@cryptexlabs/codex-nodejs-common 0.1.20 → 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/lib/package.json +1 -1
  2. package/lib/src/auth/http-authz.list-sub-objects.guard.util.d.ts +10 -0
  3. package/lib/src/auth/http-authz.list-sub-objects.guard.util.js +47 -0
  4. package/lib/src/auth/http-authz.list-sub-objects.guard.util.js.map +1 -0
  5. package/lib/src/auth/index.d.ts +1 -0
  6. package/lib/src/auth/index.js +1 -0
  7. package/lib/src/auth/index.js.map +1 -1
  8. package/package.json +1 -1
  9. package/src/auth/http-authz.list-sub-objects.guard.util.spec.ts +323 -0
  10. package/src/auth/http-authz.list-sub-objects.guard.util.ts +67 -0
  11. package/src/auth/index.ts +1 -0
package/lib/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cryptexlabs/codex-nodejs-common",
3
- "version": "0.1.20",
3
+ "version": "0.1.21",
4
4
  "description": "Common code for Assistant applications",
5
5
  "main": "lib/src/index.js",
6
6
  "repository": "git@gitlab.com:cryptexlabs/public/codex-nodejs-common.git",
package/lib/src/auth/http-authz.list-sub-objects.guard.util.d.ts ADDED
@@ -0,0 +1,10 @@
1
+ import { ExecutionContext } from "@nestjs/common";
2
+ export declare class HttpAuthzListSubObjectsGuardUtil {
3
+ private readonly context;
4
+ private _util;
5
+ constructor(context: ExecutionContext);
6
+ isAuthorized(object: string, objectId: string, subObject: string, namespace?: string): boolean;
7
+ get params(): any;
8
+ get query(): any;
9
+ get body(): any;
10
+ }
package/lib/src/auth/http-authz.list-sub-objects.guard.util.js ADDED
@@ -0,0 +1,47 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.HttpAuthzListSubObjectsGuardUtil = void 0;
4
+ const http_authz_guard_util_1 = require("./http-authz.guard.util");
5
+ class HttpAuthzListSubObjectsGuardUtil {
6
+ constructor(context) {
7
+ this.context = context;
8
+ this._util = new http_authz_guard_util_1.HttpAuthzGuardUtil(context);
9
+ }
10
+ isAuthorized(object, objectId, subObject, namespace) {
11
+ let requests = [];
12
+ if (namespace) {
13
+ requests = [
14
+ {
15
+ action: "",
16
+ object: namespace,
17
+ objectId: "",
18
+ },
19
+ ];
20
+ }
21
+ requests = [
22
+ ...requests,
23
+ {
24
+ action: "",
25
+ object,
26
+ objectId,
27
+ },
28
+ {
29
+ action: "list",
30
+ object: subObject,
31
+ objectId: "",
32
+ },
33
+ ];
34
+ return this._util.isAuthorized(...requests);
35
+ }
36
+ get params() {
37
+ return this._util.params;
38
+ }
39
+ get query() {
40
+ return this._util.query;
41
+ }
42
+ get body() {
43
+ return this._util.body;
44
+ }
45
+ }
46
+ exports.HttpAuthzListSubObjectsGuardUtil = HttpAuthzListSubObjectsGuardUtil;
47
+ //# sourceMappingURL=http-authz.list-sub-objects.guard.util.js.map
package/lib/src/auth/http-authz.list-sub-objects.guard.util.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"http-authz.list-sub-objects.guard.util.js","sourceRoot":"","sources":["../../../src/auth/http-authz.list-sub-objects.guard.util.ts"],"names":[],"mappings":";;;AAEA,mEAA6D;AAK7D,MAAa,gCAAgC;IAG3C,YAA6B,OAAyB;QAAzB,YAAO,GAAP,OAAO,CAAkB;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,0CAAkB,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAQM,YAAY,CACjB,MAAc,EACd,QAAgB,EAChB,SAAiB,EACjB,SAAkB;QAElB,IAAI,QAAQ,GAAG,EAAE,CAAC;QAElB,IAAI,SAAS,EAAE;YACb,QAAQ,GAAG;gBACT;oBACE,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,SAAS;oBACjB,QAAQ,EAAE,EAAE;iBACb;aACF,CAAC;SACH;QAED,QAAQ,GAAG;YACT,GAAG,QAAQ;YACX;gBACE,MAAM,EAAE,EAAE;gBACV,MAAM;gBACN,QAAQ;aACT;YACD;gBACE,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,SAAS;gBACjB,QAAQ,EAAE,EAAE;aACb;SACF,CAAC;QAEF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;CACF;AA3DD,4EA2DC"}
package/lib/src/auth/index.d.ts CHANGED
@@ -5,3 +5,4 @@ export * from "./http-authz.guard.util";
5
5
