npm - @ozdao/martyrs - Versions diffs - 0.2.473 → 0.2.474 - Mend

@ozdao/martyrs 0.2.473 → 0.2.474

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (134) hide show

package/dist/{globals.abac-CvmZM8XG.mjs → globals.abac-DZpTRxKR.mjs} RENAMED Viewed

@@ -56,8 +56,34 @@ function requireGlobals_abac() {
       }
       return model;
     }
+    /**
+     * Нормализация результата политики для единообразной обработки
+     * @param {any} result - Результат выполнения политики
+     * @param {string} policyName - Имя политики для формирования причины
+     * @returns {Object} Нормализованный результат
+     */
+    _normalizeResult(result, policyName) {
+      if (result && typeof result === "object" && ("allow" in result || "force" in result)) {
+        return {
+          allow: !!result.allow,
+          force: !!result.force,
+          reason: result.reason || `POLICY_${policyName.toUpperCase()}`
+        };
+      }
+      if (result === true) {
+        return { allow: true, force: false, reason: `ALLOWED_BY_${policyName.toUpperCase()}` };
+      }
+      if (result === false) {
+        return { allow: false, force: false, reason: `DENIED_BY_${policyName.toUpperCase()}` };
+      }
+      if (result === void 0 && policyName === "AdminModeratorAccessPolicy" && (this._context && this._context.adminAccessGranted)) {
+        return { allow: true, force: true, reason: "ADMIN_MODERATOR_ACCESS_GRANTED" };
+      }
+      return { allow: true, force: false, reason: `NEUTRAL_${policyName.toUpperCase()}` };
+    }
     // Базовый метод проверки доступа
     async checkAccess(context) {
+      this._context = context;
       const {
         user,
         // Пользователь
@@ -109,27 +135,95 @@ function requireGlobals_abac() {
           };
         }
       }
-      for (const [policyName, policyFn] of Object.entries(this.policies.global)) {
-        const result = await policyFn(context);
-        if (result === false) {
-          return {
-            allowed: false,
-            reason: `DENIED_BY_GLOBAL_POLICY_${policyName.toUpperCase()}`
-          };
+      const policyEntries = Object.entries(this.policies.global);
+      const policyPromises = policyEntries.map(async ([policyName, policyFn]) => {
+        try {
+          const result = await policyFn(context);
+          return { policyName, result };
+        } catch (error) {
+          console.error(`Error in policy ${policyName}:`, error);
+          return { policyName, result: void 0, error };
+        }
+      });
+      const policyResults = await Promise.all(policyPromises);
+      let hasForceAllow = false;
+      let hasForceDisallow = false;
+      let hasDeny = false;
+      let denyReason = "";
+      let allowReason = "";
+      for (const { policyName, result, error } of policyResults) {
+        if (error) continue;
+        const normalizedResult = this._normalizeResult(result, policyName);
+        if (normalizedResult.force) {
+          if (normalizedResult.allow) {
+            hasForceAllow = true;
+            allowReason = normalizedResult.reason;
+          } else {
+            hasForceDisallow = true;
+            denyReason = normalizedResult.reason;
+          }
+        } else if (!normalizedResult.allow) {
+          hasDeny = true;
+          if (!denyReason) denyReason = normalizedResult.reason;
         }
       }
+      if (hasForceDisallow) {
+        return {
+          allowed: false,
+          reason: denyReason || "FORCE_DENIED_BY_POLICY"
+        };
+      }
+      if (hasForceAllow) {
+        return {
+          allowed: true,
+          reason: allowReason || "FORCE_ALLOWED_BY_POLICY"
+        };
+      }
+      if (hasDeny) {
+        return {
+          allowed: false,
+          reason: denyReason || "DENIED_BY_POLICY"
+        };
+      }
       if (this.policies.resources[resource]) {
-        const resourceResult = await this.policies.resources[resource](context);
-        if (resourceResult === true) {
-          return {
-            allowed: true,
-            reason: "RESOURCE_POLICY_ALLOWED"
-          };
+        try {
+          const resourceResult = await this.policies.resources[resource](context);
+          const normalizedResult = this._normalizeResult(resourceResult, `RESOURCE_${resource}`);
+          if (normalizedResult.force) {
+            return {
+              allowed: normalizedResult.allow,
+              reason: normalizedResult.reason
+            };
+          }
+          if (!normalizedResult.allow) {
+            return {
+              allowed: false,
+              reason: normalizedResult.reason
+            };
+          }
+          if (normalizedResult.allow) {
+            return {
+              allowed: true,
+              reason: normalizedResult.reason
+            };
+          }
+        } catch (error) {
+          console.error(`Error in resource policy for ${resource}:`, error);
         }
       }
-      for (const [moduleName, extensionFn] of Object.entries(this.policies.extensions)) {
-        const extensionResult = await extensionFn(context);
-        if (extensionResult && extensionResult.allowed) {
+      const extensionPromises = Object.entries(this.policies.extensions).map(async ([moduleName, extensionFn]) => {
+        try {
+          const extensionResult = await extensionFn(context);
+          return { moduleName, result: extensionResult };
+        } catch (error) {
+          console.error(`Error in extension ${moduleName}:`, error);
+          return { moduleName, result: null, error };
+        }
+      });
+      const extensionResults = await Promise.all(extensionPromises);
+      for (const { moduleName, result, error } of extensionResults) {
+        if (error) continue;
+        if (result && result.allowed) {
           return {
             allowed: true,
             reason: `ALLOWED_BY_${moduleName.toUpperCase()}_EXTENSION`

