@develit-services/rbac 0.2.3 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/export/worker.cjs +50 -40
- package/dist/export/worker.d.cts +3 -3
- package/dist/export/worker.d.mts +3 -3
- package/dist/export/worker.d.ts +3 -3
- package/dist/export/worker.mjs +50 -40
- package/dist/shared/{rbac.DB0xguAY.d.cts → rbac.B4wUvd3l.d.cts} +2 -2
- package/dist/shared/{rbac.B2KUW5xp.cjs → rbac.BZDCYlSt.cjs} +7 -5
- package/dist/shared/{rbac.CocWK7y6.d.mts → rbac.DbnJpvqK.d.mts} +2 -2
- package/dist/shared/{rbac.CAcqvrNj.d.ts → rbac.DrhiDe1P.d.ts} +2 -2
- package/dist/shared/{rbac.CUCczegz.mjs → rbac.ihzxYB9Z.mjs} +7 -5
- package/dist/types.cjs +1 -1
- package/dist/types.d.cts +1 -1
- package/dist/types.d.mts +1 -1
- package/dist/types.d.ts +1 -1
- package/dist/types.mjs +1 -1
- package/package.json +1 -1
package/dist/export/worker.cjs
CHANGED
|
@@ -5,7 +5,7 @@ Object.defineProperty(exports, '__esModule', { value: true });
|
|
|
5
5
|
const backendSdk = require('@develit-io/backend-sdk');
|
|
6
6
|
const database_schema = require('../shared/rbac.Cra1T2nC.cjs');
|
|
7
7
|
const drizzleOrm = require('drizzle-orm');
|
|
8
|
-
const verifyScope = require('../shared/rbac.
|
|
8
|
+
const verifyScope = require('../shared/rbac.BZDCYlSt.cjs');
|
|
9
9
|
const zod = require('zod');
|
|
10
10
|
const cloudflare_workers = require('cloudflare:workers');
|
|
11
11
|
const d1 = require('drizzle-orm/d1');
|
|
@@ -658,12 +658,13 @@ let RbacServiceBase = class extends backendSdk.develitWorker(cloudflare_workers.
|
|
|
658
658
|
}
|
|
659
659
|
async verifyAccess(input) {
|
|
660
660
|
return this.handleAction(
|
|
661
|
-
// TODO: This input schema is just copied from auth and is not 100% type safe
|
|
662
661
|
{ data: input, schema: verifyScope.verifyAccessInputSchema },
|
|
663
662
|
{ successMessage: "Access verification completed." },
|
|
664
663
|
async ({ userId, accessRequests, jwt }) => {
|
|
665
|
-
for (const
|
|
666
|
-
|
|
664
|
+
for (const requestGroup of accessRequests) {
|
|
665
|
+
for (const request of requestGroup) {
|
|
666
|
+
this.validateScope(request.scope);
|
|
667
|
+
}
|
|
667
668
|
}
|
|
668
669
|
const userPermissionsResponse = await this.getUserPermissions({
|
|
669
670
|
userId
|
|
@@ -678,46 +679,55 @@ let RbacServiceBase = class extends backendSdk.develitWorker(cloudflare_workers.
