@mondaydotcomorg/monday-authorization 3.7.3 → 3.7.4-feat-shaime-exponential-backoff-retry-2477e5e
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authorization-internal-service.d.ts +7 -1
- package/dist/authorization-internal-service.d.ts.map +1 -1
- package/dist/authorization-internal-service.js +14 -2
- package/dist/authorization-service.d.ts +3 -3
- package/dist/authorization-service.d.ts.map +1 -1
- package/dist/authorization-service.js +3 -1
- package/dist/esm/authorization-internal-service.d.ts +7 -1
- package/dist/esm/authorization-internal-service.d.ts.map +1 -1
- package/dist/esm/authorization-internal-service.mjs +14 -3
- package/dist/esm/authorization-service.d.ts +3 -3
- package/dist/esm/authorization-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.mjs +3 -1
- package/dist/esm/index.d.ts +1 -1
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/testKit/index.d.ts +3 -3
- package/dist/esm/testKit/index.d.ts.map +1 -1
- package/dist/esm/testKit/index.mjs +3 -1
- package/dist/esm/types/general.d.ts +8 -3
- package/dist/esm/types/general.d.ts.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/testKit/index.d.ts +3 -3
- package/dist/testKit/index.d.ts.map +1 -1
- package/dist/testKit/index.js +3 -1
- package/dist/types/general.d.ts +8 -3
- package/dist/types/general.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/authorization-internal-service.ts +23 -3
- package/src/authorization-service.ts +8 -6
- package/src/index.ts +8 -1
- package/src/testKit/index.ts +20 -5
- package/src/types/general.ts +10 -3
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { OnRetryCallback, RetryPolicy } from '@mondaydotcomorg/monday-fetch-api';
|
|
2
|
+
import { OnRetryCallback, RetryPolicy, RetryDelayCallback } from '@mondaydotcomorg/monday-fetch-api';
|
|
3
3
|
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
4
4
|
import { BaseRequest } from './types/general';
|
|
5
5
|
export declare const logger: import("bunyan");
|
|
6
6
|
export declare const onRetryCallback: OnRetryCallback;
|
|
7
|
+
/**
|
|
8
|
+
* Exponential backoff retry delay callback
|
|
9
|
+
* Calculates delay as: baseDelay * 2^(attemptCount - 1)
|
|
10
|
+
* Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
|
|
11
|
+
*/
|
|
12
|
+
export declare const exponentialBackoffDelayCallback: RetryDelayCallback;
|
|
7
13
|
export declare class AuthorizationInternalService {
|
|
8
14
|
static igniteClient?: IgniteClient;
|
|
9
15
|
static skipAuthorization(requset: BaseRequest): void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,
|
|
1
|
+
{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,EAEL,eAAe,EACf,WAAW,EACX,kBAAkB,EACnB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK9C,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAO/C,eAAO,MAAM,eAAe,EAAE,eAM7B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,+BAA+B,EAAE,kBAO7C,CAAC;AAYF,qBAAa,4BAA4B;IACvC,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACnC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK;IAQjE,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,YAAY;IAI3C,MAAM,CAAC,iBAAiB;IA2BxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CAUvC"}
|
|
@@ -25,7 +25,7 @@ const MondayLogger__namespace = /*#__PURE__*/_interopNamespace(MondayLogger);
|
|
|
25
25
|
|
|
26
26
|
const INTERNAL_APP_NAME = 'internal_ms';
|
|
27
27
|
const MAX_RETRIES = 3;
|
|
28
|
-
const RETRY_DELAY_MS =
|
|
28
|
+
const RETRY_DELAY_MS = 20;
|
|
29
29
|
const logger = MondayLogger__namespace.getLogger();
|
|
30
30
|
const defaultMondayFetchOptions = {
|
|
31
31
|
retries: MAX_RETRIES,
|
|
@@ -39,6 +39,16 @@ const onRetryCallback = (attempt, error) => {
|
|
|
39
39
|
logger.info({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed, trying again');
|
|
40
40
|
}
|
|
41
41
|
};
|
|
42
|
+
/**
|
|
43
|
+
* Exponential backoff retry delay callback
|
|
44
|
+
* Calculates delay as: baseDelay * 2^(attemptCount - 1)
|
|
45
|
+
* Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
|
|
46
|
+
*/
|
|
47
|
+
const exponentialBackoffDelayCallback = ({ attemptCount }) => {
|
|
48
|
+
const delay = RETRY_DELAY_MS * Math.pow(2, attemptCount - 1);
|
|
49
|
+
logger.debug({ tag: 'authorization-service', attemptCount, delay }, `Exponential backoff: waiting ${delay}ms before retry attempt ${attemptCount}`);
|
|
50
|
+
return delay;
|
|
51
|
+
};
|
|
42
52
|
function logOnFetchFail(retriesLeft, error) {
|
|
43
53
|
if (retriesLeft == 0) {
|
|
44
54
|
logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