package/dist/globals.server.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 const _commonjsHelpers = require("./_commonjsHelpers-DHfMLFPC.js");
-const globals_abac = require("./globals.abac-DT0VjfaZ.js");
+const globals_abac = require("./globals.abac-Bn-4tbX8.js");
 const require$$0 = require("ws");
 const require$$0$1 = require("jsonwebtoken");
 var globals_policies;
@@ -9,11 +9,48 @@ function requireGlobals_policies() {
   if (hasRequiredGlobals_policies) return globals_policies;
   hasRequiredGlobals_policies = 1;
   globals_policies = function initializeDefaultPolicies(abacAccessControl) {
+    abacAccessControl.registerGlobalPolicy("AdminModeratorAccessPolicy", async (context) => {
+      const { user, req } = context;
+      if (!user) {
+        return { allow: true, force: false };
+      }
+      try {
+        const userModel = abacAccessControl.db.user;
+        const userDoc = await userModel.findById(user).populate("roles");
+        if (userDoc && userDoc.roles) {
+          context.userDoc = userDoc;
+          userRoles = userDoc.roles.map(
+            (role) => typeof role === "string" ? role : role.name || role
+          );
+        }
+        const isAdmin = userRoles.includes("admin");
+        const isModerator = userRoles.includes("moderator");
+        if (isAdmin || isModerator) {
+          return {
+            allow: true,
+            force: true,
+            reason: isAdmin ? "ADMIN_ACCESS_GRANTED" : "MODERATOR_ACCESS_GRANTED"
+          };
+        }
+        return { allow: true, force: false };
+      } catch (error) {
+        console.error("Error in AdminModeratorPolicy:", error);
+        return { allow: true, force: false };
+      }
+    });
     abacAccessControl.registerGlobalPolicy("PersonalResourceOwnerPolicy", async (context) => {
       let { user, action, data, currentResource, options } = context;
       const ObjectId = abacAccessControl.db.mongoose.Types.ObjectId;
-      if (action === "create" && data.owner.type === "user") {
-        return data.owner.target === user && data.creator.target === user;
+      if (action === "create" && data.owner?.type === "user") {
+        if (data.owner.target === user && data.creator.target === user) {
+          return { allow: true, force: false };
+        } else {
+          return {
+            allow: false,
+            force: false,
+            reason: "UNAUTHORIZED_RESOURCE_CREATION"
+          };
+        }
       }
       if (action === "read") {
         const allowedPublicStatuses = ["published", "active", "featured"];
@@ -23,26 +60,49 @@ function requireGlobals_policies() {
               if (Array.isArray(context.req.query.status)) {
                 for (const queryStatus of context.req.query.status) {
                   if (!allowedPublicStatuses.includes(queryStatus)) {
-                    return false;
+                    return {
+                      allow: false,
+                      force: true,
+                      // Стопроцентный запрет для неразрешенных статусов
+                      reason: "UNAUTHORIZED_STATUS_ACCESS"
+                    };
                   }
                 }
               } else {
                 if (!allowedPublicStatuses.includes(context.req.query.status)) {
-                  return false;
+                  return {
+                    allow: false,
+                    force: true,
+                    // Стопроцентный запрет для неразрешенных статусов
+                    reason: "UNAUTHORIZED_STATUS_ACCESS"
+                  };
                 }
               }
             }
           }
           if (currentResource && !allowedPublicStatuses.includes(currentResource.status)) {
-            return false;
+            return {
+              allow: false,
+              force: true,
+              // Стопроцентный запрет для неразрешенных статусов
+              reason: "UNAUTHORIZED_RESOURCE_ACCESS"
+            };
           }
         }
-        return true;
+        return { allow: true, force: false };
       }
-      if ((action === "edit" || action === "delete") && currentResource && currentResource.owner.type === "user") {
-        return currentResource.creator.target.equals(new ObjectId(user));
+      if ((action === "edit" || action === "delete") && currentResource && currentResource.owner?.type === "user") {
+        if (currentResource.creator.target.equals(new ObjectId(user))) {
+          return { allow: true, force: false };
+        } else {
+          return {
+            allow: false,
+            force: false,
+            reason: "NOT_RESOURCE_OWNER"
+          };
+        }
       }
-      return true;
+      return { allow: true, force: false };
     });
     return abacAccessControl;
   };