|
|
|
678
679
|
...userPermissionsResponse.data.roleScopes,
|
|
679
680
|
...userPermissionsResponse.data.scopes
|
|
680
681
|
];
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
|
|
684
|
-
|
|
685
|
-
|
|
686
|
-
|
|
687
|
-
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
691
|
-
|
|
692
|
-
|
|
693
|
-
|
|
694
|
-
|
|
695
|
-
|
|
696
|
-
|
|
697
|
-
|
|
698
|
-
|
|
699
|
-
const extractedValue = extractedResources[`${placeholder.type}.${placeholder.path}`];
|
|
700
|
-
const jwtParam = placeholder.type === "jwt" ? jwt : void 0;
|
|
701
|
-
const expectedValue = getValueByKey(
|
|
702
|
-
placeholder.type,
|
|
703
|
-
placeholder.path,
|
|
704
|
-
jwtParam
|
|
705
|
-
);
|
|
706
|
-
if (expectedValue === void 0) {
|
|
707
|
-
return false;
|
|
682
|
+
if (accessRequests.length === 0) {
|
|
683
|
+
return {
|
|
684
|
+
isVerified: true
|
|
685
|
+
};
|
|
686
|
+
}
|
|
687
|
+
const anyGroupSatisfied = accessRequests.some((requestGroup) => {
|
|
688
|
+
return requestGroup.every((request) => {
|
|
689
|
+
const placeholders = parseScopeTemplate(request.scope);
|
|
690
|
+
return allScopes.some((userScope) => {
|
|
691
|
+
const scopesMatch = userScope.scope === request.scope;
|
|
692
|
+
let resourceMatches = false;
|
|
693
|
+
if (placeholders.length > 0) {
|
|
694
|
+
if (!request.resourcePath) {
|
|
695
|
+
throw backendSdk.createInternalError(null, {
|
|
696
|
+
message: `Resource path is required when scope '${request.scope}' contains placeholders`,
|
|
697
|
+
status: 400,
|
|
698
|
+
code: "RESOURCE_PATH_REQUIRED"
|
|
699
|
+
});
|
|
708
700
|
}
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
|
|
712
|
-
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
|
|
701
|
+
const extractedResources = extractResourcesFromPath(
|
|
702
|
+
request.scope,
|
|
703
|
+
request.resourcePath
|
|
704
|
+
);
|
|
705
|
+
const allPlaceholdersMatch = placeholders.every(
|
|
706
|
+
(placeholder) => {
|
|
707
|
+
const extractedValue = extractedResources[`${placeholder.type}.${placeholder.path}`];
|
|
708
|
+
const jwtParam = placeholder.type === "jwt" ? jwt : void 0;
|
|
709
|
+
const expectedValue = getValueByKey(
|
|
710
|
+
placeholder.type,
|
|
711
|
+
placeholder.path,
|
|
712
|
+
jwtParam
|
|
713
|
+
);
|
|
714
|
+
if (expectedValue === void 0) {
|
|
715
|
+
return false;
|
|
716
|
+
}
|
|
717
|
+
return String(extractedValue) === String(expectedValue);
|
|
718
|
+
}
|
|
719
|
+
);
|
|
720
|
+
const resourceIdMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
|
|
721
|
+
resourceMatches = allPlaceholdersMatch && resourceIdMatches;
|
|
722
|
+
} else {
|
|
723
|
+
resourceMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
|
|
724
|
+
}
|
|
725
|
+
return scopesMatch && resourceMatches;
|
|
726
|
+
});
|
|
717
727
|
});
|
|
718
728
|
});
|
|
719
729
|
return {
|
|
720
|
-
isVerified:
|
|
730
|
+
isVerified: anyGroupSatisfied
|
|
721
731
|
};
|
|
722
732
|
}
|
|
723
733
|
);
|
package/dist/export/worker.d.cts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
|
|
2
2
|
import { IRPCResponse } from '@develit-io/backend-sdk';
|
|
3
|
-
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.
|
|
3
|
+
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.B4wUvd3l.cjs';
|
|
4
4
|
import { WorkerEntrypoint } from 'cloudflare:workers';
|
|
5
5
|
import { DrizzleD1Database } from 'drizzle-orm/d1';
|
|
6
6
|
import 'zod';
|
|
@@ -26,11 +26,11 @@ declare class RbacServiceBase<TScopes extends readonly LabeledScope$1[] = Labele
|
|
|
26
26
|
getPermissions(): Promise<IRPCResponse<GetPermissionsOutput>>;
|
|
27
27
|
getUserPermissions(input: GetUserPermissionsInput): Promise<IRPCResponse<GetUserPermissionsOutput>>;
|
|
28
28
|
verifyAccess(input: Omit<VerifyAccessInput, 'accessRequests'> & {
|
|
29
|
-
accessRequests: Array<{
|
|
29
|
+
accessRequests: Array<Array<{
|
|
30
30
|
scope: TScopes[number]['value'];
|
|
31
31
|
resourceId?: string;
|
|
32
32
|
resourcePath?: string;
|
|
33
|
-
}
|
|
33
|
+
}>>;
|
|
34
34
|
}): Promise<IRPCResponse<VerifyAccessOutput>>;
|
|
35
35
|
deleteRole(input: DeleteRoleInput): Promise<IRPCResponse<DeleteRoleOutput>>;
|
|
36
36
|
updateRole(input: UpdateRoleInput): Promise<IRPCResponse<UpdateRoleOutput>>;
|
package/dist/export/worker.d.mts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
|
|
2
2
|
import { IRPCResponse } from '@develit-io/backend-sdk';
|
|
3
|
-
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.
