@o3co/auth.policy-verifier.builtins 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/LICENSE +201 -0
  2. package/README.ja.md +101 -0
  3. package/README.md +101 -0
  4. package/dist/__tests__/collectors/PayloadScopeCollector.test.d.mts +2 -0
  5. package/dist/__tests__/collectors/PayloadScopeCollector.test.d.mts.map +1 -0
  6. package/dist/__tests__/collectors/PayloadScopeCollector.test.mjs +24 -0
  7. package/dist/__tests__/collectors/PayloadSubjectIdCollector.test.d.mts +2 -0
  8. package/dist/__tests__/collectors/PayloadSubjectIdCollector.test.d.mts.map +1 -0
  9. package/dist/__tests__/collectors/PayloadSubjectIdCollector.test.mjs +33 -0
  10. package/dist/__tests__/collectors/RequestContextCollector.test.d.mts +2 -0
  11. package/dist/__tests__/collectors/RequestContextCollector.test.d.mts.map +1 -0
  12. package/dist/__tests__/collectors/RequestContextCollector.test.mjs +42 -0
  13. package/dist/__tests__/collectors/StaticPermissionCollector.test.d.mts +2 -0
  14. package/dist/__tests__/collectors/StaticPermissionCollector.test.d.mts.map +1 -0
  15. package/dist/__tests__/collectors/StaticPermissionCollector.test.mjs +22 -0
  16. package/dist/__tests__/collectors/StaticRoleCollector.test.d.mts +2 -0
  17. package/dist/__tests__/collectors/StaticRoleCollector.test.d.mts.map +1 -0
  18. package/dist/__tests__/collectors/StaticRoleCollector.test.mjs +24 -0
  19. package/dist/__tests__/module.test.d.mts +2 -0
  20. package/dist/__tests__/module.test.d.mts.map +1 -0
  21. package/dist/__tests__/module.test.mjs +72 -0
  22. package/dist/__tests__/resource/DotNotationResourceParser.test.d.mts +2 -0
  23. package/dist/__tests__/resource/DotNotationResourceParser.test.d.mts.map +1 -0
  24. package/dist/__tests__/resource/DotNotationResourceParser.test.mjs +34 -0
  25. package/dist/__tests__/rules/HasPermission.test.d.mts +2 -0
  26. package/dist/__tests__/rules/HasPermission.test.d.mts.map +1 -0
  27. package/dist/__tests__/rules/HasPermission.test.mjs +86 -0
  28. package/dist/__tests__/rules/HasScope.test.d.mts +2 -0
  29. package/dist/__tests__/rules/HasScope.test.d.mts.map +1 -0
  30. package/dist/__tests__/rules/HasScope.test.mjs +42 -0
  31. package/dist/__tests__/rules/ResourceActionPermissionRuleCollector.test.d.mts +2 -0
  32. package/dist/__tests__/rules/ResourceActionPermissionRuleCollector.test.d.mts.map +1 -0
  33. package/dist/__tests__/rules/ResourceActionPermissionRuleCollector.test.mjs +27 -0
  34. package/dist/__tests__/rules/ResourceActionScopeRuleCollector.test.d.mts +2 -0
  35. package/dist/__tests__/rules/ResourceActionScopeRuleCollector.test.d.mts.map +1 -0
  36. package/dist/__tests__/rules/ResourceActionScopeRuleCollector.test.mjs +27 -0
  37. package/dist/collectors/PayloadScopeCollector.d.mts +5 -0
  38. package/dist/collectors/PayloadScopeCollector.d.mts.map +1 -0
  39. package/dist/collectors/PayloadScopeCollector.mjs +8 -0
  40. package/dist/collectors/PayloadSubjectIdCollector.d.mts +5 -0
  41. package/dist/collectors/PayloadSubjectIdCollector.d.mts.map +1 -0
  42. package/dist/collectors/PayloadSubjectIdCollector.mjs +13 -0
  43. package/dist/collectors/RequestContextCollector.d.mts +5 -0
  44. package/dist/collectors/RequestContextCollector.d.mts.map +1 -0
  45. package/dist/collectors/RequestContextCollector.mjs +15 -0
  46. package/dist/collectors/StaticPermissionCollector.d.mts +9 -0
  47. package/dist/collectors/StaticPermissionCollector.d.mts.map +1 -0
  48. package/dist/collectors/StaticPermissionCollector.mjs +10 -0
  49. package/dist/collectors/StaticRoleCollector.d.mts +9 -0
  50. package/dist/collectors/StaticRoleCollector.d.mts.map +1 -0
  51. package/dist/collectors/StaticRoleCollector.mjs +10 -0
  52. package/dist/index.d.mts +12 -0
  53. package/dist/index.d.mts.map +1 -0
  54. package/dist/index.mjs +15 -0
  55. package/dist/module.d.mts +3 -0
  56. package/dist/module.d.mts.map +1 -0
  57. package/dist/module.mjs +24 -0
  58. package/dist/resource/DotNotationResourceParser.d.mts +5 -0
  59. package/dist/resource/DotNotationResourceParser.d.mts.map +1 -0
  60. package/dist/resource/DotNotationResourceParser.mjs +14 -0
  61. package/dist/rules/HasPermission.d.mts +11 -0
  62. package/dist/rules/HasPermission.d.mts.map +1 -0
  63. package/dist/rules/HasPermission.mjs +39 -0
  64. package/dist/rules/HasScope.d.mts +11 -0
  65. package/dist/rules/HasScope.d.mts.map +1 -0
