@lark-apaas/fullstack-nestjs-core 1.1.18-alpha.1 → 1.1.19-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1887 -79
- package/dist/index.d.cts +37 -3
- package/dist/index.d.ts +37 -3
- package/dist/index.js +1876 -71
- package/package.json +8 -7
package/dist/index.js
CHANGED
|
@@ -2,17 +2,17 @@ var __defProp = Object.defineProperty;
|
|
|
2
2
|
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
3
3
|
|
|
4
4
|
// src/modules/platform/module.ts
|
|
5
|
-
import { Global, Module, ValidationPipe } from "@nestjs/common";
|
|
5
|
+
import { Global, Module as Module3, ValidationPipe } from "@nestjs/common";
|
|
6
6
|
import { APP_INTERCEPTOR, APP_PIPE } from "@nestjs/core";
|
|
7
|
-
import { CommonModule, OBSERVABLE_SERVICE } from "@lark-apaas/nestjs-common";
|
|
7
|
+
import { CommonModule, OBSERVABLE_SERVICE as OBSERVABLE_SERVICE3 } from "@lark-apaas/nestjs-common";
|
|
8
8
|
import { ConfigModule, ConfigService } from "@nestjs/config";
|
|
9
9
|
import { NestjsObservableModule as ObservableModule, Observable, ObservableTraceMiddleware, TraceInterceptor } from "@lark-apaas/nestjs-observable";
|
|
10
10
|
import { HttpModule } from "@nestjs/axios";
|
|
11
11
|
import { LoggerModule, AppLogger as AppLogger2, LoggerContextMiddleware } from "@lark-apaas/nestjs-logger";
|
|
12
12
|
import { DataPaasModule, SqlExecutionContextMiddleware } from "@lark-apaas/nestjs-datapaas";
|
|
13
|
-
import { AuthNPaasModule } from "@lark-apaas/nestjs-authnpaas";
|
|
13
|
+
import { AuthNPaasModule as AuthNPaasModule2 } from "@lark-apaas/nestjs-authnpaas";
|
|
14
14
|
import { AutomationModule } from "@lark-apaas/nestjs-trigger";
|
|
15
|
-
import { PLATFORM_HTTP_CLIENT as
|
|
15
|
+
import { PLATFORM_HTTP_CLIENT as PLATFORM_HTTP_CLIENT4 } from "@lark-apaas/nestjs-common";
|
|
16
16
|
import { CapabilityModule } from "@lark-apaas/nestjs-capability";
|
|
17
17
|
|
|
18
18
|
// src/middlewares/user-context/index.ts
|
|
@@ -39,10 +39,10 @@ __name(getWebUserFromHeader, "getWebUserFromHeader");
|
|
|
39
39
|
|
|
40
40
|
// src/middlewares/user-context/index.ts
|
|
41
41
|
function _ts_decorate(decorators, target, key, desc) {
|
|
42
|
-
var
|
|
43
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
|
|
44
|
-
else for (var
|
|
45
|
-
return
|
|
42
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
43
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
44
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
45
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
46
46
|
}
|
|
47
47
|
__name(_ts_decorate, "_ts_decorate");
|
|
48
48
|
var UserContextMiddleware = class {
|
|
@@ -61,7 +61,8 @@ var UserContextMiddleware = class {
|
|
|
61
61
|
userName: webUser?.user_name?.zh_cn ?? "",
|
|
62
62
|
userNameEn: webUser?.user_name?.en_us ?? "",
|
|
63
63
|
userNameI18n: webUser?.user_name ?? {},
|
|
64
|
-
isSystemAccount: webUser?.is_system_account ?? false
|
|
64
|
+
isSystemAccount: webUser?.is_system_account ?? false,
|
|
65
|
+
roles: webUser?.roles ?? []
|
|
65
66
|
};
|
|
66
67
|
next();
|
|
67
68
|
}
|
|
@@ -89,10 +90,10 @@ __name(sendForbidden, "sendForbidden");
|
|
|
89
90
|
|
|
90
91
|
// src/middlewares/csrf/index.ts
|
|
91
92
|
function _ts_decorate2(decorators, target, key, desc) {
|
|
92
|
-
var
|
|
93
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
|
|
94
|
-
else for (var
|
|
95
|
-
return
|
|
93
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
94
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
95
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
96
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
96
97
|
}
|
|
97
98
|
__name(_ts_decorate2, "_ts_decorate");
|
|
98
99
|
var CsrfMiddleware = class _CsrfMiddleware {
|
|
@@ -131,9 +132,9 @@ import { Inject, Injectable as Injectable3, Logger } from "@nestjs/common";
|
|
|
131
132
|
import { PLATFORM_HTTP_CLIENT } from "@lark-apaas/nestjs-common";
|
|
132
133
|
|
|
133
134
|
// src/utils/safe-stringify.ts
|
|
134
|
-
function safeEscape(
|
|
135
|
-
return
|
|
136
|
-
switch (
|
|
135
|
+
function safeEscape(s3) {
|
|
136
|
+
return s3.replace(/[<>&='"\n\r\u2028\u2029]/g, function(c4) {
|
|
137
|
+
switch (c4.charCodeAt(0)) {
|
|
137
138
|
case 60:
|
|
138
139
|
return "\\u003c";
|
|
139
140
|
// <
|
|
@@ -167,7 +168,7 @@ function safeEscape(s) {
|
|
|
167
168
|
return "\\u2029";
|
|
168
169
|
// 段落分隔符
|
|
169
170
|
default:
|
|
170
|
-
return
|
|
171
|
+
return c4;
|
|
171
172
|
}
|
|
172
173
|
});
|
|
173
174
|
}
|
|
@@ -175,14 +176,14 @@ __name(safeEscape, "safeEscape");
|
|
|
175
176
|
|
|
176
177
|
// src/middlewares/view-context/index.ts
|
|
177
178
|
function _ts_decorate3(decorators, target, key, desc) {
|
|
178
|
-
var
|
|
179
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
|
|
180
|
-
else for (var
|
|
181
|
-
return
|
|
179
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
180
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
181
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
182
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
182
183
|
}
|
|
183
184
|
__name(_ts_decorate3, "_ts_decorate");
|
|
184
|
-
function _ts_metadata(k,
|
|
185
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k,
|
|
185
|
+
function _ts_metadata(k, v4) {
|
|
186
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
|
|
186
187
|
}
|
|
187
188
|
__name(_ts_metadata, "_ts_metadata");
|
|
188
189
|
function _ts_param(paramIndex, decorator) {
|
|
@@ -221,7 +222,7 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
|
|
|
221
222
|
}
|
|
222
223
|
}
|
|
223
224
|
async use(req, res, next) {
|
|
224
|
-
const { userId, tenantId, appId } = req.userContext;
|
|
225
|
+
const { userId, tenantId, appId, loginUrl, userType } = req.userContext;
|
|
225
226
|
const csrfToken = req.csrfToken;
|
|
226
227
|
const appInfo = await this.getAppInfo(appId);
|
|
227
228
|
const environment = mapToWindowEnvironment(process.env.FORCE_FRAMEWORK_ENVIRONMENT);
|
|
@@ -232,6 +233,8 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
|
|
|
232
233
|
appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
|
|
233
234
|
appAvatar: appInfo?.app_avatar ?? "",
|
|
234
235
|
appDescription: safeEscape(appInfo?.app_description ?? ""),
|
|
236
|
+
loginUrl: loginUrl ?? "",
|
|
237
|
+
userType: userType ?? "",
|
|
235
238
|
tenantId,
|
|
236
239
|
environment
|
|
237
240
|
};
|
|
@@ -240,6 +243,8 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
|
|
|
240
243
|
csrfToken: csrfToken ?? "",
|
|
241
244
|
userId: userId ?? "",
|
|
242
245
|
tenantId: tenantId ?? "",
|
|
246
|
+
loginUrl: loginUrl ?? "",
|
|
247
|
+
userType: userType ?? "",
|
|
243
248
|
appId: appId ?? "",
|
|
244
249
|
appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
|
|
245
250
|
appAvatar: appInfo?.app_avatar ?? "",
|
|
@@ -283,19 +288,19 @@ __name(resolveCsrfTokenOptions, "resolveCsrfTokenOptions");
|
|
|
283
288
|
function genToken() {
|
|
284
289
|
const ts = Math.floor(Date.now() / 1e3);
|
|
285
290
|
const randInt64 = BigInt("0x" + crypto.randomBytes(8).toString("hex")).toString();
|
|
286
|
-
const
|
|
291
|
+
const s3 = `${randInt64}.${ts}`;
|
|
287
292
|
const sha1 = crypto.createHash("sha1");
|
|
288
|
-
sha1.update(
|
|
293
|
+
sha1.update(s3);
|
|
289
294
|
return `${sha1.digest("hex")}-${ts}`;
|
|
290
295
|
}
|
|
291
296
|
__name(genToken, "genToken");
|
|
292
297
|
|
|
293
298
|
// src/middlewares/csrf_token/index.ts
|
|
294
299
|
function _ts_decorate4(decorators, target, key, desc) {
|
|
295
|
-
var
|
|
296
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
|
|
297
|
-
else for (var
|
|
298
|
-
return
|
|
300
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
301
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
302
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
303
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
299
304
|
}
|
|
300
305
|
__name(_ts_decorate4, "_ts_decorate");
|
|
301
306
|
var CsrfTokenMiddleware = class _CsrfTokenMiddleware {
|
|
@@ -367,14 +372,14 @@ __name(apiResponseInterceptor, "apiResponseInterceptor");
|
|
|
367
372
|
import { Injectable as Injectable5 } from "@nestjs/common";
|
|
368
373
|
import { RequestContextService } from "@lark-apaas/nestjs-common";
|
|
369
374
|
function _ts_decorate5(decorators, target, key, desc) {
|
|
370
|
-
var
|
|
371
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
|
|
372
|
-
else for (var
|
|
373
|
-
return
|
|
375
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
376
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
377
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
378
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
374
379
|
}
|
|
375
380
|
__name(_ts_decorate5, "_ts_decorate");
|
|
376
|
-
function _ts_metadata2(k,
|
|
377
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k,
|
|
381
|
+
function _ts_metadata2(k, v4) {
|
|
382
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
|
|
378
383
|
}
|
|
379
384
|
__name(_ts_metadata2, "_ts_metadata");
|
|
380
385
|
var RequestContextMiddleware = class {
|
|
@@ -388,12 +393,14 @@ var RequestContextMiddleware = class {
|
|
|
388
393
|
use(req, _res, next) {
|
|
389
394
|
const path = req.originalUrl ?? req.url;
|
|
390
395
|
const userContext = req.userContext ?? {};
|
|
396
|
+
const ttEnv = req.headers["x-tt-env"];
|
|
391
397
|
this.requestContext.run({
|
|
392
398
|
path,
|
|
393
399
|
method: req.method,
|
|
394
400
|
userId: userContext.userId,
|
|
395
401
|
tenantId: userContext.tenantId,
|
|
396
|
-
appId: userContext.appId
|
|
402
|
+
appId: userContext.appId,
|
|
403
|
+
ttEnv
|
|
397
404
|
}, () => next());
|
|
398
405
|
}
|
|
399
406
|
};
|
|
@@ -410,14 +417,14 @@ import { Injectable as Injectable6 } from "@nestjs/common";
|
|
|
410
417
|
import { HttpService } from "@nestjs/axios";
|
|
411
418
|
import { AppLogger } from "@lark-apaas/nestjs-logger";
|
|
412
419
|
function _ts_decorate6(decorators, target, key, desc) {
|
|
413
|
-
var
|
|
414
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
|
|
415
|
-
else for (var
|
|
416
|
-
return
|
|
420
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
421
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
422
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
423
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
417
424
|
}
|
|
418
425
|
__name(_ts_decorate6, "_ts_decorate");
|
|
419
|
-
function _ts_metadata3(k,
|
|
420
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k,
|
|
426
|
+
function _ts_metadata3(k, v4) {
|
|
427
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
|
|
421
428
|
}
|
|
422
429
|
__name(_ts_metadata3, "_ts_metadata");
|
|
423
430
|
var HttpInterceptorService = class {
|
|
@@ -505,14 +512,14 @@ var app_config_default = registerAs(NAMESPACE, () => {
|
|
|
505
512
|
import { Injectable as Injectable7 } from "@nestjs/common";
|
|
506
513
|
import { HttpAdapterHost } from "@nestjs/core";
|
|
507
514
|
function _ts_decorate7(decorators, target, key, desc) {
|
|
508
|
-
var
|
|
509
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
|
|
510
|
-
else for (var
|
|
511
|
-
return
|
|
515
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
516
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
517
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
518
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
512
519
|
}
|
|
513
520
|
__name(_ts_decorate7, "_ts_decorate");
|
|
514
|
-
function _ts_metadata4(k,
|
|
515
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k,
|
|
521
|
+
function _ts_metadata4(k, v4) {
|
|
522
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
|
|
516
523
|
}
|
|
517
524
|
__name(_ts_metadata4, "_ts_metadata");
|
|
518
525
|
var processStartTimestamp = Date.now();