|
|
3
|
+
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.DbnJpvqK.mjs';
|
|
4
4
|
import { WorkerEntrypoint } from 'cloudflare:workers';
|
|
5
5
|
import { DrizzleD1Database } from 'drizzle-orm/d1';
|
|
6
6
|
import 'zod';
|
|
@@ -26,11 +26,11 @@ declare class RbacServiceBase<TScopes extends readonly LabeledScope$1[] = Labele
|
|
|
26
26
|
getPermissions(): Promise<IRPCResponse<GetPermissionsOutput>>;
|
|
27
27
|
getUserPermissions(input: GetUserPermissionsInput): Promise<IRPCResponse<GetUserPermissionsOutput>>;
|
|
28
28
|
verifyAccess(input: Omit<VerifyAccessInput, 'accessRequests'> & {
|
|
29
|
-
accessRequests: Array<{
|
|
29
|
+
accessRequests: Array<Array<{
|
|
30
30
|
scope: TScopes[number]['value'];
|
|
31
31
|
resourceId?: string;
|
|
32
32
|
resourcePath?: string;
|
|
33
|
-
}
|
|
33
|
+
}>>;
|
|
34
34
|
}): Promise<IRPCResponse<VerifyAccessOutput>>;
|
|
35
35
|
deleteRole(input: DeleteRoleInput): Promise<IRPCResponse<DeleteRoleOutput>>;
|
|
36
36
|
updateRole(input: UpdateRoleInput): Promise<IRPCResponse<UpdateRoleOutput>>;
|
package/dist/export/worker.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
|
|
2
2
|
import { IRPCResponse } from '@develit-io/backend-sdk';
|
|
3
|
-
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.
|
|
3
|
+
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.DrhiDe1P.js';
|
|
4
4
|
import { WorkerEntrypoint } from 'cloudflare:workers';
|
|
5
5
|
import { DrizzleD1Database } from 'drizzle-orm/d1';
|
|
6
6
|
import 'zod';
|
|
@@ -26,11 +26,11 @@ declare class RbacServiceBase<TScopes extends readonly LabeledScope$1[] = Labele
|
|
|
26
26
|
getPermissions(): Promise<IRPCResponse<GetPermissionsOutput>>;
|
|
27
27
|
getUserPermissions(input: GetUserPermissionsInput): Promise<IRPCResponse<GetUserPermissionsOutput>>;
|
|
28
28
|
verifyAccess(input: Omit<VerifyAccessInput, 'accessRequests'> & {
|
|
29
|
-
accessRequests: Array<{
|
|
29
|
+
accessRequests: Array<Array<{
|
|
30
30
|
scope: TScopes[number]['value'];
|
|
31
31
|
resourceId?: string;
|
|
32
32
|
resourcePath?: string;
|
|
33
|
-
}
|
|
33
|
+
}>>;
|
|
34
34
|
}): Promise<IRPCResponse<VerifyAccessOutput>>;
|
|
35
35
|
deleteRole(input: DeleteRoleInput): Promise<IRPCResponse<DeleteRoleOutput>>;
|
|
36
36
|
updateRole(input: UpdateRoleInput): Promise<IRPCResponse<UpdateRoleOutput>>;
|
package/dist/export/worker.mjs
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { uuidv4, first, createInternalError, develitWorker, action, service } from '@develit-io/backend-sdk';
|
|
2
2
|
import { s as schema } from '../shared/rbac.D5OV7UPA.mjs';
|
|
3
3
|
import { eq, and, count, inArray } from 'drizzle-orm';
|
|
4
|
-
import { c as createRoleInputSchema, a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, r as revokeRoleFromUserInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, j as revokeScopeFromUserInputSchema, e as grantScopeToRoleInputSchema, i as revokeScopeFromRoleInputSchema, g as getUserPermissionsInputSchema, v as verifyAccessInputSchema, d as deleteRoleInputSchema, u as updateRoleInputSchema } from '../shared/rbac.
