npm - @cryptexlabs/codex-nodejs-common - Versions diffs - 0.1.18 → 0.1.22 - Mend

@cryptexlabs/codex-nodejs-common 0.1.18 → 0.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/src/auth/http-authz.list-sub-objects.guard.util.spec.ts ADDED Viewed

@@ -0,0 +1,323 @@
+import { ExecutionContext } from "@nestjs/common";
+import * as jwt from "jsonwebtoken";
+import { HttpAuthzListSubObjectsGuardUtil } from "./http-authz.list-sub-objects.guard.util";
+describe(HttpAuthzListSubObjectsGuardUtil.name, () => {
+  it("Should allow super admin to list a group for a user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [`cool-app:::any:any:any:any:any:any`],
+      },
+      "hello"
+    );
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+    const util = new HttpAuthzListSubObjectsGuardUtil(context);
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+  it("Should allow someone with permission to list groups for a user to list a group for the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:list`,
+        ],
+      },
+      "hello"
+    );
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+        }),
+      }),
+    } as ExecutionContext;
+    const util = new HttpAuthzListSubObjectsGuardUtil(context);
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+  it("Should allow someone with permission to do anything to any group on a user to list a group for the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:any`,
+        ],
+      },
+      "hello"
+    );
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+    const util = new HttpAuthzListSubObjectsGuardUtil(context);
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+  it("Should allow someone with permission to do anything to any sub object for a user to list a group for the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::any:any:any`,
+        ],
+      },
+      "hello"
+    );
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+    const util = new HttpAuthzListSubObjectsGuardUtil(context);
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+  it("Should allow someone with permission to list a specific group for a user to list the groups to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group::list`,
+        ],
+      },
+      "hello"
+    );
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+    const util = new HttpAuthzListSubObjectsGuardUtil(context);
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        "cool-app"
+      )
+    ).toBe(true);
+  });
+  it("Should not allow someone with permission to list groups to a different user to list a group for the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:create`,
+        ],
+      },
+      "hello"
+    );
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+    const util = new HttpAuthzListSubObjectsGuardUtil(context);
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+  it("Should not allow someone with permission to do anything to a different user to list a group for the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:any`,
+        ],
+      },
+      "hello"
+    );
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+    const util = new HttpAuthzListSubObjectsGuardUtil(context);
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+  it("Should not allow someone with permission to do anything to any sub object for a different user to list a group for the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::any:any:any`,
+        ],
+      },
+      "hello"
+    );
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
+          },
+          body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
+        }),
+      }),
+    } as ExecutionContext;
+    const util = new HttpAuthzListSubObjectsGuardUtil(context);
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+  it("Should not allow someone with permission to list a different specific permission for a user to list the groups to the user", () => {
+    const token = jwt.sign(
+      {
+        scopes: [
+          `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:create`,
+        ],
+      },
+      "hello"
+    );
+    const context = {
+      switchToHttp: () => ({
+        getRequest: () => ({
+          headers: {
+            authorization: `Bearer ${token}`,
+          },
+          params: {
+            userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+          },
+          body: ["5be3176f-c066-4418-b682-18e16fd07b84"],
+        }),
+      }),
+    } as ExecutionContext;
+    const util = new HttpAuthzListSubObjectsGuardUtil(context);
+    expect(
+      util.isAuthorized(
+        "user",
+        "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
+        "group",
+        "cool-app"
+      )
+    ).toBe(false);
+  });
+});