|
|
@@ -573,15 +580,16 @@ FrameworkDebugMiddleware = _ts_decorate7([
|
|
|
573
580
|
// src/services/platform-http-client.service.ts
|
|
574
581
|
import { Injectable as Injectable8, Logger as Logger2 } from "@nestjs/common";
|
|
575
582
|
import { HttpClient } from "@lark-apaas/http-client";
|
|
583
|
+
import { RequestContextService as RequestContextService2 } from "@lark-apaas/nestjs-common";
|
|
576
584
|
function _ts_decorate8(decorators, target, key, desc) {
|
|
577
|
-
var
|
|
578
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
|
|
579
|
-
else for (var
|
|
580
|
-
return
|
|
585
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
586
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
587
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
588
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
581
589
|
}
|
|
582
590
|
__name(_ts_decorate8, "_ts_decorate");
|
|
583
|
-
function _ts_metadata5(k,
|
|
584
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k,
|
|
591
|
+
function _ts_metadata5(k, v4) {
|
|
592
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
|
|
585
593
|
}
|
|
586
594
|
__name(_ts_metadata5, "_ts_metadata");
|
|
587
595
|
var ProtectedHttpClient = class ProtectedHttpClient2 {
|
|
@@ -615,10 +623,12 @@ var PlatformHttpClientService = class _PlatformHttpClientService {
|
|
|
615
623
|
static {
|
|
616
624
|
__name(this, "PlatformHttpClientService");
|
|
617
625
|
}
|
|
626
|
+
requestContext;
|
|
618
627
|
client;
|
|
619
628
|
protectedClient;
|
|
620
629
|
logger = new Logger2(_PlatformHttpClientService.name);
|
|
621
|
-
constructor() {
|
|
630
|
+
constructor(requestContext) {
|
|
631
|
+
this.requestContext = requestContext;
|
|
622
632
|
const baseConfig = {
|
|
623
633
|
timeout: 5e3
|
|
624
634
|
};
|
|
@@ -709,6 +719,13 @@ var PlatformHttpClientService = class _PlatformHttpClientService {
|
|
|
709
719
|
registerGlobalInterceptors() {
|
|
710
720
|
this.client.interceptors.request.use((config) => {
|
|
711
721
|
this.logger.debug(`Server SDK HTTP Request: ${config.method?.toUpperCase()} ${config.url}`);
|
|
722
|
+
const ttEnv = this.requestContext.get("ttEnv");
|
|
723
|
+
if (ttEnv) {
|
|
724
|
+
config.headers = {
|
|
725
|
+
...config.headers,
|
|
726
|
+
"x-tt-env": ttEnv
|
|
727
|
+
};
|
|
728
|
+
}
|
|
712
729
|
return config;
|
|
713
730
|
}, (error) => {
|
|
714
731
|
this.logger.error("Server SDK HTTP Request Error", error, "HttpService");
|
|
@@ -731,20 +748,1802 @@ var PlatformHttpClientService = class _PlatformHttpClientService {
|
|
|
731
748
|
PlatformHttpClientService = _ts_decorate8([
|
|
732
749
|
Injectable8(),
|
|
733
750
|
_ts_metadata5("design:type", Function),
|
|
734
|
-
_ts_metadata5("design:paramtypes", [
|
|
751
|
+
_ts_metadata5("design:paramtypes", [
|
|
752
|
+
typeof RequestContextService2 === "undefined" ? Object : RequestContextService2
|
|
753
|
+
])
|
|
735
754
|
], PlatformHttpClientService);
|
|
736
755
|
|
|
737
756
|
// src/modules/platform/config/feature-switch.ts
|
|
738
757
|
var DISABLE_DATAPASS = process.env.FORCE_FRAMEWORK_DISABLE_DATAPASS === "true";
|
|
739
758
|
|
|
740
|
-
// src/
|
|
759
|
+
// src/services/file.service.ts
|
|
760
|
+
import { Injectable as Injectable9, Inject as Inject2, Logger as Logger3 } from "@nestjs/common";
|
|
761
|
+
import { ObservableService, RequestContextService as RequestContextService3, PLATFORM_HTTP_CLIENT as PLATFORM_HTTP_CLIENT2, OBSERVABLE_SERVICE } from "@lark-apaas/nestjs-common";
|
|
762
|
+
import { FileService as FileServiceCore, FileDownloadBuilder } from "@lark-apaas/file-service";
|
|
741
763
|
function _ts_decorate9(decorators, target, key, desc) {
|
|
742
|
-
var
|
|
743
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
|
|
744
|
-
else for (var
|
|
745
|
-
return
|
|
764
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
765
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
766
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
767
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
746
768
|
}
|
|
747
769
|
__name(_ts_decorate9, "_ts_decorate");
|
|
770
|
+
function _ts_metadata6(k, v4) {
|
|
771
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
|
|
772
|
+
}
|
|
773
|
+
__name(_ts_metadata6, "_ts_metadata");
|
|
774
|
+
function _ts_param2(paramIndex, decorator) {
|
|
775
|
+
return function(target, key) {
|
|
776
|
+
decorator(target, key, paramIndex);
|
|
777
|
+
};
|
|
778
|
+
}
|
|
779
|
+
__name(_ts_param2, "_ts_param");
|
|
780
|
+
var FileService = class {
|
|
781
|
+
static {
|
|
782
|
+
__name(this, "FileService");
|
|
783
|
+
}
|
|
784
|
+
requestContextService;
|
|
785
|
+
httpClient;
|
|
786
|
+
observable;
|
|
787
|
+
fileServiceCore;
|
|
788
|
+
nestLogger;
|
|
789
|
+
constructor(requestContextService, httpClient, observable) {
|
|
790
|
+
this.requestContextService = requestContextService;
|
|
791
|
+
this.httpClient = httpClient;
|
|
792
|
+
this.observable = observable;
|
|
793
|
+
this.fileServiceCore = new FileServiceCore(this.httpClient);
|
|
794
|
+
this.nestLogger = new Logger3("file");
|
|
795
|
+
}
|
|
796
|
+
/**
|
|
797
|
+
* 返回一个绑定了指定 bucket 的代理对象
|
|
798
|
+
* 不会修改 context,避免副作用
|
|
799
|
+
*/
|
|
800
|
+
from(bucket) {
|
|
801
|
+
return {
|
|
802
|
+
upload: /* @__PURE__ */ __name((file, options) => this._upload(bucket, file, options), "upload"),
|
|
803
|
+
download: /* @__PURE__ */ __name((path) => this._download(bucket, path), "download"),
|
|
804
|
+
list: /* @__PURE__ */ __name((prefix, searchOptions) => this._list(bucket, prefix, searchOptions), "list"),
|
|
805
|
+
remove: /* @__PURE__ */ __name((filePaths) => this._remove(bucket, filePaths), "remove"),
|
|
806
|
+
createSignedUrl: /* @__PURE__ */ __name((path, expiresIn) => this._createSignedUrl(bucket, path, expiresIn), "createSignedUrl"),
|
|
807
|
+
getFileMetadata: /* @__PURE__ */ __name((filePath) => this._getFileMetadata(bucket, filePath), "getFileMetadata")
|
|
808
|
+
};
|
|
809
|
+
}
|
|
810
|
+
// ============ 公开方法(使用默认 bucket)============
|
|
811
|
+
async upload(file, options) {
|
|
812
|
+
return this._upload(await this.getDefaultBucket(), file, options);
|
|
813
|
+
}
|
|
814
|
+
download(path) {
|
|
815
|
+
const capturedBucketPromise = this.getDefaultBucket();
|
|
816
|
+
return this._download(capturedBucketPromise, path);
|
|
817
|
+
}
|
|
818
|
+
async list(prefix, searchOptions) {
|
|
819
|
+
return this._list(await this.getDefaultBucket(), prefix, searchOptions);
|
|
820
|
+
}
|
|
821
|
+
async remove(filePaths) {
|
|
822
|
+
return this._remove(await this.getDefaultBucket(), filePaths);
|
|
823
|
+
}
|
|
824
|
+
async createSignedUrl(path, expiresIn) {
|
|
825
|
+
return this._createSignedUrl(await this.getDefaultBucket(), path, expiresIn);
|
|
826
|
+
}
|
|
827
|
+
async getFileMetadata(filePath) {
|
|
828
|
+
return this._getFileMetadata(await this.getDefaultBucket(), filePath);
|
|
829
|
+
}
|
|
830
|
+
async getDefaultBucket() {
|
|
831
|
+
const reqContext = this.requestContextService.getContext();
|
|
832
|
+
const bucketFromContext = reqContext?.bucket;
|
|
833
|
+
if (bucketFromContext) {
|
|
834
|
+
return bucketFromContext;
|
|
835
|
+
}
|
|
836
|
+
const appId = this.getAppId();
|
|
837
|
+
const bucket = await this.fileServiceCore.getDefaultBucket(appId);
|
|
838
|
+
return bucket;
|
|
839
|
+
}
|
|
840
|
+
getAppId() {
|
|
841
|
+
const requestCtx = this.requestContextService.getContext();
|
|
842
|
+
return requestCtx?.appId ?? "";
|
|
843
|
+
}
|
|
844
|
+
// ============ 核心实现方法(接受 bucket 参数)============
|
|
845
|
+
async _upload(bucket, file, options) {
|
|
846
|
+
const span = this.observable.startTrace("\u6587\u4EF6: upload", this.requestContextService.getContext()?.requestRootSpan);
|
|
847
|
+
span.setAttribute("module", "file");
|
|
848
|
+
span.setAttribute("source_type", "platform");
|
|
849
|
+
const spanContext = {
|
|
850
|
+
traceId: span.spanContext().traceId,
|
|
851
|
+
spanId: span.spanContext().spanId
|
|
852
|
+
};
|
|
853
|
+
const logContext = {
|
|
854
|
+
source_type: "platform",
|
|
855
|
+
paas_attributes_module: "file",
|
|
856
|
+
paas_parent_span_context: spanContext
|
|
857
|
+
};
|
|
858
|
+
const baseParams = {
|
|
859
|
+
method: "upload",
|
|
860
|
+
source_type: "server",
|
|
861
|
+
request: {
|
|
862
|
+
options
|
|
863
|
+
}
|
|
864
|
+
};
|
|
865
|
+
const startTime = Date.now();
|
|
866
|
+
try {
|
|
867
|
+
const res = await this.fileServiceCore.upload({
|
|
868
|
+
appId: this.getAppId(),
|
|
869
|
+
bucketId: await bucket,
|
|
870
|
+
fileBody: file,
|
|
871
|
+
options
|
|
872
|
+
});
|
|
873
|
+
this.nestLogger.log(JSON.stringify({
|
|
874
|
+
...baseParams,
|
|
875
|
+
response: res,
|
|
876
|
+
status: "succeed",
|
|
877
|
+
duration_ms: Date.now() - startTime
|
|
878
|
+
}), logContext);
|
|
879
|
+
return res;
|
|
880
|
+
} catch (e3) {
|
|
881
|
+
this.nestLogger.error(JSON.stringify({
|
|
882
|
+
...baseParams,
|
|
883
|
+
error_message: e3 instanceof Error ? e3.message : String(e3),
|
|
884
|
+
status: "failed",
|
|
885
|
+
duration_ms: Date.now() - startTime
|
|
886
|
+
}), logContext);
|
|
887
|
+
throw e3;
|
|
888
|
+
} finally {
|
|
889
|
+
span.end();
|
|
890
|
+
}
|
|
891
|
+
}
|
|
892
|
+
_download(bucket, path) {
|
|
893
|
+
const capturedAppId = this.getAppId();
|
|
894
|
+
const capturedRootSpan = this.requestContextService.getContext()?.requestRootSpan;
|
|
895
|
+
const downloadFn = /* @__PURE__ */ __name(async () => {
|
|
896
|
+
const span = this.observable.startTrace("\u6587\u4EF6: download", capturedRootSpan);
|
|
897
|
+
span.setAttribute("module", "file");
|
|
898
|
+
span.setAttribute("source_type", "platform");
|
|
899
|
+
const spanContext = {
|
|
900
|
+
traceId: span.spanContext().traceId,
|
|
901
|
+
spanId: span.spanContext().spanId
|
|
902
|
+
};
|
|
903
|
+
const logContext = {
|
|
904
|
+
source_type: "platform",
|
|
905
|
+
paas_attributes_module: "file",
|
|
906
|
+
paas_parent_span_context: spanContext
|
|
907
|
+
};
|
|
908
|
+
const baseParams = {
|
|
909
|
+
method: "download",
|
|
910
|
+
source_type: "server",
|
|
911
|
+
request: {
|
|
912
|
+
path
|
|
913
|
+
}
|
|
914
|
+
};
|
|
915
|
+
const startTime = Date.now();
|
|
916
|
+
try {
|
|
917
|
+
const res = await this.fileServiceCore.downloadInner({
|
|
918
|
+
appId: capturedAppId,
|
|
919
|
+
bucketId: await bucket,
|
|
920
|
+
filePath: path
|
|
921
|
+
});
|
|
922
|
+
this.nestLogger.log(JSON.stringify({
|
|
923
|
+
...baseParams,
|
|
924
|
+
response: {
|
|
925
|
+
metadata: res.metadata
|
|
926
|
+
},
|
|
927
|
+
status: "succeed",
|
|
928
|
+
duration_ms: Date.now() - startTime
|
|
929
|
+
}), logContext);
|
|
930
|
+
return res;
|
|
931
|
+
} catch (e3) {
|
|
932
|
+
this.nestLogger.error(JSON.stringify({
|
|
933
|
+
...baseParams,
|
|
934
|
+
error_message: e3 instanceof Error ? e3.message : String(e3),
|
|
935
|
+
status: "failed",
|
|
936
|
+
duration_ms: Date.now() - startTime
|
|
937
|
+
}), logContext);
|
|
938
|
+
throw e3;
|
|
939
|
+
} finally {
|
|
940
|
+
span.end();
|
|
941
|
+
}
|
|
942
|
+
}, "downloadFn");
|
|
943
|
+
return new FileDownloadBuilder(downloadFn);
|
|
944
|
+
}
|
|
945
|
+
async _list(bucket, prefix, searchOptions) {
|
|
946
|
+
const span = this.observable.startTrace("\u6587\u4EF6: list", this.requestContextService.getContext()?.requestRootSpan);
|
|
947
|
+
span.setAttribute("module", "file");
|
|
948
|
+
span.setAttribute("source_type", "platform");
|
|
949
|
+
const spanContext = {
|
|
950
|
+
traceId: span.spanContext().traceId,
|
|
951
|
+
spanId: span.spanContext().spanId
|
|
952
|
+
};
|
|
953
|
+
const logContext = {
|
|
954
|
+
source_type: "platform",
|
|
955
|
+
paas_attributes_module: "file",
