npm - @minimaltech/node-infra - Versions diffs - 0.5.9-2 → 0.5.9-21 - Mend

@minimaltech/node-infra 0.5.9-2 → 0.5.9-21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (582) hide show

package/dist/components/authenticate/services/oauth2.service.js CHANGED Viewed

@@ -11,15 +11,6 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 var __param = (this && this.__param) || function (paramIndex, decorator) {
     return function (target, key) { decorator(target, key, paramIndex); }
 };
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var OAuth2Service_1;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OAuth2Service = void 0;
@@ -34,20 +25,21 @@ const common_2 = require("../common");
 const oauth2_handlers_1 = require("../oauth2-handlers");
 const repositories_1 = require("../repositories");
 let OAuth2Service = OAuth2Service_1 = class OAuth2Service extends services_1.BaseService {
+    application;
+    handler;
+    oauth2ClientRepository;
+    aes = helpers_1.AES.withAlgorithm('aes-256-cbc');
     constructor(application, handler, oauth2ClientRepository) {
         super({ scope: OAuth2Service_1.name });
         this.application = application;
         this.handler = handler;
         this.oauth2ClientRepository = oauth2ClientRepository;
-        this.aes = helpers_1.AES.withAlgorithm('aes-256-cbc');
     }
-    // --------------------------------------------------------------------------------
     encryptClientToken(opts) {
         const { clientId, clientSecret } = opts;
         const applicationSecret = helpers_1.applicationEnvironment.get(common_1.EnvironmentKeys.APP_ENV_APPLICATION_SECRET);
         return this.aes.encrypt([clientId, clientSecret].join('_'), applicationSecret);
     }
-    // --------------------------------------------------------------------------------
     decryptClientToken(opts) {
         const { token } = opts;
         const applicationSecret = helpers_1.applicationEnvironment.get(common_1.EnvironmentKeys.APP_ENV_APPLICATION_SECRET);
@@ -60,25 +52,23 @@ let OAuth2Service = OAuth2Service_1 = class OAuth2Service extends services_1.Bas
         }
         return { clientId, clientSecret };
     }
-    // --------------------------------------------------------------------------------
     getOAuth2RequestPath(opts) {
         const { clientId, clientSecret, redirectUrl } = opts;
         return new Promise((resolve, reject) => {
             this.oauth2ClientRepository
-                .findOne({ where: Object.assign({}, opts), fields: ['id', 'endpoints'] })
+                .findOne({ where: { ...opts }, fields: ['id', 'endpoints'] })
                 .then(client => {
-                var _a, _b, _c;
                 if (!client) {
                     throw (0, utilities_1.getError)({
                         message: `[getOAuth2RequestPath] Client not found!`,
                     });
                 }
-                if (!((_b = (_a = client === null || client === void 0 ? void 0 : client.endpoints) === null || _a === void 0 ? void 0 : _a.redirectUrls) === null || _b === void 0 ? void 0 : _b.includes(redirectUrl))) {
+                if (!client?.endpoints?.redirectUrls?.includes(redirectUrl)) {
                     throw (0, utilities_1.getError)({
                         message: `[getOAuth2RequestPath] Invalid redirectUrl!`,
                     });
                 }
-                const basePath = (_c = helpers_1.applicationEnvironment.get(common_1.EnvironmentKeys.APP_ENV_SERVER_BASE_PATH)) !== null && _c !== void 0 ? _c : '';
+                const basePath = helpers_1.applicationEnvironment.get(common_1.EnvironmentKeys.APP_ENV_SERVER_BASE_PATH) ?? '';
                 const applicationSecret = helpers_1.applicationEnvironment.get(common_1.EnvironmentKeys.APP_ENV_APPLICATION_SECRET);
                 if (!applicationSecret) {
                     throw (0, utilities_1.getError)({
@@ -98,108 +88,106 @@ let OAuth2Service = OAuth2Service_1 = class OAuth2Service extends services_1.Bas
                 .catch(reject);
         });
     }
-    // --------------------------------------------------------------------------------
     generateToken(opts) {
-        var _a, _b, _c;
         const { request, response } = opts;
-        return this.handler.token(new oauth2_server_1.Request(Object.assign(Object.assign({}, request), { headers: (_a = request.headers) !== null && _a !== void 0 ? _a : {}, method: (_b = request.method) !== null && _b !== void 0 ? _b : 'get', query: (_c = request.query) !== null && _c !== void 0 ? _c : {} })), new oauth2_server_1.Response(response));
+        return this.handler.token(new oauth2_server_1.Request({
+            ...request,
+            headers: request.headers ?? {},
+            method: request.method ?? 'get',
