@pikku/core 0.11.0 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +35 -1
- package/dist/errors/error-handler.js +3 -3
- package/dist/errors/errors.d.ts +1 -1
- package/dist/errors/errors.js +3 -3
- package/dist/function/function-runner.d.ts +8 -8
- package/dist/function/function-runner.js +88 -23
- package/dist/function/functions.types.d.ts +104 -33
- package/dist/function/functions.types.js +50 -7
- package/dist/handle-error.d.ts +1 -1
- package/dist/handle-error.js +1 -1
- package/dist/index.d.ts +6 -2
- package/dist/index.js +5 -2
- package/dist/middleware/auth-apikey.d.ts +1 -1
- package/dist/middleware/auth-apikey.js +3 -3
- package/dist/middleware/auth-bearer.d.ts +1 -1
- package/dist/middleware/auth-bearer.js +3 -3
- package/dist/middleware/auth-cookie.d.ts +1 -1
- package/dist/middleware/auth-cookie.js +5 -5
- package/dist/middleware/timeout.d.ts +1 -1
- package/dist/middleware/timeout.js +3 -2
- package/dist/middleware-runner.d.ts +6 -20
- package/dist/middleware-runner.js +19 -20
- package/dist/permissions.d.ts +6 -89
- package/dist/permissions.js +24 -81
- package/dist/pikku-state.d.ts +32 -104
- package/dist/pikku-state.js +140 -66
- package/dist/schema.d.ts +8 -6
- package/dist/schema.js +25 -13
- package/dist/services/user-session-service.d.ts +7 -3
- package/dist/services/user-session-service.js +8 -1
- package/dist/services/workflow-service.d.ts +38 -0
- package/dist/services/workflow-service.js +1 -0
- package/dist/types/core.types.d.ts +40 -41
- package/dist/types/core.types.js +4 -15
- package/dist/types/state.types.d.ts +135 -0
- package/dist/types/state.types.js +1 -0
- package/dist/utils.d.ts +9 -1
- package/dist/utils.js +48 -3
- package/dist/wirings/channel/channel-common.js +2 -3
- package/dist/wirings/channel/channel-handler.d.ts +3 -2
- package/dist/wirings/channel/channel-handler.js +7 -10
- package/dist/wirings/channel/channel-runner.d.ts +2 -2
- package/dist/wirings/channel/channel-runner.js +5 -5
- package/dist/wirings/channel/channel.types.d.ts +10 -5
- package/dist/wirings/channel/local/local-channel-runner.d.ts +1 -1
- package/dist/wirings/channel/local/local-channel-runner.js +19 -26
- package/dist/wirings/channel/log-channels.js +1 -1
- package/dist/wirings/channel/serverless/serverless-channel-runner.d.ts +1 -1
- package/dist/wirings/channel/serverless/serverless-channel-runner.js +43 -48
- package/dist/wirings/cli/channel/cli-channel-runner.js +3 -2
- package/dist/wirings/cli/cli-runner.d.ts +5 -5
- package/dist/wirings/cli/cli-runner.js +20 -38
- package/dist/wirings/cli/cli.types.d.ts +16 -11
- package/dist/wirings/forge-node/forge-node.types.d.ts +120 -0
- package/dist/wirings/forge-node/forge-node.types.js +38 -0
- package/dist/wirings/forge-node/index.d.ts +1 -0
- package/dist/wirings/forge-node/index.js +1 -0
- package/dist/wirings/http/http-runner.d.ts +8 -8
- package/dist/wirings/http/http-runner.js +46 -51
- package/dist/wirings/http/http.types.d.ts +19 -11
- package/dist/wirings/http/log-http-routes.js +1 -1
- package/dist/wirings/http/routers/path-to-regex.js +2 -2
- package/dist/wirings/mcp/mcp-runner.d.ts +2 -2
- package/dist/wirings/mcp/mcp-runner.js +33 -40
- package/dist/wirings/mcp/mcp.types.d.ts +6 -0
- package/dist/wirings/queue/queue-runner.d.ts +3 -3
- package/dist/wirings/queue/queue-runner.js +13 -23
- package/dist/wirings/queue/queue.types.d.ts +4 -11
- package/dist/wirings/rpc/index.d.ts +1 -1
- package/dist/wirings/rpc/index.js +1 -1
- package/dist/wirings/rpc/rpc-runner.d.ts +17 -16
- package/dist/wirings/rpc/rpc-runner.js +98 -61
- package/dist/wirings/rpc/rpc-types.d.ts +7 -0
- package/dist/wirings/scheduler/log-schedulers.js +1 -1
- package/dist/wirings/scheduler/scheduler-runner.d.ts +3 -3
- package/dist/wirings/scheduler/scheduler-runner.js +18 -29
- package/dist/wirings/scheduler/scheduler.types.d.ts +3 -8
- package/dist/wirings/trigger/index.d.ts +2 -0
- package/dist/wirings/trigger/index.js +2 -0
