@genoacms/adapter-gcp 0.3.13 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts +1 -1
- package/dist/services/authorization/index.d.ts +3 -0
- package/dist/services/authorization/index.js +22 -0
- package/dist/services/storage/index.js +1 -1
- package/package.json +3 -2
- package/src/services/authorization/index.ts +25 -0
- package/src/services/storage/index.ts +1 -1
- package/dist/services/auth/index.d.ts +0 -1
- package/dist/services/auth/index.js +0 -1
- package/src/services/auth/index.ts +0 -0
package/dist/config.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
declare const _default: Config<object, object, object>;
|
|
1
|
+
declare const _default: Config<object, object, object, object>;
|
|
2
2
|
export default _default;
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { ProjectsClient } from '@google-cloud/resource-manager';
|
|
2
|
+
import config from '../../config.js';
|
|
3
|
+
const resourceManager = new ProjectsClient({
|
|
4
|
+
projectId: config.authorization.projectId,
|
|
5
|
+
credentials: config.authorization.credentials
|
|
6
|
+
});
|
|
7
|
+
const projectId = config.authorization.projectId;
|
|
8
|
+
const isEmailAdmins = async (email) => {
|
|
9
|
+
const resource = `projects/${projectId}`;
|
|
10
|
+
const role = resource + '/roles/genoacms';
|
|
11
|
+
const data = await resourceManager.getIamPolicy({ resource });
|
|
12
|
+
const policy = data[0];
|
|
13
|
+
if ((policy.bindings) == null)
|
|
14
|
+
throw new Error('no-bindings');
|
|
15
|
+
const adminRole = policy.bindings.find(binding => binding.role === role);
|
|
16
|
+
if (adminRole == null)
|
|
17
|
+
throw new Error('no-admin-role');
|
|
18
|
+
if (adminRole.members == null)
|
|
19
|
+
throw new Error('no-principals');
|
|
20
|
+
return adminRole.members.includes(`user:${email}`);
|
|
21
|
+
};
|
|
22
|
+
export { isEmailAdmins };
|
|
@@ -25,7 +25,7 @@ const getSignedURL = async ({ bucket, name }) => {
|
|
|
25
25
|
const bucketInstance = getBucket(bucket);
|
|
26
26
|
const file = bucketInstance.file(name);
|
|
27
27
|
const expires = new Date();
|
|
28
|
-
expires.setTime(expires.getTime() + 60 * 60);
|
|
28
|
+
expires.setTime(expires.getTime() + 60 * 60 * 1_000);
|
|
29
29
|
const [url] = await file.getSignedUrl({
|
|
30
30
|
action: 'read',
|
|
31
31
|
expires
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@genoacms/adapter-gcp",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.1",
|
|
4
4
|
"description": "Implementation of abstraction layer of GenoaCMS for GCP",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -17,8 +17,9 @@
|
|
|
17
17
|
"homepage": "https://github.com/GenoaCMS/adapter-gcp#readme",
|
|
18
18
|
"type": "module",
|
|
19
19
|
"dependencies": {
|
|
20
|
-
"@genoacms/cloudabstraction": "^0.
|
|
20
|
+
"@genoacms/cloudabstraction": "^0.4.0",
|
|
21
21
|
"@google-cloud/firestore": "^7.1.0",
|
|
22
|
+
"@google-cloud/resource-manager": "^5.1.0",
|
|
22
23
|
"@google-cloud/storage": "^7.7.0"
|
|
23
24
|
},
|
|
24
25
|
"devDependencies": {
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { ProjectsClient } from '@google-cloud/resource-manager'
|
|
2
|
+
import config from '../../config.js'
|
|
3
|
+
import type { isEmailAdmins as isEmailAdminsT } from '@genoacms/cloudabstraction/authorization'
|
|
4
|
+
|
|
5
|
+
const resourceManager = new ProjectsClient({
|
|
6
|
+
projectId: config.authorization.projectId,
|
|
7
|
+
credentials: config.authorization.credentials
|
|
8
|
+
})
|
|
9
|
+
const projectId = config.authorization.projectId
|
|
10
|
+
|
|
11
|
+
const isEmailAdmins: isEmailAdminsT = async (email: string) => {
|
|
12
|
+
const resource = `projects/${projectId}`
|
|
13
|
+
const role = resource + '/roles/genoacms'
|
|
14
|
+
const data = await resourceManager.getIamPolicy({ resource })
|
|
15
|
+
const policy = data[0]
|
|
16
|
+
if ((policy.bindings) == null) throw new Error('no-bindings')
|
|
17
|
+
const adminRole = policy.bindings.find(binding => binding.role === role)
|
|
18
|
+
if (adminRole == null) throw new Error('no-admin-role')
|
|
19
|
+
if (adminRole.members == null) throw new Error('no-principals')
|
|
20
|
+
return adminRole.members.includes(`user:${email}`)
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
export {
|
|
24
|
+
isEmailAdmins
|
|
25
|
+
}
|
|
@@ -34,7 +34,7 @@ const getSignedURL: Adapter['getSignedURL'] = async ({ bucket, name }) => {
|
|
|
34
34
|
const bucketInstance = getBucket(bucket)
|
|
35
35
|
const file = bucketInstance.file(name)
|
|
36
36
|
const expires = new Date()
|
|
37
|
-
expires.setTime(expires.getTime() + 60 * 60)
|
|
37
|
+
expires.setTime(expires.getTime() + 60 * 60 * 1_000)
|
|
38
38
|
const [url] = await file.getSignedUrl({
|
|
39
39
|
action: 'read',
|
|
40
40
|
expires
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
File without changes
|