|
|
251
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
252
|
+
"group",
|
|
253
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
254
|
+
"cool-app"
|
|
255
|
+
)
|
|
256
|
+
).toBe(false);
|
|
257
|
+
});
|
|
258
|
+
|
|
259
|
+
it("Should not allow someone with permission to do anything to any sub object for a different user to attach a group to the user", () => {
|
|
260
|
+
const token = jwt.sign(
|
|
261
|
+
{
|
|
262
|
+
scopes: [
|
|
263
|
+
`cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::any:any:any`,
|
|
264
|
+
],
|
|
265
|
+
},
|
|
266
|
+
"hello"
|
|
267
|
+
);
|
|
268
|
+
|
|
269
|
+
const context = {
|
|
270
|
+
switchToHttp: () => ({
|
|
271
|
+
getRequest: () => ({
|
|
272
|
+
headers: {
|
|
273
|
+
authorization: `Bearer ${token}`,
|
|
274
|
+
},
|
|
275
|
+
params: {
|
|
276
|
+
userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
|
|
277
|
+
},
|
|
278
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
279
|
+
}),
|
|
280
|
+
}),
|
|
281
|
+
} as ExecutionContext;
|
|
282
|
+
|
|
283
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
284
|
+
|
|
285
|
+
expect(
|
|
286
|
+
util.isAuthorized(
|
|
287
|
+
"user",
|
|
288
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
289
|
+
"group",
|
|
290
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
291
|
+
"cool-app"
|
|
292
|
+
)
|
|
293
|
+
).toBe(false);
|
|
294
|
+
});
|
|
295
|
+
|
|
296
|
+
it("Should not allow someone with permission to attach a specific group to a different user to attach the group to the user", () => {
|
|
297
|
+
const token = jwt.sign(
|
|
298
|
+
{
|
|
299
|
+
scopes: [
|
|
300
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
|
|
301
|
+
],
|
|
302
|
+
},
|
|
303
|
+
"hello"
|
|
304
|
+
);
|
|
305
|
+
|
|
306
|
+
const context = {
|
|
307
|
+
switchToHttp: () => ({
|
|
308
|
+
getRequest: () => ({
|
|
309
|
+
headers: {
|
|
310
|
+
authorization: `Bearer ${token}`,
|
|
311
|
+
},
|
|
312
|
+
params: {
|
|
313
|
+
userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
|
|
314
|
+
},
|
|
315
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
316
|
+
}),
|
|
317
|
+
}),
|
|
318
|
+
} as ExecutionContext;
|
|
319
|
+
|
|
320
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
321
|
+
|
|
322
|
+
expect(
|
|
323
|
+
util.isAuthorized(
|
|
324
|
+
"user",
|
|
325
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
326
|
+
"group",
|
|
327
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
328
|
+
"cool-app"
|
|
329
|
+
)
|
|
330
|
+
).toBe(false);
|
|
331
|
+
});
|
|
332
|
+
|
|
333
|
+
it("Should not allow someone with permission to attach a different specific permission to a user to attach the group to the user", () => {
|
|
334
|
+
const token = jwt.sign(
|
|
335
|
+
{
|
|
336
|
+
scopes: [
|
|
337
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
|
|
338
|
+
],
|
|
339
|
+
},
|
|
340
|
+
"hello"
|
|
341
|
+
);
|
|
342
|
+
|
|
343
|
+
const context = {
|
|
344
|
+
switchToHttp: () => ({
|
|
345
|
+
getRequest: () => ({
|
|
346
|
+
headers: {
|
|
347
|
+
authorization: `Bearer ${token}`,
|
|
348
|
+
},
|
|
349
|
+
params: {
|
|
350
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
351
|
+
},
|
|
352
|
+
body: ["5be3176f-c066-4418-b682-18e16fd07b84"],
|
|
353
|
+
}),
|
|
354
|
+
}),
|
|
