@lark-apaas/auth-sdk 0.1.0-beta.4 → 0.1.0-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/lib/AuthProvider.d.ts +31 -53
  2. package/lib/AuthProvider.d.ts.map +1 -1
  3. package/lib/AuthProvider.js +32 -48
  4. package/lib/ability-factory.d.ts +7 -7
  5. package/lib/ability-factory.d.ts.map +1 -1
  6. package/lib/ability-factory.js +9 -9
  7. package/lib/index.d.ts +2 -3
  8. package/lib/index.d.ts.map +1 -1
  9. package/lib/index.js +2 -2
  10. package/lib/permission-client.d.ts +4 -3
  11. package/lib/permission-client.d.ts.map +1 -1
  12. package/lib/permission-client.js +22 -14
  13. package/lib/types.d.ts +7 -11
  14. package/lib/types.d.ts.map +1 -1
  15. package/package.json +1 -1
package/lib/AuthProvider.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import React from 'react';
2
2
  import { MongoAbility } from '@casl/ability';
3
- import type { AuthSdkConfig } from './types';
3
+ import type { AuthSdkConfig, PermissionPointData } from './types';
4
4
  /**
5
5
  * Ability Context - 用于在组件树中共享 Ability 实例
6
6
  */
@@ -11,7 +11,7 @@ export declare const AbilityContext: React.Context<MongoAbility<import("@casl/ab
11
11
  */
12
12
  interface AuthStateContextValue {
13
13
  ability: MongoAbility;
14
- permissions: string[];
14
+ permissions: PermissionPointData[];
15
15
  isLoading: boolean;
16
16
  error: Error | null;
17
17
  fetchPermissions: (userId?: string) => Promise<void>;
@@ -46,13 +46,6 @@ export interface AuthProviderProps {
46
46
  * ```
47
47
  */
48
48
  export declare function AuthProvider({ children, config }: AuthProviderProps): import("react/jsx-runtime").JSX.Element;
49
- /**
50
- * 获取 Ability 实例
51
- *
52
- * @param permissionApiConfig - 权限 API 配置
53
- * @returns Ability 实例或错误
54
- */
55
- export declare function getAbility(permissionApiConfig: AuthSdkConfig['permissionApi']): Promise<Error | MongoAbility<import("@casl/ability").AbilityTuple, import("@casl/ability").MongoQuery>>;
56
49
  /**
57
50
  * useAuth Hook - 获取权限数据和加载状态
58
51
  *
@@ -74,32 +67,6 @@ export declare function getAbility(permissionApiConfig: AuthSdkConfig['permissio
74
67
  * ```
75
68
  */
76
69
  export declare function useAuth(): AuthStateContextValue;
77
- /**
78
- * CASL 原始 Can 组件(内部使用)
79
- */
80
- declare const CaslCan: React.FunctionComponent<import("@casl/react").BoundCanProps<MongoAbility<import("@casl/ability").AbilityTuple, import("@casl/ability").MongoQuery>>>;
81
- /**
82
- * Can Component - 基于 Ability 实例的条件渲染组件
83
- *
84
- * 内置 isLoading 保护:权限加载期间渲染 fallback(默认为 null),
85
- * 避免因 ability 未就绪而误判为无权限导致内容闪烁。
86
- *
87
- * @example
88
- * ```tsx
89
- * import { Can } from '@lark-apaas/auth-sdk';
90
- *
91
- * function MyComponent() {
92
- * return (
93
- * <Can I="Admin" a="@role" fallback={<Loading />}>
94
- * <TaskList />
95
- * </Can>
96
- * );
97
- * }
98
- * ```
99
- */
100
- export declare function Can({ fallback, ...props }: React.ComponentProps<typeof CaslCan> & {
101
- fallback?: React.ReactNode;
102
- }): import("react/jsx-runtime").JSX.Element;
103
70
  /**
104
71
  * CanRole Component - 基于角色的条件渲染组件
105
72
  *
@@ -127,35 +94,46 @@ export declare function CanRole({ children, roles, fallback, }: {
127
94
  /**
128
95
  * useUserPermissions Hook - 获取当前用户的权限点位列表
129
96
  */
130
- export declare function useUserPermissions(): string[];
97
+ export declare function useUserPermissions(): PermissionPointData[];
131
98
  /**
132
- * useCanPermission Hook - 判断用户是否拥有指定权限点位
99
+ * useCan Hook - 通过 CASL Ability 判断用户是否拥有指定权限
133
100
  *
134
- * @param permissions - 需要检查的权限点位列表
135
- * @param match - 匹配模式:'any' 任一匹配即可,'all' 需要全部匹配
101
+ * @param action - 操作类型,如 'read', 'create'
102
+ * @param subject - 资源类型,如 'Task', 'Article';角色检查时传 '@role'
103
+ *
104
+ * @example
