@nattyjs/core 0.0.1-beta.3 → 0.0.1-beta.31

package/dist/index.cjs

@@ -60,10 +60,13 @@ const nattyContainer = new class {
     this.container = /* @__PURE__ */ new Map();
     this.containerState = /* @__PURE__ */ new Map();
   }
-  setup(config, routes, types) {
+  get types() {
+    return common.commonContainer.types;
+  }
+  setup(config, routes, resolver) {
     this.config = config;
     this.routes = routes;
-    this.types = types;
+    this.resolver = resolver;
   }
   getTypes() {
     return StaticContainer.types;
@@ -116,7 +119,7 @@ const nattyContainer = new class {
 function init(config, appConfig) {
   common.commonContainer.setupConfig(config);
   common.commonContainer.setEnvTsDefinition(appConfig.envTsDefinition);
-  nattyContainer.setup(config, appConfig.routes, appConfig.types);
+  nattyContainer.setup(config, appConfig.routes, appConfig.resolver);
   return initializeModule(config);
 }
 function initializeModule(config) {
@@ -125,22 +128,26 @@ function initializeModule(config) {
   }
 }
 
-function getPreResponseBody(body) {
+function getPreResponseBody(body, isBuffer = false) {
   let bodyInfo;
   if (body) {
-    if (common.isObject(body) || Array.isArray(body))
-      bodyInfo = { json: body };
-    const typeText = typeof body;
-    switch (typeText) {
-      case "string":
-        bodyInfo = { string: body };
-        break;
-      case "number":
-        bodyInfo = { number: body };
-        break;
-      case "boolean":
-        bodyInfo = { boolean: body };
-        break;
+    if (isBuffer)
+      bodyInfo = { buffer: body };
+    else {
+      if (common.isObject(body) || Array.isArray(body))
+        bodyInfo = { json: body };
+      const typeText = typeof body;
+      switch (typeText) {
+        case "string":
+          bodyInfo = { string: body };
+          break;
+        case "number":
+          bodyInfo = { number: body };
+          break;
+        case "boolean":
+          bodyInfo = { boolean: body };
+          break;
+      }
     }
   }
   return bodyInfo;
@@ -154,6 +161,7 @@ class HttpResponse {
   }
   setValues(responseInit) {
     if (responseInit) {
+      this._isBuffer = responseInit.isBuffer;
       if (responseInit.headers)
         for (const [key, value] of Object.entries(responseInit.headers))
           this.headers.append(key, value);
@@ -185,7 +193,7 @@ class HttpResponse {
     return this._body;
   }
   set body(value) {
-    this._body = getPreResponseBody(value);
+    this._body = getPreResponseBody(value, this._isBuffer);
   }
   write(responseInit) {
     this.setValues(responseInit);
@@ -207,6 +215,26 @@ var RequestPipeline = /* @__PURE__ */ ((RequestPipeline2) => {
   return RequestPipeline2;
 })(RequestPipeline || {});
 
+function lessThan(value) {
+  return value ? value.replace(/</g, "&lt;") : value;
+}
+function greaterThan(value) {
+  return value ? value.replace(/>/g, "&gt;") : value;
+}
+function ampersand(value) {
+  return value ? value.replace(/&/g, "&amp;") : value;
+}
+function doubleDash(value) {
+  return value ? value.replace(/--/g, "") : value;
+}
+function sanitizeSpecialCodes(value) {
+  value = ampersand(value);
+  value = lessThan(value);
+  value = greaterThan(value);
+  value = doubleDash(value);
+  return value;
+}
+
 function isBoolean(value) {
   return typeof value === "boolean" || value === "1" || value === "true" || value === "0" || value === "false";
 }
@@ -267,7 +295,7 @@ function toInt(value, radix = 0) {
 }
 function toString(value) {
   if (isNotBlank(value))
-    return String(value);
+    return sanitizeSpecialCodes(String(value));
   return value;
 }
 function whitelist(value, chars) {
@@ -348,6 +376,7 @@ class BaseResult {
 }
 