|
|
956
|
+
paas_parent_span_context: spanContext
|
|
957
|
+
};
|
|
958
|
+
const baseParams = {
|
|
959
|
+
method: "list",
|
|
960
|
+
source_type: "server",
|
|
961
|
+
request: {
|
|
962
|
+
prefix,
|
|
963
|
+
searchOptions
|
|
964
|
+
}
|
|
965
|
+
};
|
|
966
|
+
const startTime = Date.now();
|
|
967
|
+
try {
|
|
968
|
+
const res = await this.fileServiceCore.list({
|
|
969
|
+
appId: this.getAppId(),
|
|
970
|
+
bucketId: await bucket,
|
|
971
|
+
prefix,
|
|
972
|
+
searchOptions
|
|
973
|
+
});
|
|
974
|
+
this.nestLogger.log(JSON.stringify({
|
|
975
|
+
...baseParams,
|
|
976
|
+
response: res,
|
|
977
|
+
status: "succeed",
|
|
978
|
+
duration_ms: Date.now() - startTime
|
|
979
|
+
}), logContext);
|
|
980
|
+
return res;
|
|
981
|
+
} catch (e3) {
|
|
982
|
+
this.nestLogger.error(JSON.stringify({
|
|
983
|
+
...baseParams,
|
|
984
|
+
error_message: e3 instanceof Error ? e3.message : String(e3),
|
|
985
|
+
status: "failed",
|
|
986
|
+
duration_ms: Date.now() - startTime
|
|
987
|
+
}), logContext);
|
|
988
|
+
throw e3;
|
|
989
|
+
} finally {
|
|
990
|
+
span.end();
|
|
991
|
+
}
|
|
992
|
+
}
|
|
993
|
+
async _remove(bucket, filePaths) {
|
|
994
|
+
const span = this.observable.startTrace("\u6587\u4EF6: remove", this.requestContextService.getContext()?.requestRootSpan);
|
|
995
|
+
span.setAttribute("module", "file");
|
|
996
|
+
span.setAttribute("source_type", "platform");
|
|
997
|
+
const spanContext = {
|
|
998
|
+
traceId: span.spanContext().traceId,
|
|
999
|
+
spanId: span.spanContext().spanId
|
|
1000
|
+
};
|
|
1001
|
+
const logContext = {
|
|
1002
|
+
source_type: "platform",
|
|
1003
|
+
paas_attributes_module: "file",
|
|
1004
|
+
paas_parent_span_context: spanContext
|
|
1005
|
+
};
|
|
1006
|
+
const baseParams = {
|
|
1007
|
+
method: "remove",
|
|
1008
|
+
source_type: "server",
|
|
1009
|
+
request: {
|
|
1010
|
+
filePaths
|
|
1011
|
+
}
|
|
1012
|
+
};
|
|
1013
|
+
const startTime = Date.now();
|
|
1014
|
+
try {
|
|
1015
|
+
const res = await this.fileServiceCore.remove({
|
|
1016
|
+
appId: this.getAppId(),
|
|
1017
|
+
bucketId: await bucket,
|
|
1018
|
+
filePaths
|
|
1019
|
+
});
|
|
1020
|
+
this.nestLogger.log(JSON.stringify({
|
|
1021
|
+
...baseParams,
|
|
1022
|
+
response: res,
|
|
1023
|
+
status: "succeed",
|
|
1024
|
+
duration_ms: Date.now() - startTime
|
|
1025
|
+
}), logContext);
|
|
1026
|
+
return res;
|
|
1027
|
+
} catch (e3) {
|
|
1028
|
+
this.nestLogger.error(JSON.stringify({
|
|
1029
|
+
...baseParams,
|
|
1030
|
+
error_message: e3 instanceof Error ? e3.message : String(e3),
|
|
1031
|
+
status: "failed",
|
|
1032
|
+
duration_ms: Date.now() - startTime
|
|
1033
|
+
}), logContext);
|
|
1034
|
+
throw e3;
|
|
1035
|
+
} finally {
|
|
1036
|
+
span.end();
|
|
1037
|
+
}
|
|
1038
|
+
}
|
|
1039
|
+
async _createSignedUrl(bucket, path, expiresIn) {
|
|
1040
|
+
const span = this.observable.startTrace("\u6587\u4EF6: createSignedUrl", this.requestContextService.getContext()?.requestRootSpan);
|
|
1041
|
+
span.setAttribute("module", "file");
|
|
1042
|
+
span.setAttribute("source_type", "platform");
|
|
1043
|
+
const spanContext = {
|
|
1044
|
+
traceId: span.spanContext().traceId,
|
|
1045
|
+
spanId: span.spanContext().spanId
|
|
1046
|
+
};
|
|
1047
|
+
const logContext = {
|
|
1048
|
+
source_type: "platform",
|
|
1049
|
+
paas_attributes_module: "file",
|
|
1050
|
+
paas_parent_span_context: spanContext
|
|
1051
|
+
};
|
|
1052
|
+
const baseParams = {
|
|
1053
|
+
method: "createSignedUrl",
|
|
1054
|
+
source_type: "server",
|
|
1055
|
+
request: {
|
|
1056
|
+
path,
|
|
1057
|
+
expiresIn
|
|
1058
|
+
}
|
|
1059
|
+
};
|
|
1060
|
+
const startTime = Date.now();
|
|
1061
|
+
try {
|
|
1062
|
+
const res = await this.fileServiceCore.createSignedUrl({
|
|
1063
|
+
appId: this.getAppId(),
|
|
1064
|
+
bucketId: await bucket,
|
|
1065
|
+
filePath: path,
|
|
1066
|
+
expiresIn
|
|
1067
|
+
});
|
|
1068
|
+
this.nestLogger.log(JSON.stringify({
|
|
1069
|
+
...baseParams,
|
|
1070
|
+
response: res,
|
|
1071
|
+
status: "succeed",
|
|
1072
|
+
duration_ms: Date.now() - startTime
|
|
1073
|
+
}), logContext);
|
|
1074
|
+
return res;
|
|
1075
|
+
} catch (e3) {
|
|
1076
|
+
this.nestLogger.error(JSON.stringify({
|
|
1077
|
+
...baseParams,
|
|
1078
|
+
error_message: e3 instanceof Error ? e3.message : String(e3),
|
|
1079
|
+
status: "failed",
|
|
1080
|
+
duration_ms: Date.now() - startTime
|
|
1081
|
+
}), logContext);
|
|
1082
|
+
throw e3;
|
|
1083
|
+
} finally {
|
|
1084
|
+
span.end();
|
|
1085
|
+
}
|
|
1086
|
+
}
|
|
1087
|
+
async _getFileMetadata(bucket, filePath) {
|
|
1088
|
+
const span = this.observable.startTrace("\u6587\u4EF6: getFileMetadata", this.requestContextService.getContext()?.requestRootSpan);
|
|
1089
|
+
span.setAttribute("module", "file");
|
|
1090
|
+
span.setAttribute("source_type", "platform");
|
|
1091
|
+
const spanContext = {
|
|
1092
|
+
traceId: span.spanContext().traceId,
|
|
1093
|
+
spanId: span.spanContext().spanId
|
|
1094
|
+
};
|
|
1095
|
+
const logContext = {
|
|
1096
|
+
source_type: "platform",
|
|
1097
|
+
paas_attributes_module: "file",
|
|
1098
|
+
paas_parent_span_context: spanContext
|
|
1099
|
+
};
|
|
1100
|
+
const baseParams = {
|
|
1101
|
+
method: "getFileMetadata",
|
|
1102
|
+
source_type: "server",
|
|
1103
|
+
request: {
|
|
1104
|
+
filePath
|
|
1105
|
+
}
|
|
1106
|
+
};
|
|
1107
|
+
const startTime = Date.now();
|
|
1108
|
+
try {
|
|
1109
|
+
const res = await this.fileServiceCore.getFileMetadata({
|
|
1110
|
+
appId: this.getAppId(),
|
|
1111
|
+
bucketId: await bucket,
|
|
1112
|
+
filePath
|
|
1113
|
+
});
|
|
1114
|
+
this.nestLogger.log(JSON.stringify({
|
|
1115
|
+
...baseParams,
|
|
1116
|
+
response: res,
|
|
1117
|
+
status: "succeed",
|
|
1118
|
+
duration_ms: Date.now() - startTime
|
|
1119
|
+
}), logContext);
|
|
1120
|
+
return res;
|
|
1121
|
+
} catch (e3) {
|
|
1122
|
+
this.nestLogger.error(JSON.stringify({
|
|
1123
|
+
...baseParams,
|
|
1124
|
+
error_message: e3 instanceof Error ? e3.message : String(e3),
|
|
1125
|
+
status: "failed",
|
|
1126
|
+
duration_ms: Date.now() - startTime
|
|
1127
|
+
}), logContext);
|
|
1128
|
+
throw e3;
|
|
1129
|
+
} finally {
|
|
1130
|
+
span.end();
|
|
1131
|
+
}
|
|
1132
|
+
}
|
|
1133
|
+
};
|
|
1134
|
+
FileService = _ts_decorate9([
|
|
1135
|
+
Injectable9(),
|
|
1136
|
+
_ts_param2(1, Inject2(PLATFORM_HTTP_CLIENT2)),
|
|
1137
|
+
_ts_param2(2, Inject2(OBSERVABLE_SERVICE)),
|
|
1138
|
+
_ts_metadata6("design:type", Function),
|
|
1139
|
+
_ts_metadata6("design:paramtypes", [
|
|
1140
|
+
typeof RequestContextService3 === "undefined" ? Object : RequestContextService3,
|
|
1141
|
+
typeof PlatformHttpClient === "undefined" ? Object : PlatformHttpClient,
|
|
1142
|
+
typeof ObservableService === "undefined" ? Object : ObservableService
|
|
1143
|
+
])
|
|
1144
|
+
], FileService);
|
|
1145
|
+
|
|
1146
|
+
// ../nestjs-authzpaas/dist/index.js
|
|
1147
|
+
import { Module as Module2 } from "@nestjs/common";
|
|
1148
|
+
import { APP_GUARD as APP_GUARD2, Reflector as Reflector4 } from "@nestjs/core";
|
|
1149
|
+
import { Injectable as Injectable32, HttpStatus, Inject as Inject3 } from "@nestjs/common";
|
|
1150
|
+
import { Module } from "@nestjs/common";
|
|
1151
|
+
import { APP_GUARD, Reflector as Reflector2 } from "@nestjs/core";
|
|
1152
|
+
import { Injectable as Injectable10, UnauthorizedException } from "@nestjs/common";
|
|
1153
|
+
import { Reflector } from "@nestjs/core";
|
|
1154
|
+
import { SetMetadata } from "@nestjs/common";
|
|
1155
|
+
import { SetMetadata as SetMetadata2 } from "@nestjs/common";
|
|
1156
|
+
import { Injectable as Injectable22 } from "@nestjs/common";
|
|
1157
|
+
|
|
1158
|
+
// ../../../node_modules/@ucast/core/dist/es6m/index.mjs
|
|
1159
|
+
var t = class {
|
|
1160
|
+
static {
|
|
1161
|
+
__name(this, "t");
|
|
1162
|
+
}
|
|
1163
|
+
constructor(t3, e3) {
|
|
1164
|
+
this.operator = t3, this.value = e3, Object.defineProperty(this, "t", { writable: true });
|
|
1165
|
+
}
|
|
1166
|
+
get notes() {
|
|
1167
|
+
return this.t;
|
|
1168
|
+
}
|
|
1169
|
+
addNote(t3) {
|
|
1170
|
+
this.t = this.t || [], this.t.push(t3);
|
|
1171
|
+
}
|
|
1172
|
+
};
|
|
1173
|
+
var e = class extends t {
|
|
1174
|
+
static {
|
|
1175
|
+
__name(this, "e");
|
|
1176
|
+
}
|
|
1177
|
+
};
|
|
1178
|
+
var r = class extends e {
|
|
1179
|
+
static {
|
|
1180
|
+
__name(this, "r");
|
|
1181
|
+
}
|
|
1182
|
+
constructor(t3, e3) {
|
|
1183
|
+
if (!Array.isArray(e3)) throw new Error(`"${t3}" operator expects to receive an array of conditions`);
|
|
1184
|
+
super(t3, e3);
|
|
1185
|
+
}
|
|
1186
|
+
};
|
|
1187
|
+
var n = "__itself__";
|
|
1188
|
+
var o = class extends t {
|
|
1189
|
+
static {
|
|
1190
|
+
__name(this, "o");
|
|
1191
|
+
}
|
|
1192
|
+
constructor(t3, e3, r2) {
|
|
1193
|
+
super(t3, r2), this.field = e3;
|
|
1194
|
+
}
|
|
1195
|
+
};
|
|
1196
|
+
var s = new e("__null__", null);
|
|
1197
|
+
var i = Object.prototype.hasOwnProperty.call.bind(Object.prototype.hasOwnProperty);
|
|
1198
|
+
function c(t3, e3) {
|
|
1199
|
+
return e3 instanceof r && e3.operator === t3;
|
|
1200
|
+
}
|
|
1201
|
+
__name(c, "c");
|
|
1202
|
+
function u(t3, e3) {
|
|
1203
|
+
return 1 === e3.length ? e3[0] : new r(t3, (/* @__PURE__ */ __name(function t4(e4, r2, n3) {
|
|
1204
|
+
const o3 = n3 || [];
|
|
1205
|
+
for (let n4 = 0, s3 = r2.length; n4 < s3; n4++) {
|
|
1206
|
+
const s4 = r2[n4];
|
|
1207
|
+
c(e4, s4) ? t4(e4, s4.value, o3) : o3.push(s4);
|
|
1208
|
+
}
|
|
1209
|
+
return o3;
|
|
1210
|
+
}, "t"))(t3, e3));
|
|
1211
|
+
}
|
|
1212
|
+
__name(u, "u");
|
|
1213
|
+
var a = /* @__PURE__ */ __name((t3) => t3, "a");
|
|
1214
|
+
var h = /* @__PURE__ */ __name(() => /* @__PURE__ */ Object.create(null), "h");
|
|
1215
|
+
var f = Object.defineProperty(h(), "__@type@__", { value: "ignore value" });
|
|
1216
|
+
function l(t3, e3, r2 = false) {
|
|
1217
|
+
if (!t3 || t3 && t3.constructor !== Object) return false;
|
|
1218
|
+
for (const n3 in t3) {
|
|
1219
|
+
if (i(t3, n3) && i(e3, n3) && (!r2 || t3[n3] !== f)) return true;
|
|
1220
|
+
}
|
|
1221
|
+
return false;
|
|
1222
|
+
}
|
|
1223
|
+
__name(l, "l");
|
|
1224
|
+
function d(t3) {
|
|
1225
|
+
const e3 = [];
|
|
1226
|
+
for (const r2 in t3) i(t3, r2) && t3[r2] !== f && e3.push(r2);
|
|
1227
|
+
return e3;
|
|
1228
|
+
}
|
|
1229
|
+
__name(d, "d");
|
|
1230
|
+
function p(t3, e3) {
|
|
1231
|
+
e3 !== s && t3.push(e3);
|
|
1232
|
+
}
|
|
1233
|
+
__name(p, "p");
|
|
1234
|
+
var w = /* @__PURE__ */ __name((t3) => u("and", t3), "w");
|
|
1235
|
+
var O = { compound(t3, e3, n3) {
|
|
1236
|
+
const o3 = (Array.isArray(e3) ? e3 : [e3]).map((t4) => n3.parse(t4));
|
|
1237
|
+
return new r(t3.name, o3);
|
|
1238
|
+
}, field: /* @__PURE__ */ __name((t3, e3, r2) => new o(t3.name, r2.field, e3), "field"), document: /* @__PURE__ */ __name((t3, r2) => new e(t3.name, r2), "document") };
|
|
1239
|
+
var j = class {
|
|
1240
|
+
static {
|
|
1241
|
+
__name(this, "j");
|
|
1242
|
+
}
|
|
1243
|
+
constructor(t3, e3 = h()) {
|
|
1244
|
+
this.o = void 0, this.s = void 0, this.i = void 0, this.u = void 0, this.h = void 0, this.parse = this.parse.bind(this), this.u = { operatorToConditionName: e3.operatorToConditionName || a, defaultOperatorName: e3.defaultOperatorName || "eq", mergeFinalConditions: e3.mergeFinalConditions || w }, this.o = Object.keys(t3).reduce((e4, r2) => (e4[r2] = Object.assign({ name: this.u.operatorToConditionName(r2) }, t3[r2]), e4), {}), this.s = Object.assign({}, e3.fieldContext, { field: "", query: {}, parse: this.parse, hasOperators: /* @__PURE__ */ __name((t4) => l(t4, this.o, e3.useIgnoreValue), "hasOperators") }), this.i = Object.assign({}, e3.documentContext, { parse: this.parse, query: {} }), this.h = e3.useIgnoreValue ? d : Object.keys;
