@pax2pay/model-banking 0.1.473 → 0.1.475
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Card/Creatable.ts +1 -0
- package/Identity.ts +55 -17
- package/dist/cjs/Card/Creatable.js +1 -0
- package/dist/cjs/Card/Creatable.js.map +1 -1
- package/dist/cjs/Identity.d.ts +19 -6
- package/dist/cjs/Identity.js +15 -7
- package/dist/cjs/Identity.js.map +1 -1
- package/dist/mjs/Card/Creatable.js +1 -0
- package/dist/mjs/Card/Creatable.js.map +1 -1
- package/dist/mjs/Identity.d.ts +19 -6
- package/dist/mjs/Identity.js +15 -7
- package/dist/mjs/Identity.js.map +1 -1
- package/package.json +1 -1
package/Card/Creatable.ts
CHANGED
package/Identity.ts
CHANGED
|
@@ -1,14 +1,19 @@
|
|
|
1
|
+
import { gracely } from "gracely"
|
|
1
2
|
import { userwidgets } from "@userwidgets/model"
|
|
2
3
|
import { Key } from "./Key"
|
|
3
4
|
import { Realm } from "./Realm"
|
|
4
5
|
|
|
5
|
-
export class Identity {
|
|
6
|
+
export class Identity<T extends Identity.Require = never> {
|
|
6
7
|
#realms: Realm[] | undefined
|
|
7
8
|
get realms(): Realm[] | undefined {
|
|
8
9
|
return (this.#realms ??= Identity.getRealms(this.key.permissions))
|
|
9
10
|
}
|
|
10
11
|
|
|
11
|
-
constructor(
|
|
12
|
+
constructor(
|
|
13
|
+
readonly key: Key,
|
|
14
|
+
readonly realm: T["realm"] extends true ? Realm : Realm | undefined,
|
|
15
|
+
readonly organization: T["organization"] extends true ? string : string | undefined
|
|
16
|
+
) {}
|
|
12
17
|
check(constraint: Key.Permissions | Key.Permissions[], realm?: Realm, organization?: string): boolean {
|
|
13
18
|
return Array.isArray(constraint)
|
|
14
19
|
? constraint.some(c => this.check(c, realm, organization))
|
|
@@ -25,32 +30,53 @@ export class Identity {
|
|
|
25
30
|
)
|
|
26
31
|
}
|
|
27
32
|
|
|
28
|
-
static async authenticate<T extends
|
|
33
|
+
static async authenticate<T extends Identity.Require = Record<string, never>>(
|
|
34
|
+
header: Identity.Header,
|
|
35
|
+
constraint: Key.Permissions | Key.Permissions[],
|
|
36
|
+
requires?: T,
|
|
37
|
+
verifier?: userwidgets.User.Key.Verifier<Key>,
|
|
38
|
+
output?: "undefined"
|
|
39
|
+
): Promise<Identity<T> | undefined>
|
|
40
|
+
static async authenticate<T extends Identity.Require = Record<string, never>>(
|
|
29
41
|
header: { authorization?: string | undefined; realm?: Realm; organization?: string },
|
|
30
42
|
constraint: Key.Permissions | Key.Permissions[],
|
|
31
43
|
requires?: T,
|
|
32
|
-
verifier
|
|
33
|
-
|
|
44
|
+
verifier?: userwidgets.User.Key.Verifier<Key>,
|
|
45
|
+
output?: "error"
|
|
46
|
+
): Promise<Identity<T> | gracely.Error>
|
|
47
|
+
static async authenticate<T extends Identity.Require = Record<string, never>>(
|
|
48
|
+
header: { authorization?: string | undefined; realm?: Realm; organization?: string },
|
|
49
|
+
constraint: Key.Permissions | Key.Permissions[],
|
|
50
|
+
requires?: T,
|
|
51
|
+
verifier: userwidgets.User.Key.Verifier<Key> = productionVerifier,
|
|
52
|
+
output: "error" | "undefined" = "undefined"
|
|
53
|
+
): Promise<Identity<T> | (gracely.Error | undefined)> {
|
|
54
|
+
let result: Identity<T> | gracely.Error | undefined
|
|
34
55
|
const authorization = header.authorization?.startsWith("Bearer ")
|
|
35
56
|
? header.authorization.replace("Bearer ", "")
|
|
36
57
|