- package/dist/wirings/trigger/trigger-runner.d.ts +29 -0
- package/dist/wirings/trigger/trigger-runner.js +57 -0
- package/dist/wirings/trigger/trigger.types.d.ts +42 -0
- package/dist/wirings/trigger/trigger.types.js +1 -0
- package/dist/wirings/workflow/dsl/index.d.ts +5 -0
- package/dist/wirings/workflow/dsl/index.js +4 -0
- package/dist/wirings/workflow/dsl/workflow-dsl.types.d.ts +286 -0
- package/dist/wirings/workflow/dsl/workflow-dsl.types.js +5 -0
- package/dist/wirings/workflow/dsl/workflow-runner.d.ts +5 -0
- package/dist/wirings/workflow/dsl/workflow-runner.js +22 -0
- package/dist/wirings/workflow/graph/graph-node.d.ts +122 -0
- package/dist/wirings/workflow/graph/graph-node.js +58 -0
- package/dist/wirings/workflow/graph/graph-runner.d.ts +35 -0
- package/dist/wirings/workflow/graph/graph-runner.js +452 -0
- package/dist/wirings/workflow/graph/index.d.ts +3 -0
- package/dist/wirings/workflow/graph/index.js +3 -0
- package/dist/wirings/workflow/graph/workflow-graph.types.d.ts +95 -0
- package/dist/wirings/workflow/graph/workflow-graph.types.js +15 -0
- package/dist/wirings/workflow/index.d.ts +7 -3
- package/dist/wirings/workflow/index.js +6 -3
- package/dist/wirings/workflow/pikku-workflow-service.d.ts +108 -10
- package/dist/wirings/workflow/pikku-workflow-service.js +274 -165
- package/dist/wirings/workflow/wire-workflow.d.ts +42 -0
- package/dist/wirings/workflow/wire-workflow.js +53 -0
- package/dist/wirings/workflow/workflow-utils.d.ts +23 -0
- package/dist/wirings/workflow/workflow-utils.js +66 -0
- package/dist/wirings/workflow/workflow.types.d.ts +135 -128
- package/package.json +11 -2
- package/src/errors/error-handler.ts +3 -3
- package/src/errors/errors.ts +3 -3
- package/src/factory-functions.test.ts +9 -36
- package/src/function/function-runner.test.ts +58 -69
- package/src/function/function-runner.ts +130 -37
- package/src/function/functions.types.ts +193 -54
- package/src/handle-error.ts +1 -1
- package/src/index.ts +10 -5
- package/src/middleware/auth-apikey.test.ts +360 -0
- package/src/middleware/auth-apikey.ts +3 -7
- package/src/middleware/auth-bearer.test.ts +447 -0
- package/src/middleware/auth-bearer.ts +27 -33
- package/src/middleware/auth-cookie.test.ts +525 -0
- package/src/middleware/auth-cookie.ts +6 -6
- package/src/middleware/timeout.ts +4 -2
- package/src/middleware-runner.test.ts +58 -127
- package/src/middleware-runner.ts +29 -25
- package/src/permissions.test.ts +68 -130
- package/src/permissions.ts +41 -100
- package/src/pikku-state.ts +156 -201
- package/src/schema.ts +42 -13
- package/src/services/user-session-service.ts +14 -4
- package/src/services/workflow-service.ts +74 -0
- package/src/types/core.types.ts +79 -58
- package/src/types/state.types.ts +195 -0
- package/src/utils.ts +59 -4
- package/src/wirings/channel/channel-common.ts +4 -7
- package/src/wirings/channel/channel-handler.ts +17 -23
- package/src/wirings/channel/channel-runner.ts +7 -7
- package/src/wirings/channel/channel.types.ts +14 -11
- package/src/wirings/channel/local/local-channel-runner.test.ts +8 -4
- package/src/wirings/channel/local/local-channel-runner.ts +23 -38
- package/src/wirings/channel/log-channels.ts +1 -1
- package/src/wirings/channel/serverless/serverless-channel-runner.ts +53 -79
- package/src/wirings/cli/channel/cli-channel-runner.ts +4 -3
- package/src/wirings/cli/cli-runner.test.ts +26 -26
- package/src/wirings/cli/cli-runner.ts +34 -71
- package/src/wirings/cli/cli.types.ts +23 -16
- package/src/wirings/forge-node/forge-node.types.ts +135 -0
- package/src/wirings/forge-node/index.ts +1 -0
- package/src/wirings/http/http-runner.test.ts +10 -10
- package/src/wirings/http/http-runner.ts +56 -66
- package/src/wirings/http/http.types.ts +19 -14
- package/src/wirings/http/log-http-routes.ts +1 -1
- package/src/wirings/http/routers/path-to-regex.test.ts +30 -19
- package/src/wirings/http/routers/path-to-regex.ts +2 -2
