@open-rlb/nestjs-amqp 2.0.7 → 2.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -10
- package/modules/acl/authz-match.d.ts +6 -0
- package/modules/acl/authz-match.js +10 -0
- package/modules/acl/authz-match.js.map +1 -0
- package/modules/acl/config/acl.config.d.ts +1 -0
- package/modules/acl/const.d.ts +2 -2
- package/modules/acl/const.js +3 -3
- package/modules/acl/const.js.map +1 -1
- package/modules/acl/index.d.ts +1 -0
- package/modules/acl/index.js +1 -0
- package/modules/acl/index.js.map +1 -1
- package/modules/acl/services/acl-management.service.d.ts +7 -3
- package/modules/acl/services/acl-management.service.js +24 -10
- package/modules/acl/services/acl-management.service.js.map +1 -1
- package/modules/acl/services/acl.service.d.ts +3 -4
- package/modules/acl/services/acl.service.js +24 -46
- package/modules/acl/services/acl.service.js.map +1 -1
- package/modules/broker/config/decorator-paths.js +2 -2
- package/modules/broker/config/decorator-paths.js.map +1 -1
- package/modules/broker/decorators/broker-action.decorator.d.ts +1 -1
- package/modules/broker/decorators/broker-action.decorator.js +2 -2
- package/modules/broker/decorators/broker-action.decorator.js.map +1 -1
- package/modules/broker/services/shutdown-state.service.d.ts +1 -0
- package/modules/broker/services/shutdown-state.service.js +12 -12
- package/modules/broker/services/shutdown-state.service.js.map +1 -1
- package/modules/gateway-admin/util/route-manifest.js +1 -1
- package/modules/gateway-admin/util/route-manifest.js.map +1 -1
- package/modules/proxy/config/path-definition.config.d.ts +2 -2
- package/modules/proxy/services/acl.service.d.ts +2 -2
- package/modules/proxy/services/acl.service.js.map +1 -1
- package/modules/proxy/services/http-auth-handler.service.d.ts +6 -4
- package/modules/proxy/services/http-auth-handler.service.js +15 -9
- package/modules/proxy/services/http-auth-handler.service.js.map +1 -1
- package/modules/proxy/services/http-handler.service.js +4 -3
- package/modules/proxy/services/http-handler.service.js.map +1 -1
- package/modules/proxy/services/websocket.service.d.ts +1 -1
- package/modules/proxy/services/websocket.service.js +6 -9
- package/modules/proxy/services/websocket.service.js.map +1 -1
- package/package.json +1 -1
- package/schematics/nest-add/files/skills/rlb-amqp/SKILL.md +3 -3
- package/schematics/nest-add/files/skills/rlb-amqp/references/config-schema.md +18 -14
- package/schematics/nest-add/files/skills/rlb-amqp/references/gotchas.md +42 -17
- package/schematics/nest-add/files/skills/rlb-amqp-acl/SKILL.md +51 -38
- package/schematics/nest-add/files/skills/rlb-amqp-add-action/SKILL.md +4 -3
- package/schematics/nest-add/files/skills/rlb-amqp-add-route/SKILL.md +20 -14
- package/schematics/nest-add/files/skills/rlb-amqp-add-ws-event/SKILL.md +7 -6
- package/schematics/nest-add/files/skills/rlb-amqp-gateway-admin/SKILL.md +1 -1
- package/schematics/nest-add/files/skills/rlb-amqp-scaffold/SKILL.md +4 -4
- package/schematics/nest-add/index.js +8 -12
- package/schematics/nest-add/index.js.map +1 -1
- package/schematics/nest-add/index.ts +8 -12
package/README.md
CHANGED
|
@@ -56,7 +56,7 @@ Monorepo NestJS (vedi `nest-cli.json`):
|
|
|
56
56
|
│
|
|
57
57
|
┌───────▼────────┐ modules/proxy ── Gateway
|
|
58
58
|
│ HttpHandler │ - registra route HTTP dinamiche
|
|
59
|
-
│ WebSocketSvc │ - auth (jwt/jwks/basic/str-compare) + ACL/
|
|
59
|
+
│ WebSocketSvc │ - auth (jwt/jwks/basic/str-compare) + ACL/azioni
|
|
60
60
|
│ JwtService │ - traduce HTTP/WS → messaggi broker
|
|
61
61
|
└───────┬────────┘
|
|
62
62
|
│
|
|
@@ -80,7 +80,7 @@ Monorepo NestJS (vedi `nest-cli.json`):
|
|
|
80
80
|
|
|
81
81
|
1. **`amqp-lib`** — driver a basso livello (`AmqpConnection`): connessione resiliente (`amqp-connection-manager`), canali gestiti, setup di exchange/queue/binding al boot, RPC con `correlationId` + *direct-reply-to*, consumer con gestione errori (`Nack` → ack/reject/requeue), graceful shutdown.
|
|
82
82
|
2. **`modules/broker`** — astrazione di business: `BrokerService`, decoratori `@BrokerAction`/`@BrokerParam`, `MetadataScannerService` (auto-discovery dei metodi decorati e registrazione automatica dei consumer).
|
|
83
|
-
3. **`modules/proxy`** — gateway HTTP/WebSocket: registrazione dinamica di route Express, auth pluggable, ACL/
|
|
83
|
+
3. **`modules/proxy`** — gateway HTTP/WebSocket: registrazione dinamica di route Express, auth pluggable, ACL/azioni, WebSocket sicuro e scalabile, forwarding webhook.
|
|
84
84
|
|
|
85
85
|
### Flusso di una richiesta
|
|
86
86
|
|
|
@@ -126,7 +126,7 @@ import yamlConfig from './config/config.loader';
|
|
|
126
126
|
gatewayOptions: config.get<GatewayConfig>('gateway'),
|
|
127
127
|
}),
|
|
128
128
|
providers: [
|
|
129
|
-
// { provide: RLB_GTW_ACL_ROLE_SERVICE,
|
|
129
|
+
// { provide: RLB_GTW_ACL_ROLE_SERVICE, useExisting: AclService }, // solo se usi `actions`
|
|
130
130
|
],
|
|
131
131
|
}),
|
|
132
132
|
],
|
|
@@ -537,7 +537,7 @@ Due moduli **opzionali** per gestire ACL e configurazione gateway a database. **
|
|
|
537
537
|
|
|
538
538
|
### `AclModule` — ACL DB-backed con cache 2-livelli
|
|
539
539
|
|
|
540
|
-
ACL (azioni → ruoli → grant per-utente) con `
|
|
540
|
+
ACL (azioni → ruoli → grant per-utente) con un'unica primitiva `checkAction` (action-based, match **esatto** su `(companyId, resourceId)`, niente wildcard) e **cache RAM + L2 pluggable** (TTL diversi) e invalidazione che forza il DB.
