@cryptexlabs/codex-nodejs-common 0.1.17 → 0.1.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/package.json +1 -1
- package/lib/src/auth/authorization-allowance.d.ts +0 -1
- package/lib/src/auth/authorization-allowance.js +1 -7
- package/lib/src/auth/authorization-allowance.js.map +1 -1
- package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.d.ts +11 -0
- package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js +55 -0
- package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js.map +1 -0
- package/lib/src/auth/http-authz.attach-objects.guard.util.d.ts +10 -0
- package/lib/src/auth/http-authz.attach-objects.guard.util.js +24 -0
- package/lib/src/auth/http-authz.attach-objects.guard.util.js.map +1 -0
- package/lib/src/auth/http-authz.detach-objects.guard.util.d.ts +10 -0
- package/lib/src/auth/http-authz.detach-objects.guard.util.js +24 -0
- package/lib/src/auth/http-authz.detach-objects.guard.util.js.map +1 -0
- package/lib/src/auth/{http-authz-guard.util.d.ts → http-authz.guard.util.d.ts} +1 -0
- package/lib/src/auth/{http-authz-guard.util.js → http-authz.guard.util.js} +2 -1
- package/lib/src/auth/http-authz.guard.util.js.map +1 -0
- package/lib/src/auth/http-authz.list-sub-objects.guard.util.d.ts +10 -0
- package/lib/src/auth/http-authz.list-sub-objects.guard.util.js +47 -0
- package/lib/src/auth/http-authz.list-sub-objects.guard.util.js.map +1 -0
- package/lib/src/auth/index.d.ts +5 -1
- package/lib/src/auth/index.js +5 -1
- package/lib/src/auth/index.js.map +1 -1
- package/package.json +1 -1
- package/src/auth/authorization-allowance.ts +1 -10
- package/src/auth/http-authz.action-to-sub-objects.guard.util.ts +78 -0
- package/src/auth/http-authz.attach-objects.guard.util.spec.ts +369 -0
- package/src/auth/http-authz.attach-objects.guard.util.ts +48 -0
- package/src/auth/http-authz.detach-objects.guard.util.spec.ts +369 -0
- package/src/auth/http-authz.detach-objects.guard.util.ts +48 -0
- package/src/auth/{http-authz-guard.util.spec.ts → http-authz.guard.util.spec.ts} +3 -3
- package/src/auth/{http-authz-guard.util.ts → http-authz.guard.util.ts} +2 -0
- package/src/auth/http-authz.list-sub-objects.guard.util.spec.ts +323 -0
- package/src/auth/http-authz.list-sub-objects.guard.util.ts +67 -0
- package/src/auth/index.ts +5 -1
- package/lib/src/auth/http-authz-guard.util.js.map +0 -1
package/lib/package.json
CHANGED
|
@@ -22,8 +22,7 @@ class AuthorizationAllowance {
|
|
|
22
22
|
this.objectId &&
|
|
23
23
|
this.objectId.toString().trim() !== "") {
|
|
24
24
|
if (this.objectId !== "any" &&
|
|
25
|
-
request.objectId.toString() !== this.objectId.toString()
|
|
26
|
-
!this._isRequestingSelf(request)) {
|
|
25
|
+
request.objectId.toString() !== this.objectId.toString()) {
|
|
27
26
|
return false;
|
|
28
27
|
}
|
|
29
28
|
}
|
|
@@ -37,11 +36,6 @@ class AuthorizationAllowance {
|
|
|
37
36
|
}
|
|
38
37
|
return true;
|
|
39
38
|
}
|
|
40
|
-
_isRequestingSelf(request) {
|
|
41
|
-
return (request.object === "user" &&
|
|
42
|
-
request.objectId.toString() === this.subject.toString() &&
|
|
43
|
-
this.objectId === "self");
|
|
44
|
-
}
|
|
45
39
|
}
|
|
46
40
|
exports.AuthorizationAllowance = AuthorizationAllowance;
|
|
47
41
|
//# sourceMappingURL=authorization-allowance.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-allowance.js","sourceRoot":"","sources":["../../../src/auth/authorization-allowance.ts"],"names":[],"mappings":";;;AAEA,MAAa,sBAAsB;IACjC,YACmB,OAAO,EACP,MAAM,EACN,QAAQ,EACR,MAAM;QAHN,YAAO,GAAP,OAAO,CAAA;QACP,WAAM,GAAN,MAAM,CAAA;QACN,aAAQ,GAAR,QAAQ,CAAA;QACR,WAAM,GAAN,MAAM,CAAA;IACtB,CAAC;IAEG,gBAAgB,CAAC,OAAsC;QAC5D,IACE,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;YAC5B,IAAI,CAAC,MAAM;YACX,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EACzB;YAEA,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE;gBAC3D,OAAO,KAAK,CAAC;aACd;SACF;QAGD,IACE,OAAO,CAAC,QAAQ;YAChB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE;YACzC,IAAI,CAAC,QAAQ;YACb,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EACtC;YACA,IACE,IAAI,CAAC,QAAQ,KAAK,KAAK;gBACvB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE
|
|
1
|
+
{"version":3,"file":"authorization-allowance.js","sourceRoot":"","sources":["../../../src/auth/authorization-allowance.ts"],"names":[],"mappings":";;;AAEA,MAAa,sBAAsB;IACjC,YACmB,OAAO,EACP,MAAM,EACN,QAAQ,EACR,MAAM;QAHN,YAAO,GAAP,OAAO,CAAA;QACP,WAAM,GAAN,MAAM,CAAA;QACN,aAAQ,GAAR,QAAQ,CAAA;QACR,WAAM,GAAN,MAAM,CAAA;IACtB,CAAC;IAEG,gBAAgB,CAAC,OAAsC;QAC5D,IACE,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;YAC5B,IAAI,CAAC,MAAM;YACX,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EACzB;YAEA,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE;gBAC3D,OAAO,KAAK,CAAC;aACd;SACF;QAGD,IACE,OAAO,CAAC,QAAQ;YAChB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE;YACzC,IAAI,CAAC,QAAQ;YACb,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EACtC;YACA,IACE,IAAI,CAAC,QAAQ,KAAK,KAAK;gBACvB,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EACxD;gBACA,OAAO,KAAK,CAAC;aACd;SACF;QAED,IACE,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;YAC5B,IAAI,CAAC,MAAM;YACX,IAAI,CAAC,MAAM,KAAK,EAAE,EAClB;YAEA,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE;gBAC3D,OAAO,KAAK,CAAC;aACd;SACF;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAlDD,wDAkDC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzActionToSubObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private readonly action;
|
|
5
|
+
private _authzGuard;
|
|
6
|
+
constructor(context: ExecutionContext, action: string);
|
|
7
|
+
isAuthorized(object: string, objectId: string, subObject: string, subObjectIds: string[], namespace?: string): boolean;
|
|
8
|
+
get params(): any;
|
|
9
|
+
get query(): any;
|
|
10
|
+
get body(): any;
|
|
11
|
+
}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzActionToSubObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_guard_util_1 = require("./http-authz.guard.util");
|
|
5
|
+
class HttpAuthzActionToSubObjectsGuardUtil {
|
|
6
|
+
constructor(context, action) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this.action = action;
|
|
9
|
+
this._authzGuard = new http_authz_guard_util_1.HttpAuthzGuardUtil(context);
|
|
10
|
+
}
|
|
11
|
+
isAuthorized(object, objectId, subObject, subObjectIds, namespace) {
|
|
12
|
+
for (const id of subObjectIds) {
|
|
13
|
+
let requests = [];
|
|
14
|
+
if (namespace) {
|
|
15
|
+
requests = [
|
|
16
|
+
{
|
|
17
|
+
action: "",
|
|
18
|
+
object: namespace,
|
|
19
|
+
objectId: "",
|
|
20
|
+
},
|
|
21
|
+
];
|
|
22
|
+
}
|
|
23
|
+
requests = [
|
|
24
|
+
...requests,
|
|
25
|
+
...[
|
|
26
|
+
{
|
|
27
|
+
action: "",
|
|
28
|
+
object,
|
|
29
|
+
objectId,
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
action: this.action,
|
|
33
|
+
object: subObject,
|
|
34
|
+
objectId: id,
|
|
35
|
+
},
|
|
36
|
+
],
|
|
37
|
+
];
|
|
38
|
+
if (!this._authzGuard.isAuthorized(...requests)) {
|
|
39
|
+
return false;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
return true;
|
|
43
|
+
}
|
|
44
|
+
get params() {
|
|
45
|
+
return this._authzGuard.params;
|
|
46
|
+
}
|
|
47
|
+
get query() {
|
|
48
|
+
return this._authzGuard.query;
|
|
49
|
+
}
|
|
50
|
+
get body() {
|
|
51
|
+
return this._authzGuard.body;
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
exports.HttpAuthzActionToSubObjectsGuardUtil = HttpAuthzActionToSubObjectsGuardUtil;
|
|
55
|
+