- package/src/wirings/mcp/mcp-runner.ts +44 -69
- package/src/wirings/mcp/mcp.types.ts +6 -0
- package/src/wirings/queue/queue-runner.test.ts +641 -0
- package/src/wirings/queue/queue-runner.ts +16 -38
- package/src/wirings/queue/queue.types.ts +4 -11
- package/src/wirings/rpc/index.ts +1 -1
- package/src/wirings/rpc/rpc-runner.ts +129 -77
- package/src/wirings/rpc/rpc-types.ts +8 -0
- package/src/wirings/scheduler/log-schedulers.ts +1 -1
- package/src/wirings/scheduler/scheduler-runner.test.ts +627 -0
- package/src/wirings/scheduler/scheduler-runner.ts +29 -55
- package/src/wirings/scheduler/scheduler.types.ts +3 -9
- package/src/wirings/trigger/index.ts +2 -0
- package/src/wirings/trigger/trigger-runner.ts +96 -0
- package/src/wirings/trigger/trigger.types.ts +56 -0
- package/src/wirings/workflow/dsl/index.ts +30 -0
- package/src/wirings/workflow/dsl/workflow-dsl.types.ts +312 -0
- package/src/wirings/workflow/dsl/workflow-runner.ts +27 -0
- package/src/wirings/workflow/graph/graph-node.ts +227 -0
- package/src/wirings/workflow/graph/graph-runner.ts +694 -0
- package/src/wirings/workflow/graph/index.ts +3 -0
- package/src/wirings/workflow/graph/workflow-graph.types.ts +126 -0
- package/src/wirings/workflow/index.ts +60 -12
- package/src/wirings/workflow/pikku-workflow-service.ts +401 -195
- package/src/wirings/workflow/wire-workflow.ts +94 -0
- package/src/wirings/workflow/workflow-utils.ts +120 -0
- package/src/wirings/workflow/workflow.types.ts +167 -188
- package/tsconfig.tsbuildinfo +1 -1
- package/dist/wirings/workflow/workflow-runner.d.ts +0 -35
- package/dist/wirings/workflow/workflow-runner.js +0 -68
- package/src/wirings/workflow/workflow-runner.ts +0 -85
|
@@ -20,5 +20,5 @@ export declare const authAPIKey: import("../types/core.types.js").CorePikkuMiddl
|
|
|
20
20
|
}, import("../types/core.types.js").CoreSingletonServices<{
|
|
21
21
|
logLevel?: import("../index.js").LogLevel;
|
|
22
22
|
secrets?: {};
|
|
23
|
-
workflow?: import("../
|
|
23
|
+
workflow?: import("../index.js").WorkflowServiceConfig;
|
|
24
24
|
}>, import("../types/core.types.js").CoreUserSession>;
|
|
@@ -16,8 +16,8 @@ import { pikkuMiddleware, pikkuMiddlewareFactory } from '../types/core.types.js'
|
|
|
16
16
|
* ])
|
|
17
17
|
* ```
|
|
18
18
|
*/
|
|
19
|
-
export const authAPIKey = pikkuMiddlewareFactory(({ source }) => pikkuMiddleware(async ({
|
|
20
|
-
if (!http?.request ||
|
|
19
|
+
export const authAPIKey = pikkuMiddlewareFactory(({ source }) => pikkuMiddleware(async ({ jwt: jwtService }, { http, session: SessionService }, next) => {
|
|
20
|
+
if (!http?.request || !SessionService || SessionService.get()) {
|
|
21
21
|
return next();
|
|
22
22
|
}
|
|
23
23
|
let apiKey = null;
|
|
@@ -30,7 +30,7 @@ export const authAPIKey = pikkuMiddlewareFactory(({ source }) => pikkuMiddleware
|
|
|
30
30
|
if (apiKey && jwtService) {
|
|
31
31
|
const userSession = await jwtService.decode(apiKey);
|
|
32
32
|
if (userSession) {
|
|
33
|
-
|
|
33
|
+
SessionService.setInitial(userSession);
|
|
34
34
|
}
|
|
35
35
|
}
|
|
36
36
|
return next();
|
|
@@ -36,5 +36,5 @@ export declare const authBearer: import("../types/core.types.js").CorePikkuMiddl
|
|
|
36
36
|
}, import("../types/core.types.js").CoreSingletonServices<{
|
|
37
37
|
logLevel?: import("../index.js").LogLevel;
|
|
38
38
|
secrets?: {};
|
|
39
|
-
workflow?: import("../
|
|
39
|
+
workflow?: import("../index.js").WorkflowServiceConfig;
|
|
40
40
|
}>, CoreUserSession>;
|
|
@@ -29,9 +29,9 @@ import { pikkuMiddleware, pikkuMiddlewareFactory, } from '../types/core.types.js
|
|
|
29
29
|
* ])
|
|
30
30
|
* ```
|
|
31
31
|
*/
|
|
32
|
-
export const authBearer = pikkuMiddlewareFactory(({ token } = {}) => pikkuMiddleware(async ({
|
|
32
|
+
export const authBearer = pikkuMiddlewareFactory(({ token } = {}) => pikkuMiddleware(async ({ jwt: jwtService }, { http, session }, next) => {
|
|
33
33
|
// Skip if session already exists.