package/dist/globals.server.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
 import { g as getDefaultExportFromCjs } from "./_commonjsHelpers-CUmg6egw.mjs";
-import { r as requireGlobals_abac } from "./globals.abac-CvmZM8XG.mjs";
+import { r as requireGlobals_abac } from "./globals.abac-DZpTRxKR.mjs";
 import require$$0 from "ws";
 import require$$0$1 from "jsonwebtoken";
 var globals_policies;
@@ -8,11 +8,48 @@ function requireGlobals_policies() {
   if (hasRequiredGlobals_policies) return globals_policies;
   hasRequiredGlobals_policies = 1;
   globals_policies = function initializeDefaultPolicies(abacAccessControl) {
+    abacAccessControl.registerGlobalPolicy("AdminModeratorAccessPolicy", async (context) => {
+      const { user, req } = context;
+      if (!user) {
+        return { allow: true, force: false };
+      }
+      try {
+        const userModel = abacAccessControl.db.user;
+        const userDoc = await userModel.findById(user).populate("roles");
+        if (userDoc && userDoc.roles) {
+          context.userDoc = userDoc;
+          userRoles = userDoc.roles.map(
+            (role) => typeof role === "string" ? role : role.name || role
+          );
+        }
+        const isAdmin = userRoles.includes("admin");
+        const isModerator = userRoles.includes("moderator");
+        if (isAdmin || isModerator) {
+          return {
+            allow: true,
+            force: true,
+            reason: isAdmin ? "ADMIN_ACCESS_GRANTED" : "MODERATOR_ACCESS_GRANTED"
+          };
+        }
+        return { allow: true, force: false };
+      } catch (error) {
+        console.error("Error in AdminModeratorPolicy:", error);
+        return { allow: true, force: false };
+      }
+    });
     abacAccessControl.registerGlobalPolicy("PersonalResourceOwnerPolicy", async (context) => {
       let { user, action, data, currentResource, options } = context;
       const ObjectId = abacAccessControl.db.mongoose.Types.ObjectId;
-      if (action === "create" && data.owner.type === "user") {
-        return data.owner.target === user && data.creator.target === user;
+      if (action === "create" && data.owner?.type === "user") {
+        if (data.owner.target === user && data.creator.target === user) {
+          return { allow: true, force: false };
+        } else {
+          return {
+            allow: false,
+            force: false,
+            reason: "UNAUTHORIZED_RESOURCE_CREATION"
+          };
+        }
       }
       if (action === "read") {
         const allowedPublicStatuses = ["published", "active", "featured"];
@@ -22,26 +59,49 @@ function requireGlobals_policies() {
               if (Array.isArray(context.req.query.status)) {
                 for (const queryStatus of context.req.query.status) {
                   if (!allowedPublicStatuses.includes(queryStatus)) {
-                    return false;
+                    return {
+                      allow: false,
+                      force: true,
+                      // Стопроцентный запрет для неразрешенных статусов
+                      reason: "UNAUTHORIZED_STATUS_ACCESS"
+                    };
                   }
                 }
               } else {
                 if (!allowedPublicStatuses.includes(context.req.query.status)) {
-                  return false;
+                  return {
+                    allow: false,
+                    force: true,
+                    // Стопроцентный запрет для неразрешенных статусов
+                    reason: "UNAUTHORIZED_STATUS_ACCESS"
+                  };
                 }
               }
             }
           }
           if (currentResource && !allowedPublicStatuses.includes(currentResource.status)) {
-            return false;
+            return {
+              allow: false,
+              force: true,
+              // Стопроцентный запрет для неразрешенных статусов
+              reason: "UNAUTHORIZED_RESOURCE_ACCESS"
+            };
           }
         }
-        return true;
+        return { allow: true, force: false };
       }
-      if ((action === "edit" || action === "delete") && currentResource && currentResource.owner.type === "user") {
-        return currentResource.creator.target.equals(new ObjectId(user));
+      if ((action === "edit" || action === "delete") && currentResource && currentResource.owner?.type === "user") {
+        if (currentResource.creator.target.equals(new ObjectId(user))) {
+          return { allow: true, force: false };
+        } else {
+          return {
+            allow: false,
+            force: false,
+            reason: "NOT_RESOURCE_OWNER"
+          };
+        }
       }
-      return true;
+      return { allow: true, force: false };
     });
     return abacAccessControl;
   };

package/dist/{globals.verifier-C_VZYebB.mjs → globals.verifier-BdJxc8-8.mjs} RENAMED Viewed