|
|
@@ -110,15 +120,17 @@ class AuthorizationInternalService {
|
|
|
110
120
|
}
|
|
111
121
|
static getRetriesPolicy() {
|
|
112
122
|
const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
|
|
123
|
+
const retryDelayMS = exponentialBackoffDelayCallback;
|
|
113
124
|
return {
|
|
114
125
|
useRetries: fetchOptions.retries !== undefined,
|
|
115
126
|
maxRetries: fetchOptions.retries !== undefined ? fetchOptions.retries : 0,
|
|
116
127
|
onRetry: onRetryCallback,
|
|
117
|
-
retryDelayMS
|
|
128
|
+
retryDelayMS,
|
|
118
129
|
};
|
|
119
130
|
}
|
|
120
131
|
}
|
|
121
132
|
|
|
122
133
|
exports.AuthorizationInternalService = AuthorizationInternalService;
|
|
134
|
+
exports.exponentialBackoffDelayCallback = exponentialBackoffDelayCallback;
|
|
123
135
|
exports.logger = logger;
|
|
124
136
|
exports.onRetryCallback = onRetryCallback;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
2
|
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
3
|
-
import { Action, AuthorizationObject, AuthorizationParams,
|
|
3
|
+
import { Action, AuthorizationObject, AuthorizationParams, AuthorizationResource } from './types/general';
|
|
4
4
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
5
|
export interface AuthorizeResponse {
|
|
6
6
|
isAuthorized: boolean;
|
|
@@ -21,7 +21,7 @@ export declare class AuthorizationService {
|
|
|
21
21
|
* @deprecated use the second form with authorizationRequestObjects instead,
|
|
22
22
|
* support of this function will be dropped gradually
|
|
23
23
|
*/
|
|
24
|
-
static isAuthorized(accountId: number, userId: number, resources:
|
|
24
|
+
static isAuthorized(accountId: number, userId: number, resources: AuthorizationResource[], action: Action): Promise<AuthorizeResponse>;
|
|
25
25
|
static isAuthorized(accountId: number, userId: number, authorizationRequestObjects: AuthorizationObject[]): Promise<AuthorizeResponse>;
|
|
26
26
|
/**
|
|
27
27
|
* @deprecated - Please use Ignite instead: https://github.com/DaPulse/ignite-monorepo/blob/master/packages/ignite-sdk/README.md
|
|
@@ -39,5 +39,5 @@ export declare class AuthorizationService {
|
|
|
39
39
|
}
|
|
40
40
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
41
41
|
export declare function setIgniteClient(): Promise<void>;
|
|
42
|
-
export declare function createAuthorizationParams(resources:
|
|
42
|
+
export declare function createAuthorizationParams(resources: AuthorizationResource[], action: Action): AuthorizationParams;
|
|
43
43
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAG1G,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAY1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,qBAAqB,EAAE,EAClC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;WAMjB,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAiBjH"}
|
|
@@ -205,10 +205,12 @@ function createAuthorizationParams(resources, action) {
|
|
|
205
205
|
const params = {
|
|
206
206
|
authorizationObjects: resources.map((resource) => {
|
|
207
207
|
const authorizationObject = {
|
|
208
|
-
resource_id: resource.id,
|
|
209
208
|
resource_type: resource.type,
|
|
210
209
|
action,
|
|
211
210
|
};
|
|
211
|
+
if (resource.id !== undefined) {
|
|
212
|
+
authorizationObject.resource_id = resource.id;
|
|
213
|
+
}
|
|
212
214
|
if (resource.wrapperData) {
|
|
213
215
|
authorizationObject.wrapper_data = resource.wrapperData;
|
|
214
216
|
}
|
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { OnRetryCallback, RetryPolicy } from '@mondaydotcomorg/monday-fetch-api';
|
|
2
|
+
import { OnRetryCallback, RetryPolicy, RetryDelayCallback } from '@mondaydotcomorg/monday-fetch-api';
|
|
3
3
|
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
4
4
|
import { BaseRequest } from './types/general';
|
|
5
5
|
export declare const logger: import("bunyan");
|
|
6
6
|
export declare const onRetryCallback: OnRetryCallback;
|
|
7
|
+
/**
|
|
8
|
+
* Exponential backoff retry delay callback
|
|
9
|
+
* Calculates delay as: baseDelay * 2^(attemptCount - 1)
|
|
10
|
+
* Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
|
|
11
|
+
*/
|
|
12
|
+
export declare const exponentialBackoffDelayCallback: RetryDelayCallback;
|
|
7
13
|
export declare class AuthorizationInternalService {
|
|
8
14
|
static igniteClient?: IgniteClient;
|
|
9
15
|
static skipAuthorization(requset: BaseRequest): void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,
|
|
1
|
+