|
|
34
|
-
if (!http?.request ||
|
|
34
|
+
if (!http?.request || !session || session.get()) {
|
|
35
35
|
return next();
|
|
36
36
|
}
|
|
37
37
|
const authHeader = http.request.header('authorization') ||
|
|
@@ -51,7 +51,7 @@ export const authBearer = pikkuMiddlewareFactory(({ token } = {}) => pikkuMiddle
|
|
|
51
51
|
userSession = await jwtService.decode(bearerToken);
|
|
52
52
|
}
|
|
53
53
|
if (userSession) {
|
|
54
|
-
|
|
54
|
+
session.setInitial(userSession);
|
|
55
55
|
}
|
|
56
56
|
}
|
|
57
57
|
return next();
|
|
@@ -35,5 +35,5 @@ export declare const authCookie: import("../types/core.types.js").CorePikkuMiddl
|
|
|
35
35
|
}, import("../types/core.types.js").CoreSingletonServices<{
|
|
36
36
|
logLevel?: import("../index.js").LogLevel;
|
|
37
37
|
secrets?: {};
|
|
38
|
-
workflow?: import("../
|
|
38
|
+
workflow?: import("../index.js").WorkflowServiceConfig;
|
|
39
39
|
}>, import("../types/core.types.js").CoreUserSession>;
|
|
@@ -28,8 +28,8 @@ import { getRelativeTimeOffsetFromNow, } from '../time-utils.js';
|
|
|
28
28
|
* ])
|
|
29
29
|
* ```
|
|
30
30
|
*/
|
|
31
|
-
export const authCookie = pikkuMiddlewareFactory(({ name, options, expiresIn }) => pikkuMiddleware(async ({
|
|
32
|
-
if (!http?.request ||
|
|
31
|
+
export const authCookie = pikkuMiddlewareFactory(({ name, options, expiresIn }) => pikkuMiddleware(async ({ jwt: jwtService, logger }, { http, session: SessionService }, next) => {
|
|
32
|
+
if (!http?.request || !SessionService || SessionService.get()) {
|
|
33
33
|
return next();
|
|
34
34
|
}
|
|
35
35
|
// Try to decode session from cookie
|
|
@@ -37,7 +37,7 @@ export const authCookie = pikkuMiddlewareFactory(({ name, options, expiresIn })
|
|
|
37
37
|
if (cookieValue && jwtService) {
|
|
38
38
|
const userSession = await jwtService.decode(cookieValue);
|
|
39
39
|
if (userSession) {
|
|
40
|
-
|
|
40
|
+
SessionService.setInitial(userSession);
|
|
41
41
|
}
|
|
42
42
|
}
|
|
43
43
|
await next();
|
|
@@ -45,8 +45,8 @@ export const authCookie = pikkuMiddlewareFactory(({ name, options, expiresIn })
|
|
|
45
45
|
if (!http?.response) {
|
|
46
46
|
return;
|
|
47
47
|
}
|
|
48
|
-
if (
|
|
49
|
-
const session =
|
|
48
|
+
if (SessionService.sessionChanged) {
|
|
49
|
+
const session = SessionService.get();
|
|
50
50
|
if (jwtService) {
|
|
51
51
|
http.response.cookie(name, await jwtService.encode(expiresIn, session), {
|
|
52
52
|
...options,
|
|
@@ -3,5 +3,5 @@ export declare const timeout: () => import("../types/core.types.js").CorePikkuMi
|
|
|
3
3
|
}, import("../types/core.types.js").CoreSingletonServices<{
|
|
4
4
|
logLevel?: import("../index.js").LogLevel;
|
|
5
5
|
secrets?: {};
|
|
6
|
-
workflow?: import("../
|
|
6
|
+
workflow?: import("../index.js").WorkflowServiceConfig;
|
|
7
7
|
}>, import("../types/core.types.js").CoreUserSession>;
|
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
import { RequestTimeoutError } from '../errors/errors.js';
|
|
2
2
|
import { pikkuMiddleware, pikkuMiddlewareFactory } from '../types/core.types.js';
|
|
3
|
-
export const timeout = () => pikkuMiddlewareFactory(({ timeout }) => pikkuMiddleware(async (_services,
|
|
4
|
-
setTimeout(() => {
|
|
3
|
+
export const timeout = () => pikkuMiddlewareFactory(({ timeout }) => pikkuMiddleware(async (_services, _wire, next) => {
|
|
4
|
+
const timeoutId = setTimeout(() => {
|
|
5
5
|
throw new RequestTimeoutError();
|
|
6
6
|
}, timeout);
|
|
7
7
|
await next();
|
|
8
|
+
clearTimeout(timeoutId);
|
|
8
9
|
}));
|
|
@@ -1,10 +1,9 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { CoreSingletonServices, PikkuInteraction, CorePikkuMiddleware, CorePikkuMiddlewareGroup, PikkuWiringTypes, MiddlewareMetadata } from './types/core.types.js';
|
|
1
|
+
import { CoreSingletonServices, PikkuWire, CorePikkuMiddleware, CorePikkuMiddlewareGroup, PikkuWiringTypes, MiddlewareMetadata } from './types/core.types.js';
|
|
3
2
|
/**
|
|
4
3
|
* Runs a chain of middleware functions in sequence before executing the main function.
