@liveblocks/core 3.20.0-perm6 → 3.20.0-perm8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +120 -45
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +38 -28
- package/dist/index.d.ts +38 -28
- package/dist/index.js +122 -47
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -6,7 +6,7 @@ var __export = (target, all) => {
|
|
|
6
6
|
|
|
7
7
|
// src/version.ts
|
|
8
8
|
var PKG_NAME = "@liveblocks/core";
|
|
9
|
-
var PKG_VERSION = "3.20.0-
|
|
9
|
+
var PKG_VERSION = "3.20.0-perm8";
|
|
10
10
|
var PKG_FORMAT = "cjs";
|
|
11
11
|
|
|
12
12
|
// src/dupe-detection.ts
|
|
@@ -5203,6 +5203,12 @@ var Permission = {
|
|
|
5203
5203
|
LegacyRoomPresenceWrite: "room:presence:write"
|
|
5204
5204
|
};
|
|
5205
5205
|
var ACCESS_LEVELS = ["none", "read", "write"];
|
|
5206
|
+
var basePermissionScopes = /* @__PURE__ */ new Set([
|
|
5207
|
+
Permission.Read,
|
|
5208
|
+
Permission.Write,
|
|
5209
|
+
Permission.RoomRead,
|
|
5210
|
+
Permission.RoomWrite
|
|
5211
|
+
]);
|
|
5206
5212
|
var ACCESS_LEVEL_RANKS = {
|
|
5207
5213
|
none: 0,
|
|
5208
5214
|
read: 1,
|
|
@@ -5246,6 +5252,9 @@ var ROOM_PERMISSION_RESOURCES = [
|
|
|
5246
5252
|
"feeds"
|
|
5247
5253
|
];
|
|
5248
5254
|
var VALID_PERMISSIONS = new Set(Object.values(Permission));
|
|
5255
|
+
function isPermission(permission) {
|
|
5256
|
+
return VALID_PERMISSIONS.has(permission);
|
|
5257
|
+
}
|
|
5249
5258
|
function resolveResourceAccess(scopes, resource) {
|
|
5250
5259
|
const permissions = PERMISSIONS_BY_RESOURCE[resource];
|
|
5251
5260
|
let resourceAccess;
|
|
@@ -5330,46 +5339,46 @@ function resolveRoomPermissionMatrix(permissions, roomId) {
|
|
|
5330
5339
|
matrix: explicitMatrix
|
|
5331
5340
|
});
|
|
5332
5341
|
}
|
|
5333
|
-
function
|
|
5334
|
-
if (!Array.isArray(
|
|
5342
|
+
function normalizeRoomPermissions(permissions) {
|
|
5343
|
+
if (!Array.isArray(permissions)) {
|
|
5335
5344
|
throw new Error("Permission list must be an array");
|
|
5336
5345
|
}
|
|
5337
|
-
return
|
|
5338
|
-
if (!
