@cryptexlabs/codex-nodejs-common 0.1.17 → 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/lib/package.json +1 -1
  2. package/lib/src/auth/authorization-allowance.d.ts +0 -1
  3. package/lib/src/auth/authorization-allowance.js +1 -7
  4. package/lib/src/auth/authorization-allowance.js.map +1 -1
  5. package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.d.ts +11 -0
  6. package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js +55 -0
  7. package/lib/src/auth/http-authz.action-to-sub-objects.guard.util.js.map +1 -0
  8. package/lib/src/auth/http-authz.attach-objects.guard.util.d.ts +10 -0
  9. package/lib/src/auth/http-authz.attach-objects.guard.util.js +24 -0
  10. package/lib/src/auth/http-authz.attach-objects.guard.util.js.map +1 -0
  11. package/lib/src/auth/http-authz.detach-objects.guard.util.d.ts +10 -0
  12. package/lib/src/auth/http-authz.detach-objects.guard.util.js +24 -0
  13. package/lib/src/auth/http-authz.detach-objects.guard.util.js.map +1 -0
  14. package/lib/src/auth/{http-authz-guard.util.d.ts → http-authz.guard.util.d.ts} +1 -0
  15. package/lib/src/auth/{http-authz-guard.util.js → http-authz.guard.util.js} +2 -1
  16. package/lib/src/auth/http-authz.guard.util.js.map +1 -0
  17. package/lib/src/auth/http-authz.list-sub-objects.guard.util.d.ts +10 -0
  18. package/lib/src/auth/http-authz.list-sub-objects.guard.util.js +47 -0
  19. package/lib/src/auth/http-authz.list-sub-objects.guard.util.js.map +1 -0
  20. package/lib/src/auth/index.d.ts +5 -1
  21. package/lib/src/auth/index.js +5 -1
  22. package/lib/src/auth/index.js.map +1 -1
  23. package/package.json +1 -1
  24. package/src/auth/authorization-allowance.ts +1 -10
  25. package/src/auth/http-authz.action-to-sub-objects.guard.util.ts +78 -0
  26. package/src/auth/http-authz.attach-objects.guard.util.spec.ts +369 -0
  27. package/src/auth/http-authz.attach-objects.guard.util.ts +48 -0
  28. package/src/auth/http-authz.detach-objects.guard.util.spec.ts +369 -0
  29. package/src/auth/http-authz.detach-objects.guard.util.ts +48 -0
  30. package/src/auth/{http-authz-guard.util.spec.ts → http-authz.guard.util.spec.ts} +3 -3
  31. package/src/auth/{http-authz-guard.util.ts → http-authz.guard.util.ts} +2 -0
  32. package/src/auth/http-authz.list-sub-objects.guard.util.spec.ts +323 -0
  33. package/src/auth/http-authz.list-sub-objects.guard.util.ts +67 -0
  34. package/src/auth/index.ts +5 -1
  35. package/lib/src/auth/http-authz-guard.util.js.map +0 -1
package/src/auth/http-authz.detach-objects.guard.util.spec.ts ADDED
@@ -0,0 +1,369 @@
1
+ import { ExecutionContext } from "@nestjs/common";
2
+ import * as jwt from "jsonwebtoken";
3
+ import { HttpAuthzDetachObjectsGuardUtil } from "./http-authz.detach-objects.guard.util";
4
+
5
+ describe(HttpAuthzDetachObjectsGuardUtil.name, () => {
6
+ it("Should allow super admin to detach a group to a user", () => {
7
+ const token = jwt.sign(
8
+ {
9
+ scopes: [`cool-app:::any:any:any:any:any:any`],
10
+ },
11
+ "hello"
12
+ );
13
+
14
+ const context = {
15
+ switchToHttp: () => ({
16
+ getRequest: () => ({
17
+ headers: {
18
+ authorization: `Bearer ${token}`,
19
+ },
20
+ params: {
21
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
22
+ },
23
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
24
+ }),
25
+ }),
26
+ } as ExecutionContext;
27
+
28
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
29
+
30
+ expect(
31
+ util.isAuthorized(
32
+ "user",
33
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
34
+ "group",
35
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
36
+ "cool-app"
37
+ )
38
+ ).toBe(true);
39
+ });
40
+
41
+ it("Should allow someone with permission to detach any group to a user to detach a group from the user", () => {
42
+ const token = jwt.sign(
43
+ {
44
+ scopes: [
45
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:delete`,
