@minimaltech/node-infra 0.2.27

package/dist/components/authorize/interceptor.js

@@ -0,0 +1,121 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var AuthorizateInterceptor_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizateInterceptor = void 0;
+const core_1 = require("@loopback/core");
+const security_1 = require("@loopback/security");
+const authorization_1 = require("@loopback/authorization");
+const helpers_1 = require("../../helpers");
+let AuthorizateInterceptor = AuthorizateInterceptor_1 = class AuthorizateInterceptor {
+    constructor(options = {}) {
+        this.options = Object.assign({ defaultDecision: authorization_1.AuthorizationDecision.DENY, precedence: authorization_1.AuthorizationDecision.DENY, defaultStatusCodeForDeny: 403 }, options);
+        this.logger = helpers_1.LoggerFactory.getLogger([AuthorizateInterceptor_1.name]);
+    }
+    value() {
+        return this.intercept.bind(this);
+    }
+    intercept(invocationCtx, next) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            let metadata = (0, authorization_1.getAuthorizationMetadata)(invocationCtx.target, invocationCtx.methodName);
+            const description = invocationCtx.description;
+            if (!metadata) {
+                this.logger.debug('[intercept] No authorization metadata is found for %s', description);
+            }
+            metadata = metadata !== null && metadata !== void 0 ? metadata : this.options.defaultMetadata;
+            if (!metadata || (metadata === null || metadata === void 0 ? void 0 : metadata.skip)) {
+                this.logger.debug('[intercept] Authorization is skipped for %s', description);
+                const result = yield next();
+                return result;
+            }
+            this.logger.debug('[intercept] Authorization metadata for %s', description);
+            // retrieve it from authentication module
+            const user = yield invocationCtx.get(security_1.SecurityBindings.USER, {
+                optional: true,
+            });
+            this.logger.debug('[intercept] Current user: %s', user);
+            const authorizationCtx = {
+                principals: user
+                    ? [
+                        Object.assign(Object.assign({}, user), { name: (_a = user.name) !== null && _a !== void 0 ? _a : user[security_1.securityId], type: 'USER' }),
+                    ]
+                    : [],
+                roles: [],
+                scopes: [],
+                resource: invocationCtx.targetName,
+                invocationContext: invocationCtx,
+            };
+            this.logger.debug('[intercept] Security context for %s', description);
+            const authorizers = yield loadAuthorizers(invocationCtx);
+            let finalDecision = this.options.defaultDecision;
+            for (const fn of authorizers) {
+                const decision = yield fn(authorizationCtx, metadata);
+                this.logger.debug('[intercept] Decision: %s', decision);
+                if (decision && decision !== authorization_1.AuthorizationDecision.ABSTAIN) {
+                    finalDecision = decision;
+                }
+                if (decision === authorization_1.AuthorizationDecision.DENY && this.options.precedence === authorization_1.AuthorizationDecision.DENY) {
+                    this.logger.debug('[intercept] Access denied');
+                    const error = new authorization_1.AuthorizationError('Access denied');
+                    error.statusCode = this.options.defaultStatusCodeForDeny;
+                    throw error;
+                }
+                if (decision === authorization_1.AuthorizationDecision.ALLOW && this.options.precedence === authorization_1.AuthorizationDecision.ALLOW) {
+                    this.logger.debug('[intercept] Access allowed');
+                    break;
+                }
+            }
+            this.logger.debug('[intercept] Final decision: %s', finalDecision);
+            if (finalDecision === authorization_1.AuthorizationDecision.DENY) {
+                const error = new authorization_1.AuthorizationError('Access denied');
+                error.statusCode = this.options.defaultStatusCodeForDeny;
+                throw error;
+            }
+            return next();
+        });
+    }
+};
+exports.AuthorizateInterceptor = AuthorizateInterceptor;
+exports.AuthorizateInterceptor = AuthorizateInterceptor = AuthorizateInterceptor_1 = __decorate([
+    (0, core_1.injectable)((0, core_1.asGlobalInterceptor)('authorization')),
+    __param(0, (0, core_1.config)({ fromBinding: authorization_1.AuthorizationBindings.COMPONENT })),
+    __metadata("design:paramtypes", [Object])
+], AuthorizateInterceptor);
+function loadAuthorizers(ctx) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const authorizerFunctions = [];
+        const bindings = ctx.findByTag(authorization_1.AuthorizationTags.AUTHORIZER);
+        const authorizers = bindings.map(b => b.key);
+        for (const keyOrFn of authorizers) {
+            if (typeof keyOrFn === 'function') {
+                authorizerFunctions.push(keyOrFn);
+                continue;
+            }
+            const fn = yield ctx.get(keyOrFn);
+            authorizerFunctions.push(fn);
+        }
+        return authorizerFunctions;
+    });
+}
+//# sourceMappingURL=interceptor.js.map