: undefined
|
|
37
58
|
const key = await Identity.verify(authorization, verifier)
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
59
|
+
if (!key)
|
|
60
|
+
output !== "undefined" && (result = gracely.client.unauthorized())
|
|
61
|
+
else {
|
|
62
|
+
const realms = Identity.getRealms(key.permissions)
|
|
63
|
+
const identity = new Identity(
|
|
42
64
|
key,
|
|
43
65
|
(realms?.length == 1 ? realms[0] : header.realm) as Realm,
|
|
44
66
|
(key.organization ?? header.organization) as string
|
|
45
67
|
)
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
68
|
+
const requirement = (
|
|
69
|
+
value: Identity | undefined
|
|
70
|
+
): value is
|
|
71
|
+
| (keyof T extends keyof Identity ? Required<Pick<Identity, keyof T>> & Identity : Identity)
|
|
72
|
+
| undefined =>
|
|
73
|
+
(requires?.organization ? !!identity?.organization : true) &&
|
|
74
|
+
(requires?.realm ? Realm.type.is(identity?.realm) : true)
|
|
75
|
+
result =
|
|
76
|
+
(identity?.check(constraint) && requirement(identity) && identity) ||
|
|
77
|
+
(output === "undefined" ? undefined : gracely.client.forbidden())
|
|
78
|
+
}
|
|
79
|
+
return result
|
|
54
80
|
}
|
|
55
81
|
static async verify(
|
|
56
82
|
authorization: string | undefined,
|
|
@@ -68,6 +94,18 @@ export class Identity {
|
|
|
68
94
|
]
|
|
69
95
|
}
|
|
70
96
|
}
|
|
97
|
+
|
|
98
|
+
export namespace Identity {
|
|
99
|
+
export type Require = {
|
|
100
|
+
realm?: true
|
|
101
|
+
organization?: true
|
|
102
|
+
}
|
|
103
|
+
export interface Header {
|
|
104
|
+
authorization?: string | undefined
|
|
105
|
+
realm?: Realm
|
|
106
|
+
organization?: string
|
|
107
|
+
}
|
|
108
|
+
}
|
|
71
109
|
const publicKey =
|
|
72
110
|
"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2W8CD2kpfS4QIRV2/rgm4NVvsvJsYNMHtnIl9ADvO3A81hAmRKvOAPVoXICe6+EuZ47jGjGL7f48GEoQuITfBPv/MosCDj1YhJ56ILDynCSd8FlxDrhv8pl5IquST7tcL6Hc6m+vuvoTLrFQ5QqNxv0a5eDd/YTrWv7SUuRfBEhYd/wMysGynN3QauHqy5ceBCt1nv1MJLGlSzczMRK7wjy1zi2g9NCHZBOoo1HXOpi727Xh+YXHc9EP2TN0oOXyxykv45nkGIDI0Qek3/pfkavClBffc1sEqA+rUx7YqRN9KGYxwLMLug+NOOh3ptqjfobXbR5fx/sUWhvcjUMTE1JreTrWYbGmVnjd/SeYSClfmGhdTBUfqnZbaABv0ruTXva18qRhP4y143vHMk/k8HzbuROTKAzrtEeLIjgwUgDcnE+JwDqcb8tKSGV6i++TiTldlSBCRTT4dK2hpHJje80b2abqtrbCkxbJlT98UsAAoiq2eW1X6lYmCfiGCJPkfswibQ2tPAKKNe/2xuHPsjx4FuXGmV0dbzmCwSIQoApXqOvKzoNFi6AaKIjxfNmiEigLwKpNrw08H0lVZbq/9MMxI3TzMTZjY9QmBKVLSGy3Z6IJqZpyK22lv7whJcllG0Qw8tv8+7wmC8SR3+4jpuxuFGZ+69CW+otx+CPMJjcCAwEAAQ=="
|
|
73
111
|
const productionVerifier = userwidgets.User.Key.Verifier.create<Key>(publicKey)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Creatable.js","sourceRoot":"","sources":["../../../Card/Creatable.ts"],"names":[],"mappings":";;;AAAA,iCAA6B;AAC7B,mCAAwC;AACxC,+BAA2B;AAC3B,iCAAqC;AAGrC,uCAA+C;AAC/C,qCAAiC;AACjC,iCAA6B;AAC7B,qCAAiC;AAgBjC,IAAiB,SAAS,
|
|
1
|
+