105
+ * ```ts
106
+ * const { allowed: canRead, isLoading } = useCan('read', 'Task');
107
+ * if (isLoading) return <Loading />;
108
+ * if (!canRead) return <NoAccess />;
109
+ * ```
136
110
  */
137
- export declare function useCanPermission(permissions: string[], match?: 'any' | 'all'): boolean;
111
+ export declare function useCan(action: string, subject: string): {
112
+ allowed: boolean;
113
+ isLoading: boolean;
114
+ };
138
115
  /**
139
- * CanPermission Component - 基于权限点位的条件渲染组件
116
+ * Can Component - 基于 CASL Ability 的条件渲染组件
117
+ * 前后端统一:后端 @Can('read', 'Task'),前端 <Can action="read" subject="Task">
140
118
  *
141
119
  * @example
142
120
  * ```tsx
143
- * import { CanPermission } from '@lark-apaas/auth-sdk';
121
+ * import { Can } from '@lark-apaas/auth-sdk';
144
122
  *
145
- * function MyComponent() {
146
- * return (
147
- * <CanPermission permissions={['task:create', 'task:edit']} match="any">
148
- * <TaskEditor />
149
- * </CanPermission>
150
- * );
151
- * }
123
+ * <Can action="read" subject="Task">
124
+ * <TaskList />
125
+ * </Can>
126
+ *
127
+ * <Can action="delete" subject="Task" fallback={<Skeleton />}>
128
+ * <DeleteButton />
129
+ * </Can>
152
130
  * ```
153
131
  */
154
- export declare function CanPermission({ children, permissions, match, fallback, }: {
132
+ export declare function Can({ children, action, subject, fallback, }: {
155
133
  children: React.ReactNode;
156
- permissions: string[];
157
- match?: 'any' | 'all';
134
+ action: string;
135
+ subject: string;
158
136
  fallback?: React.ReactNode;
159
- }): import("react/jsx-runtime").JSX.Element;
137
+ }): import("react/jsx-runtime").JSX.Element | null;
160
138
  export {};
161
139
  //# sourceMappingURL=AuthProvider.d.ts.map
package/lib/AuthProvider.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../src/AuthProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAMN,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAK7C;;GAEG;AACH,eAAO,MAAM,cAAc,uGAE1B,CAAC;AAOF;;;GAGG;AACH,UAAU,qBAAqB;IAC7B,OAAO,EAAE,YAAY,CAAC;IACtB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,gBAAgB,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD;AAOD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,iBAAiB,2CA+EnE;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,mBAAmB,EAAE,aAAa,CAAC,eAAe,CAAC,2GAmBpD;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,OAAO,IAAI,qBAAqB,CAQ/C;AAED;;GAEG;AACH,QAAA,MAAM,OAAO,sJAA+C,CAAC;AAE7D;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,GAAG,CAAC,EAClB,QAAe,EACf,GAAG,KAAK,EACT,EAAE,KAAK,CAAC,cAAc,CAAC,OAAO,OAAO,CAAC,GAAG;IAAE,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,2CAKvE;AAoBD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,OAAO,CAAC,EACtB,QAAQ,EACR,KAAK,EACL,QAAe,GAChB,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,kDAKA;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAE7C;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,WAAW,EAAE,MAAM,EAAE,EACrB,KAAK,GAAE,KAAK,GAAG,KAAa,GAC3B,OAAO,CAOT;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,aAAa,CAAC,EAC5B,QAAQ,EACR,WAAW,EACX,KAAa,EACb,QAAe,GAChB,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC;IACtB,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,2CAGA"}
1