 function getResponseBodyObject(body, props) {
+  const sensitiveProps = common.commonContainer.nattyConfig?.secure?.sensitiveProps;
   if (body instanceof common.List)
     return getResponseBodyObject(body.values, body.props);
   if (Array.isArray(body)) {
@@ -361,7 +390,8 @@ function getResponseBodyObject(body, props) {
     const keys = Object.keys(body);
     const getterProps = props ? Object.keys(props).map((key) => props[key]) : [];
     for (const key of [...keys, ...getterProps])
-      jObject[key] = getResponseBodyObject(body[key]);
+      if (!sensitiveProps || sensitiveProps.filter((t) => t == key.toLowerCase()).length == 0)
+        jObject[key] = getResponseBodyObject(body[key]);
     return jObject;
   }
   return body;
@@ -524,12 +554,14 @@ class ParameterTypeConverter extends BaseResponse {
         } else {
           if (this.isArrayType(property.type) && Array.isArray(value)) {
             let arrayValue = body[property.name] = [];
-            let arrayInvalidProps = invalidProps[property.name] = [];
             for (const item of value) {
               const sanitizeValue = this.sanitizer[property.type.toLowerCase()] ? this.sanitizer[property.type.toLowerCase()](item) : item;
-              if (sanitizeValue === INVALID_VALUE)
+              if (sanitizeValue === INVALID_VALUE) {
+                let arrayInvalidProps = invalidProps[property.name];
+                if (!arrayInvalidProps)
+                  arrayInvalidProps = invalidProps[property.name] = [];
                 arrayInvalidProps.push(property);
-              else
+              } else
                 arrayValue.push(sanitizeValue);
             }
           } else
@@ -557,7 +589,7 @@ class ParameterTypeConverter extends BaseResponse {
   }
   convertToInstance(entityName, data) {
     const typesInfo = this.types[entityName];
-    const target = this.getClassTarget(typesInfo.path) || entityContainer.getTarget(entityName);
+    const target = this.getClassTarget(typesInfo.path, entityName) || entityContainer.getTarget(entityName);
     let instance = null;
     if (target) {
       instance = new target();
@@ -566,11 +598,10 @@ class ParameterTypeConverter extends BaseResponse {
       instance = data;
     return instance;
   }
-  getClassTarget(resolver) {
-    if (resolver) {
-      const classInfo = resolver();
-      const name = Object.keys(classInfo)[0];
-      return classInfo[name];
+  getClassTarget(path, entityName) {
+    if (path) {
+      const classInfo = nattyContainer.resolver(path);
+      return classInfo[entityName];
     }
     return void 0;
   }
@@ -847,6 +878,14 @@ class ActionExecutedContext extends AbstractExecutionContext {
   }
 }
 
