@dnax/core 0.3.3 → 0.3.5

package/app/hono.ts

@@ -18,6 +18,8 @@ import { MediaDrive } from "../lib/media";
 import { isStudio } from "../lib/studio";
 import { pick } from "radash";
 import { secureHeaders } from "hono/secure-headers";
+import { getTenant } from "../lib/tenant";
+import { checkPermission, getPermission } from "../lib/permissions";
 const app = new Hono();
 
 const API_PATH = "/api";
@@ -31,7 +33,7 @@ function HonoInstance(): typeof app {
     })
   );
   //eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibm9tIiwiaWF0IjoxNzE3Nzc0MDQzLCJleHAiOjE3MTc3NzQxMDN9.Ud4-0y8pa4SMIcSn8PU1A-sjC-hT4ZVe_u3AdChyIJU
-  // Middleware
+  // Middlewares Injection
   app.use(async (c, next) => {
     return asyncLocalStorage.run(new Map(), async () => {
       let cookie = getCookie(c);
@@ -53,20 +55,20 @@ function HonoInstance(): typeof app {
       };
       c.set("_v", _v);
       c.set("tenant-id", c.req.header()["tenant-id"]);
+
       if (token && valid) {
         session.set({
+          // token: token,
           state: decode?.state || {},
-          access: decode?.access || {},
+          role: decode?.role || null,
           _v: { ...(_v || {}) },
-          token: token,
         });
       } else {
         // no valid token
         session.set({
           state: {},
-          access: {},
+          role: undefined,
           _v: { ...(_v || {}) },
-          token: null,
         });
       }
 
@@ -80,58 +82,7 @@ function HonoInstance(): typeof app {
     });
   });
 
-  // Public assets
-  app.get(
-    "/assets/*",
-    serveStatic({
-      root: "uploads",
-      //rewriteRequestPath: (path) => path?.replace(/^\/assets/, ""),
-    })
-  );
-
-  app.post("/api/studio", (c, next) => {
-    let cookie = getCookie(c);
-    let secretKeyStudio = cookie["_STUDIO_SECRET_KEY_"];
-    let canPerform = isStudio(secretKeyStudio);
-    let cf = {
-      collections: Cfg.collections?.map((c) =>
-        pick(c, ["fields", "slug", "tenant_id", "type"])
-      ),
-      tenants: Cfg.tenants.map((t) => t?.id),
-    };
-
-    if (canPerform) {
-      return c.json({
-        auth: true,
-        data: cf,
-      });
-    } else {
-      c.status(403);
-      return c.json({ message: "Unauthorized" });
-    }
-  });
-
-  Cfg.collections?.map((c) => {
-    if (c?.type == "media" && c.media?.enabled) {
-      let mediaPath = cleanPath(
-        "/files/" + (c?.media?.overwriteFolderName || c?.slug) + "/public/*"
-      );
-
-      //console.log("Media Path :", mediaPath);
-      app.get(
-        mediaPath,
-        serveStatic({
-          root: cleanPath("uploads"),
-          rewriteRequestPath: (path) => path?.replace(/^\/files/, ""),
-          onNotFound: (path, c) => {
-            console.log(`${path} is not found, you access ${c.req.path}`);
-          },
-        })
-      );
-    }
-  });
-
-  // access controle for api
+  // Access controle for api
   app.use(cleanPath(API_PATH), async (c, next) => {
     let session = sessionStorage();
 
@@ -141,7 +92,7 @@ function HonoInstance(): typeof app {
     let col = getCollection(collection, tenant_id);
     let colAccess =
       col?.access?.hasOwnProperty(action) ||
-      session.get()?.access?.hasOwnProperty(action) ||
+      getPermission(session.get()?.role, tenant_id) ||
       null;
     let nextLifecyle: any = false;
 