{"version":3,"file":"Creatable.js","sourceRoot":"","sources":["../../../Card/Creatable.ts"],"names":[],"mappings":";;;AAAA,iCAA6B;AAC7B,mCAAwC;AACxC,+BAA2B;AAC3B,iCAAqC;AAGrC,uCAA+C;AAC/C,qCAAiC;AACjC,iCAA6B;AAC7B,qCAAiC;AAgBjC,IAAiB,SAAS,CAsCzB;AAtCD,WAAiB,SAAS;IACZ,cAAI,GAAG,WAAI,CAAC,MAAM,CAAY;QAC1C,OAAO,EAAE,WAAI,CAAC,MAAM,EAAE;QACtB,MAAM,EAAE,WAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAChC,MAAM,EAAE,eAAM,CAAC,IAAI;QACnB,OAAO,EAAE,WAAI,CAAC,MAAM,CAAC;YACpB,MAAM,EAAE,eAAM,CAAC,IAAI;YACnB,MAAM,EAAE,WAAI,CAAC,MAAM,EAAE;SACrB,CAAC;QACF,KAAK,EAAE,WAAI,CAAC,KAAK,CAAC,WAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,aAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,WAAI,CAAC,MAAM,EAAE,CAAC;QAClF,KAAK,EAAE,WAAQ,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;QAClC,IAAI,EAAE,WAAI,CAAC,MAAM,CAAC,WAAW,EAAE,WAAI,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;QAClD,GAAG,EAAE,WAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC7B,CAAC,CAAA;IACW,eAAK,GAAG,YAAK,CAAC,MAAM,CAAY;QAC5C,OAAO,EAAE,YAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,yCAAyC,CAAC;QAC7F,MAAM,EAAE,YAAK,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,6CAA6C,CAAC;QAC1G,MAAM,EAAE,eAAM,CAAC,KAAK;QACpB,OAAO,EAAE,YAAK;aACZ,MAAM,CAAC;YACP,MAAM,EAAE,eAAM,CAAC,KAAK;YACpB,MAAM,EAAE,YAAK,CAAC,MAAM,EAAE;SACtB,CAAC;aACD,MAAM,CAAC,SAAS,CAAC;aACjB,QAAQ,CAAC,uEAAuE,CAAC;QACnF,KAAK,EAAE,YAAK;aACV,KAAK,CAAC,cAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC;aACxG,MAAM,CAAC,OAAO,CAAC;aACf,QAAQ,CAAC,+CAA+C,CAAC;QAC3D,KAAK,EAAE,YAAK;aACV,IAAI,CAAC,MAAM,EAAE,WAAQ,CAAC,EAAE,CAAC;aACzB,KAAK,EAAE;aACP,QAAQ,EAAE;aACV,MAAM,CAAC,OAAO,CAAC;aACf,QAAQ,CAAC,+DAA+D,CAAC;QAC3E,IAAI,EAAE,YAAK,CAAC,IAAI,CAAC,MAAM,EAAE,WAAI,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC5C,GAAG,EAAE,YAAK,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC9B,CAAC,CAAA;AACH,CAAC,EAtCgB,SAAS,yBAAT,SAAS,QAsCzB"}
|
package/dist/cjs/Identity.d.ts
CHANGED
|
@@ -1,20 +1,33 @@
|
|
|
1
|
+
import { gracely } from "gracely";
|
|
1
2
|
import { userwidgets } from "@userwidgets/model";
|
|
2
3
|
import { Key } from "./Key";
|
|
3
4
|
import { Realm } from "./Realm";
|
|
4
|
-
export declare class Identity {
|
|
5
|
+
export declare class Identity<T extends Identity.Require = never> {
|
|
5
6
|
#private;
|
|
6
7
|
readonly key: Key;
|
|
7
|
-
readonly realm
|
|
8
|
-
readonly organization
|
|
8
|
+
readonly realm: T["realm"] extends true ? Realm : Realm | undefined;
|
|
9
|
+
readonly organization: T["organization"] extends true ? string : string | undefined;
|
|
9
10
|
get realms(): Realm[] | undefined;
|
|
10
|
-
constructor(key: Key, realm
|
|
11
|
+
constructor(key: Key, realm: T["realm"] extends true ? Realm : Realm | undefined, organization: T["organization"] extends true ? string : string | undefined);
|
|
11
12
|
check(constraint: Key.Permissions | Key.Permissions[], realm?: Realm, organization?: string): boolean;
|
|
12
13
|
collectionCheck(collection: string): boolean;
|
|
13
|
-
static authenticate<T extends
|
|
14
|
+
static authenticate<T extends Identity.Require = Record<string, never>>(header: Identity.Header, constraint: Key.Permissions | Key.Permissions[], requires?: T, verifier?: userwidgets.User.Key.Verifier<Key>, output?: "undefined"): Promise<Identity<T> | undefined>;
|
|
15
|
+
static authenticate<T extends Identity.Require = Record<string, never>>(header: {
|
|
14
16
|
authorization?: string | undefined;
|
|
15
17
|
realm?: Realm;
|
|
16
18
|
organization?: string;
|
|
17
|
-
}, constraint: Key.Permissions | Key.Permissions[], requires?: T, verifier?: userwidgets.User.Key.Verifier<Key
|
|
19
|
+