{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,EAEL,eAAe,EACf,WAAW,EACX,kBAAkB,EACnB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK9C,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAO/C,eAAO,MAAM,eAAe,EAAE,eAM7B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,+BAA+B,EAAE,kBAO7C,CAAC;AAYF,qBAAa,4BAA4B;IACvC,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACnC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK;IAQjE,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,YAAY;IAI3C,MAAM,CAAC,iBAAiB;IA2BxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CAUvC"}
|
|
@@ -3,7 +3,7 @@ import * as MondayLogger from '@mondaydotcomorg/monday-logger';
|
|
|
3
3
|
|
|
4
4
|
const INTERNAL_APP_NAME = 'internal_ms';
|
|
5
5
|
const MAX_RETRIES = 3;
|
|
6
|
-
const RETRY_DELAY_MS =
|
|
6
|
+
const RETRY_DELAY_MS = 20;
|
|
7
7
|
const logger = MondayLogger.getLogger();
|
|
8
8
|
const defaultMondayFetchOptions = {
|
|
9
9
|
retries: MAX_RETRIES,
|
|
@@ -17,6 +17,16 @@ const onRetryCallback = (attempt, error) => {
|
|
|
17
17
|
logger.info({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed, trying again');
|
|
18
18
|
}
|
|
19
19
|
};
|
|
20
|
+
/**
|
|
21
|
+
* Exponential backoff retry delay callback
|
|
22
|
+
* Calculates delay as: baseDelay * 2^(attemptCount - 1)
|
|
23
|
+
* Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
|
|
24
|
+
*/
|
|
25
|
+
const exponentialBackoffDelayCallback = ({ attemptCount }) => {
|
|
26
|
+
const delay = RETRY_DELAY_MS * Math.pow(2, attemptCount - 1);
|
|
27
|
+
logger.debug({ tag: 'authorization-service', attemptCount, delay }, `Exponential backoff: waiting ${delay}ms before retry attempt ${attemptCount}`);
|
|
28
|
+
return delay;
|
|
29
|
+
};
|
|
20
30
|
function logOnFetchFail(retriesLeft, error) {
|
|
21
31
|
if (retriesLeft == 0) {
|
|
22
32
|
logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
|
|
@@ -88,13 +98,14 @@ class AuthorizationInternalService {
|
|
|
88
98
|
}
|
|
89
99
|
static getRetriesPolicy() {
|
|
90
100
|
const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
|
|
101
|
+
const retryDelayMS = exponentialBackoffDelayCallback;
|
|
91
102
|
return {
|
|
92
103
|
useRetries: fetchOptions.retries !== undefined,
|
|
93
104
|
maxRetries: fetchOptions.retries !== undefined ? fetchOptions.retries : 0,
|
|
94
105
|
onRetry: onRetryCallback,
|
|
95
|
-
retryDelayMS
|
|
106
|
+
retryDelayMS,
|
|
96
107
|
};
|
|
97
108
|
}
|
|
98
109
|
}
|
|
99
110
|
|
|
100
|
-
export { AuthorizationInternalService, logger, onRetryCallback };
|
|
111
|
+
export { AuthorizationInternalService, exponentialBackoffDelayCallback, logger, onRetryCallback };
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
2
|
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
3
|
-
import { Action, AuthorizationObject, AuthorizationParams,
|
|
3
|
+
import { Action, AuthorizationObject, AuthorizationParams, AuthorizationResource } from './types/general';
|
|
4
4
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
5
|
export interface AuthorizeResponse {
|
|
6
6
|
isAuthorized: boolean;
|
|
@@ -21,7 +21,7 @@ export declare class AuthorizationService {
|
|
|
21
21
|
* @deprecated use the second form with authorizationRequestObjects instead,
|
|
22
22
|
* support of this function will be dropped gradually
|
|
23
23
|
*/
|
|
24
|
-
static isAuthorized(accountId: number, userId: number, resources:
|
|
24
|
+
static isAuthorized(accountId: number, userId: number, resources: AuthorizationResource[], action: Action): Promise<AuthorizeResponse>;
|
|
25
25
|
static isAuthorized(accountId: number, userId: number, authorizationRequestObjects: AuthorizationObject[]): Promise<AuthorizeResponse>;
|
|
26
26
|
/**
|
|
27
27
|
* @deprecated - Please use Ignite instead: https://github.com/DaPulse/ignite-monorepo/blob/master/packages/ignite-sdk/README.md
|
|
@@ -39,5 +39,5 @@ export declare class AuthorizationService {
|
|
|
39
39
|
}
|
|
40
40
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
41
41
|
export declare function setIgniteClient(): Promise<void>;
|
|
42
|
-
export declare function createAuthorizationParams(resources:
|
|
42
|
+
export declare function createAuthorizationParams(resources: AuthorizationResource[], action: Action): AuthorizationParams;
|
|
43
43
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAG1G,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAY1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,qBAAqB,EAAE,EAClC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;WAMjB,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAiBjH"}
|
|