46
+ ],
47
+ },
48
+ "hello"
49
+ );
50
+
51
+ const context = {
52
+ switchToHttp: () => ({
53
+ getRequest: () => ({
54
+ headers: {
55
+ authorization: `Bearer ${token}`,
56
+ },
57
+ }),
58
+ }),
59
+ } as ExecutionContext;
60
+
61
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
62
+
63
+ expect(
64
+ util.isAuthorized(
65
+ "user",
66
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
67
+ "group",
68
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
69
+ "cool-app"
70
+ )
71
+ ).toBe(true);
72
+ });
73
+
74
+ it("Should allow someone with permission to do anything to any group on a user to detach a group from the user", () => {
75
+ const token = jwt.sign(
76
+ {
77
+ scopes: [
78
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:any`,
79
+ ],
80
+ },
81
+ "hello"
82
+ );
83
+
84
+ const context = {
85
+ switchToHttp: () => ({
86
+ getRequest: () => ({
87
+ headers: {
88
+ authorization: `Bearer ${token}`,
89
+ },
90
+ params: {
91
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
92
+ },
93
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
94
+ }),
95
+ }),
96
+ } as ExecutionContext;
97
+
98
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
99
+
100
+ expect(
101
+ util.isAuthorized(
102
+ "user",
103
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
104
+ "group",
105
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
106
+ "cool-app"
107
+ )
108
+ ).toBe(true);
109
+ });
110
+
111
+ it("Should allow someone with permission to do anything to any sub object for a user to detach a group from the user", () => {
112
+ const token = jwt.sign(
113
+ {
114
+ scopes: [
115
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::any:any:any`,
116
+ ],
117
+ },
118
+ "hello"
119
+ );
120
+
121
+ const context = {
122
+ switchToHttp: () => ({
123
+ getRequest: () => ({
124
+ headers: {
125
+ authorization: `Bearer ${token}`,
126
+ },
127
+ params: {
128
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
129
+ },
130
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
131
+ }),
132
+ }),
133
+ } as ExecutionContext;
134
+
135
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
136
+
137
+ expect(
138
+ util.isAuthorized(
139
+ "user",
140
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
141
+ "group",
142
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
143
+ "cool-app"
144
+ )
145
+ ).toBe(true);
146
+ });
147
+
148
+ it("Should allow someone with permission to detach a specific group to a user to detach the group to the user", () => {
149
+ const token = jwt.sign(
150
+ {
151
+ scopes: [
152
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:delete`,
153
+ ],
154
+ },
155
+ "hello"
156
+ );
157
+
158
+ const context = {
159
+ switchToHttp: () => ({
160
+ getRequest: () => ({
161
+ headers: {
162
+ authorization: `Bearer ${token}`,
163
+ },
164
+ params: {
165
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
166
+ },
167
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
168
+ }),
169
+ }),
170
+ } as ExecutionContext;
171
+
172
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
173
+
174
+ expect(
175
+ util.isAuthorized(
176
+ "user",
177
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
178
+ "group",
179
+ ["680dddec-f0b9-4a01-b8b5-be725f946935"],
180
+ "cool-app"
181
+ )
182
+ ).toBe(true);
183
+ });
184
+
185
+ it("Should not allow someone with permission to detach any group to a different user to detach a group from the user", () => {
186
+ const token = jwt.sign(
187
+ {
188
+ scopes: [
189
+ `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:create`,
190
+ ],
191
+ },
192
+ "hello"
193
+ );
194
+
195
+ const context = {
196
+ switchToHttp: () => ({
197
+ getRequest: () => ({
198
+ headers: {
199
+ authorization: `Bearer ${token}`,
200
+ },
201
+ params: {
202