|
|
1245
|
+
}
|
|
1246
|
+
setParse(t3) {
|
|
1247
|
+
this.parse = t3, this.s.parse = t3, this.i.parse = t3;
|
|
1248
|
+
}
|
|
1249
|
+
parseField(t3, e3, r2, n3) {
|
|
1250
|
+
const o3 = this.o[e3];
|
|
1251
|
+
if (!o3) throw new Error(`Unsupported operator "${e3}"`);
|
|
1252
|
+
if ("field" !== o3.type) throw new Error(`Unexpected ${o3.type} operator "${e3}" at field level`);
|
|
1253
|
+
return this.s.field = t3, this.s.query = n3, this.parseInstruction(o3, r2, this.s);
|
|
1254
|
+
}
|
|
1255
|
+
parseInstruction(t3, e3, r2) {
|
|
1256
|
+
"function" == typeof t3.validate && t3.validate(t3, e3);
|
|
1257
|
+
return (t3.parse || O[t3.type])(t3, e3, r2);
|
|
1258
|
+
}
|
|
1259
|
+
parseFieldOperators(t3, e3) {
|
|
1260
|
+
const r2 = [], n3 = this.h(e3);
|
|
1261
|
+
for (let o3 = 0, s3 = n3.length; o3 < s3; o3++) {
|
|
1262
|
+
const s4 = n3[o3];
|
|
1263
|
+
if (!this.o[s4]) throw new Error(`Field query for "${t3}" may contain only operators or a plain object as a value`);
|
|
1264
|
+
p(r2, this.parseField(t3, s4, e3[s4], e3));
|
|
1265
|
+
}
|
|
1266
|
+
return r2;
|
|
1267
|
+
}
|
|
1268
|
+
parse(t3) {
|
|
1269
|
+
const e3 = [], r2 = this.h(t3);
|
|
1270
|
+
this.i.query = t3;
|
|
1271
|
+
for (let n3 = 0, o3 = r2.length; n3 < o3; n3++) {
|
|
1272
|
+
const o4 = r2[n3], s3 = t3[o4], i4 = this.o[o4];
|
|
1273
|
+
if (i4) {
|
|
1274
|
+
if ("document" !== i4.type && "compound" !== i4.type) throw new Error(`Cannot use parsing instruction for operator "${o4}" in "document" context as it is supposed to be used in "${i4.type}" context`);
|
|
1275
|
+
p(e3, this.parseInstruction(i4, s3, this.i));
|
|
1276
|
+
} else this.s.hasOperators(s3) ? e3.push(...this.parseFieldOperators(o4, s3)) : p(e3, this.parseField(o4, this.u.defaultOperatorName, s3, t3));
|
|
1277
|
+
}
|
|
1278
|
+
return this.u.mergeFinalConditions(e3);
|
|
1279
|
+
}
|
|
1280
|
+
};
|
|
1281
|
+
function _(t3, e3) {
|
|
1282
|
+
const r2 = t3[e3];
|
|
1283
|
+
if ("function" != typeof r2) throw new Error(`Unable to interpret "${e3}" condition. Did you forget to register interpreter for it?`);
|
|
1284
|
+
return r2;
|
|
1285
|
+
}
|
|
1286
|
+
__name(_, "_");
|
|
1287
|
+
function y(t3) {
|
|
1288
|
+
return t3.operator;
|
|
1289
|
+
}
|
|
1290
|
+
__name(y, "y");
|
|
1291
|
+
function m(t3, e3) {
|
|
1292
|
+
const r2 = e3, n3 = r2 && r2.getInterpreterName || y;
|
|
1293
|
+
let o3;
|
|
1294
|
+
switch (r2 ? r2.numberOfArguments : 0) {
|
|
1295
|
+
case 1:
|
|
1296
|
+
o3 = /* @__PURE__ */ __name((e4) => {
|
|
1297
|
+
const o4 = n3(e4, r2);
|
|
1298
|
+
return _(t3, o4)(e4, s3);
|
|
1299
|
+
}, "o");
|
|
1300
|
+
break;
|
|
1301
|
+
case 3:
|
|
1302
|
+
o3 = /* @__PURE__ */ __name((e4, o4, i4) => {
|
|
1303
|
+
const c4 = n3(e4, r2);
|
|
1304
|
+
return _(t3, c4)(e4, o4, i4, s3);
|
|
1305
|
+
}, "o");
|
|
1306
|
+
break;
|
|
1307
|
+
default:
|
|
1308
|
+
o3 = /* @__PURE__ */ __name((e4, o4) => {
|
|
1309
|
+
const i4 = n3(e4, r2);
|
|
1310
|
+
return _(t3, i4)(e4, o4, s3);
|
|
1311
|
+
}, "o");
|
|
1312
|
+
}
|
|
1313
|
+
const s3 = Object.assign({}, r2, { interpret: o3 });
|
|
1314
|
+
return s3.interpret;
|
|
1315
|
+
}
|
|
1316
|
+
__name(m, "m");
|
|
1317
|
+
function v(t3, e3) {
|
|
1318
|
+
return (r2, ...n3) => {
|
|
1319
|
+
const o3 = t3(r2, ...n3), s3 = e3.bind(null, o3);
|
|
1320
|
+
return s3.ast = o3, s3;
|
|
1321
|
+
};
|
|
1322
|
+
}
|
|
1323
|
+
__name(v, "v");
|
|
1324
|
+
var x = j.prototype.parseInstruction;
|
|
1325
|
+
|
|
1326
|
+
// ../../../node_modules/@ucast/mongo/dist/es6m/index.mjs
|
|
1327
|
+
function s2(e3, t3) {
|
|
1328
|
+
if (!Array.isArray(t3)) throw new Error(`"${e3.name}" expects value to be an array`);
|
|
1329
|
+
}
|
|
1330
|
+
__name(s2, "s");
|
|
1331
|
+
function p2(e3, t3) {
|
|
1332
|
+
if (s2(e3, t3), !t3.length) throw new Error(`"${e3.name}" expects to have at least one element in array`);
|
|
1333
|
+
}
|
|
1334
|
+
__name(p2, "p");
|
|
1335
|
+
var l2 = /* @__PURE__ */ __name((e3) => (t3, r2) => {
|
|
1336
|
+
if (typeof r2 !== e3) throw new Error(`"${t3.name}" expects value to be a "${e3}"`);
|
|
1337
|
+
}, "l");
|
|
1338
|
+
var c2 = { type: "compound", validate: p2, parse(t3, r2, { parse: o3 }) {
|
|
1339
|
+
const a4 = r2.map((e3) => o3(e3));
|
|
1340
|
+
return u(t3.name, a4);
|
|
1341
|
+
} };
|
|
1342
|
+
var f2 = c2;
|
|
1343
|
+
var d2 = { type: "compound", validate: p2 };
|
|
1344
|
+
var u2 = { type: "field", validate(e3, t3) {
|
|
1345
|
+
if (!(t3 && (t3 instanceof RegExp || t3.constructor === Object))) throw new Error(`"${e3.name}" expects to receive either regular expression or object of field operators`);
|
|
1346
|
+
}, parse(e3, o3, a4) {
|
|
1347
|
+
const n3 = o3 instanceof RegExp ? new o("regex", a4.field, o3) : a4.parse(o3, a4);
|
|
1348
|
+
return new r(e3.name, [n3]);
|
|
1349
|
+
} };
|
|
1350
|
+
var $ = { type: "field", validate(e3, t3) {
|
|
1351
|
+
if (!t3 || t3.constructor !== Object) throw new Error(`"${e3.name}" expects to receive an object with nested query or field level operators`);
|
|
1352
|
+
}, parse(e3, r2, { parse: a4, field: n3, hasOperators: i4 }) {
|
|
1353
|
+
const s3 = i4(r2) ? a4(r2, { field: n }) : a4(r2);
|
|
1354
|
+
return new o(e3.name, n3, s3);
|
|
1355
|
+
} };
|
|
1356
|
+
var w2 = { type: "field", validate: l2("number") };
|
|
1357
|
+
var y2 = { type: "field", validate: s2 };
|
|
1358
|
+
var x2 = y2;
|
|
1359
|
+
var v2 = y2;
|
|
1360
|
+
var h2 = { type: "field", validate(e3, t3) {
|
|
1361
|
+
if (!Array.isArray(t3) || 2 !== t3.length) throw new Error(`"${e3.name}" expects an array with 2 numeric elements`);
|
|
1362
|
+
} };
|
|
1363
|
+
var m2 = { type: "field", validate: l2("boolean") };
|
|
1364
|
+
var g = { type: "field", validate: /* @__PURE__ */ __name(function(e3, t3) {
|
|
1365
|
+
if (!("string" == typeof t3 || "number" == typeof t3 || t3 instanceof Date)) throw new Error(`"${e3.name}" expects value to be comparable (i.e., string, number or date)`);
|
|
1366
|
+
}, "validate") };
|
|
1367
|
+
var b = g;
|
|
1368
|
+
var E = b;
|
|
1369
|
+
var j2 = b;
|
|
1370
|
+
var O2 = { type: "field" };
|
|
1371
|
+
var R = O2;
|
|
1372
|
+
var _2 = { type: "field", validate(e3, t3) {
|
|
1373
|
+
if (!(t3 instanceof RegExp) && "string" != typeof t3) throw new Error(`"${e3.name}" expects value to be a regular expression or a string that represents regular expression`);
|
|
1374
|
+
}, parse(e3, r2, o3) {
|
|
1375
|
+
const a4 = "string" == typeof r2 ? new RegExp(r2, o3.query.$options || "") : r2;
|
|
1376
|
+
return new o(e3.name, o3.field, a4);
|
|
1377
|
+
} };
|
|
1378
|
+
var q = { type: "field", parse: /* @__PURE__ */ __name(() => s, "parse") };
|
|
1379
|
+
var A = { type: "document", validate: l2("function") };
|
|
1380
|
+
var N = Object.freeze({ __proto__: null, $and: c2, $or: f2, $nor: d2, $not: u2, $elemMatch: $, $size: w2, $in: y2, $nin: x2, $all: v2, $mod: h2, $exists: m2, $gte: g, $gt: b, $lt: E, $lte: j2, $eq: O2, $ne: R, $regex: _2, $options: q, $where: A });
|
|
1381
|
+
var P = class extends j {
|
|
1382
|
+
static {
|
|
1383
|
+
__name(this, "P");
|
|
1384
|
+
}
|
|
1385
|
+
constructor(e3) {
|
|
1386
|
+
super(e3, { defaultOperatorName: "$eq", operatorToConditionName: /* @__PURE__ */ __name((e4) => e4.slice(1), "operatorToConditionName") });
|
|
1387
|
+
}
|
|
1388
|
+
parse(e3, t3) {
|
|
1389
|
+
return t3 && t3.field ? w(this.parseFieldOperators(t3.field, e3)) : super.parse(e3);
|
|
1390
|
+
}
|
|
1391
|
+
};
|
|
1392
|
+
var z = N;
|
|
1393
|
+
|
|
1394
|
+
// ../../../node_modules/@ucast/js/dist/es6m/index.mjs
|
|
1395
|
+
function n2(r2, t3, n3) {
|
|
1396
|
+
for (let e3 = 0, o3 = r2.length; e3 < o3; e3++) if (0 === n3(r2[e3], t3)) return true;
|
|
1397
|
+
return false;
|
|
1398
|
+
}
|
|
1399
|
+
__name(n2, "n");
|
|
1400
|
+
function e2(r2, t3) {
|
|
1401
|
+
return Array.isArray(r2) && Number.isNaN(Number(t3));
|
|
1402
|
+
}
|
|
1403
|
+
__name(e2, "e");
|
|
1404
|
+
function o2(r2, t3, n3) {
|
|
1405
|
+
if (!e2(r2, t3)) return n3(r2, t3);
|
|
1406
|
+
let o3 = [];
|
|
1407
|
+
for (let e3 = 0; e3 < r2.length; e3++) {
|
|
1408
|
+
const u5 = n3(r2[e3], t3);
|
|
1409
|
+
void 0 !== u5 && (o3 = o3.concat(u5));
|
|
1410
|
+
}
|
|
1411
|
+
return o3;
|
|
1412
|
+
}
|
|
1413
|
+
__name(o2, "o");
|
|
1414
|
+
function u3(r2) {
|
|
1415
|
+
return (t3, n3, e3) => {
|
|
1416
|
+
const o3 = e3.get(n3, t3.field);
|
|
1417
|
+
return Array.isArray(o3) ? o3.some((n4) => r2(t3, n4, e3)) : r2(t3, o3, e3);
|
|
1418
|
+
};
|
|
1419
|
+
}
|
|
1420
|
+
__name(u3, "u");
|
|
1421
|
+
var c3 = /* @__PURE__ */ __name((r2, t3) => r2[t3], "c");
|
|
1422
|
+
function i2(r2, t3, n3) {
|
|
1423
|
+
const e3 = t3.lastIndexOf(".");
|
|
1424
|
+
return -1 === e3 ? [r2, t3] : [n3(r2, t3.slice(0, e3)), t3.slice(e3 + 1)];
|
|
1425
|
+
}
|
|
1426
|
+
__name(i2, "i");
|
|
1427
|
+
function f3(t3, n3, e3 = c3) {
|
|
1428
|
+
if (n3 === n) return t3;
|
|
1429
|
+
if (!t3) throw new Error(`Unable to get field "${n3}" out of ${String(t3)}.`);
|
|
1430
|
+
return (function(r2, t4, n4) {
|
|
1431
|
+
if (-1 === t4.indexOf(".")) return o2(r2, t4, n4);
|
|
1432
|
+
const e4 = t4.split(".");
|
|
1433
|
+
let u5 = r2;
|
|
1434
|
+
for (let r3 = 0, t5 = e4.length; r3 < t5; r3++) if (u5 = o2(u5, e4[r3], n4), !u5 || "object" != typeof u5) return u5;
|
|
1435
|
+
return u5;
|
|
1436
|
+
})(t3, n3, e3);
|
|
1437
|
+
}
|
|
1438
|
+
__name(f3, "f");
|
|
1439
|
+
function a2(r2, t3) {
|
|
1440
|
+
return r2 === t3 ? 0 : r2 > t3 ? 1 : -1;
|
|
1441
|
+
}
|
|
1442
|
+
__name(a2, "a");
|
|
1443
|
+
function l3(r2, n3 = {}) {
|
|
1444
|
+
return m(r2, Object.assign({ get: f3, compare: a2 }, n3));
|
|
1445
|
+
}
|
|
1446
|
+
__name(l3, "l");
|
|
1447
|
+
var p3 = /* @__PURE__ */ __name((r2, t3, { interpret: n3 }) => r2.value.some((r3) => n3(r3, t3)), "p");
|
|
1448
|
+
var g2 = /* @__PURE__ */ __name((r2, t3, n3) => !p3(r2, t3, n3), "g");
|
|
1449
|
+
var m3 = /* @__PURE__ */ __name((r2, t3, { interpret: n3 }) => r2.value.every((r3) => n3(r3, t3)), "m");
|
|
1450
|
+
var y3 = /* @__PURE__ */ __name((r2, t3, { interpret: n3 }) => !n3(r2.value[0], t3), "y");
|
|
1451
|
+
var b2 = /* @__PURE__ */ __name((r2, t3, { compare: e3, get: o3 }) => {
|
|
1452
|
+
const u5 = o3(t3, r2.field);
|
|
1453
|
+
return Array.isArray(u5) && !Array.isArray(r2.value) ? n2(u5, r2.value, e3) : 0 === e3(u5, r2.value);
|
|
1454
|
+
}, "b");
|
|
1455
|
+
var A2 = /* @__PURE__ */ __name((r2, t3, n3) => !b2(r2, t3, n3), "A");
|
|
1456
|
+
var d3 = u3((r2, t3, n3) => {
|
|
1457
|
+
const e3 = n3.compare(t3, r2.value);
|
|
1458
|
+
return 0 === e3 || -1 === e3;
|
|
1459
|
+
});
|
|
1460
|
+
var h3 = u3((r2, t3, n3) => -1 === n3.compare(t3, r2.value));
|
|
1461
|
+
var j3 = u3((r2, t3, n3) => 1 === n3.compare(t3, r2.value));
|
|
1462
|
+
var w3 = u3((r2, t3, n3) => {
|
|
1463
|
+
const e3 = n3.compare(t3, r2.value);
|
|
1464
|
+
return 0 === e3 || 1 === e3;
|
|
1465
|
+
});
|
|
1466
|
+
var _3 = /* @__PURE__ */ __name((t3, n3, { get: o3 }) => {
|
|
1467
|
+
if (t3.field === n) return void 0 !== n3;
|
|
1468
|
+
const [u5, c4] = i2(n3, t3.field, o3), f4 = /* @__PURE__ */ __name((r2) => null == r2 ? Boolean(r2) === t3.value : r2.hasOwnProperty(c4) === t3.value, "f");
|
|
1469
|
+
return e2(u5, c4) ? u5.some(f4) : f4(u5);
|
|
1470
|
+
}, "_");
|
|
1471
|
+
var v3 = u3((r2, t3) => "number" == typeof t3 && t3 % r2.value[0] === r2.value[1]);
|
|
1472
|
+
var x3 = /* @__PURE__ */ __name((t3, n3, { get: o3 }) => {
|
|
1473
|
+
const [u5, c4] = i2(n3, t3.field, o3), f4 = /* @__PURE__ */ __name((r2) => {