|
|
5346
|
+
return permissions.map((permission) => {
|
|
5347
|
+
if (!isPermission(permission)) {
|
|
5339
5348
|
throw new Error(`Not a valid permission: ${permission}`);
|
|
5340
5349
|
}
|
|
5341
5350
|
return permission;
|
|
5342
5351
|
});
|
|
5343
5352
|
}
|
|
5344
|
-
function
|
|
5345
|
-
if (
|
|
5353
|
+
function normalizeRoomAccesses(accesses) {
|
|
5354
|
+
if (accesses === void 0) {
|
|
5346
5355
|
return void 0;
|
|
5347
5356
|
}
|
|
5348
5357
|
return Object.fromEntries(
|
|
5349
|
-
Object.entries(
|
|
5358
|
+
Object.entries(accesses).map(([id, permissions]) => [
|
|
5350
5359
|
id,
|
|
5351
|
-
|
|
5360
|
+
normalizeRoomPermissions(permissions)
|
|
5352
5361
|
])
|
|
5353
5362
|
);
|
|
5354
5363
|
}
|
|
5355
|
-
function
|
|
5356
|
-
if (
|
|
5364
|
+
function normalizeUpdateRoomAccesses(accesses) {
|
|
5365
|
+
if (accesses === void 0) {
|
|
5357
5366
|
return void 0;
|
|
5358
5367
|
}
|
|
5359
5368
|
return Object.fromEntries(
|
|
5360
|
-
Object.entries(
|
|
5369
|
+
Object.entries(accesses).map(([id, permissions]) => [
|
|
5361
5370
|
id,
|
|
5362
|
-
permissions === null ? null :
|
|
5371
|
+
permissions === null ? null : normalizeRoomPermissions(permissions)
|
|
5363
5372
|
])
|
|
5364
5373
|
);
|
|
5365
5374
|
}
|
|
5366
|
-
function mergePermissionMatrices(
|
|
5375
|
+
function mergePermissionMatrices(matrices) {
|
|
5367
5376
|
return {
|
|
5368
|
-
room: strongestMatrixAccess(
|
|
5369
|
-
storage: strongestMatrixAccess(
|
|
5370
|
-
comments: strongestMatrixAccess(
|
|
5371
|
-
feeds: strongestMatrixAccess(
|
|
5372
|
-
personal: strongestMatrixAccess(
|
|
5377
|
+
room: strongestMatrixAccess(matrices, "room"),
|
|
5378
|
+
storage: strongestMatrixAccess(matrices, "storage"),
|
|
5379
|
+
comments: strongestMatrixAccess(matrices, "comments"),
|
|
5380
|
+
feeds: strongestMatrixAccess(matrices, "feeds"),
|
|
5381
|
+
personal: strongestMatrixAccess(matrices, "personal")
|
|
5373
5382
|
};
|
|
5374
5383
|
}
|
|
5375
5384
|
function permissionMatrixToScopes(matrix) {
|
|
@@ -5392,11 +5401,53 @@ function mergeRoomPermissionScopes({
|
|
|
5392
5401
|
userAccesses
|
|
5393
5402
|
}) {
|
|
5394
5403
|
const sources = [
|
|
5395
|
-
|
|
5396
|
-
|
|
5397
|
-
|
|
5404
|
+
resolvePermissionScopes(defaultAccesses),
|
|
5405
|
+
mergeResolvedScopesByHighestAccess(
|
|
5406
|
+
groupsAccesses.map(resolvePermissionScopes)
|
|
5407
|
+
),
|
|
5408
|
+
resolvePermissionScopes(userAccesses)
|
|
5398
5409
|
];
|
|
5399
|
-
|
|
5410
|
+
const merged = {
|
|
5411
|
+
hasDefaultPermission: false,
|
|
5412
|
+
baseAccess: "none",
|
|
5413
|
+
matrix: {}
|
|
5414
|
+
};
|
|
5415
|
+
for (const source of sources) {
|
|
5416
|
+
if (source.hasDefaultPermission) {
|
|
5417
|
+
merged.hasDefaultPermission = true;
|
|
5418
|
+
merged.baseAccess = source.baseAccess;
|
|
5419
|
+
}
|
|
5420
|
+
for (const resource of ROOM_PERMISSION_RESOURCES) {
|
|
5421
|
+
const access = source.matrix[resource];
|
|
5422
|
+
if (access !== void 0) {
|
|
5423
|
+
merged.matrix[resource] = access;
|
|
5424
|
+
}
|
|
5425
|
+
}
|
|
5426
|
+
}
|
|
5427
|
+
return permissionMatrixToScopes(permissionMatrixFromResolvedScopes(merged));