|
|
4
|
+
import { c as createRoleInputSchema, a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, r as revokeRoleFromUserInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, j as revokeScopeFromUserInputSchema, e as grantScopeToRoleInputSchema, i as revokeScopeFromRoleInputSchema, g as getUserPermissionsInputSchema, v as verifyAccessInputSchema, d as deleteRoleInputSchema, u as updateRoleInputSchema } from '../shared/rbac.ihzxYB9Z.mjs';
|
|
5
5
|
import { z } from 'zod';
|
|
6
6
|
import { WorkerEntrypoint } from 'cloudflare:workers';
|
|
7
7
|
import { drizzle } from 'drizzle-orm/d1';
|
|
@@ -654,12 +654,13 @@ let RbacServiceBase = class extends develitWorker(WorkerEntrypoint) {
|
|
|
654
654
|
}
|
|
655
655
|
async verifyAccess(input) {
|
|
656
656
|
return this.handleAction(
|
|
657
|
-
// TODO: This input schema is just copied from auth and is not 100% type safe
|
|
658
657
|
{ data: input, schema: verifyAccessInputSchema },
|
|
659
658
|
{ successMessage: "Access verification completed." },
|
|
660
659
|
async ({ userId, accessRequests, jwt }) => {
|
|
661
|
-
for (const
|
|
662
|
-
|
|
660
|
+
for (const requestGroup of accessRequests) {
|
|
661
|
+
for (const request of requestGroup) {
|
|
662
|
+
this.validateScope(request.scope);
|
|
663
|
+
}
|
|
663
664
|
}
|
|
664
665
|
const userPermissionsResponse = await this.getUserPermissions({
|
|
665
666
|
userId
|
|
@@ -674,46 +675,55 @@ let RbacServiceBase = class extends develitWorker(WorkerEntrypoint) {
|
|
|
674
675
|
...userPermissionsResponse.data.roleScopes,
|
|
675
676
|
...userPermissionsResponse.data.scopes
|
|
676
677
|
];
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
680
|
-
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
|
|
684
|
-
|
|
685
|
-
|
|
686
|
-
|
|
687
|
-
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
691
|
-
|
|
692
|
-
|
|
693
|
-
|
|
694
|
-
|
|
695
|
-
const extractedValue = extractedResources[`${placeholder.type}.${placeholder.path}`];
|
|
696
|
-
const jwtParam = placeholder.type === "jwt" ? jwt : void 0;
|
|
697
|
-
const expectedValue = getValueByKey(
|
|
698
|
-
placeholder.type,
|
|
699
|
-
placeholder.path,
|
|
700
|
-
jwtParam
|
|
701
|
-
);
|
|
702
|
-
if (expectedValue === void 0) {
|
|
703
|
-
return false;
|
|
678
|
+
if (accessRequests.length === 0) {
|
|
679
|
+
return {
|
|
680
|
+
isVerified: true
|
|
681
|
+
};
|
|
682
|
+
}
|
|
683
|
+
const anyGroupSatisfied = accessRequests.some((requestGroup) => {
|
|
684
|
+
return requestGroup.every((request) => {
|
|
685
|
+
const placeholders = parseScopeTemplate(request.scope);
|
|
686
|
+
return allScopes.some((userScope) => {
|
|
687
|
+
const scopesMatch = userScope.scope === request.scope;
|
|
688
|
+
let resourceMatches = false;
|
|
689
|
+
if (placeholders.length > 0) {
|
|
690
|
+
if (!request.resourcePath) {
|
|
691
|
+
throw createInternalError(null, {
|
|
692
|
+
message: `Resource path is required when scope '${request.scope}' contains placeholders`,
|
|
693
|
+
status: 400,
|
|
694
|
+
code: "RESOURCE_PATH_REQUIRED"
|
|
695
|
+
});
|
|
704
696
|
}
|
|
705
|
-
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
|
|
712
|
-
|
|
697
|
+
const extractedResources = extractResourcesFromPath(