+class AuthorizationContext extends AbstractExecutionContext {
+  constructor(models, context, routeInfo, config) {
+    super(context, routeInfo);
+    this.models = models;
+    this.config = config;
+  }
+}
+
 class RequestProcessor extends RouteParser {
   constructor() {
     super(...arguments);
@@ -857,9 +896,6 @@ class RequestProcessor extends RouteParser {
       case RequestPipeline.onAuthentication:
         await this.onAuthentication();
         break;
-      case RequestPipeline.onAuthorization:
-        await this.onAuthorization();
-        break;
     }
   }
   resolveFilter(instance) {
@@ -885,21 +921,27 @@ class RequestProcessor extends RouteParser {
       this.httpContext.user = result;
       if (!result.isAuthenticate && !anonymousInfo.controllerConfig && !anonymousInfo.methodConfig)
         throw new UnauthorizedAccessException(authenticationFilter.onFailedResponse());
-      await this.onAuthorization();
     }
   }
-  async onAuthorization() {
+  async onAuthorization(methodParameters) {
     const authorization = common.commonContainer.globalConfig.authorization;
     const authorizationFilter = authorization ? this.resolveFilter(authorization) : void 0;
     const authorizeConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authorize);
     const authenticationOnly = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authenticationOnly);
-    if (this.httpContext.user?.isAuthenticate && authorizationFilter && (!authenticationOnly.controllerConfig && !authenticationOnly.methodConfig)) {
-      const result = await authorizationFilter.onAuthorization(this.httpContext, authorizeConfig.methodConfig || authorizeConfig.controllerConfig);
+    if (this.httpContext.user?.isAuthenticate && authorizationFilter && (authorizeConfig.controllerConfig || authorizeConfig.methodConfig) && (!authenticationOnly.controllerConfig && !authenticationOnly.methodConfig)) {
+      const authorizationContext = new AuthorizationContext(
+        methodParameters.filter((t) => t instanceof ModelBindingContext),
+        this.httpContext,
+        this.routeInfo,
+        authorizeConfig.methodConfig || authorizeConfig.controllerConfig
+      );
+      const result = await authorizationFilter.onAuthorization(authorizationContext);
       if (!result)
         throw new ForbiddenAccessException(authorizationFilter.onFailedAuthorization());
     }
   }
   async onActionExecuting(methodParameters) {
+    await this.onAuthorization(methodParameters);
     let actionFilters = common.commonContainer.globalConfig.actionFilters || [];
     const actionFiltersConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.useFilter);
     actionFilters = [...actionFilters, ...actionFiltersConfig.controllerConfig?.actionFilters || [], ...actionFiltersConfig.methodConfig?.actionFilters || []];
@@ -1205,6 +1247,16 @@ function badRequest(value, response) {
   return new BadRequestResult(value || common.BLANK, response);
 }
 
+class FileResult extends BaseResult {
+  constructor(value, response) {
+    super({ ...{ isBuffer: true, body: value }, ...{ status: HttpStatusCode.success } }, response);
+    this.value = value;
+  }
+}
+function fileResult(value, response) {
+  return new FileResult(value || common.BLANK, response);
+}
+
 function base(params, type, additionaConfig) {
   decoratorStateContainer.register(params, type, additionaConfig);
 }
@@ -1231,12 +1283,31 @@ function authenticationOnly() {
   };
 }
 
+function setEnvInfo(envTsDefinition, envValueInfo) {
+  if (envTsDefinition && envValueInfo) {
+    common.commonContainer.setEnvTsDefinition(envTsDefinition);
+    Object.keys(envValueInfo).forEach((key) => process.env[key] = envValueInfo[key]);
+  }
+}
+
+function authorize(permission) {
+  return function(target, propertyKey, descriptor) {
+    base({
+      target,
+      propertyKey,
+      descriptor
+    }, DecoratorType.authorize, permission);
+  };
+}
+
 exports.$request = $request;
 exports.AbstractModelState = AbstractModelState;
 exports.BadRequestResult = BadRequestResult;
 exports.BaseController = BaseController;
+exports.CreateProblemDetail = CreateProblemDetail;
 exports.CreatedResult = CreatedResult;
 exports.Delete = Delete;
+exports.FileResult = FileResult;
 exports.ForbiddenAccessException = ForbiddenAccessException;
 exports.ForbiddenAccessInfoResult = ForbiddenAccessInfoResult;
 exports.HttpBadRequestException = HttpBadRequestException;
@@ -1245,6 +1316,7 @@ exports.HttpException = HttpException;
 exports.HttpHandler = HttpHandler;
 exports.HttpNotFoundException = HttpNotFoundException;
 exports.HttpResponse = HttpResponse;
+exports.HttpStatusCode = HttpStatusCode;
 exports.ModelBindingContext = ModelBindingContext;
 exports.NoContentResult = NoContentResult;
 exports.NotFoundResult = NotFoundResult;
@@ -1253,10 +1325,12 @@ exports.RunOn = RunOn;
 exports.UnauthorizedAccessException = UnauthorizedAccessException;
 exports.anonymous = anonymous;
 exports.authenticationOnly = authenticationOnly;
+exports.authorize = authorize;
 exports.badRequest = badRequest;
 exports.created = created;
 exports.defineNattyConfig = defineNattyConfig;
 exports.entityContainer = entityContainer;
+exports.fileResult = fileResult;
 exports.filter = filter;
 exports.forbiddenAccessInfo = forbiddenAccessInfo;
 exports.get = get;
@@ -1269,4 +1343,5 @@ exports.post = post;
 exports.put = put;
 exports.registerDecorator = registerDecorator;
 exports.route = route;
+exports.setEnvInfo = setEnvInfo;
 exports.useFilter = useFilter;