@@ -203,10 +203,12 @@ function createAuthorizationParams(resources, action) {
|
|
|
203
203
|
const params = {
|
|
204
204
|
authorizationObjects: resources.map((resource) => {
|
|
205
205
|
const authorizationObject = {
|
|
206
|
-
resource_id: resource.id,
|
|
207
206
|
resource_type: resource.type,
|
|
208
207
|
action,
|
|
209
208
|
};
|
|
209
|
+
if (resource.id !== undefined) {
|
|
210
|
+
authorizationObject.resource_id = resource.id;
|
|
211
|
+
}
|
|
210
212
|
if (resource.wrapperData) {
|
|
211
213
|
authorizationObject.wrapper_data = resource.wrapperData;
|
|
212
214
|
}
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -25,7 +25,7 @@ export { ResourceAttributeAssignment } from './resource-attribute-assignment';
|
|
|
25
25
|
export { EntityAttributeAssignment } from './entity-attribute-assignment';
|
|
26
26
|
export { RolesService } from './roles-service';
|
|
27
27
|
export { MembershipsService } from './memberships';
|
|
28
|
-
export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
|
|
28
|
+
export { AuthorizationObject, AuthorizationResource, Resource, BaseRequest, ResourceGetter, ContextGetter, } from './types/general';
|
|
29
29
|
export { Translation, ScopedAction, ScopedActionResponseObject, ScopedActionPermit, } from './types/scoped-actions-contracts';
|
|
30
30
|
export { CustomRole, BasicRole, RoleType, RoleCreateRequest, RoleUpdateRequest, RolesResponse } from './types/roles';
|
|
31
31
|
export { AttributeAssignment, AttributeOperation, ResourceAttributeDeleteAssignment, ResourceAttributeUpsertOperation, ResourceAttributeDeleteOperation, EntityAttributeDeleteAssignment, EntityAttributeUpsertOperation, EntityAttributeDeleteOperation, ResourceAttributeAssignment as ResourceAttributeAssignmentContract, EntityAttributeAssignment as EntityAttributeAssignmentContract, } from './types/authorization-attributes-contracts';
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,OAAO,EAAE,2BAA2B,EAAE,MAAM,iCAAiC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,OAAO,EAAE,2BAA2B,EAAE,MAAM,iCAAiC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,QAAQ,EACR,WAAW,EACX,cAAc,EACd,aAAa,GACd,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACrH,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,iCAAiC,EACjC,gCAAgC,EAChC,gCAAgC,EAChC,+BAA+B,EAC/B,8BAA8B,EAC9B,8BAA8B,EAC9B,2BAA2B,IAAI,mCAAmC,EAClE,yBAAyB,IAAI,iCAAiC,GAC/D,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,kCAAkC,IAAI,+BAA+B,EAAE,MAAM,yCAAyC,CAAC;AAEhI,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import { Action, BaseRequest, BaseResponse, ContextGetter,
|
|
1
|
+
import { Action, AuthorizationResource, BaseRequest, BaseResponse, ContextGetter, ResourceGetter } from '../types/general';
|
|
2
2
|
import type { NextFunction } from 'express';
|
|
3
3
|
export type TestPermittedAction = {
|
|
4
4
|
accountId: number;
|
|
5
5
|
userId: number;
|
|
6
|
-
resources:
|
|
6
|
+
resources: AuthorizationResource[];
|
|
7
7
|
action: Action;
|
|
8
8
|
};
|
|
9
|
-
export declare const addTestPermittedAction: (accountId: number, userId: number, resources:
|
|
9
|
+
export declare const addTestPermittedAction: (accountId: number, userId: number, resources: AuthorizationResource[], action: Action) => void;
|
|
10
10
|
export declare const clearTestPermittedActions: () => void;
|
|
11
11
|
export declare const getTestAuthorizationMiddleware: (action: Action, resourceGetter: ResourceGetter, contextGetter?: ContextGetter) => (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;
|
|
12
12
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,qBAAqB,EACrB,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACf,MAAM,kBAAkB,CAAC;AAG1B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,qBAAqB,EAAE,CAAC;IACnC,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,GACjC,WAAW,MAAM,EACjB,QAAQ,MAAM,EACd,WAAW,qBAAqB,EAAE,EAClC,QAAQ,MAAM,SAGf,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AA+BF,eAAO,MAAM,8BAA8B,GACzC,QAAQ,MAAM,EACd,gBAAgB,cAAc,EAC9B,gBAAgB,aAAa,MAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}
|
|
@@ -20,7 +20,9 @@ const isActionAuthorized = (accountId, userId, resources, action) => {
|
|
|
20
20
|
combination.userId === userId &&
|
|
21
21
|
combination.action === action &&
|
|
22
22
|
combination.resources.some(combinationResource => {
|
|
23
|
-
|
|
23
|
+
const idsMatch = combinationResource.id === resource.id ||
|
|
24
|
+
(combinationResource.id === undefined && resource.id === undefined);
|
|
25
|
+
return (idsMatch &&
|
|
24
26
|