  export * from "./http-authz.attach-objects.guard.util";
6
6
  export * from "./http-authz.detach-objects.guard.util";
7
7
  export * from "./http-authz.action-to-sub-objects.guard.util";
8
+ export * from "./http-authz.list-sub-objects.guard.util";
package/lib/src/auth/index.js CHANGED
@@ -17,4 +17,5 @@ __exportStar(require("./http-authz.guard.util"), exports);
17
17
  __exportStar(require("./http-authz.attach-objects.guard.util"), exports);
18
18
  __exportStar(require("./http-authz.detach-objects.guard.util"), exports);
19
19
  __exportStar(require("./http-authz.action-to-sub-objects.guard.util"), exports);
20
+ __exportStar(require("./http-authz.list-sub-objects.guard.util"), exports);
20
21
  //# sourceMappingURL=index.js.map
package/lib/src/auth/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC;AACxC,yEAAuD;AACvD,yEAAuD;AACvD,gFAA8D"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4DAA0C;AAC1C,+DAA6C;AAC7C,uDAAqC;AACrC,0DAAwC;AACxC,yEAAuD;AACvD,yEAAuD;AACvD,gFAA8D;AAC9D,2EAAyD"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cryptexlabs/codex-nodejs-common",
3
- "version": "0.1.20",
3
+ "version": "0.1.21",
4
4
  "description": "Common code for Assistant applications",
5
5
  "main": "lib/src/index.js",
6
6
  "repository": "git@gitlab.com:cryptexlabs/public/codex-nodejs-common.git",
package/src/auth/http-authz.list-sub-objects.guard.util.spec.ts ADDED
@@ -0,0 +1,323 @@
1
+ import { ExecutionContext } from "@nestjs/common";
2
+ import * as jwt from "jsonwebtoken";
3
+ import { HttpAuthzListSubObjectsGuardUtil } from "./http-authz.list-sub-objects.guard.util";
4
+
5
+ describe(HttpAuthzListSubObjectsGuardUtil.name, () => {
6
+ it("Should allow super admin to list a group for a user", () => {
7
+ const token = jwt.sign(
8
+ {
9
+ scopes: [`cool-app:::any:any:any:any:any:any`],
10
+ },
11
+ "hello"
12
+ );
13
+
14
+ const context = {
15
+ switchToHttp: () => ({
16
+ getRequest: () => ({
17
+ headers: {
18
+ authorization: `Bearer ${token}`,
19
+ },
20
+ params: {
21
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
22
+ },
23
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
24
+ }),
25
+ }),
26
+ } as ExecutionContext;
27
+
28
+ const util = new HttpAuthzListSubObjectsGuardUtil(context);
29
+
30
+ expect(
31
+ util.isAuthorized(
32
+ "user",
33
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
34
+ "group",
35
+ "cool-app"
36
+ )
37
+ ).toBe(true);
38
+ });
39
+
40
+ it("Should allow someone with permission to list groups for a user to list a group for the user", () => {
41
+ const token = jwt.sign(
42
+ {
43
+ scopes: [
44
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:list`,
45
+ ],
46
+ },
47
+ "hello"
48
+ );
49
+
50
+ const context = {
51
+ switchToHttp: () => ({
52
+ getRequest: () => ({
53
+ headers: {
54
+ authorization: `Bearer ${token}`,
55
+ },
56
+ }),
57
+ }),
58
+ } as ExecutionContext;
59
+
60
+ const util = new HttpAuthzListSubObjectsGuardUtil(context);
61
+
62
+ expect(
63
+ util.isAuthorized(
64
+ "user",
65
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
66
+ "group",
67
+ "cool-app"
68
+ )
69
+ ).toBe(true);
70
+ });
71
+
72
+ it("Should allow someone with permission to do anything to any group on a user to list a group for the user", () => {
73
+ const token = jwt.sign(
74
+ {
75
+ scopes: [
76
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:any`,
77
+ ],
78
+ },
79
+ "hello"
80
+ );
81
+
82
+ const context = {
83
+ switchToHttp: () => ({
84
+ getRequest: () => ({
85
+ headers: {
86
+ authorization: `Bearer ${token}`,
87
+ },
88
+ params: {
89
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
90
+ },
91
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
92
+ }),
93
+ }),
94
+ } as ExecutionContext;
95
+
96
+ const util = new HttpAuthzListSubObjectsGuardUtil(context);
97
+
98
+ expect(