package/dist/index.d.ts

@@ -59,6 +59,64 @@ declare function put(path: string): (target: any, propertyKey?: string, descript
 
 declare function Delete(): (target: any, propertyKey?: string, descriptor?: any) => void;
 
+interface RouteConfig {
+    controller: Function;
+    parameters: Array<{
+        name: string;
+        type: string;
+    }>;
+    get: {
+        [key: string]: {
+            name: string;
+            parameters: Array<{
+                name: string;
+                type: string;
+            }>;
+            returnType: string;
+        };
+    };
+    post: {
+        [key: string]: {
+            name: string;
+            parameters: Array<{
+                name: string;
+                type: string;
+            }>;
+            returnType: string;
+        };
+    };
+    put: {
+        [key: string]: {
+            name: string;
+            parameters: Array<{
+                name: string;
+                type: string;
+            }>;
+            returnType: string;
+        };
+    };
+    delete: {
+        [key: string]: {
+            name: string;
+            parameters: Array<{
+                name: string;
+                type: string;
+            }>;
+            returnType: string;
+        };
+    };
+}
+
+declare function init(config: NattyConfig, appConfig: {
+    routes: {
+        [key: string]: RouteConfig;
+    };
+    envTsDefinition: {
+        [key: string]: string;
+    };
+    resolver: (path: string) => {};
+}): any;
+
 interface DecoratorInfo {
     httpMethod: string;
     route: string;
@@ -81,6 +139,7 @@ type HttpRequestBodyInfo = {
     number?: number | number[];
     boolean?: boolean | boolean[];
     FormData?: FormData;
+    buffer?: any;
     ArrayBuffer?: ArrayBuffer;
     Blob?: Blob;
     json?: {
@@ -120,6 +179,7 @@ interface HttpResponseInit {
     headers?: HeadersInit;
     cookies?: Cookie[];
     enableContentNegotiation?: boolean;
+    isBuffer?: boolean;
 }
 
 interface ProblemDetail {
@@ -190,64 +250,6 @@ interface IHttpResult {
     getResponse(): HttpResponseInit;
 }
 
-interface RouteConfig {
-    controller: Function;
-    parameters: Array<{
-        name: string;
-        type: string;
-    }>;
-    get: {
-        [key: string]: {
-            name: string;
-            parameters: Array<{
-                name: string;
-                type: string;
-            }>;
-            returnType: string;
-        };
-    };
-    post: {
-        [key: string]: {
-            name: string;
-            parameters: Array<{
-                name: string;
-                type: string;
-            }>;
-            returnType: string;
-        };
-    };
-    put: {
-        [key: string]: {
-            name: string;
-            parameters: Array<{
-                name: string;
-                type: string;
-            }>;
-            returnType: string;
-        };
-    };
-    delete: {
-        [key: string]: {
-            name: string;
-            parameters: Array<{
-                name: string;
-                type: string;
-            }>;
-            returnType: string;
-        };
-    };
-}
-
-declare function init(config: NattyConfig, appConfig: {
-    routes: {
-        [key: string]: RouteConfig;
-    };
-    envTsDefinition: {
-        [key: string]: string;
-    };
-    types?: TypesInfo;
-}): any;
-
 declare class HttpRequest {
     private httpRequest;
     constructor(http: HttpRequestInit);
@@ -264,6 +266,7 @@ declare class HttpResponse {
     private _headers;
     private _body;
     private _status;
+    private _isBuffer;
     constructor(response?: HttpResponseInit);
     private setValues;
     addCookie(cookie: Cookie): void;
@@ -435,6 +438,12 @@ declare class BadRequestResult extends BaseResult implements IHttpResult {
 }
 declare function badRequest(value?: ExceptionTypeInfo, response?: Pick<HttpResponseInit, "headers" | "cookies">): BadRequestResult;
 
