@fonoster/common 0.9.14 → 0.9.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/identity/createAuthInterceptor.js +2 -2
- package/dist/identity/hasAccess.js +20 -1
- package/dist/identity/roles.d.ts +4 -5
- package/dist/identity/roles.js +21 -21
- package/dist/identity/types.d.ts +4 -4
- package/dist/validators/identity.d.ts +7 -7
- package/dist/validators/identity.js +2 -2
- package/package.json +2 -2
|
@@ -66,11 +66,11 @@ function createAuthInterceptor(identityPublicKey, publicPath) {
|
|
|
66
66
|
accessKeyId,
|
|
67
67
|
path,
|
|
68
68
|
hasAccess: (0, hasAccess_1.hasAccess)(decodedToken, path),
|
|
69
|
-
pathIsWorkspacePath: roles_1.
|
|
69
|
+
pathIsWorkspacePath: roles_1.workspaceResourceAccess.includes(path),
|
|
70
70
|
tokenHasAccessKeyId: (0, tokenHasAccessKeyId_1.tokenHasAccessKeyId)(token, accessKeyId)
|
|
71
71
|
});
|
|
72
72
|
if (!(0, hasAccess_1.hasAccess)(decodedToken, path) ||
|
|
73
|
-
(roles_1.
|
|
73
|
+
(roles_1.workspaceResourceAccess.includes(path) &&
|
|
74
74
|
!(0, tokenHasAccessKeyId_1.tokenHasAccessKeyId)(token, accessKeyId))) {
|
|
75
75
|
return (0, errors_1.permissionDeniedError)(call);
|
|
76
76
|
}
|
|
@@ -1,13 +1,32 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.hasAccess = hasAccess;
|
|
4
|
+
/*
|
|
5
|
+
* Copyright (C) 2025 by Fonoster Inc (https://fonoster.com)
|
|
6
|
+
* http://github.com/fonoster/fonoster
|
|
7
|
+
*
|
|
8
|
+
* This file is part of Fonoster
|
|
9
|
+
*
|
|
10
|
+
* Licensed under the MIT License (the "License");
|
|
11
|
+
* you may not use this file except in compliance with
|
|
12
|
+
* the License. You may obtain a copy of the License at
|
|
13
|
+
*
|
|
14
|
+
* https://opensource.org/licenses/MIT
|
|
15
|
+
*
|
|
16
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
17
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
18
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
19
|
+
* See the License for the specific language governing permissions and
|
|
20
|
+
* limitations under the License.
|
|
21
|
+
*/
|
|
22
|
+
const types_1 = require("@fonoster/types");
|
|
4
23
|
const roles_1 = require("./roles");
|
|
5
24
|
// This function only checks if the role has access to the grpc method
|
|
6
25
|
function hasAccess(decodedToken, method) {
|
|
7
26
|
const { access, accessKeyId } = decodedToken;
|
|
8
27
|
const roleList = accessKeyId.startsWith("US") && // US is for user; user tokens only have USER role
|
|
9
28
|
access.length === 0 // If it is a user token, and has no access, we still allow it in case it is a user method
|
|
10
|
-
? [
|
|
29
|
+
? [types_1.Role.USER]
|
|
11
30
|
: access.map((a) => a.role);
|
|
12
31
|
return roleList.some((r) => roles_1.roles.find((role) => role.name === r && role.access.includes(method)));
|
|
13
32
|
}
|
package/dist/identity/roles.d.ts
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { RoleType } from "./types";
|
|
2