|
|
541
541
|
|
|
542
542
|
```ts
|
|
543
543
|
import { AclModule, AclService, AclActionRepository, AclRoleRepository, AclGrantRepository,
|
|
@@ -572,10 +572,9 @@ import { AclModule, AclService, AclActionRepository, AclRoleRepository, AclGrant
|
|
|
572
572
|
export class AppModule {}
|
|
573
573
|
```
|
|
574
574
|
|
|
575
|
-
- I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-
|
|
576
|
-
- **
|
|
577
|
-
|
|
578
|
-
- `canUserDo(roles, userId, resourceId)` — **lato microservizio**: vero se un grant **globale** (senza `resourceId`) **oppure** legato a quella risorsa dà all'utente il ruolo (`roles` accetta `string | string[]`). La risorsa è nota solo al ms, che chiama l'RPC `acl-can-user-do` con payload `{ userId, resource, roles }`.
|
|
575
|
+
- I handler sono esposti su `BrokerService` con topic **`rlb-acl`** (costante `ACL_TOPIC`): `acl-check-action` (rpc), `acl-grant`/`acl-revoke`, `acl-list-resources-by-user`, `acl-action-*`, `acl-role-*`. Definisci nel tuo `broker.topics` un topic `rlb-acl`. (Il check del gateway è in-process via `IAclRoleService`, quindi gli auth-provider non richiedono più `aclTopic`/`aclAction`.)
|
|
576
|
+
- **Verifica unica action-based** (servita dalla cache 2-tier, miss → DB → ripopola): `checkAction(userId, { companyId?, resourceId? }, action)` — vero se l'utente ha l'`action` (`string | string[]`, semantica OR) tramite un qualsiasi ruolo, su quella **esatta** coppia `(companyId, resourceId)`. Match: `grant.companyId === companyId && grant.resourceId === resourceId` (undefined/null/'' = assenti); unica deroga: entrambi assenti su richiesta **e** grant (grant globale). **Niente wildcard**; `companyId` è parte della decisione. Il gateway la usa in-process via `IAclRoleService.checkAction` su `path.actions`; è esposta anche come RPC `acl-check-action` (`{ userId, action, companyId?, resourceId? }`) per gli altri ms.
|
|
577
|
+
- **grant/revoke sono gated**: il chiamante (header `X-GTW-AUTH-USERID`) deve avere l'azione `role-management` sulla risorsa target `(companyId, resourceId)`, altrimenti `403`. Il record grant è univoco per `(userId, companyId, resourceId)`; il primo `role-management` si fa **seed diretto a DB** (nessun bypass nella lib; azione del gate configurabile con `AclModuleOptions.roleManagementAction`).
|
|
579
578
|
- **Invalidazione**: ogni mutazione (grant/role/action) svuota L1 e L2 → la prossima verifica pesca dal DB. Senza L2, la coerenza multi-istanza è limitata dal `ramTtlMs`.
|
|
580
579
|
- **Cache L2 pluggable**: il consumer fornisce `{ provide: RLB_ACL_CACHE_STORE, useClass/useExisting }` che implementa `AclCacheStore` (`get/set/del/keys`). In `gateway-in-memory` è `InMemoryAclStore` (mock in RAM, nessuna dipendenza esterna); in produzione plugga uno store condiviso (es. Redis).
|
|
581
580
|
|
|
@@ -660,7 +659,7 @@ Questi sono i punti che causano più frequentemente bug silenziosi. **Leggili pr
|
|
|
660
659
|
|
|
661
660
|
### Auth / ACL
|
|
662
661
|
|
|
663
|
-
14. **`
|
|
662
|
+
14. **`actions` su una path richiede un `IAclRoleService`** registrato via `RLB_GTW_ACL_ROLE_SERVICE` in `ProxyModule.forRootAsync({ providers: [...] })`. Il check del gateway è **action-based**: `path.actions` elenca **nomi di azione** e l'utente passa se ne possiede **almeno una** sulla **esatta** coppia `(companyId, resourceId)` della richiesta (`checkAction(userId, ctx, path.actions)`). Il gateway estrae i campi canonici `companyId`/`resourceId` dalla richiesta (precedenza params→query→body) e li confronta in modo esatto. L'auth-provider deve definire `uidClaim` (per estrarre lo userId) + `headerPrefix`. Nota: `authOptions`/`gatewayOptions` si passano a `ProxyModule`, non a `BrokerModule`.
|
|
664
663
|
15. **Gli header propagati sono uppercase e prefissati** (`${headerPrefix}${DEST}`): leggi `X-GTW-AUTH-USERID`, non `userId`.
|
|
665
664
|
|
|
666
665
|
### WebSocket
|
|
@@ -687,7 +686,7 @@ Questi sono i punti che causano più frequentemente bug silenziosi. **Leggili pr
|
|
|
687
686
|
- `Queue <name> has no routing key`: l'exchange è di tipo `topic` ma il queue non ha `routingKey`.
|
|
688
687
|
- `Client name is required ...`: manca `connection_name` (richiesto da broadcast e WebSocket).
|
|
689
688
|
- `ACL Role Service not found`: stai usando `roles` senza aver registrato `RLB_GTW_ACL_ROLE_SERVICE`.
|
|
690
|
-
- `401/403` dal gateway: controlla `auth`, `auth-providers[]`, e l'ACL service quando usi `
|
|
689
|
+
- `401/403` dal gateway: controlla `auth`, `auth-providers[]`, e l'ACL service quando usi `actions`.
|
|
691
690
|
- Timeout RPC: `replyQueues` errato, `action` non gestita da alcun servizio, o handler troppo lento (`timeout`).
