npm - @minimaltech/node-infra - Versions diffs - 0.5.9-2 → 0.5.9-21 - Mend

@minimaltech/node-infra 0.5.9-2 → 0.5.9-21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (582) hide show

package/dist/components/authorize/models/permission.model.js CHANGED Viewed

@@ -31,4 +31,3 @@ exports.Permission = Permission = __decorate([
     }),
     __metadata("design:paramtypes", [Object])
 ], Permission);
-//# sourceMappingURL=permission.model.js.map

package/dist/components/authorize/models/role.model.d.ts CHANGED Viewed

@@ -30,7 +30,7 @@ declare const BaseRole: {
     getIdProperties(): string[];
     getIdOf(entityOrData: import("@loopback/repository").AnyObject): any;
     buildWhereForId(id: any): any;
-    readonly modelName: string;
+    get modelName(): string;
     definition: import("@loopback/repository").ModelDefinition;
 };
 export declare class Role extends BaseRole {

package/dist/components/authorize/models/role.model.js CHANGED Viewed

@@ -14,8 +14,8 @@ const repository_1 = require("@loopback/repository");
 const _1 = require(".");
 const defs_1 = require("./defs");
 const BaseRole = (0, defs_1.defineRole)();
-// ---------------------------------------------------------------
 let Role = class Role extends BaseRole {
+    permissions;
     constructor(data) {
         super(data);
     }
@@ -43,4 +43,3 @@ exports.Role = Role = __decorate([
     }),
     __metadata("design:paramtypes", [Object])
 ], Role);
-//# sourceMappingURL=role.model.js.map

package/dist/components/authorize/models/user-role.model.d.ts CHANGED Viewed

@@ -25,7 +25,7 @@ declare const BaseUserRole: {
     getIdProperties(): string[];
     getIdOf(entityOrData: import("@loopback/repository").AnyObject): any;
     buildWhereForId(id: any): any;
-    readonly modelName: string;
+    get modelName(): string;
     definition: import("@loopback/repository").ModelDefinition;
 };
 export declare class UserRole extends BaseUserRole {

package/dist/components/authorize/models/user-role.model.js CHANGED Viewed

@@ -13,7 +13,6 @@ exports.UserRole = void 0;
 const repository_1 = require("@loopback/repository");
 const defs_1 = require("./defs");
 const BaseUserRole = (0, defs_1.defineUserRole)();
-// ---------------------------------------------------------------
 let UserRole = class UserRole extends BaseUserRole {
     constructor(data) {
         super(data);
@@ -32,4 +31,3 @@ exports.UserRole = UserRole = __decorate([
     }),
     __metadata("design:paramtypes", [Object])
 ], UserRole);
-//# sourceMappingURL=user-role.model.js.map

package/dist/components/authorize/models/view-authorize-policy.model.js CHANGED Viewed

@@ -12,8 +12,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ViewAuthorizePolicy = void 0;
 const models_1 = require("../../../base/models");
 const repository_1 = require("@loopback/repository");
-// ---------------------------------------------------------------
 let ViewAuthorizePolicy = class ViewAuthorizePolicy extends models_1.BaseEntity {
+    id;
+    subject;
+    subjectType;
+    subjectId;
     constructor(data) {
         super(data);
     }
@@ -67,4 +70,3 @@ exports.ViewAuthorizePolicy = ViewAuthorizePolicy = __decorate([
     }),
     __metadata("design:paramtypes", [Object])
 ], ViewAuthorizePolicy);
-//# sourceMappingURL=view-authorize-policy.model.js.map