package/dist/components/authorize/interceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interceptor.js","sourceRoot":"","sources":["../../../src/components/authorize/interceptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAWwB;AACxB,iDAA+E;AAC/E,2DASiC;AACjC,uCAA6D;AAGtD,IAAM,sBAAsB,8BAA5B,MAAM,sBAAsB;IAIjC,YAEE,UAAgC,EAAE;QAElC,IAAI,CAAC,OAAO,mBACV,eAAe,EAAE,qCAAqB,CAAC,IAAI,EAC3C,UAAU,EAAE,qCAAqB,CAAC,IAAI,EACtC,wBAAwB,EAAE,GAAG,IAC1B,OAAO,CACX,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,uBAAa,CAAC,SAAS,CAAC,CAAC,wBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAEK,SAAS,CAAC,aAAgC,EAAE,IAAU;;;YAC1D,IAAI,QAAQ,GAAG,IAAA,wCAAwB,EAAC,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;YAExF,MAAM,WAAW,GAAG,aAAa,CAAC,WAAW,CAAC;YAC9C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uDAAuD,EAAE,WAAW,CAAC,CAAC;YAC1F,CAAC;YAED,QAAQ,GAAG,QAAQ,aAAR,QAAQ,cAAR,QAAQ,GAAI,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC;YACpD,IAAI,CAAC,QAAQ,KAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,CAAA,EAAE,CAAC;gBAChC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6CAA6C,EAAE,WAAW,CAAC,CAAC;gBAC9E,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;gBAC5B,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE,WAAW,CAAC,CAAC;YAE5E,yCAAyC;YACzC,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,GAAG,CAAc,2BAAgB,CAAC,IAAI,EAAE;gBACvE,QAAQ,EAAE,IAAI;aACf,CAAC,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,IAAI,CAAC,CAAC;YAExD,MAAM,gBAAgB,GAAyB;gBAC7C,UAAU,EAAE,IAAI;oBACd,CAAC,CAAC;wDAEO,IAAI,KACP,IAAI,EAAE,MAAA,IAAI,CAAC,IAAI,mCAAI,IAAI,CAAC,qBAAU,CAAC,EACnC,IAAI,EAAE,MAAM;qBAEf;oBACH,CAAC,CAAC,EAAE;gBACN,KAAK,EAAE,EAAE;gBACT,MAAM,EAAE,EAAE;gBACV,QAAQ,EAAE,aAAa,CAAC,UAAU;gBAClC,iBAAiB,EAAE,aAAa;aACjC,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,EAAE,WAAW,CAAC,CAAC;YACtE,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,aAAa,CAAC,CAAC;YAEzD,IAAI,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC;YACjD,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;gBAC7B,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;gBACtD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,QAAQ,CAAC,CAAC;gBAExD,IAAI,QAAQ,IAAI,QAAQ,KAAK,qCAAqB,CAAC,OAAO,EAAE,CAAC;oBAC3D,aAAa,GAAG,QAAQ,CAAC;gBAC3B,CAAC;gBAED,IAAI,QAAQ,KAAK,qCAAqB,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,KAAK,qCAAqB,CAAC,IAAI,EAAE,CAAC;oBACtG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;oBAC/C,MAAM,KAAK,GAAG,IAAI,kCAAkB,CAAC,eAAe,CAAC,CAAC;oBACtD,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC;oBACzD,MAAM,KAAK,CAAC;gBACd,CAAC;gBAED,IAAI,QAAQ,KAAK,qCAAqB,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,KAAK,qCAAqB,CAAC,KAAK,EAAE,CAAC;oBACxG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;oBAChD,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE,aAAa,CAAC,CAAC;YACnE,IAAI,aAAa,KAAK,qCAAqB,CAAC,IAAI,EAAE,CAAC;gBACjD,MAAM,KAAK,GAAG,IAAI,kCAAkB,CAAC,eAAe,CAAC,CAAC;gBACtD,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC;gBACzD,MAAM,KAAK,CAAC;YACd,CAAC;YAED,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;KAAA;CACF,CAAA;AA7FY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,iBAAU,EAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC;IAM5C,WAAA,IAAA,aAAM,EAAC,EAAE,WAAW,EAAE,qCAAqB,CAAC,SAAS,EAAE,CAAC,CAAA;;GALhD,sBAAsB,CA6FlC;AAED,SAAe,eAAe,CAAC,GAAY;;QACzC,MAAM,mBAAmB,GAAiB,EAAE,CAAC;QAC7C,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAa,iCAAiB,CAAC,UAAU,CAAC,CAAC;QACzE,MAAM,WAAW,GAAgD,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAE1F,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;YAClC,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;gBAClC,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAClC,SAAS;YACX,CAAC;YAED,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAClC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/B,CAAC;QAED,OAAO,mBAAmB,CAAC;IAC7B,CAAC;CAAA"}