}, constraint: Key.Permissions | Key.Permissions[], requires?: T, verifier?: userwidgets.User.Key.Verifier<Key>, output?: "error"): Promise<Identity<T> | gracely.Error>;
|
|
18
20
|
static verify(authorization: string | undefined, verifier?: userwidgets.User.Key.Verifier<Key>): Promise<Key | undefined>;
|
|
19
21
|
static getRealms(permissions: Key.Permissions): Realm[];
|
|
20
22
|
}
|
|
23
|
+
export declare namespace Identity {
|
|
24
|
+
type Require = {
|
|
25
|
+
realm?: true;
|
|
26
|
+
organization?: true;
|
|
27
|
+
};
|
|
28
|
+
interface Header {
|
|
29
|
+
authorization?: string | undefined;
|
|
30
|
+
realm?: Realm;
|
|
31
|
+
organization?: string;
|
|
32
|
+
}
|
|
33
|
+
}
|
package/dist/cjs/Identity.js
CHANGED
|
@@ -13,6 +13,7 @@ var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (
|
|
|
13
13
|
var _Identity_realms;
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.Identity = void 0;
|
|
16
|
+
const gracely_1 = require("gracely");
|
|
16
17
|
const model_1 = require("@userwidgets/model");
|
|
17
18
|
const Realm_1 = require("./Realm");
|
|
18
19
|
class Identity {
|
|
@@ -38,17 +39,24 @@ class Identity {
|
|
|
38
39
|
collectionCheck(collection) {
|
|
39
40
|
return Object.values(this.key.permissions).some(value => (typeof value == "object" && value[collection]) || value == true);
|
|
40
41
|
}
|
|
41
|
-
static async authenticate(header, constraint, requires, verifier = productionVerifier) {
|
|
42
|
+
static async authenticate(header, constraint, requires, verifier = productionVerifier, output = "undefined") {
|
|
43
|
+
let result;
|
|
42
44
|
const authorization = header.authorization?.startsWith("Bearer ")
|
|
43
45
|
? header.authorization.replace("Bearer ", "")
|
|
44
46
|
: undefined;
|
|
45
47
|
const key = await Identity.verify(authorization, verifier);
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
(
|
|
51
|
-
|
|
48
|
+
if (!key)
|
|
49
|
+
output !== "undefined" && (result = gracely_1.gracely.client.unauthorized());
|
|
50
|
+
else {
|
|
51
|
+
const realms = Identity.getRealms(key.permissions);
|
|
52
|
+
const identity = new Identity(key, (realms?.length == 1 ? realms[0] : header.realm), (key.organization ?? header.organization));
|
|
53
|
+
const requirement = (value) => (requires?.organization ? !!identity?.organization : true) &&
|
|
54
|
+
(requires?.realm ? Realm_1.Realm.type.is(identity?.realm) : true);
|
|
55
|
+
result =
|
|
56
|
+
(identity?.check(constraint) && requirement(identity) && identity) ||
|
|
57
|
+
(output === "undefined" ? undefined : gracely_1.gracely.client.forbidden());
|
|
58
|
+
}
|
|
59
|
+
return result;
|
|
52
60
|
}
|
|
53
61
|
static async verify(authorization, verifier = productionVerifier) {
|
|
54
62
|
return await verifier.verify(authorization);
|
package/dist/cjs/Identity.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Identity.js","sourceRoot":"","sources":["../../Identity.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8CAAgD;AAEhD,mCAA+B;AAE/B,MAAa,QAAQ;IAEpB,IAAI,MAAM;QACT,OAAO,CAAC,sGAAiB,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,MAAA,CAAC,CAAA;IACnE,CAAC;IAED,
|
|
1
|
+