355
|
+
} as ExecutionContext;
|
|
356
|
+
|
|
357
|
+
const util = new HttpAuthzAttachObjectsGuardUtil(context);
|
|
358
|
+
|
|
359
|
+
expect(
|
|
360
|
+
util.isAuthorized(
|
|
361
|
+
"user",
|
|
362
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
363
|
+
"group",
|
|
364
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
365
|
+
"cool-app"
|
|
366
|
+
)
|
|
367
|
+
).toBe(false);
|
|
368
|
+
});
|
|
369
|
+
});
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import { HttpAuthzActionToSubObjectsGuardUtil } from "./http-authz.action-to-sub-objects.guard.util";
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Authorizes attachments of objects to another object by object id
|
|
6
|
+
*/
|
|
7
|
+
export class HttpAuthzAttachObjectsGuardUtil {
|
|
8
|
+
private _util: HttpAuthzActionToSubObjectsGuardUtil;
|
|
9
|
+
|
|
10
|
+
constructor(private readonly context: ExecutionContext) {
|
|
11
|
+
this._util = new HttpAuthzActionToSubObjectsGuardUtil(context, "create");
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
/**
|
|
15
|
+
* @param {string} object The object name of object A
|
|
16
|
+
* @param {string} objectId The object ID of object A
|
|
17
|
+
* @param {string} attachObject The object name of objects B
|
|
18
|
+
* @param {string[]} attachObjectIds The object IDs of Objects B to attach to object A
|
|
19
|
+
* @param {string?} namespace (Optional) The namespace of objects A and B
|
|
20
|
+
*/
|
|
21
|
+
public isAuthorized(
|
|
22
|
+
object: string,
|
|
23
|
+
objectId: string,
|
|
24
|
+
attachObject: string,
|
|
25
|
+
attachObjectIds: string[],
|
|
26
|
+
namespace?: string
|
|
27
|
+
) {
|
|
28
|
+
return this._util.isAuthorized(
|
|
29
|
+
object,
|
|
30
|
+
objectId,
|
|
31
|
+
attachObject,
|
|
32
|
+
attachObjectIds,
|
|
33
|
+
namespace
|
|
34
|
+
);
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
public get params() {
|
|
38
|
+
return this._util.params;
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
public get query() {
|
|
42
|
+
return this._util.query;
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
public get body() {
|
|
46
|
+
return this._util.body;
|
|
47
|
+
}
|
|
48
|
+
}
|
|
@@ -0,0 +1,369 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import * as jwt from "jsonwebtoken";
|
|
3
|
+
import { HttpAuthzDetachObjectsGuardUtil } from "./http-authz.detach-objects.guard.util";
|
|
4
|
+
|
|
5
|
+
describe(HttpAuthzDetachObjectsGuardUtil.name, () => {
|
|
6
|
+
it("Should allow super admin to detach a group to a user", () => {
|
|
7
|
+
const token = jwt.sign(
|
|
8
|
+
{
|
|
9
|
+
scopes: [`cool-app:::any:any:any:any:any:any`],
|
|
10
|
+
},
|
|
11
|
+
"hello"
|
|
12
|
+
);
|
|
13
|
+
|
|
14
|
+
const context = {
|
|
15
|
+
switchToHttp: () => ({
|
|
16
|
+
getRequest: () => ({
|
|
17
|
+
headers: {
|
|
18
|
+
authorization: `Bearer ${token}`,
|
|
19
|
+
},
|
|
20
|
+
params: {
|
|
21
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
22
|
+
},
|
|
23
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
24
|
+
}),
|
|
25
|
+
}),
|
|
26
|
+
} as ExecutionContext;
|
|
27
|
+
|
|
28
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
29
|
+
|
|
30
|
+
expect(
|
|
31
|
+
util.isAuthorized(
|
|
32
|
+
"user",
|
|
33
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