+ {"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../src/AuthProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAMN,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAIlE;;GAEG;AACH,eAAO,MAAM,cAAc,uGAE1B,CAAC;AAOF;;;GAGG;AACH,UAAU,qBAAqB;IAC7B,OAAO,EAAE,YAAY,CAAC;IACtB,WAAW,EAAE,mBAAmB,EAAE,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,gBAAgB,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD;AAOD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,iBAAiB,2CAuFnE;AAGD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,OAAO,IAAI,qBAAqB,CAQ/C;AAqBD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,OAAO,CAAC,EACtB,QAAQ,EACR,KAAK,EACL,QAAe,GAChB,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,kDAKA;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,mBAAmB,EAAE,CAE1D;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,MAAM,CACpB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,GACd;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAM1C;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,GAAG,CAAC,EAClB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,QAAe,GAChB,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,kDAIA"}
package/lib/AuthProvider.js CHANGED
@@ -2,10 +2,9 @@ import { Fragment, jsx } from "react/jsx-runtime";
2
2
  import { createContext, useCallback, useContext, useEffect, useState } from "react";
3
3
  import { ROLE_SUBJECT, createAbility } from "./ability-factory.js";
4
4
  import { PermissionClient } from "./permission-client.js";
5
- import { createContextualCan } from "@casl/react";
6
5
  const AbilityContext = /*#__PURE__*/ createContext(createAbility({
7
- permissions: [],
8
- roles: []
6
+ roles: [],
7
+ permissionPoints: []
9
8
  }));
10
9
  const PermissionsContext = /*#__PURE__*/ createContext([]);
11
10
  const AuthStateContext = /*#__PURE__*/ createContext(null);
@@ -16,20 +15,24 @@ function AuthProvider({ children, config }) {
16
15
  const [isLoading, setIsLoading] = useState(()=>config?.enable !== false && null !== client);
17
16
  const [error, setError] = useState(null);
18
17
  const fetchPermissions = useCallback(async ()=>{
19
- if (!client) return;
20
18
  setIsLoading(true);
21
19
  setError(null);
22
20
  try {
23
- const data = await client.fetchPermissions();
24
- const newAbility = createAbility({
25
- roles: data.roles
26
- });
21
+ const [rolesResult, permissionPointsResult] = await Promise.allSettled([
22
+ client ? client.fetchPermissions() : Promise.resolve(null),
23
+ PermissionClient.fetchPermissionPoints()
24
+ ]);
25
+ const data = 'fulfilled' === rolesResult.status ? rolesResult.value : null;
26
+ const permissionPoints = 'fulfilled' === permissionPointsResult.status ? permissionPointsResult.value : void 0;
27
+ if (!data && !permissionPoints) throw 'rejected' === rolesResult.status ? rolesResult.reason : new Error('No permission data');
28
+ if (permissionPoints) setPermissions(permissionPoints);
29
+ const rawConfig = {
30
+ roles: data?.roles || [],
31
+ permissionPoints
32
+ };
33
+ const newAbility = createAbility(rawConfig);
27
34
  setAbility(newAbility);
28
- if (config?.permissionPointsApi) try {
29
- const userPermissions = await client.fetchUserPermissions(config.permissionPointsApi);
30
- setPermissions(userPermissions);
31
- } catch {}
32
- config?.onSuccess?.(data);
35
+ config?.onSuccess?.(rawConfig);
33
36
  } catch (err) {
34
37
  const error = err instanceof Error ? err : new Error(String(err));
35
38
  setError(error);
@@ -65,35 +68,11 @@ function AuthProvider({ children, config }) {
65
68
  })
66
69
  });
67
70
  }
68
- async function getAbility(permissionApiConfig) {
69
- if (!permissionApiConfig) return new Error('permissionApi config is required');
70
- const client = new PermissionClient(permissionApiConfig);
71
- try {
72
- const data = await client.fetchPermissions();
73
- const ability = createAbility({
74
- roles: data.roles
75
- });
76
- return ability;
77
- } catch (err) {
78
- const error = err instanceof Error ? err : new Error(String(err));
79
- return error;
80
- }
81
- }
82
71
  function useAuth() {
83
72
  const context = useContext(AuthStateContext);
84
73
  if (!context) throw new Error('useAuth must be used within an AuthProvider');