//# sourceMappingURL=http-authz.action-to-sub-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.action-to-sub-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.action-to-sub-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,mEAA6D;AAK7D,MAAa,oCAAoC;IAG/C,YACmB,OAAyB,EACzB,MAAc;QADd,YAAO,GAAP,OAAO,CAAkB;QACzB,WAAM,GAAN,MAAM,CAAQ;QAE/B,IAAI,CAAC,WAAW,GAAG,IAAI,0CAAkB,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,SAAiB,EACjB,YAAsB,EACtB,SAAkB;QAElB,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE;YAC7B,IAAI,QAAQ,GAAG,EAAE,CAAC;YAElB,IAAI,SAAS,EAAE;gBACb,QAAQ,GAAG;oBACT;wBACE,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,EAAE;qBACb;iBACF,CAAC;aACH;YAED,QAAQ,GAAG;gBACT,GAAG,QAAQ;gBACX,GAAG;oBACD;wBACE,MAAM,EAAE,EAAE;wBACV,MAAM;wBACN,QAAQ;qBACT;oBACD;wBACE,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,MAAM,EAAE,SAAS;wBACjB,QAAQ,EAAE,EAAE;qBACb;iBACF;aACF,CAAC;YAEF,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,EAAE;gBAC/C,OAAO,KAAK,CAAC;aACd;SACF;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;IACjC,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;IAChC,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/B,CAAC;CACF;AAvED,oFAuEC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzAttachObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private _util;
|
|
5
|
+
constructor(context: ExecutionContext);
|
|
6
|
+
isAuthorized(object: string, objectId: string, attachObject: string, attachObjectIds: string[], namespace?: string): boolean;
|
|
7
|
+
get params(): any;
|
|
8
|
+
get query(): any;
|
|
9
|
+
get body(): any;
|
|
10
|
+
}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzAttachObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_action_to_sub_objects_guard_util_1 = require("./http-authz.action-to-sub-objects.guard.util");
|
|
5
|
+
class HttpAuthzAttachObjectsGuardUtil {
|
|
6
|
+
constructor(context) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this._util = new http_authz_action_to_sub_objects_guard_util_1.HttpAuthzActionToSubObjectsGuardUtil(context, "create");
|
|
9
|
+
}
|
|
10
|
+
isAuthorized(object, objectId, attachObject, attachObjectIds, namespace) {
|
|
11
|
+
return this._util.isAuthorized(object, objectId, attachObject, attachObjectIds, namespace);
|
|
12
|
+
}
|
|
13
|
+
get params() {
|
|
14
|
+
return this._util.params;
|
|
15
|
+
}
|
|
16
|
+
get query() {
|
|
17
|
+
return this._util.query;
|
|
18
|
+
}
|
|
19
|
+
get body() {
|
|
20
|
+
return this._util.body;
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
exports.HttpAuthzAttachObjectsGuardUtil = HttpAuthzAttachObjectsGuardUtil;
|
|
24
|
+
//# sourceMappingURL=http-authz.attach-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.attach-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.attach-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,+GAAqG;AAKrG,MAAa,+BAA+B;IAG1C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,kFAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,eAAyB,EACzB,SAAkB;QAElB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAC5B,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,SAAS,CACV,CAAC;IACJ,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAzCD,0EAyCC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzDetachObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private _util;
|
|
5
|
+
constructor(context: ExecutionContext);
|
|
6
|
+
isAuthorized(object: string, objectId: string, detachObject: string, detachObjectIds: string[], namespace?: string): boolean;
|
|
7
|
+
get params(): any;
|
|
8
|
+
get query(): any;
|
|
9
|
+
get body(): any;
|
|
10
|
+
}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzDetachObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_action_to_sub_objects_guard_util_1 = require("./http-authz.action-to-sub-objects.guard.util");
|
|
5
|
+
class HttpAuthzDetachObjectsGuardUtil {
|
|
6
|
+