{"version":3,"file":"Identity.js","sourceRoot":"","sources":["../../Identity.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,qCAAiC;AACjC,8CAAgD;AAEhD,mCAA+B;AAE/B,MAAa,QAAQ;IAEpB,IAAI,MAAM;QACT,OAAO,CAAC,sGAAiB,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,MAAA,CAAC,CAAA;IACnE,CAAC;IAED,YACU,GAAQ,EACR,KAA0D,EAC1D,YAA0E;QAF1E,QAAG,GAAH,GAAG,CAAK;QACR,UAAK,GAAL,KAAK,CAAqD;QAC1D,iBAAY,GAAZ,YAAY,CAA8D;QARpF,mCAA4B;IASzB,CAAC;IACJ,KAAK,CAAC,UAA+C,EAAE,KAAa,EAAE,YAAqB;QAC1F,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;YAC/B,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;YAC1D,CAAC,CAAC;gBACA,EAAE,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,YAAY,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE;gBAC/E,EAAE,CAAC,GAAG,YAAY,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE;gBACxD,EAAE,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,EAAE,UAAU,EAAE;gBAC5C,EAAE,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE;aACtB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,mBAAW,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAA;IAC5E,CAAC;IACD,eAAe,CAAC,UAAkB;QACjC,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,CAC9C,KAAK,CAAC,EAAE,CAAC,CAAC,OAAO,KAAK,IAAI,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CACzE,CAAA;IACF,CAAC;IAgBD,MAAM,CAAC,KAAK,CAAC,YAAY,CACxB,MAAoF,EACpF,UAA+C,EAC/C,QAAY,EACZ,WAA+C,kBAAkB,EACjE,SAAgC,WAAW;QAE3C,IAAI,MAA+C,CAAA;QACnD,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,EAAE,UAAU,CAAC,SAAS,CAAC;YAChE,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAA;QACZ,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAA;QAC1D,IAAI,CAAC,GAAG;YACP,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,GAAG,iBAAO,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAA;aAC9D,CAAC;YACL,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;YAClD,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAC5B,GAAG,EACH,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAU,EACzD,CAAC,GAAG,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAW,CACnD,CAAA;YACD,MAAM,WAAW,GAAG,CACnB,KAA2B,EAGf,EAAE,CACd,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC1D,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,aAAK,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YAC1D,MAAM;gBACL,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;oBAClE,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAO,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAA;QACnE,CAAC;QACD,OAAO,MAAM,CAAA;IACd,CAAC;IACD,MAAM,CAAC,KAAK,CAAC,MAAM,CAClB,aAAiC,EACjC,WAA+C,kBAAkB;QAEjE,OAAO,MAAM,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAC5C,CAAC;IACD,MAAM,CAAC,SAAS,CAAC,WAA4B;QAC5C,OAAO;YACN,GAAG,IAAI,GAAG,CACT,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CACvC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,aAAK,CAAC,MAAM,CAAC,CAAC,CAAC,aAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CACnF,CACD;SACD,CAAA;IACF,CAAC;CACD;AA1FD,4BA0FC;;AAaD,MAAM,SAAS,GACd,kuBAAkuB,CAAA;AACnuB,MAAM,kBAAkB,GAAG,mBAAW,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAM,SAAS,CAAC,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Creatable.js","sourceRoot":"","sources":["../../../Card/Creatable.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,OAAO,CAAA;AAC7B,OAAO,EAAE,KAAK,IAAI,MAAM,EAAE,MAAM,QAAQ,CAAA;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,IAAI,IAAI,KAAK,EAAE,MAAM,OAAO,CAAA;AAGrC,OAAO,EAAE,IAAI,IAAI,QAAQ,EAAE,MAAM,cAAc,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAC7B,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AAgBjC,MAAM,KAAW,SAAS,