package/dist/components/authorize/provider.js CHANGED Viewed

@@ -11,15 +11,6 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -35,6 +26,10 @@ const isEmpty_1 = __importDefault(require("lodash/isEmpty"));
 const common_1 = require("./common");
 const services_1 = require("./services");
 let AuthorizeProvider = AuthorizeProvider_1 = class AuthorizeProvider {
+    enforcerService;
+    alwaysAllowRoles;
+    normalizePayloadFn;
+    logger;
     constructor(enforcerService, alwaysAllowRoles, normalizePayloadFn) {
         this.enforcerService = enforcerService;
         this.alwaysAllowRoles = alwaysAllowRoles;
@@ -44,107 +39,97 @@ let AuthorizeProvider = AuthorizeProvider_1 = class AuthorizeProvider {
     value() {
         return this.authorize.bind(this);
     }
-    // -------------------------------------------------------------------------------------------------------------------
     normalizeEnforcePayload(opts) {
-        var _a, _b, _c;
         const { subject, object, scope } = opts;
         return {
-            subject: (subject === null || subject === void 0 ? void 0 : subject.toLowerCase()) || '',
-            object: (_a = scope === null || scope === void 0 ? void 0 : scope.toLowerCase()) !== null && _a !== void 0 ? _a : (_c = (_b = ((object === null || object === void 0 ? void 0 : object.toLowerCase()) || '')) === null || _b === void 0 ? void 0 : _b.replace(/controller/g, '')) === null || _c === void 0 ? void 0 : _c.replace(/.prototype/g, ''),
+            subject: subject?.toLowerCase() || '',
+            object: scope?.toLowerCase() ??
+                (object?.toLowerCase() || '')?.replace(/controller/g, '')?.replace(/.prototype/g, ''),
             action: common_1.EnforcerDefinitions.ACTION_EXECUTE,
         };
     }
-    // -------------------------------------------------------------------------------------------------------------------
-    authorizePermission(userId, object, scopes) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a, _b, _c, _d;
-            let isSingleAuthRs = false;
-            let isScopeAuthRs = true;
-            const enforcer = yield this.enforcerService.getTypeEnforcer(userId);
-            if (!enforcer) {
-                this.logger.debug('[authorizePermission] Skip authorization for NULL enforcer!');
-                return false;
-            }
-            const subject = `${common_1.EnforcerDefinitions.PREFIX_USER}_${userId}`;
-            for (const scope of scopes !== null && scopes !== void 0 ? scopes : []) {
-                const enforcePayload = (_b = (_a = this.normalizePayloadFn) === null || _a === void 0 ? void 0 : _a.call(this, { subject, object, scope })) !== null && _b !== void 0 ? _b : this.normalizeEnforcePayload({ subject, object, scope });
-                isScopeAuthRs = yield enforcer.enforce(enforcePayload.subject, enforcePayload.object, enforcePayload.action);
-                this.logger.debug('[authorizePermission] Payload: %j | scopeAuthRs: %s', enforcePayload, isScopeAuthRs);
-                if (!isScopeAuthRs) {
-                    this.logger.debug('[authorizePermission] Permission denied | Payload: %j', enforcePayload);
-                    break;
-                }
-            }
+    async authorizePermission(userId, object, scopes) {
+        let isSingleAuthRs = false;
+        let isScopeAuthRs = true;
+        const enforcer = await this.enforcerService.getTypeEnforcer(userId);
+        if (!enforcer) {
+            this.logger.debug('[authorizePermission] Skip authorization for NULL enforcer!');
+            return false;
+        }
+        const subject = `${common_1.EnforcerDefinitions.PREFIX_USER}_${userId}`;
+        for (const scope of scopes ?? []) {
+            const enforcePayload = this.normalizePayloadFn?.({ subject, object, scope }) ??
+                this.normalizeEnforcePayload({ subject, object, scope });
+            isScopeAuthRs = await enforcer.enforce(enforcePayload.subject, enforcePayload.object, enforcePayload.action);
+            this.logger.debug('[authorizePermission] Payload: %j | scopeAuthRs: %s', enforcePayload, isScopeAuthRs);
             if (!isScopeAuthRs) {
-                return isScopeAuthRs;
+                this.logger.debug('[authorizePermission] Permission denied | Payload: %j', enforcePayload);
+                break;
             }
-            if (object) {
-                const enforcePayload = (_d = (_c = this.normalizePayloadFn) === null || _c === void 0 ? void 0 : _c.call(this, { subject, object })) !== null && _d !== void 0 ? _d : this.normalizeEnforcePayload({ subject, object });
-                isSingleAuthRs = yield enforcer.enforce(enforcePayload.subject, enforcePayload.object, enforcePayload.action);
-                this.logger.debug('[authorizePermission] Payload: %j | singleAuthRs: %s', enforcePayload, isSingleAuthRs);
-            }
-            return isScopeAuthRs && isSingleAuthRs;
-        });
+        }
+        if (!isScopeAuthRs) {
+            return isScopeAuthRs;
+        }
+        if (object) {
+            const enforcePayload = this.normalizePayloadFn?.({ subject, object }) ??
+                this.normalizeEnforcePayload({ subject, object });
+            isSingleAuthRs = await enforcer.enforce(enforcePayload.subject, enforcePayload.object, enforcePayload.action);
+            this.logger.debug('[authorizePermission] Payload: %j | singleAuthRs: %s', enforcePayload, isSingleAuthRs);
+        }
+        return isScopeAuthRs && isSingleAuthRs;
     }
-    // -------------------------------------------------------------------------------------------------------------------
-    authorize(context, metadata) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a, _b;
-            const t = new Date().getTime();
-            if ((context === null || context === void 0 ? void 0 : context.principals.length) <= 0) {
-                return authorization_1.AuthorizationDecision.DENY;
+    async authorize(context, metadata) {
