npm - @discovercloudai/shared - Versions diffs - 1.0.9 → 2.0.0 - Mend

@discovercloudai/shared 1.0.9 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/context/access-context.d.ts +7 -4
package/dist/index.d.ts +2 -1
package/dist/index.js +2 -1
package/dist/middleware/authorize.d.ts +3 -0
package/dist/middleware/authorize.js +22 -0
package/dist/middleware/index.d.ts +1 -0
package/dist/middleware/index.js +1 -0
package/dist/security/guard.d.ts +5 -0
package/dist/security/guard.js +47 -0
package/dist/security/index.d.ts +1 -0
package/dist/{permissions → security}/index.js +1 -3
package/dist/types/index.d.ts +1 -0
package/dist/types/index.js +17 -0
package/package.json +1 -1
package/dist/permissions/global-permissions.d.ts +0 -3
package/dist/permissions/global-permissions.js +0 -30
package/dist/permissions/index.d.ts +0 -3
package/dist/permissions/is-allowed.d.ts +0 -3
package/dist/permissions/is-allowed.js +0 -16
package/dist/permissions/org-permissions.d.ts +0 -3
package/dist/permissions/org-permissions.js +0 -19

package/dist/context/access-context.d.ts CHANGED Viewed

@@ -1,7 +1,10 @@
-import { OrganizationMemberDTO, OrganizationDTO } from "../dto";
-import { AccountRole } from "../enums";
+import { AccountRole, OrganizationRole, MembershipStatus } from "../enums";
 export interface AccessContext {
+    accountId: string;
     accountRole: AccountRole;
-    organization?: OrganizationDTO;
-    membership?: OrganizationMemberDTO;
+    membership?: {
+        organizationId: string;
+        role: OrganizationRole;
+        status: MembershipStatus;
+    };
 }

package/dist/index.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ export * from "./errors";
 export * from "./context";
 export * from "./dto";
 export * from "./internal";
-export * from "./permissions";
+export * from "./security";
 export * from "./utils";
 export * from "./middleware";
+export * from "./types";

package/dist/index.js CHANGED Viewed

@@ -19,6 +19,7 @@ __exportStar(require("./errors"), exports);
 __exportStar(require("./context"), exports);
 __exportStar(require("./dto"), exports);
 __exportStar(require("./internal"), exports);
-__exportStar(require("./permissions"), exports);
+__exportStar(require("./security"), exports);
 __exportStar(require("./utils"), exports);
 __exportStar(require("./middleware"), exports);
+__exportStar(require("./types"), exports);

package/dist/middleware/authorize.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { Request, Response, NextFunction } from "express";
+import { GlobalPermission, OrgPermission } from "../enums";
+export declare const authorize: (permission: GlobalPermission | OrgPermission) => (req: Request, res: Response, next: NextFunction) => Response<any, Record<string, any>> | undefined;

package/dist/middleware/authorize.js ADDED Viewed

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorize = void 0;
+const security_1 = require("../security");
+const authorize = (permission) => {
+    return (req, res, next) => {
+        if (!req.accessContext) {
+            return res.status(401).json({
+                success: false,
+                error: { message: "Unauthorized: No access context", code: "UNAUTHORIZED" }
+            });
+        }
+        if (!(0, security_1.isAllowed)(req.accessContext, permission)) {
+            return res.status(403).json({
+                success: false,
+                error: { message: `Forbidden: Missing permission ${permission}`, code: "FORBIDDEN" }
+            });
+        }
+        next();
+    };
+};
+exports.authorize = authorize;

package/dist/middleware/index.d.ts CHANGED Viewed

@@ -3,3 +3,4 @@ export * from "./validate";
 export * from "./verify-internal-jwt";
 export * from "./request-id";
 export * from "./require-auth";
+export * from "./authorize";

package/dist/middleware/index.js CHANGED Viewed

@@ -19,3 +19,4 @@ __exportStar(require("./validate"), exports);
 __exportStar(require("./verify-internal-jwt"), exports);
 __exportStar(require("./request-id"), exports);
 __exportStar(require("./require-auth"), exports);
+__exportStar(require("./authorize"), exports);