|
|
5
4
|
*
|
|
6
5
|
* @param services - An object containing services (e.g., singletonServices, userSession, etc.)
|
|
7
|
-
* @param
|
|
6
|
+
* @param wire - The wire context, e.g., { http }.
|
|
8
7
|
* @param middlewares - An array of middleware functions to run.
|
|
9
8
|
* @param main - The main function to execute after all middleware have run.
|
|
10
9
|
* @returns A promise resolving to the result of the main function.
|
|
@@ -17,9 +16,7 @@ import { CoreSingletonServices, PikkuInteraction, CorePikkuMiddleware, CorePikku
|
|
|
17
16
|
* async () => { return await runMain(); }
|
|
18
17
|
* );
|
|
19
18
|
*/
|
|
20
|
-
export declare const runMiddleware: <Middleware extends CorePikkuMiddleware>(services: CoreSingletonServices
|
|
21
|
-
userSession?: UserSessionService<any>;
|
|
22
|
-
}, interaction: PikkuInteraction, middlewares: readonly Middleware[], main?: () => Promise<unknown>) => Promise<unknown>;
|
|
19
|
+
export declare const runMiddleware: <Middleware extends CorePikkuMiddleware>(services: CoreSingletonServices, wire: PikkuWire, middlewares: readonly Middleware[], main?: () => Promise<unknown>) => Promise<unknown>;
|
|
23
20
|
/**
|
|
24
21
|
* Registers global middleware for a specific tag.
|
|
25
22
|
*
|
|
@@ -53,19 +50,7 @@ export declare const runMiddleware: <Middleware extends CorePikkuMiddleware>(ser
|
|
|
53
50
|
* ])
|
|
54
51
|
* ```
|
|
55
52
|
*/
|
|
56
|
-
export declare const addMiddleware: <PikkuMiddleware extends CorePikkuMiddleware>(tag: string, middleware: CorePikkuMiddlewareGroup) => CorePikkuMiddlewareGroup;
|
|
57
|
-
/**
|
|
58
|
-
* Retrieves a registered middleware function by its name.
|
|
59
|
-
*
|
|
60
|
-
* This function looks up middleware that was registered with registerMiddleware.
|
|
61
|
-
* It's used internally by the framework to resolve middleware references in metadata.
|
|
62
|
-
*
|
|
63
|
-
* @param {string} name - The unique name (pikkuFuncName) of the middleware function.
|
|
64
|
-
* @returns {CorePikkuMiddleware | undefined} The middleware function, or undefined if not found.
|
|
65
|
-
*
|
|
66
|
-
* @internal
|
|
67
|
-
*/
|
|
68
|
-
export declare const getMiddlewareByName: (name: string) => CorePikkuMiddleware | undefined;
|
|
53
|
+
export declare const addMiddleware: <PikkuMiddleware extends CorePikkuMiddleware>(tag: string, middleware: CorePikkuMiddlewareGroup, packageName?: string | null) => CorePikkuMiddlewareGroup;
|
|
69
54
|
/**
|
|
70
55
|
* Combines wiring-specific middleware with function-level middleware.