|
|
692
691
|
|
|
693
692
|
---
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.grantMatchesResource = grantMatchesResource;
|
|
4
|
+
function norm(v) {
|
|
5
|
+
return v === undefined || v === null || v === '' ? null : String(v);
|
|
6
|
+
}
|
|
7
|
+
function grantMatchesResource(grant, ctx) {
|
|
8
|
+
return norm(grant?.companyId) === norm(ctx?.companyId) && norm(grant?.resourceId) === norm(ctx?.resourceId);
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=authz-match.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authz-match.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/authz-match.ts"],"names":[],"mappings":";;AAkBA,oDAEC;AAXD,SAAS,IAAI,CAAC,CAAU;IACtB,OAAO,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC;AAOD,SAAgB,oBAAoB,CAAC,KAAe,EAAE,GAAwB;IAC5E,OAAO,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,UAAU,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;AAC9G,CAAC"}
|
package/modules/acl/const.d.ts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
export declare const ACL_TOPIC = "rlb-acl";
|
|
2
2
|
export declare const RLB_ACL_OPTIONS = "RLB_ACL_OPTIONS";
|
|
3
3
|
export declare const RLB_ACL_CACHE_STORE = "RLB_ACL_CACHE_STORE";
|
|
4
|
+
export declare const ACL_DEFAULT_ROLE_MANAGEMENT_ACTION = "role-management";
|
|
4
5
|
export declare const ACL_ACTIONS: {
|
|
5
|
-
readonly
|
|
6
|
-
readonly canUserDoGtw: "acl-can-user-do-gtw";
|
|
6
|
+
readonly checkAction: "acl-check-action";
|
|
7
7
|
readonly listResourcesByUser: "acl-list-resources-by-user";
|
|
8
8
|
readonly grant: "acl-grant";
|
|
9
9
|
readonly revoke: "acl-revoke";
|
package/modules/acl/const.js
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ACL_ACTIONS = exports.RLB_ACL_CACHE_STORE = exports.RLB_ACL_OPTIONS = exports.ACL_TOPIC = void 0;
|
|
3
|
+
exports.ACL_ACTIONS = exports.ACL_DEFAULT_ROLE_MANAGEMENT_ACTION = exports.RLB_ACL_CACHE_STORE = exports.RLB_ACL_OPTIONS = exports.ACL_TOPIC = void 0;
|
|
4
4
|
exports.ACL_TOPIC = 'rlb-acl';
|
|
5
5
|
exports.RLB_ACL_OPTIONS = 'RLB_ACL_OPTIONS';
|
|
6
6
|
exports.RLB_ACL_CACHE_STORE = 'RLB_ACL_CACHE_STORE';
|
|
7
|
+
exports.ACL_DEFAULT_ROLE_MANAGEMENT_ACTION = 'role-management';
|
|
7
8
|
exports.ACL_ACTIONS = {
|
|
8
|
-
|
|
9
|
-
canUserDoGtw: 'acl-can-user-do-gtw',
|
|
9
|
+
checkAction: 'acl-check-action',
|
|
10
10
|
listResourcesByUser: 'acl-list-resources-by-user',
|
|
11
11
|
grant: 'acl-grant',
|
|
12
12
|
revoke: 'acl-revoke',
|
package/modules/acl/const.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;AAGa,QAAA,SAAS,GAAG,SAAS,CAAC;AAEtB,QAAA,eAAe,GAAG,iBAAiB,CAAC;AAEpC,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"const.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/const.ts"],"names":[],"mappings":";;;AAGa,QAAA,SAAS,GAAG,SAAS,CAAC;AAEtB,QAAA,eAAe,GAAG,iBAAiB,CAAC;AAEpC,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAI5C,QAAA,kCAAkC,GAAG,iBAAiB,CAAC;AAGvD,QAAA,WAAW,GAAG;IAGzB,WAAW,EAAE,kBAAkB;IAE/B,mBAAmB,EAAE,4BAA4B;IACjD,KAAK,EAAE,WAAW;IAClB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,gBAAgB;IAE5B,YAAY,EAAE,mBAAmB;IACjC,YAAY,EAAE,mBAAmB;IACjC,UAAU,EAAE,iBAAiB;IAC7B,SAAS,EAAE,gBAAgB;IAC3B,UAAU,EAAE,iBAAiB;IAC7B,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;IACzB,OAAO,EAAE,cAAc;CACf,CAAC"}
|
package/modules/acl/index.d.ts
CHANGED
package/modules/acl/index.js
CHANGED
|
@@ -15,6 +15,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
__exportStar(require("./acl.module"), exports);
|
|
18
|
+
__exportStar(require("./authz-match"), exports);
|
|
18
19
|
__exportStar(require("./cache/acl-cache.service"), exports);
|
|
19
20
|
__exportStar(require("./cache/cache-store"), exports);
|
|
20
21
|
__exportStar(require("./config/acl.config"), exports);
|
package/modules/acl/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,4DAA0C;AAC1C,sDAAoC;AACpC,sDAAoC;AACpC,0CAAwB;AACxB,2CAAyB;AACzB,qEAAmD;AACnD,oEAAkD;AAClD,mEAAiD;AACjD,oEAAkD;AAClD,yDAAuC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../libs/rlb-nestjs-amqp/src/modules/acl/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,gDAA8B;AAC9B,4DAA0C;AAC1C,sDAAoC;AACpC,sDAAoC;AACpC,0CAAwB;AACxB,2CAAyB;AACzB,qEAAmD;AACnD,oEAAkD;AAClD,mEAAiD;AACjD,oEAAkD;AAClD,yDAAuC"}
|
|
@@ -1,18 +1,22 @@
|
|
|
1
1
|
import { PaginationModel } from '../../../common';
|
|
2
2
|
import { AclCacheService } from '../cache/acl-cache.service';
|
|
3
|
+
import { AclModuleOptions } from '../config/acl.config';
|
|
3
4
|
import { AclAction, AclGrant, AclRole } from '../models';
|
|
4
5
|
import { AclActionRepository } from '../repository/acl-action.repository';
|
|
5
6
|
import { AclGrantRepository } from '../repository/acl-grant.repository';
|
|
6
7
|
import { AclRoleRepository } from '../repository/acl-role.repository';
|
|
8
|
+
import { AclService } from './acl.service';
|
|
7
9
|
export declare class AclManagementService {
|
|
8
10
|
private readonly actions;
|
|
9
11
|
private readonly roles;
|
|
10
12
|
private readonly grants;
|
|
11
13
|
private readonly cache;
|
|
14
|
+
private readonly acl;
|
|
12
15
|
private readonly logger;
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
+
private readonly roleMgmtAction;
|
|
17
|
+
constructor(actions: AclActionRepository, roles: AclRoleRepository, grants: AclGrantRepository, cache: AclCacheService, acl: AclService, options: AclModuleOptions);
|
|
18
|
+
grant(userId: string, roles: string[], resourceId?: string, companyId?: string, friendlyName?: string, currentUser?: string): Promise<AclGrant>;
|
|
19
|
+
revoke(userId: string, roles: string[], resourceId?: string, companyId?: string, currentUser?: string): Promise<AclGrant | null>;
|
|
16
20
|
private findGrant;
|
|
17
21
|
upsertAction(name: string, description?: string): Promise<AclAction>;
|
|
18
22
|
deleteAction(name: string): Promise<AclAction>;
|
|
@@ -17,26 +17,33 @@ exports.AclManagementService = void 0;
|
|
|
17
17
|
const common_1 = require("@nestjs/common");
|
|
18
18
|
const common_2 = require("../../../common");
|
|
19
19
|
const broker_1 = require("../../broker");
|
|
20
|
+
const authz_match_1 = require("../authz-match");
|
|
20
21
|
const acl_cache_service_1 = require("../cache/acl-cache.service");
|
|
21
22
|
const const_1 = require("../const");
|
|
22
23
|
const acl_action_repository_1 = require("../repository/acl-action.repository");
|
|
23
24
|
const acl_grant_repository_1 = require("../repository/acl-grant.repository");
|
|
24
25
|
const acl_role_repository_1 = require("../repository/acl-role.repository");
|
|
26
|
+
const acl_service_1 = require("./acl.service");
|
|
25
27
|