package/dist/security/guard.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { AccountRole, GlobalPermission, OrganizationRole, OrgPermission } from "../enums";
+import { AccessContext } from "../context";
+export declare const globalRolePermissions: Record<AccountRole, readonly GlobalPermission[]>;
+export declare const orgRolePermissions: Record<OrganizationRole, readonly OrgPermission[]>;
+export declare const isAllowed: (ctx: AccessContext, permission: GlobalPermission | OrgPermission) => boolean;

package/dist/security/guard.js ADDED Viewed

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isAllowed = exports.orgRolePermissions = exports.globalRolePermissions = void 0;
+const enums_1 = require("../enums");
+exports.globalRolePermissions = {
+    [enums_1.AccountRole.SUPERADMIN]: [
+        enums_1.GlobalPermission.MANAGE_SYSTEM,
+        enums_1.GlobalPermission.MANAGE_ALL_ORGS,
+        enums_1.GlobalPermission.MANAGE_USERS,
+        enums_1.GlobalPermission.VIEW_SYSTEM_LOGS,
+        enums_1.GlobalPermission.SUPPORT_ACTIONS,
+        enums_1.GlobalPermission.MODERATE_CONTENT
+    ],
+    [enums_1.AccountRole.ADMIN]: [
+        enums_1.GlobalPermission.MANAGE_USERS,
+        enums_1.GlobalPermission.SUPPORT_ACTIONS,
+        enums_1.GlobalPermission.VIEW_SYSTEM_LOGS
+    ],
+    [enums_1.AccountRole.SUPPORT]: [enums_1.GlobalPermission.SUPPORT_ACTIONS],
+    [enums_1.AccountRole.MODERATOR]: [enums_1.GlobalPermission.MODERATE_CONTENT],
+    [enums_1.AccountRole.USER]: []
+};
+exports.orgRolePermissions = {
+    [enums_1.OrganizationRole.OWNER]: [enums_1.OrgPermission.MANAGE_ORG, enums_1.OrgPermission.MANAGE_MEMBERS],
+    [enums_1.OrganizationRole.ADMIN]: [enums_1.OrgPermission.MANAGE_MEMBERS],
+    [enums_1.OrganizationRole.EDITOR]: [],
+    [enums_1.OrganizationRole.VIEWER]: [],
+};
+const canPerformGlobalPermission = (role, permission) => {
+    return exports.globalRolePermissions[role]?.includes(permission) ?? false;
+};
+const canPerformOrgPermission = (role, status, permission) => {
+    if (status !== enums_1.MembershipStatus.ACTIVE)
+        return false;
+    return exports.orgRolePermissions[role]?.includes(permission) ?? false;
+};
+const isAllowed = (ctx, permission) => {
+    // Check if it's a Global Permission
+    if (Object.values(enums_1.GlobalPermission).includes(permission)) {
+        return canPerformGlobalPermission(ctx.accountRole, permission);
+    }
+    // Check if it's an Org Permission
+    if (!ctx.membership)
+        return false;
+    return canPerformOrgPermission(ctx.membership.role, ctx.membership.status, permission);
+};
+exports.isAllowed = isAllowed;

package/dist/security/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./guard";

package/dist/{permissions → security}/index.js RENAMED Viewed

@@ -14,6 +14,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./global-permissions"), exports);
-__exportStar(require("./org-permissions"), exports);
-__exportStar(require("./is-allowed"), exports);
+__exportStar(require("./guard"), exports);

package/dist/types/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./express";

package/dist/types/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./express"), exports);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@discovercloudai/shared",
-  "version": "1.0.9",
+  "version": "2.0.0",
   "private": false,
   "type": "commonjs",
   "main": "dist/index.js",

package/dist/permissions/global-permissions.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import { AccountRole, GlobalPermission } from "../enums";
-export declare const globalRolePermissions: Record<AccountRole, readonly GlobalPermission[]>;
-export declare const canPerformGlobalPermission: (role: AccountRole, permission: GlobalPermission) => boolean;