package/dist/components/authorize/migrations/0000-create-view-policy.d.ts

@@ -0,0 +1,7 @@
+import { BaseApplication } from '../../../base/applications';
+export declare const createViewPolicy: (opts: {
+    datasourceKey: string;
+}) => {
+    name: string;
+    fn: (application: BaseApplication) => Promise<void>;
+};

package/dist/components/authorize/migrations/0000-create-view-policy.js

@@ -0,0 +1,83 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createViewPolicy = void 0;
+const constants_1 = require("../../../components/authorize/common/constants");
+const helpers_1 = require("../../../helpers");
+const utilities_1 = require("../../../utilities");
+const isEmpty_1 = __importDefault(require("lodash/isEmpty"));
+const sqls = [
+    // UUID
+    `CREATE EXTENSION IF NOT EXISTS "uuid-ossp"`,
+    // View policies
+    'DROP VIEW IF EXISTS "ViewAuthorizePolicy";',
+    `CREATE OR REPLACE VIEW "ViewAuthorizePolicy"
+  AS (
+  SELECT
+      uuid_generate_v4() as id,
+      (t.subject_type || '_' || t.subject_id) as subject,
+      t.subject_type,
+      t.subject_id,
+      json_agg(t.policy)::JSONB as policies
+  FROM (
+      SELECT
+          pm.id as id,
+          (CASE
+              WHEN user_id IS NOT NULL THEN '${constants_1.EnforcerDefinitions.PREFIX_USER}'
+              WHEN role_id IS NOT NULL THEN '${constants_1.EnforcerDefinitions.PREFIX_ROLE}'
+              ELSE NULL
+          END) AS subject_type,
+          (CASE
+              WHEN user_id IS NOT NULL THEN user_id
+              WHEN role_id IS NOT NULL THEN role_id
+              ELSE NULL
+          END) AS subject_id,
+          p.id AS permision_id,
+          p.code AS permision_code,
+          (CASE
+              WHEN user_id IS NOT NULL THEN
+                  'p,${constants_1.EnforcerDefinitions.PREFIX_USER}_' || user_id || ',' || LOWER(p.code) || ',${constants_1.EnforcerDefinitions.ACTION_EXECUTE},' || effect
+              WHEN role_id IS NOT NULL THEN
+                  'p,${constants_1.EnforcerDefinitions.PREFIX_ROLE}_' || role_id || ',' || LOWER(p.code) || ',${constants_1.EnforcerDefinitions.ACTION_EXECUTE},' || effect
+              ELSE NULL
+          END) AS policy
+      FROM "PermissionMapping" AS pm INNER JOIN "Permission" AS p ON pm.permission_id = p.id
+  ) AS t GROUP BY t.subject_type, t.subject_id, subject);`,
+];
+const createViewPolicy = (opts) => ({
+    name: __filename.slice(__dirname.length + 1),
+    fn: (application) => __awaiter(void 0, void 0, void 0, function* () {
+        if (!opts.datasourceKey || (0, isEmpty_1.default)(opts.datasourceKey)) {
+            throw (0, utilities_1.getError)({
+                statusCode: 500,
+                message: '[createViewPolicy] Invalid datasourceKey to execute migration!',
+            });
+        }
+        const { datasourceKey } = opts;
+        const datasource = application.getSync(datasourceKey);
+        if (!datasource) {
+            throw (0, utilities_1.getError)({
+                statusCode: 500,
+                message: `[createViewPolicy] Cannot find datasource with key ${datasourceKey} to execute migration!`,
+            });
+        }
+        for (const sql of sqls) {
+            helpers_1.applicationLogger.info('[creatViewPolicy] START | Execute SQL: %s', sql);
+            yield datasource.execute(sql);
+            helpers_1.applicationLogger.info('[createViewPolicy] DONE | Execute SQL: %s', sql);
+        }
+    }),
+});
+exports.createViewPolicy = createViewPolicy;
+//# sourceMappingURL=0000-create-view-policy.js.map