85
74
  return context;
86
75
  }
87
- const CaslCan = createContextualCan(AbilityContext.Consumer);
88
- function Can({ fallback = null, ...props }) {
89
- const authState = useContext(AuthStateContext);
90
- if (authState?.isLoading) return /*#__PURE__*/ jsx(Fragment, {
91
- children: fallback
92
- });
93
- return /*#__PURE__*/ jsx(CaslCan, {
94
- ...props
95
- });
96
- }
97
76
  function useCanRole({ roles }) {
98
77
  const ability = useContext(AbilityContext);
99
78
  const authState = useContext(AuthStateContext);
@@ -117,18 +96,23 @@ function CanRole({ children, roles, fallback = null }) {
117
96
  function useUserPermissions() {
118
97
  return useContext(PermissionsContext);
119
98
  }
120
- function useCanPermission(permissions, match = 'any') {
121
- const userPermissions = useContext(PermissionsContext);
122
- if (!permissions || 0 === permissions.length) return true;
123
- const permSet = new Set(userPermissions);
124
- return 'all' === match ? permissions.every((p)=>permSet.has(p)) : permissions.some((p)=>permSet.has(p));
99
+ function useCan(action, subject) {
100
+ const ability = useContext(AbilityContext);
101
+ const authState = useContext(AuthStateContext);
102
+ const isLoading = authState?.isLoading ?? false;
103
+ const allowed = !isLoading && ability.can(action, subject);
104
+ return {
105
+ allowed,
106
+ isLoading
107
+ };
125
108
  }
126
- function CanPermission({ children, permissions, match = 'any', fallback = null }) {
127
- const allowed = useCanPermission(permissions, match);
128
- return allowed ? /*#__PURE__*/ jsx(Fragment, {
129
- children: children
130
- }) : /*#__PURE__*/ jsx(Fragment, {
109
+ function Can({ children, action, subject, fallback = null }) {
110
+ const { allowed, isLoading } = useCan(action, subject);
111
+ if (isLoading) return /*#__PURE__*/ jsx(Fragment, {
131
112
  children: fallback
132
113
  });
114
+ return allowed ? /*#__PURE__*/ jsx(Fragment, {
115
+ children: children
116
+ }) : null;
133
117
  }
134
- export { AbilityContext, AuthProvider, Can, CanPermission, CanRole, getAbility, useAuth, useCanPermission, useUserPermissions };
118
+ export { AbilityContext, AuthProvider, Can, CanRole, useAuth, useCan, useUserPermissions };
package/lib/ability-factory.d.ts CHANGED
@@ -1,22 +1,22 @@
1
1
  import { MongoAbility as Ability } from '@casl/ability';
2
- import type { Permission, CaslRule } from './types';
2
+ import type { CaslRule, PermissionPointData } from './types';
3
3
  export declare const ROLE_SUBJECT = "@role";
4
4
  /**
5
- * 将权限数据转换为 CASL 规则
5
+ * 将角色和权限点位转换为 CASL 规则
6
6
  */
7
- export declare function convertPermissionsToRules(permissions: Permission[], roles: string[]): CaslRule[];
7
+ export declare function convertPermissionsToRules(roles: string[], permissionPoints?: PermissionPointData[]): CaslRule[];
8
8
  /**
9
9
  * 创建 MongoAbility 实例
10
10
  */
11
- export declare function createAbility({ permissions, roles, }: {
12
- permissions?: Permission[];
11
+ export declare function createAbility({ roles, permissionPoints, }: {
13
12
  roles?: string[];
13
+ permissionPoints?: PermissionPointData[];
14
14
  }): Ability;
15
15
  /**
16
16
  * 更新已存在的 Ability 实例
17
17
  */
18
- export declare function updateAbility(ability: Ability, { permissions, roles }: {
19
- permissions?: Permission[];
18
+ export declare function updateAbility(ability: Ability, { roles, permissionPoints }: {
20
19
  roles?: string[];
20
+ permissionPoints?: PermissionPointData[];
21
21
  }): void;
22
22
  //# sourceMappingURL=ability-factory.d.ts.map