let AclManagementService = AclManagementService_1 = class AclManagementService {
|
|
26
|
-
constructor(actions, roles, grants, cache) {
|
|
28
|
+
constructor(actions, roles, grants, cache, acl, options) {
|
|
27
29
|
this.actions = actions;
|
|
28
30
|
this.roles = roles;
|
|
29
31
|
this.grants = grants;
|
|
30
32
|
this.cache = cache;
|
|
33
|
+
this.acl = acl;
|
|
31
34
|
this.logger = new common_1.Logger(AclManagementService_1.name);
|
|
35
|
+
this.roleMgmtAction = options.roleManagementAction ?? const_1.ACL_DEFAULT_ROLE_MANAGEMENT_ACTION;
|
|
32
36
|
}
|
|
33
|
-
async grant(userId, roles, resourceId, companyId, friendlyName) {
|
|
37
|
+
async grant(userId, roles, resourceId, companyId, friendlyName, currentUser) {
|
|
34
38
|
if (!userId)
|
|
35
39
|
throw new common_2.BadRequestError('userId is required');
|
|
36
40
|
if (!roles?.length)
|
|
37
41
|
throw new common_2.BadRequestError('roles are required');
|
|
42
|
+
if (!(await this.acl.checkAction(currentUser ?? '', { companyId, resourceId }, this.roleMgmtAction))) {
|
|
43
|
+
throw new common_2.ForbiddenError(`'${this.roleMgmtAction}' is required on the target resource to grant`);
|
|
44
|
+
}
|
|
38
45
|
await this.assertRolesExist(roles);
|
|
39
|
-
const existing = await this.findGrant(userId, resourceId);
|
|
46
|
+
const existing = await this.findGrant(userId, companyId, resourceId);
|
|
40
47
|
let result;
|
|
41
48
|
if (existing) {
|
|
42
49
|
const merged = Array.from(new Set([...(existing.roles || []), ...roles]));
|
|
@@ -52,12 +59,15 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
|
|
|
52
59
|
await this.cache.invalidate(userId);
|
|
53
60
|
return result;
|
|
54
61
|
}
|
|
55
|
-
async revoke(userId, roles, resourceId, companyId) {
|
|
62
|
+
async revoke(userId, roles, resourceId, companyId, currentUser) {
|
|
56
63
|
if (!userId)
|
|
57
64
|
throw new common_2.BadRequestError('userId is required');
|
|
58
65
|
if (!roles?.length)
|
|
59
66
|
throw new common_2.BadRequestError('roles are required');
|
|
60
|
-
|
|
67
|
+
if (!(await this.acl.checkAction(currentUser ?? '', { companyId, resourceId }, this.roleMgmtAction))) {
|
|
68
|
+
throw new common_2.ForbiddenError(`'${this.roleMgmtAction}' is required on the target resource to revoke`);
|
|
69
|
+
}
|
|
70
|
+
const existing = await this.findGrant(userId, companyId, resourceId);
|
|
61
71
|
if (!existing)
|
|
62
72
|
return null;
|
|
63
73
|
const remaining = (existing.roles || []).filter((r) => !roles.includes(r));
|
|
@@ -67,9 +77,9 @@ let AclManagementService = AclManagementService_1 = class AclManagementService {
|
|
|
67
77
|
await this.cache.invalidate(userId);
|
|
68
78
|
return result;
|
|
69
79
|
}
|
|
70
|
-
async findGrant(userId, resourceId) {
|
|
80
|
+
async findGrant(userId, companyId, resourceId) {
|
|
71
81
|
const all = await this.grants.filter({ userId });
|
|
72
|
-
return (all || []).find((g) => (g
|
|
82
|
+
return (all || []).find((g) => (0, authz_match_1.grantMatchesResource)(g, { companyId, resourceId }));
|
|
73
83
|
}
|
|
74
84
|
async upsertAction(name, description) {
|
|
75
85
|
if (!name)
|
|
@@ -144,8 +154,9 @@ __decorate([
|
|
|
144
154
|
__param(2, (0, broker_1.BrokerParam)('body', 'resourceId')),
|
|
145
155
|
__param(3, (0, broker_1.BrokerParam)('body', 'companyId')),
|
|
146
156
|
__param(4, (0, broker_1.BrokerParam)('body', 'friendlyName')),
|
|
157
|
+
__param(5, (0, broker_1.BrokerParam)('header', 'X-GTW-AUTH-USERID')),
|
|
147
158
|
__metadata("design:type", Function),
|
|
148
|
-
__metadata("design:paramtypes", [String, Array, String, String, String]),
|
|
159
|
+
__metadata("design:paramtypes", [String, Array, String, String, String, String]),
|
|
149
160
|
__metadata("design:returntype", Promise)
|
|
150
161
|
], AclManagementService.prototype, "grant", null);
|
|
151
162
|
__decorate([
|
|
@@ -154,8 +165,9 @@ __decorate([
|
|
|
154
165
|
__param(1, (0, broker_1.BrokerParam)('body', 'roles')),
|
|
155
166
|
__param(2, (0, broker_1.BrokerParam)('body', 'resourceId')),
|
|
156
167
|
__param(3, (0, broker_1.BrokerParam)('body', 'companyId')),
|
|
168
|
+
__param(4, (0, broker_1.BrokerParam)('header', 'X-GTW-AUTH-USERID')),
|
|
157
169
|
__metadata("design:type", Function),
|
|
158
|
-
__metadata("design:paramtypes", [String, Array, String, String]),
|
|
170
|
+
__metadata("design:paramtypes", [String, Array, String, String, String]),
|
|
159
171
|
__metadata("design:returntype", Promise)
|
|
160
172
|
], AclManagementService.prototype, "revoke", null);
|
|
161
173
|
__decorate([
|
|
@@ -221,9 +233,11 @@ __decorate([
|
|
|
221
233
|
], AclManagementService.prototype, "getRole", null);
|
|
222
234
|
exports.AclManagementService = AclManagementService = AclManagementService_1 = __decorate([
|
|
223
235
|
(0, common_1.Injectable)(),
|
|
236
|
+
__param(5, (0, common_1.Inject)(const_1.RLB_ACL_OPTIONS)),
|
|
224
237
|
__metadata("design:paramtypes", [acl_action_repository_1.AclActionRepository,
|
|
225
238
|
acl_role_repository_1.AclRoleRepository,
|
|
226
239
|
acl_grant_repository_1.AclGrantRepository,
|
|
227
|
-
acl_cache_service_1.AclCacheService
|
|
240
|
+
acl_cache_service_1.AclCacheService,
|
|
241
|
+
acl_service_1.AclService, Object])
|
|
228
242
|
], AclManagementService);
|
|
229
243
|
//# sourceMappingURL=acl-management.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"acl-management.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl-management.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA4D;AAC5D,4CAAmF;AACnF,yCAAyD;AACzD,gDAAsD;AACtD,kEAA6D;AAE7D,oCAAuG;AAEvG,+EAA0E;AAC1E,6EAAwE;AACxE,2EAAsE;AACtE,+CAA2C;AAGpC,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAK/B,YACmB,OAA4B,EAC5B,KAAwB,EACxB,MAA0B,EAC1B,KAAsB,EACtB,GAAe,EACP,OAAyB;QALjC,YAAO,GAAP,OAAO,CAAqB;QAC5B,UAAK,GAAL,KAAK,CAAmB;QACxB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAiB;QACtB,QAAG,GAAH,GAAG,CAAY;QATjB,WAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;QAY9D,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,oBAAoB,IAAI,0CAAkC,CAAC;IAC3F,CAAC;IAOK,AAAN,KAAK,CAAC,KAAK,CACsB,MAAc,EACf,KAAe,EACV,UAAmB,EACpB,SAAkB,EACf,YAAqB,EACd,WAAoB;QAEhE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QACpE,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACrG,MAAM,IAAI,uBAAc,CAAC,IAAI,IAAI,CAAC,cAAc,+CAA+C,CAAC,CAAC;QACnG,CAAC;QACD,MAAM,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAGnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACrE,IAAI,MAAgB,CAAC;QACrB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1E,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE;gBACnD,KAAK,EAAE,MAAM;gBACb,SAAS,EAAE,SAAS,IAAI,QAAQ,CAAC,SAAS;gBAC1