|
|
698
|
+
request.scope,
|
|
699
|
+
request.resourcePath
|
|
700
|
+
);
|
|
701
|
+
const allPlaceholdersMatch = placeholders.every(
|
|
702
|
+
(placeholder) => {
|
|
703
|
+
const extractedValue = extractedResources[`${placeholder.type}.${placeholder.path}`];
|
|
704
|
+
const jwtParam = placeholder.type === "jwt" ? jwt : void 0;
|
|
705
|
+
const expectedValue = getValueByKey(
|
|
706
|
+
placeholder.type,
|
|
707
|
+
placeholder.path,
|
|
708
|
+
jwtParam
|
|
709
|
+
);
|
|
710
|
+
if (expectedValue === void 0) {
|
|
711
|
+
return false;
|
|
712
|
+
}
|
|
713
|
+
return String(extractedValue) === String(expectedValue);
|
|
714
|
+
}
|
|
715
|
+
);
|
|
716
|
+
const resourceIdMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
|
|
717
|
+
resourceMatches = allPlaceholdersMatch && resourceIdMatches;
|
|
718
|
+
} else {
|
|
719
|
+
resourceMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
|
|
720
|
+
}
|
|
721
|
+
return scopesMatch && resourceMatches;
|
|
722
|
+
});
|
|
713
723
|
});
|
|
714
724
|
});
|
|
715
725
|
return {
|
|
716
|
-
isVerified:
|
|
726
|
+
isVerified: anyGroupSatisfied
|
|
717
727
|
};
|
|
718
728
|
}
|
|
719
729
|
);
|
|
@@ -190,11 +190,11 @@ interface UpdateRoleOutput {
|
|
|
190
190
|
|
|
191
191
|
declare const verifyAccessInputSchema: z.ZodObject<{
|
|
192
192
|
userId: z.ZodUUID;
|
|
193
|
-
accessRequests: z.ZodArray<z.ZodObject<{
|
|
193
|
+
accessRequests: z.ZodArray<z.ZodArray<z.ZodObject<{
|
|
194
194
|
scope: z.ZodString;
|
|
195
195
|
resourceId: z.ZodOptional<z.ZodString>;
|
|
196
196
|
resourcePath: z.ZodOptional<z.ZodString>;
|
|
197
|
-
}, z.core.$strip
|
|
197
|
+
}, z.core.$strip>>>;
|
|
198
198
|
jwt: z.ZodOptional<z.ZodObject<{
|
|
199
199
|
sub: z.ZodString;
|
|
200
200
|
iat: z.ZodNumber;
|
|
@@ -140,11 +140,13 @@ const coercedJwtPayloadSchema = jwtPayloadSchema.extend({
|
|
|
140
140
|
const verifyAccessInputSchema = zod.z.object({
|
|
141
141
|
userId: zod.z.uuid(),
|
|
142
142
|
accessRequests: zod.z.array(
|
|
143
|
-
zod.z.
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
143
|
+
zod.z.array(
|
|
144
|
+
zod.z.object({
|
|
145
|
+
scope: zod.z.string(),
|
|
146
|
+
resourceId: zod.z.string().optional(),
|
|
147
|
+
resourcePath: zod.z.string().optional()
|
|
148
|
+
})
|
|
149
|
+
)
|
|
148
150
|
),
|
|
149
151
|
jwt: coercedJwtPayloadSchema.optional()
|
|
150
152
|
});
|
|
@@ -190,11 +190,11 @@ interface UpdateRoleOutput {
|
|
|
190
190
|
|
|
191
191
|
declare const verifyAccessInputSchema: z.ZodObject<{
|
|
192
192
|
userId: z.ZodUUID;
|
|
193
|
-
accessRequests: z.ZodArray<z.ZodObject<{
|
|
193
|
+
accessRequests: z.ZodArray<z.ZodArray<z.ZodObject<{
|
|
194
194
|
scope: z.ZodString;
|
|
195
195
|
resourceId: z.ZodOptional<z.ZodString>;
|
|
196
196
|
resourcePath: z.ZodOptional<z.ZodString>;
|
|
197
|
-
}, z.core.$strip
|
|
197
|
+
}, z.core.$strip>>>;
|
|
198
198
|
jwt: z.ZodOptional<z.ZodObject<{
|
|
199
199
|
sub: z.ZodString;
|
|
200
200
|
iat: z.ZodNumber;
|
|
@@ -190,11 +190,11 @@ interface UpdateRoleOutput {
|
|
|
190
190
|
|
|
191
191
|
declare const verifyAccessInputSchema: z.ZodObject<{
|
|
192
192
|
userId: z.ZodUUID;
|
|
193
|
-
