@hemia/core 0.0.8 → 0.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/hemia-core.esm.js
CHANGED
|
@@ -392,6 +392,7 @@ class AppFactory {
|
|
|
392
392
|
/**
|
|
393
393
|
* Guardia de autorización que verifica roles y permisos definidos en los controladores y métodos.
|
|
394
394
|
* Utiliza los metadatos definidos con los decoradores @Roles y @Permissions.
|
|
395
|
+
* Soporta wildcards en permisos jerárquicos (ej: account:*, account:email:*)
|
|
395
396
|
*/
|
|
396
397
|
let AuthGuard = class AuthGuard {
|
|
397
398
|
constructor(reflector) {
|
|
@@ -422,12 +423,36 @@ let AuthGuard = class AuthGuard {
|
|
|
422
423
|
}
|
|
423
424
|
if (requiredPermissions) {
|
|
424
425
|
const userPermissions = Array.isArray(permissions) ? permissions : [];
|
|
425
|
-
const hasPermission = requiredPermissions.some((
|
|
426
|
+
const hasPermission = requiredPermissions.some((requiredPerm) => this.checkPermission(requiredPerm, userPermissions));
|
|
426
427
|
if (!hasPermission)
|
|
427
428
|
return false;
|
|
428
429
|
}
|
|
429
430
|
return true;
|
|
430
431
|
}
|
|
432
|
+
/**
|
|
433
|
+
* Verifica si el usuario tiene un permiso requerido, soportando wildcards
|
|
434
|
+
* @param requiredPermission Permiso requerido (ej: account:email:update)
|
|
435
|
+
* @param userPermissions Array de permisos del usuario
|
|
436
|
+
* @returns true si el usuario tiene el permiso
|
|
437
|
+
*/
|
|
438
|
+
checkPermission(requiredPermission, userPermissions) {
|
|
439
|
+
const requiredParts = requiredPermission.split(':');
|
|
440
|
+
return userPermissions.some(userPerm => {
|
|
441
|
+
const userParts = userPerm.split(':');
|
|
442
|
+
for (let i = 0; i < requiredParts.length; i++) {
|
|
443
|
+
if (userParts[i] === '*') {
|
|
444
|
+
return true;
|
|
445
|
+
}
|
|
446
|
+
if (i >= userParts.length) {
|
|
447
|
+
return false;
|
|
448
|
+
}
|
|
449
|
+
if (userParts[i] !== requiredParts[i]) {
|
|
450
|
+
return false;
|
|
451
|
+
}
|
|
452
|
+
}
|
|
453
|
+
return true;
|
|
454
|
+
});
|
|
455
|
+
}
|
|
431
456
|
};
|
|
432
457
|
AuthGuard = __decorate([
|
|
433
458
|
injectable(),
|
|
@@ -471,7 +496,11 @@ let JWTGuard = class JWTGuard {
|
|
|
471
496
|
}
|
|
472
497
|
async canActivate(context) {
|
|
473
498
|
const request = context.switchToHttp().getRequest();
|
|
474
|
-
const
|
|
499
|
+
const cookieName = process.env.AUTH_COOKIE_NAME;
|
|
500
|
+
if (!cookieName) {
|
|
501
|
+
return false;
|
|
502
|
+
}
|
|
503
|
+
const sessionId = request.headers[cookieName] || request.cookies?.[cookieName];
|
|
475
504
|
if (!sessionId) {
|
|
476
505
|
return false;
|
|
477
506
|
}
|
package/dist/hemia-core.js
CHANGED
|
@@ -394,6 +394,7 @@ class AppFactory {
|
|
|
394
394
|
/**
|
|
395
395
|
* Guardia de autorización que verifica roles y permisos definidos en los controladores y métodos.
|
|
396
396
|
* Utiliza los metadatos definidos con los decoradores @Roles y @Permissions.