combinationResource.type === resource.type &&
|
|
25
27
|
JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData));
|
|
26
28
|
}));
|
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
import type { Request, Response } from 'express';
|
|
2
2
|
import type { ResourceType } from '../resource-attributes-constants';
|
|
3
|
+
export interface AuthorizationResource {
|
|
4
|
+
id?: number;
|
|
5
|
+
type: string;
|
|
6
|
+
wrapperData?: object;
|
|
7
|
+
}
|
|
3
8
|
export interface Resource {
|
|
4
9
|
id: number;
|
|
5
10
|
type: ResourceType;
|
|
@@ -26,9 +31,9 @@ export type BaseParameters = BasicObject;
|
|
|
26
31
|
export type BaseResponseBody = BasicObject;
|
|
27
32
|
export type BaseBodyParameters = BasicObject;
|
|
28
33
|
export type BaseQueryParameters = BasicObject;
|
|
29
|
-
export type BaseRequest = Request
|
|
30
|
-
export type BaseResponse = Response
|
|
31
|
-
export type ResourceGetter = (request: BaseRequest) =>
|
|
34
|
+
export type BaseRequest = Request;
|
|
35
|
+
export type BaseResponse = Response;
|
|
36
|
+
export type ResourceGetter = (request: BaseRequest) => AuthorizationResource[];
|
|
32
37
|
export type ContextGetter = (request: BaseRequest) => Context;
|
|
33
38
|
export {};
|
|
34
39
|
//# sourceMappingURL=general.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"general.d.ts","sourceRoot":"","sources":["../../../src/types/general.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAErE,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AACD,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC;AAC5B,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,KAAK,WAAW,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAAC;AAE9C,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAC7C,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"general.d.ts","sourceRoot":"","sources":["../../../src/types/general.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAErE,MAAM,WAAW,qBAAqB;IACpC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AACD,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC;AAC5B,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,KAAK,WAAW,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAAC;AAE9C,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAC7C,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAE9C,MAAM,MAAM,WAAW,GAAG,OAAO,CAAC;AAClC,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC;AACpC,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,qBAAqB,EAAE,CAAC;AAC/E,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -25,7 +25,7 @@ export { ResourceAttributeAssignment } from './resource-attribute-assignment';
|
|
|
25
25
|
export { EntityAttributeAssignment } from './entity-attribute-assignment';
|
|
26
26
|
export { RolesService } from './roles-service';
|
|
27
27
|
export { MembershipsService } from './memberships';
|
|
28
|
-
export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
|
|
28
|
+
export { AuthorizationObject, AuthorizationResource, Resource, BaseRequest, ResourceGetter, ContextGetter, } from './types/general';
|
|
29
29
|
export { Translation, ScopedAction, ScopedActionResponseObject, ScopedActionPermit, } from './types/scoped-actions-contracts';
|
|
30
30
|
export { CustomRole, BasicRole, RoleType, RoleCreateRequest, RoleUpdateRequest, RolesResponse } from './types/roles';
|
|
31
31
|
export { AttributeAssignment, AttributeOperation, ResourceAttributeDeleteAssignment, ResourceAttributeUpsertOperation, ResourceAttributeDeleteOperation, EntityAttributeDeleteAssignment, EntityAttributeUpsertOperation, EntityAttributeDeleteOperation, ResourceAttributeAssignment as ResourceAttributeAssignmentContract, EntityAttributeAssignment as EntityAttributeAssignmentContract, } from './types/authorization-attributes-contracts';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,OAAO,EAAE,2BAA2B,EAAE,MAAM,iCAAiC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,OAAO,EAAE,2BAA2B,EAAE,MAAM,iCAAiC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,QAAQ,EACR,WAAW,EACX,cAAc,EACd,aAAa,GACd,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACrH,OAAO,EACL,mBAAmB,EACnB,kBAAkB,EAClB,iCAAiC,EACjC,gCAAgC,EAChC,gCAAgC,EAChC,+BAA+B,EAC/B,8BAA8B,EAC9B,8BAA8B,EAC9B,2BAA2B,IAAI,mCAAmC,EAClE,yBAAyB,IAAI,iCAAiC,GAC/D,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,kCAAkC,IAAI,+BAA+B,EAAE,MAAM,yCAAyC,CAAC;AAEhI,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/testKit/index.d.ts
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import { Action, BaseRequest, BaseResponse, ContextGetter,