accessRequests: z.ZodArray<z.ZodObject<{
|
|
193
|
+
accessRequests: z.ZodArray<z.ZodArray<z.ZodObject<{
|
|
194
194
|
scope: z.ZodString;
|
|
195
195
|
resourceId: z.ZodOptional<z.ZodString>;
|
|
196
196
|
resourcePath: z.ZodOptional<z.ZodString>;
|
|
197
|
-
}, z.core.$strip
|
|
197
|
+
}, z.core.$strip>>>;
|
|
198
198
|
jwt: z.ZodOptional<z.ZodObject<{
|
|
199
199
|
sub: z.ZodString;
|
|
200
200
|
iat: z.ZodNumber;
|
|
@@ -138,11 +138,13 @@ const coercedJwtPayloadSchema = jwtPayloadSchema.extend({
|
|
|
138
138
|
const verifyAccessInputSchema = z.object({
|
|
139
139
|
userId: z.uuid(),
|
|
140
140
|
accessRequests: z.array(
|
|
141
|
-
z.
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
141
|
+
z.array(
|
|
142
|
+
z.object({
|
|
143
|
+
scope: z.string(),
|
|
144
|
+
resourceId: z.string().optional(),
|
|
145
|
+
resourcePath: z.string().optional()
|
|
146
|
+
})
|
|
147
|
+
)
|
|
146
148
|
),
|
|
147
149
|
jwt: coercedJwtPayloadSchema.optional()
|
|
148
150
|
});
|
package/dist/types.cjs
CHANGED
package/dist/types.d.cts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.
|
|
1
|
+
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.B4wUvd3l.cjs';
|
|
2
2
|
import { z } from 'zod';
|
|
3
3
|
export { b as RbacServiceEnv, a as RbacServiceEnvironmentConfig, R as RbacServiceWranglerConfig } from './shared/rbac.ClMKyW8J.cjs';
|
|
4
4
|
import 'drizzle-orm';
|
package/dist/types.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.
|
|
1
|
+
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.DbnJpvqK.mjs';
|
|
2
2
|
import { z } from 'zod';
|
|
3
3
|
export { b as RbacServiceEnv, a as RbacServiceEnvironmentConfig, R as RbacServiceWranglerConfig } from './shared/rbac.ClMKyW8J.mjs';
|
|
4
4
|
import 'drizzle-orm';
|
package/dist/types.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.
|
|
1
|
+
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.DrhiDe1P.js';
|
|
2
2
|
import { z } from 'zod';
|
|
3
3
|
export { b as RbacServiceEnv, a as RbacServiceEnvironmentConfig, R as RbacServiceWranglerConfig } from './shared/rbac.ClMKyW8J.js';
|
|
4
4
|
import 'drizzle-orm';
|
package/dist/types.mjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export { a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, c as createRoleInputSchema, d as deleteRoleInputSchema, g as getUserPermissionsInputSchema, e as grantScopeToRoleInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, r as revokeRoleFromUserInputSchema, i as revokeScopeFromRoleInputSchema, j as revokeScopeFromUserInputSchema, u as updateRoleInputSchema, v as verifyAccessInputSchema, k as verifyScopeInputSchema, l as verifyScopeOutputSchema } from './shared/rbac.
|
|
1
|
+
export { a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, c as createRoleInputSchema, d as deleteRoleInputSchema, g as getUserPermissionsInputSchema, e as grantScopeToRoleInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, r as revokeRoleFromUserInputSchema, i as revokeScopeFromRoleInputSchema, j as revokeScopeFromUserInputSchema, u as updateRoleInputSchema, v as verifyAccessInputSchema, k as verifyScopeInputSchema, l as verifyScopeOutputSchema } from './shared/rbac.ihzxYB9Z.mjs';
|
|
2
2
|
import 'zod';
|