@nattyjs/core 0.0.1-beta.27 → 0.0.1-beta.29

package/dist/index.cjs

@@ -371,6 +371,7 @@ class BaseResult {
 }
 
 function getResponseBodyObject(body, props) {
+  const sensitiveProps = common.commonContainer.nattyConfig?.secure?.sensitiveProps;
   if (body instanceof common.List)
     return getResponseBodyObject(body.values, body.props);
   if (Array.isArray(body)) {
@@ -384,7 +385,8 @@ function getResponseBodyObject(body, props) {
     const keys = Object.keys(body);
     const getterProps = props ? Object.keys(props).map((key) => props[key]) : [];
     for (const key of [...keys, ...getterProps])
-      jObject[key] = getResponseBodyObject(body[key]);
+      if (!sensitiveProps || sensitiveProps.filter((t) => t == key.toLowerCase()).length == 0)
+        jObject[key] = getResponseBodyObject(body[key]);
     return jObject;
   }
   return body;
@@ -871,6 +873,14 @@ class ActionExecutedContext extends AbstractExecutionContext {
   }
 }
 
+class AuthorizationContext extends AbstractExecutionContext {
+  constructor(models, context, routeInfo, config) {
+    super(context, routeInfo);
+    this.models = models;
+    this.config = config;
+  }
+}
+
 class RequestProcessor extends RouteParser {
   constructor() {
     super(...arguments);
@@ -881,9 +891,6 @@ class RequestProcessor extends RouteParser {
       case RequestPipeline.onAuthentication:
         await this.onAuthentication();
         break;
-      case RequestPipeline.onAuthorization:
-        await this.onAuthorization();
-        break;
     }
   }
   resolveFilter(instance) {
@@ -909,21 +916,27 @@ class RequestProcessor extends RouteParser {
       this.httpContext.user = result;
       if (!result.isAuthenticate && !anonymousInfo.controllerConfig && !anonymousInfo.methodConfig)
         throw new UnauthorizedAccessException(authenticationFilter.onFailedResponse());
-      await this.onAuthorization();
     }
   }
-  async onAuthorization() {
+  async onAuthorization(methodParameters) {
     const authorization = common.commonContainer.globalConfig.authorization;
     const authorizationFilter = authorization ? this.resolveFilter(authorization) : void 0;
     const authorizeConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authorize);
     const authenticationOnly = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authenticationOnly);
     if (this.httpContext.user?.isAuthenticate && authorizationFilter && (!authenticationOnly.controllerConfig && !authenticationOnly.methodConfig)) {
-      const result = await authorizationFilter.onAuthorization(this.httpContext, authorizeConfig.methodConfig || authorizeConfig.controllerConfig);
+      const authorizationContext = new AuthorizationContext(
+        methodParameters.filter((t) => t instanceof ModelBindingContext),
+        this.httpContext,
+        this.routeInfo,
+        authorizeConfig.methodConfig || authorizeConfig.controllerConfig
+      );
+      const result = await authorizationFilter.onAuthorization(authorizationContext);
       if (!result)
         throw new ForbiddenAccessException(authorizationFilter.onFailedAuthorization());
     }
   }
   async onActionExecuting(methodParameters) {
+    await this.onAuthorization(methodParameters);
     let actionFilters = common.commonContainer.globalConfig.actionFilters || [];
     const actionFiltersConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.useFilter);
     actionFilters = [...actionFilters, ...actionFiltersConfig.controllerConfig?.actionFilters || [], ...actionFiltersConfig.methodConfig?.actionFilters || []];

package/dist/index.mjs

@@ -369,6 +369,7 @@ class BaseResult {
 }
 
 function getResponseBodyObject(body, props) {
+  const sensitiveProps = commonContainer.nattyConfig?.secure?.sensitiveProps;
   if (body instanceof List)
     return getResponseBodyObject(body.values, body.props);
   if (Array.isArray(body)) {
@@ -382,7 +383,8 @@ function getResponseBodyObject(body, props) {
     const keys = Object.keys(body);
     const getterProps = props ? Object.keys(props).map((key) => props[key]) : [];
     for (const key of [...keys, ...getterProps])
-      jObject[key] = getResponseBodyObject(body[key]);
+      if (!sensitiveProps || sensitiveProps.filter((t) => t == key.toLowerCase()).length == 0)
+        jObject[key] = getResponseBodyObject(body[key]);
     return jObject;
   }
   return body;
@@ -869,6 +871,14 @@ class ActionExecutedContext extends AbstractExecutionContext {
   }
 }
 
+class AuthorizationContext extends AbstractExecutionContext {
+  constructor(models, context, routeInfo, config) {
+    super(context, routeInfo);
+    this.models = models;
+    this.config = config;
+  }
+}
+
 class RequestProcessor extends RouteParser {
   constructor() {
     super(...arguments);
@@ -879,9 +889,6 @@ class RequestProcessor extends RouteParser {
       case RequestPipeline.onAuthentication:
         await this.onAuthentication();
         break;
-      case RequestPipeline.onAuthorization:
-        await this.onAuthorization();
-        break;
     }
   }
   resolveFilter(instance) {
@@ -907,21 +914,27 @@ class RequestProcessor extends RouteParser {
       this.httpContext.user = result;
       if (!result.isAuthenticate && !anonymousInfo.controllerConfig && !anonymousInfo.methodConfig)
         throw new UnauthorizedAccessException(authenticationFilter.onFailedResponse());
-      await this.onAuthorization();
     }
   }
-  async onAuthorization() {
+  async onAuthorization(methodParameters) {
     const authorization = commonContainer.globalConfig.authorization;
     const authorizationFilter = authorization ? this.resolveFilter(authorization) : void 0;
     const authorizeConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authorize);
     const authenticationOnly = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authenticationOnly);
     if (this.httpContext.user?.isAuthenticate && authorizationFilter && (!authenticationOnly.controllerConfig && !authenticationOnly.methodConfig)) {
-      const result = await authorizationFilter.onAuthorization(this.httpContext, authorizeConfig.methodConfig || authorizeConfig.controllerConfig);
+      const authorizationContext = new AuthorizationContext(
+        methodParameters.filter((t) => t instanceof ModelBindingContext),
+        this.httpContext,
+        this.routeInfo,
+        authorizeConfig.methodConfig || authorizeConfig.controllerConfig
+      );
+      const result = await authorizationFilter.onAuthorization(authorizationContext);
       if (!result)
         throw new ForbiddenAccessException(authorizationFilter.onFailedAuthorization());
     }
   }
   async onActionExecuting(methodParameters) {
+    await this.onAuthorization(methodParameters);
     let actionFilters = commonContainer.globalConfig.actionFilters || [];
     const actionFiltersConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.useFilter);
     actionFilters = [...actionFilters, ...actionFiltersConfig.controllerConfig?.actionFilters || [], ...actionFiltersConfig.methodConfig?.actionFilters || []];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nattyjs/core",
-  "version": "0.0.1-beta.27",
+  "version": "0.0.1-beta.29",
   "description": "",
   "keywords": [],
   "author": "ajayojha",
@@ -17,7 +17,7 @@
   "dependencies": {
     "tsyringe": "^4.7.0",
     "path-to-regexp": "6.2.1",
-    "@nattyjs/common": "0.0.1-beta.27"
+    "@nattyjs/common": "0.0.1-beta.29"
   },
   "devDependencies": {
     "unbuild": "1.2.1"