+declare class FileResult extends BaseResult {
+    value: any;
+    constructor(value: any, response?: Pick<HttpResponseInit, "headers" | "cookies">);
+}
+declare function fileResult(value?: any, response?: Pick<HttpResponseInit, "headers" | "cookies">): FileResult;
+
 declare class HttpException {
     private httpResponse;
     constructor(response: HttpResponseInit);
@@ -463,4 +472,27 @@ declare function anonymous(): (target: any, propertyKey?: string, descriptor?: a
 
 declare function authenticationOnly(): (target: any, propertyKey?: string, descriptor?: any) => void;
 
-export { $request, AbstractModelState, BadRequestResult, BaseController, BuildOptions, ClassTypeInfo, CreatedResult, Delete, ForbiddenAccessException, ForbiddenAccessInfoResult, HttpBadRequestException, HttpContext, HttpException, HttpHandler, HttpModule, HttpNotFoundException, HttpResponse, MethodInfo$1 as MethodInfo, ModelBindingContext, NoContentResult, NotFoundResult, OkResult, ParameterInfo, RunOn, TypeInfo$1 as TypeInfo, UnauthorizedAccessException, anonymous, authenticationOnly, badRequest, created, defineNattyConfig, entityContainer, filter, forbiddenAccessInfo, get, init, injectable, noContent, notFound, ok, post, put, registerDecorator, route, useFilter };
+declare function setEnvInfo(envTsDefinition: {
+    [key: string]: string;
+}, envValueInfo: {
+    [key: string]: any;
+}): void;
+
+declare enum HttpStatusCode {
+    success = 200,
+    created = 201,
+    noContent = 204,
+    notFound = 404,
+    unAuthorized = 401,
+    forbiddenAccess = 403,
+    badRequest = 400,
+    serverError = 500
+}
+
+declare function authorize(permission: {
+    [key: string]: any;
+}): (target: any, propertyKey?: string, descriptor?: any) => void;
+
+declare function CreateProblemDetail(modelName: string, detail: any): ProblemDetail;
+
+export { $request, AbstractModelState, BadRequestResult, BaseController, BuildOptions, ClassTypeInfo, CreateProblemDetail, CreatedResult, Delete, FileResult, ForbiddenAccessException, ForbiddenAccessInfoResult, HttpBadRequestException, HttpContext, HttpException, HttpHandler, HttpModule, HttpNotFoundException, HttpResponse, HttpStatusCode, MethodInfo$1 as MethodInfo, ModelBindingContext, NoContentResult, NotFoundResult, OkResult, ParameterInfo, RunOn, TypeInfo$1 as TypeInfo, UnauthorizedAccessException, anonymous, authenticationOnly, authorize, badRequest, created, defineNattyConfig, entityContainer, fileResult, filter, forbiddenAccessInfo, get, init, injectable, noContent, notFound, ok, post, put, registerDecorator, route, setEnvInfo, useFilter };

package/dist/index.mjs

@@ -58,10 +58,13 @@ const nattyContainer = new class {
     this.container = /* @__PURE__ */ new Map();
     this.containerState = /* @__PURE__ */ new Map();
   }
-  setup(config, routes, types) {
+  get types() {
+    return commonContainer.types;
+  }
+  setup(config, routes, resolver) {
     this.config = config;
     this.routes = routes;
-    this.types = types;
+    this.resolver = resolver;
   }
   getTypes() {
     return StaticContainer.types;
@@ -114,7 +117,7 @@ const nattyContainer = new class {
 function init(config, appConfig) {
   commonContainer.setupConfig(config);
   commonContainer.setEnvTsDefinition(appConfig.envTsDefinition);
-  nattyContainer.setup(config, appConfig.routes, appConfig.types);
+  nattyContainer.setup(config, appConfig.routes, appConfig.resolver);
   return initializeModule(config);
 }
 function initializeModule(config) {
@@ -123,22 +126,26 @@ function initializeModule(config) {
   }
 }
 