|
|
5428
|
+
}
|
|
5429
|
+
function mergeResolvedScopesByHighestAccess(sources) {
|
|
5430
|
+
const merged = {
|
|
5431
|
+
hasDefaultPermission: false,
|
|
5432
|
+
baseAccess: "none",
|
|
5433
|
+
matrix: {}
|
|
5434
|
+
};
|
|
5435
|
+
for (const source of sources) {
|
|
5436
|
+
if (source.hasDefaultPermission) {
|
|
5437
|
+
merged.hasDefaultPermission = true;
|
|
5438
|
+
merged.baseAccess = strongestAccess(merged.baseAccess, source.baseAccess);
|
|
5439
|
+
}
|
|
5440
|
+
for (const resource of ROOM_PERMISSION_RESOURCES) {
|
|
5441
|
+
const access = source.matrix[resource];
|
|
5442
|
+
if (access !== void 0) {
|
|
5443
|
+
merged.matrix[resource] = strongestAccess(
|
|
5444
|
+
_nullishCoalesce(merged.matrix[resource], () => ( "none")),
|
|
5445
|
+
access
|
|
5446
|
+
);
|
|
5447
|
+
}
|
|
5448
|
+
}
|
|
5449
|
+
}
|
|
5450
|
+
return merged;
|
|
5400
5451
|
}
|
|
5401
5452
|
function permissionForAccessLevel(resource, access, field = resource) {
|
|
5402
5453
|
const levels = PERMISSIONS_BY_RESOURCE[resource];
|
|
@@ -5408,9 +5459,9 @@ function permissionForAccessLevel(resource, access, field = resource) {
|
|
|
5408
5459
|
}
|
|
5409
5460
|
return permissions[0];
|
|
5410
5461
|
}
|
|
5411
|
-
function strongestMatrixAccess(
|
|
5412
|
-
return
|
|
5413
|
-
(strongest,
|
|
5462
|
+
function strongestMatrixAccess(matrices, resource) {
|
|
5463
|
+
return matrices.reduce(
|
|
5464
|
+
(strongest, matrix) => strongestAccess(strongest, matrix[resource]),
|
|
5414
5465
|
"none"
|
|
5415
5466
|
);
|
|
5416
5467
|
}
|
|
@@ -5426,6 +5477,28 @@ function resourceMatchesRoomId(resource, roomId) {
|
|
|
5426
5477
|
function getResourceSpecificity(resource) {
|
|
5427
5478
|
return resource.replace("*", "").length;
|
|
5428
5479
|
}
|
|
5480
|
+
function validatePermissionsSet(scopes) {
|
|
5481
|
+
const unknownScopes = scopes.filter((scope) => !VALID_PERMISSIONS.has(scope));
|
|
5482
|
+
if (unknownScopes.length > 0) {
|
|
5483
|
+
return `Unknown permission scope(s): ${unknownScopes.join(", ")}`;
|
|
5484
|
+
}
|
|
5485
|
+
const baseScopes = scopes.filter((scope) => basePermissionScopes.has(scope));
|
|
5486
|
+
if (baseScopes.length !== 1) {
|
|
5487
|
+
return `Permissions must include exactly one of ${Permission.Read}, ${Permission.Write} (or the legacy aliases ${Permission.RoomRead}, ${Permission.RoomWrite}), got ${baseScopes.length === 0 ? "none" : baseScopes.join(", ")}`;
|
|
5488
|
+
}
|
|
5489
|
+
const seenFeatures = /* @__PURE__ */ new Set();
|
|
5490
|
+
for (const scope of scopes) {
|
|
5491
|
+
if (basePermissionScopes.has(scope) || scope === Permission.LegacyRoomPresenceWrite) {
|
|
5492
|
+
continue;
|
|
5493
|
+
}
|
|
5494
|
+
const feature = scope.slice(0, scope.indexOf(":"));
|
|
5495
|
+
if (seenFeatures.has(feature)) {
|
|
5496
|
+
return `Permissions can include at most one scope per feature, got multiple "${feature}" scopes`;
|
|
5497
|
+
}
|
|
5498
|
+
seenFeatures.add(feature);
|
|
5499
|
+
}
|
|
5500
|
+
return true;
|
|
5501
|
+
}
|
|
5429
5502
|
|
|
5430
5503
|
// src/protocol/AuthToken.ts
|
|
5431
5504
|
function isValidAuthTokenPayload(data) {