2
|
declare const VOICE_SERVICE_ROLE = "VOICE_SERVICE";
|
|
3
|
-
declare const
|
|
4
|
-
declare const
|
|
5
|
-
|
|
6
|
-
export { USER_ROLE, VOICE_SERVICE_ROLE, roles, workspaceAccess };
|
|
3
|
+
declare const workspaceResourceAccess: string[];
|
|
4
|
+
declare const roles: RoleType[];
|
|
5
|
+
export { VOICE_SERVICE_ROLE, roles, workspaceResourceAccess };
|
package/dist/identity/roles.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.workspaceResourceAccess = exports.roles = exports.VOICE_SERVICE_ROLE = void 0;
|
|
4
4
|
/* eslint-disable sonarjs/no-duplicate-string */
|
|
5
5
|
/*
|
|
6
6
|
* Copyright (C) 2025 by Fonoster Inc (https://fonoster.com)
|
|
@@ -23,11 +23,7 @@ exports.workspaceAccess = exports.roles = exports.VOICE_SERVICE_ROLE = exports.U
|
|
|
23
23
|
const types_1 = require("@fonoster/types");
|
|
24
24
|
const VOICE_SERVICE_ROLE = "VOICE_SERVICE";
|
|
25
25
|
exports.VOICE_SERVICE_ROLE = VOICE_SERVICE_ROLE;
|
|
26
|
-
|
|
27
|
-
// We will split this two roles in the future
|
|
28
|
-
const USER_ROLE = "USER";
|
|
29
|
-
exports.USER_ROLE = USER_ROLE;
|
|
30
|
-
const workspaceAccess = [
|
|
26
|
+
const workspaceResourceAccess = [
|
|
31
27
|
"/fonoster.applications.v1beta2.Applications/CreateApplication",
|
|
32
28
|
"/fonoster.applications.v1beta2.Applications/UpdateApplication",
|
|
33
29
|
"/fonoster.applications.v1beta2.Applications/GetApplication",
|
|
@@ -74,7 +70,7 @@ const workspaceAccess = [
|
|
|
74
70
|
"/fonoster.calls.v1beta2.Calls/TrackCall",
|
|
75
71
|
"/fonoster.voice.v1beta2.Voice/CreateSession"
|
|
76
72
|
];
|
|
77
|
-
exports.
|
|
73
|
+
exports.workspaceResourceAccess = workspaceResourceAccess;
|
|
78
74
|
const fullIdentityAccess = [
|
|
79
75
|
"/fonoster.identity.v1beta2.Identity/GetUser",
|
|
80
76
|
"/fonoster.identity.v1beta2.Identity/UpdateUser",
|
|
@@ -96,17 +92,7 @@ const fullIdentityAccess = [
|
|
|
96
92
|
];
|
|
97
93
|
const roles = [
|
|
98
94
|
{
|
|
99
|
-
name: types_1.
|
|
100
|
-
description: "Access to all endpoints",
|
|
101
|
-
access: [...fullIdentityAccess, ...workspaceAccess]
|
|
102
|
-
},
|
|
103
|
-
{
|
|
104
|
-
name: types_1.WorkspaceRole.ADMIN,
|
|
105
|
-
description: "Access to all endpoints",
|
|
106
|
-
access: [...fullIdentityAccess, ...workspaceAccess]
|
|
107
|
-
},
|
|
108
|
-
{
|
|
109
|
-
name: USER_ROLE,
|
|
95
|
+
name: types_1.Role.USER,
|
|
110
96
|
description: "Access to User and Workspace endpoints",
|
|
111
97
|
access: [
|
|
112
98
|
"/fonoster.identity.v1beta2.Identity/GetUser",
|
|
@@ -117,13 +103,27 @@ const roles = [
|
|
|
117
103
|
"/fonoster.identity.v1beta2.Identity/UpdateWorkspace",
|
|
118
104
|
"/fonoster.identity.v1beta2.Identity/ListWorkspaces",
|
|
119
105
|
"/fonoster.identity.v1beta2.Identity/RefreshToken",
|
|
120
|
-
...
|
|
106
|
+
...workspaceResourceAccess
|
|
121
107
|
]
|
|
122
108
|
},
|
|
123
109
|
{
|
|
124
|
-
name: types_1.