constructor(context) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this._util = new http_authz_action_to_sub_objects_guard_util_1.HttpAuthzActionToSubObjectsGuardUtil(context, "delete");
|
|
9
|
+
}
|
|
10
|
+
isAuthorized(object, objectId, detachObject, detachObjectIds, namespace) {
|
|
11
|
+
return this._util.isAuthorized(object, objectId, detachObject, detachObjectIds, namespace);
|
|
12
|
+
}
|
|
13
|
+
get params() {
|
|
14
|
+
return this._util.params;
|
|
15
|
+
}
|
|
16
|
+
get query() {
|
|
17
|
+
return this._util.query;
|
|
18
|
+
}
|
|
19
|
+
get body() {
|
|
20
|
+
return this._util.body;
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
exports.HttpAuthzDetachObjectsGuardUtil = HttpAuthzDetachObjectsGuardUtil;
|
|
24
|
+
//# sourceMappingURL=http-authz.detach-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.detach-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.detach-objects.guard.util.ts"],"names":[],"mappings":";;;AACA,+GAAqG;AAKrG,MAAa,+BAA+B;IAG1C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,kFAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IASM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,YAAoB,EACpB,eAAyB,EACzB,SAAkB;QAElB,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAC5B,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,eAAe,EACf,SAAS,CACV,CAAC;IACJ,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AAzCD,0EAyCC"}
|
|
@@ -5,6 +5,7 @@ export declare class HttpAuthzGuardUtil {
|
|
|
5
5
|
private _token;
|
|
6
6
|
readonly params: any;
|
|
7
7
|
readonly query: any;
|
|
8
|
+
readonly body: any;
|
|
8
9
|
constructor(context: ExecutionContext);
|
|
9
10
|
isAuthorized(...authzRequests: AuthorizationRequestInterface[]): boolean;
|
|
10
11
|
private _doesScopeAuthorizeRequest;
|
|
@@ -24,6 +24,7 @@ class HttpAuthzGuardUtil {
|
|
|
24
24
|
this._token = decodedToken;
|
|
25
25
|
this.params = request.params;
|
|
26
26
|
this.query = request.query;
|
|
27
|
+
this.body = request.body;
|
|
27
28
|
}
|
|
28
29
|
isAuthorized(...authzRequests) {
|
|
29
30
|
const scopes = this._token.scopes;
|
|
@@ -54,4 +55,4 @@ class HttpAuthzGuardUtil {
|
|
|
54
55
|
}
|
|
55
56
|
}
|
|
56
57
|
exports.HttpAuthzGuardUtil = HttpAuthzGuardUtil;
|
|
57
|
-
//# sourceMappingURL=http-authz
|
|
58
|
+
//# sourceMappingURL=http-authz.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.guard.util.ts"],"names":[],"mappings":";;;AAAA,2CAA6E;AAC7E,oCAAoC;AAEpC,uEAAmE;AAEnE,MAAa,kBAAkB;IAM7B,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QAC1D,IAAI,CAAC,mBAAmB,EAAE;YACxB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QACD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrE,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;YACjC,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,MAAM,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,CAAmB,CAAC;QAC/D,IAAI,CAAC,YAAY,EAAE;YACjB,MAAM,IAAI,sBAAa,CAAC,cAAc,EAAE,mBAAU,CAAC,YAAY,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAEM,YAAY,CAAC,GAAG,aAA8C;QACnE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAElC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;YAC1B,IAAI,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE;gBACzD,OAAO,IAAI,CAAC;aACb;SACF;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,0BAA0B,CAChC,KAAa,EACb,aAA8C;QAE9C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAE/B,MAAM,uBAAuB,GAAG,EAAE,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;YACxC,uBAAuB,CAAC,IAAI,CAC1B,IAAI,gDAAsB,CACxB,IAAI,CAAC,MAAM,CAAC,GAAG,EACf,KAAK,CAAC,CAAC,CAAC,EACR,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EACZ,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CACb,CACF,CAAC;SACH;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,EAAE;gBAC/B,OAAO,KAAK,CAAC;aACd;YACD,MAAM,SAAS,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE;gBACxC,OAAO,KAAK,CAAC;aACd;SACF;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAxED,gDAwEC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