C,YAAY,EAAE,YAAY,IAAI,QAAQ,CAAC,YAAY;aACpD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CAAC;QACxH,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CACqB,MAAc,EACf,KAAe,EACV,UAAmB,EACpB,SAAkB,EACR,WAAoB;QAEhE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,CAAC,CAAC;QACpE,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,EAAE,CAAC;YACrG,MAAM,IAAI,uBAAc,CAAC,IAAI,IAAI,CAAC,cAAc,gDAAgD,CAAC,CAAC;QACpG,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAG3B,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM;YAC7B,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;YACnE,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAI,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAGO,KAAK,CAAC,SAAS,CAAC,MAAc,EAAE,SAAkB,EAAE,UAAmB;QAC7E,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,kCAAoB,EAAC,CAAC,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;IACrF,CAAC;IAKK,AAAN,KAAK,CAAC,YAAY,CACa,IAAY,EACL,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,KAAK,GAAuB,EAAE,IAAI,EAAE,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QAClG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC7D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,YAAY,CAA8B,IAAY;QAC1D,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW,CACc,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CAA8B,IAAY;QACvD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAKK,AAAN,KAAK,CAAC,UAAU,CACe,IAAY,EACT,OAAiB,EACb,WAAoB;QAExD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,sBAAsB,CAAC,CAAC;QACxE,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,KAAK,GAAqB,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACzG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,KAAK,CAAC,CAAC;QAC3D,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU,CAA8B,IAAY;QAGxD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,SAAS,CACgB,IAAa,EACZ,KAAc;QAE5C,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAA8B,IAAY;QACrD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAe;QACrC,OAAO,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,KAAe;QAC9C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAClE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,oBAAoB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1F,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAe;QAC5C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxF,CAAC;CACF,CAAA;AAhLY,oDAAoB;AAqBzB;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,KAAK,EAAE,KAAK,CAAC;IAE/C,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC5B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,WAAW,CAAC,CAAA;IAChC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,cAAc,CAAC,CAAA;IACnC,WAAA,IAAA,oBAAW,EAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAA;;;;iDAwB5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,MAAM,EAAE,KAAK,CAAC;IAEhD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC5B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IACjC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,WAAW,CAAC,CAAA;IAChC,WAAA,IAAA,oBAAW,EAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAA;;;;kDAiB5C;AAWK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IAEtD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;wDAOpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,YAAY,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;wDAK9C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;uDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,SAAS,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;qDAG3C;AAKK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IAEpD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,SAAS,CAAC,CAAA;IAC9B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAA;;;;sDASpC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,UAAU,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;sDAO5C;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,QAAQ,EAAE,KAAK,CAAC;IAElD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,OAAO,CAAC,CAAA;;;;qDAG9B;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,OAAO,EAAE,KAAK,CAAC;IACrC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,MAAM,CAAC,CAAA;;;;mDAGzC;+BA/JU,oBAAoB;IADhC,IAAA,mBAAU,GAAE;IAYR,WAAA,IAAA,eAAM,EAAC,uBAAe,CAAC,CAAA;qCALE,2CAAmB;QACrB,uCAAiB;QAChB,yCAAkB;QACnB,mCAAe;QACjB,wBAAU;GAVvB,oBAAoB,CAgLhC"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { IAclRoleService } from '../../proxy/services/acl.service';
|
|
2
2
|
import { AclCacheService } from '../cache/acl-cache.service';
|
|
3
|
+
import { AclResourceContext } from '../authz-match';
|
|
3
4
|
import { AclResourceGroup } from '../models';
|
|
4
5
|
import { AclGrantRepository } from '../repository/acl-grant.repository';
|
|
5
6
|
import { AclRoleRepository } from '../repository/acl-role.repository';
|
|
@@ -10,9 +11,7 @@ export declare class AclService implements IAclRoleService {
|
|
|
10
11
|
private readonly logger;
|
|
11
12
|
constructor(grants: AclGrantRepository, roles: AclRoleRepository, cache: AclCacheService);
|
|
12
13
|
private toList;
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
handleCanUserDoGtw(userId: string, roles?: string | string[]): Promise<boolean>;
|
|
16
|
-
handleCanUserDo(userId: string, resource: string, roles?: string | string[]): Promise<boolean>;
|
|
14
|
+
checkAction(userId: string, ctx: AclResourceContext | undefined, action: string | string[]): Promise<boolean>;
|
|
15
|
+
handleCheckAction(userId: string, action: string | string[], companyId?: string, resourceId?: string): Promise<boolean>;
|
|
17
16
|
listResourcesByUser(userId: string): Promise<AclResourceGroup[]>;
|
|
18
17
|
}
|
|
@@ -18,6 +18,7 @@ const common_1 = require("@nestjs/common");
|
|
|
18
18
|
const common_2 = require("../../../common");
|
|
19
19
|
const broker_1 = require("../../broker");
|
|
20
20
|
const acl_cache_service_1 = require("../cache/acl-cache.service");
|
|
21
|
+
const authz_match_1 = require("../authz-match");
|
|
21
22
|
const const_1 = require("../const");
|
|
22
23
|
const acl_grant_repository_1 = require("../repository/acl-grant.repository");
|
|
23
24
|
const acl_role_repository_1 = require("../repository/acl-role.repository");
|
|
@@ -28,48 +29,32 @@ let AclService = AclService_1 = class AclService {
|
|
|
28
29
|
this.cache = cache;
|
|
29
30
|
this.logger = new common_1.Logger(AclService_1.name);
|
|
30
31
|
}
|
|
31
|
-
toList(
|
|
32
|
-
return Array.isArray(
|
|
32
|
+
toList(value) {
|
|
33
|
+
return Array.isArray(value) ? value : (value ? [value] : []);
|
|
33
34
|
}
|
|
34
|
-
async
|
|
35
|
-
const
|
|
36
|
-
if (!userId || !