package/lib/ability-factory.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ability-factory.d.ts","sourceRoot":"","sources":["../src/ability-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,IAAI,OAAO,EAGxB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEpD,eAAO,MAAM,YAAY,UAAU,CAAC;AACpC;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,WAAW,EAAE,UAAU,EAAE,EACzB,KAAK,EAAE,MAAM,EAAE,GACd,QAAQ,EAAE,CAmBZ;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAC5B,WAAW,EACX,KAAK,GACN,EAAE;IACD,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB,GAAG,OAAO,CAkBV;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,OAAO,EAChB,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE;IAAE,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,GACvE,IAAI,CAGN"}
1
+ {"version":3,"file":"ability-factory.d.ts","sourceRoot":"","sources":["../src/ability-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,IAAI,OAAO,EAGxB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE7D,eAAO,MAAM,YAAY,UAAU,CAAC;AACpC;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,MAAM,EAAE,EACf,gBAAgB,CAAC,EAAE,mBAAmB,EAAE,GACvC,QAAQ,EAAE,CAkBZ;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAC5B,KAAK,EACL,gBAAgB,GACjB,EAAE;IACD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,gBAAgB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC1C,GAAG,OAAO,CAiBV;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,OAAO,EAChB,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAAC,gBAAgB,CAAC,EAAE,mBAAmB,EAAE,CAAA;CAAE,GAC1F,IAAI,CAGN"}
package/lib/ability-factory.js CHANGED
@@ -1,26 +1,26 @@
1
1
  import { AbilityBuilder, createMongoAbility } from "@casl/ability";
2
2
  const ROLE_SUBJECT = '@role';
3
- function convertPermissionsToRules(permissions, roles) {
3
+ function convertPermissionsToRules(roles, permissionPoints) {
4
4
  const rules = [];
5
- for (const permission of permissions)for (const action of permission.actions)rules.push({
6
- action,
7
- subject: permission.sub
8
- });
9
5
  for (const role of roles)rules.push({
10
6
  action: role,
11
7
  subject: ROLE_SUBJECT
12
8
  });
9
+ if (permissionPoints) for (const { action, subject } of permissionPoints)rules.push({
10
+ action,
11
+ subject
12
+ });
13
13
  return rules;
14
14
  }
15
- function createAbility({ permissions, roles }) {
15
+ function createAbility({ roles, permissionPoints }) {
16
16
  const { build, can } = new AbilityBuilder(createMongoAbility);
17
- const rules = convertPermissionsToRules(permissions || [], roles || []);
17
+ const rules = convertPermissionsToRules(roles || [], permissionPoints);
18
18
  for (const rule of rules)if (Array.isArray(rule.action)) for (const action of rule.action)can(action, rule.subject, rule.fields);
19
19
  else can(rule.action, rule.subject, rule.fields);
20
20
  return build();
21
21
  }
22
- function updateAbility(ability, { permissions, roles }) {
23
- const rules = convertPermissionsToRules(permissions || [], roles || []);
22
+ function updateAbility(ability, { roles, permissionPoints }) {
23
+ const rules = convertPermissionsToRules(roles || [], permissionPoints);
24
24
  ability.update(rules);
25
25
  }
26
26
  export { ROLE_SUBJECT, convertPermissionsToRules, createAbility, updateAbility };
package/lib/index.d.ts CHANGED
@@ -4,10 +4,9 @@
4
4
  * 基于 CASL 的前端鉴权 SDK
5
5
  * 封装了权限数据获取和 Ability 初始化逻辑
6
6
  */
7
- export type { PermissionApiResponse, PermissionApiConfig, AuthSdkConfig, } from './types';
7
+ export type { PermissionApiResponse, PermissionApiConfig, PermissionPointData, AuthSdkConfig, } from './types';
8
8
  export { ROLE_SUBJECT } from './ability-factory';
9
9
  export { PermissionClient } from './permission-client';
10
- export { AuthProvider, useAuth, CanRole, AbilityContext, useUserPermissions, useCanPermission, CanPermission, } from './AuthProvider';
11
- export { CanPermission as CanPerm } from './AuthProvider';
10