|
|
1
|
+
{"version":3,"file":"Creatable.js","sourceRoot":"","sources":["../../../Card/Creatable.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,OAAO,CAAA;AAC7B,OAAO,EAAE,KAAK,IAAI,MAAM,EAAE,MAAM,QAAQ,CAAA;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,IAAI,IAAI,KAAK,EAAE,MAAM,OAAO,CAAA;AAGrC,OAAO,EAAE,IAAI,IAAI,QAAQ,EAAE,MAAM,cAAc,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAC7B,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AAgBjC,MAAM,KAAW,SAAS,CAsCzB;AAtCD,WAAiB,SAAS;IACZ,cAAI,GAAG,IAAI,CAAC,MAAM,CAAY;QAC1C,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE;QACtB,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAChC,MAAM,EAAE,MAAM,CAAC,IAAI;QACnB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;YACpB,MAAM,EAAE,MAAM,CAAC,IAAI;YACnB,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;SACrB,CAAC;QACF,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;QAClF,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;QAClC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;QAClD,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC7B,CAAC,CAAA;IACW,eAAK,GAAG,KAAK,CAAC,MAAM,CAAY;QAC5C,OAAO,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,yCAAyC,CAAC;QAC7F,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,6CAA6C,CAAC;QAC1G,MAAM,EAAE,MAAM,CAAC,KAAK;QACpB,OAAO,EAAE,KAAK;aACZ,MAAM,CAAC;YACP,MAAM,EAAE,MAAM,CAAC,KAAK;YACpB,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE;SACtB,CAAC;aACD,MAAM,CAAC,SAAS,CAAC;aACjB,QAAQ,CAAC,uEAAuE,CAAC;QACnF,KAAK,EAAE,KAAK;aACV,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC,CAAC;aACxG,MAAM,CAAC,OAAO,CAAC;aACf,QAAQ,CAAC,+CAA+C,CAAC;QAC3D,KAAK,EAAE,KAAK;aACV,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;aACzB,KAAK,EAAE;aACP,QAAQ,EAAE;aACV,MAAM,CAAC,OAAO,CAAC;aACf,QAAQ,CAAC,+DAA+D,CAAC;QAC3E,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC5C,GAAG,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC9B,CAAC,CAAA;AACH,CAAC,EAtCgB,SAAS,KAAT,SAAS,QAsCzB"}
|
package/dist/mjs/Identity.d.ts
CHANGED
|
@@ -1,20 +1,33 @@
|
|
|
1
|
+
import { gracely } from "gracely";
|
|
1
2
|
import { userwidgets } from "@userwidgets/model";
|
|
2
3
|
import { Key } from "./Key";
|
|
3
4
|
import { Realm } from "./Realm";
|
|
4
|
-
export declare class Identity {
|
|
5
|
+
export declare class Identity<T extends Identity.Require = never> {
|
|
5
6
|
#private;
|
|
6
7
|
readonly key: Key;
|
|
7
|
-
readonly realm
|
|
8
|
-
readonly organization
|
|
8
|
+
readonly realm: T["realm"] extends true ? Realm : Realm | undefined;
|
|
9
|
+
readonly organization: T["organization"] extends true ? string : string | undefined;
|
|
9
10
|
get realms(): Realm[] | undefined;
|
|
10
|
-
constructor(key: Key, realm
|
|
11
|
+
constructor(key: Key, realm: T["realm"] extends true ? Realm : Realm | undefined, organization: T["organization"] extends true ? string : string | undefined);
|
|
11
12
|
check(constraint: Key.Permissions | Key.Permissions[], realm?: Realm, organization?: string): boolean;
|
|
12
13
|
collectionCheck(collection: string): boolean;
|
|
13
|
-
static authenticate<T extends
|
|
14
|
+