|
|
1
|
+
import { Action, AuthorizationResource, BaseRequest, BaseResponse, ContextGetter, ResourceGetter } from '../types/general';
|
|
2
2
|
import type { NextFunction } from 'express';
|
|
3
3
|
export type TestPermittedAction = {
|
|
4
4
|
accountId: number;
|
|
5
5
|
userId: number;
|
|
6
|
-
resources:
|
|
6
|
+
resources: AuthorizationResource[];
|
|
7
7
|
action: Action;
|
|
8
8
|
};
|
|
9
|
-
export declare const addTestPermittedAction: (accountId: number, userId: number, resources:
|
|
9
|
+
export declare const addTestPermittedAction: (accountId: number, userId: number, resources: AuthorizationResource[], action: Action) => void;
|
|
10
10
|
export declare const clearTestPermittedActions: () => void;
|
|
11
11
|
export declare const getTestAuthorizationMiddleware: (action: Action, resourceGetter: ResourceGetter, contextGetter?: ContextGetter) => (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;
|
|
12
12
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,qBAAqB,EACrB,WAAW,EACX,YAAY,EACZ,aAAa,EACb,cAAc,EACf,MAAM,kBAAkB,CAAC;AAG1B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,qBAAqB,EAAE,CAAC;IACnC,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,GACjC,WAAW,MAAM,EACjB,QAAQ,MAAM,EACd,WAAW,qBAAqB,EAAE,EAClC,QAAQ,MAAM,SAGf,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AA+BF,eAAO,MAAM,8BAA8B,GACzC,QAAQ,MAAM,EACd,gBAAgB,cAAc,EAC9B,gBAAgB,aAAa,MAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}
|
package/dist/testKit/index.js
CHANGED
|
@@ -22,7 +22,9 @@ const isActionAuthorized = (accountId, userId, resources, action) => {
|
|
|
22
22
|
combination.userId === userId &&
|
|
23
23
|
combination.action === action &&
|
|
24
24
|
combination.resources.some(combinationResource => {
|
|
25
|
-
|
|
25
|
+
const idsMatch = combinationResource.id === resource.id ||
|
|
26
|
+
(combinationResource.id === undefined && resource.id === undefined);
|
|
27
|
+
return (idsMatch &&
|
|
26
28
|
combinationResource.type === resource.type &&
|
|
27
29
|
JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData));
|
|
28
30
|
}));
|
package/dist/types/general.d.ts
CHANGED
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
import type { Request, Response } from 'express';
|
|
2
2
|
import type { ResourceType } from '../resource-attributes-constants';
|
|
3
|
+
export interface AuthorizationResource {
|
|
4
|
+
id?: number;
|
|
5
|
+
type: string;
|
|
6
|
+
wrapperData?: object;
|
|
7
|
+
}
|
|
3
8
|
export interface Resource {
|
|
4
9
|
id: number;
|
|
5
10
|
type: ResourceType;
|
|
@@ -26,9 +31,9 @@ export type BaseParameters = BasicObject;
|
|
|
26
31
|
export type BaseResponseBody = BasicObject;
|
|
27
32
|
export type BaseBodyParameters = BasicObject;
|
|
28
33
|
export type BaseQueryParameters = BasicObject;
|
|
29
|
-
export type BaseRequest = Request
|
|
30
|
-
export type BaseResponse = Response
|
|
31
|
-
export type ResourceGetter = (request: BaseRequest) =>
|
|
34
|
+
export type BaseRequest = Request;
|
|
35
|
+
export type BaseResponse = Response;
|
|
36
|
+
export type ResourceGetter = (request: BaseRequest) => AuthorizationResource[];
|
|
32
37
|
export type ContextGetter = (request: BaseRequest) => Context;
|
|
33
38
|
export {};
|
|
34
39
|
//# sourceMappingURL=general.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"general.d.ts","sourceRoot":"","sources":["../../src/types/general.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAErE,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AACD,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC;AAC5B,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,KAAK,WAAW,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAAC;AAE9C,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAC7C,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"general.d.ts","sourceRoot":"","sources":["../../src/types/general.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACjD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAErE,MAAM,WAAW,qBAAqB;IACpC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,YAAY,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AACD,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC;AAC5B,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,KAAK,WAAW,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAAC;AAE9C,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAC7C,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAE9C,MAAM,MAAM,WAAW,GAAG,OAAO,CAAC;AAClC,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC;AACpC,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,qBAAqB,EAAE,CAAC;AAC/E,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,13 +1,18 @@