package/dist/components/authorize/migrations/0000-create-view-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"0000-create-view-policy.js","sourceRoot":"","sources":["../../../../src/components/authorize/migrations/0000-create-view-policy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAEA,uEAA8E;AAC9E,uCAA8C;AAC9C,2CAAuC;AACvC,6DAAqC;AAErC,MAAM,IAAI,GAAG;IACX,OAAO;IACP,4CAA4C;IAE5C,gBAAgB;IAChB,4CAA4C;IAC5C;;;;;;;;;;;;+CAY6C,+BAAmB,CAAC,WAAW;+CAC/B,+BAAmB,CAAC,WAAW;;;;;;;;;;;;uBAYvD,+BAAmB,CAAC,WAAW,8CAA8C,+BAAmB,CAAC,cAAc;;uBAE/G,+BAAmB,CAAC,WAAW,8CAA8C,+BAAmB,CAAC,cAAc;;;;0DAI5E;CACzD,CAAC;AAEK,MAAM,gBAAgB,GAAG,CAAC,IAA+B,EAAE,EAAE,CAAC,CAAC;IACpE,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;IAC5C,EAAE,EAAE,CAAO,WAA4B,EAAE,EAAE;QACzC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,IAAA,iBAAO,EAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;YACvD,MAAM,IAAA,oBAAQ,EAAC;gBACb,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,gEAAgE;aAC1E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;QAC/B,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAiB,aAAa,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAA,oBAAQ,EAAC;gBACb,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,sDAAsD,aAAa,wBAAwB;aACrG,CAAC,CAAC;QACL,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,2BAAiB,CAAC,IAAI,CAAC,2CAA2C,EAAE,GAAG,CAAC,CAAC;YACzE,MAAM,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC9B,2BAAiB,CAAC,IAAI,CAAC,2CAA2C,EAAE,GAAG,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC,CAAA;CACF,CAAC,CAAC;AAzBU,QAAA,gBAAgB,oBAyB1B"}

package/dist/components/authorize/migrations/index.d.ts

@@ -0,0 +1 @@
+export * from './0000-create-view-policy';

package/dist/components/authorize/migrations/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./0000-create-view-policy"), exports);
+//# sourceMappingURL=index.js.map

package/dist/components/authorize/migrations/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/components/authorize/migrations/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4DAA0C"}