static authenticate<T extends Identity.Require = Record<string, never>>(header: Identity.Header, constraint: Key.Permissions | Key.Permissions[], requires?: T, verifier?: userwidgets.User.Key.Verifier<Key>, output?: "undefined"): Promise<Identity<T> | undefined>;
|
|
15
|
+
static authenticate<T extends Identity.Require = Record<string, never>>(header: {
|
|
14
16
|
authorization?: string | undefined;
|
|
15
17
|
realm?: Realm;
|
|
16
18
|
organization?: string;
|
|
17
|
-
}, constraint: Key.Permissions | Key.Permissions[], requires?: T, verifier?: userwidgets.User.Key.Verifier<Key
|
|
19
|
+
}, constraint: Key.Permissions | Key.Permissions[], requires?: T, verifier?: userwidgets.User.Key.Verifier<Key>, output?: "error"): Promise<Identity<T> | gracely.Error>;
|
|
18
20
|
static verify(authorization: string | undefined, verifier?: userwidgets.User.Key.Verifier<Key>): Promise<Key | undefined>;
|
|
19
21
|
static getRealms(permissions: Key.Permissions): Realm[];
|
|
20
22
|
}
|
|
23
|
+
export declare namespace Identity {
|
|
24
|
+
type Require = {
|
|
25
|
+
realm?: true;
|
|
26
|
+
organization?: true;
|
|
27
|
+
};
|
|
28
|
+
interface Header {
|
|
29
|
+
authorization?: string | undefined;
|
|
30
|
+
realm?: Realm;
|
|
31
|
+
organization?: string;
|
|
32
|
+
}
|
|
33
|
+
}
|
package/dist/mjs/Identity.js
CHANGED
|
@@ -10,6 +10,7 @@ var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (
|
|
|
10
10
|
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
11
11
|
};
|
|
12
12
|
var _Identity_realms;
|
|
13
|
+
import { gracely } from "gracely";
|
|
13
14
|
import { userwidgets } from "@userwidgets/model";
|
|
14
15
|
import { Realm } from "./Realm";
|
|
15
16
|
export class Identity {
|
|
@@ -35,17 +36,24 @@ export class Identity {
|
|
|
35
36
|
collectionCheck(collection) {
|
|
36
37
|
return Object.values(this.key.permissions).some(value => (typeof value == "object" && value[collection]) || value == true);
|
|
37
38
|
}
|
|
38
|
-
static async authenticate(header, constraint, requires, verifier = productionVerifier) {
|
|
39
|
+
static async authenticate(header, constraint, requires, verifier = productionVerifier, output = "undefined") {
|
|
40
|
+
let result;
|
|
39
41
|
const authorization = header.authorization?.startsWith("Bearer ")
|
|
40
42
|
? header.authorization.replace("Bearer ", "")
|
|
41
43
|
: undefined;
|
|
42
44
|
const key = await Identity.verify(authorization, verifier);
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
(
|
|
48
|
-
|
|
45
|
+
if (!key)
|
|
46
|
+
output !== "undefined" && (result = gracely.client.unauthorized());
|
|
47
|
+
else {
|
|
48
|
+
const realms = Identity.getRealms(key.permissions);
|
|
49
|
+
const identity = new Identity(key, (realms?.length == 1 ? realms[0] : header.realm), (key.organization ?? header.organization));
|
|
50
|
+
const requirement = (value) => (requires?.organization ? !!identity?.organization : true) &&
|
|
51
|
+
(requires?.realm ? Realm.type.is(identity?.realm) : true);
|
|
52
|
+
result =
|
|
53
|
+
(identity?.check(constraint) && requirement(identity) && identity) ||
|
|
54
|
+
(output === "undefined" ? undefined : gracely.client.forbidden());
|
|
55
|
+
}
|
|
56
|
+
return result;
|
|
49
57
|
}
|
|
50
58
|
static async verify(authorization, verifier = productionVerifier) {
|
|
51
59
|