+            query: request.query ?? {},
+        }), new oauth2_server_1.Response(response));
     }
-    // --------------------------------------------------------------------------------
     authorize(opts) {
-        var _a, _b, _c;
         const { request, response } = opts;
-        return this.handler.authorize(new oauth2_server_1.Request(Object.assign(Object.assign({}, request), { headers: (_a = request.headers) !== null && _a !== void 0 ? _a : {}, method: (_b = request.method) !== null && _b !== void 0 ? _b : 'get', query: (_c = request.query) !== null && _c !== void 0 ? _c : {} })), new oauth2_server_1.Response(response));
+        return this.handler.authorize(new oauth2_server_1.Request({
+            ...request,
+            headers: request.headers ?? {},
+            method: request.method ?? 'get',
+            query: request.query ?? {},
+        }), new oauth2_server_1.Response(response));
     }
-    // --------------------------------------------------------------------------------
-    doOAuth2(opts) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            const { context, authServiceKey, signInRequest, redirectUrl } = opts;
-            const authService = this.application.getSync(authServiceKey);
-            const signInRs = yield authService.signIn(signInRequest);
-            const tokenValue = (_a = signInRs === null || signInRs === void 0 ? void 0 : signInRs.token) === null || _a === void 0 ? void 0 : _a.value;
-            if (!tokenValue) {
-                throw (0, utilities_1.getError)({ message: `[auth] Failed to get token value!` });
-            }
-            const authorizationCodeRequest = new oauth2_server_1.Request(context.request);
-            authorizationCodeRequest.body = {
-                client_id: signInRequest.clientId, // eslint-disable-line @typescript-eslint/naming-convention
-                response_type: 'code', // eslint-disable-line @typescript-eslint/naming-convention
-                grant_type: 'authorization_code', // eslint-disable-line @typescript-eslint/naming-convention
-                scope: 'profile',
-                access_token: tokenValue, // eslint-disable-line @typescript-eslint/naming-convention
-                redirect_uri: redirectUrl, // eslint-disable-line @typescript-eslint/naming-convention
-            };
-            const authorizationCodeRs = yield this.authorize({
-                request: authorizationCodeRequest,
-                response: new oauth2_server_1.Response(context.response),
-            });
-            const client = yield this.oauth2ClientRepository.findOne({
-                where: { clientId: signInRequest.clientId },
-                fields: ['id', 'clientId', 'clientSecret'],
-            });
-            if (!client) {
-                throw (0, utilities_1.getError)({ message: `[auth] Invalid client to create auth request!` });
-            }
-            const oauth2TokenRequest = new oauth2_server_1.Request(context.request);
-            oauth2TokenRequest.body = {
-                client_id: client.clientId, // eslint-disable-line @typescript-eslint/naming-convention
-                client_secret: client.clientSecret, // eslint-disable-line @typescript-eslint/naming-convention
-                code: authorizationCodeRs.authorizationCode,
-                grant_type: 'authorization_code', // eslint-disable-line @typescript-eslint/naming-convention
-            };
-            if (redirectUrl) {
-                oauth2TokenRequest.body.redirect_uri = redirectUrl;
-            }
-            const oauth2TokenRs = yield this.generateToken({
-                request: oauth2TokenRequest,
-                response: new oauth2_server_1.Response(context.response),
-            });
-            return {
-                redirectUrl: authorizationCodeRs.redirectUri,
-                oauth2TokenRs,
-            };
+    async doOAuth2(opts) {
+        const { context, authServiceKey, signInRequest, redirectUrl } = opts;
+        const authService = this.application.getSync(authServiceKey);
+        const signInRs = await authService.signIn(signInRequest);
+        const tokenValue = signInRs?.token?.value;
+        if (!tokenValue) {
+            throw (0, utilities_1.getError)({ message: `[auth] Failed to get token value!` });
+        }
+        const authorizationCodeRequest = new oauth2_server_1.Request(context.request);
+        authorizationCodeRequest.body = {
+            client_id: signInRequest.clientId,
+            response_type: 'code',
+            grant_type: 'authorization_code',
+            scope: 'profile',
+            access_token: tokenValue,
+            redirect_uri: redirectUrl,
+        };
+        const authorizationCodeRs = await this.authorize({
