@fonoster/authz 0.8.24 → 0.8.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -53,30 +53,44 @@ function makeCheckMethodAuthorized(authzServer, methods) {
|
|
|
53
53
|
logger.silly("method is not in the list", { method });
|
|
54
54
|
return call;
|
|
55
55
|
}
|
|
56
|
-
logger.silly("checking if method is authorized", { method });
|
|
57
56
|
const accessKeyId = (0, identity_1.getAccessKeyIdFromCall)(call);
|
|
57
|
+
logger.verbose("checking if method is authorized", { method, accessKeyId });
|
|
58
58
|
return new grpc_js_1.ServerInterceptingCall(call, {
|
|
59
59
|
start: async (next) => {
|
|
60
60
|
try {
|
|
61
|
-
await authz.checkMethodAuthorized({
|
|
61
|
+
const authorized = await authz.checkMethodAuthorized({
|
|
62
62
|
accessKeyId,
|
|
63
63
|
method
|
|
64
64
|
});
|
|
65
|
-
logger.verbose("
|
|
65
|
+
logger.verbose("the status of the method authorization", {
|
|
66
66
|
method,
|
|
67
|
-
accessKeyId
|
|
67
|
+
accessKeyId,
|
|
68
|
+
authorized
|
|
68
69
|
});
|
|
70
|
+
if (!authorized) {
|
|
71
|
+
logger.verbose("method unauthorized by external service", {
|
|
72
|
+
method,
|
|
73
|
+
accessKeyId
|
|
74
|
+
});
|
|
75
|
+
(0, common_1.createInterceptingCall)({
|
|
76
|
+
call,
|
|
77
|
+
code: grpc_js_1.status.PERMISSION_DENIED,
|
|
78
|
+
details: `Method '${method}' unauthorized by external service - accessKeyId ${accessKeyId}`
|
|
79
|
+
});
|
|
80
|
+
return;
|
|
81
|
+
}
|
|
69
82
|
next();
|
|
70
83
|
}
|
|
71
84
|
catch (error) {
|
|
72
|
-
logger.
|
|
85
|
+
logger.error("error checking if method is authorized", {
|
|
73
86
|
method,
|
|
74
|
-
accessKeyId
|
|
87
|
+
accessKeyId,
|
|
88
|
+
error
|
|
75
89
|
});
|
|
76
90
|
(0, common_1.createInterceptingCall)({
|
|
77
91
|
call,
|
|
78
|
-
code: grpc_js_1.status.
|
|
79
|
-
details:
|
|
92
|
+
code: grpc_js_1.status.INTERNAL,
|
|
93
|
+
details: "Internal server error"
|
|
80
94
|
});
|
|
81
95
|
}
|
|
82
96
|
}
|
|
@@ -77,19 +77,11 @@ class AuthzServer {
|
|
|
77
77
|
checkSessionAuthorized: async (call, callback) => {
|
|
78
78
|
logger.verbose("checkSessionAuthorized called", call.request);
|
|
79
79
|
try {
|
|
80
|
-
const
|
|
81
|
-
|
|
82
|
-
callback(null, { authorized: true });
|
|
83
|
-
}
|
|
84
|
-
else {
|
|
85
|
-
callback({
|
|
86
|
-
code: grpc.status.PERMISSION_DENIED,
|
|
87
|
-
message: "Session is not authorized."
|
|
88
|
-
});
|
|
89
|
-
}
|
|
80
|
+
const authorized = await handler.checkSessionAuthorized(call.request);
|
|
81
|
+
callback(null, { authorized });
|
|
90
82
|
}
|
|
91
83
|
catch (error) {
|
|
92
|
-
logger.error("
|
|
84
|
+
logger.error("error in checkSessionAuthorized:", error);
|
|
93
85
|
callback({
|
|
94
86
|
code: grpc.status.INTERNAL,
|
|
95
87
|
message: "Internal server error."
|
|
@@ -99,19 +91,11 @@ class AuthzServer {
|
|
|
99
91
|
checkMethodAuthorized: async (call, callback) => {
|
|
100
92
|
logger.verbose("checkMethodAuthorized called", call.request);
|
|
101
93
|
try {
|
|
102
|
-
const
|
|
103
|
-
|
|
104
|
-
callback(null, { authorized: true });
|
|
105
|
-
}
|
|
106
|
-
else {
|
|
107
|
-
callback({
|
|
108
|
-
code: grpc.status.PERMISSION_DENIED,
|
|
109
|
-
message: "Method is not authorized."
|
|
110
|
-
});
|
|
111
|
-
}
|
|
94
|
+
const authorized = await handler.checkMethodAuthorized(call.request);
|
|
95
|
+
callback(null, { authorized });
|
|
112
96
|
}
|
|
113
97
|
catch (error) {
|
|
114
|
-
logger.error("
|
|
98
|
+
logger.error("error in checkMethodAuthorized:", error);
|
|
115
99
|
callback({
|
|
116
100
|
code: grpc.status.INTERNAL,
|
|
117
101
|
message: "Internal server error."
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fonoster/authz",
|
|
3
|
-
"version": "0.8.
|
|
3
|
+
"version": "0.8.25",
|
|
4
4
|
"description": "Authorization module for Fonoster",
|
|
5
5
|
"author": "Pedro Sanders <psanders@fonoster.com>",
|
|
6
6
|
"homepage": "https://github.com/fonoster/fonoster#readme",
|
|
@@ -26,8 +26,8 @@
|
|
|
26
26
|
"access": "public"
|
|
27
27
|
},
|
|
28
28
|
"dependencies": {
|
|
29
|
-
"@fonoster/common": "^0.8.
|
|
30
|
-
"@fonoster/identity": "^0.8.
|
|
29
|
+
"@fonoster/common": "^0.8.25",
|
|
30
|
+
"@fonoster/identity": "^0.8.25",
|
|
31
31
|
"@fonoster/logger": "^0.8.24",
|
|
32
32
|
"@grpc/grpc-js": "~1.10.6",
|
|
33
33
|
"deepmerge": "^4.3.1",
|
|
@@ -40,5 +40,5 @@
|
|
|
40
40
|
"bugs": {
|
|
41
41
|
"url": "https://github.com/fonoster/fonoster/issues"
|
|
42
42
|
},
|
|
43
|
-
"gitHead": "
|
|
43
|
+
"gitHead": "159876a77dc3f30e2d155a2d4f39d1a73919f2af"
|
|
44
44
|
}
|