@litusarchieve18/agricore-utils 1.0.29 → 1.0.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/dist/index.d.mts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +13 -0
- package/dist/index.mjs +13 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -183,6 +183,8 @@ Run the publish command:
|
|
|
183
183
|
Bash
|
|
184
184
|
npm publish --access public
|
|
185
185
|
📝 Version History
|
|
186
|
+
V1.0.30 — altered authscoped Id to receive a list of string not a single string
|
|
187
|
+
|
|
186
188
|
V1.0.29 — altered filtering logic from validFrom_lte: targetIso to validFrom: { $lte: targetIso }
|
|
187
189
|
|
|
188
190
|
V1.0.28 — altered the logic and added scope aware filtering and write-time validation in priceHelpers.ts
|
package/dist/index.d.mts
CHANGED
|
@@ -177,10 +177,10 @@ declare function evaluateBaseAccess(resourcePath: string, session: AgriCoreSessi
|
|
|
177
177
|
*/
|
|
178
178
|
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
|
|
179
179
|
declare function findSpecificOverride(session: AgriCoreSession, activeScopeId: string, resourcePath: string): AccessLevelType | null;
|
|
180
|
-
declare function assertTenantBoundary(db: any, session: AgriCoreSession,
|
|
181
|
-
targets: {
|
|
180
|
+
declare function assertTenantBoundary(db: any, session: AgriCoreSession, targets: {
|
|
182
181
|
targetUserId?: string;
|
|
183
182
|
authScopeId?: string;
|
|
183
|
+
authScopeIds?: string[];
|
|
184
184
|
expectedScopeType?: ScopeType;
|
|
185
185
|
}): Promise<boolean>;
|
|
186
186
|
declare function verifyAndExtractSession(token: string, secret: string): Promise<AgriCoreSession>;
|
package/dist/index.d.ts
CHANGED
|
@@ -177,10 +177,10 @@ declare function evaluateBaseAccess(resourcePath: string, session: AgriCoreSessi
|
|
|
177
177
|
*/
|
|
178
178
|
declare function resolveEffectiveAccess(base: AccessLevelType, override?: AccessLevelType | null): AccessLevelType;
|
|
179
179
|
declare function findSpecificOverride(session: AgriCoreSession, activeScopeId: string, resourcePath: string): AccessLevelType | null;
|
|
180
|
-
declare function assertTenantBoundary(db: any, session: AgriCoreSession,
|
|
181
|
-
targets: {
|
|
180
|
+
declare function assertTenantBoundary(db: any, session: AgriCoreSession, targets: {
|
|
182
181
|
targetUserId?: string;
|
|
183
182
|
authScopeId?: string;
|
|
183
|
+
authScopeIds?: string[];
|
|
184
184
|
expectedScopeType?: ScopeType;
|
|
185
185
|
}): Promise<boolean>;
|
|
186
186
|
declare function verifyAndExtractSession(token: string, secret: string): Promise<AgriCoreSession>;
|
package/dist/index.js
CHANGED
|
@@ -1870,6 +1870,19 @@ async function assertTenantBoundary(db, session, targets) {
|
|
|
1870
1870
|
throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
|
|
1871
1871
|
}
|
|
1872
1872
|
}
|
|
1873
|
+
if (targets.authScopeIds?.length) {
|
|
1874
|
+
const matchedScope = session.availableScopes?.find(
|
|
1875
|
+
(scope) => targets.authScopeIds.includes(scope.authScopeId)
|
|
1876
|
+
);
|
|
1877
|
+
if (!matchedScope) {
|
|
1878
|
+
console.error(`[SECURITY BREACH] None of scopes [${targets.authScopeIds.join(", ")}] found in user's permitted list.`);
|
|
1879
|
+
throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Tenant boundary violation.");
|
|
1880
|
+
}
|
|
1881
|
+
if (targets.expectedScopeType && matchedScope.type !== targets.expectedScopeType) {
|
|
1882
|
+
console.error(`[VALIDATION ERROR] Expected type ${targets.expectedScopeType} but got ${matchedScope.type}`);
|
|
1883
|
+
throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
|
|
1884
|
+
}
|
|
1885
|
+
}
|
|
1873
1886
|
return true;
|
|
1874
1887
|
}
|
|
1875
1888
|
async function verifyAndExtractSession(token, secret) {
|
package/dist/index.mjs
CHANGED
|
@@ -851,6 +851,19 @@ async function assertTenantBoundary(db, session, targets) {
|
|
|
851
851
|
throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
|
|
852
852
|
}
|
|
853
853
|
}
|
|
854
|
+
if (targets.authScopeIds?.length) {
|
|
855
|
+
const matchedScope = session.availableScopes?.find(
|
|
856
|
+
(scope) => targets.authScopeIds.includes(scope.authScopeId)
|
|
857
|
+
);
|
|
858
|
+
if (!matchedScope) {
|
|
859
|
+
console.error(`[SECURITY BREACH] None of scopes [${targets.authScopeIds.join(", ")}] found in user's permitted list.`);
|
|
860
|
+
throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Tenant boundary violation.");
|
|
861
|
+
}
|
|
862
|
+
if (targets.expectedScopeType && matchedScope.type !== targets.expectedScopeType) {
|
|
863
|
+
console.error(`[VALIDATION ERROR] Expected type ${targets.expectedScopeType} but got ${matchedScope.type}`);
|
|
864
|
+
throw ErrorFactory.forbidden(MOD.ADMIN, ACT.EDIT, "Invalid authorization scope level.");
|
|
865
|
+
}
|
|
866
|
+
}
|
|
854
867
|
return true;
|
|
855
868
|
}
|
|
856
869
|
async function verifyAndExtractSession(token, secret) {
|