|
|
@@ -5593,7 +5666,7 @@ function makeCachedToken(token, expiresAt) {
|
|
|
5593
5666
|
function getAuthTokenPermissionScopes(permissions) {
|
|
5594
5667
|
return Object.entries(permissions).map(([resource, scopes]) => ({
|
|
5595
5668
|
resource,
|
|
5596
|
-
scopes
|
|
5669
|
+
scopes: normalizeRoomPermissions(scopes)
|
|
5597
5670
|
}));
|
|
5598
5671
|
}
|
|
5599
5672
|
function cachedTokenSatisfiesRequest(cachedToken, request) {
|
|
@@ -9501,23 +9574,15 @@ var ClientMsgCode = Object.freeze({
|
|
|
9501
9574
|
|
|
9502
9575
|
// src/refs/ManagedOthers.ts
|
|
9503
9576
|
function makeUser(conn, presence) {
|
|
9504
|
-
const { connectionId, id, info } = conn;
|
|
9505
|
-
const canWrite =
|
|
9506
|
-
conn.permissionMatrix,
|
|
9507
|
-
"storage",
|
|
9508
|
-
"write"
|
|
9509
|
-
);
|
|
9577
|
+
const { connectionId, id, info, access } = conn;
|
|
9578
|
+
const { canWrite, canComment } = access;
|
|
9510
9579
|
return freeze(
|
|
9511
9580
|
compactObject({
|
|
9512
9581
|
connectionId,
|
|
9513
9582
|
id,
|
|
9514
9583
|
info,
|
|
9515
9584
|
canWrite,
|
|
9516
|
-
canComment
|
|
9517
|
-
conn.permissionMatrix,
|
|
9518
|
-
"comments",
|
|
9519
|
-
"write"
|
|
9520
|
-
),
|
|
9585
|
+
canComment,
|
|
9521
9586
|
isReadOnly: !canWrite,
|
|
9522
9587
|
// Deprecated, kept for backward-compatibility
|
|
9523
9588
|
presence
|
|
@@ -9588,7 +9653,7 @@ var ManagedOthers = class {
|
|
|
9588
9653
|
* Records a known connection. This records the connection ID and the
|
|
9589
9654
|
* associated metadata.
|
|
9590
9655
|
*/
|
|
9591
|
-
setConnection(connectionId, metaUserId, metaUserInfo,
|
|
9656
|
+
setConnection(connectionId, metaUserId, metaUserInfo, access) {
|
|
9592
9657
|
this.#internal.mutate((state) => {
|
|
9593
9658
|
state.connections.set(
|
|
9594
9659
|
connectionId,
|
|
@@ -9596,7 +9661,7 @@ var ManagedOthers = class {
|
|
|
9596
9661
|
connectionId,
|
|
9597
9662
|
id: metaUserId,
|
|
9598
9663
|
info: metaUserInfo,
|
|
9599
|
-
|
|
9664
|
+
access
|
|
9600
9665
|
})
|
|
9601
9666
|
);
|
|
9602
9667
|
if (!state.presences.has(connectionId)) {
|
|
@@ -9749,6 +9814,14 @@ function defaultMessageFromContext(context) {
|
|
|
9749
9814
|
|
|
9750
9815
|
// src/room.ts
|
|
9751
9816
|
var FEEDS_TIMEOUT = 5e3;
|
|
9817
|
+
function connectionAccessFromScopes(scopes) {
|
|
9818
|
+
const roomPermissions = normalizeRoomPermissions(scopes);
|
|
9819
|
+
const matrix = permissionMatrixFromScopes(roomPermissions);
|
|
9820
|
+
return {
|
|
9821
|
+
canWrite: hasPermissionAccess(matrix, "storage", "write"),
|
|
9822
|
+
canComment: hasPermissionAccess(matrix, "comments", "write")
|
|
9823
|
+
};
|
|
9824
|
+
}
|
|
9752
9825
|
function makeIdFactory(connectionId) {
|
|
9753
9826
|
let count = 0;
|
|
9754
9827
|
return () => `${connectionId}:${count++}`;
|
|
@@ -10339,7 +10412,9 @@ function createRoom(options, config) {
|
|
|
10339
10412
|
context.dynamicSessionInfoSig.set({
|
|
10340
10413
|
actor: message.actor,
|
|
10341
10414
|
nonce: message.nonce,
|
|
10342
|
-
permissionMatrix: permissionMatrixFromScopes(
|
|
10415
|
+
permissionMatrix: permissionMatrixFromScopes(