export declare class HttpAuthzListSubObjectsGuardUtil {
|
|
3
|
+
private readonly context;
|
|
4
|
+
private _util;
|
|
5
|
+
constructor(context: ExecutionContext);
|
|
6
|
+
isAuthorized(object: string, objectId: string, subObject: string, namespace?: string): boolean;
|
|
7
|
+
get params(): any;
|
|
8
|
+
get query(): any;
|
|
9
|
+
get body(): any;
|
|
10
|
+
}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HttpAuthzListSubObjectsGuardUtil = void 0;
|
|
4
|
+
const http_authz_guard_util_1 = require("./http-authz.guard.util");
|
|
5
|
+
class HttpAuthzListSubObjectsGuardUtil {
|
|
6
|
+
constructor(context) {
|
|
7
|
+
this.context = context;
|
|
8
|
+
this._util = new http_authz_guard_util_1.HttpAuthzGuardUtil(context);
|
|
9
|
+
}
|
|
10
|
+
isAuthorized(object, objectId, subObject, namespace) {
|
|
11
|
+
let requests = [];
|
|
12
|
+
if (namespace) {
|
|
13
|
+
requests = [
|
|
14
|
+
{
|
|
15
|
+
action: "",
|
|
16
|
+
object: namespace,
|
|
17
|
+
objectId: "",
|
|
18
|
+
},
|
|
19
|
+
];
|
|
20
|
+
}
|
|
21
|
+
requests = [
|
|
22
|
+
...requests,
|
|
23
|
+
{
|
|
24
|
+
action: "",
|
|
25
|
+
object,
|
|
26
|
+
objectId,
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
action: "list",
|
|
30
|
+
object: subObject,
|
|
31
|
+
objectId: "",
|
|
32
|
+
},
|
|
33
|
+
];
|
|
34
|
+
return this._util.isAuthorized(...requests);
|
|
35
|
+
}
|
|
36
|
+
get params() {
|
|
37
|
+
return this._util.params;
|
|
38
|
+
}
|
|
39
|
+
get query() {
|
|
40
|
+
return this._util.query;
|
|
41
|
+
}
|
|
42
|
+
get body() {
|
|
43
|
+
return this._util.body;
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
exports.HttpAuthzListSubObjectsGuardUtil = HttpAuthzListSubObjectsGuardUtil;
|
|
47
|
+
//# sourceMappingURL=http-authz.list-sub-objects.guard.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-authz.list-sub-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.list-sub-objects.guard.util.ts"],"names":[],"mappings":";;;AAEA,mEAA6D;AAK7D,MAAa,gCAAgC;IAG3C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,0CAAkB,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAQM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,SAAiB,EACjB,SAAkB;QAElB,IAAI,QAAQ,GAAG,EAAE,CAAC;QAElB,IAAI,SAAS,EAAE;YACb,QAAQ,GAAG;gBACT;oBACE,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,SAAS;oBACjB,QAAQ,EAAE,EAAE;iBACb;aACF,CAAC;SACH;QAED,QAAQ,GAAG;YACT,GAAG,QAAQ;YACX;gBACE,MAAM,EAAE,EAAE;gBACV,MAAM;gBACN,QAAQ;aACT;YACD;gBACE,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,SAAS;gBACjB,QAAQ,EAAE,EAAE;aACb;SACF,CAAC;QAEF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AA3DD,4EA2DC"}
|
package/lib/src/auth/index.d.ts
CHANGED
|
@@ -1,4 +1,8 @@
|
|
|
1
1
|
export * from "./authenticator.interface";
|
|
2
2
|
export * from "./topic-authorizor.interface";
|
|
3
3
|
export * from "./fake-authenticator";
|
|
4
|
-
export * from "./http-authz
|
|
4
|
+
export * from "./http-authz.guard.util";
|
|
5
|
+
export * from "./http-authz.attach-objects.guard.util";
|
|
6
|
+
export * from "./http-authz.detach-objects.guard.util";
|
|
7
|
+
export * from "./http-authz.action-to-sub-objects.guard.util";
|
|
8
|
+
export * from "./http-authz.list-sub-objects.guard.util";
|
package/lib/src/auth/index.js
CHANGED
|
@@ -13,5 +13,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
13
13
|
__exportStar(require("./authenticator.interface"), exports);
|
|
14
14
|
__exportStar(require("./topic-authorizor.interface"), exports);
|
|
15
15
|
__exportStar(require("./fake-authenticator"), exports);
|
|
16
|
-
__exportStar(require("./http-authz
|
