@genoacms/adapter-gcp 0.3.13 → 0.4.1-fix.1
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/config.d.ts +1 -1
- package/dist/services/authorization/index.d.ts +3 -0
- package/dist/services/authorization/index.js +22 -0
- package/dist/services/storage/index.js +1 -1
- package/package.json +6 -5
- package/src/services/authorization/index.ts +25 -0
- package/src/services/storage/index.ts +1 -1
- package/dist/services/auth/index.d.ts +0 -1
- package/dist/services/auth/index.js +0 -1
- package/src/services/auth/index.ts +0 -0
package/dist/config.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
declare const _default: Config<object, object, object>;
|
|
1
|
+
declare const _default: Config<object, object, object, object>;
|
|
2
2
|
export default _default;
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { ProjectsClient } from '@google-cloud/resource-manager';
|
|
2
|
+
import config from '../../config.js';
|
|
3
|
+
const resourceManager = new ProjectsClient({
|
|
4
|
+
projectId: config.authorization.projectId,
|
|
5
|
+
credentials: config.authorization.credentials
|
|
6
|
+
});
|
|
7
|
+
const projectId = config.authorization.projectId;
|
|
8
|
+
const isEmailAdmins = async (email) => {
|
|
9
|
+
const resource = `projects/${projectId}`;
|
|
10
|
+
const role = resource + '/roles/genoacms';
|
|
11
|
+
const data = await resourceManager.getIamPolicy({ resource });
|
|
12
|
+
const policy = data[0];
|
|
13
|
+
if ((policy.bindings) == null)
|
|
14
|
+
throw new Error('no-bindings');
|
|
15
|
+
const adminRole = policy.bindings.find(binding => binding.role === role);
|
|
16
|
+
if (adminRole == null)
|
|
17
|
+
throw new Error('no-admin-role');
|
|
18
|
+
if (adminRole.members == null)
|
|
19
|
+
throw new Error('no-principals');
|
|
20
|
+
return adminRole.members.includes(`user:${email}`);
|
|
21
|
+
};
|
|
22
|
+
export { isEmailAdmins };
|
|
@@ -25,7 +25,7 @@ const getSignedURL = async ({ bucket, name }) => {
|
|
|
25
25
|
const bucketInstance = getBucket(bucket);
|
|
26
26
|
const file = bucketInstance.file(name);
|
|
27
27
|
const expires = new Date();
|
|
28
|
-
expires.setTime(expires.getTime() + 60 * 60);
|
|
28
|
+
expires.setTime(expires.getTime() + 60 * 60 * 1_000);
|
|
29
29
|
const [url] = await file.getSignedUrl({
|
|
30
30
|
action: 'read',
|
|
31
31
|
expires
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@genoacms/adapter-gcp",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.1-fix.1",
|
|
4
4
|
"description": "Implementation of abstraction layer of GenoaCMS for GCP",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -17,8 +17,9 @@
|
|
|
17
17
|
"homepage": "https://github.com/GenoaCMS/adapter-gcp#readme",
|
|
18
18
|
"type": "module",
|
|
19
19
|
"dependencies": {
|
|
20
|
-
"@genoacms/cloudabstraction": "^0.
|
|
20
|
+
"@genoacms/cloudabstraction": "^0.4.0",
|
|
21
21
|
"@google-cloud/firestore": "^7.1.0",
|
|
22
|
+
"@google-cloud/resource-manager": "^5.1.0",
|
|
22
23
|
"@google-cloud/storage": "^7.7.0"
|
|
23
24
|
},
|
|
24
25
|
"devDependencies": {
|
|
@@ -37,9 +38,9 @@
|
|
|
37
38
|
"dist"
|
|
38
39
|
],
|
|
39
40
|
"exports": {
|
|
40
|
-
"./
|
|
41
|
-
"import": "./dist/services/
|
|
42
|
-
"types": "./dist/services/
|
|
41
|
+
"./authorization": {
|
|
42
|
+
"import": "./dist/services/authorization/index.js",
|
|
43
|
+
"types": "./dist/services/authorization/index.d.ts"
|
|
43
44
|
},
|
|
44
45
|
"./database": {
|
|
45
46
|
"import": "./dist/services/database/index.js",
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { ProjectsClient } from '@google-cloud/resource-manager'
|
|
2
|
+
import config from '../../config.js'
|
|
3
|
+
import type { isEmailAdmins as isEmailAdminsT } from '@genoacms/cloudabstraction/authorization'
|
|
4
|
+
|
|
5
|
+
const resourceManager = new ProjectsClient({
|
|
6
|
+
projectId: config.authorization.projectId,
|
|
7
|
+
credentials: config.authorization.credentials
|
|
8
|
+
})
|
|
9
|
+
const projectId = config.authorization.projectId
|
|
10
|
+
|
|
11
|
+
const isEmailAdmins: isEmailAdminsT = async (email: string) => {
|
|
12
|
+
const resource = `projects/${projectId}`
|
|
13
|
+
const role = resource + '/roles/genoacms'
|
|
14
|
+
const data = await resourceManager.getIamPolicy({ resource })
|
|
15
|
+
const policy = data[0]
|
|
16
|
+
if ((policy.bindings) == null) throw new Error('no-bindings')
|
|
17
|
+
const adminRole = policy.bindings.find(binding => binding.role === role)
|
|
18
|
+
if (adminRole == null) throw new Error('no-admin-role')
|
|
19
|
+
if (adminRole.members == null) throw new Error('no-principals')
|
|
20
|
+
return adminRole.members.includes(`user:${email}`)
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
export {
|
|
24
|
+
isEmailAdmins
|
|
25
|
+
}
|
|
@@ -34,7 +34,7 @@ const getSignedURL: Adapter['getSignedURL'] = async ({ bucket, name }) => {
|
|
|
34
34
|
const bucketInstance = getBucket(bucket)
|
|
35
35
|
const file = bucketInstance.file(name)
|
|
36
36
|
const expires = new Date()
|
|
37
|
-
expires.setTime(expires.getTime() + 60 * 60)
|
|
37
|
+
expires.setTime(expires.getTime() + 60 * 60 * 1_000)
|
|
38
38
|
const [url] = await file.getSignedUrl({
|
|
39
39
|
action: 'read',
|
|
40
40
|
expires
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
File without changes
|