+            request: authorizationCodeRequest,
+            response: new oauth2_server_1.Response(context.response),
+        });
+        const client = await this.oauth2ClientRepository.findOne({
+            where: { clientId: signInRequest.clientId },
+            fields: ['id', 'clientId', 'clientSecret'],
+        });
+        if (!client) {
+            throw (0, utilities_1.getError)({ message: `[auth] Invalid client to create auth request!` });
+        }
+        const oauth2TokenRequest = new oauth2_server_1.Request(context.request);
+        oauth2TokenRequest.body = {
+            client_id: client.clientId,
+            client_secret: client.clientSecret,
+            code: authorizationCodeRs.authorizationCode,
+            grant_type: 'authorization_code',
+        };
+        if (redirectUrl) {
+            oauth2TokenRequest.body.redirect_uri = redirectUrl;
+        }
+        const oauth2TokenRs = await this.generateToken({
+            request: oauth2TokenRequest,
+            response: new oauth2_server_1.Response(context.response),
         });
+        return {
+            redirectUrl: authorizationCodeRs.redirectUri,
+            oauth2TokenRs,
+        };
     }
-    // --------------------------------------------------------------------------------
-    doClientCallback(opts) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            const { c, accessToken, authorizationCode, accessTokenExpiresAt, client, user } = opts.oauth2Token;
-            if (!client) {
-                this.logger.error('[doClientCallback] Invalid client | Client: %j', client);
-                return;
-            }
-            const callbackUrls = (_a = client === null || client === void 0 ? void 0 : client.callbackUrls) !== null && _a !== void 0 ? _a : [];
-            if (!callbackUrls.length) {
-                this.logger.error('[doClientCallback] No client callbackUrls');
-                return;
-            }
-            const payload = {
-                c,
-                accessToken,
-                authorizationCode,
-                accessTokenExpiresAt,
-                user,
-            };
-            yield Promise.all(callbackUrls.map(callbackUrl => {
-                return new Promise((resolve, reject) => {
-                    fetch(callbackUrl, {
-                        method: 'POST',
-                        body: JSON.stringify(payload),
-                        headers: { ['content-type']: 'application/x-www-form-urlencoded' },
-                    })
-                        .then(rs => {
-                        this.logger.info('[doClientCallback] Successfull to callback | Url: %s', callbackUrl);
-                        resolve(rs);
-                    })
-                        .catch(error => {
-                        this.logger.error('[doClientCallback] Failed to callback | Url: %s | Error: %s', callbackUrl, error);
-                        reject(error);
-                    });
+    async doClientCallback(opts) {
+        const { c, accessToken, authorizationCode, accessTokenExpiresAt, client, user } = opts.oauth2Token;
+        if (!client) {
+            this.logger.error('[doClientCallback] Invalid client | Client: %j', client);
+            return;
+        }
+        const callbackUrls = client?.callbackUrls ?? [];
+        if (!callbackUrls.length) {
+            this.logger.error('[doClientCallback] No client callbackUrls');
+            return;
+        }
+        const payload = {
+            c,
+            accessToken,
+            authorizationCode,
+            accessTokenExpiresAt,
+            user,
+        };
+        await Promise.all(callbackUrls.map(callbackUrl => {
+            return new Promise((resolve, reject) => {
+                fetch(callbackUrl, {
+                    method: 'POST',
+                    body: JSON.stringify(payload),
+                    headers: { ['content-type']: 'application/x-www-form-urlencoded' },
+                })
+                    .then(rs => {
+                    this.logger.info('[doClientCallback] Successfull to callback | Url: %s', callbackUrl);
+                    resolve(rs);
+                })
+                    .catch(error => {
+                    this.logger.error('[doClientCallback] Failed to callback | Url: %s | Error: %s', callbackUrl, error);
+                    reject(error);
                 });
-            }));
-        });
+            });
+        }));
     }
 };
 exports.OAuth2Service = OAuth2Service;
@@ -211,4 +199,3 @@ exports.OAuth2Service = OAuth2Service = OAuth2Service_1 = __decorate([
         oauth2_handlers_1.OAuth2Handler,
         repositories_1.OAuth2ClientRepository])
 ], OAuth2Service);
-//# sourceMappingURL=oauth2.service.js.map