|
|
35
|
+
async checkAction(userId, ctx, action) {
|
|
36
|
+
const actions = this.toList(action);
|
|
37
|
+
if (!userId || !actions.length)
|
|
37
38
|
return false;
|
|
38
|
-
const
|
|
39
|
+
const scopeKey = ctx === undefined ? 'agnostic' : `${ctx.companyId ?? '*'}|${ctx.resourceId ?? '*'}`;
|
|
40
|
+
const cacheAction = `act:${scopeKey}:${[...actions].sort().join(',')}`;
|
|
39
41
|
const cached = await this.cache.get(userId, cacheAction);
|
|
40
42
|
if (cached !== null)
|
|
41
43
|
return cached;
|
|
42
|
-
const
|
|
43
|
-
const
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
return false;
|
|
51
|
-
const cacheAction = `role-res:${resourceId ?? '*'}:${[...list].sort().join(',')}`;
|
|
52
|
-
const cached = await this.cache.get(userId, cacheAction);
|
|
53
|
-
if (cached !== null)
|
|
54
|
-
return cached;
|
|
55
|
-
const grants = await this.grants.filter({ userId });
|
|
56
|
-
const scoped = grants.filter((g) => g.resourceId == null || g.resourceId === resourceId);
|
|
57
|
-
const allowed = scoped.some((g) => (g.roles || []).some((r) => list.includes(r)));
|
|
44
|
+
const allRoles = await this.roles.list();
|
|
45
|
+
const roleNames = new Set((allRoles || []).filter((r) => (r.actions || []).some((a) => actions.includes(a))).map((r) => r.name));
|
|
46
|
+
let allowed = false;
|
|
47
|
+
if (roleNames.size) {
|
|
48
|
+
const grants = await this.grants.filter({ userId });
|
|
49
|
+
const scoped = ctx === undefined ? grants : grants.filter((g) => (0, authz_match_1.grantMatchesResource)(g, ctx));
|
|
50
|
+
allowed = scoped.some((g) => (g.roles || []).some((r) => roleNames.has(r)));
|
|
51
|
+
}
|
|
58
52
|
await this.cache.set(userId, cacheAction, allowed);
|
|
59
53
|
return allowed;
|
|
60
54
|
}
|
|
61
|
-
async
|
|
55
|
+
async handleCheckAction(userId, action, companyId, resourceId) {
|
|
62
56
|
try {
|
|
63
|
-
return await this.
|
|
64
|
-
}
|
|
65
|
-
catch (error) {
|
|
66
|
-
this.logger.error(error);
|
|
67
|
-
return false;
|
|
68
|
-
}
|
|
69
|
-
}
|
|
70
|
-
async handleCanUserDo(userId, resource, roles) {
|
|
71
|
-
try {
|
|
72
|
-
return await this.canUserDo(roles ?? [], userId, resource);
|
|
57
|
+
return await this.checkAction(userId, { companyId, resourceId }, action);
|
|
73
58
|
}
|
|
74
59
|
catch (error) {
|
|
75
60
|
this.logger.error(error);
|
|
@@ -107,22 +92,15 @@ let AclService = AclService_1 = class AclService {
|
|
|
107
92
|
};
|
|
108
93
|
exports.AclService = AclService;
|
|
109
94
|
__decorate([
|
|
110
|
-
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.
|
|
111
|
-
__param(0, (0, broker_1.BrokerParam)('body', 'userId')),
|
|
112
|
-
__param(1, (0, broker_1.BrokerParam)('body', 'roles')),
|
|
113
|
-
__metadata("design:type", Function),
|
|
114
|
-
__metadata("design:paramtypes", [String, Object]),
|
|
115
|
-
__metadata("design:returntype", Promise)
|
|
116
|
-
], AclService.prototype, "handleCanUserDoGtw", null);
|
|
117
|
-
__decorate([
|
|
118
|
-
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.canUserDo, 'rpc'),
|
|
95
|
+
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.checkAction, 'rpc'),
|
|
119
96
|
__param(0, (0, broker_1.BrokerParam)('body', 'userId')),
|
|
120
|
-
__param(1, (0, broker_1.BrokerParam)('body', '
|
|
121
|
-
__param(2, (0, broker_1.BrokerParam)('body', '
|
|
97
|
+
__param(1, (0, broker_1.BrokerParam)('body', 'action')),
|
|
98
|
+
__param(2, (0, broker_1.BrokerParam)('body', 'companyId')),
|
|
99
|
+
__param(3, (0, broker_1.BrokerParam)('body', 'resourceId')),
|
|
122
100
|
__metadata("design:type", Function),
|
|
123
|
-
__metadata("design:paramtypes", [String, String,
|
|
101
|
+
__metadata("design:paramtypes", [String, Object, String, String]),
|
|
124
102
|
__metadata("design:returntype", Promise)
|
|
125
|
-
], AclService.prototype, "
|
|
103
|
+
], AclService.prototype, "handleCheckAction", null);
|
|
126
104
|
__decorate([
|
|
127
105
|
(0, broker_1.BrokerAction)(const_1.ACL_TOPIC, const_1.ACL_ACTIONS.listResourcesByUser, 'rpc'),
|
|
128
106
|
__param(0, (0, broker_1.BrokerParam)('header', 'X-GTW-AUTH-USERID')),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acl.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,4CAAoD;AACpD,yCAAyD;AAEzD,kEAA6D;AAC7D,oCAAkD;AAElD,6EAAwE;AACxE,2EAAsE;AAG/D,IAAM,UAAU,kBAAhB,MAAM,UAAU;IAGrB,YACmB,MAA0B,EAC1B,KAAwB,EACxB,KAAsB;QAFtB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAmB;QACxB,UAAK,GAAL,KAAK,CAAiB;QALxB,WAAM,GAAG,IAAI,eAAM,CAAC,YAAU,CAAC,IAAI,CAAC,CAAC;IAMlD,CAAC;IAEG,MAAM,CAAC,KAAwB;QACrC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC/D,CAAC;
|
|
1
|
+
{"version":3,"file":"acl.service.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/acl/services/acl.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAoD;AACpD,4CAAoD;AACpD,yCAAyD;AAEzD,kEAA6D;AAC7D,gDAA0E;AAC1E,oCAAkD;AAElD,6EAAwE;AACxE,2EAAsE;AAG/D,IAAM,UAAU,kBAAhB,MAAM,UAAU;IAGrB,YACmB,MAA0B,EAC1B,KAAwB,EACxB,KAAsB;QAFtB,WAAM,GAAN,MAAM,CAAoB;QAC1B,UAAK,GAAL,KAAK,CAAmB;QACxB,UAAK,GAAL,KAAK,CAAiB;QALxB,WAAM,GAAG,IAAI,eAAM,CAAC,YAAU,CAAC,IAAI,CAAC,CAAC;IAMlD,CAAC;IAEG,MAAM,CAAC,KAAwB;QACrC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC/D,CAAC;IAQD,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,GAAmC,EAAE,MAAyB;QAC9F,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAC7C,MAAM,QAAQ,GAAG,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,SAAS,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;QACrG,MAAM,WAAW,GAAG,OAAO,QAAQ,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACvE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACzD,IAAI,MAAM,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC;QAGnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,IAAI,GAAG,CACvB,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CACtG,CAAC;QACF,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YACnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,kCAAoB,EAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC/F,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QACnD,OAAO,OAAO,CAAC;IACjB,CAAC;IAGK,AAAN,KAAK,CAAC,iBAAiB,CACU,MAAc,EACd,MAAyB,EACtB,SAAkB,EACjB