|
|
1474
|
+
const n4 = o3(r2, c4);
|
|
1475
|
+
return Array.isArray(n4) && n4.length === t3.value;
|
|
1476
|
+
}, "f");
|
|
1477
|
+
return t3.field !== n && e2(u5, c4) ? u5.some(f4) : f4(u5);
|
|
1478
|
+
}, "x");
|
|
1479
|
+
var O3 = u3((r2, t3) => "string" == typeof t3 && r2.value.test(t3));
|
|
1480
|
+
var N2 = u3((r2, t3, { compare: e3 }) => n2(r2.value, t3, e3));
|
|
1481
|
+
var $2 = /* @__PURE__ */ __name((r2, t3, n3) => !N2(r2, t3, n3), "$");
|
|
1482
|
+
var q2 = /* @__PURE__ */ __name((r2, t3, { compare: e3, get: o3 }) => {
|
|
1483
|
+
const u5 = o3(t3, r2.field);
|
|
1484
|
+
return Array.isArray(u5) && r2.value.every((r3) => n2(u5, r3, e3));
|
|
1485
|
+
}, "q");
|
|
1486
|
+
var z2 = /* @__PURE__ */ __name((r2, t3, { interpret: n3, get: e3 }) => {
|
|
1487
|
+
const o3 = e3(t3, r2.field);
|
|
1488
|
+
return Array.isArray(o3) && o3.some((t4) => n3(r2.value, t4));
|
|
1489
|
+
}, "z");
|
|
1490
|
+
var B = /* @__PURE__ */ __name((r2, t3) => r2.value.call(t3), "B");
|
|
1491
|
+
var E2 = Object.freeze({ __proto__: null, or: p3, nor: g2, and: m3, not: y3, eq: b2, ne: A2, lte: d3, lt: h3, gt: j3, gte: w3, exists: _3, mod: v3, size: x3, regex: O3, within: N2, nin: $2, all: q2, elemMatch: z2, where: B });
|
|
1492
|
+
var M = Object.assign({}, E2, { in: N2 });
|
|
1493
|
+
var S = l3(M);
|
|
1494
|
+
|
|
1495
|
+
// ../../../node_modules/@ucast/mongo2js/dist/es6m/index.mjs
|
|
1496
|
+
function i3(o3) {
|
|
1497
|
+
return null === o3 || "object" != typeof o3 ? o3 : o3 instanceof Date ? o3.getTime() : o3 && "function" == typeof o3.toJSON ? o3.toJSON() : o3;
|
|
1498
|
+
}
|
|
1499
|
+
__name(i3, "i");
|
|
1500
|
+
var m4 = /* @__PURE__ */ __name((o3, t3) => a2(i3(o3), i3(t3)), "m");
|
|
1501
|
+
function p4(r2, c4, f4) {
|
|
1502
|
+
const s3 = new P(r2), i4 = l3(c4, Object.assign({ compare: m4 }, f4));
|
|
1503
|
+
if (f4 && f4.forPrimitives) {
|
|
1504
|
+
const o3 = { field: n }, e3 = s3.parse;
|
|
1505
|
+
s3.setParse((t3) => e3(t3, o3));
|
|
1506
|
+
}
|
|
1507
|
+
return v(s3.parse, i4);
|
|
1508
|
+
}
|
|
1509
|
+
__name(p4, "p");
|
|
1510
|
+
var u4 = p4(z, M);
|
|
1511
|
+
var a3 = p4(["$and", "$or"].reduce((o3, t3) => (o3[t3] = Object.assign({}, o3[t3], { type: "field" }), o3), Object.assign({}, z, { $nor: Object.assign({}, z.$nor, { type: "field", parse: O.compound }) })), M, { forPrimitives: true });
|
|
1512
|
+
|
|
1513
|
+
// ../../../node_modules/@casl/ability/dist/es6m/index.mjs
|
|
1514
|
+
var O4 = Object.hasOwn || ((t3, i4) => Object.prototype.hasOwnProperty.call(t3, i4));
|
|
1515
|
+
function C(t3) {
|
|
1516
|
+
return Array.isArray(t3) ? t3 : [t3];
|
|
1517
|
+
}
|
|
1518
|
+
__name(C, "C");
|
|
1519
|
+
var R2 = "__caslSubjectType__";
|
|
1520
|
+
var S2 = /* @__PURE__ */ __name((t3) => {
|
|
1521
|
+
const i4 = typeof t3;
|
|
1522
|
+
return i4 === "string" || i4 === "function";
|
|
1523
|
+
}, "S");
|
|
1524
|
+
var T = /* @__PURE__ */ __name((t3) => t3.modelName || t3.name, "T");
|
|
1525
|
+
function z3(t3) {
|
|
1526
|
+
return typeof t3 === "string" ? t3 : T(t3);
|
|
1527
|
+
}
|
|
1528
|
+
__name(z3, "z");
|
|
1529
|
+
function B2(t3) {
|
|
1530
|
+
if (O4(t3, R2)) return t3[R2];
|
|
1531
|
+
return T(t3.constructor);
|
|
1532
|
+
}
|
|
1533
|
+
__name(B2, "B");
|
|
1534
|
+
var q3 = { function: /* @__PURE__ */ __name((t3) => t3.constructor, "function"), string: B2 };
|
|
1535
|
+
function G(t3, i4, e3) {
|
|
1536
|
+
for (let s3 = e3; s3 < i4.length; s3++) t3.push(i4[s3]);
|
|
1537
|
+
}
|
|
1538
|
+
__name(G, "G");
|
|
1539
|
+
function H(t3, i4) {
|
|
1540
|
+
if (!t3 || !t3.length) return i4 || [];
|
|
1541
|
+
if (!i4 || !i4.length) return t3 || [];
|
|
1542
|
+
let e3 = 0;
|
|
1543
|
+
let s3 = 0;
|
|
1544
|
+
const n3 = [];
|
|
1545
|
+
while (e3 < t3.length && s3 < i4.length) if (t3[e3].priority < i4[s3].priority) {
|
|
1546
|
+
n3.push(t3[e3]);
|
|
1547
|
+
e3++;
|
|
1548
|
+
} else {
|
|
1549
|
+
n3.push(i4[s3]);
|
|
1550
|
+
s3++;
|
|
1551
|
+
}
|
|
1552
|
+
G(n3, t3, e3);
|
|
1553
|
+
G(n3, i4, s3);
|
|
1554
|
+
return n3;
|
|
1555
|
+
}
|
|
1556
|
+
__name(H, "H");
|
|
1557
|
+
function I(t3, i4, e3) {
|
|
1558
|
+
let s3 = t3.get(i4);
|
|
1559
|
+
if (!s3) {
|
|
1560
|
+
s3 = e3();
|
|
1561
|
+
t3.set(i4, s3);
|
|
1562
|
+
}
|
|
1563
|
+
return s3;
|
|
1564
|
+
}
|
|
1565
|
+
__name(I, "I");
|
|
1566
|
+
var J = /* @__PURE__ */ __name((t3) => t3, "J");
|
|
1567
|
+
function K(t3, i4) {
|
|
1568
|
+
if (Array.isArray(t3.fields) && !t3.fields.length) throw new Error("`rawRule.fields` cannot be an empty array. https://bit.ly/390miLa");
|
|
1569
|
+
if (t3.fields && !i4.fieldMatcher) throw new Error('You need to pass "fieldMatcher" option in order to restrict access by fields');
|
|
1570
|
+
if (t3.conditions && !i4.conditionsMatcher) throw new Error('You need to pass "conditionsMatcher" option in order to restrict access by conditions');
|
|
1571
|
+
}
|
|
1572
|
+
__name(K, "K");
|
|
1573
|
+
var N3 = class {
|
|
1574
|
+
static {
|
|
1575
|
+
__name(this, "N");
|
|
1576
|
+
}
|
|
1577
|
+
constructor(t3, i4, e3 = 0) {
|
|
1578
|
+
K(t3, i4);
|
|
1579
|
+
this.action = i4.resolveAction(t3.action);
|
|
1580
|
+
this.subject = t3.subject;
|
|
1581
|
+
this.inverted = !!t3.inverted;
|
|
1582
|
+
this.conditions = t3.conditions;
|
|
1583
|
+
this.reason = t3.reason;
|
|
1584
|
+
this.origin = t3;
|
|
1585
|
+
this.fields = t3.fields ? C(t3.fields) : void 0;
|
|
1586
|
+
this.priority = e3;
|
|
1587
|
+
this.t = i4;
|
|
1588
|
+
}
|
|
1589
|
+
i() {
|
|
1590
|
+
if (this.conditions && !this.o) this.o = this.t.conditionsMatcher(this.conditions);
|
|
1591
|
+
return this.o;
|
|
1592
|
+
}
|
|
1593
|
+
get ast() {
|
|
1594
|
+
const t3 = this.i();
|
|
1595
|
+
return t3 ? t3.ast : void 0;
|
|
1596
|
+
}
|
|
1597
|
+
matchesConditions(t3) {
|
|
1598
|
+
if (!this.conditions) return true;
|
|
1599
|
+
if (!t3 || S2(t3)) return !this.inverted;
|
|
1600
|
+
const i4 = this.i();
|
|
1601
|
+
return i4(t3);
|
|
1602
|
+
}
|
|
1603
|
+
matchesField(t3) {
|
|
1604
|
+
if (!this.fields) return true;
|
|
1605
|
+
if (!t3) return !this.inverted;
|
|
1606
|
+
if (!this.u) this.u = this.t.fieldMatcher(this.fields);
|
|
1607
|
+
return this.u(t3);
|
|
1608
|
+
}
|
|
1609
|
+
};
|
|
1610
|
+
function Q(t3, i4) {
|
|
1611
|
+
const e3 = { value: t3, prev: i4, next: null };
|
|
1612
|
+
if (i4) i4.next = e3;
|
|
1613
|
+
return e3;
|
|
1614
|
+
}
|
|
1615
|
+
__name(Q, "Q");
|
|
1616
|
+
function V(t3) {
|
|
1617
|
+
if (t3.next) t3.next.prev = t3.prev;
|
|
1618
|
+
if (t3.prev) t3.prev.next = t3.next;
|
|
1619
|
+
t3.next = t3.prev = null;
|
|
1620
|
+
}
|
|
1621
|
+
__name(V, "V");
|
|
1622
|
+
var W = /* @__PURE__ */ __name((t3) => ({ value: t3.value, prev: t3.prev, next: t3.next }), "W");
|
|
1623
|
+
var X = /* @__PURE__ */ __name(() => ({ rules: [], merged: false }), "X");
|
|
1624
|
+
var Z = /* @__PURE__ */ __name(() => /* @__PURE__ */ new Map(), "Z");
|
|
1625
|
+
var tt = class {
|
|
1626
|
+
static {
|
|
1627
|
+
__name(this, "tt");
|
|
1628
|
+
}
|
|
1629
|
+
constructor(t3 = [], i4 = {}) {
|
|
1630
|
+
this.h = false;
|
|
1631
|
+
this.l = /* @__PURE__ */ new Map();
|
|
1632
|
+
this.p = { conditionsMatcher: i4.conditionsMatcher, fieldMatcher: i4.fieldMatcher, resolveAction: i4.resolveAction || J };
|
|
1633
|
+
this.$ = i4.anyAction || "manage";
|
|
1634
|
+
this.A = i4.anySubjectType || "all";
|
|
1635
|
+
this.m = t3;
|
|
1636
|
+
this.M = !!i4.detectSubjectType;
|
|
1637
|
+
this.j = i4.detectSubjectType || B2;
|
|
1638
|
+
this.v(t3);
|
|
1639
|
+
}
|
|
1640
|
+
get rules() {
|
|
1641
|
+
return this.m;
|
|
1642
|
+
}
|
|
1643
|
+
detectSubjectType(t3) {
|
|
1644
|
+
if (S2(t3)) return t3;
|
|
1645
|
+
if (!t3) return this.A;
|
|
1646
|
+
return this.j(t3);
|
|
1647
|
+
}
|
|
1648
|
+
update(t3) {
|
|
1649
|
+
const i4 = { rules: t3, ability: this, target: this };
|
|
1650
|
+
this._("update", i4);
|
|
1651
|
+
this.m = t3;
|
|
1652
|
+
this.v(t3);
|
|
1653
|
+
this._("updated", i4);
|
|
1654
|
+
return this;
|
|
1655
|
+
}
|
|
1656
|
+
v(t3) {
|
|
1657
|
+
const i4 = /* @__PURE__ */ new Map();
|
|
1658
|
+
let e3;
|
|
1659
|
+
for (let s3 = t3.length - 1; s3 >= 0; s3--) {
|
|
1660
|
+
const n3 = t3.length - s3 - 1;
|
|
1661
|
+
const r2 = new N3(t3[s3], this.p, n3);
|
|
1662
|
+
const o3 = C(r2.action);
|
|
1663
|
+
const c4 = C(r2.subject || this.A);
|
|
1664
|
+
if (!this.h && r2.fields) this.h = true;
|
|
1665
|
+
for (let t4 = 0; t4 < c4.length; t4++) {
|
|
1666
|
+
const s4 = I(i4, c4[t4], Z);
|
|
1667
|
+
if (e3 === void 0) e3 = typeof c4[t4];
|
|
1668
|
+
if (typeof c4[t4] !== e3 && e3 !== "mixed") e3 = "mixed";
|
|
1669
|
+
for (let t5 = 0; t5 < o3.length; t5++) I(s4, o3[t5], X).rules.push(r2);
|
|
1670
|
+
}
|
|
1671
|
+
}
|
|
1672
|
+
this.l = i4;
|
|
1673
|
+
if (e3 !== "mixed" && !this.M) {
|
|
1674
|
+
const t4 = q3[e3] || q3.string;
|
|
1675
|
+
this.j = t4;
|
|
1676
|
+
}
|
|
1677
|
+
}
|
|
1678
|
+
possibleRulesFor(t3, i4 = this.A) {
|
|
1679
|
+
if (!S2(i4)) throw new Error('"possibleRulesFor" accepts only subject types (i.e., string or class) as the 2nd parameter');
|
|
1680
|
+
const e3 = I(this.l, i4, Z);
|
|
1681
|
+
const s3 = I(e3, t3, X);
|
|
1682
|
+
if (s3.merged) return s3.rules;
|
|
1683
|
+
const n3 = t3 !== this.$ && e3.has(this.$) ? e3.get(this.$).rules : void 0;
|
|
1684
|
+
let r2 = H(s3.rules, n3);
|
|
1685
|
+
if (i4 !== this.A) r2 = H(r2, this.possibleRulesFor(t3, this.A));
|
|
1686
|
+
s3.rules = r2;
|
|
1687
|
+
s3.merged = true;
|
|
1688
|
+
return r2;
|
|
1689
|
+
}
|
|
1690
|
+
rulesFor(t3, i4, e3) {
|
|
1691
|
+
const s3 = this.possibleRulesFor(t3, i4);
|
|
1692
|
+
if (e3 && typeof e3 !== "string") throw new Error("The 3rd, `field` parameter is expected to be a string. See https://stalniy.github.io/casl/en/api/casl-ability#can-of-pure-ability for details");
|
|
1693
|
+
if (!this.h) return s3;
|
|
1694
|
+
return s3.filter((t4) => t4.matchesField(e3));
|
|
1695
|
+
}
|
|
1696
|
+
actionsFor(t3) {
|
|
1697
|
+
if (!S2(t3)) throw new Error('"actionsFor" accepts only subject types (i.e., string or class) as a parameter');
|
|
1698
|
+
const i4 = /* @__PURE__ */ new Set();
|
|
1699
|
+
const e3 = this.l.get(t3);
|
|
1700
|
+
if (e3) Array.from(e3.keys()).forEach((t4) => i4.add(t4));
|
|
1701
|
+
const s3 = t3 !== this.A ? this.l.get(this.A) : void 0;
|
|
1702
|
+
if (s3) Array.from(s3.keys()).forEach((t4) => i4.add(t4));
|
|
1703
|
+
return Array.from(i4);
|
|
1704
|
+
}
|
|
1705
|
+
on(t3, i4) {
|
|
1706
|
+
this.F = this.F || /* @__PURE__ */ new Map();
|
|
1707
|
+
const e3 = this.F;
|
|
1708
|
+
const s3 = e3.get(t3) || null;
|
|
1709
|
+
const n3 = Q(i4, s3);
|
|
1710
|
+
e3.set(t3, n3);
|
|
1711
|
+
return () => {
|
|
1712
|
+
const i5 = e3.get(t3);
|
|
1713
|
+
if (!n3.next && !n3.prev && i5 === n3) e3.delete(t3);
|
|
1714
|
+
else if (n3 === i5) e3.set(t3, n3.prev);
|
|
1715
|
+
V(n3);
|
|
1716
|
+
};
|
|
1717
|
+
}
|
|
1718
|
+
_(t3, i4) {
|
|
1719
|
+
if (!this.F) return;
|
|
1720
|
+
let e3 = this.F.get(t3) || null;
|
|
1721
|
+
while (e3 !== null) {
|
|
1722
|
+
const t4 = e3.prev ? W(e3.prev) : null;
|
|
1723
|
+
e3.value(i4);
|
|
1724
|
+
e3 = t4;
|
|
1725
|
+
}
|
|
1726
|
+
}
|
|
1727
|
+
};
|
|
1728
|
+
var PureAbility = class extends tt {
|
|
1729
|
+
static {
|
|
1730
|
+
__name(this, "PureAbility");
|
|
1731
|
+
}
|
|
1732
|
+
can(t3, i4, e3) {
|
|
1733
|
+
const s3 = this.relevantRuleFor(t3, i4, e3);
|
|
1734
|
+
return !!s3 && !s3.inverted;
|
|
1735
|
+
}
|
|
1736
|
+
relevantRuleFor(t3, i4, e3) {
|
|
1737
|
+
const s3 = this.detectSubjectType(i4);
|
|
1738
|
+
const n3 = this.rulesFor(t3, s3, e3);
|
|
1739
|
+
for (let t4 = 0, e4 = n3.length; t4 < e4; t4++) if (n3[t4].matchesConditions(i4)) return n3[t4];