-function getPreResponseBody(body) {
+function getPreResponseBody(body, isBuffer = false) {
   let bodyInfo;
   if (body) {
-    if (isObject(body) || Array.isArray(body))
-      bodyInfo = { json: body };
-    const typeText = typeof body;
-    switch (typeText) {
-      case "string":
-        bodyInfo = { string: body };
-        break;
-      case "number":
-        bodyInfo = { number: body };
-        break;
-      case "boolean":
-        bodyInfo = { boolean: body };
-        break;
+    if (isBuffer)
+      bodyInfo = { buffer: body };
+    else {
+      if (isObject(body) || Array.isArray(body))
+        bodyInfo = { json: body };
+      const typeText = typeof body;
+      switch (typeText) {
+        case "string":
+          bodyInfo = { string: body };
+          break;
+        case "number":
+          bodyInfo = { number: body };
+          break;
+        case "boolean":
+          bodyInfo = { boolean: body };
+          break;
+      }
     }
   }
   return bodyInfo;
@@ -152,6 +159,7 @@ class HttpResponse {
   }
   setValues(responseInit) {
     if (responseInit) {
+      this._isBuffer = responseInit.isBuffer;
       if (responseInit.headers)
         for (const [key, value] of Object.entries(responseInit.headers))
           this.headers.append(key, value);
@@ -183,7 +191,7 @@ class HttpResponse {
     return this._body;
   }
   set body(value) {
-    this._body = getPreResponseBody(value);
+    this._body = getPreResponseBody(value, this._isBuffer);
   }
   write(responseInit) {
     this.setValues(responseInit);
@@ -205,6 +213,26 @@ var RequestPipeline = /* @__PURE__ */ ((RequestPipeline2) => {
   return RequestPipeline2;
 })(RequestPipeline || {});
 
+function lessThan(value) {
+  return value ? value.replace(/</g, "&lt;") : value;
+}
+function greaterThan(value) {
+  return value ? value.replace(/>/g, "&gt;") : value;
+}
+function ampersand(value) {
+  return value ? value.replace(/&/g, "&amp;") : value;
+}
+function doubleDash(value) {
+  return value ? value.replace(/--/g, "") : value;
+}
+function sanitizeSpecialCodes(value) {
+  value = ampersand(value);
+  value = lessThan(value);
+  value = greaterThan(value);
+  value = doubleDash(value);
+  return value;
+}
+
 function isBoolean(value) {
   return typeof value === "boolean" || value === "1" || value === "true" || value === "0" || value === "false";
 }
@@ -265,7 +293,7 @@ function toInt(value, radix = 0) {
 }
 function toString(value) {
   if (isNotBlank(value))
-    return String(value);
+    return sanitizeSpecialCodes(String(value));
   return value;
 }
 function whitelist(value, chars) {
@@ -346,6 +374,7 @@ class BaseResult {
 }
 