+ export { AuthProvider, useAuth, Can, CanRole, useCan, AbilityContext, useUserPermissions, } from './AuthProvider';
12
11
  export type { AuthProviderProps } from './AuthProvider';
13
12
  //# sourceMappingURL=index.d.ts.map
package/lib/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EACV,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,GACd,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,YAAY,EACZ,OAAO,EACP,OAAO,EACP,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,aAAa,IAAI,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAE1D,YAAY,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EACV,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,aAAa,GACd,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,YAAY,EACZ,OAAO,EACP,GAAG,EACH,OAAO,EACP,MAAM,EACN,cAAc,EACd,kBAAkB,GACnB,MAAM,gBAAgB,CAAC;AAExB,YAAY,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC"}
package/lib/index.js CHANGED
@@ -1,4 +1,4 @@
1
1
  import { ROLE_SUBJECT } from "./ability-factory.js";
2
2
  import { PermissionClient } from "./permission-client.js";
3
- import { AbilityContext, AuthProvider, CanPermission, CanRole, useAuth, useCanPermission, useUserPermissions } from "./AuthProvider.js";
4
- export { AbilityContext, AuthProvider, CanPermission as CanPerm, CanPermission, CanRole, PermissionClient, ROLE_SUBJECT, useAuth, useCanPermission, useUserPermissions };
3
+ import { AbilityContext, AuthProvider, Can, CanRole, useAuth, useCan, useUserPermissions } from "./AuthProvider.js";
4
+ export { AbilityContext, AuthProvider, Can, CanRole, PermissionClient, ROLE_SUBJECT, useAuth, useCan, useUserPermissions };
package/lib/permission-client.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { PermissionApiConfig, PermissionApiResponse } from './types';
1
+ import type { PermissionApiConfig, PermissionApiResponse, PermissionPointData } from './types';
2
2
  /**
3
3
  * 权限数据获取客户端
4
4
  */
@@ -10,9 +10,10 @@ export declare class PermissionClient {
10
10
  */
11
11
  fetchPermissions(): Promise<PermissionApiResponse>;
12
12
  /**
13
- * 获取用户权限点位列表
13
+ * 获取用户权限点位
14
+ * 请求内置的权限点位查询端点
14
15
  */
15
- fetchUserPermissions(config: PermissionApiConfig): Promise<string[]>;
16
+ static fetchPermissionPoints(): Promise<PermissionPointData[]>;
16
17
  /**
17
18
  * 更新配置
18
19
  */
package/lib/permission-client.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"permission-client.d.ts","sourceRoot":"","sources":["../src/permission-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAG1E;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,EAAE,mBAAmB;IAIvC;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,qBAAqB,CAAC;IAoDxD;;OAEG;IACG,oBAAoB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA4C1E;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI;IAOxD;;OAEG;IACH,SAAS,IAAI,mBAAmB;CAGjC"}
1
+ {"version":3,"file":"permission-client.d.ts","sourceRoot":"","sources":["../src/permission-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAG/F;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,EAAE,mBAAmB;IAIvC;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,qBAAqB,CAAC;IAqDxD;;;OAGG;WACU,qBAAqB,IAAI,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAwCpE;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI;IAOxD;;OAEG;IACH,SAAS,IAAI,mBAAmB;CAGjC"}
package/lib/permission-client.js CHANGED
@@ -42,29 +42,37 @@ class PermissionClient {
42
42
  throw error;
43
43
  }
44
44
  }
45
- async fetchUserPermissions(config) {
46
- const { url, timeout = 5000, headers = {} } = config;
47
- const requestHeaders = {
48
- ...headers,
49
- 'Content-Type': 'application/json',
50
- 'X-Suda-Csrf-Token': window.csrfToken || ''
51
- };
45
+ static async fetchPermissionPoints() {
46
+ const appId = window.appId || '';