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
203
+ },
204
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
205
+ }),
206
+ }),
207
+ } as ExecutionContext;
208
+
209
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
210
+
211
+ expect(
212
+ util.isAuthorized(
213
+ "user",
214
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
215
+ "group",
216
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
217
+ "cool-app"
218
+ )
219
+ ).toBe(false);
220
+ });
221
+
222
+ it("Should not allow someone with permission to do anything to a different user to detach a group from the user", () => {
223
+ const token = jwt.sign(
224
+ {
225
+ scopes: [
226
+ `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:any`,
227
+ ],
228
+ },
229
+ "hello"
230
+ );
231
+
232
+ const context = {
233
+ switchToHttp: () => ({
234
+ getRequest: () => ({
235
+ headers: {
236
+ authorization: `Bearer ${token}`,
237
+ },
238
+ params: {
239
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
240
+ },
241
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
242
+ }),
243
+ }),
244
+ } as ExecutionContext;
245
+
246
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
247
+
248
+ expect(
249
+ util.isAuthorized(
250
+ "user",
251
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
252
+ "group",
253
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
254
+ "cool-app"
255
+ )
256
+ ).toBe(false);
257
+ });
258
+
259
+ it("Should not allow someone with permission to do anything to any sub object for a different user to detach a group from the user", () => {
260
+ const token = jwt.sign(
261
+ {
262
+ scopes: [
263
+ `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::any:any:any`,
264
+ ],
265
+ },
266
+ "hello"
267
+ );
268
+
269
+ const context = {
270
+ switchToHttp: () => ({
271
+ getRequest: () => ({
272
+ headers: {
273
+ authorization: `Bearer ${token}`,
274
+ },
275
+ params: {
276
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
277
+ },
278
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
279
+ }),
280
+ }),
281
+ } as ExecutionContext;
282
+
283
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
284
+
285
+ expect(
286
+ util.isAuthorized(
287
+ "user",
288
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
289
+ "group",
290
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
291
+ "cool-app"
292
+ )
293
+ ).toBe(false);
294
+ });
295
+
296
+ it("Should not allow someone with permission to detach a specific group to a different user to detach the group to the user", () => {
297
+ const token = jwt.sign(
298
+ {
299
+ scopes: [
300
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
301
+ ],
302
+ },
303
+ "hello"
304
+ );
305
+
306
+ const context = {
307
+ switchToHttp: () => ({
308
+ getRequest: () => ({
309
+ headers: {
310
+ authorization: `Bearer ${token}`,
311
+ },
312
+ params: {
313
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
314
+ },
315
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
316
+ }),
317
+ }),
318
+ } as ExecutionContext;
319
+
320
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
321
+
322
+ expect(
323
+ util.isAuthorized(
324
+ "user",
325
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
326
+ "group",
327
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
328
+ "cool-app"
329
+ )
330
+ ).toBe(false);
331
+ });
332
+
333
+ it("Should not allow someone with permission to detach a different specific permission to a user to detach the group to the user", () => {
334
+ const token = jwt.sign(
335
+ {
336
+ scopes: [
337
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:680dddec-f0b9-4a01-b8b5-be725f946935:create`,
338
+ ],
339
+ },
340
+ "hello"
341
+ );
342
+
343
+ const context = {
344
+ switchToHttp: () => ({
345
+ getRequest: () => ({
346
+ headers: {
347
+ authorization: `Bearer ${token}`,
348
+ },
349
+ params: {
350