99
+ util.isAuthorized(
100
+ "user",
101
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
102
+ "group",
103
+ "cool-app"
104
+ )
105
+ ).toBe(true);
106
+ });
107
+
108
+ it("Should allow someone with permission to do anything to any sub object for a user to list a group for the user", () => {
109
+ const token = jwt.sign(
110
+ {
111
+ scopes: [
112
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::any:any:any`,
113
+ ],
114
+ },
115
+ "hello"
116
+ );
117
+
118
+ const context = {
119
+ switchToHttp: () => ({
120
+ getRequest: () => ({
121
+ headers: {
122
+ authorization: `Bearer ${token}`,
123
+ },
124
+ params: {
125
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
126
+ },
127
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
128
+ }),
129
+ }),
130
+ } as ExecutionContext;
131
+
132
+ const util = new HttpAuthzListSubObjectsGuardUtil(context);
133
+
134
+ expect(
135
+ util.isAuthorized(
136
+ "user",
137
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
138
+ "group",
139
+ "cool-app"
140
+ )
141
+ ).toBe(true);
142
+ });
143
+
144
+ it("Should allow someone with permission to list a specific group for a user to list the groups to the user", () => {
145
+ const token = jwt.sign(
146
+ {
147
+ scopes: [
148
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group::list`,
149
+ ],
150
+ },
151
+ "hello"
152
+ );
153
+
154
+ const context = {
155
+ switchToHttp: () => ({
156
+ getRequest: () => ({
157
+ headers: {
158
+ authorization: `Bearer ${token}`,
159
+ },
160
+ params: {
161
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
162
+ },
163
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
164
+ }),
165
+ }),
166
+ } as ExecutionContext;
167
+
168
+ const util = new HttpAuthzListSubObjectsGuardUtil(context);
169
+
170
+ expect(
171
+ util.isAuthorized(
172
+ "user",
173
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
174
+ "group",
175
+ "cool-app"
176
+ )
177
+ ).toBe(true);
178
+ });
179
+
180
+ it("Should not allow someone with permission to list groups to a different user to list a group for the user", () => {
181
+ const token = jwt.sign(
182
+ {
183
+ scopes: [
184
+ `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:create`,
185
+ ],
186
+ },
187
+ "hello"
188
+ );
189
+
190
+ const context = {
191
+ switchToHttp: () => ({
192
+ getRequest: () => ({
193
+ headers: {
194
+ authorization: `Bearer ${token}`,
195
+ },
196
+ params: {
197
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
198
+ },
199
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
200
+ }),
201
+ }),
202
+ } as ExecutionContext;
203
+
204
+ const util = new HttpAuthzListSubObjectsGuardUtil(context);
205
+
206
+ expect(
207
+ util.isAuthorized(
208
+ "user",
209
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
210
+ "group",
211
+ "cool-app"
212
+ )
213
+ ).toBe(false);
214
+ });
215
+
216
+ it("Should not allow someone with permission to do anything to a different user to list a group for the user", () => {
217
+ const token = jwt.sign(
218
+ {
219
+ scopes: [
220
+ `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::group:any:any`,
221
+ ],
222
+ },
223
+ "hello"
224
+ );
225
+
226
+ const context = {
227
+ switchToHttp: () => ({
228
+ getRequest: () => ({
229
+ headers: {
230
+ authorization: `Bearer ${token}`,
231
+ },
232
+ params: {
233
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
234
+ },
235
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
236
+ }),
237
+ }),
238
+ } as ExecutionContext;
239
+
240
+ const util = new HttpAuthzListSubObjectsGuardUtil(context);
241
+
242
+ expect(
243
+ util.isAuthorized(
244
+ "user",
245
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
246
+ "group",
247
+ "cool-app"
248
+ )
249
+ ).toBe(false);
250
+ });
251
+
252