package/src/auth/http-authz.list-sub-objects.guard.util.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import { ExecutionContext } from "@nestjs/common";
+import { HttpAuthzActionToSubObjectsGuardUtil } from "./http-authz.action-to-sub-objects.guard.util";
+import { HttpAuthzGuardUtil } from "./http-authz.guard.util";
+/**
+ * Authorizes detachment of objects to another object by object id
+ */
+export class HttpAuthzListSubObjectsGuardUtil {
+  private _util: HttpAuthzGuardUtil;
+  constructor(private readonly context: ExecutionContext) {
+    this._util = new HttpAuthzGuardUtil(context);
+  }
+  /**
+   * @param {string} object The object name of object A
+   * @param {string} objectId The object ID of object A
+   * @param {string} detachObject The object name of objects B
+   * @param {string?} namespace (Optional) The namespace of objects A and B
+   */
+  public isAuthorized(
+    object: string,
+    objectId: string,
+    subObject: string,
+    namespace?: string
+  ) {
+    let requests = [];
+    if (namespace) {
+      requests = [
+        {
+          action: "",
+          object: namespace,
+          objectId: "",
+        },
+      ];
+    }
+    requests = [
+      ...requests,
+      {
+        action: "",
+        object,
+        objectId,
+      },
+      {
+        action: "list",
+        object: subObject,
+        objectId: "",
+      },
+    ];
+    return this._util.isAuthorized(...requests);
+  }
+  public get params() {
+    return this._util.params;
+  }
+  public get query() {
+    return this._util.query;
+  }
+  public get body() {
+    return this._util.body;
+  }
+}

package/src/auth/index.ts CHANGED Viewed

@@ -1,4 +1,8 @@
 export * from "./authenticator.interface";
 export * from "./topic-authorizor.interface";
 export * from "./fake-authenticator";
-export * from "./http-authz-guard.util";
+export * from "./http-authz.guard.util";
+export * from "./http-authz.attach-objects.guard.util";
+export * from "./http-authz.detach-objects.guard.util";
+export * from "./http-authz.action-to-sub-objects.guard.util";
+export * from "./http-authz.list-sub-objects.guard.util";

package/src/index.ts CHANGED Viewed

@@ -9,6 +9,7 @@ export * from "./logger";
 export * from "./message";
 export * from "./pipe";
 export * from "./response";
+export * from "./result";
 export * from "./exception";
 export * from "./locales";
 export * from "./service";

package/src/response/http-paginated-response-meta.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { HttpStatus } from "@nestjs/common";
+import {
+  LocaleInterface,
+  MessageMetaInterface,
+} from "@cryptexlabs/codex-data-model";
+import { DefaultConfig } from "../config";
+import { MessageMeta } from "../message";
+export class HttpPaginatedResponseMeta
+  extends MessageMeta
+  implements MessageMetaInterface
+{
+  constructor(
+    public readonly status: HttpStatus,
+    public readonly totalRecords: number,
+    type: string,
+    locale: LocaleInterface,
+    config: DefaultConfig,
+    correlationId: string,
+    started: Date
+  ) {
+    super(type, locale, config, correlationId, started);
+  }
+}

package/src/response/index.ts CHANGED Viewed

@@ -6,3 +6,5 @@ export * from "./healthz-response";
 export * from "./http-response-meta";
 export * from "./rest.response";
 export * from "./simple-http.response";
+export * from "./http-paginated-response-meta";
+export * from "./rest.paginated.response";

package/src/response/rest.paginated.response.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { HttpStatus } from "@nestjs/common";
+import {
+  MessageInterface,
+  MessageMetaInterface,
+} from "@cryptexlabs/codex-data-model";
+import { JsonSerializableInterface } from "../message";
+import { Context } from "../context";
+import { HttpResponseMeta } from "./http-response-meta";
+import { HttpPaginatedResponseMeta } from "./http-paginated-response-meta";
+export class RestPaginatedResponse
+  implements JsonSerializableInterface<MessageInterface<string>>
+{
+  public readonly meta: MessageMetaInterface;
+  constructor(
+    context: Context,
+    status: HttpStatus,
+    totalRecords: number,
+    type: string,
+    public readonly data: any
+  ) {
+    this.meta = new HttpPaginatedResponseMeta(
+      status,
+      totalRecords,
+      type,
+      context.locale,
+      context.config,
+      context.correlationId,
+      context.started
+    ) as MessageMetaInterface;
+  }
+  public toJSON(): MessageInterface<any> {
+    return {
+      meta: this.meta,
+      data: this.data,
+    };
+  }
+}

package/src/result/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./paginated.results";

package/src/result/paginated.results.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export interface PaginatedResults<T> {
+  total: number;
+  results: T[];
+}