package/dist/components/authenticate/services/oauth2.strategy.js CHANGED Viewed

@@ -1,13 +1,4 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -21,53 +12,49 @@ const security_1 = require("@loopback/security");
 const isEmpty_1 = __importDefault(require("lodash/isEmpty"));
 const defineOAuth2Strategy = (opts) => {
     class Strategy {
+        name = opts.name;
+        authProvider;
+        authPath;
         constructor() {
-            var _a;
-            this.name = opts.name;
             const baseUrl = opts.baseURL;
             if (!baseUrl || (0, isEmpty_1.default)(baseUrl)) {
                 throw (0, utilities_1.getError)({
                     message: `[RemoteAuthenticationStrategy][DANGER] INVALID baseURL | Missing env: APP_ENV_REMOTE_AUTH_SERVER_URL`,
                 });
             }
-            this.authPath = (_a = opts.authPath) !== null && _a !== void 0 ? _a : '/auth/who-am-i';
+            this.authPath = opts.authPath ?? '/auth/who-am-i';
             this.authProvider = new network_1.AxiosNetworkRequest({
                 name: `${Strategy.name}_${opts.name}`,
                 networkOptions: { baseUrl },
             });
         }
-        authenticate(request) {
-            return __awaiter(this, void 0, void 0, function* () {
-                var _a, _b, _c;
-                const networkService = this.authProvider.getNetworkService();
-                if (!request.headers['authorization']) {
-                    throw (0, utilities_1.getError)({
-                        statusCode: common_1.ResultCodes.RS_4.Unauthorized,
-                        message: 'No authorization token',
-                    });
-                }
-                const rs = yield networkService.send({
-                    url: this.authProvider.getRequestUrl({ paths: [this.authPath] }),
-                    headers: { Authorization: request.headers['authorization'] },
+        async authenticate(request) {
+            const networkService = this.authProvider.getNetworkService();
+            if (!request.headers['authorization']) {
+                throw (0, utilities_1.getError)({
+                    statusCode: common_1.ResultCodes.RS_4.Unauthorized,
+                    message: 'No authorization token',
                 });
-                if ((_a = rs === null || rs === void 0 ? void 0 : rs.data) === null || _a === void 0 ? void 0 : _a.error) {
-                    throw (0, utilities_1.getError)(rs.data.error);
-                }
-                return Object.assign(Object.assign({}, rs === null || rs === void 0 ? void 0 : rs.data), { [security_1.securityId]: (_c = (_b = rs === null || rs === void 0 ? void 0 : rs.data) === null || _b === void 0 ? void 0 : _b.userId) === null || _c === void 0 ? void 0 : _c.toString() });
+            }
+            const rs = await networkService.send({
+                url: this.authProvider.getRequestUrl({ paths: [this.authPath] }),
+                headers: { Authorization: request.headers['authorization'] },
             });
+            if (rs?.data?.error) {
+                throw (0, utilities_1.getError)(rs.data.error);
+            }
+            return { ...rs?.data, [security_1.securityId]: rs?.data?.userId?.toString() };
         }
     }
     return Strategy;
 };
 exports.defineOAuth2Strategy = defineOAuth2Strategy;
 const registerOAuth2Strategy = (context, options) => {
-    var _a;
     const remoteOAuth2Strategy = (0, exports.defineOAuth2Strategy)({
         name: options.strategyName,
         baseURL: options.authenticateUrl,
-        authPath: (_a = options.authenticatePath) !== null && _a !== void 0 ? _a : '/auth/who-am-i',
+        authPath: options.authenticatePath ?? '/auth/who-am-i',
     });
     (0, authentication_1.registerAuthenticationStrategy)(context, remoteOAuth2Strategy);
 };
 exports.registerOAuth2Strategy = registerOAuth2Strategy;
-//# sourceMappingURL=oauth2.strategy.js.map