package/dist/components/authorize/models/defs.d.ts

@@ -0,0 +1,173 @@
+import { AnyObject } from '../../../common';
+export declare const defineUser: () => {
+    new (data?: Partial<{
+        realm?: string;
+        status: string;
+        userType?: string;
+        activatedAt?: Date;
+        lastLoginAt?: Date;
+        parentId: number;
+        createdAt: Date;
+        modifiedAt: Date;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        id: number;
+    }>): {
+        realm?: string;
+        status: string;
+        userType?: string;
+        activatedAt?: Date;
+        lastLoginAt?: Date;
+        parentId: number;
+        createdAt: Date;
+        modifiedAt: Date;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        id: number;
+    };
+    getIdProperties(): string[];
+    getIdOf(entityOrData: import("@loopback/repository").AnyObject): any;
+    buildWhereForId(id: any): any;
+    readonly modelName: string;
+    definition: import("@loopback/repository").ModelDefinition;
+};
+export declare const defineRole: () => {
+    new (data?: Partial<{
+        identifier: string;
+        name: string;
+        description?: string;
+        priority: number;
+        status: string;
+        createdAt: Date;
+        modifiedAt: Date;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        id: number;
+    }>): {
+        identifier: string;
+        name: string;
+        description?: string;
+        priority: number;
+        status: string;
+        createdAt: Date;
+        modifiedAt: Date;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        id: number;
+    };
+    getIdProperties(): string[];
+    getIdOf(entityOrData: import("@loopback/repository").AnyObject): any;
+    buildWhereForId(id: any): any;
+    readonly modelName: string;
+    definition: import("@loopback/repository").ModelDefinition;
+};
+export declare const definePermission: <T extends AnyObject = AnyObject>() => {
+    new (data?: Partial<{
+        code: string;
+        name: string;
+        subject: string;
+        pType: string;
+        action: string;
+        scope?: string;
+        parentId: number;
+        details: T;
+        createdAt: Date;
+        modifiedAt: Date;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        id: number;
+    }>): {
+        code: string;
+        name: string;
+        subject: string;
+        pType: string;
+        action: string;
+        scope?: string;
+        parentId: number;
+        details: T;
+        createdAt: Date;
+        modifiedAt: Date;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        id: number;
+    };
+    getIdProperties(): string[];
+    getIdOf(entityOrData: import("@loopback/repository").AnyObject): any;
+    buildWhereForId(id: any): any;
+    readonly modelName: string;
+    definition: import("@loopback/repository").ModelDefinition;
+};
+export declare const definePermissionMapping: () => {
+    new (data?: Partial<{
+        userId?: number;
+        roleId: number;
+        permissionId: number;
+        effect: string;
+        createdAt: Date;
+        modifiedAt: Date;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        id: number;
+    }>): {
+        userId?: number;
+        roleId: number;
+        permissionId: number;
+        effect: string;
+        createdAt: Date;
+        modifiedAt: Date;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        id: number;
+    };
+    getIdProperties(): string[];
+    getIdOf(entityOrData: import("@loopback/repository").AnyObject): any;
+    buildWhereForId(id: any): any;
+    readonly modelName: string;
+    definition: import("@loopback/repository").ModelDefinition;
+};
+export declare const defineUserRole: () => {
+    new (data?: Partial<{
+        userId: number;
+        principalType?: string;
+        principalId?: import("../../../common").IdType;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        createdAt: Date;
+        modifiedAt: Date;
+        id: number;
+    }>): {
+        userId: number;
+        principalType?: string;
+        principalId?: import("../../../common").IdType;
+        getId: () => any;
+        getIdObject: () => Object;
+        toJSON: () => Object;
+        toObject: (options?: import("@loopback/repository").Options) => Object;
+        createdAt: Date;
+        modifiedAt: Date;
+        id: number;
+    };
+    getIdProperties(): string[];
+    getIdOf(entityOrData: import("@loopback/repository").AnyObject): any;
+    buildWhereForId(id: any): any;
+    readonly modelName: string;
+    definition: import("@loopback/repository").ModelDefinition;
+};