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
351
+ },
352
+ body: ["5be3176f-c066-4418-b682-18e16fd07b84"],
353
+ }),
354
+ }),
355
+ } as ExecutionContext;
356
+
357
+ const util = new HttpAuthzDetachObjectsGuardUtil(context);
358
+
359
+ expect(
360
+ util.isAuthorized(
361
+ "user",
362
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
363
+ "group",
364
+ ["5d549988-a3bf-49d7-91ae-aeef65a073cc"],
365
+ "cool-app"
366
+ )
367
+ ).toBe(false);
368
+ });
369
+ });
package/src/auth/http-authz.detach-objects.guard.util.ts ADDED
@@ -0,0 +1,48 @@
1
+ import { ExecutionContext } from "@nestjs/common";
2
+ import { HttpAuthzActionToSubObjectsGuardUtil } from "./http-authz.action-to-sub-objects.guard.util";
3
+
4
+ /**
5
+ * Authorizes detachment of objects to another object by object id
6
+ */
7
+ export class HttpAuthzDetachObjectsGuardUtil {
8
+ private _util: HttpAuthzActionToSubObjectsGuardUtil;
9
+
10
+ constructor(private readonly context: ExecutionContext) {
11
+ this._util = new HttpAuthzActionToSubObjectsGuardUtil(context, "delete");
12
+ }
13
+
14
+ /**
15
+ * @param {string} object The object name of object A
16
+ * @param {string} objectId The object ID of object A
17
+ * @param {string} detachObject The object name of objects B
18
+ * @param {string[]} detachObjectIds The object IDs of Objects B to attach to object A
19
+ * @param {string?} namespace (Optional) The namespace of objects A and B
20
+ */
21
+ public isAuthorized(
22
+ object: string,
23
+ objectId: string,
24
+ detachObject: string,
25
+ detachObjectIds: string[],
26
+ namespace?: string
27
+ ) {
28
+ return this._util.isAuthorized(
29
+ object,
30
+ objectId,
31
+ detachObject,
32
+ detachObjectIds,
33
+ namespace
34
+ );
35
+ }
36
+
37
+ public get params() {
38
+ return this._util.params;
39
+ }
40
+
41
+ public get query() {
42
+ return this._util.query;
43
+ }
44
+
45
+ public get body() {
46
+ return this._util.body;
47
+ }
48
+ }
package/src/auth/{http-authz-guard.util.spec.ts → http-authz.guard.util.spec.ts} RENAMED
@@ -2,7 +2,7 @@ import { ExecutionContext } from "@nestjs/common";
2
2
  import { instance, mock, when } from "ts-mockito";
3
3
  import { HttpArgumentsHost } from "@nestjs/common/interfaces/features/arguments-host.interface";
4
4
  import * as jwt from "jsonwebtoken";
5
- import { HttpAuthzGuardUtil } from "./http-authz-guard.util";
5
+ import { HttpAuthzGuardUtil } from "./http-authz.guard.util";
6
6
 
7
7
  describe("HttpAuthzGuardUtil", () => {
8
8
  let mockedExecutionContext: ExecutionContext;
@@ -80,7 +80,7 @@ describe("HttpAuthzGuardUtil", () => {
80
80
  ).toBe(true);
81
81
  });
82
82
 
83
- it("Should authorize a scope with 'self' for object id", () => {
83
+ it("Should not authorize a scope with 'self' for object id", () => {
84
84
  const request = getRequestWithAuthorizationBearerScopes("johndoe", [
85
85
  "user:self:update",
86
86
  ]) as any;
@@ -94,7 +94,7 @@ describe("HttpAuthzGuardUtil", () => {
94
94
  object: "user",
95
95
  objectId: "johndoe",
96
96
  })
97
- ).toBe(true);
97
+ ).toBe(false);
98
98
  });
99
99
 
100
100
  it("Should authorize a multi level scope definition", () => {
package/src/auth/{http-authz-guard.util.ts → http-authz.guard.util.ts} RENAMED
@@ -7,6 +7,7 @@ export class HttpAuthzGuardUtil {
7
7
  private _token: any;
8
8
  public readonly params: any;
9
9
  public readonly query: any;
10
+ public readonly body: any;
10
11
 
11
12
  constructor(private readonly context: ExecutionContext) {
12
13
  const request = context.switchToHttp().getRequest();
@@ -28,6 +29,7 @@ export class HttpAuthzGuardUtil {
28
29
  this._token = decodedToken;
29
30
  this.params = request.params;
30
31
  this.query = request.query;
32
+ this.body = request.body;
31
33
  }
32
34
 
33
35
  public isAuthorized(...authzRequests: AuthorizationRequestInterface[]) {