@@ -192,17 +143,32 @@ function HonoInstance(): typeof app {
       });
     } else {
       if (col && action && colAccess) {
-        let basicNextAccess = session?.get()?.access?.hasOwnProperty(action)
-          ? session?.get()?.access?.[action]
-          : false;
-        nextLifecyle =
-          (await col?.access[action]({
+        let basicNextAccess = false;
+
+        if (getPermission(session.get()?.role, tenant_id)) {
+          basicNextAccess = checkPermission(
+            session.get()?.role,
+            tenant_id,
+            collection,
+            action
+          );
+        }
+
+        /*  if (session.get().access.hasOwnProperty("allAction")) {
+          basicNextAccess = session.get().access["allAction"];
+        }  */
+
+        nextLifecyle = basicNextAccess;
+
+        if (col?.access?.hasOwnProperty(action)) {
+          nextLifecyle = await col?.access[action]({
             session: sessionStorage(),
             action: action,
             c: c,
             isAuth: c.var?._v?.isAuth || false,
             rest: new useRest({ tenant_id: tenant_id }),
-          })) || basicNextAccess;
+          });
+        }
       }
     }
 
@@ -219,6 +185,11 @@ function HonoInstance(): typeof app {
   // API REST
   app.post(cleanPath(API_PATH), async (c) => {
     try {
+      // control tenant
+      if (!c.var["tenant-id"] || !getTenant(c.var["tenant-id"])) {
+        throw new contextError(`Tenant Id missiong or not found`, 404);
+      }
+
       var response;
       var parseBody;
       const { action, collection, cleanDeep, useCache, name } =
@@ -263,12 +234,7 @@ function HonoInstance(): typeof app {
         });
       }
 
-      // Controler on collection
-      if (
-        !getCollection(collection, c.var["tenant-id"]) &&
-        getAction(action) &&
-        collection
-      ) {
+      if (!getAction(action) || !collection) {
         throw new contextError(`Collection ${collection} not found`, 404);
       }
 
@@ -422,6 +388,49 @@ function HonoInstance(): typeof app {
     }
   });
 
+  app.post("/api/studio", (c, next) => {
+    let cookie = getCookie(c);
+    let secretKeyStudio = cookie["_STUDIO_SECRET_KEY_"];
+    let canPerform = isStudio(secretKeyStudio);
+    let cf = {
+      collections: Cfg.collections?.map((c) =>
+        pick(c, ["fields", "slug", "tenant_id", "type"])
+      ),
+      tenants: Cfg.tenants.map((t) => t?.id),
+    };
+
+    if (canPerform) {
+      return c.json({
+        auth: true,
+        data: cf,
+      });
+    } else {
+      c.status(403);
+      return c.json({ message: "Unauthorized" });
+    }
+  });
+
+  // media endpoints
+  Cfg.collections?.map((c) => {
+    if (c?.type == "media" && c.media?.enabled) {
+      let mediaPath = cleanPath(
+        "/files/" + (c?.media?.overwriteFolderName || c?.slug) + "/public/*"
+      );
+
+      //console.log("Media Path :", mediaPath);
+      app.get(
+        mediaPath,
+        serveStatic({
+          root: cleanPath("uploads"),
+          rewriteRequestPath: (path) => path?.replace(/^\/files/, ""),
+          onNotFound: (path, c) => {
+            console.log(`${path} is not found, you access ${c.req.path}`);
+          },
+        })
+      );
+    }
+  });
+
   // Endpoint
   Cfg?.endpoints?.map((e) => {
     if (e?.enabled) {
@@ -434,4 +443,13 @@ function HonoInstance(): typeof app {
   return app;
 }
 
+// Public assets
+app.get(
+  "/assets/*",
+  serveStatic({
+    root: "uploads",
+    //rewriteRequestPath: (path) => path?.replace(/^\/assets/, ""),
+  })
+);
+
 export { HonoInstance };

package/define/index.ts

@@ -7,6 +7,7 @@ import type {
   cronConfig,
   cronCtx,
   middlewareCtx,
+  permissionSchema,
 } from "../types";
 import { Cfg } from "../config/";
 import { deepMerge, freeze } from "../utils";
@@ -40,6 +41,10 @@ function Task(config: cronConfig) {
   return config;
 }
 