34
|
+
"group",
|
|
35
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
36
|
+
"cool-app"
|
|
37
|
+
)
|
|
38
|
+
).toBe(true);
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
it("Should allow someone with permission to detach any group to a user to detach a group from the user", () => {
|
|
42
|
+
const token = jwt.sign(
|
|
43
|
+
{
|
|
44
|
+
scopes: [
|
|
45
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:delete`,
|
|
46
|
+
],
|
|
47
|
+
},
|
|
48
|
+
"hello"
|
|
49
|
+
);
|
|
50
|
+
|
|
51
|
+
const context = {
|
|
52
|
+
switchToHttp: () => ({
|
|
53
|
+
getRequest: () => ({
|
|
54
|
+
headers: {
|
|
55
|
+
authorization: `Bearer ${token}`,
|
|
56
|
+
},
|
|
57
|
+
}),
|
|
58
|
+
}),
|
|
59
|
+
} as ExecutionContext;
|
|
60
|
+
|
|
61
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
62
|
+
|
|
63
|
+
expect(
|
|
64
|
+
util.isAuthorized(
|
|
65
|
+
"user",
|
|
66
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
67
|
+
"group",
|
|
68
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
69
|
+
"cool-app"
|
|
70
|
+
)
|
|
71
|
+
).toBe(true);
|
|
72
|
+
});
|
|
73
|
+
|
|
74
|
+
it("Should allow someone with permission to do anything to any group on a user to detach a group from the user", () => {
|
|
75
|
+
const token = jwt.sign(
|
|
76
|
+
{
|
|
77
|
+
scopes: [
|
|
78
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:any`,
|
|
79
|
+
],
|
|
80
|
+
},
|
|
81
|
+
"hello"
|
|
82
|
+
);
|
|
83
|
+
|
|
84
|
+
const context = {
|
|
85
|
+
switchToHttp: () => ({
|
|
86
|
+
getRequest: () => ({
|
|
87
|
+
headers: {
|
|
88
|
+
authorization: `Bearer ${token}`,
|
|
89
|
+
},
|
|
90
|
+
params: {
|
|
91
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
92
|
+
},
|
|
93
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
94
|
+
}),
|
|
95
|
+
}),
|
|
96
|
+
} as ExecutionContext;
|
|
97
|
+
|
|
98
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
99
|
+
|
|
100
|
+
expect(
|
|
101
|
+
util.isAuthorized(
|
|
102
|
+
"user",
|
|
103
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
104
|
+
"group",
|
|
105
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
106
|
+
"cool-app"
|
|
107
|
+
)
|
|
108
|
+
).toBe(true);
|
|
109
|
+
});
|
|
110
|
+
|
|
111
|
+
it("Should allow someone with permission to do anything to any sub object for a user to detach a group from the user", () => {
|
|
112
|
+
const token = jwt.sign(
|
|
113
|
+
{
|
|
114
|
+
scopes: [
|
|
115
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::any:any:any`,
|
|
116
|
+
],
|
|
117
|
+
},
|
|
118
|
+
"hello"
|
|
119
|
+
);
|
|
120
|
+
|
|
121
|
+
const context = {
|
|
122
|
+
switchToHttp: () => ({
|
|
123
|
+
getRequest: () => ({
|
|
124
|
+
headers: {
|
|
125
|
+
authorization: `Bearer ${token}`,
|
|
126
|
+
},
|
|
127
|
+
params: {
|
|
128
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
129
|
+
},
|
|
130
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
131
|
+
}),
|
|
132
|
+
}),
|
|
133
|
+
} as ExecutionContext;
|
|
134
|
+
|
|
135
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
136
|
+
|
|
137
|
+
expect(
|
|
138
|
+
util.isAuthorized(
|
|
139
|
+
"user",
|
|
140
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
141
|
+
"group",
|
|
142
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
143