|
|
|
1
1
|
import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
|
|
2
2
|
import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
3
3
|
import * as MondayLogger from '@mondaydotcomorg/monday-logger';
|
|
4
|
-
import {
|
|
4
|
+
import {
|
|
5
|
+
NullableErrorWithType,
|
|
6
|
+
OnRetryCallback,
|
|
7
|
+
RetryPolicy,
|
|
8
|
+
RetryDelayCallback,
|
|
9
|
+
} from '@mondaydotcomorg/monday-fetch-api';
|
|
5
10
|
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
6
11
|
import { BaseRequest } from './types/general';
|
|
7
12
|
|
|
8
13
|
const INTERNAL_APP_NAME = 'internal_ms';
|
|
9
14
|
const MAX_RETRIES = 3;
|
|
10
|
-
const RETRY_DELAY_MS =
|
|
15
|
+
const RETRY_DELAY_MS = 20;
|
|
11
16
|
export const logger = MondayLogger.getLogger();
|
|
12
17
|
|
|
13
18
|
const defaultMondayFetchOptions: MondayFetchOptions = {
|
|
@@ -23,6 +28,20 @@ export const onRetryCallback: OnRetryCallback = (attempt: number, error?: Nullab
|
|
|
23
28
|
}
|
|
24
29
|
};
|
|
25
30
|
|
|
31
|
+
/**
|
|
32
|
+
* Exponential backoff retry delay callback
|
|
33
|
+
* Calculates delay as: baseDelay * 2^(attemptCount - 1)
|
|
34
|
+
* Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
|
|
35
|
+
*/
|
|
36
|
+
export const exponentialBackoffDelayCallback: RetryDelayCallback = ({ attemptCount }) => {
|
|
37
|
+
const delay = RETRY_DELAY_MS * Math.pow(2, attemptCount - 1);
|
|
38
|
+
logger.debug(
|
|
39
|
+
{ tag: 'authorization-service', attemptCount, delay },
|
|
40
|
+
`Exponential backoff: waiting ${delay}ms before retry attempt ${attemptCount}`
|
|
41
|
+
);
|
|
42
|
+
return delay;
|
|
43
|
+
};
|
|
44
|
+
|
|
26
45
|
function logOnFetchFail(retriesLeft: number, error: Error) {
|
|
27
46
|
if (retriesLeft == 0) {
|
|
28
47
|
logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
|
|
@@ -119,11 +138,12 @@ export class AuthorizationInternalService {
|
|
|
119
138
|
|
|
120
139
|
static getRetriesPolicy(): RetryPolicy {
|
|
121
140
|
const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
|
|
141
|
+
const retryDelayMS = exponentialBackoffDelayCallback;
|
|
122
142
|
return {
|
|
123
143
|
useRetries: fetchOptions.retries !== undefined,
|
|
124
144
|
maxRetries: fetchOptions.retries !== undefined ? fetchOptions.retries : 0,
|
|
125
145
|
onRetry: onRetryCallback,
|
|
126
|
-
retryDelayMS
|
|
146
|
+
retryDelayMS,
|
|
127
147
|
};
|
|
128
148
|
}
|
|
129
149
|
}
|
|
@@ -3,7 +3,7 @@ import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
|
3
3
|
import { Api } from '@mondaydotcomorg/trident-backend-api';
|
|
4
4
|
import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
|
|
5
5
|
import { getIgniteClient, IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
6
|
-
import { Action, AuthorizationObject, AuthorizationParams,
|
|
6
|
+
import { Action, AuthorizationObject, AuthorizationParams, AuthorizationResource } from './types/general';
|
|
7
7
|
import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service';
|
|
8
8
|
import { recordAuthorizationTiming } from './metrics-service';
|
|
9
9
|
import {
|
|
@@ -70,7 +70,7 @@ export class AuthorizationService {
|
|
|
70
70
|
static async isAuthorized(
|
|
71
71
|
accountId: number,
|
|
72
72
|
userId: number,
|
|
73
|
-
resources:
|
|
73
|
+
resources: AuthorizationResource[],
|
|
74
74
|
action: Action
|
|
75
75
|
): Promise<AuthorizeResponse>;
|
|
76
76
|
|
|
@@ -197,7 +197,7 @@ export class AuthorizationService {
|
|
|
197
197
|
private static async isAuthorizedSingular(
|
|
198
198
|
accountId: number,
|
|
199
199
|
userId: number,
|
|
200
|
-
resources:
|
|
200
|
+
resources: AuthorizationResource[],
|
|
201
201
|
action: Action
|
|
202
202
|
): Promise<AuthorizeResponse> {
|
|
203
203
|
const { authorizationObjects } = createAuthorizationParams(resources, action);
|
|
@@ -313,14 +313,16 @@ export async function setIgniteClient() {
|
|
|
313
313
|
AuthorizationInternalService.setIgniteClient(igniteClient);
|
|
314
314
|
}
|
|
315
315
|
|
|
316
|
-
export function createAuthorizationParams(resources:
|
|
316
|
+
export function createAuthorizationParams(resources: AuthorizationResource[], action: Action): AuthorizationParams {
|
|
317
317
|
const params = {
|
|
318
|
-
authorizationObjects: resources.map((resource:
|
|
318
|
+
authorizationObjects: resources.map((resource: AuthorizationResource) => {