package/dist/components/authorize/adapters/adapter-builder.js CHANGED Viewed

@@ -6,6 +6,7 @@ const common_1 = require("../common");
 const casbin_postgres_adapter_helper_1 = require("./casbin-postgres-adapter.helper");
 const casbin_redis_adapter_helper_1 = require("./casbin-redis-adapter.helper");
 class CasbinAdapterBuilder {
+    static instance;
     constructor() { }
     static getInstance() {
         if (!this.instance) {
@@ -31,4 +32,3 @@ class CasbinAdapterBuilder {
     }
 }
 exports.CasbinAdapterBuilder = CasbinAdapterBuilder;
-//# sourceMappingURL=adapter-builder.js.map

package/dist/components/authorize/adapters/base.adapter.js CHANGED Viewed

@@ -3,29 +3,26 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AbstractCasbinAdapter = void 0;
 const helpers_1 = require("../../../helpers");
 const common_1 = require("../common");
-// -----------------------------------------------------------------------------------------
 class AbstractCasbinAdapter {
+    logger;
+    datasource;
     constructor(opts) {
         const { scope, datasource } = opts;
         this.logger = helpers_1.LoggerFactory.getLogger([scope]);
         this.datasource = datasource;
     }
-    // -----------------------------------------------------------------------------------------
     isFiltered() {
         return true;
     }
-    // -----------------------------------------------------------------------------------------
     loadPolicy(_) {
         return Promise.resolve();
     }
-    // -----------------------------------------------------------------------------------------
     savePolicy(model) {
         this.logger.info('[savePolicy] Ignore save policy method with options: ', {
             model,
         });
         return Promise.resolve(true);
     }
-    // -----------------------------------------------------------------------------------------
     addPolicy(sec, ptype, rule) {
         this.logger.info('[addPolicy] Ignore add policy method with options: ', {
             sec,
@@ -34,7 +31,6 @@ class AbstractCasbinAdapter {
         });
         return Promise.resolve();
     }
-    // -----------------------------------------------------------------------------------------
     removePolicy(sec, ptype, rule) {
         this.logger.info('[removePolicy] Ignore remove policy method with options: ', {
             sec,
@@ -43,15 +39,12 @@ class AbstractCasbinAdapter {
         });
         return Promise.resolve();
     }
-    // -----------------------------------------------------------------------------------------
     removeFilteredPolicy(sec, ptype, fieldIndex, ...fieldValues) {
         switch (ptype) {
             case common_1.EnforcerDefinitions.PREFIX_USER: {
-                // Remove user policy
                 break;
             }
             case common_1.EnforcerDefinitions.PREFIX_ROLE: {
-                // Remove role policy
                 break;
             }
             default: {
@@ -68,4 +61,3 @@ class AbstractCasbinAdapter {
     }
 }
 exports.AbstractCasbinAdapter = AbstractCasbinAdapter;
-//# sourceMappingURL=base.adapter.js.map

package/dist/components/authorize/adapters/casbin-postgres-adapter.helper.js CHANGED Viewed