+        const t = new Date().getTime();
+        if (context?.principals.length <= 0) {
+            return authorization_1.AuthorizationDecision.DENY;
+        }
+        const { userId, roles: encodedRoles } = context.principals[0];
+        const roleIds = [];
+        const roleIdentifiers = [];
+        const roles = [];
+        for (const encodedRole of encodedRoles) {
+            if (!encodedRole || (0, isEmpty_1.default)(encodedRole)) {
+                continue;
             }
-            const { userId, roles: encodedRoles } = context.principals[0];
-            const roleIds = [];
-            const roleIdentifiers = [];
-            const roles = [];
-            for (const encodedRole of encodedRoles) {
-                if (!encodedRole || (0, isEmpty_1.default)(encodedRole)) {
-                    continue;
+            const { id, identifier } = encodedRole;
+            roleIds.push((0, utilities_1.int)(id));
+            roleIdentifiers.push(identifier);
+            roles.push({ id, identifier });
+        }
+        if (!userId || !roles?.length) {
+            return authorization_1.AuthorizationDecision.DENY;
+        }
+        const { resource, allowedRoles = [], scopes, voters } = metadata;
+        const requestResource = resource ?? context.resource;
+        if ((0, intersection_1.default)(this.alwaysAllowRoles, roleIdentifiers)?.length > 0 ||
+            (0, intersection_1.default)(allowedRoles, roleIdentifiers)?.length > 0) {
+            return authorization_1.AuthorizationDecision.ALLOW;
+        }
+        if (voters && voters?.length > 0) {
+            const voterRs = await Promise.all(voters?.map(el => {
+                switch (typeof el) {
+                    case 'function': {
+                        return el?.(context, metadata);
+                    }
+                    default: {
+                        throw (0, utilities_1.getError)({
+                            message: '[authorize][voter] voter implementation must be function type!',
+                        });
+                    }
                 }
-                const { id, identifier } = encodedRole;
-                roleIds.push((0, utilities_1.int)(id));
-                roleIdentifiers.push(identifier);
-                roles.push({ id, identifier });
-            }
-            // DENY all unknown user and unknow roles
-            if (!userId || !(roles === null || roles === void 0 ? void 0 : roles.length)) {
-                return authorization_1.AuthorizationDecision.DENY;
-            }
-            const { resource, allowedRoles = [], scopes, voters } = metadata;
-            const requestResource = resource !== null && resource !== void 0 ? resource : context.resource;
-            // Verify static roles
-            if (((_a = (0, intersection_1.default)(this.alwaysAllowRoles, roleIdentifiers)) === null || _a === void 0 ? void 0 : _a.length) > 0 ||
-                ((_b = (0, intersection_1.default)(allowedRoles, roleIdentifiers)) === null || _b === void 0 ? void 0 : _b.length) > 0) {
+            }));
+            const voterSet = new Set(voterRs);
+            if (voterSet.size === 1 && voterSet.has(authorization_1.AuthorizationDecision.ALLOW)) {
                 return authorization_1.AuthorizationDecision.ALLOW;
             }
-            if (voters && (voters === null || voters === void 0 ? void 0 : voters.length) > 0) {
-                const voterRs = yield Promise.all(voters === null || voters === void 0 ? void 0 : voters.map(el => {
-                    switch (typeof el) {
-                        case 'function': {
-                            return el === null || el === void 0 ? void 0 : el(context, metadata);
-                        }
-                        default: {
-                            throw (0, utilities_1.getError)({
-                                message: '[authorize][voter] voter implementation must be function type!',
-                            });
-                        }
-                    }
-                }));
-                const voterSet = new Set(voterRs);
-                if (voterSet.size === 1 && voterSet.has(authorization_1.AuthorizationDecision.ALLOW)) {
-                    return authorization_1.AuthorizationDecision.ALLOW;
-                }
-                if (voterSet.has(authorization_1.AuthorizationDecision.DENY)) {
-                    return authorization_1.AuthorizationDecision.DENY;
-                }
+            if (voterSet.has(authorization_1.AuthorizationDecision.DENY)) {
+                return authorization_1.AuthorizationDecision.DENY;
             }
-            // Authorize by role and user permissions
-            const isAuthorized = yield this.authorizePermission(userId, requestResource, scopes);
-            const rs = isAuthorized ? authorization_1.AuthorizationDecision.ALLOW : authorization_1.AuthorizationDecision.DENY;
-            this.logger.debug('[authorize] Authorizing... | Resource: %s | allowedRoles: %j | scopes: %j | Took: %d(ms)', requestResource, allowedRoles, scopes, new Date().getTime() - t);
-            return rs;
-        });
+        }
+        const isAuthorized = await this.authorizePermission(userId, requestResource, scopes);
+        const rs = isAuthorized ? authorization_1.AuthorizationDecision.ALLOW : authorization_1.AuthorizationDecision.DENY;
+        this.logger.debug('[authorize] Authorizing... | Resource: %s | allowedRoles: %j | scopes: %j | Took: %d(ms)', requestResource, allowedRoles, scopes, new Date().getTime() - t);
+        return rs;
     }
 };
 exports.AuthorizeProvider = AuthorizeProvider;
@@ -154,4 +139,3 @@ exports.AuthorizeProvider = AuthorizeProvider = AuthorizeProvider_1 = __decorate
     __param(2, (0, core_1.inject)(common_1.AuthorizerKeys.NORMALIZE_PAYLOAD_FN)),
     __metadata("design:paramtypes", [services_1.EnforcerService, Array, Function])
 ], AuthorizeProvider);
-//# sourceMappingURL=provider.js.map