|
|
1740
|
+
return null;
|
|
1741
|
+
}
|
|
1742
|
+
cannot(t3, i4, e3) {
|
|
1743
|
+
return !this.can(t3, i4, e3);
|
|
1744
|
+
}
|
|
1745
|
+
};
|
|
1746
|
+
var it = { $eq: O2, $ne: R, $lt: E, $lte: j2, $gt: b, $gte: g, $in: y2, $nin: x2, $all: v2, $size: w2, $regex: _2, $options: q, $elemMatch: $, $exists: m2 };
|
|
1747
|
+
var et = { eq: b2, ne: A2, lt: h3, lte: d3, gt: j3, gte: w3, in: N2, nin: $2, all: q2, size: x3, regex: O3, elemMatch: z2, exists: _3, and: m3 };
|
|
1748
|
+
var nt = p4(it, et);
|
|
1749
|
+
function isAbilityClass(t3) {
|
|
1750
|
+
return t3.prototype !== void 0 && typeof t3.prototype.possibleRulesFor === "function";
|
|
1751
|
+
}
|
|
1752
|
+
__name(isAbilityClass, "isAbilityClass");
|
|
1753
|
+
var dt = class {
|
|
1754
|
+
static {
|
|
1755
|
+
__name(this, "dt");
|
|
1756
|
+
}
|
|
1757
|
+
constructor(t3) {
|
|
1758
|
+
this.O = t3;
|
|
1759
|
+
}
|
|
1760
|
+
because(t3) {
|
|
1761
|
+
this.O.reason = t3;
|
|
1762
|
+
return this;
|
|
1763
|
+
}
|
|
1764
|
+
};
|
|
1765
|
+
var AbilityBuilder = class {
|
|
1766
|
+
static {
|
|
1767
|
+
__name(this, "AbilityBuilder");
|
|
1768
|
+
}
|
|
1769
|
+
constructor(t3) {
|
|
1770
|
+
this.rules = [];
|
|
1771
|
+
this.C = t3;
|
|
1772
|
+
this.can = (t4, i4, e3, s3) => this.R(t4, i4, e3, s3, false);
|
|
1773
|
+
this.cannot = (t4, i4, e3, s3) => this.R(t4, i4, e3, s3, true);
|
|
1774
|
+
this.build = (t4) => isAbilityClass(this.C) ? new this.C(this.rules, t4) : this.C(this.rules, t4);
|
|
1775
|
+
}
|
|
1776
|
+
R(t3, i4, e3, s3, n3) {
|
|
1777
|
+
const r2 = { action: t3 };
|
|
1778
|
+
if (n3) r2.inverted = n3;
|
|
1779
|
+
if (i4) {
|
|
1780
|
+
r2.subject = i4;
|
|
1781
|
+
if (Array.isArray(e3) || typeof e3 === "string") r2.fields = e3;
|
|
1782
|
+
else if (typeof e3 !== "undefined") r2.conditions = e3;
|
|
1783
|
+
if (typeof s3 !== "undefined") r2.conditions = s3;
|
|
1784
|
+
}
|
|
1785
|
+
this.rules.push(r2);
|
|
1786
|
+
return new dt(r2);
|
|
1787
|
+
}
|
|
1788
|
+
};
|
|
1789
|
+
var yt = /* @__PURE__ */ __name((t3) => `Cannot execute "${t3.action}" on "${t3.subjectType}"`, "yt");
|
|
1790
|
+
var pt = /* @__PURE__ */ __name(function t2(i4) {
|
|
1791
|
+
this.message = i4;
|
|
1792
|
+
}, "t");
|
|
1793
|
+
pt.prototype = Object.create(Error.prototype);
|
|
1794
|
+
var ForbiddenError = class extends pt {
|
|
1795
|
+
static {
|
|
1796
|
+
__name(this, "ForbiddenError");
|
|
1797
|
+
}
|
|
1798
|
+
static setDefaultMessage(t3) {
|
|
1799
|
+
this.P = typeof t3 === "string" ? () => t3 : t3;
|
|
1800
|
+
}
|
|
1801
|
+
static from(t3) {
|
|
1802
|
+
return new this(t3);
|
|
1803
|
+
}
|
|
1804
|
+
constructor(t3) {
|
|
1805
|
+
super("");
|
|
1806
|
+
this.ability = t3;
|
|
1807
|
+
if (typeof Error.captureStackTrace === "function") {
|
|
1808
|
+
this.name = "ForbiddenError";
|
|
1809
|
+
Error.captureStackTrace(this, this.constructor);
|
|
1810
|
+
}
|
|
1811
|
+
}
|
|
1812
|
+
setMessage(t3) {
|
|
1813
|
+
this.message = t3;
|
|
1814
|
+
return this;
|
|
1815
|
+
}
|
|
1816
|
+
throwUnlessCan(t3, i4, e3) {
|
|
1817
|
+
const s3 = this.unlessCan(t3, i4, e3);
|
|
1818
|
+
if (s3) throw s3;
|
|
1819
|
+
}
|
|
1820
|
+
unlessCan(t3, i4, e3) {
|
|
1821
|
+
const s3 = this.ability.relevantRuleFor(t3, i4, e3);
|
|
1822
|
+
if (s3 && !s3.inverted) return;
|
|
1823
|
+
this.action = t3;
|
|
1824
|
+
this.subject = i4;
|
|
1825
|
+
this.subjectType = z3(this.ability.detectSubjectType(i4));
|
|
1826
|
+
this.field = e3;
|
|
1827
|
+
const n3 = s3 ? s3.reason : "";
|
|
1828
|
+
this.message = this.message || n3 || this.constructor.P(this);
|
|
1829
|
+
return this;
|
|
1830
|
+
}
|
|
1831
|
+
};
|
|
1832
|
+
ForbiddenError.P = yt;
|
|
1833
|
+
var bt = Object.freeze({ __proto__: null });
|
|
1834
|
+
|
|
1835
|
+
// ../nestjs-authzpaas/dist/index.js
|
|
1836
|
+
import { HttpException } from "@nestjs/common";
|
|
1837
|
+
import { PLATFORM_HTTP_CLIENT as PLATFORM_HTTP_CLIENT3, PlatformHttpClient as PlatformHttpClient2 } from "@lark-apaas/nestjs-common";
|
|
1838
|
+
import { RequestContextService as RequestContextService4 } from "@lark-apaas/nestjs-common";
|
|
1839
|
+
import { Injectable as Injectable42, Logger as Logger4, Inject as Inject22 } from "@nestjs/common";
|
|
1840
|
+
import { Reflector as Reflector3 } from "@nestjs/core";
|
|
1841
|
+
import { OBSERVABLE_SERVICE as OBSERVABLE_SERVICE2, ObservableService as ObservableService2 } from "@lark-apaas/nestjs-common";
|
|
1842
|
+
import { SetMetadata as SetMetadata3 } from "@nestjs/common";
|
|
1843
|
+
var __defProp2 = Object.defineProperty;
|
|
1844
|
+
var __name2 = /* @__PURE__ */ __name((target, value) => __defProp2(target, "name", {
|
|
1845
|
+
value,
|
|
1846
|
+
configurable: true
|
|
1847
|
+
}), "__name");
|
|
1848
|
+
var __defProp22 = Object.defineProperty;
|
|
1849
|
+
var __name22 = /* @__PURE__ */ __name2((target, value) => __defProp22(target, "name", {
|
|
1850
|
+
value,
|
|
1851
|
+
configurable: true
|
|
1852
|
+
}), "__name");
|
|
1853
|
+
var AUTHNPAAS_MODULE_OPTIONS = /* @__PURE__ */ Symbol("AUTHNPAAS_MODULE_OPTIONS");
|
|
1854
|
+
var NEED_LOGIN_KEY = "authnpaas:needLogin";
|
|
1855
|
+
function _ts_decorate10(decorators, target, key, desc) {
|
|
1856
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
1857
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
1858
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
1859
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
1860
|
+
}
|
|
1861
|
+
__name(_ts_decorate10, "_ts_decorate");
|
|
1862
|
+
__name2(_ts_decorate10, "_ts_decorate");
|
|
1863
|
+
__name22(_ts_decorate10, "_ts_decorate");
|
|
1864
|
+
function _ts_metadata7(k, v4) {
|
|
1865
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
|
|
1866
|
+
}
|
|
1867
|
+
__name(_ts_metadata7, "_ts_metadata");
|
|
1868
|
+
__name2(_ts_metadata7, "_ts_metadata");
|
|
1869
|
+
__name22(_ts_metadata7, "_ts_metadata");
|
|
1870
|
+
var AuthNPaasGuard = class {
|
|
1871
|
+
static {
|
|
1872
|
+
__name(this, "AuthNPaasGuard");
|
|
1873
|
+
}
|
|
1874
|
+
static {
|
|
1875
|
+
__name2(this, "AuthNPaasGuard");
|
|
1876
|
+
}
|
|
1877
|
+
static {
|
|
1878
|
+
__name22(this, "AuthNPaasGuard");
|
|
1879
|
+
}
|
|
1880
|
+
reflector;
|
|
1881
|
+
constructor(reflector) {
|
|
1882
|
+
this.reflector = reflector;
|
|
1883
|
+
}
|
|
1884
|
+
async canActivate(context) {
|
|
1885
|
+
const http = context.switchToHttp();
|
|
1886
|
+
const request = http.getRequest();
|
|
1887
|
+
const response = http.getResponse();
|
|
1888
|
+
const { userId, loginUrl } = request.userContext || {};
|
|
1889
|
+
const needLoginMeta = this.reflector.getAllAndOverride(NEED_LOGIN_KEY, [
|
|
1890
|
+
context.getHandler(),
|
|
1891
|
+
context.getClass()
|
|
1892
|
+
]);
|
|
1893
|
+
if (needLoginMeta && !userId && loginUrl) {
|
|
1894
|
+
response.setHeader("x-login-url", loginUrl);
|
|
1895
|
+
throw new UnauthorizedException("\u672A\u767B\u5F55");
|
|
1896
|
+
}
|
|
1897
|
+
return true;
|
|
1898
|
+
}
|
|
1899
|
+
};
|
|
1900
|
+
AuthNPaasGuard = _ts_decorate10([
|
|
1901
|
+
Injectable10(),
|
|
1902
|
+
_ts_metadata7("design:type", Function),
|
|
1903
|
+
_ts_metadata7("design:paramtypes", [
|
|
1904
|
+
typeof Reflector === "undefined" ? Object : Reflector
|
|
1905
|
+
])
|
|
1906
|
+
], AuthNPaasGuard);
|
|
1907
|
+
function _ts_decorate22(decorators, target, key, desc) {
|
|
1908
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
1909
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
1910
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
1911
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
1912
|
+
}
|
|
1913
|
+
__name(_ts_decorate22, "_ts_decorate2");
|
|
1914
|
+
__name2(_ts_decorate22, "_ts_decorate2");
|
|
1915
|
+
__name22(_ts_decorate22, "_ts_decorate");
|
|
1916
|
+
var AuthNPaasModule = class _AuthNPaasModule {
|
|
1917
|
+
static {
|
|
1918
|
+
__name(this, "_AuthNPaasModule");
|
|
1919
|
+
}
|
|
1920
|
+
static {
|
|
1921
|
+
__name2(this, "_AuthNPaasModule");
|
|
1922
|
+
}
|
|
1923
|
+
static {
|
|
1924
|
+
__name22(this, "AuthNPaasModule");
|
|
1925
|
+
}
|
|
1926
|
+
static forRoot(options) {
|
|
1927
|
+
return {
|
|
1928
|
+
module: _AuthNPaasModule,
|
|
1929
|
+
global: true,
|
|
1930
|
+
controllers: [],
|
|
1931
|
+
providers: [
|
|
1932
|
+
// 配置提供者
|
|
1933
|
+
{
|
|
1934
|
+
provide: AUTHNPAAS_MODULE_OPTIONS,
|
|
1935
|
+
useValue: {
|
|
1936
|
+
...options || {}
|
|
1937
|
+
}
|
|
1938
|
+
},
|
|
1939
|
+
// 核心服务
|
|
1940
|
+
Reflector2,
|
|
1941
|
+
// 服务提供者
|
|
1942
|
+
AuthNPaasGuard,
|
|
1943
|
+
// 守卫提供者
|
|
1944
|
+
{
|
|
1945
|
+
provide: APP_GUARD,
|
|
1946
|
+
useClass: AuthNPaasGuard
|
|
1947
|
+
}
|
|
1948
|
+
],
|
|
1949
|
+
exports: []
|
|
1950
|
+
};
|
|
1951
|
+
}
|
|
1952
|
+
};
|
|
1953
|
+
AuthNPaasModule = _ts_decorate22([
|
|
1954
|
+
Module({})
|
|
1955
|
+
], AuthNPaasModule);
|
|
1956
|
+
var IS_PUBLIC_KEY = "isPublic";
|
|
1957
|
+
var Public = /* @__PURE__ */ __name22(() => SetMetadata(IS_PUBLIC_KEY, true), "Public");
|
|
1958
|
+
var PERMISSION_API_CONFIG_TOKEN = /* @__PURE__ */ Symbol("PERMISSION_API_CONFIG");
|
|
1959
|
+
var AUTHZPAAS_MODULE_OPTIONS = /* @__PURE__ */ Symbol("AUTHZPAAS_MODULE_OPTIONS");
|
|
1960
|
+
var ROLES_KEY = "authzpaas:roles";
|
|
1961
|
+
function _ts_decorate32(decorators, target, key, desc) {
|
|
1962
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
1963
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
1964
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
1965
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
1966
|
+
}
|
|
1967
|
+
__name(_ts_decorate32, "_ts_decorate3");
|
|
1968
|
+
__name2(_ts_decorate32, "_ts_decorate");
|
|
1969
|
+
var ROLE_SUBJECT = "@role";
|
|
1970
|
+
var AbilityFactory = class {
|
|
1971
|
+
static {
|
|
1972
|
+
__name(this, "AbilityFactory");
|
|
1973
|
+
}
|
|
1974
|
+
static {
|
|
1975
|
+
__name2(this, "AbilityFactory");
|
|
1976
|
+
}
|
|
1977
|
+
/**
|
|
1978
|
+
* 为用户创建 Ability
|
|
1979
|
+
*/
|
|
1980
|
+
createForUser(permissionData) {
|
|
1981
|
+
const { can, build } = new AbilityBuilder(PureAbility);
|
|
1982
|
+
for (const role of permissionData.roles) {
|
|
1983
|
+
can(role, ROLE_SUBJECT);
|
|
1984
|
+
}
|
|
1985
|
+
return build();
|
|
1986
|
+
}
|
|
1987
|
+
};
|
|
1988
|
+
AbilityFactory = _ts_decorate32([
|
|
1989
|
+
Injectable22()
|
|
1990
|
+
], AbilityFactory);
|
|
1991
|
+
var PermissionDeniedType = /* @__PURE__ */ (function(PermissionDeniedType2) {
|
|
1992
|
+
PermissionDeniedType2["UNAUTHENTICATED"] = "UNAUTHENTICATED";
|
|
1993
|
+
PermissionDeniedType2["ROLE_REQUIRED"] = "ROLE_REQUIRED";
|
|
1994
|
+
PermissionDeniedType2["PERMISSION_REQUIRED"] = "PERMISSION_REQUIRED";
|
|
1995
|
+
PermissionDeniedType2["PERMISSION_CONFIG_QUERY_FAILED"] = "PERMISSION_CONFIG_QUERY_FAILED";
|
|
1996
|
+
return PermissionDeniedType2;
|
|
1997
|
+
})({});
|
|
1998
|
+
var PermissionDeniedException = class _PermissionDeniedException extends HttpException {
|
|
1999
|
+
static {
|
|
2000
|
+
__name(this, "_PermissionDeniedException");
|
|
2001
|
+
}
|
|
2002
|
+
static {
|
|
2003
|
+
__name2(this, "PermissionDeniedException");
|
|
2004
|
+
}
|
|
2005
|
+
type;
|
|
2006
|
+
details;
|
|
2007
|
+
constructor(details, httpStatusCode = 403) {
|
|
2008
|
+
super({
|
|
2009
|
+
statusCode: httpStatusCode,
|
|
2010
|
+
cause: details.cause,
|
|
2011
|
+
type: details.type,
|
|
2012
|
+
message: details.message,
|
|
2013
|
+
...details.requiredRoles && {
|
|
2014
|
+
requiredRoles: details.requiredRoles
|
|
2015
|
+
},
|
|
2016
|
+
...details.requiredPermissions && {
|
|
2017
|
+
requiredPermissions: details.requiredPermissions
|
|
2018
|
+
},
|
|
2019
|