|
|
110
|
+
name: types_1.Role.WORKSPACE_OWNER,
|
|
111
|
+
description: "Access to all endpoints",
|
|
112
|
+
access: [...fullIdentityAccess, ...workspaceResourceAccess]
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
name: types_1.Role.WORKSPACE_ADMIN,
|
|
125
116
|
description: "Access to all endpoints",
|
|
126
|
-
access: [...fullIdentityAccess, ...
|
|
117
|
+
access: [...fullIdentityAccess, ...workspaceResourceAccess]
|
|
118
|
+
},
|
|
119
|
+
{
|
|
120
|
+
name: types_1.Role.WORKSPACE_MEMBER,
|
|
121
|
+
description: "Access to User and Workspace endpoints",
|
|
122
|
+
access: [
|
|
123
|
+
"/fonoster.identity.v1beta2.Identity/GetWorkspace",
|
|
124
|
+
"/fonoster.identity.v1beta2.Identity/ListWorkspaces",
|
|
125
|
+
...workspaceResourceAccess
|
|
126
|
+
]
|
|
127
127
|
},
|
|
128
128
|
{
|
|
129
129
|
name: VOICE_SERVICE_ROLE,
|
package/dist/identity/types.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Role } from "@fonoster/types";
|
|
2
2
|
declare enum TokenUseEnum {
|
|
3
3
|
ID = "id",
|
|
4
4
|
ACCESS = "access",
|
|
@@ -8,14 +8,14 @@ declare enum JsonWebErrorEnum {
|
|
|
8
8
|
JsonWebTokenError = "JsonWebTokenError",
|
|
9
9
|
TokenExpiredError = "TokenExpiredError"
|
|
10
10
|
}
|
|
11
|
-
type
|
|
11
|
+
type RoleType = {
|
|
12
12
|
name: string;
|
|
13
13
|
description: string;
|
|
14
14
|
access: string[];
|
|
15
15
|
};
|
|
16
16
|
type Access = {
|
|
17
17
|
accessKeyId: string;
|
|
18
|
-
role:
|
|
18
|
+
role: Role;
|
|
19
19
|
};
|
|
20
20
|
type BaseToken = {
|
|
21
21
|
iss: string;
|
|
@@ -41,4 +41,4 @@ type RefreshToken = BaseToken & {
|
|
|
41
41
|
tokenUse: TokenUseEnum.REFRESH;
|
|
42
42
|
};
|
|
43
43
|
type DecodedToken<T extends TokenUseEnum> = T extends TokenUseEnum.ID ? IdToken : T extends TokenUseEnum.ACCESS ? AccessToken : T extends TokenUseEnum.REFRESH ? TokenUseEnum : never;
|
|
44
|
-
export { Access, AccessToken, DecodedToken, IdToken, RefreshToken,
|
|
44
|
+
export { Access, AccessToken, DecodedToken, IdToken, RefreshToken, RoleType, TokenUseEnum, JsonWebErrorEnum };
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Role } from "@fonoster/types";
|
|
2
2
|
import { z } from "zod";
|
|
3
3
|
declare const createWorkspaceRequestSchema: z.ZodObject<{
|
|
4
4
|
name: z.ZodString;
|
|
@@ -8,13 +8,13 @@ declare const createWorkspaceRequestSchema: z.ZodObject<{
|
|
|
8
8
|
name?: string;
|
|
9
9
|
}>;
|
|
10
10
|
declare const createApiKeyRequestSchema: z.ZodObject<{
|
|
11
|
-
role: z.ZodEnum<[
|
|
11
|
+
role: z.ZodEnum<[Role.WORKSPACE_ADMIN]>;
|
|
12
12
|
expiresAt: z.ZodOptional<z.ZodNumber>;
|
|
13
13
|
}, "strip", z.ZodTypeAny, {
|
|
14
|
-
role?:
|
|
14
|
+
role?: Role.WORKSPACE_ADMIN;