|
|
10416
|
+
normalizeRoomPermissions(message.scopes)
|
|
10417
|
+
),
|
|
10343
10418
|
meta: message.meta
|
|
10344
10419
|
});
|
|
10345
10420
|
context.idFactory = makeIdFactory(message.actor);
|
|
@@ -10360,7 +10435,7 @@ function createRoom(options, config) {
|
|
|
10360
10435
|
connectionId,
|
|
10361
10436
|
user.id,
|
|
10362
10437
|
user.info,
|
|
10363
|
-
user.scopes
|
|
10438
|
+
connectionAccessFromScopes(user.scopes)
|
|
10364
10439
|
);
|
|
10365
10440
|
}
|
|
10366
10441
|
return { type: "reset" };
|
|
@@ -10380,7 +10455,7 @@ function createRoom(options, config) {
|
|
|
10380
10455
|
message.actor,
|
|
10381
10456
|
message.id,
|
|
10382
10457
|
message.info,
|
|
10383
|
-
message.scopes
|
|
10458
|
+
connectionAccessFromScopes(message.scopes)
|
|
10384
10459
|
);
|
|
10385
10460
|
context.buffer.messages.push({
|
|
10386
10461
|
type: ClientMsgCode.UPDATE_PRESENCE,
|
|
@@ -11746,7 +11821,6 @@ function createClient(options) {
|
|
|
11746
11821
|
),
|
|
11747
11822
|
authenticate: async () => {
|
|
11748
11823
|
const resp = await authManager.getAuthValue({
|
|
11749
|
-
// TODO: Should we have permissions for AI Copilots?
|
|
11750
11824
|
resource: "personal",
|
|
11751
11825
|
access: "write"
|
|
11752
11826
|
});
|
|
@@ -12713,5 +12787,6 @@ detectDupes(PKG_NAME, PKG_VERSION, PKG_FORMAT);
|
|
|
12713
12787
|
|
|
12714
12788
|
|
|
12715
12789
|
|
|
12716
|
-
|
|
12790
|
+
|
|
12791
|
+
exports.ClientMsgCode = ClientMsgCode; exports.CrdtType = CrdtType; exports.DefaultMap = DefaultMap; exports.Deque = Deque; exports.DerivedSignal = DerivedSignal; exports.FeedRequestErrorCode = FeedRequestErrorCode; exports.HttpError = HttpError; exports.LiveList = LiveList; exports.LiveMap = LiveMap; exports.LiveObject = LiveObject; exports.LiveblocksError = LiveblocksError; exports.MENTION_CHARACTER = MENTION_CHARACTER; exports.MutableSignal = MutableSignal; exports.OpCode = OpCode; exports.Permission = Permission; exports.Promise_withResolvers = Promise_withResolvers; exports.ServerMsgCode = ServerMsgCode; exports.Signal = Signal; exports.SortedList = SortedList; exports.TextEditorType = TextEditorType; exports.WebsocketCloseCodes = WebsocketCloseCodes; exports.asPos = asPos; exports.assert = assert; exports.assertNever = assertNever; exports.autoRetry = autoRetry; exports.b64decode = b64decode; exports.batch = batch; exports.checkBounds = checkBounds; exports.chunk = chunk; exports.cloneLson = cloneLson; exports.compactNodesToNodeStream = compactNodesToNodeStream; exports.compactObject = compactObject; exports.console = fancy_console_exports; exports.convertToCommentData = convertToCommentData; exports.convertToCommentUserReaction = convertToCommentUserReaction; exports.convertToGroupData = convertToGroupData; exports.convertToInboxNotificationData = convertToInboxNotificationData; exports.convertToSubscriptionData = convertToSubscriptionData; exports.convertToThreadData = convertToThreadData; exports.convertToUserSubscriptionData = convertToUserSubscriptionData; exports.createClient = createClient; exports.createCommentAttachmentId = createCommentAttachmentId; exports.createCommentId = createCommentId; exports.createInboxNotificationId = createInboxNotificationId; exports.createManagedPool = createManagedPool; exports.createNotificationSettings = createNotificationSettings; exports.createThreadId = createThreadId; exports.deepLiveify = deepLiveify; exports.defineAiTool = defineAiTool; exports.deprecate = deprecate; exports.deprecateIf = deprecateIf; exports.detectDupes = detectDupes; exports.entries = entries; exports.errorIf = errorIf; exports.findLastIndex = findLastIndex; exports.freeze = freeze; exports.generateUrl = generateUrl; exports.getMentionsFromCommentBody = getMentionsFromCommentBody; exports.getSubscriptionKey = getSubscriptionKey; exports.hasPermissionAccess = hasPermissionAccess; exports.html = html; exports.htmlSafe = htmlSafe; exports.isCommentBodyLink = isCommentBodyLink; exports.isCommentBodyMention = isCommentBodyMention; exports.isCommentBodyText = isCommentBodyText; exports.isJsonArray = isJsonArray; exports.isJsonObject = isJsonObject; exports.isJsonScalar = isJsonScalar; exports.isListStorageNode = isListStorageNode; exports.isLiveNode = isLiveNode; exports.isMapStorageNode = isMapStorageNode; exports.isNotificationChannelEnabled = isNotificationChannelEnabled; exports.isNumberOperator = isNumberOperator; exports.isObjectStorageNode = isObjectStorageNode; exports.isPlainObject = isPlainObject; exports.isRegisterStorageNode = isRegisterStorageNode; exports.isRootStorageNode = isRootStorageNode; exports.isStartsWithOperator = isStartsWithOperator; exports.isUrl = isUrl; exports.kInternal = kInternal; exports.keys = keys; exports.makeAbortController = makeAbortController; exports.makeEventSource = makeEventSource; exports.makePoller = makePoller; exports.makePosition = makePosition; exports.mapValues = mapValues; exports.memoizeOnSuccess = memoizeOnSuccess; exports.mergePermissionMatrices = mergePermissionMatrices; exports.mergeRoomPermissionScopes = mergeRoomPermissionScopes; exports.nanoid = nanoid; exports.nn = nn; exports.nodeStreamToCompactNodes = nodeStreamToCompactNodes; exports.normalizeRoomAccesses = normalizeRoomAccesses; exports.normalizeRoomPermissions = normalizeRoomPermissions; exports.normalizeUpdateRoomAccesses = normalizeUpdateRoomAccesses; exports.objectToQuery = objectToQuery; exports.patchNotificationSettings = patchNotificationSettings; exports.permissionMatrixFromScopes = permissionMatrixFromScopes; exports.permissionMatrixToScopes = permissionMatrixToScopes; exports.raise = raise; exports.resolveMentionsInCommentBody = resolveMentionsInCommentBody; exports.sanitizeUrl = sanitizeUrl; exports.shallow = shallow; exports.shallow2 = shallow2; exports.stableStringify = stableStringify; exports.stringifyCommentBody = stringifyCommentBody; exports.throwUsageError = throwUsageError; exports.toPlainLson = toPlainLson; exports.tryParseJson = tryParseJson; exports.url = url; exports.urljoin = urljoin; exports.validatePermissionsSet = validatePermissionsSet; exports.wait = wait; exports.warnOnce = warnOnce; exports.warnOnceIf = warnOnceIf; exports.withTimeout = withTimeout;
|
|
12717
12792
|
//# sourceMappingURL=index.cjs.map
|