|
|
397
|
+
* Soporta wildcards en permisos jerárquicos (ej: account:*, account:email:*)
|
|
397
398
|
*/
|
|
398
399
|
exports.AuthGuard = class AuthGuard {
|
|
399
400
|
constructor(reflector) {
|
|
@@ -424,12 +425,36 @@ exports.AuthGuard = class AuthGuard {
|
|
|
424
425
|
}
|
|
425
426
|
if (requiredPermissions) {
|
|
426
427
|
const userPermissions = Array.isArray(permissions) ? permissions : [];
|
|
427
|
-
const hasPermission = requiredPermissions.some((
|
|
428
|
+
const hasPermission = requiredPermissions.some((requiredPerm) => this.checkPermission(requiredPerm, userPermissions));
|
|
428
429
|
if (!hasPermission)
|
|
429
430
|
return false;
|
|
430
431
|
}
|
|
431
432
|
return true;
|
|
432
433
|
}
|
|
434
|
+
/**
|
|
435
|
+
* Verifica si el usuario tiene un permiso requerido, soportando wildcards
|
|
436
|
+
* @param requiredPermission Permiso requerido (ej: account:email:update)
|
|
437
|
+
* @param userPermissions Array de permisos del usuario
|
|
438
|
+
* @returns true si el usuario tiene el permiso
|
|
439
|
+
*/
|
|
440
|
+
checkPermission(requiredPermission, userPermissions) {
|
|
441
|
+
const requiredParts = requiredPermission.split(':');
|
|
442
|
+
return userPermissions.some(userPerm => {
|
|
443
|
+
const userParts = userPerm.split(':');
|
|
444
|
+
for (let i = 0; i < requiredParts.length; i++) {
|
|
445
|
+
if (userParts[i] === '*') {
|
|
446
|
+
return true;
|
|
447
|
+
}
|
|
448
|
+
if (i >= userParts.length) {
|
|
449
|
+
return false;
|
|
450
|
+
}
|
|
451
|
+
if (userParts[i] !== requiredParts[i]) {
|
|
452
|
+
return false;
|
|
453
|
+
}
|
|
454
|
+
}
|
|
455
|
+
return true;
|
|
456
|
+
});
|
|
457
|
+
}
|
|
433
458
|
};
|
|
434
459
|
exports.AuthGuard = __decorate([
|
|
435
460
|
inversify.injectable(),
|
|
@@ -473,7 +498,11 @@ exports.JWTGuard = class JWTGuard {
|
|
|
473
498
|
}
|
|
474
499
|
async canActivate(context) {
|
|
475
500
|
const request = context.switchToHttp().getRequest();
|
|
476
|
-
const
|
|
501
|
+
const cookieName = process.env.AUTH_COOKIE_NAME;
|
|
502
|
+
if (!cookieName) {
|
|
503
|
+
return false;
|
|
504
|
+
}
|
|
505
|
+
const sessionId = request.headers[cookieName] || request.cookies?.[cookieName];
|
|
477
506
|
if (!sessionId) {
|
|
478
507
|
return false;
|
|
479
508
|
}
|
|
@@ -3,9 +3,17 @@ import { Reflector } from '../services';
|
|
|
3
3
|
/**
|
|
4
4
|
* Guardia de autorización que verifica roles y permisos definidos en los controladores y métodos.
|
|
5
5
|
* Utiliza los metadatos definidos con los decoradores @Roles y @Permissions.
|
|
6
|
+
* Soporta wildcards en permisos jerárquicos (ej: account:*, account:email:*)
|
|
6
7
|
*/
|
|
7
8
|
export declare class AuthGuard implements CanActivate {
|
|
8
9
|
private reflector;
|
|
9
10
|
constructor(reflector: Reflector);
|
|
10
11
|
canActivate(context: ExecutionContext): boolean;
|
|
12
|
+
/**
|
|
13
|
+
* Verifica si el usuario tiene un permiso requerido, soportando wildcards
|
|
14
|
+
* @param requiredPermission Permiso requerido (ej: account:email:update)
|
|
15
|
+
* @param userPermissions Array de permisos del usuario
|
|
16
|
+
* @returns true si el usuario tiene el permiso
|
|
17
|
+
*/
|
|
18
|
+
private checkPermission;
|
|
11
19
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hemia/core",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.12",
|
|
4
4
|
"description": "Core utilities for Hemia projects",
|
|
5
5
|
"main": "dist/hemia-core.js",
|
|
6
6
|
"module": "dist/hemia-core.esm.js",
|
|
@@ -18,10 +18,10 @@
|
|
|
18
18
|
"@rollup/plugin-commonjs": "^26.0.1",
|
|
19
19
|
"@rollup/plugin-json": "^6.1.0",
|
|
20
20
|
"@rollup/plugin-node-resolve": "^15.2.3",
|
|
21
|
-
"@hemia/common": "^0.0.
|
|
21
|
+
"@hemia/common": "^0.0.15",
|
|
22
22
|
"@hemia/app-context": "^0.0.6",
|
|
23
23
|
"@hemia/trace-manager": "^0.0.9",
|
|
24
|
-
"@hemia/auth-sdk": "^0.0.
|
|
24
|
+
"@hemia/auth-sdk": "^0.0.14",
|
|
25
25
|
"@types/express": "^5.0.5",
|
|
26
26
|
"express": "^5.1.0",
|
|
27
27
|
"inversify": "^7.10.4",
|