 function getResponseBodyObject(body, props) {
+  const sensitiveProps = commonContainer.nattyConfig?.secure?.sensitiveProps;
   if (body instanceof List)
     return getResponseBodyObject(body.values, body.props);
   if (Array.isArray(body)) {
@@ -359,7 +388,8 @@ function getResponseBodyObject(body, props) {
     const keys = Object.keys(body);
     const getterProps = props ? Object.keys(props).map((key) => props[key]) : [];
     for (const key of [...keys, ...getterProps])
-      jObject[key] = getResponseBodyObject(body[key]);
+      if (!sensitiveProps || sensitiveProps.filter((t) => t == key.toLowerCase()).length == 0)
+        jObject[key] = getResponseBodyObject(body[key]);
     return jObject;
   }
   return body;
@@ -522,12 +552,14 @@ class ParameterTypeConverter extends BaseResponse {
         } else {
           if (this.isArrayType(property.type) && Array.isArray(value)) {
             let arrayValue = body[property.name] = [];
-            let arrayInvalidProps = invalidProps[property.name] = [];
             for (const item of value) {
               const sanitizeValue = this.sanitizer[property.type.toLowerCase()] ? this.sanitizer[property.type.toLowerCase()](item) : item;
-              if (sanitizeValue === INVALID_VALUE)
+              if (sanitizeValue === INVALID_VALUE) {
+                let arrayInvalidProps = invalidProps[property.name];
+                if (!arrayInvalidProps)
+                  arrayInvalidProps = invalidProps[property.name] = [];
                 arrayInvalidProps.push(property);
-              else
+              } else
                 arrayValue.push(sanitizeValue);
             }
           } else
@@ -555,7 +587,7 @@ class ParameterTypeConverter extends BaseResponse {
   }
   convertToInstance(entityName, data) {
     const typesInfo = this.types[entityName];
-    const target = this.getClassTarget(typesInfo.path) || entityContainer.getTarget(entityName);
+    const target = this.getClassTarget(typesInfo.path, entityName) || entityContainer.getTarget(entityName);
     let instance = null;
     if (target) {
       instance = new target();
@@ -564,11 +596,10 @@ class ParameterTypeConverter extends BaseResponse {
       instance = data;
     return instance;
   }
-  getClassTarget(resolver) {
-    if (resolver) {
-      const classInfo = resolver();
-      const name = Object.keys(classInfo)[0];
-      return classInfo[name];
+  getClassTarget(path, entityName) {
+    if (path) {
+      const classInfo = nattyContainer.resolver(path);
+      return classInfo[entityName];
     }
     return void 0;
   }
@@ -845,6 +876,14 @@ class ActionExecutedContext extends AbstractExecutionContext {
   }
 }
 
+class AuthorizationContext extends AbstractExecutionContext {
+  constructor(models, context, routeInfo, config) {
+    super(context, routeInfo);
+    this.models = models;
+    this.config = config;
+  }
+}
+
 class RequestProcessor extends RouteParser {
   constructor() {
     super(...arguments);
@@ -855,9 +894,6 @@ class RequestProcessor extends RouteParser {
       case RequestPipeline.onAuthentication:
         await this.onAuthentication();
         break;
-      case RequestPipeline.onAuthorization:
-        await this.onAuthorization();
-        break;
     }
   }
   resolveFilter(instance) {
@@ -883,21 +919,27 @@ class RequestProcessor extends RouteParser {
       this.httpContext.user = result;
       if (!result.isAuthenticate && !anonymousInfo.controllerConfig && !anonymousInfo.methodConfig)
         throw new UnauthorizedAccessException(authenticationFilter.onFailedResponse());
-      await this.onAuthorization();
     }
   }
-  async onAuthorization() {
+  async onAuthorization(methodParameters) {
     const authorization = commonContainer.globalConfig.authorization;
     const authorizationFilter = authorization ? this.resolveFilter(authorization) : void 0;
     const authorizeConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authorize);
     const authenticationOnly = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.authenticationOnly);
-    if (this.httpContext.user?.isAuthenticate && authorizationFilter && (!authenticationOnly.controllerConfig && !authenticationOnly.methodConfig)) {
-      const result = await authorizationFilter.onAuthorization(this.httpContext, authorizeConfig.methodConfig || authorizeConfig.controllerConfig);
+    if (this.httpContext.user?.isAuthenticate && authorizationFilter && (authorizeConfig.controllerConfig || authorizeConfig.methodConfig) && (!authenticationOnly.controllerConfig && !authenticationOnly.methodConfig)) {
+      const authorizationContext = new AuthorizationContext(
+        methodParameters.filter((t) => t instanceof ModelBindingContext),
+        this.httpContext,
+        this.routeInfo,
+        authorizeConfig.methodConfig || authorizeConfig.controllerConfig
+      );
+      const result = await authorizationFilter.onAuthorization(authorizationContext);
       if (!result)
         throw new ForbiddenAccessException(authorizationFilter.onFailedAuthorization());
     }
   }
   async onActionExecuting(methodParameters) {
+    await this.onAuthorization(methodParameters);
     let actionFilters = commonContainer.globalConfig.actionFilters || [];
     const actionFiltersConfig = decoratorStateContainer.getInfo(this.routeInfo.controller.name, this.routeInfo.methodInfo.name, DecoratorType.useFilter);
     actionFilters = [...actionFilters, ...actionFiltersConfig.controllerConfig?.actionFilters || [], ...actionFiltersConfig.methodConfig?.actionFilters || []];
@@ -1203,6 +1245,16 @@ function badRequest(value, response) {
   return new BadRequestResult(value || BLANK$1, response);
 }
 