package/dist/components/authorize/repositories/authorize.repository.js CHANGED Viewed

@@ -24,7 +24,6 @@ const repository_1 = require("@loopback/repository");
 const models_1 = require("../models");
 const isEmpty_1 = __importDefault(require("lodash/isEmpty"));
 const DS_AUTHORIZE = process.env.APP_ENV_APPLICATION_DS_AUTHORIZE;
-// ----------------------------------------------------------------------------
 class AbstractAuthorizeRepository extends repositories_1.TzCrudRepository {
     constructor(entityClass, dataSource) {
         if (!DS_AUTHORIZE || (0, isEmpty_1.default)(DS_AUTHORIZE)) {
@@ -37,8 +36,10 @@ class AbstractAuthorizeRepository extends repositories_1.TzCrudRepository {
     }
 }
 exports.AbstractAuthorizeRepository = AbstractAuthorizeRepository;
-// ----------------------------------------------------------------------------
 let RoleRepository = class RoleRepository extends AbstractAuthorizeRepository {
+    permissionRepositoryGetter;
+    permissionMappingRepositoryGetter;
+    permissions;
     constructor(dataSource, permissionRepositoryGetter, permissionMappingRepositoryGetter) {
         super(models_1.Role, dataSource);
         this.permissionRepositoryGetter = permissionRepositoryGetter;
@@ -55,7 +56,6 @@ exports.RoleRepository = RoleRepository = __decorate([
     __param(2, repository_1.repository.getter('PermissionMappingRepository')),
     __metadata("design:paramtypes", [datasources_1.BaseDataSource, Function, Function])
 ], RoleRepository);
-// ----------------------------------------------------------------------------
 let PermissionRepository = class PermissionRepository extends AbstractAuthorizeRepository {
     constructor(dataSource) {
         super(models_1.Permission, dataSource);
@@ -67,7 +67,6 @@ exports.PermissionRepository = PermissionRepository = __decorate([
     __param(0, (0, core_1.inject)(`datasources.${DS_AUTHORIZE}`)),
     __metadata("design:paramtypes", [datasources_1.BaseDataSource])
 ], PermissionRepository);
-// ----------------------------------------------------------------------------
 let PermissionMappingRepository = class PermissionMappingRepository extends AbstractAuthorizeRepository {
     constructor(dataSource) {
         super(models_1.PermissionMapping, dataSource);
@@ -79,7 +78,6 @@ exports.PermissionMappingRepository = PermissionMappingRepository = __decorate([
     __param(0, (0, core_1.inject)(`datasources.${DS_AUTHORIZE}`)),
     __metadata("design:paramtypes", [datasources_1.BaseDataSource])
 ], PermissionMappingRepository);
-// ----------------------------------------------------------------------------
 let UserRoleRepository = class UserRoleRepository extends AbstractAuthorizeRepository {
     constructor(dataSource) {
         super(models_1.UserRole, dataSource);
@@ -91,7 +89,6 @@ exports.UserRoleRepository = UserRoleRepository = __decorate([
     __param(0, (0, core_1.inject)(`datasources.${DS_AUTHORIZE}`)),
     __metadata("design:paramtypes", [datasources_1.BaseDataSource])
 ], UserRoleRepository);
-// ----------------------------------------------------------------------------
 let ViewAuthorizePolicyRepository = class ViewAuthorizePolicyRepository extends repositories_1.ViewRepository {
     constructor(dataSource) {
         super(models_1.ViewAuthorizePolicy, dataSource);
@@ -102,4 +99,3 @@ exports.ViewAuthorizePolicyRepository = ViewAuthorizePolicyRepository = __decora
     __param(0, (0, core_1.inject)(`datasources.${DS_AUTHORIZE}`)),
     __metadata("design:paramtypes", [datasources_1.BaseDataSource])
 ], ViewAuthorizePolicyRepository);
-//# sourceMappingURL=authorize.repository.js.map