|
|
15
15
|
expiresAt?: number;
|
|
16
16
|
}, {
|
|
17
|
-
role?:
|
|
17
|
+
role?: Role.WORKSPACE_ADMIN;
|
|
18
18
|
expiresAt?: number;
|
|
19
19
|
}>;
|
|
20
20
|
declare const exchangeApiKeysRequestSchema: z.ZodObject<{
|
|
@@ -92,16 +92,16 @@ declare const updateUserRequestSchema: z.ZodObject<{
|
|
|
92
92
|
declare const inviteUserToWorkspaceRequestSchema: z.ZodObject<{
|
|
93
93
|
email: z.ZodString;
|
|
94
94
|
name: z.ZodString;
|
|
95
|
-
role: z.ZodEnum<[
|
|
95
|
+
role: z.ZodEnum<[Role.WORKSPACE_ADMIN, Role.WORKSPACE_MEMBER]>;
|
|
96
96
|
password: z.ZodUnion<[z.ZodString, z.ZodUndefined]>;
|
|
97
97
|
}, "strip", z.ZodTypeAny, {
|
|
98
98
|
name?: string;
|
|
99
|
-
role?:
|
|
99
|
+
role?: Role.WORKSPACE_ADMIN | Role.WORKSPACE_MEMBER;
|
|
100
100
|
password?: string;
|
|
101
101
|
email?: string;
|
|
102
102
|
}, {
|
|
103
103
|
name?: string;
|
|
104
|
-
role?:
|
|
104
|
+
role?: Role.WORKSPACE_ADMIN | Role.WORKSPACE_MEMBER;
|
|
105
105
|
password?: string;
|
|
106
106
|
email?: string;
|
|
107
107
|
}>;
|
|
@@ -36,7 +36,7 @@ const createWorkspaceRequestSchema = zod_1.z.object({
|
|
|
36
36
|
});
|
|
37
37
|
exports.createWorkspaceRequestSchema = createWorkspaceRequestSchema;
|
|
38
38
|
const createApiKeyRequestSchema = zod_1.z.object({
|
|
39
|
-
role: zod_1.z.enum([types_1.
|
|
39
|
+
role: zod_1.z.enum([types_1.Role.WORKSPACE_ADMIN]),
|
|
40
40
|
expiresAt: zod_1.z
|
|
41
41
|
.number()
|
|
42
42
|
.int({ message: messages_1.POSITIVE_INTEGER_MESSAGE })
|
|
@@ -89,7 +89,7 @@ exports.updateUserRequestSchema = updateUserRequestSchema;
|
|
|
89
89
|
const inviteUserToWorkspaceRequestSchema = zod_1.z.object({
|
|
90
90
|
email: zod_1.z.string().email({ message: EMAIL_MESSAGE }),
|
|
91
91
|
name: zod_1.z.string().max(50, { message: MAX_NAME_MESSAGE }),
|
|
92
|
-
role: zod_1.z.enum([types_1.
|
|
92
|
+
role: zod_1.z.enum([types_1.Role.WORKSPACE_ADMIN, types_1.Role.WORKSPACE_MEMBER]),
|
|
93
93
|
password: zod_1.z.string().min(8, { message: PASSWORD_MESSAGE }).or(zod_1.z.undefined())
|
|
94
94
|
});
|
|
95
95
|
exports.inviteUserToWorkspaceRequestSchema = inviteUserToWorkspaceRequestSchema;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fonoster/common",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.15",
|
|
4
4
|
"description": "Common library for Fonoster projects",
|
|
5
5
|
"author": "Pedro Sanders <psanders@fonoster.com>",
|
|
6
6
|
"homepage": "https://github.com/fonoster/fonoster#readme",
|
|
@@ -48,5 +48,5 @@
|
|
|
48
48
|
"devDependencies": {
|
|
49
49
|
"@types/nodemailer": "^6.4.14"
|
|
50
50
|
},
|
|
51
|
-
"gitHead": "
|
|
51
|
+
"gitHead": "82708d0237fb1cd19a8188ee3f1c99d450a2c116"
|
|
52
52
|
}
|