|
|
319
319
|
const authorizationObject: AuthorizationObject = {
|
|
320
|
-
resource_id: resource.id,
|
|
321
320
|
resource_type: resource.type,
|
|
322
321
|
action,
|
|
323
322
|
};
|
|
323
|
+
if (resource.id !== undefined) {
|
|
324
|
+
authorizationObject.resource_id = resource.id;
|
|
325
|
+
}
|
|
324
326
|
if (resource.wrapperData) {
|
|
325
327
|
authorizationObject.wrapper_data = resource.wrapperData;
|
|
326
328
|
}
|
package/src/index.ts
CHANGED
|
@@ -64,7 +64,14 @@ export { ResourceAttributeAssignment } from './resource-attribute-assignment';
|
|
|
64
64
|
export { EntityAttributeAssignment } from './entity-attribute-assignment';
|
|
65
65
|
export { RolesService } from './roles-service';
|
|
66
66
|
export { MembershipsService } from './memberships';
|
|
67
|
-
export {
|
|
67
|
+
export {
|
|
68
|
+
AuthorizationObject,
|
|
69
|
+
AuthorizationResource,
|
|
70
|
+
Resource,
|
|
71
|
+
BaseRequest,
|
|
72
|
+
ResourceGetter,
|
|
73
|
+
ContextGetter,
|
|
74
|
+
} from './types/general';
|
|
68
75
|
export {
|
|
69
76
|
Translation,
|
|
70
77
|
ScopedAction,
|
package/src/testKit/index.ts
CHANGED
|
@@ -1,4 +1,11 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import {
|
|
2
|
+
Action,
|
|
3
|
+
AuthorizationResource,
|
|
4
|
+
BaseRequest,
|
|
5
|
+
BaseResponse,
|
|
6
|
+
ContextGetter,
|
|
7
|
+
ResourceGetter,
|
|
8
|
+
} from '../types/general';
|
|
2
9
|
import { defaultContextGetter } from '../authorization-middleware';
|
|
3
10
|
import { AuthorizationInternalService } from '../authorization-internal-service';
|
|
4
11
|
import type { NextFunction } from 'express';
|
|
@@ -6,12 +13,17 @@ import type { NextFunction } from 'express';
|
|
|
6
13
|
export type TestPermittedAction = {
|
|
7
14
|
accountId: number;
|
|
8
15
|
userId: number;
|
|
9
|
-
resources:
|
|
16
|
+
resources: AuthorizationResource[];
|
|
10
17
|
action: Action;
|
|
11
18
|
};
|
|
12
19
|
|
|
13
20
|
let testPermittedActions: TestPermittedAction[] = [];
|
|
14
|
-
export const addTestPermittedAction = (
|
|
21
|
+
export const addTestPermittedAction = (
|
|
22
|
+
accountId: number,
|
|
23
|
+
userId: number,
|
|
24
|
+
resources: AuthorizationResource[],
|
|
25
|
+
action: Action
|
|
26
|
+
) => {
|
|
15
27
|
testPermittedActions.push({ accountId, userId, resources, action });
|
|
16
28
|
};
|
|
17
29
|
|
|
@@ -19,7 +31,7 @@ export const clearTestPermittedActions = () => {
|
|
|
19
31
|
testPermittedActions = [];
|
|
20
32
|
};
|
|
21
33
|
|
|
22
|
-
const isActionAuthorized = (accountId: number, userId: number, resources:
|
|
34
|
+
const isActionAuthorized = (accountId: number, userId: number, resources: AuthorizationResource[], action: Action) => {
|
|
23
35
|
// If no resources to check, deny access
|
|
24
36
|
if (resources.length === 0) {
|
|
25
37
|
return { isAuthorized: false };
|
|
@@ -33,8 +45,11 @@ const isActionAuthorized = (accountId: number, userId: number, resources: Resour
|
|
|
33
45
|
combination.userId === userId &&
|
|
34
46
|
combination.action === action &&
|
|
35
47
|
combination.resources.some(combinationResource => {
|
|
48
|
+
const idsMatch =
|
|
49
|
+
combinationResource.id === resource.id ||
|
|
50
|
+
(combinationResource.id === undefined && resource.id === undefined);
|
|
36
51
|
return (
|
|
37
|
-
|
|
52
|
+
idsMatch &&
|
|
38
53
|
combinationResource.type === resource.type &&
|
|
39
54
|
JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData)
|
|
40
55
|
);
|
package/src/types/general.ts
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
import type { Request, Response } from 'express';
|
|
2
2
|
import type { ResourceType } from '../resource-attributes-constants';
|
|
3
3
|
|
|
4
|
+
export interface AuthorizationResource {
|
|
5
|
+
id?: number;
|
|
6
|
+
type: string;
|
|
7
|
+
wrapperData?: object;
|
|
8
|
+
}
|
|
9
|
+
|
|
4
10
|
export interface Resource {
|
|
5
11
|
id: number;
|
|
6
12
|
type: ResourceType;
|
|
@@ -27,7 +33,8 @@ export type BaseParameters = BasicObject;
|
|
|
27
33
|
export type BaseResponseBody = BasicObject;
|
|
28
34
|
export type BaseBodyParameters = BasicObject;
|
|
29
35
|
export type BaseQueryParameters = BasicObject;
|
|
30
|
-
|
|
31
|
-
export type
|
|
32
|
-
export type
|
|
36
|
+
|
|
37
|
+
export type BaseRequest = Request;
|
|
38
|
+
export type BaseResponse = Response;
|
|
39
|
+
export type ResourceGetter = (request: BaseRequest) => AuthorizationResource[];
|
|
33
40
|
export type ContextGetter = (request: BaseRequest) => Context;
|