package/dist/components/authorize/repositories/index.js CHANGED Viewed

@@ -15,4 +15,3 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./authorize.repository"), exports);
-//# sourceMappingURL=index.js.map

package/dist/components/authorize/services/enforcer.service.js CHANGED Viewed

@@ -11,15 +11,6 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -36,6 +27,10 @@ const node_fs_1 = __importDefault(require("node:fs"));
 const adapters_1 = require("../adapters");
 const common_1 = require("../common");
 let EnforcerService = EnforcerService_1 = class EnforcerService {
+    options;
+    dataSource;
+    logger;
+    enforcer;
     constructor(options, dataSource) {
         this.options = options;
         this.dataSource = dataSource;
@@ -63,30 +58,28 @@ let EnforcerService = EnforcerService_1 = class EnforcerService {
             });
         }
         this.logger.info('[getEnforcer] Creating new Enforcer with configure path: %s | dataSource: %s', confPath, this.dataSource.name);
-        const casbinAdapter = adapter !== null && adapter !== void 0 ? adapter : adapters_1.CasbinAdapterBuilder.getInstance().build({
-            type: adapterType,
-            dataSource: this.dataSource,
-        });
+        const casbinAdapter = adapter ??
+            adapters_1.CasbinAdapterBuilder.getInstance().build({
+                type: adapterType,
+                dataSource: this.dataSource,
+            });
         if (useCache) {
             return (0, casbin_1.newCachedEnforcer)(confPath, casbinAdapter);
         }
         this.logger.debug('[getEnforcer] Created new enforcer | Configure path: %s', confPath);
         return (0, casbin_1.newEnforcer)(confPath, casbinAdapter);
     }
-    // -----------------------------------------------------------------------------------------
-    getTypeEnforcer(id) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const enforcer = yield this.getEnforcer();
-            if (!enforcer) {
-                return null;
-            }
-            const filterValue = {
-                principalType: 'User',
-                principalValue: id,
-            };
-            yield enforcer.loadFilteredPolicy(filterValue);
-            return enforcer;
-        });
+    async getTypeEnforcer(id) {
+        const enforcer = await this.getEnforcer();
+        if (!enforcer) {
+            return null;
+        }
+        const filterValue = {
+            principalType: 'User',
+            principalValue: id,
+        };
+        await enforcer.loadFilteredPolicy(filterValue);
+        return enforcer;
     }
 };
 exports.EnforcerService = EnforcerService;
@@ -96,4 +89,3 @@ exports.EnforcerService = EnforcerService = EnforcerService_1 = __decorate([
     __param(1, (0, core_1.inject)(common_1.AuthorizerKeys.AUTHORIZE_DATASOURCE)),
     __metadata("design:paramtypes", [Object, datasources_1.BaseDataSource])
 ], EnforcerService);
-//# sourceMappingURL=enforcer.service.js.map

package/dist/components/authorize/services/generator.service.d.ts CHANGED Viewed

@@ -43,29 +43,9 @@ export declare class GeneratePermissionService {
         permissionRepository: PermissionRepository;
         controllers: Array<Constructor<IController>>;
     }): Promise<void>;
-    /**
-     * Obtain all permission codes for a controller
-     *
-     * @returns {string[]} List of permission codes
-     */
     getPermissionCodes(opts: {
         controllers: Array<Constructor<IController>>;
     }): string[];
-    /**
-     * Write all permission codes for a list of controllers to a file
-     *
-     * @param outputPath - Path to write
-     *
-     * @example
-     * const generatePermissionService = new GeneratePermissionService();
-     *
-     * generatePermissionService.getPermissionCodesAndWriteToFile({
-     *    controllers: [XboxController, PSController, NintendoController],
-     *    outputPath: './src/migrations/',
-     *    fileName: 'permissionCodes',
-     *    fileType: 'ts',
-     * });
-     */
     getPermissionCodesAndWriteToFile(opts: {
         controllers: Array<Constructor<IController>>;
         outputPath?: string;