|
+
"cool-app"
|
|
144
|
+
)
|
|
145
|
+
).toBe(true);
|
|
146
|
+
});
|
|
147
|
+
|
|
148
|
+
it("Should allow someone with permission to detach a specific group to a user to detach the group to the user", () => {
|
|
149
|
+
const token = jwt.sign(
|
|
150
|
+
{
|
|
151
|
+
scopes: [
|
|
152
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:delete`,
|
|
153
|
+
],
|
|
154
|
+
},
|
|
155
|
+
"hello"
|
|
156
|
+
);
|
|
157
|
+
|
|
158
|
+
const context = {
|
|
159
|
+
switchToHttp: () => ({
|
|
160
|
+
getRequest: () => ({
|
|
161
|
+
headers: {
|
|
162
|
+
authorization: `Bearer ${token}`,
|
|
163
|
+
},
|
|
164
|
+
params: {
|
|
165
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
166
|
+
},
|
|
167
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
168
|
+
}),
|
|
169
|
+
}),
|
|
170
|
+
} as ExecutionContext;
|
|
171
|
+
|
|
172
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
173
|
+
|
|
174
|
+
expect(
|
|
175
|
+
util.isAuthorized(
|
|
176
|
+
"user",
|
|
177
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
178
|
+
"group",
|
|
179
|
+
["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
180
|
+
"cool-app"
|
|
181
|
+
)
|
|
182
|
+
).toBe(true);
|
|
183
|
+
});
|
|
184
|
+
|
|
185
|
+
it("Should not allow someone with permission to detach any group to a different user to detach a group from the user", () => {
|
|
186
|
+
const token = jwt.sign(
|
|
187
|
+
{
|
|
188
|
+
scopes: [
|
|
189
|
+
`cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:create`,
|
|
190
|
+
],
|
|
191
|
+
},
|
|
192
|
+
"hello"
|
|
193
|
+
);
|
|
194
|
+
|
|
195
|
+
const context = {
|
|
196
|
+
switchToHttp: () => ({
|
|
197
|
+
getRequest: () => ({
|
|
198
|
+
headers: {
|
|
199
|
+
authorization: `Bearer ${token}`,
|
|
200
|
+
},
|
|
201
|
+
params: {
|
|
202
|
+
userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
|
|
203
|
+
},
|
|
204
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
205
|
+
}),
|
|
206
|
+
}),
|
|
207
|
+
} as ExecutionContext;
|
|
208
|
+
|
|
209
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
210
|
+
|
|
211
|
+
expect(
|
|
212
|
+
util.isAuthorized(
|
|
213
|
+
"user",
|
|
214
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
215
|
+
"group",
|
|
216
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
217
|
+
"cool-app"
|
|
218
|
+
)
|
|
219
|
+
).toBe(false);
|
|
220
|
+
});
|
|
221
|
+
|
|
222
|
+
it("Should not allow someone with permission to do anything to a different user to detach a group from the user", () => {
|
|
223
|
+
const token = jwt.sign(
|
|
224
|
+
{
|
|
225
|
+
scopes: [
|
|
226
|
+
`cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:any`,
|
|
227
|
+
],
|
|
228
|
+
},
|
|
229
|
+
"hello"
|
|
230
|
+
);
|
|
231
|
+
|
|
232
|
+
const context = {
|
|
233
|
+
switchToHttp: () => ({
|
|
234
|
+
getRequest: () => ({
|
|
235
|
+
headers: {
|
|
236
|
+
authorization: `Bearer ${token}`,
|
|
237
|
+
},
|
|
238
|
+
params: {
|
|
239
|
+
userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
|
|
240
|
+
},
|
|
241
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
242
|
+
}),
|
|
243
|
+
}),
|
|
244
|
+
} as ExecutionContext;
|
|
245
|
+
|
|
246
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
247
|
+
|
|
248
|
+
expect(
|
|
249
|
+
util.isAuthorized(
|
|
250
|