+function Permission(config: permissionSchema): permissionSchema {
+  return config;
+}
+
 const define = {
   Service,
   Config,
@@ -50,6 +55,7 @@ const define = {
   Middleware,
   Task,
   Cron: Task,
+  Permission,
 };
 
 export default define;

package/lib/asyncLocalStorage.ts

@@ -8,40 +8,15 @@ const sessionStorage = () => ({
   get(): {
     state: object;
     _v: object;
-    token: string;
-    access: {
-      allAction?: boolean;
-      aggreate?: boolean;
-      find?: boolean;
-      findOne?: boolean;
-      insertOne?: boolean;
-      insertMany?: boolean;
-      updateOne?: boolean;
-      updateMany?: boolean;
-      deleteOne?: boolean;
-      deleteMany?: boolean;
-      upload?: boolean;
-    };
+
+    role: string | null | undefined;
   } {
     let store = asyncLocalStorage.getStore() as InstanceType<typeof Map>;
     return (
       (store.get(key) as {
         state: object;
         _v: object;
-        token: string;
-        access: {
-          allAction?: boolean;
-          aggreate?: boolean;
-          find?: boolean;
-          findOne?: boolean;
-          insertOne?: boolean;
-          insertMany?: boolean;
-          updateOne?: boolean;
-          updateMany?: boolean;
-          deleteOne?: boolean;
-          deleteMany?: boolean;
-          upload?: boolean;
-        };
+        role: string;
       }) || {
         state: {},
         _v: {},
@@ -53,30 +28,18 @@ const sessionStorage = () => ({
     input: {
       state: object;
       _v?: object;
-      token?: string | undefined | null;
-      access?: {
-        allAction?: boolean;
-        aggreate?: boolean;
-        find?: boolean;
-        findOne?: boolean;
-        insertOne?: boolean;
-        insertMany?: boolean;
-        updateOne?: boolean;
-        updateMany?: boolean;
-        deleteOne?: boolean;
-        deleteMany?: boolean;
-        upload?: boolean;
-      };
+      role?: string;
+      token?: string | null | undefined;
     } = {
       state: {},
       _v: {},
-      // token: null,
+      token: null,
     }
   ) {
     let store = asyncLocalStorage.getStore() as InstanceType<typeof Map>;
     let generateToken = jwt.sign({
       state: input.state,
-      access: input?.access || {},
+      role: input?.role || {},
     });
 
     store.set(key, {
@@ -89,7 +52,7 @@ const sessionStorage = () => ({
         ...(input?._v || {}),
         setAt: new Date().toString(),
       },
-      access: input?.access || {},
+      role: input?.role || null,
       token: generateToken,
     });
   },

package/lib/index.ts

@@ -3,6 +3,7 @@ import { connectTenantsDatabase } from "../driver";
 import { loadEndpoints } from "./endpoint";
 import { loadServices } from "./service";
 import { initCron } from "./cron";
+import { loadPermissions } from "./permissions";
 import { loadSocket } from "./socket";
 // load all ressource
 async function init(cf = { app: null }) {
@@ -11,6 +12,9 @@ async function init(cf = { app: null }) {
   // load all collections
   await loadAllCollections();
 
+  // load all permissions
+  await loadPermissions();
+
   // sync all collections database ( Indexes)
   syncCollectionDatabase();
 