package/dist/permissions/global-permissions.js DELETED Viewed

@@ -1,30 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.canPerformGlobalPermission = exports.globalRolePermissions = void 0;
-const enums_1 = require("../enums");
-exports.globalRolePermissions = {
-    [enums_1.AccountRole.SUPERADMIN]: [
-        enums_1.GlobalPermission.MANAGE_SYSTEM,
-        enums_1.GlobalPermission.MANAGE_ALL_ORGS,
-        enums_1.GlobalPermission.MANAGE_USERS,
-        enums_1.GlobalPermission.VIEW_SYSTEM_LOGS,
-        enums_1.GlobalPermission.SUPPORT_ACTIONS,
-        enums_1.GlobalPermission.MODERATE_CONTENT
-    ],
-    [enums_1.AccountRole.ADMIN]: [
-        enums_1.GlobalPermission.MANAGE_USERS,
-        enums_1.GlobalPermission.SUPPORT_ACTIONS,
-        enums_1.GlobalPermission.VIEW_SYSTEM_LOGS
-    ],
-    [enums_1.AccountRole.SUPPORT]: [
-        enums_1.GlobalPermission.SUPPORT_ACTIONS
-    ],
-    [enums_1.AccountRole.MODERATOR]: [
-        enums_1.GlobalPermission.MODERATE_CONTENT
-    ],
-    [enums_1.AccountRole.USER]: []
-};
-const canPerformGlobalPermission = (role, permission) => {
-    return exports.globalRolePermissions[role]?.includes(permission) ?? false;
-};
-exports.canPerformGlobalPermission = canPerformGlobalPermission;

package/dist/permissions/index.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-export * from "./global-permissions";
-export * from "./org-permissions";
-export * from "./is-allowed";

package/dist/permissions/is-allowed.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import { AccessContext } from "../context";
-import { GlobalPermission, OrgPermission } from "../enums";
-export declare const isAllowed: (ctx: AccessContext, permission: GlobalPermission | OrgPermission) => boolean;

package/dist/permissions/is-allowed.js DELETED Viewed

@@ -1,16 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isAllowed = void 0;
-const enums_1 = require("../enums");
-const global_permissions_1 = require("./global-permissions");
-const org_permissions_1 = require("./org-permissions");
-const isAllowed = (ctx, permission) => {
-    if (Object.values(enums_1.GlobalPermission).includes(permission)) {
-        // We now use the role pulled from the token context, not a user database entity
-        return (0, global_permissions_1.canPerformGlobalPermission)(ctx.accountRole, permission);
-    }
-    if (!ctx.membership)
-        return false;
-    return (0, org_permissions_1.canPerformOrgPermission)(ctx.membership.role, ctx.membership.status, permission);
-};
-exports.isAllowed = isAllowed;

package/dist/permissions/org-permissions.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import { OrganizationRole, MembershipStatus, OrgPermission } from "../enums";
-export declare const orgRolePermissions: Record<OrganizationRole, readonly OrgPermission[]>;
-export declare const canPerformOrgPermission: (role: OrganizationRole, status: MembershipStatus, permission: OrgPermission) => boolean;

package/dist/permissions/org-permissions.js DELETED Viewed

@@ -1,19 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.canPerformOrgPermission = exports.orgRolePermissions = void 0;
-const enums_1 = require("../enums");
-exports.orgRolePermissions = {
-    [enums_1.OrganizationRole.OWNER]: [
-        enums_1.OrgPermission.MANAGE_ORG,
-        enums_1.OrgPermission.MANAGE_MEMBERS,
-    ],
-    [enums_1.OrganizationRole.ADMIN]: [enums_1.OrgPermission.MANAGE_MEMBERS],
-    [enums_1.OrganizationRole.EDITOR]: [],
-    [enums_1.OrganizationRole.VIEWER]: [],
-};
-const canPerformOrgPermission = (role, status, permission) => {
-    if (status !== enums_1.MembershipStatus.ACTIVE)
-        return false;
-    return exports.orgRolePermissions[role]?.includes(permission) ?? false;
-};
-exports.canPerformOrgPermission = canPerformOrgPermission;