package/dist/components/authorize/models/defs.js

@@ -0,0 +1,243 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defineUserRole = exports.definePermissionMapping = exports.definePermission = exports.defineRole = exports.defineUser = void 0;
+const base_model_1 = require("../../../base/base.model");
+const common_1 = require("../../../common");
+const mixins_1 = require("../../../mixins");
+const repository_1 = require("@loopback/repository");
+// -----------------------------------------------------------------------
+const defineUser = () => {
+    class User extends base_model_1.BaseTzEntity {
+        constructor(data) {
+            super(data);
+        }
+    }
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+        }),
+        __metadata("design:type", String)
+    ], User.prototype, "realm", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+            default: common_1.UserStatuses.UNKNOWN,
+            postgresql: {
+                columnName: 'status',
+                dataType: 'text',
+            },
+        }),
+        __metadata("design:type", String)
+    ], User.prototype, "status", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+            default: common_1.UserTypes.SYSTEM,
+            postgresql: {
+                columnName: 'user_type',
+                dataType: 'text',
+            },
+        }),
+        __metadata("design:type", String)
+    ], User.prototype, "userType", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'date',
+            postgresql: {
+                columnName: 'activated_at',
+                dataType: 'TIMESTAMPTZ',
+            },
+        }),
+        __metadata("design:type", Date)
+    ], User.prototype, "activatedAt", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'date',
+            postgresql: {
+                columnName: 'last_login_at',
+                dataType: 'TIMESTAMPTZ',
+            },
+        }),
+        __metadata("design:type", Date)
+    ], User.prototype, "lastLoginAt", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'number',
+            postgresql: {
+                columnName: 'parent_id',
+            },
+        }),
+        __metadata("design:type", Number)
+    ], User.prototype, "parentId", void 0);
+    return User;
+};
+exports.defineUser = defineUser;
+// -----------------------------------------------------------------------
+const defineRole = () => {
+    class Role extends base_model_1.BaseTzEntity {
+        constructor(data) {
+            super(data);
+        }
+    }
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+            require: true,
+        }),
+        __metadata("design:type", String)
+    ], Role.prototype, "identifier", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+            require: true,
+        }),
+        __metadata("design:type", String)
+    ], Role.prototype, "name", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+        }),
+        __metadata("design:type", String)
+    ], Role.prototype, "description", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'number',
+        }),
+        __metadata("design:type", Number)
+    ], Role.prototype, "priority", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+            default: common_1.RoleStatuses.ACTIVATED,
+        }),
+        __metadata("design:type", String)
+    ], Role.prototype, "status", void 0);
+    return Role;
+};
+exports.defineRole = defineRole;
+// -----------------------------------------------------------------------
+const definePermission = () => {
+    class Permission extends base_model_1.BaseTzEntity {
+        constructor(data) {
+            super(data);
+        }
+    }
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+        }),
+        __metadata("design:type", String)
+    ], Permission.prototype, "code", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+        }),
+        __metadata("design:type", String)
+    ], Permission.prototype, "name", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+        }),
+        __metadata("design:type", String)
+    ], Permission.prototype, "subject", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+            postgresql: { columnName: 'p_type' },
+        }),
+        __metadata("design:type", String)
+    ], Permission.prototype, "pType", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+        }),
+        __metadata("design:type", String)
+    ], Permission.prototype, "action", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'string',
+        }),
+        __metadata("design:type", String)
+    ], Permission.prototype, "scope", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'number',
+            postgresql: { columnName: 'parent_id' },
+        }),
+        __metadata("design:type", Number)
+    ], Permission.prototype, "parentId", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'object',
+            postgresql: {
+                columnName: 'details',
+                dataType: 'jsonb',
+            },
+        }),
+        __metadata("design:type", Object)
+    ], Permission.prototype, "details", void 0);
+    return Permission;
+};
+exports.definePermission = definePermission;
+// -----------------------------------------------------------------------
+const definePermissionMapping = () => {
+    class PermissionMapping extends base_model_1.BaseTzEntity {
+        constructor(data) {
+            super(data);
+        }
+    }
+    __decorate([
+        (0, repository_1.property)({
+            type: 'number',
+            postgresql: { columnName: 'user_id' },
+        }),
+        __metadata("design:type", Number)
+    ], PermissionMapping.prototype, "userId", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'number',
+            postgresql: { columnName: 'role_id' },
+        }),
+        __metadata("design:type", Number)
+    ], PermissionMapping.prototype, "roleId", void 0);
+    __decorate([
+        (0, repository_1.property)({
+            type: 'number',
+            postgresql: { columnName: 'permission_id' },
+        }),
+        __metadata("design:type", Number)
+    ], PermissionMapping.prototype, "permissionId", void 0);
+    __decorate([
+        (0, repository_1.property)({ type: 'string' }),
+        __metadata("design:type", String)
+    ], PermissionMapping.prototype, "effect", void 0);
+    return PermissionMapping;
+};
+exports.definePermissionMapping = definePermissionMapping;
+// -----------------------------------------------------------------------
+const defineUserRole = () => {
+    class UserRole extends (0, mixins_1.PrincipalMixin)(base_model_1.BaseTzEntity, 'Role', 'number') {
+        constructor(data) {
+            super(data);
+        }
+    }
+    __decorate([
+        (0, repository_1.property)({
+            type: 'number',
+            postgresql: { columnName: 'user_id' },
+        }),
+        __metadata("design:type", Number)
+    ], UserRole.prototype, "userId", void 0);
+    return UserRole;
+};
+exports.defineUserRole = defineUserRole;
+//# sourceMappingURL=defs.js.map