@mondaydotcomorg/monday-authorization 1.0.10 → 1.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md
CHANGED
|
@@ -38,16 +38,16 @@ router.use(authorizationCheckMiddleware);
|
|
|
38
38
|
router.post('/posts/:postId/like', getAuthorizationMiddleware(action, resourceGetter),
|
|
39
39
|
like
|
|
40
40
|
);
|
|
41
|
-
router.get('/internal/some_unauthorized_endpoint', skipAuthorizationMiddleware);
|
|
41
|
+
router.get('/internal/some_unauthorized_endpoint', skipAuthorizationMiddleware, handler);
|
|
42
42
|
|
|
43
43
|
```
|
|
44
44
|
|
|
45
|
-
resourceGetter is a function that gets the request and return an array of resources.
|
|
46
|
-
wrapper_data is additional data to create a wrapper model in the monolith. It is optional.
|
|
45
|
+
`resourceGetter` is a function that gets the request and return an array of resources.
|
|
46
|
+
`wrapper_data` is additional data to create a wrapper model in the monolith. It is optional.
|
|
47
47
|
In this example the monolith can instantiate a wrapper of post instead of the post itself.
|
|
48
48
|
The item_id is all that needed for the authorization of posts.
|
|
49
49
|
|
|
50
|
-
accountId and userId are needed for the authorization and are taken from the authentication middelware
|
|
50
|
+
`accountId` and `userId` are needed for the authorization and are taken from the authentication middelware
|
|
51
51
|
by default. If you're not using the authentication middleware, you will have to provide a contextGetter
|
|
52
52
|
function, that looks like this:
|
|
53
53
|
|
|
@@ -60,7 +60,6 @@ function, that looks like this:
|
|
|
60
60
|
}
|
|
61
61
|
```
|
|
62
62
|
|
|
63
|
-
Add authorizationCheckMiddleware to make sure that all routes are covered by authorization check. Put this
|
|
63
|
+
Add `authorizationCheckMiddleware` to make sure that all routes are covered by authorization check. Put this
|
|
64
64
|
middleware before you define the routes.
|
|
65
|
-
If you want to skip authorization, use skipAuthorizationMiddleware
|
|
66
|
-
|
|
65
|
+
If you want to skip authorization, use `skipAuthorizationMiddleware`.
|
|
@@ -22,7 +22,7 @@ function getAuthorizationMiddleware(action, resourceGetter, contextGetter) {
|
|
|
22
22
|
contextGetter || (contextGetter = defaultContextGetter);
|
|
23
23
|
const { userId, accountId } = contextGetter(request);
|
|
24
24
|
const resources = resourceGetter(request);
|
|
25
|
-
const isAuthorized = yield authorization_service_1.AuthorizationService.isAuthorized(accountId, userId, resources, action);
|
|
25
|
+
const { isAuthorized } = yield authorization_service_1.AuthorizationService.isAuthorized(accountId, userId, resources, action);
|
|
26
26
|
authorization_internal_service_1.AuthorizationInternalService.markAuthorized(request);
|
|
27
27
|
if (!isAuthorized) {
|
|
28
28
|
response.status(403).json({ message: 'Access denied' });
|
|
@@ -1,4 +1,8 @@
|
|
|
1
1
|
import { Action, Resource } from './types/general';
|
|
2
|
+
export interface AuthorizeResponse {
|
|
3
|
+
isAuthorized: boolean;
|
|
4
|
+
unauthorizedIds?: number[];
|
|
5
|
+
}
|
|
2
6
|
export declare class AuthorizationService {
|
|
3
|
-
static isAuthorized(accountId: number, userId: number, resources: Resource[], action: Action): Promise<
|
|
7
|
+
static isAuthorized(accountId: number, userId: number, resources: Resource[], action: Action): Promise<AuthorizeResponse>;
|
|
4
8
|
}
|
|
@@ -56,7 +56,7 @@ class AuthorizationService {
|
|
|
56
56
|
}, { retries: 3, callback: logOnFetchFail });
|
|
57
57
|
if (!response.ok) {
|
|
58
58
|
logger.error({ status: response.status }, 'Authorization middleware: authorization request failed');
|
|
59
|
-
return false;
|
|
59
|
+
return { isAuthorized: false };
|
|
60
60
|
}
|
|
61
61
|
const responseBody = yield response.json();
|
|
62
62
|
const unauthorizedObjects = [];
|
|
@@ -69,9 +69,10 @@ class AuthorizationService {
|
|
|
69
69
|
logger.info({
|
|
70
70
|
resources: JSON.stringify(unauthorizedObjects),
|
|
71
71
|
}, 'Authorization middleware: resource is unauthorized');
|
|
72
|
-
|
|
72
|
+
const unauthorizedIds = unauthorizedObjects.map(obj => obj.resource_id);
|
|
73
|
+
return { isAuthorized: false, unauthorizedIds };
|
|
73
74
|
}
|
|
74
|
-
return true;
|
|
75
|
+
return { isAuthorized: true };
|
|
75
76
|
});
|
|
76
77
|
}
|
|
77
78
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mondaydotcomorg/monday-authorization",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.12",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "BSD-3-Clause",
|
|
@@ -31,5 +31,5 @@
|
|
|
31
31
|
"files": [
|
|
32
32
|
"dist/"
|
|
33
33
|
],
|
|
34
|
-
"gitHead": "
|
|
34
|
+
"gitHead": "16d2310591611bdd3eb76f3badad0835842513cd"
|
|
35
35
|
}
|