@@ -1,13 +1,4 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -20,12 +11,10 @@ const get_1 = __importDefault(require("lodash/get"));
 const isEmpty_1 = __importDefault(require("lodash/isEmpty"));
 const common_1 = require("../common");
 const base_adapter_1 = require("./base.adapter");
-// -----------------------------------------------------------------------------------------
 class CasbinPostgresAdapter extends base_adapter_1.AbstractCasbinAdapter {
     constructor(datasource) {
         super({ scope: CasbinPostgresAdapter.name, datasource });
     }
-    // -----------------------------------------------------------------------------------------
     generateGroupLine(rule) {
         const { userId, roleId } = rule;
         const rs = [
@@ -35,53 +24,45 @@ class CasbinPostgresAdapter extends base_adapter_1.AbstractCasbinAdapter {
         ];
         return rs.join(',');
     }
-    // -----------------------------------------------------------------------------------------
-    loadFilteredPolicy(model, filter) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a, _b;
-            if (((_a = filter === null || filter === void 0 ? void 0 : filter.principalType) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === 'role') {
-                throw (0, utilities_1.getError)({
-                    statusCode: 500,
-                    message: '[loadFilteredPolicy] Only "User" is allowed for filter principal type!',
-                });
-            }
-            const aclQueries = [
-                this.datasource.execute(`SELECT * FROM public."ViewAuthorizePolicy" WHERE subject=$1`, [
-                    `user_${filter.principalValue}`,
-                ]),
-            ];
-            // Load role permission policies
-            const userRoles = yield this.datasource.execute(`SELECT * FROM public."UserRole" WHERE user_id=$1`, [filter.principalValue]);
-            for (const userRole of userRoles) {
-                const execution = this.datasource.execute(`SELECT * FROM public."ViewAuthorizePolicy" WHERE subject=$1`, [`role_${userRole.principal_id}`]);
-                aclQueries.push(execution);
-            }
-            // Load policy lines
-            const policyRs = (0, flatten_1.default)(yield Promise.all(aclQueries));
-            this.logger.debug('[loadFilteredPolicy] policyRs: %j | filter: %j', policyRs, filter);
-            for (const el of policyRs) {
-                if (!el) {
-                    continue;
-                }
-                (_b = el.policies) === null || _b === void 0 ? void 0 : _b.forEach((policyLine) => {
-                    casbin_1.Helper.loadPolicyLine(policyLine, model);
-                    this.logger.debug('[loadFilteredPolicy] Load policy: %s', policyLine);
-                });
+    async loadFilteredPolicy(model, filter) {
+        if (filter?.principalType?.toLowerCase() === 'role') {
+            throw (0, utilities_1.getError)({
+                statusCode: 500,
+                message: '[loadFilteredPolicy] Only "User" is allowed for filter principal type!',
+            });
+        }
+        const aclQueries = [
+            this.datasource.execute(`SELECT * FROM public."ViewAuthorizePolicy" WHERE subject=$1`, [
+                `user_${filter.principalValue}`,
+            ]),
+        ];
+        const userRoles = await this.datasource.execute(`SELECT * FROM public."UserRole" WHERE user_id=$1`, [filter.principalValue]);
+        for (const userRole of userRoles) {
+            const execution = this.datasource.execute(`SELECT * FROM public."ViewAuthorizePolicy" WHERE subject=$1`, [`role_${userRole.principal_id}`]);
+            aclQueries.push(execution);
+        }
+        const policyRs = (0, flatten_1.default)(await Promise.all(aclQueries));
+        this.logger.debug('[loadFilteredPolicy] policyRs: %j | filter: %j', policyRs, filter);
+        for (const el of policyRs) {
+            if (!el) {
+                continue;
             }
-            // Load group lines
-            for (const userRole of userRoles) {
-                const groupLine = this.generateGroupLine({
-                    userId: (0, get_1.default)(userRole, 'user_id'),
-                    roleId: (0, get_1.default)(userRole, 'principal_id'),
-                });
-                if (!groupLine || (0, isEmpty_1.default)(groupLine)) {
-                    continue;
-                }
-                casbin_1.Helper.loadPolicyLine(groupLine, model);
-                this.logger.debug('[loadFilteredPolicy] Load groupLine: %s', groupLine);
+            el.policies?.forEach((policyLine) => {
+                casbin_1.Helper.loadPolicyLine(policyLine, model);
+                this.logger.debug('[loadFilteredPolicy] Load policy: %s', policyLine);
+            });
+        }
+        for (const userRole of userRoles) {
+            const groupLine = this.generateGroupLine({
+                userId: (0, get_1.default)(userRole, 'user_id'),
+                roleId: (0, get_1.default)(userRole, 'principal_id'),
+            });
+            if (!groupLine || (0, isEmpty_1.default)(groupLine)) {
+                continue;
             }
-        });
+            casbin_1.Helper.loadPolicyLine(groupLine, model);
+            this.logger.debug('[loadFilteredPolicy] Load groupLine: %s', groupLine);
+        }
     }
 }
 exports.CasbinPostgresAdapter = CasbinPostgresAdapter;
-//# sourceMappingURL=casbin-postgres-adapter.helper.js.map