  66. package/dist/rules/HasScope.mjs +22 -0
  67. package/dist/rules/ResourceActionPermissionRuleCollector.d.mts +5 -0
  68. package/dist/rules/ResourceActionPermissionRuleCollector.d.mts.map +1 -0
  69. package/dist/rules/ResourceActionPermissionRuleCollector.mjs +7 -0
  70. package/dist/rules/ResourceActionScopeRuleCollector.d.mts +5 -0
  71. package/dist/rules/ResourceActionScopeRuleCollector.d.mts.map +1 -0
  72. package/dist/rules/ResourceActionScopeRuleCollector.mjs +7 -0
  73. package/package.json +38 -0
package/dist/rules/HasScope.mjs ADDED
@@ -0,0 +1,22 @@
1
+ import { ATTR_SCOPES } from "@o3co/auth.policy-verifier.core";
2
+ export class HasScope {
3
+ scope;
4
+ ruleType = "scope";
5
+ code = "invalid_scope";
6
+ message;
7
+ constructor(scope) {
8
+ this.scope = scope;
9
+ this.message = `Token does not have required scope: ${scope}`;
10
+ }
11
+ verify(attrs) {
12
+ const scopes = attrs.get(ATTR_SCOPES) ?? [];
13
+ return scopes.some((s) => this.matchScopes(s, this.scope));
14
+ }
15
+ matchScopes(scope, required) {
16
+ scope = scope.toLowerCase();
17
+ required = required.toLowerCase();
18
+ const parts = scope.split(":");
19
+ const [perm, resource] = parts.length === 1 ? ["read", parts[0]] : parts;
20
+ return required === `${perm}:${resource}`;
21
+ }
22
+ }
package/dist/rules/ResourceActionPermissionRuleCollector.d.mts ADDED
@@ -0,0 +1,5 @@
1
+ import type { CollectorContext, Rule, RuleCollector } from "@o3co/auth.policy-verifier.core";
2
+ export declare class ResourceActionPermissionRuleCollector implements RuleCollector {
3
+ collect(context: CollectorContext): Promise<Rule[]>;
4
+ }
5
+ //# sourceMappingURL=ResourceActionPermissionRuleCollector.d.mts.map
package/dist/rules/ResourceActionPermissionRuleCollector.d.mts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ResourceActionPermissionRuleCollector.d.mts","sourceRoot":"","sources":["../../src/rules/ResourceActionPermissionRuleCollector.mts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAG7F,qBAAa,qCAAsC,YAAW,aAAa;IACpE,OAAO,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;CAIzD"}
package/dist/rules/ResourceActionPermissionRuleCollector.mjs ADDED
@@ -0,0 +1,7 @@
1
+ import { HasPermission } from "./HasPermission.mjs";
2
+ export class ResourceActionPermissionRuleCollector {
3
+ async collect(context) {
4
+ const permission = `${context.resource.raw}.perm:${context.action}`;
5
+ return [new HasPermission(permission)];
6
+ }
7
+ }
package/dist/rules/ResourceActionScopeRuleCollector.d.mts ADDED
@@ -0,0 +1,5 @@
1
+ import type { CollectorContext, Rule, RuleCollector } from "@o3co/auth.policy-verifier.core";
2
+ export declare class ResourceActionScopeRuleCollector implements RuleCollector {
3
+ collect(context: CollectorContext): Promise<Rule[]>;
4
+ }
5
+ //# sourceMappingURL=ResourceActionScopeRuleCollector.d.mts.map
package/dist/rules/ResourceActionScopeRuleCollector.d.mts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ResourceActionScopeRuleCollector.d.mts","sourceRoot":"","sources":["../../src/rules/ResourceActionScopeRuleCollector.mts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAG7F,qBAAa,gCAAiC,YAAW,aAAa;IAC/D,OAAO,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;CAIzD"}
package/dist/rules/ResourceActionScopeRuleCollector.mjs ADDED
@@ -0,0 +1,7 @@
1
+ import { HasScope } from "./HasScope.mjs";
2
+ export class ResourceActionScopeRuleCollector {
3
+ async collect(context) {
4
+ const scope = `${context.action}:${context.resource.resourceType}`;
5
+ return [new HasScope(scope)];
6
+ }
7
+ }
package/package.json ADDED
@@ -0,0 +1,38 @@
1
+ {
2
+ "name": "@o3co/auth.policy-verifier.builtins",
3
+ "version": "0.1.0",
4
+ "license": "Apache-2.0",
5
+ "type": "module",
6
+ "main": "./dist/index.mjs",
7
+ "types": "./dist/index.d.mts",
8
+ "exports": {
9
+ ".": {
10
+ "import": "./dist/index.mjs",
11
+ "types": "./dist/index.d.mts"
12
+ }
13
+ },
14
+ "files": [
15
+ "dist",
16
+ "LICENSE",
17
+ "README.md"
18
+ ],
19
+ "repository": {
20
+ "type": "git",
21
+ "url": "https://github.com/o3co/auth.policy-verifier.git",
22
+ "directory": "packages/builtins"
23
+ },
24
+ "imports": {
25
+ "#/*": "./src/*"
26
+ },
27
+ "dependencies": {
28
+ "@o3co/auth.policy-verifier.core": "0.1.0"
29
+ },
30
+ "devDependencies": {
31
+ "@types/node": "^25.1.0",
32
+ "vitest": "^4.1.2"
33
+ },
34
+ "scripts": {
35
+ "build": "tsc",
36
+ "test": "vitest run"
37
+ }
38
+ }