|
|
71
56
|
*
|
|
@@ -88,9 +73,10 @@ export declare const getMiddlewareByName: (name: string) => CorePikkuMiddleware
|
|
|
88
73
|
* })
|
|
89
74
|
* ```
|
|
90
75
|
*/
|
|
91
|
-
export declare const combineMiddleware: (wireType: PikkuWiringTypes, uid: string, { wireInheritedMiddleware, wireMiddleware, funcInheritedMiddleware, funcMiddleware, }?: {
|
|
76
|
+
export declare const combineMiddleware: (wireType: PikkuWiringTypes, uid: string, { wireInheritedMiddleware, wireMiddleware, funcInheritedMiddleware, funcMiddleware, packageName, }?: {
|
|
92
77
|
wireInheritedMiddleware?: MiddlewareMetadata[];
|
|
93
78
|
wireMiddleware?: CorePikkuMiddleware[];
|
|
94
79
|
funcInheritedMiddleware?: MiddlewareMetadata[];
|
|
95
80
|
funcMiddleware?: CorePikkuMiddleware[];
|
|
81
|
+
packageName?: string | null;
|
|
96
82
|
}) => readonly CorePikkuMiddleware[];
|
|
@@ -1,11 +1,10 @@
|
|
|
1
|
-
import { PikkuWiringTypes, } from './types/core.types.js';
|
|
2
1
|
import { pikkuState } from './pikku-state.js';
|
|
3
2
|
import { freezeDedupe } from './utils.js';
|
|
4
3
|
/**
|
|
5
4
|
* Runs a chain of middleware functions in sequence before executing the main function.
|
|
6
5
|
*
|
|
7
6
|
* @param services - An object containing services (e.g., singletonServices, userSession, etc.)
|
|
8
|
-
* @param
|
|
7
|
+
* @param wire - The wire context, e.g., { http }.
|
|
9
8
|
* @param middlewares - An array of middleware functions to run.
|
|
10
9
|
* @param main - The main function to execute after all middleware have run.
|
|
11
10
|
* @returns A promise resolving to the result of the main function.
|
|
@@ -18,12 +17,12 @@ import { freezeDedupe } from './utils.js';
|
|
|
18
17
|
* async () => { return await runMain(); }
|
|
19
18
|
* );
|
|
20
19
|
*/
|
|
21
|
-
export const runMiddleware = async (services,
|
|
20
|
+
export const runMiddleware = async (services, wire, middlewares, main) => {
|
|
22
21
|
// Deduplicate middleware using Set to avoid running the same middleware multiple times
|
|
23
22
|
let result;
|
|
24
23
|
const dispatch = async (index) => {
|
|
25
24
|
if (middlewares && index < middlewares.length) {
|
|
26
|
-
return await middlewares[index](services,
|
|
25
|
+
return await middlewares[index](services, wire, () => dispatch(index + 1));
|
|
27
26
|
}
|
|
28
27
|
else if (main) {
|
|
29
28
|
result = await main();
|
|
@@ -65,8 +64,8 @@ export const runMiddleware = async (services, interaction, middlewares, main) =>
|
|
|
65
64
|
* ])
|
|
66
65
|
* ```
|
|
67
66
|
*/
|
|
68
|
-
export const addMiddleware = (tag, middleware) => {
|
|
69
|
-
const tagGroups = pikkuState('middleware', 'tagGroup');
|
|
67
|
+
export const addMiddleware = (tag, middleware, packageName = null) => {
|
|
68
|
+
const tagGroups = pikkuState(packageName, 'middleware', 'tagGroup');
|
|
70
69
|
tagGroups[tag] = middleware;
|
|
71
70
|
return middleware;
|
|
72
71
|
};
|
|
@@ -81,20 +80,20 @@ export const addMiddleware = (tag, middleware) => {
|
|
|
81
80
|
*
|
|
82
81
|
* @internal
|
|
83
82
|
*/
|
|
84
|
-
|
|
85
|
-
const middlewareStore = pikkuState('misc', 'middleware');
|
|
83
|
+
const getMiddlewareByName = (name) => {
|
|
84
|
+
const middlewareStore = pikkuState(null, 'misc', 'middleware');
|
|
86
85
|
const middleware = middlewareStore[name];
|
|
87
86
|
return middleware?.[0];
|
|
88
87
|
};
|
|
89
88
|
const middlewareCache = {
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
89
|
+
http: {},
|
|
90
|
+
rpc: {},
|
|
91
|
+
channel: {},
|
|
92
|
+
queue: {},
|
|
93
|
+
scheduler: {},
|
|
94
|
+
mcp: {},
|
|
95
|
+
cli: {},
|
|
96
|
+
workflow: {},
|
|
98
97
|
};
|
|
99
98
|
/**
|
|
100
99
|
* Combines wiring-specific middleware with function-level middleware.