@@ -232,6 +232,37 @@ function requireGlobals_validator() {
       });
       return this;
     }
+    /**
+     * Проверяет, что значение соответствует одному из указанных типов через уже существующие правила валидатора
+     * @param {string[]} types - Массив допустимых типов (например: ['string', 'number', 'null', 'array'])
+     * @param {string} [message] - Сообщение об ошибке
+     * @returns {Validator}
+     */
+    oneOfTypes(types, message) {
+      const validators = types.map((type) => {
+        const schema = Validator.schema();
+        if (type === "string") return schema.string();
+        if (type === "number") return schema.number();
+        if (type === "integer") return schema.integer();
+        if (type === "boolean") return schema.boolean();
+        if (type === "array") return schema.array();
+        if (type === "object") return schema.object({});
+        if (type === "date") return schema.date();
+        if (type === "null") {
+          return Validator.schema().custom((val) => val === null, "Значение должно быть null");
+        }
+        throw new Error(`Unsupported type in oneOfTypes: ${type}`);
+      });
+      this.rules.push({
+        type: "oneOfTypes",
+        check: (value) => {
+          return validators.some((validator) => validator.validate(value).isValid);
+        },
+        param: types,
+        message
+      });
+      return this;
+    }
     /**
      * Добавляет пользовательскую проверку
      * @param {function} fn - Функция проверки
@@ -369,6 +400,8 @@ function requireGlobals_validator() {
           return `${context}должно быть корректным email-адресом`;
         case "oneOf":
           return `${context}должно быть одним из: ${rule.param.join(", ")}`;
+        case "oneOfTypes":
+          return `${context}должно быть одного из типов: ${rule.param.join(", ")}`;
         case "custom":
           return rule.param;
         case "items":
@@ -550,6 +583,7 @@ function requireGlobals_verifier() {
       if (Object.keys(result.verificationErrors).length === 0) {
         result.verificationErrors = null;
       }
+      console.log("Verification result:", result);
       return result;
     }
     /**

package/dist/{globals.verifier-ChDpCdy_.js → globals.verifier-CKYpYfQl.js} RENAMED Viewed

@@ -233,6 +233,37 @@ function requireGlobals_validator() {
       });
       return this;
     }
+    /**
+     * Проверяет, что значение соответствует одному из указанных типов через уже существующие правила валидатора
+     * @param {string[]} types - Массив допустимых типов (например: ['string', 'number', 'null', 'array'])
+     * @param {string} [message] - Сообщение об ошибке
+     * @returns {Validator}
+     */
+    oneOfTypes(types, message) {
+      const validators = types.map((type) => {
+        const schema = Validator.schema();
+        if (type === "string") return schema.string();
+        if (type === "number") return schema.number();
+        if (type === "integer") return schema.integer();
+        if (type === "boolean") return schema.boolean();
+        if (type === "array") return schema.array();
+        if (type === "object") return schema.object({});
+        if (type === "date") return schema.date();
+        if (type === "null") {
+          return Validator.schema().custom((val) => val === null, "Значение должно быть null");
+        }
+        throw new Error(`Unsupported type in oneOfTypes: ${type}`);
+      });
+      this.rules.push({
+        type: "oneOfTypes",
+        check: (value) => {
+          return validators.some((validator) => validator.validate(value).isValid);
+        },
+        param: types,
+        message
+      });
+      return this;
+    }
     /**
      * Добавляет пользовательскую проверку
      * @param {function} fn - Функция проверки
@@ -370,6 +401,8 @@ function requireGlobals_validator() {
           return `${context}должно быть корректным email-адресом`;
         case "oneOf":
           return `${context}должно быть одним из: ${rule.param.join(", ")}`;
+        case "oneOfTypes":
+          return `${context}должно быть одного из типов: ${rule.param.join(", ")}`;
         case "custom":
           return rule.param;
         case "items":
@@ -551,6 +584,7 @@ function requireGlobals_verifier() {
       if (Object.keys(result.verificationErrors).length === 0) {
         result.verificationErrors = null;
       }
+      console.log("Verification result:", result);
       return result;
     }
     /**