,UAAmB;QAEtD,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,MAAM,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACzB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAGK,AAAN,KAAK,CAAC,mBAAmB,CACqB,MAAc;QAE1D,IAAI,CAAC;YACH,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,0BAAiB,CAAC,qBAAqB,CAAC,CAAC;YAChE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAClD,MAAM,OAAO,GAAqC,EAAE,CAAC;YACrD,KAAK,MAAM,IAAI,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC;gBACxC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;oBACzB,OAAO,CAAC,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;gBACrE,CAAC;gBACD,IAAI,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC3F,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,QAAQ,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;oBACzF,OAAO,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC/C,CAAC;gBACD,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACxE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;gBAC9D,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;gBAClC,QAAQ,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAC3D,CAAC;YACD,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACzB,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CAEF,CAAA;AAvFY,gCAAU;AA2Cf;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,WAAW,EAAE,KAAK,CAAC;IAErD,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC7B,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,WAAW,CAAC,CAAA;IAChC,WAAA,IAAA,oBAAW,EAAC,MAAM,EAAE,YAAY,CAAC,CAAA;;;;mDAQnC;AAGK;IADL,IAAA,qBAAY,EAAC,iBAAS,EAAE,mBAAW,CAAC,mBAAmB,EAAE,KAAK,CAAC;IAE7D,WAAA,IAAA,oBAAW,EAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAA;;;;qDA0B5C;qBArFU,UAAU;IADtB,IAAA,mBAAU,GAAE;qCAKgB,yCAAkB;QACnB,uCAAiB;QACjB,mCAAe;GAN9B,UAAU,CAuFtB"}
|
|
@@ -18,7 +18,7 @@ function buildPathDefinitionsFromMeta(meta) {
|
|
|
18
18
|
mode: h.mode ?? (entry.type === 'event' ? 'event' : 'rpc'),
|
|
19
19
|
auth: h.auth,
|
|
20
20
|
allowAnonymous: h.allowAnonymous,
|
|
21
|
-
|
|
21
|
+
actions: h.actions ?? [],
|
|
22
22
|
successStatusCode: h.successStatusCode,
|
|
23
23
|
timeout: h.timeout,
|
|
24
24
|
parseRaw: h.parseRaw,
|
|
@@ -44,7 +44,7 @@ function pairAuthToRoutes(allHttp, allAuth, where = '') {
|
|
|
44
44
|
if (paired) {
|
|
45
45
|
h.auth = paired.authName;
|
|
46
46
|
h.allowAnonymous = paired.allowAnonymous;
|
|
47
|
-
h.
|
|
47
|
+
h.actions = paired.actions;
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
50
|
if (multiHttp) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decorator-paths.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/broker/config/decorator-paths.ts"],"names":[],"mappings":";;AAOA,oEA6BC;AAUD,4CA6BC;AApED,SAAgB,4BAA4B,CAAC,IAAS;IACpD,MAAM,GAAG,GAAU,EAAE,CAAC;IACtB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;QAC5C,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;gBACjC,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,GAAG,KAAK,IAAI,MAAM,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,EAAE;oBAC1D,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,UAAU,EAAE,CAAC,CAAC,UAAU,IAAI,MAAM;oBAClC,KAAK;oBACL,MAAM;oBACN,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;oBAC1D,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,cAAc,EAAE,CAAC,CAAC,cAAc;oBAChC,
|
|
1
|
+
{"version":3,"file":"decorator-paths.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/broker/config/decorator-paths.ts"],"names":[],"mappings":";;AAOA,oEA6BC;AAUD,4CA6BC;AApED,SAAgB,4BAA4B,CAAC,IAAS;IACpD,MAAM,GAAG,GAAU,EAAE,CAAC;IACtB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;QAC5C,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;gBACjC,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,GAAG,KAAK,IAAI,MAAM,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,EAAE;oBAC1D,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,UAAU,EAAE,CAAC,CAAC,UAAU,IAAI,MAAM;oBAClC,KAAK;oBACL,MAAM;oBACN,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;oBAC1D,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,cAAc,EAAE,CAAC,CAAC,cAAc;oBAChC,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,EAAE;oBACxB,iBAAiB,EAAE,CAAC,CAAC,iBAAiB;oBACtC,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,OAAO,EAAE,CAAC,CAAC,OAAO,IAAI,EAAE;oBACxB,cAAc,EAAE,CAAC,CAAC,cAAc,IAAI,EAAE;iBACvC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAUD,SAAgB,gBAAgB,CAAC,OAAc,EAAE,OAAc,EAAE,KAAK,GAAG,EAAE;IACzE,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,OAAO,EAAE,MAAM;QAAE,OAAO,QAAQ,CAAC;IAC1D,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;IAErC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,SAAS;YACtB,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACnE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,MAAM,EAAE,CAAC;YACX,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC;YACzB,CAAC,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;YACzC,CAAC,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAChB,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,EAAE,8CAA8C,OAAO,CAAC,MAAM,wFAAwF,KAAK,IAAI,CAAC,CAAC;YAC/M,CAAC;iBAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,IAAI,EAAE,yBAAyB,CAAC,CAAC,QAAQ,uCAAuC,KAAK,sBAAsB,CAAC,CAAC;YACvJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -19,5 +19,5 @@ export declare function BrokerHTTP(method: BrokerHttpMethod, path: string, dataS
|
|
|
19
19
|
[k: string]: string | number | boolean;
|
|
20
20
|
};
|
|
21
21
|
}): MethodDecorator;
|
|
22
|
-
export declare function BrokerAuth(authName: string, allowAnonymous?: boolean,
|
|
22
|
+
export declare function BrokerAuth(authName: string, allowAnonymous?: boolean, actions?: string | string[], httpName?: string): MethodDecorator;
|
|
23
23
|
export declare function BrokerParam(source: BrokerParamSource, name?: string, pipe?: PipeTransform): ParameterDecorator;
|
|
@@ -35,7 +35,7 @@ function BrokerHTTP(method, path, dataSource, options) {
|
|
|
35
35
|
Reflect.defineMetadata(const_1.RLB_BROKER_HTTP_METADATA_KEY, existingMetadata, target.constructor);
|
|
36
36
|
};
|
|
37
37
|
}
|
|
38
|
-
function BrokerAuth(authName, allowAnonymous,