|
|
@@ -118,7 +117,7 @@ const middlewareCache = {
|
|
|
118
117
|
* })
|
|
119
118
|
* ```
|
|
120
119
|
*/
|
|
121
|
-
export const combineMiddleware = (wireType, uid, { wireInheritedMiddleware, wireMiddleware, funcInheritedMiddleware, funcMiddleware, } = {}) => {
|
|
120
|
+
export const combineMiddleware = (wireType, uid, { wireInheritedMiddleware, wireMiddleware, funcInheritedMiddleware, funcMiddleware, packageName = null, } = {}) => {
|
|
122
121
|
if (middlewareCache[wireType][uid]) {
|
|
123
122
|
return middlewareCache[wireType][uid];
|
|
124
123
|
}
|
|
@@ -128,7 +127,7 @@ export const combineMiddleware = (wireType, uid, { wireInheritedMiddleware, wire
|
|
|
128
127
|
for (const meta of wireInheritedMiddleware) {
|
|
129
128
|
if (meta.type === 'http') {
|
|
130
129
|
// Look up HTTP middleware group from pikkuState
|
|
131
|
-
const group = pikkuState('middleware', 'httpGroup')[meta.route];
|
|
130
|
+
const group = pikkuState(packageName, 'middleware', 'httpGroup')[meta.route];
|
|
132
131
|
if (group) {
|
|
133
132
|
// At runtime, all factories should be resolved to middleware
|
|
134
133
|
resolved.push(...group);
|
|
@@ -136,7 +135,7 @@ export const combineMiddleware = (wireType, uid, { wireInheritedMiddleware, wire
|
|
|
136
135
|
}
|
|
137
136
|
else if (meta.type === 'tag') {
|
|
138
137
|
// Look up tag middleware group from pikkuState
|
|
139
|
-
const group = pikkuState('middleware', 'tagGroup')[meta.tag];
|
|
138
|
+
const group = pikkuState(packageName, 'middleware', 'tagGroup')[meta.tag];
|
|
140
139
|
if (group) {
|
|
141
140
|
// At runtime, all factories should be resolved to middleware
|
|
142
141
|
resolved.push(...group);
|
|
@@ -160,7 +159,7 @@ export const combineMiddleware = (wireType, uid, { wireInheritedMiddleware, wire
|
|
|
160
159
|
for (const meta of funcInheritedMiddleware) {
|
|
161
160
|
if (meta.type === 'tag') {
|
|
162
161
|
// Look up tag middleware group from pikkuState
|
|
163
|
-
const group = pikkuState('middleware', 'tagGroup')[meta.tag];
|
|
162
|
+
const group = pikkuState(packageName, 'middleware', 'tagGroup')[meta.tag];
|
|
164
163
|
if (group) {
|
|
165
164
|
// At runtime, all factories should be resolved to middleware
|
|
166
165
|
resolved.push(...group);
|
package/dist/permissions.d.ts
CHANGED
|
@@ -1,43 +1,5 @@
|
|
|
1
|
-
import { CoreServices,
|
|
1
|
+
import { CoreServices, PikkuWiringTypes, PermissionMetadata, PikkuWire } from './types/core.types.js';
|
|
2
2
|
import { CorePermissionGroup, CorePikkuPermission } from './function/functions.types.js';
|
|
3
|
-
/**
|
|
4
|
-
* This function validates permissions by iterating over permission groups and executing the corresponding permission functions. If all functions in at least one group return true, the permission is considered valid.
|
|
5
|
-
* @param services - The core services required for permission validation.
|
|
6
|
-
* @param data - The data to be used in the permission validation functions.
|
|
7
|
-
* @param session - An optional user session for permission validation.
|
|
8
|
-
* @returns A promise that resolves to void.
|
|
9
|
-
*/
|
|
10
|
-
export declare const verifyPermissions: (permissions: CorePermissionGroup, services: CoreServices, data: any, session?: CoreUserSession) => Promise<boolean>;
|
|
11
|
-
/**
|
|
12
|
-
* Registers a single permission function by name in the global permission store.
|
|
13
|
-
*
|
|
14
|
-
* This function is used by CLI-generated code to register permission functions
|
|
15
|
-
* that can be referenced by name in metadata. It stores permissions in a special
|
|
16
|
-
* namespace to avoid conflicts with tag-based permissions.
|
|
17
|
-
*
|
|
18
|
-
* @param {string} name - The unique name (pikkuFuncName) of the permission function.
|
|
19
|
-
* @param {CorePikkuPermission} permission - The permission function to register.
|
|
20
|
-
*
|
|
21
|
-
* @example
|
|
22
|
-
* ```typescript
|
|
23
|
-
* // Called by CLI-generated pikku-permissions.gen.ts
|
|
24
|
-
* registerPermission('adminPermission_src_permissions_ts_10_5', adminPermission)
|
|
25
|
-
* registerPermission('readPermission_src_permissions_ts_20_10', readPermission)
|
|
26
|
-
* ```
|
|
27
|
-
*/
|
|
28
|
-
export declare const registerPermission: (name: string, permission: CorePikkuPermission<any>) => void;
|
|
29
|
-
/**
|
|
30
|
-
* Retrieves a registered permission function by its name.