+
...details.environmentRequirement && {
|
|
2020
|
+
environmentRequirement: details.environmentRequirement
|
|
2021
|
+
},
|
|
2022
|
+
...details.metadata && {
|
|
2023
|
+
metadata: details.metadata
|
|
2024
|
+
}
|
|
2025
|
+
}, httpStatusCode);
|
|
2026
|
+
this.type = details.type;
|
|
2027
|
+
this.details = details;
|
|
2028
|
+
this.name = "PermissionDeniedException";
|
|
2029
|
+
}
|
|
2030
|
+
/**
|
|
2031
|
+
* 创建用户未认证异常
|
|
2032
|
+
*/
|
|
2033
|
+
static unauthenticated(message = "\u7528\u6237\u672A\u8BA4\u8BC1") {
|
|
2034
|
+
return new _PermissionDeniedException({
|
|
2035
|
+
type: "UNAUTHENTICATED",
|
|
2036
|
+
message
|
|
2037
|
+
});
|
|
2038
|
+
}
|
|
2039
|
+
/**
|
|
2040
|
+
* 创建角色不足异常
|
|
2041
|
+
*/
|
|
2042
|
+
static roleRequired(requiredRoles) {
|
|
2043
|
+
const message = `\u9700\u8981\u4EE5\u4E0B\u4EFB\u4E00\u89D2\u8272: ${requiredRoles.join(", ")}`;
|
|
2044
|
+
return new _PermissionDeniedException({
|
|
2045
|
+
type: "ROLE_REQUIRED",
|
|
2046
|
+
message,
|
|
2047
|
+
requiredRoles
|
|
2048
|
+
});
|
|
2049
|
+
}
|
|
2050
|
+
/**
|
|
2051
|
+
* 创建权限不足异常
|
|
2052
|
+
*/
|
|
2053
|
+
static permissionRequired(requiredPermissions, or = false, customMessage) {
|
|
2054
|
+
let message;
|
|
2055
|
+
if (customMessage) {
|
|
2056
|
+
message = customMessage;
|
|
2057
|
+
} else if (requiredPermissions.length === 1) {
|
|
2058
|
+
const perm = requiredPermissions[0];
|
|
2059
|
+
message = or ? `\u7F3A\u5C11\u6743\u9650: \u9700\u8981\u5BF9 ${perm.subject} \u6267\u884C\u4EE5\u4E0B\u4EFB\u4E00\u64CD\u4F5C [${perm.actions.join(", ")}]` : `\u7F3A\u5C11\u6743\u9650: \u9700\u8981\u5BF9 ${perm.subject} \u6267\u884C\u6240\u6709\u64CD\u4F5C [${perm.actions.join(", ")}]`;
|
|
2060
|
+
} else {
|
|
2061
|
+
message = or ? `\u7F3A\u5C11\u6743\u9650: \u9700\u8981\u6EE1\u8DB3\u4EE5\u4E0B\u4EFB\u4E00\u6743\u9650\u8981\u6C42: ${requiredPermissions.map(({ actions, subject }) => `\u5BF9 ${subject} \u6267\u884C\u4EE5\u4E0B\u4EFB\u4E00\u64CD\u4F5C [${actions.join(", ")}]`).join(", ")}` : `\u7F3A\u5C11\u6743\u9650: \u9700\u8981\u6EE1\u8DB3\u4EE5\u4E0B\u6240\u6709\u6743\u9650\u8981\u6C42: ${requiredPermissions.map(({ actions, subject }) => `\u5BF9 ${subject} \u6267\u884C\u6240\u6709\u64CD\u4F5C [${actions.join(", ")}]`).join(", ")}`;
|
|
2062
|
+
}
|
|
2063
|
+
return new _PermissionDeniedException({
|
|
2064
|
+
type: "PERMISSION_REQUIRED",
|
|
2065
|
+
message,
|
|
2066
|
+
requiredPermissions,
|
|
2067
|
+
metadata: {
|
|
2068
|
+
or
|
|
2069
|
+
}
|
|
2070
|
+
});
|
|
2071
|
+
}
|
|
2072
|
+
};
|
|
2073
|
+
function _ts_decorate42(decorators, target, key, desc) {
|
|
2074
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
2075
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
2076
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
2077
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
2078
|
+
}
|
|
2079
|
+
__name(_ts_decorate42, "_ts_decorate4");
|
|
2080
|
+
__name2(_ts_decorate42, "_ts_decorate");
|
|
2081
|
+
function _ts_metadata22(k, v4) {
|
|
2082
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
|
|
2083
|
+
}
|
|
2084
|
+
__name(_ts_metadata22, "_ts_metadata2");
|
|
2085
|
+
__name2(_ts_metadata22, "_ts_metadata");
|
|
2086
|
+
function _ts_param3(paramIndex, decorator) {
|
|
2087
|
+
return function(target, key) {
|
|
2088
|
+
decorator(target, key, paramIndex);
|
|
2089
|
+
};
|
|
2090
|
+
}
|
|
2091
|
+
__name(_ts_param3, "_ts_param");
|
|
2092
|
+
__name2(_ts_param3, "_ts_param");
|
|
2093
|
+
var PermissionService = class {
|
|
2094
|
+
static {
|
|
2095
|
+
__name(this, "PermissionService");
|
|
2096
|
+
}
|
|
2097
|
+
static {
|
|
2098
|
+
__name2(this, "PermissionService");
|
|
2099
|
+
}
|
|
2100
|
+
apiConfig;
|
|
2101
|
+
abilityFactory;
|
|
2102
|
+
client;
|
|
2103
|
+
requestContextService;
|
|
2104
|
+
constructor(apiConfig, abilityFactory, client, requestContextService) {
|
|
2105
|
+
this.apiConfig = apiConfig;
|
|
2106
|
+
this.abilityFactory = abilityFactory;
|
|
2107
|
+
this.client = client;
|
|
2108
|
+
this.requestContextService = requestContextService;
|
|
2109
|
+
}
|
|
2110
|
+
/**
|
|
2111
|
+
* 获取用户权限数据
|
|
2112
|
+
*/
|
|
2113
|
+
async getUserPermissions({ laneId }) {
|
|
2114
|
+
const permissionData = await this.fetchFromApi({
|
|
2115
|
+
laneId
|
|
2116
|
+
});
|
|
2117
|
+
const dataWithTimestamp = {
|
|
2118
|
+
...permissionData,
|
|
2119
|
+
fetchedAt: /* @__PURE__ */ new Date()
|
|
2120
|
+
};
|
|
2121
|
+
return dataWithTimestamp;
|
|
2122
|
+
}
|
|
2123
|
+
/**
|
|
2124
|
+
* 从 API 获取权限数据
|
|
2125
|
+
* 内置实现,用户无需配置
|
|
2126
|
+
*/
|
|
2127
|
+
async fetchFromApi({ laneId }) {
|
|
2128
|
+
const { timeout = 5e3 } = this.apiConfig || {};
|
|
2129
|
+
const { appId = "", userId = "" } = this.requestContextService.getContext() || {};
|
|
2130
|
+
if (!appId) {
|
|
2131
|
+
throw new PermissionDeniedException({
|
|
2132
|
+
type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
|
|
2133
|
+
message: "appId is empty"
|
|
2134
|
+
}, HttpStatus.BAD_REQUEST);
|
|
2135
|
+
}
|
|
2136
|
+
const url = `/app/${appId}/inner/api/v1/permissions/roles`;
|
|
2137
|
+
const requestHeaders = {
|
|
2138
|
+
"Content-Type": "application/json",
|
|
2139
|
+
// 透传 laneId 到权限服务
|
|
2140
|
+
...laneId ? {
|
|
2141
|
+
"x-tt-env": laneId || ""
|
|
2142
|
+
} : {}
|
|
2143
|
+
};
|
|
2144
|
+
const controller = new AbortController();
|
|
2145
|
+
const timeoutId = setTimeout(() => controller.abort(), timeout);
|
|
2146
|
+
try {
|
|
2147
|
+
const response = await this.client.post(url, {
|
|
2148
|
+
userID: userId || ""
|
|
2149
|
+
}, {
|
|
2150
|
+
credentials: "include",
|
|
2151
|
+
headers: requestHeaders,
|
|
2152
|
+
signal: controller.signal
|
|
2153
|
+
});
|
|
2154
|
+
clearTimeout(timeoutId);
|
|
2155
|
+
if (!response.ok) {
|
|
2156
|
+
const error = new Error(`Permission API returned ${response.status}: ${response.statusText}`);
|
|
2157
|
+
throw new PermissionDeniedException({
|
|
2158
|
+
cause: error,
|
|
2159
|
+
type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
|
|
2160
|
+
message: error.message
|
|
2161
|
+
}, HttpStatus.INTERNAL_SERVER_ERROR);
|
|
2162
|
+
}
|
|
2163
|
+
let data;
|
|
2164
|
+
let responseText = "";
|
|
2165
|
+
try {
|
|
2166
|
+
responseText = await response.text();
|
|
2167
|
+
data = JSON.parse(responseText);
|
|
2168
|
+
} catch (jsonError) {
|
|
2169
|
+
const error = new Error(`Permission API returned invalid JSON: ${responseText}`);
|
|
2170
|
+
throw new PermissionDeniedException({
|
|
2171
|
+
cause: error,
|
|
2172
|
+
type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
|
|
2173
|
+
message: error.message
|
|
2174
|
+
}, HttpStatus.INTERNAL_SERVER_ERROR);
|
|
2175
|
+
}
|
|
2176
|
+
return {
|
|
2177
|
+
userId,
|
|
2178
|
+
roles: data.data?.roleList || [],
|
|
2179
|
+
// TODO: 基于权限点位设置能力
|
|
2180
|
+
// permissions: data.permissions || [],
|
|
2181
|
+
fetchedAt: /* @__PURE__ */ new Date()
|
|
2182
|
+
};
|
|
2183
|
+
} catch (error) {
|
|
2184
|
+
clearTimeout(timeoutId);
|
|
2185
|
+
let err = error;
|
|
2186
|
+
if (error.name === "AbortError") {
|
|
2187
|
+
err = new Error(`Permission API request timeout after ${timeout}ms`);
|
|
2188
|
+
}
|
|
2189
|
+
throw new PermissionDeniedException({
|
|
2190
|
+
cause: err,
|
|
2191
|
+
type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
|
|
2192
|
+
message: err.message
|
|
2193
|
+
}, HttpStatus.INTERNAL_SERVER_ERROR);
|
|
2194
|
+
}
|
|
2195
|
+
}
|
|
2196
|
+
// /**
|
|
2197
|
+
// * 获取用户的 Ability 实例(带缓存)
|
|
2198
|
+
// * @param userId 用户ID
|
|
2199
|
+
// * @returns CASL Ability 实例
|
|
2200
|
+
// */
|
|
2201
|
+
// private async getUserAbility(
|
|
2202
|
+
// userId?: string,
|
|
2203
|
+
// mockRoles?: string[]
|
|
2204
|
+
// ): Promise<AppAbility> {
|
|
2205
|
+
// // 计算缓存 key
|
|
2206
|
+
// const key = this.buildCacheKey(userId, mockRoles);
|
|
2207
|
+
// // 尝试从缓存获取
|
|
2208
|
+
// const cached = this.cache.get(key);
|
|
2209
|
+
// if (cached) {
|
|
2210
|
+
// return cached.ability;
|
|
2211
|
+
// }
|
|
2212
|
+
// // 缓存未命中,调用 getUserPermissions 会创建并缓存
|
|
2213
|
+
// await this.getUserPermissions(userId, mockRoles);
|
|
2214
|
+
// // 再次从缓存获取(此时一定存在)
|
|
2215
|
+
// const newCached = this.cache.get(key);
|
|
2216
|
+
// return newCached!.ability;
|
|
2217
|
+
// }
|
|
2218
|
+
/**
|
|
2219
|
+
* 检查角色要求
|
|
2220
|
+
* 使用 CASL Ability 统一鉴权方式
|
|
2221
|
+
* @param requirement 角色要求
|
|
2222
|
+
* @param laneId 环境ID
|
|
2223
|
+
* @returns 用户权限检查结果,包含结果和详细信息
|
|
2224
|
+
* @throws PermissionDeniedException 当权限数据获取失败时
|
|
2225
|
+
*/
|
|
2226
|
+
async checkRoles(requirement, laneId, userContext) {
|
|
2227
|
+
const { userId = "" } = this.requestContextService.getContext() || {};
|
|
2228
|
+
let permissionData = null;
|
|
2229
|
+
if (!userContext || !("roles" in userContext)) {
|
|
2230
|
+
permissionData = await this.getUserPermissions({
|
|
2231
|
+
laneId
|
|
2232
|
+
});
|
|
2233
|
+
} else {
|
|
2234
|
+
permissionData = {
|
|
2235
|
+
userId,
|
|
2236
|
+
roles: userContext.roles || [],
|
|
2237
|
+
fetchedAt: /* @__PURE__ */ new Date()
|
|
2238
|
+
};
|
|
2239
|
+
}
|
|
2240
|
+
if (!permissionData) {
|
|
2241
|
+
throw new PermissionDeniedException({
|
|
2242
|
+
cause: new Error("Permission data fetch api is not configured"),
|
|
2243
|
+
type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
|
|
2244
|
+
message: "Permission data fetch api is not configured"
|
|
2245
|
+
}, HttpStatus.BAD_REQUEST);
|
|
2246
|
+
}
|
|
2247
|
+
const ability = this.abilityFactory.createForUser(permissionData);
|
|
2248
|
+
const { roles } = requirement;
|
|
2249
|
+
if (!roles || roles.length === 0) {
|
|
2250
|
+
return {
|
|
2251
|
+
result: true
|
|
2252
|
+
};
|
|
2253
|
+
}
|
|
2254
|
+
const hasRole = roles.some((role) => ability.can(role, ROLE_SUBJECT));
|
|
2255
|
+
if (!hasRole) {
|
|
2256
|
+
const userRoles = permissionData.roles;
|
|
2257
|
+
return {
|
|
2258
|
+
result: false,
|
|
2259
|
+
details: `\u7528\u6237 ${userId}, \u7528\u6237\u89D2\u8272 [${userRoles.join(", ")}], \u9700\u8981 [${roles.join(", ")}]`
|
|
2260
|
+
};
|
|
2261
|
+
}
|
|
2262
|
+
return {
|
|
2263
|
+
result: true
|
|
2264
|
+
};
|
|
2265
|
+
}
|
|
2266
|
+
};
|
|
2267
|
+
PermissionService = _ts_decorate42([
|
|
2268
|
+
Injectable32(),
|
|
2269
|
+
Public(),
|
|
2270
|
+
_ts_param3(0, Inject3(PERMISSION_API_CONFIG_TOKEN)),
|
|
2271
|
+
_ts_param3(2, Inject3(PLATFORM_HTTP_CLIENT3)),
|
|
2272
|
+
_ts_metadata22("design:type", Function),
|
|
2273
|
+
_ts_metadata22("design:paramtypes", [
|
|
2274
|
+
typeof PermissionApiConfig === "undefined" ? Object : PermissionApiConfig,
|
|
2275
|
+
typeof AbilityFactory === "undefined" ? Object : AbilityFactory,
|
|
2276
|
+
typeof PlatformHttpClient2 === "undefined" ? Object : PlatformHttpClient2,
|
|
2277
|
+
typeof RequestContextService4 === "undefined" ? Object : RequestContextService4
|
|
2278
|
+
])
|
|
2279
|
+
], PermissionService);
|
|
2280
|
+
function _ts_decorate52(decorators, target, key, desc) {
|
|
2281
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
2282
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
2283
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
2284
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
2285
|
+
}
|
|
2286
|
+
__name(_ts_decorate52, "_ts_decorate5");
|
|
2287
|
+
__name2(_ts_decorate52, "_ts_decorate");
|
|
2288
|
+
function _ts_metadata32(k, v4) {
|
|
2289
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
|
|
2290
|
+
}
|
|
2291
|
+
__name(_ts_metadata32, "_ts_metadata3");
|
|
2292
|
+
__name2(_ts_metadata32, "_ts_metadata");
|
|
2293
|
+
function _ts_param22(paramIndex, decorator) {
|
|
2294
|
+