47
+ const url = `/app/${appId}/api/sdk_innerapi/permission/user-points`;
52
48
  const controller = new AbortController();
53
- const timeoutId = setTimeout(()=>controller.abort(), timeout);
49
+ const timeoutId = setTimeout(()=>controller.abort(), 5000);
54
50
  try {
55
51
  const response = await fetch(url, {
56
- method: 'POST',
57
- headers: requestHeaders,
52
+ method: 'GET',
53
+ headers: {
54
+ 'Content-Type': 'application/json',
55
+ 'X-Suda-Csrf-Token': window.csrfToken || ''
56
+ },
58
57
  signal: controller.signal,
59
58
  credentials: 'include'
60
59
  });
61
60
  clearTimeout(timeoutId);
62
- if (!response.ok) throw new Error(`Permissions API returned ${response.status}: ${response.statusText}`);
63
- const data = await response.json();
64
- return data.data?.permissions || [];
61
+ if (!response.ok) throw new Error(`Permission Points API returned ${response.status}: ${response.statusText}`);
62
+ return await response.json();
65
63
  } catch (error) {
66
64
  clearTimeout(timeoutId);
67
- if (error instanceof Error && 'AbortError' === error.name) throw new Error(`Permissions API request timeout after ${timeout}ms`);
65
+ if (error instanceof Error && 'AbortError' === error.name) {
66
+ slardar.captureException(error, {
67
+ source: 'auth-sdk',
68
+ type: 'timeout'
69
+ });
70
+ throw new Error('Permission Points API request timeout');
71
+ }
72
+ slardar.captureException(error, {
73
+ source: 'auth-sdk',
74
+ type: 'fetch'
75
+ });
68
76
  throw error;
69
77
  }
70
78
  }
package/lib/types.d.ts CHANGED
@@ -14,13 +14,14 @@ export type Action = 'create' | 'read' | 'update' | 'delete' | 'manage' | string
14
14
  */
15
15
  export type Subject = string;
16
16
  /**
17
- * 单个权限定义
17
+ * 权限点位数据(action + subject 分离模式)
18
+ * 由内置 user-points 端点返回,注册到 CASL Ability
18
19
  */
19
- export interface Permission {
20
- id: string;
21
- name: string;
22
- sub: Subject;
23
- actions: Action[];
20
+ export interface PermissionPointData {
21
+ id?: string;
22
+ action: string;
23
+ subject: string;
24
+ description?: string;
24
25
  }
25
26
  /**
26
27
  * 用户角色定义
@@ -65,11 +66,6 @@ export interface AuthSdkConfig {
65
66
  * 权限 API 配置
66
67
  */
67
68
  permissionApi?: PermissionApiConfig;
68
- /**
69
- * 权限点位 API 配置(可选)
70
- * 配置后 AuthProvider 会额外请求用户的有效权限点位
71
- */
72
- permissionPointsApi?: PermissionApiConfig;
73
69
  /**
74
70
  * 是否在初始化时使用获取权限
75
71
  * @default false
package/lib/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;CACF;AAED;;GAEG;AACH,MAAM,MAAM,MAAM,GACd,QAAQ,GACR,MAAM,GACN,QAAQ,GACR,QAAQ,GACR,QAAQ,GACR,MAAM,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC;AAE7B;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,kBAAkB;IAClB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC;;;OAGG;IACH,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAE1C;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAEjC;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,qBAAqB,KAAK,IAAI,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,OAAO,GAAG,OAAO,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;CACF;AAED;;GAEG;AACH,MAAM,MAAM,MAAM,GACd,QAAQ,GACR,MAAM,GACN,QAAQ,GACR,QAAQ,GACR,QAAQ,GACR,MAAM,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC;AAE7B;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,kBAAkB;IAClB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAEjC;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,qBAAqB,KAAK,IAAI,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,OAAO,GAAG,OAAO,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lark-apaas/auth-sdk",
3
- "version": "0.1.0-beta.4",
3
+ "version": "0.1.0-beta.5",
4
4
  "description": "基于 CASL 的前端鉴权 SDK",
5
5
  "types": "./lib/index.d.ts",
6
6
  "main": "./lib/index.js",