package/dist/components/authorize/adapters/casbin-redis-adapter.helper.js CHANGED Viewed

@@ -2,7 +2,6 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CasbinRedisAdapter = void 0;
 const base_adapter_1 = require("./base.adapter");
-// -----------------------------------------------------------------------------------------
 class CasbinRedisAdapter extends base_adapter_1.AbstractCasbinAdapter {
     constructor(datasource) {
         super({ scope: CasbinRedisAdapter.name, datasource });
@@ -12,4 +11,3 @@ class CasbinRedisAdapter extends base_adapter_1.AbstractCasbinAdapter {
     }
 }
 exports.CasbinRedisAdapter = CasbinRedisAdapter;
-//# sourceMappingURL=casbin-redis-adapter.helper.js.map

package/dist/components/authorize/adapters/index.js CHANGED Viewed

@@ -18,4 +18,3 @@ __exportStar(require("./adapter-builder"), exports);
 __exportStar(require("./base.adapter"), exports);
 __exportStar(require("./casbin-postgres-adapter.helper"), exports);
 __exportStar(require("./casbin-redis-adapter.helper"), exports);
-//# sourceMappingURL=index.js.map

package/dist/components/authorize/common/constants.js CHANGED Viewed

@@ -1,22 +1,19 @@
 "use strict";
-var _a;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.EnforcerDefinitions = exports.FixedUserRoles = void 0;
 class FixedUserRoles {
+    static SUPER_ADMIN = '999-super-admin';
+    static ADMIN = '998-admin';
+    static FULL_AUTHORIZE_ROLES = [this.SUPER_ADMIN, this.ADMIN];
 }
 exports.FixedUserRoles = FixedUserRoles;
-_a = FixedUserRoles;
-FixedUserRoles.SUPER_ADMIN = '999-super-admin';
-FixedUserRoles.ADMIN = '998-admin';
-FixedUserRoles.FULL_AUTHORIZE_ROLES = [_a.SUPER_ADMIN, _a.ADMIN];
 class EnforcerDefinitions {
+    static ACTION_EXECUTE = 'execute';
+    static ACTION_READ = 'read';
+    static ACTION_WRITE = 'write';
+    static PREFIX_USER = 'user';
+    static PREFIX_ROLE = 'role';
+    static PTYPE_POLICY = 'p';
+    static PTYPE_GROUP = 'g';
 }
 exports.EnforcerDefinitions = EnforcerDefinitions;
-EnforcerDefinitions.ACTION_EXECUTE = 'execute';
-EnforcerDefinitions.ACTION_READ = 'read';
-EnforcerDefinitions.ACTION_WRITE = 'write';
-EnforcerDefinitions.PREFIX_USER = 'user';
-EnforcerDefinitions.PREFIX_ROLE = 'role';
-EnforcerDefinitions.PTYPE_POLICY = 'p';
-EnforcerDefinitions.PTYPE_GROUP = 'g';
-//# sourceMappingURL=constants.js.map

package/dist/components/authorize/common/index.js CHANGED Viewed

@@ -17,4 +17,3 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./keys"), exports);
 __exportStar(require("./types"), exports);
 __exportStar(require("./constants"), exports);
-//# sourceMappingURL=index.js.map