+class FileResult extends BaseResult {
+  constructor(value, response) {
+    super({ ...{ isBuffer: true, body: value }, ...{ status: HttpStatusCode.success } }, response);
+    this.value = value;
+  }
+}
+function fileResult(value, response) {
+  return new FileResult(value || BLANK$1, response);
+}
+
 function base(params, type, additionaConfig) {
   decoratorStateContainer.register(params, type, additionaConfig);
 }
@@ -1229,4 +1281,21 @@ function authenticationOnly() {
   };
 }
 
-export { $request, AbstractModelState, BadRequestResult, BaseController, CreatedResult, Delete, ForbiddenAccessException, ForbiddenAccessInfoResult, HttpBadRequestException, HttpContext, HttpException, HttpHandler, HttpNotFoundException, HttpResponse, ModelBindingContext, NoContentResult, NotFoundResult, OkResult, RunOn, UnauthorizedAccessException, anonymous, authenticationOnly, badRequest, created, defineNattyConfig, entityContainer, filter, forbiddenAccessInfo, get, init, injectable, noContent, notFound, ok, post, put, registerDecorator, route, useFilter };
+function setEnvInfo(envTsDefinition, envValueInfo) {
+  if (envTsDefinition && envValueInfo) {
+    commonContainer.setEnvTsDefinition(envTsDefinition);
+    Object.keys(envValueInfo).forEach((key) => process.env[key] = envValueInfo[key]);
+  }
+}
+
+function authorize(permission) {
+  return function(target, propertyKey, descriptor) {
+    base({
+      target,
+      propertyKey,
+      descriptor
+    }, DecoratorType.authorize, permission);
+  };
+}
+
+export { $request, AbstractModelState, BadRequestResult, BaseController, CreateProblemDetail, CreatedResult, Delete, FileResult, ForbiddenAccessException, ForbiddenAccessInfoResult, HttpBadRequestException, HttpContext, HttpException, HttpHandler, HttpNotFoundException, HttpResponse, HttpStatusCode, ModelBindingContext, NoContentResult, NotFoundResult, OkResult, RunOn, UnauthorizedAccessException, anonymous, authenticationOnly, authorize, badRequest, created, defineNattyConfig, entityContainer, fileResult, filter, forbiddenAccessInfo, get, init, injectable, noContent, notFound, ok, post, put, registerDecorator, route, setEnvInfo, useFilter };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nattyjs/core",
-  "version": "0.0.1-beta.3",
+  "version": "0.0.1-beta.31",
   "description": "",
   "keywords": [],
   "author": "ajayojha",
@@ -17,7 +17,7 @@
   "dependencies": {
     "tsyringe": "^4.7.0",
     "path-to-regexp": "6.2.1",
-    "@nattyjs/common": "0.0.1-beta.3"
+    "@nattyjs/common": "0.0.1-beta.31"
   },
   "devDependencies": {
     "unbuild": "1.2.1"