|
|
38
|
+
function BrokerAuth(authName, allowAnonymous, actions, httpName) {
|
|
39
39
|
return (target, propertyKey, descriptor) => {
|
|
40
40
|
const existingMetadata = Reflect.getMetadata(const_1.RLB_BROKER_AUTH_METADATA_KEY, target.constructor) || [];
|
|
41
41
|
const params = getParamNames(descriptor.value);
|
|
@@ -43,7 +43,7 @@ function BrokerAuth(authName, allowAnonymous, roles, httpName) {
|
|
|
43
43
|
methodName: propertyKey,
|
|
44
44
|
authName,
|
|
45
45
|
allowAnonymous,
|
|
46
|
-
|
|
46
|
+
actions,
|
|
47
47
|
httpName,
|
|
48
48
|
});
|
|
49
49
|
Reflect.defineMetadata(const_1.RLB_BROKER_AUTH_METADATA_KEY, existingMetadata, target.constructor);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"broker-action.decorator.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/broker/decorators/broker-action.decorator.ts"],"names":[],"mappings":";;AAUA,oCAaC;AAED,gCAgCC;AAOD,gCAaC;AACD,kCASC;AAtFD,oCAAqJ;AAErJ,MAAM,cAAc,GAAG,kCAAkC,CAAC;AAC1D,MAAM,cAAc,GAAG,YAAY,CAAC;AAMpC,SAAgB,YAAY,CAAC,KAAa,EAAE,MAAc,EAAE,IAAuB;IACjF,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,EAAE;QACzC,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,sCAA8B,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACvG,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/C,gBAAgB,CAAC,IAAI,CAAC;YACpB,UAAU,EAAE,WAAW;YACvB,KAAK;YACL,MAAM;YACN,IAAI;YACJ,MAAM;SACP,CAAC,CAAC;QACH,OAAO,CAAC,cAAc,CAAC,sCAA8B,EAAE,gBAAgB,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC/F,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CACxB,MAAwB,EAAE,IAAY,EAAE,UAAgC,EAAE,OAiBzE;IAED,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,EAAE;QACzC,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,oCAA4B,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACrG,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/C,gBAAgB,CAAC,IAAI,CAAC;YACpB,UAAU,EAAE,WAAW;YACvB,MAAM;YACN,IAAI;YACJ,UAAU;YACV,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;SACnB,CAAC,CAAC;QACH,OAAO,CAAC,cAAc,CAAC,oCAA4B,EAAE,gBAAgB,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC7F,CAAC,CAAC;AACJ,CAAC;AAOD,SAAgB,UAAU,CAAC,QAAgB,EAAE,cAAwB,EAAE,
|
|
1
|
+
{"version":3,"file":"broker-action.decorator.js","sourceRoot":"","sources":["../../../../libs/rlb-nestjs-amqp/src/modules/broker/decorators/broker-action.decorator.ts"],"names":[],"mappings":";;AAUA,oCAaC;AAED,gCAgCC;AAOD,gCAaC;AACD,kCASC;AAtFD,oCAAqJ;AAErJ,MAAM,cAAc,GAAG,kCAAkC,CAAC;AAC1D,MAAM,cAAc,GAAG,YAAY,CAAC;AAMpC,SAAgB,YAAY,CAAC,KAAa,EAAE,MAAc,EAAE,IAAuB;IACjF,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,EAAE;QACzC,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,sCAA8B,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACvG,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/C,gBAAgB,CAAC,IAAI,CAAC;YACpB,UAAU,EAAE,WAAW;YACvB,KAAK;YACL,MAAM;YACN,IAAI;YACJ,MAAM;SACP,CAAC,CAAC;QACH,OAAO,CAAC,cAAc,CAAC,sCAA8B,EAAE,gBAAgB,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC/F,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CACxB,MAAwB,EAAE,IAAY,EAAE,UAAgC,EAAE,OAiBzE;IAED,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,EAAE;QACzC,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,oCAA4B,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACrG,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/C,gBAAgB,CAAC,IAAI,CAAC;YACpB,UAAU,EAAE,WAAW;YACvB,MAAM;YACN,IAAI;YACJ,UAAU;YACV,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;SACnB,CAAC,CAAC;QACH,OAAO,CAAC,cAAc,CAAC,oCAA4B,EAAE,gBAAgB,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC7F,CAAC,CAAC;AACJ,CAAC;AAOD,SAAgB,UAAU,CAAC,QAAgB,EAAE,cAAwB,EAAE,OAA2B,EAAE,QAAiB;IACnH,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,EAAE;QACzC,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,oCAA4B,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QACrG,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC/C,gBAAgB,CAAC,IAAI,CAAC;YACpB,UAAU,EAAE,WAAW;YACvB,QAAQ;YACR,cAAc;YACd,OAAO;YACP,QAAQ;SACT,CAAC,CAAC;QACH,OAAO,CAAC,cAAc,CAAC,oCAA4B,EAAE,gBAAgB,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC7F,CAAC,CAAC;AACJ,CAAC;AACD,SAAgB,WAAW,CAAC,MAAyB,EAAE,IAAa,EAAE,IAAoB;IAExF,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE;QAC7C,MAAM,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC,qCAA6B,EAAE,MAAM,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;QAEvG,gBAAgB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QAErE,OAAO,CAAC,cAAc,CAAC,qCAA6B,EAAE,gBAAgB,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAC/F,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,IAAI;IACzB,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IACxD,IAAI,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC3F,IAAI,MAAM,KAAK,IAAI;QACjB,MAAM,GAAG,EAAE,CAAC;IACd,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -9,6 +9,7 @@ export declare class ShutdownStateService implements OnModuleInit, OnModuleDestr
|
|
|
9
9
|
get isShuttingDown(): boolean;
|
|
10
10
|
register(name: string, drain: () => Promise<void>): void;
|
|
11
11
|
onModuleInit(): void;
|
|
12
|
+
private handleSignal;
|
|
12
13
|
onModuleDestroy(): Promise<void>;
|
|
13
14
|
private drainAll;
|
|
14
15
|
}
|
|
@@ -28,18 +28,18 @@ let ShutdownStateService = ShutdownStateService_1 = class ShutdownStateService {
|
|
|
28
28
|
this.drainers.push({ name, drain });
|
|
29
29
|
}
|
|
30
30
|
onModuleInit() {
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
31
|
+
process.once('SIGINT', () => this.handleSignal('SIGINT'));
|
|
32
|
+
process.once('SIGTERM', () => this.handleSignal('SIGTERM'));
|
|
33
|
+
}
|
|
34
|
+
handleSignal(signal) {
|
|
35
|
+
if (this._isShuttingDown)
|
|
36
|
+
return;
|
|
37
|
+
this._isShuttingDown = true;
|
|
38
|
+
this.logger.log(`Shutdown signal '${signal}' received.`);
|
|
39
|
+
setTimeout(() => {
|
|
40
|
+
this.logger.error(`Graceful shutdown timed out after ${SHUTDOWN_TIMEOUT_MS}ms on ${signal}, forcing exit.`);
|
|
41
|
+
process.exit(1);
|
|
42
|
+
}, SHUTDOWN_TIMEOUT_MS).unref();
|
|
43
43
|
}
|
|
44
44
|
async onModuleDestroy() {
|
|
45
45
|
await this.brokerService.unregisterAll();
|