@mondaydotcomorg/monday-authorization 0.0.0-featidanlepublish-snapshot.ede6904

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/LICENSE.md +29 -0
  2. package/README.md +82 -0
  3. package/package.json +34 -0
package/LICENSE.md ADDED
@@ -0,0 +1,29 @@
1
+ BSD 3-Clause License
2
+
3
+ Copyright (c) 2020, monday.com
4
+ All rights reserved.
5
+
6
+ Redistribution and use in source and binary forms, with or without
7
+ modification, are permitted provided that the following conditions are met:
8
+
9
+ 1. Redistributions of source code must retain the above copyright notice, this
10
+ list of conditions and the following disclaimer.
11
+
12
+ 2. Redistributions in binary form must reproduce the above copyright notice,
13
+ this list of conditions and the following disclaimer in the documentation
14
+ and/or other materials provided with the distribution.
15
+
16
+ 3. Neither the name of the copyright holder nor the names of its
17
+ contributors may be used to endorse or promote products derived from
18
+ this software without specific prior written permission.
19
+
20
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package/README.md ADDED
@@ -0,0 +1,82 @@
1
+ # Monday Authorization
2
+
3
+ Use it to authorize your microservice's endpoints through the monolith.
4
+ For example, in your microservice you want to know if a user can access a post.
5
+ The middleware will execute an http call to the monolith, that will do the authorization:
6
+
7
+ ```
8
+ user.can?(:show, post)
9
+ ```
10
+
11
+ show is the action, post is the resource.
12
+
13
+ ## Install
14
+
15
+ ```
16
+ yarn add @mondaydotcomorg/monday-authorization
17
+ ```
18
+
19
+ ## Usage
20
+
21
+ First init the package in order for it to work properly
22
+
23
+ app.ts:
24
+
25
+ ```ts
26
+ import { startServer, getPrometheus } from '@mondaydotcomorg/monday-server-runner';
27
+ import * as MondayAuthorization from '@mondaydotcomorg/monday-authorization';
28
+
29
+ ...
30
+
31
+ MondayAuthorization.init({ prometheus: getPrometheus() });
32
+ startServer(...)
33
+ ```
34
+
35
+ Then add this code to any route declaration:
36
+
37
+ ```ts
38
+ import { Router } from 'express';
39
+ import {
40
+ getAuthorizationMiddleware,
41
+ skipAuthorizationMiddleware,
42
+ authorizationCheckMiddleware,
43
+ } from '@mondaydotcomorg/monday-authorization';
44
+ import { like } from 'src/controllers/likes/likes-controller';
45
+
46
+ const action = 'like';
47
+ const resourceGetter = request => {
48
+ return [
49
+ {
50
+ id: request.params.postId,
51
+ type: 'post',
52
+ wrapper_data: { item_id: 431234 }, //optional
53
+ },
54
+ ];
55
+ };
56
+ router = Router();
57
+ router.use(authorizationCheckMiddleware);
58
+ router.post('/posts/:postId/like', getAuthorizationMiddleware(action, resourceGetter), like);
59
+ router.get('/internal/some_unauthorized_endpoint', skipAuthorizationMiddleware, handler);
60
+ ```
61
+
62
+ `resourceGetter` is a function that gets the request and return an array of resources.
63
+ `wrapper_data` is additional data to create a wrapper model in the monolith. It is optional.
64
+ In this example the monolith can instantiate a wrapper of post instead of the post itself.
65
+ The item_id is all that needed for the authorization of posts.
66
+
67
+ `accountId` and `userId` are needed for the authorization and are taken from the authentication middelware
68
+ by default. If you're not using the authentication middleware, you will have to provide a contextGetter
69
+ function, that looks like this:
70
+
71
+ ```ts
72
+ (request) => {
73
+ return ({
74
+ accountId: ...,
75
+ userId: ...
76
+ })
77
+ }
78
+ ```
79
+
80
+ Add `authorizationCheckMiddleware` to make sure that all routes are covered by authorization check. Put this
81
+ middleware before you define the routes.
82
+ If you want to skip authorization, use `skipAuthorizationMiddleware`.
package/package.json ADDED
@@ -0,0 +1,34 @@
1
+ {
2
+ "name": "@mondaydotcomorg/monday-authorization",
3
+ "version": "0.0.0-featidanlepublish-snapshot.ede6904",
4
+ "main": "dist/index.js",
5
+ "types": "dist/index.d.ts",
6
+ "license": "BSD-3-Clause",
7
+ "scripts": {
8
+ "test": "mocha -r ts-node/register -r tsconfig-paths/register './tests/*.test.ts' --timeout 5000 --exit",
9
+ "build": "tsc --build"
10
+ },
11
+ "dependencies": {
12
+ "@mondaydotcomorg/monday-fetch": "^0.0.0-featidanlepublish-snapshot.ede6904",
13
+ "@mondaydotcomorg/monday-jwt": "^2.0.4",
14
+ "@mondaydotcomorg/monday-logger": "^0.0.0-featidanlepublish-snapshot.ede6904",
15
+ "@types/express": "^4.17.12",
16
+ "node-fetch": "^2.6.1",
17
+ "ts-node": "^10.0.0"
18
+ },
19
+ "devDependencies": {
20
+ "@types/mocha": "^8.2.2",
21
+ "@types/on-headers": "^1.0.0",
22
+ "@types/supertest": "^2.0.11",
23
+ "express": "^4.17.1",
24
+ "mocha": "^9.0.1",
25
+ "on-headers": "^1.0.2",
26
+ "supertest": "^6.1.3",
27
+ "tsconfig-paths": "^3.9.0",
28
+ "typescript": "^4.3.4"
29
+ },
30
+ "files": [
31
+ "dist/"
32
+ ],
33
+ "gitHead": "ede6904ed02e87af9782c73d2a21ca95c7e7eafb"
34
+ }