+ it("Should not allow someone with permission to do anything to any sub object for a different user to list a group for the user", () => {
253
+ const token = jwt.sign(
254
+ {
255
+ scopes: [
256
+ `cool-app:::user:55854a66-5a73-4416-b03a-eba4417b691c::any:any:any`,
257
+ ],
258
+ },
259
+ "hello"
260
+ );
261
+
262
+ const context = {
263
+ switchToHttp: () => ({
264
+ getRequest: () => ({
265
+ headers: {
266
+ authorization: `Bearer ${token}`,
267
+ },
268
+ params: {
269
+ userId: "001d4f53-798b-4a0b-8ef7-330a7bf72147",
270
+ },
271
+ body: ["680dddec-f0b9-4a01-b8b5-be725f946935"],
272
+ }),
273
+ }),
274
+ } as ExecutionContext;
275
+
276
+ const util = new HttpAuthzListSubObjectsGuardUtil(context);
277
+
278
+ expect(
279
+ util.isAuthorized(
280
+ "user",
281
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
282
+ "group",
283
+ "cool-app"
284
+ )
285
+ ).toBe(false);
286
+ });
287
+
288
+ it("Should not allow someone with permission to list a different specific permission for a user to list the groups to the user", () => {
289
+ const token = jwt.sign(
290
+ {
291
+ scopes: [
292
+ `cool-app:::user:4d2114ca-24e2-43e5-bddb-d9a6688b8340::group:any:create`,
293
+ ],
294
+ },
295
+ "hello"
296
+ );
297
+
298
+ const context = {
299
+ switchToHttp: () => ({
300
+ getRequest: () => ({
301
+ headers: {
302
+ authorization: `Bearer ${token}`,
303
+ },
304
+ params: {
305
+ userId: "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
306
+ },
307
+ body: ["5be3176f-c066-4418-b682-18e16fd07b84"],
308
+ }),
309
+ }),
310
+ } as ExecutionContext;
311
+
312
+ const util = new HttpAuthzListSubObjectsGuardUtil(context);
313
+
314
+ expect(
315
+ util.isAuthorized(
316
+ "user",
317
+ "4d2114ca-24e2-43e5-bddb-d9a6688b8340",
318
+ "group",
319
+ "cool-app"
320
+ )
321
+ ).toBe(false);
322
+ });
323
+ });
package/src/auth/http-authz.list-sub-objects.guard.util.ts ADDED
@@ -0,0 +1,67 @@
1
+ import { ExecutionContext } from "@nestjs/common";
2
+ import { HttpAuthzActionToSubObjectsGuardUtil } from "./http-authz.action-to-sub-objects.guard.util";
3
+ import { HttpAuthzGuardUtil } from "./http-authz.guard.util";
4
+
5
+ /**
6
+ * Authorizes detachment of objects to another object by object id
7
+ */
8
+ export class HttpAuthzListSubObjectsGuardUtil {
9
+ private _util: HttpAuthzGuardUtil;
10
+
11
+ constructor(private readonly context: ExecutionContext) {
12
+ this._util = new HttpAuthzGuardUtil(context);
13
+ }
14
+
15
+ /**
16
+ * @param {string} object The object name of object A
17
+ * @param {string} objectId The object ID of object A
18
+ * @param {string} detachObject The object name of objects B
19
+ * @param {string?} namespace (Optional) The namespace of objects A and B
20
+ */
21
+ public isAuthorized(
22
+ object: string,
23
+ objectId: string,
24
+ subObject: string,
25
+ namespace?: string
26
+ ) {
27
+ let requests = [];
28
+
29
+ if (namespace) {
30
+ requests = [
31
+ {
32
+ action: "",
33
+ object: namespace,
34
+ objectId: "",
35
+ },
36
+ ];
37
+ }
38
+
39
+ requests = [
40
+ ...requests,
41
+ {
42
+ action: "",
43
+ object,
44
+ objectId,
45
+ },
46
+ {
47
+ action: "list",
48
+ object: subObject,
49
+ objectId: "",
50
+ },
51
+ ];
52
+
53
+ return this._util.isAuthorized(...requests);
54
+ }
55
+
56
+ public get params() {
57
+ return this._util.params;
58
+ }
59
+
60
+ public get query() {
61
+ return this._util.query;
62
+ }
63
+
64
+ public get body() {
65
+ return this._util.body;
66
+ }
67
+ }
package/src/auth/index.ts CHANGED
@@ -5,3 +5,4 @@ export * from "./http-authz.guard.util";
5
5
  export * from "./http-authz.attach-objects.guard.util";
6
6
  export * from "./http-authz.detach-objects.guard.util";
7
7
  export * from "./http-authz.action-to-sub-objects.guard.util";
8
+ export * from "./http-authz.list-sub-objects.guard.util";