+
"user",
|
|
251
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
252
|
+
"group",
|
|
253
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
254
|
+
"cool-app"
|
|
255
|
+
)
|
|
256
|
+
).toBe(false);
|
|
257
|
+
});
|
|
258
|
+
|
|
259
|
+
it("Should not allow someone with permission to do anything to any sub object for a different user to detach a group from the user", () => {
|
|
260
|
+
const token = jwt.sign(
|
|
261
|
+
{
|
|
262
|
+
scopes: [
|
|
263
|
+
`cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::any:any:any`,
|
|
264
|
+
],
|
|
265
|
+
},
|
|
266
|
+
"hello"
|
|
267
|
+
);
|
|
268
|
+
|
|
269
|
+
const context = {
|
|
270
|
+
switchToHttp: () => ({
|
|
271
|
+
getRequest: () => ({
|
|
272
|
+
headers: {
|
|
273
|
+
authorization: `Bearer ${token}`,
|
|
274
|
+
},
|
|
275
|
+
params: {
|
|
276
|
+
userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
|
|
277
|
+
},
|
|
278
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
279
|
+
}),
|
|
280
|
+
}),
|
|
281
|
+
} as ExecutionContext;
|
|
282
|
+
|
|
283
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
284
|
+
|
|
285
|
+
expect(
|
|
286
|
+
util.isAuthorized(
|
|
287
|
+
"user",
|
|
288
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
289
|
+
"group",
|
|
290
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
291
|
+
"cool-app"
|
|
292
|
+
)
|
|
293
|
+
).toBe(false);
|
|
294
|
+
});
|
|
295
|
+
|
|
296
|
+
it("Should not allow someone with permission to detach a specific group to a different user to detach the group to the user", () => {
|
|
297
|
+
const token = jwt.sign(
|
|
298
|
+
{
|
|
299
|
+
scopes: [
|
|
300
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
|
|
301
|
+
],
|
|
302
|
+
},
|
|
303
|
+
"hello"
|
|
304
|
+
);
|
|
305
|
+
|
|
306
|
+
const context = {
|
|
307
|
+
switchToHttp: () => ({
|
|
308
|
+
getRequest: () => ({
|
|
309
|
+
headers: {
|
|
310
|
+
authorization: `Bearer ${token}`,
|
|
311
|
+
},
|
|
312
|
+
params: {
|
|
313
|
+
userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
|
|
314
|
+
},
|
|
315
|
+
body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
|
|
316
|
+
}),
|
|
317
|
+
}),
|
|
318
|
+
} as ExecutionContext;
|
|
319
|
+
|
|
320
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
321
|
+
|
|
322
|
+
expect(
|
|
323
|
+
util.isAuthorized(
|
|
324
|
+
"user",
|
|
325
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
326
|
+
"group",
|
|
327
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
328
|
+
"cool-app"
|
|
329
|
+
)
|
|
330
|
+
).toBe(false);
|
|
331
|
+
});
|
|
332
|
+
|
|
333
|
+
it("Should not allow someone with permission to detach a different specific permission to a user to detach the group to the user", () => {
|
|
334
|
+
const token = jwt.sign(
|
|
335
|
+
{
|
|
336
|
+
scopes: [
|
|
337
|
+
`cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
|
|
338
|
+
],
|
|
339
|
+
},
|
|
340
|
+
"hello"
|
|
341
|
+
);
|
|
342
|
+
|
|
343
|
+
const context = {
|
|
344
|
+
switchToHttp: () => ({
|
|
345
|
+
getRequest: () => ({
|
|
346
|
+
headers: {
|
|
347
|
+
authorization: `Bearer ${token}`,
|
|
348
|
+
},
|
|
349
|
+
params: {
|
|
350
|
+
userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
351
|
+
},
|
|
352
|
+
body: ["5be3176f-c066-4418-b682-18e16fd07b84"],