|
16
|
+
__exportStar(require("./http-authz.guard.util"), exports);
|
|
17
|
+
__exportStar(require("./http-authz.attach-objects.guard.util"), exports);
|
|
18
|
+
__exportStar(require("./http-authz.detach-objects.guard.util"), exports);
|
|
19
|
+
__exportStar(require("./http-authz.action-to-sub-objects.guard.util"), exports);
|
|
20
|
+
__exportStar(require("./http-authz.list-sub-objects.guard.util"), exports);
|
|
17
21
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC;AACxC,yEAAuD;AACvD,yEAAuD;AACvD,gFAA8D;AAC9D,2EAAyD"}
|
package/package.json
CHANGED
|
@@ -30,8 +30,7 @@ export class AuthorizationAllowance {
|
|
|
30
30
|
) {
|
|
31
31
|
if (
|
|
32
32
|
this.objectId !== "any" &&
|
|
33
|
-
request.objectId.toString() !== this.objectId.toString()
|
|
34
|
-
!this._isRequestingSelf(request)
|
|
33
|
+
request.objectId.toString() !== this.objectId.toString()
|
|
35
34
|
) {
|
|
36
35
|
return false;
|
|
37
36
|
}
|
|
@@ -51,12 +50,4 @@ export class AuthorizationAllowance {
|
|
|
51
50
|
|
|
52
51
|
return true;
|
|
53
52
|
}
|
|
54
|
-
|
|
55
|
-
private _isRequestingSelf(request: AuthorizationRequestInterface) {
|
|
56
|
-
return (
|
|
57
|
-
request.object === "user" &&
|
|
58
|
-
request.objectId.toString() === this.subject.toString() &&
|
|
59
|
-
this.objectId === "self"
|
|
60
|
-
);
|
|
61
|
-
}
|
|
62
53
|
}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
import { ExecutionContext } from "@nestjs/common";
|
|
2
|
+
import { HttpAuthzGuardUtil } from "./http-authz.guard.util";
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Authorizes attachments of objects to another object by object id
|
|
6
|
+
*/
|
|
7
|
+
export class HttpAuthzActionToSubObjectsGuardUtil {
|
|
8
|
+
private _authzGuard: HttpAuthzGuardUtil;
|
|
9
|
+
|
|
10
|
+
constructor(
|
|
11
|
+
private readonly context: ExecutionContext,
|
|
12
|
+
private readonly action: string
|
|
13
|
+
) {
|
|
14
|
+
this._authzGuard = new HttpAuthzGuardUtil(context);
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
/**
|
|
18
|
+
* @param {string} object The object name of object A
|
|
19
|
+
* @param {string} objectId The object ID of object A
|
|
20
|
+
* @param {string} subObject The object name of objects B
|
|
21
|
+
* @param {string[]} subObjectIds The object IDs of Objects B to attach to object A
|
|
22
|
+
* @param {string?} namespace (Optional) The namespace of objects A and B
|
|
23
|
+
*/
|
|
24
|
+
public isAuthorized(
|
|
25
|
+
object: string,
|
|
26
|
+
objectId: string,
|
|
27
|
+
subObject: string,
|
|
28
|
+
subObjectIds: string[],
|
|
29
|
+
namespace?: string
|
|
30
|
+
) {
|
|
31
|
+
for (const id of subObjectIds) {
|
|
32
|
+
let requests = [];
|
|
33
|
+
|
|
34
|
+
if (namespace) {
|
|
35
|
+
requests = [
|
|
36
|
+
{
|
|
37
|
+
action: "",
|
|
38
|
+
object: namespace,
|
|
39
|
+
objectId: "",
|
|
40
|
+
},
|
|
41
|
+
];
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
requests = [
|
|
45
|
+
...requests,
|
|
46
|
+
...[
|
|
47
|
+
{
|
|
48
|
+
action: "",
|
|
49
|
+
object,
|
|
50
|
+
objectId,
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
action: this.action,
|
|
54
|
+
object: subObject,
|
|
55
|
+
objectId: id,
|
|
56
|
+
},
|
|
57
|
+
],
|
|
58
|
+
];
|
|
59
|
+
|
|
60
|
+
if (!this._authzGuard.isAuthorized(...requests)) {
|
|
61
|
+
return false;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
return true;
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
public get params() {
|
|
68
|
+
return this._authzGuard.params;
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
public get query() {
|
|
72
|
+
return this._authzGuard.query;
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
public get body() {
|
|
76
|
+
return this._authzGuard.body;
|
|
77
|
+
}
|
|
78
|
+
}
|