package/lib/permissions.ts

@@ -0,0 +1,85 @@
+import { omit } from "radash";
+import type {
+  Collection,
+  Endpoint,
+  Field,
+  permissionSchema,
+} from "../types/index";
+import { Glob } from "bun";
+import { Cfg } from "../config";
+import { cleanPath, resolvePath } from "../utils";
+import path from "path";
+import { useRest } from "../driver/mongo/rest";
+
+async function loadPermissions() {
+  let permissions: permissionSchema[] = [];
+  if (Cfg.tenants) {
+    for await (let t of Cfg.tenants) {
+      let tenantPath = `${t.dir}/permissions/**/**.access.{ts,js}`;
+      const glob = new Glob(tenantPath);
+      for await (let file of glob.scan({
+        cwd: Cfg.cwd,
+      })) {
+        let fullPathFile = path.join(Cfg.cwd || "", file);
+        await import(fullPathFile)
+          .then((inject) => {
+            permissions.push({
+              ...inject?.default,
+              tenant_id: t.id,
+            });
+          })
+          .catch((err) => {
+            console.error(err);
+          });
+      }
+    }
+  }
+
+  Cfg.permissions = permissions;
+}
+
+function getPermission(
+  role: string,
+  tenant_id: string | number
+): permissionSchema | undefined | null {
+  if (Cfg?.permissions?.length) {
+    return Cfg.permissions.find((col: permissionSchema) => {
+      return col.role === role && col.tenant_id === tenant_id;
+    });
+  }
+  return null;
+}
+
+function checkPermission(
+  role: string,
+  tenant_id: string | number,
+  collection: string,
+  action: string
+): boolean {
+  let perm = getPermission(role, tenant_id);
+  let approved = false;
+
+  // 1- Check if all connection
+  let findAsterixCollection = perm?.access?.find((c) =>
+    c.collections.includes("*")
+  );
+  if (findAsterixCollection) {
+    let actionsOnAll = findAsterixCollection.actions.find((a) => a === action);
+    actionsOnAll ? (approved = true) : (approved = false);
+  }
+
+  // 2- Check if collection and action
+  let findCollection = perm?.access?.find((c) =>
+    c.collections.includes(collection)
+  );
+  if (findCollection) {
+    let actionsOnCollection = findCollection.actions.find((a) => a === action);
+    actionsOnCollection ? (approved = true) : (approved = false);
+  }
+
+  // console.log("approved", approved);
+
+  return approved;
+}
+
+export { loadPermissions, getPermission, checkPermission };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dnax/core",
-  "version": "0.3.3",
+  "version": "0.3.5",
   "module": "index.ts",
   "type": "module",
   "bin": {

package/types/index.ts

@@ -162,37 +162,13 @@ export type sessionCtx = {
     state: object | any;
     token?: string;
     _v?: object;
-    access?: {
-      allAction?: boolean;
-      aggreate?: boolean;
-      find?: boolean;
-      findOne?: boolean;
-      insertOne?: boolean;
-      insertMany?: boolean;
-      updateOne?: boolean;
-      updateMany?: boolean;
-      deleteOne?: boolean;
-      deleteMany?: boolean;
-      upload?: boolean;
-    };
+    role?: string | null | undefined;
   }) => void;
   get: () => {
     state: object;
     _v: object;
-    access: {
-      allAction?: boolean;
-      aggreate?: boolean;
-      find?: boolean;
-      findOne?: boolean;
-      insertOne?: boolean;
-      insertMany?: boolean;
-      updateOne?: boolean;
-      updateMany?: boolean;
-      deleteOne?: boolean;
-      deleteMany?: boolean;
-      upload?: boolean;
-    };
-    token: string;
+    role: string | null | undefined;
+    token: string | null | undefined;
   };
 };
 
@@ -379,7 +355,7 @@ export type Config = {
    * Tenants database for API
    */
   tenants: Tenant[];
-
+  permissions?: permissionSchema[];
   /**
    * Dont touch it automatically generated
    */
@@ -495,3 +471,38 @@ export type smtpConfigType = {
     pass: string;
   };
 };
+
+export type AccessFunctionType = (ctx: {
+  isAuth: boolean;
+  c?: Context;
+  session: sessionCtx;
+  rest: InstanceType<typeof useRest>;
+}) => boolean | Promise<any>;
+
+export type accessType = {
+  collections: Array<string> | ["*"];
+  actions: Array<
+    | {
+        action: Actions;
+        handler: AccessFunctionType;
+      }
+    | "*"
+    | "allAction"
+    | "aggregate"
+    | "find"
+    | "findOne"
+    | "insertOne"
+    | "insertMany"
+    | "updateOne"
+    | "updateMany"
+    | "deleteOne"
+    | "deleteMany"
+    | "upload"
+  >;
+};
+
+export type permissionSchema = {
+  role: string;
+  description?: string;
+  access: Array<accessType> | [];
+};