|
|
353
|
+
}),
|
|
354
|
+
}),
|
|
355
|
+
} as ExecutionContext;
|
|
356
|
+
|
|
357
|
+
const util = new HttpAuthzDetachObjectsGuardUtil(context);
|
|
358
|
+
|
|
359
|
+
expect(
|
|
360
|
+
util.isAuthorized(
|
|
361
|
+
"user",
|
|
362
|
+
"4d2114ca-24e2-43e5-bddb-d9a6688b8340",
|
|
363
|
+
"group",
|
|
364
|
+
["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
|
|
365
|
+
"cool-app"
|
|
366
|
+
)
|
|
367
|
+
).toBe(false);
|
|
368
|
+
});
|
|
369
|
+
});
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import { HttpAuthzActionToSubObjectsGuardUtil } from "./http-authz.action-to-sub-objects.guard.util";
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Authorizes detachment of objects to another object by object id
|
|
6
|
+
*/
|
|
7
|
+
export class HttpAuthzDetachObjectsGuardUtil {
|
|
8
|
+
private _util: HttpAuthzActionToSubObjectsGuardUtil;
|
|
9
|
+
|
|
10
|
+
constructor(private readonly context: ExecutionContext) {
|
|
11
|
+
this._util = new HttpAuthzActionToSubObjectsGuardUtil(context, "delete");
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
/**
|
|
15
|
+
* @param {string} object The object name of object A
|
|
16
|
+
* @param {string} objectId The object ID of object A
|
|
17
|
+
* @param {string} detachObject The object name of objects B
|
|
18
|
+
* @param {string[]} detachObjectIds The object IDs of Objects B to attach to object A
|
|
19
|
+
* @param {string?} namespace (Optional) The namespace of objects A and B
|
|
20
|
+
*/
|
|
21
|
+
public isAuthorized(
|
|
22
|
+
object: string,
|
|
23
|
+
objectId: string,
|
|
24
|
+
detachObject: string,
|
|
25
|
+
detachObjectIds: string[],
|
|
26
|
+
namespace?: string
|
|
27
|
+
) {
|
|
28
|
+
return this._util.isAuthorized(
|
|
29
|
+
object,
|
|
30
|
+
objectId,
|
|
31
|
+
detachObject,
|
|
32
|
+
detachObjectIds,
|
|
33
|
+
namespace
|
|
34
|
+
);
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
public get params() {
|
|
38
|
+
return this._util.params;
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
public get query() {
|
|
42
|
+
return this._util.query;
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
public get body() {
|
|
46
|
+
return this._util.body;
|
|
47
|
+
}
|
|
48
|
+
}
|
|
@@ -2,7 +2,7 @@ import { ExecutionContext } from "@nestjs/common";
|
|
|
2
2
|
import { instance, mock, when } from "ts-mockito";
|
|
3
3
|
import { HttpArgumentsHost } from "@nestjs/common/interfaces/features/arguments-host.interface";
|
|
4
4
|
import * as jwt from "jsonwebtoken";
|
|
5
|
-
import { HttpAuthzGuardUtil } from "./http-authz
|
|
5
|
+
import { HttpAuthzGuardUtil } from "./http-authz.guard.util";
|
|
6
6
|
|
|
7
7
|
describe("HttpAuthzGuardUtil", () => {
|
|
8
8
|
let mockedExecutionContext: ExecutionContext;
|
|
@@ -80,7 +80,7 @@ describe("HttpAuthzGuardUtil", () => {
|
|
|
80
80
|
).toBe(true);
|
|
81
81
|
});
|
|
82
82
|
|
|
83
|
-
it("Should authorize a scope with 'self' for object id", () => {
|
|
83
|
+
it("Should not authorize a scope with 'self' for object id", () => {
|
|
84
84
|
const request = getRequestWithAuthorizationBearerScopes("johndoe", [
|
|
85
85
|
"user:self:update",
|
|
86
86
|
]) as any;
|
|
@@ -94,7 +94,7 @@ describe("HttpAuthzGuardUtil", () => {
|
|
|
94
94
|
object: "user",
|
|
95
95
|
objectId: "johndoe",
|
|