package/dist/{index-CVXl1rB5.js → index-BOmxJQ5W.js} RENAMED Viewed

@@ -1,92 +1,13 @@
 "use strict";
-const require$$0 = require("jsonwebtoken");
-const require$$0$1 = require("crypto");
-const require$$0$2 = require("mongodb");
-var authJwt;
-var hasRequiredAuthJwt;
-function requireAuthJwt() {
-  if (hasRequiredAuthJwt) return authJwt;
-  hasRequiredAuthJwt = 1;
-  const jwt = require$$0;
-  const middlewareFactory = (db) => {
-    const User = db.user;
-    const Role = db.role;
-    const verifyToken = (continueOnFail = false) => {
-      return async (req, res, next) => {
-        try {
-          let token = req.headers["x-access-token"];
-          if (!token && req.cookies.user) {
-            let user = JSON.parse(req.cookies.user);
-            token = user.accessToken;
-          }
-          if (req.headers["x-service-key"]) {
-            const serviceKey = req.headers["x-service-key"];
-            const validServiceKey = process.env.SERVICE_KEY;
-            if (serviceKey !== validServiceKey) {
-              return res.status(403).send({ message: "Unauthorized: Invalid service key" });
-            }
-            req.isServiceRequest = true;
-            return next();
-          }
-          if (!token) {
-            req.userId = null;
-            if (continueOnFail) {
-              return next();
-            } else {
-              return res.status(401).send({ message: "Unauthorized: No token provided" });
-            }
-          }
-          const decoded = jwt.verify(token, process.env.SECRET_KEY);
-          req.userId = decoded._id;
-          req.user = {
-            _id: decoded._id
-          };
-          next();
-        } catch (err) {
-          req.userId = null;
-          if (continueOnFail) {
-            next();
-          } else {
-            res.status(401).send({ message: "Unauthorized: Invalid token" });
-          }
-        }
-      };
-    };
-    const checkRole = (roleToCheck) => async (req, res, next) => {
-      try {
-        const user = await User.findById(req.userId).exec();
-        if (!user) {
-          return res.status(404).send({ message: "User Not found." });
-        }
-        const roles = await Role.find({ _id: { $in: user.roles } }).exec();
-        for (let role of roles) {
-          if (role.name === roleToCheck) {
-            next();
-            return;
-          }
-        }
-        res.status(403).send({ message: `Require ${roleToCheck} Role!` });
-      } catch (err) {
-        res.status(500).send({ message: err.message });
-      }
-    };
-    const isAdmin = checkRole("admin");
-    const isModerator = checkRole("moderator");
-    return {
-      verifyToken,
-      isAdmin,
-      isModerator
-    };
-  };
-  authJwt = middlewareFactory;
-  return authJwt;
-}
+const authJwt = require("./authJwt-CELQKF2s.js");
+const require$$0 = require("crypto");
+const require$$0$1 = require("mongodb");
 var authSecret;
 var hasRequiredAuthSecret;
 function requireAuthSecret() {
   if (hasRequiredAuthSecret) return authSecret;
   hasRequiredAuthSecret = 1;
-  const crypto = require$$0$1;
+  const crypto = require$$0;
   const middlewareFactory = () => {
     const verifySecret = (method, endpoint, secret) => async (req, res, next) => {
       const requestSignature = req.headers.signature;
@@ -207,7 +128,7 @@ var hasRequiredVerifyInvites;
 function requireVerifyInvites() {
   if (hasRequiredVerifyInvites) return verifyInvites;
   hasRequiredVerifyInvites = 1;
-  const { ObjectId } = require$$0$2;
+  const { ObjectId } = require$$0$1;
   const middlewareFactory = (db) => {
     const User = db.user;
     const Invite = db.invite;
@@ -265,13 +186,13 @@ function requireMiddlewares() {
   if (hasRequiredMiddlewares) return middlewares;
   hasRequiredMiddlewares = 1;
   const middlewareIndexFactory = (db) => {
-    const authJwt2 = requireAuthJwt()(db);
+    const authJwt$1 = authJwt.requireAuthJwt()(db);
     const authSecret2 = requireAuthSecret()();
     const verifySignUp2 = requireVerifySignUp()(db);
     const verifyUser2 = requireVerifyUser()(db);
     const verifyInvites2 = requireVerifyInvites()(db);
     return {
-      authJwt: authJwt2,
+      authJwt: authJwt$1,
       authSecret: authSecret2,
       verifySignUp: verifySignUp2,
       verifyUser: verifyUser2,