return function(target, key) {
|
|
2295
|
+
decorator(target, key, paramIndex);
|
|
2296
|
+
};
|
|
2297
|
+
}
|
|
2298
|
+
__name(_ts_param22, "_ts_param2");
|
|
2299
|
+
__name2(_ts_param22, "_ts_param");
|
|
2300
|
+
var AuthZPaasGuard = class _AuthZPaasGuard {
|
|
2301
|
+
static {
|
|
2302
|
+
__name(this, "_AuthZPaasGuard");
|
|
2303
|
+
}
|
|
2304
|
+
static {
|
|
2305
|
+
__name2(this, "AuthZPaasGuard");
|
|
2306
|
+
}
|
|
2307
|
+
reflector;
|
|
2308
|
+
permissionService;
|
|
2309
|
+
obs;
|
|
2310
|
+
constructor(reflector, permissionService, obs) {
|
|
2311
|
+
this.reflector = reflector;
|
|
2312
|
+
this.permissionService = permissionService;
|
|
2313
|
+
this.obs = obs;
|
|
2314
|
+
}
|
|
2315
|
+
logger = new Logger4(_AuthZPaasGuard.name);
|
|
2316
|
+
/**
|
|
2317
|
+
* 验证角色要求是否有效
|
|
2318
|
+
* @param requirements 角色要求
|
|
2319
|
+
* @returns 是否有效
|
|
2320
|
+
*/
|
|
2321
|
+
isValidRoleRequirement(requirements) {
|
|
2322
|
+
return Boolean(requirements && requirements.roles && requirements.roles.length > 0);
|
|
2323
|
+
}
|
|
2324
|
+
async canActivate(context) {
|
|
2325
|
+
const http = context.switchToHttp();
|
|
2326
|
+
const request = http.getRequest();
|
|
2327
|
+
const laneId = request.headers["x-tt-env"];
|
|
2328
|
+
const baseUrl = `${request.protocol}://${request.get("host")}`;
|
|
2329
|
+
const userContext = request.userContext;
|
|
2330
|
+
userContext.baseUrl = baseUrl;
|
|
2331
|
+
const checkRoleRequirement = this.reflector.getAllAndOverride(ROLES_KEY, [
|
|
2332
|
+
context.getHandler(),
|
|
2333
|
+
context.getClass()
|
|
2334
|
+
]);
|
|
2335
|
+
if (this.isValidRoleRequirement(checkRoleRequirement)) {
|
|
2336
|
+
const spanName = checkRoleRequirement.roles.join(" or ");
|
|
2337
|
+
return this.obs.trace(spanName, async (span) => {
|
|
2338
|
+
span.setAttributes({
|
|
2339
|
+
module: "permission"
|
|
2340
|
+
});
|
|
2341
|
+
const startTime = Date.now();
|
|
2342
|
+
try {
|
|
2343
|
+
const checkResult = await this.permissionService.checkRoles(checkRoleRequirement, laneId, userContext);
|
|
2344
|
+
const endTime = Date.now();
|
|
2345
|
+
if (!checkResult.result) {
|
|
2346
|
+
this.logger.warn(JSON.stringify({
|
|
2347
|
+
role: spanName,
|
|
2348
|
+
duration_ms: endTime - startTime,
|
|
2349
|
+
result: checkResult.result ? "has_auth" : "no_auth",
|
|
2350
|
+
result_detail: checkResult.details
|
|
2351
|
+
}), {
|
|
2352
|
+
source_type: "platform",
|
|
2353
|
+
paas_attributes_module: "permission"
|
|
2354
|
+
});
|
|
2355
|
+
} else {
|
|
2356
|
+
this.logger.log(JSON.stringify({
|
|
2357
|
+
role: spanName,
|
|
2358
|
+
duration_ms: endTime - startTime,
|
|
2359
|
+
result: checkResult.result ? "has_auth" : "no_auth"
|
|
2360
|
+
}), {
|
|
2361
|
+
source_type: "platform",
|
|
2362
|
+
paas_attributes_module: "permission"
|
|
2363
|
+
});
|
|
2364
|
+
}
|
|
2365
|
+
return checkResult.result;
|
|
2366
|
+
} catch (error) {
|
|
2367
|
+
const endTime = Date.now();
|
|
2368
|
+
this.logger.error(JSON.stringify({
|
|
2369
|
+
role: spanName,
|
|
2370
|
+
duration_ms: endTime - startTime,
|
|
2371
|
+
result: "",
|
|
2372
|
+
error_message: error.message
|
|
2373
|
+
}), {
|
|
2374
|
+
source_type: "platform",
|
|
2375
|
+
paas_attributes_module: "permission"
|
|
2376
|
+
});
|
|
2377
|
+
throw error;
|
|
2378
|
+
}
|
|
2379
|
+
});
|
|
2380
|
+
}
|
|
2381
|
+
return true;
|
|
2382
|
+
}
|
|
2383
|
+
};
|
|
2384
|
+
AuthZPaasGuard = _ts_decorate52([
|
|
2385
|
+
Injectable42(),
|
|
2386
|
+
_ts_param22(2, Inject22(OBSERVABLE_SERVICE2)),
|
|
2387
|
+
_ts_metadata32("design:type", Function),
|
|
2388
|
+
_ts_metadata32("design:paramtypes", [
|
|
2389
|
+
typeof Reflector3 === "undefined" ? Object : Reflector3,
|
|
2390
|
+
typeof PermissionService === "undefined" ? Object : PermissionService,
|
|
2391
|
+
typeof ObservableService2 === "undefined" ? Object : ObservableService2
|
|
2392
|
+
])
|
|
2393
|
+
], AuthZPaasGuard);
|
|
2394
|
+
function _ts_decorate62(decorators, target, key, desc) {
|
|
2395
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
2396
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
2397
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
2398
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
2399
|
+
}
|
|
2400
|
+
__name(_ts_decorate62, "_ts_decorate6");
|
|
2401
|
+
__name2(_ts_decorate62, "_ts_decorate");
|
|
2402
|
+
var AuthZPaasModule = class _AuthZPaasModule {
|
|
2403
|
+
static {
|
|
2404
|
+
__name(this, "_AuthZPaasModule");
|
|
2405
|
+
}
|
|
2406
|
+
static {
|
|
2407
|
+
__name2(this, "AuthZPaasModule");
|
|
2408
|
+
}
|
|
2409
|
+
static forRoot(options) {
|
|
2410
|
+
const { permissionApi = {} } = options || {};
|
|
2411
|
+
return {
|
|
2412
|
+
module: _AuthZPaasModule,
|
|
2413
|
+
global: true,
|
|
2414
|
+
controllers: [],
|
|
2415
|
+
providers: [
|
|
2416
|
+
// 配置提供者
|
|
2417
|
+
{
|
|
2418
|
+
provide: AUTHZPAAS_MODULE_OPTIONS,
|
|
2419
|
+
useValue: {
|
|
2420
|
+
...options
|
|
2421
|
+
}
|
|
2422
|
+
},
|
|
2423
|
+
{
|
|
2424
|
+
provide: PERMISSION_API_CONFIG_TOKEN,
|
|
2425
|
+
useValue: permissionApi
|
|
2426
|
+
},
|
|
2427
|
+
// 核心服务
|
|
2428
|
+
Reflector4,
|
|
2429
|
+
// 服务提供者
|
|
2430
|
+
PermissionService,
|
|
2431
|
+
AbilityFactory,
|
|
2432
|
+
AuthZPaasGuard,
|
|
2433
|
+
// 守卫提供者
|
|
2434
|
+
{
|
|
2435
|
+
provide: APP_GUARD2,
|
|
2436
|
+
useClass: AuthZPaasGuard
|
|
2437
|
+
}
|
|
2438
|
+
],
|
|
2439
|
+
exports: [
|
|
2440
|
+
PermissionService,
|
|
2441
|
+
AbilityFactory
|
|
2442
|
+
]
|
|
2443
|
+
};
|
|
2444
|
+
}
|
|
2445
|
+
/**
|
|
2446
|
+
* 异步注册 AuthZPaas 模块(根模块)
|
|
2447
|
+
* 用于需要从配置服务获取设置的场景
|
|
2448
|
+
*
|
|
2449
|
+
* @param options 异步配置选项
|
|
2450
|
+
* @returns 动态模块
|
|
2451
|
+
*
|
|
2452
|
+
* @example
|
|
2453
|
+
* ```typescript
|
|
2454
|
+
* @Module({
|
|
2455
|
+
* imports: [
|
|
2456
|
+
* AuthZPaasModule.forRootAsync({
|
|
2457
|
+
* imports: [ConfigModule],
|
|
2458
|
+
* inject: [ConfigService],
|
|
2459
|
+
* useFactory: async (configService: ConfigService) => ({
|
|
2460
|
+
* permissionApi: {
|
|
2461
|
+
* baseUrl: configService.get('PERMISSION_API_URL'),
|
|
2462
|
+
* apiToken: configService.get('PERMISSION_API_TOKEN'),
|
|
2463
|
+
* },
|
|
2464
|
+
* cache: {
|
|
2465
|
+
* ttl: configService.get('CACHE_TTL', 300),
|
|
2466
|
+
* max: configService.get('CACHE_MAX', 1000),
|
|
2467
|
+
* },
|
|
2468
|
+
* }),
|
|
2469
|
+
* }),
|
|
2470
|
+
* ],
|
|
2471
|
+
* })
|
|
2472
|
+
* export class AppModule {}
|
|
2473
|
+
* ```
|
|
2474
|
+
*/
|
|
2475
|
+
static forRootAsync(options) {
|
|
2476
|
+
const { imports = [], inject = [], useFactory } = options;
|
|
2477
|
+
return {
|
|
2478
|
+
module: _AuthZPaasModule,
|
|
2479
|
+
global: true,
|
|
2480
|
+
imports,
|
|
2481
|
+
controllers: [],
|
|
2482
|
+
providers: [
|
|
2483
|
+
// 异步配置提供者
|
|
2484
|
+
{
|
|
2485
|
+
provide: AUTHZPAAS_MODULE_OPTIONS,
|
|
2486
|
+
useFactory,
|
|
2487
|
+
inject
|
|
2488
|
+
},
|
|
2489
|
+
// 权限 API 配置提供者
|
|
2490
|
+
{
|
|
2491
|
+
provide: PERMISSION_API_CONFIG_TOKEN,
|
|
2492
|
+
useFactory: /* @__PURE__ */ __name2((moduleOptions) => {
|
|
2493
|
+
return moduleOptions.permissionApi;
|
|
2494
|
+
}, "useFactory"),
|
|
2495
|
+
inject: [
|
|
2496
|
+
AUTHZPAAS_MODULE_OPTIONS
|
|
2497
|
+
]
|
|
2498
|
+
},
|
|
2499
|
+
// 核心服务
|
|
2500
|
+
Reflector4,
|
|
2501
|
+
// 服务提供者
|
|
2502
|
+
PermissionService,
|
|
2503
|
+
AbilityFactory,
|
|
2504
|
+
AuthZPaasGuard,
|
|
2505
|
+
// 守卫提供者
|
|
2506
|
+
{
|
|
2507
|
+
provide: APP_GUARD2,
|
|
2508
|
+
useClass: AuthZPaasGuard
|
|
2509
|
+
}
|
|
2510
|
+
],
|
|
2511
|
+
exports: [
|
|
2512
|
+
PermissionService,
|
|
2513
|
+
AbilityFactory
|
|
2514
|
+
]
|
|
2515
|
+
};
|
|
2516
|
+
}
|
|
2517
|
+
};
|
|
2518
|
+
AuthZPaasModule = _ts_decorate62([
|
|
2519
|
+
Module2({})
|
|
2520
|
+
], AuthZPaasModule);
|
|
2521
|
+
var CanRole = /* @__PURE__ */ __name2((role) => {
|
|
2522
|
+
let requirement;
|
|
2523
|
+
if (!Array.isArray(role) && typeof role === "string") {
|
|
2524
|
+
requirement = {
|
|
2525
|
+
roles: [
|
|
2526
|
+
role
|
|
2527
|
+
]
|
|
2528
|
+
};
|
|
2529
|
+
} else if (Array.isArray(role) && role.every((role2) => typeof role2 === "string")) {
|
|
2530
|
+
requirement = {
|
|
2531
|
+
roles: role
|
|
2532
|
+
};
|
|
2533
|
+
} else {
|
|
2534
|
+
throw new Error("Invalid CanRole parameter: " + JSON.stringify(role));
|
|
2535
|
+
}
|
|
2536
|
+
return SetMetadata3(ROLES_KEY, requirement);
|
|
2537
|
+
}, "CanRole");
|
|
2538
|
+
|
|
2539
|
+
// src/modules/platform/module.ts
|
|
2540
|
+
function _ts_decorate11(decorators, target, key, desc) {
|
|
2541
|
+
var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
|
|
2542
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
|
|
2543
|
+
else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
|
|
2544
|
+
return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
|
|
2545
|
+
}
|
|
2546
|
+
__name(_ts_decorate11, "_ts_decorate");
|
|
748
2547
|
var PLATFORM_MODULE_OPTIONS = /* @__PURE__ */ Symbol("PLATFORM_MODULE_OPTIONS");
|
|
749
2548
|
var PlatformModule = class _PlatformModule {
|
|
750
2549
|
static {
|
|
@@ -804,7 +2603,8 @@ var PlatformModule = class _PlatformModule {
|
|
|
804
2603
|
}, "useFactory")
|
|
805
2604
|
})
|
|
806
2605
|
],
|
|
807
|
-
|
|
2606
|
+
AuthNPaasModule2.forRoot(),
|
|
2607
|
+
AuthZPaasModule.forRoot(),
|
|
808
2608
|
AutomationModule.forRoot(),
|
|
809
2609
|
CapabilityModule.forRoot({
|
|
810
2610
|
capabilitiesDir: options.capabilitiesDir,
|
|
@@ -826,12 +2626,12 @@ var PlatformModule = class _PlatformModule {
|
|
|
826
2626
|
})
|
|
827
2627
|
},
|
|
828
2628
|
{
|
|
829
|
-
provide:
|
|
2629
|
+
provide: OBSERVABLE_SERVICE3,
|
|
830
2630
|
useClass: Observable
|
|
831
2631
|
},
|
|
832
2632
|
PlatformHttpClientService,
|
|
833
2633
|
{
|
|
834
|
-
provide:
|
|
2634
|
+
provide: PLATFORM_HTTP_CLIENT4,
|
|
835
2635
|
useFactory: /* @__PURE__ */ __name((svc) => svc.instance, "useFactory"),
|
|
836
2636
|
inject: [
|
|
837
2637
|
PlatformHttpClientService
|
|
@@ -841,15 +2641,17 @@ var PlatformModule = class _PlatformModule {
|
|
|
841
2641
|
{
|
|
842
2642
|
provide: APP_INTERCEPTOR,
|
|
843
2643
|
useClass: TraceInterceptor
|
|
844
|
-
}
|
|
2644
|
+
},
|
|
2645
|
+
FileService
|
|
845
2646
|
],
|
|
846
2647
|
exports: [
|
|
847
2648
|
ConfigModule,
|
|
848
2649
|
LoggerModule,
|
|
849
2650
|
CommonModule,
|
|
850
|
-
|
|
851
|
-
|
|
852
|
-
CapabilityModule
|
|
2651
|
+
OBSERVABLE_SERVICE3,
|
|
2652
|
+
PLATFORM_HTTP_CLIENT4,
|
|
2653
|
+
CapabilityModule,
|
|
2654
|
+
FileService
|
|
853
2655
|
]
|
|
854
2656
|
};
|
|
855
2657
|
}
|
|
@@ -878,9 +2680,9 @@ var PlatformModule = class _PlatformModule {
|
|
|
878
2680
|
}
|
|
879
2681
|
}
|
|
880
2682
|
};
|
|
881
|
-
PlatformModule =
|
|
2683
|
+
PlatformModule = _ts_decorate11([
|
|
882
2684
|
Global(),
|
|
883
|
-
|
|
2685
|
+
Module3({})
|
|
884
2686
|
], PlatformModule);
|
|
885
2687
|
|
|
886
2688
|
// src/setup.ts
|
|
@@ -919,13 +2721,16 @@ export * from "@lark-apaas/nestjs-capability";
|
|
|
919
2721
|
export * from "@lark-apaas/nestjs-datapaas";
|
|
920
2722
|
export * from "@lark-apaas/nestjs-observable";
|
|
921
2723
|
export * from "@lark-apaas/nestjs-trigger";
|
|
2724
|
+
export * from "@lark-apaas/file-service";
|
|
922
2725
|
import { AutoTrace } from "@lark-apaas/nestjs-common";
|
|
923
2726
|
export {
|
|
924
2727
|
AutoTrace,
|
|
2728
|
+
CanRole,
|
|
925
2729
|
CsrfMiddleware,
|
|
926
2730
|
CsrfTokenMiddleware,
|
|
927
2731
|
DevToolsModule,
|
|
928
2732
|
DevToolsV2Module2 as DevToolsV2Module,
|
|
2733
|
+
FileService,
|
|
929
2734
|
PlatformModule,
|
|
930
2735
|
UserContextMiddleware,
|
|
931
2736
|
ViewContextMiddleware,
|