96
96
|
})
|
|
97
|
-
).toBe(
|
|
97
|
+
).toBe(false);
|
|
98
98
|
});
|
|
99
99
|
|
|
100
100
|
it("Should authorize a multi level scope definition", () => {
|
|
@@ -7,6 +7,7 @@ export class HttpAuthzGuardUtil {
|
|
|
7
7
|
private _token: any;
|
|
8
8
|
public readonly params: any;
|
|
9
9
|
public readonly query: any;
|
|
10
|
+
public readonly body: any;
|
|
10
11
|
|
|
11
12
|
constructor(private readonly context: ExecutionContext) {
|
|
12
13
|
const request = context.switchToHttp().getRequest();
|
|
@@ -28,6 +29,7 @@ export class HttpAuthzGuardUtil {
|
|
|
28
29
|
this._token = decodedToken;
|
|
29
30
|
this.params = request.params;
|
|
30
31
|
this.query = request.query;
|
|
32
|
+
this.body = request.body;
|
|
31
33
|
}
|
|
32
34
|
|
|
33
35
|
public isAuthorized(...authzRequests: AuthorizationRequestInterface[]) {
|
package/src/auth/index.ts
CHANGED
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
export * from "./authenticator.interface";
|
|
2
2
|
export * from "./topic-authorizor.interface";
|
|
3
3
|
export * from "./fake-authenticator";
|
|
4
|
-
export * from "./http-authz
|
|
4
|
+
export * from "./http-authz.guard.util";
|
|
5
|
+
export * from "./http-authz.attach-objects.guard.util";
|
|
6
|
+
export * from "./http-authz.detach-objects.guard.util";
|
|
7
|
+
export * from "./http-authz.action-to-sub-objects.guard.util";
|
|
@@ -156,7 +156,7 @@ export class DefaultConfig implements JsonSerializableInterface<any> {
|
|
|
156
156
|
}
|
|
157
157
|
|
|
158
158
|
public get httpPort(): number {
|
|
159
|
-
return parseInt(process.env.HTTP_PORT, 10);
|
|
159
|
+
return parseInt(process.env.HTTP_PORT || "3000", 10);
|
|
160
160
|
}
|
|
161
161
|
|
|
162
162
|
public get metrics(): SwitchConfigInterface & HostConfigInterface {
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"http-authz-guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz-guard.util.ts"],"names":[],"mappings":";;;AAAA,2CAA6E;AAC7E,oCAAoC;AAEpC,uEAAmE;AAEnE,MAAa,kBAAkB;IAK7B,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QAC1D,IAAI,CAAC,mBAAmB,EAAE;YACxB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QACD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrE,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,CAAmB,CAAC;QAC/D,IAAI,CAAC,YAAY,EAAE;YACjB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC7B,CAAC;IAEM,YAAY,CAAC,GAAG,aAA8C;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAElC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;YAC1B,IAAI,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE;gBACzD,OAAO,IAAI,CAAC;aACb;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,0BAA0B,CAChC,KAAa,EACb,aAA8C;QAE9C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE/B,MAAM,uBAAuB,GAAG,EAAE,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;YACxC,uBAAuB,CAAC,IAAI,CAC1B,IAAI,gDAAsB,CACxB,IAAI,CAAC,MAAM,CAAC,GAAG,EACf,KAAK,CAAC,CAAC,CAAC,EACR,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EACZ,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CACb,CACF,CAAC;SACH;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,EAAE;gBAC/B,OAAO,KAAK,CAAC;aACd;YACD,MAAM,SAAS,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE;gBACxC,OAAO,KAAK,CAAC;aACd;SACF;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAtED,gDAsEC"}
|