return await verifier.verify(authorization);
|
package/dist/mjs/Identity.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Identity.js","sourceRoot":"","sources":["../../Identity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAEhD,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAA;AAE/B,MAAM,OAAO,QAAQ;IAEpB,IAAI,MAAM;QACT,OAAO,CAAC,sGAAiB,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,MAAA,CAAC,CAAA;IACnE,CAAC;IAED,
|
|
1
|
+
{"version":3,"file":"Identity.js","sourceRoot":"","sources":["../../Identity.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAEhD,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAA;AAE/B,MAAM,OAAO,QAAQ;IAEpB,IAAI,MAAM;QACT,OAAO,CAAC,sGAAiB,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,MAAA,CAAC,CAAA;IACnE,CAAC;IAED,YACU,GAAQ,EACR,KAA0D,EAC1D,YAA0E;QAF1E,QAAG,GAAH,GAAG,CAAK;QACR,UAAK,GAAL,KAAK,CAAqD;QAC1D,iBAAY,GAAZ,YAAY,CAA8D;QARpF,mCAA4B;IASzB,CAAC;IACJ,KAAK,CAAC,UAA+C,EAAE,KAAa,EAAE,YAAqB;QAC1F,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;YAC/B,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;YAC1D,CAAC,CAAC;gBACA,EAAE,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,YAAY,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE;gBAC/E,EAAE,CAAC,GAAG,YAAY,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC,EAAE,UAAU,EAAE;gBACxD,EAAE,CAAC,GAAG,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,EAAE,UAAU,EAAE;gBAC5C,EAAE,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE;aACtB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAA;IAC5E,CAAC;IACD,eAAe,CAAC,UAAkB;QACjC,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,CAC9C,KAAK,CAAC,EAAE,CAAC,CAAC,OAAO,KAAK,IAAI,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CACzE,CAAA;IACF,CAAC;IAgBD,MAAM,CAAC,KAAK,CAAC,YAAY,CACxB,MAAoF,EACpF,UAA+C,EAC/C,QAAY,EACZ,WAA+C,kBAAkB,EACjE,SAAgC,WAAW;QAE3C,IAAI,MAA+C,CAAA;QACnD,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,EAAE,UAAU,CAAC,SAAS,CAAC;YAChE,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;YAC7C,CAAC,CAAC,SAAS,CAAA;QACZ,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAA;QAC1D,IAAI,CAAC,GAAG;YACP,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAA;aAC9D,CAAC;YACL,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;YAClD,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAC5B,GAAG,EACH,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAU,EACzD,CAAC,GAAG,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAW,CACnD,CAAA;YACD,MAAM,WAAW,GAAG,CACnB,KAA2B,EAGf,EAAE,CACd,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC1D,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YAC1D,MAAM;gBACL,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;oBAClE,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAA;QACnE,CAAC;QACD,OAAO,MAAM,CAAA;IACd,CAAC;IACD,MAAM,CAAC,KAAK,CAAC,MAAM,CAClB,aAAiC,EACjC,WAA+C,kBAAkB;QAEjE,OAAO,MAAM,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAC5C,CAAC;IACD,MAAM,CAAC,SAAS,CAAC,WAA4B;QAC5C,OAAO;YACN,GAAG,IAAI,GAAG,CACT,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CACvC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CACnF,CACD;SACD,CAAA;IACF,CAAC;CACD;;AAaD,MAAM,SAAS,GACd,kuBAAkuB,CAAA;AACnuB,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAM,SAAS,CAAC,CAAA"}
|