npm - @enkaku/server - Versions diffs - 0.3.0 → 0.3.1 - Mend

@enkaku/server 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/lib/access-control.d.ts +1 -1
package/lib/access-control.d.ts.map +1 -1
package/lib/access-control.js +21 -5
package/lib/index.d.ts +1 -0
package/lib/index.d.ts.map +1 -1
package/package.json +4 -4

package/lib/access-control.d.ts CHANGED Viewed

@@ -8,6 +8,6 @@ export type CommandAccessPayload = {
     cmd?: string;
     exp?: number;
 };
-export declare function checkCommandAccess(record: CommandAccessRecord, token: SignedToken<CommandAccessPayload>, atTime?: number): Promise<void>;
+export declare function checkCommandAccess(serverID: string, record: CommandAccessRecord, token: SignedToken<CommandAccessPayload>, atTime?: number): Promise<void>;
 export declare function checkClientToken<Definition extends AnyDefinitions>(serverID: string, record: CommandAccessRecord, token: SignedToken<AnyClientPayloadOf<Definition>>, atTime?: number): Promise<void>;
 //# sourceMappingURL=access-control.d.ts.map

package/lib/access-control.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"access-control.d.ts","sourceRoot":"","sources":["../src/access-control.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAE1E,MAAM,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;AAEzE,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,mBAAmB,EAC3B,KAAK,EAAE,WAAW,CAAC,oBAAoB,CAAC,EACxC,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,~~CA6Bf~~;AAED,wBAAsB,gBAAgB,CAAC,UAAU,SAAS,cAAc,EACtE,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,mBAAmB,EAC3B,KAAK,EAAE,WAAW,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,EAClD,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,~~CAgBf~~"}
1	+ {"version":3,"file":"access-control.d.ts","sourceRoot":"","sources":["../src/access-control.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAC9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAE1E,MAAM,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;AAEzE,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,mBAAmB,EAC3B,KAAK,EAAE,WAAW,CAAC,oBAAoB,CAAC,EACxC,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CAiCf;AAED,wBAAsB,gBAAgB,CAAC,UAAU,SAAS,cAAc,EACtE,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,mBAAmB,EAC3B,KAAK,EAAE,WAAW,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,EAClD,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC,CA4Bf"}

package/lib/access-control.js CHANGED Viewed

@@ -1,10 +1,9 @@
 import { assertNonExpired, checkCapability, hasPartsMatch } from '@enkaku/capability';
-export async function checkCommandAccess(record, token, atTime) {
+export async function checkCommandAccess(serverID, record, token, atTime) {
     const payload = token.payload;
     if (payload.cmd == null) {
         throw new Error('No command to check');
     }
-    const subject = payload.sub ?? payload.iss;
     for (const [command, access] of Object.entries(record)){
         if (hasPartsMatch(payload.cmd, command)) {
             if (access === true) {
@@ -14,13 +13,18 @@ export async function checkCommandAccess(record, token, atTime) {
             if (access === false) {
                 continue;
             }
-            if (!access.includes(subject)) {
+            if (access.includes(payload.iss)) {
+                // Issuer is allowed directly
+                return;
+            }
+            if (payload.sub == null || !access.includes(payload.sub)) {
                 continue;
             }
             try {
+                // Check delegation from subject
                 await checkCapability({
                     act: payload.cmd,
-                    res: subject
+                    res: serverID
                 }, payload, atTime);
                 return;
             } catch  {}
@@ -30,6 +34,10 @@ export async function checkCommandAccess(record, token, atTime) {
 }
 export async function checkClientToken(serverID, record, token, atTime) {
     const payload = token.payload;
+    const command = payload.cmd;
+    if (command == null) {
+        throw new Error('No command to check');
+    }
     if (payload.iss === serverID) {
         // If issuer uses the server's signer, only check audience and expiration if provided
         if (payload.aud != null && payload.aud !== serverID) {
@@ -40,8 +48,16 @@ export async function checkClientToken(serverID, record, token, atTime) {
         }
         return;
     }
+    if (payload.sub === serverID) {
+        // If subject is the server, check capability directly
+        await checkCapability({
+            act: command,
+            res: serverID
+        }, payload, atTime);
+        return;
+    }
     if (payload.aud !== serverID) {
         throw new Error('Invalid audience');
     }
-    await checkCommandAccess(record, token, atTime);
+    await checkCommandAccess(serverID, record, token, atTime);
 }

package/lib/index.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+export type { CommandAccessRecord } from './access-control.js';
 export type { RejectionType } from './rejections.js';
 export { type ServeParams, type Server, serve } from './server.js';
 export type { ChannelHandler, ChannelHandlerContext, CommandHandlers, EventHandler, EventHandlerContext, HandlerReturn, RequestHandler, RequestHandlerContext, StreamHandler, StreamHandlerContext, } from './types.js';

package/lib/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,KAAK,WAAW,EAAE,KAAK,MAAM,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AAClE,YAAY,EACV,cAAc,EACd,qBAAqB,EACrB,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,oBAAoB,GACrB,MAAM,YAAY,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAA;AAC9D,YAAY,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,KAAK,WAAW,EAAE,KAAK,MAAM,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AAClE,YAAY,EACV,cAAc,EACd,qBAAqB,EACrB,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,oBAAoB,GACrB,MAAM,YAAY,CAAA"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@enkaku/server",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "license": "MIT",
   "keywords": [],
   "type": "module",
@@ -15,12 +15,12 @@
   "sideEffects": false,
   "dependencies": {
     "@enkaku/capability": "^0.3.0",
-    "@enkaku/util": "^0.3.0",
+    "@enkaku/jwt": "^0.3.0",
     "@enkaku/stream": "^0.3.0",
-    "@enkaku/jwt": "^0.3.0"
+    "@enkaku/util": "^0.3.0"
   },
   "devDependencies": {
-    "@enkaku/protocol": "^0.3.0",
+    "@enkaku/protocol": "^0.3.1",
     "@enkaku/transport": "^0.3.0"
   },
   "scripts": {