|
|
31
|
-
*
|
|
32
|
-
* This function looks up permissions that was registered with registerPermission.
|
|
33
|
-
* It's used internally by the framework to resolve permission references in metadata.
|
|
34
|
-
*
|
|
35
|
-
* @param {string} name - The unique name (pikkuFuncName) of the permission function.
|
|
36
|
-
* @returns {CorePikkuPermission | undefined} The permission function, or undefined if not found.
|
|
37
|
-
*
|
|
38
|
-
* @internal
|
|
39
|
-
*/
|
|
40
|
-
export declare const getPermissionByName: (name: string) => CorePikkuPermission | undefined;
|
|
41
3
|
/**
|
|
42
4
|
* Adds global permissions for a specific tag.
|
|
43
5
|
*
|
|
@@ -66,63 +28,18 @@ export declare const getPermissionByName: (name: string) => CorePikkuPermission
|
|
|
66
28
|
* ])
|
|
67
29
|
* ```
|
|
68
30
|
*/
|
|
69
|
-
export declare const addPermission: (tag: string, permissions: CorePermissionGroup | CorePikkuPermission[]) => CorePermissionGroup | CorePikkuPermission[];
|
|
70
|
-
/**
|
|
71
|
-
* Retrieves permissions for a given set of tags.
|
|
72
|
-
*
|
|
73
|
-
* This function looks up all permissions registered for any of the provided tags
|
|
74
|
-
* and returns them as a flattened array.
|
|
75
|
-
*
|
|
76
|
-
* @param {string[]} tags - Array of tags to look up permissions for.
|
|
77
|
-
* @returns {any[]} Array of permission functions that apply to the given tags.
|
|
78
|
-
*
|
|
79
|
-
* @example
|
|
80
|
-
* ```typescript
|
|
81
|
-
* // Get all permissions for tags 'api' and 'auth'
|
|
82
|
-
* const permissions = getPermissionsForTags(['api', 'auth'])
|
|
83
|
-
* ```
|
|
84
|
-
*/
|
|
85
|
-
export declare const getPermissionsForTags: (tags?: string[]) => readonly (CorePermissionGroup | CorePikkuPermission)[];
|
|
86
|
-
/**
|
|
87
|
-
* Combines wiring-specific permissions with function-level permissions.
|
|
88
|
-
*
|
|
89
|
-
* This function resolves permission metadata into actual permission functions and combines them.
|
|
90
|
-
* It filters out wire permissions without tags from inheritedPermissions to avoid duplication
|
|
91
|
-
* (those are passed separately as wirePermissions).
|
|
92
|
-
*
|
|
93
|
-
* @param {object} options - Configuration object for combining permissions.
|
|
94
|
-
* @param {PermissionMetadata[] | undefined} options.wireInheritedPermissions - Metadata from wiring (HTTP + tags + wire with tags).
|
|
95
|
-
* @param {CorePermissionGroup | CorePikkuPermission[] | undefined} options.wirePermissions - Inline wire permissions.
|
|
96
|
-
* @param {PermissionMetadata[] | undefined} options.funcInheritedPermissions - Function permissions metadata (only tags).
|
|
97
|
-
* @param {CorePermissionGroup | CorePikkuPermission[] | undefined} options.funcPermissions - Inline function permissions.
|
|
98
|
-
* @returns {(CorePermissionGroup | CorePikkuPermission)[]} Combined array of resolved permissions.
|
|
99
|
-
*
|
|
100
|
-
* @example
|
|
101
|
-
* ```typescript
|
|
102
|
-
* const combined = combinePermissions(wireType, wireId, {
|
|
103
|
-
* wireInheritedPermissions: meta.permissions,
|
|
104
|
-
* wirePermissions: inlinePermissions,
|
|
105
|
-
* funcInheritedPermissions: funcMeta.permissions,
|
|
106
|
-
* funcPermissions: funcConfig.permissions
|
|
107
|
-
* })
|
|
108
|
-
* ```
|
|
109
|
-
*/
|
|
110
|
-
export declare const combinePermissions: (wireType: PikkuWiringTypes, uid: string, { wireInheritedPermissions, wirePermissions, funcInheritedPermissions, funcPermissions, }?: {
|
|
111
|
-
wireInheritedPermissions?: PermissionMetadata[];
|
|
112
|
-
wirePermissions?: CorePermissionGroup | CorePikkuPermission[];
|
|
113
|
-
funcInheritedPermissions?: PermissionMetadata[];
|
|
114
|
-
funcPermissions?: CorePermissionGroup | CorePikkuPermission[];
|
|
115
|
-
}) => readonly (CorePermissionGroup | CorePikkuPermission)[];
|
|
31
|
+
export declare const addPermission: (tag: string, permissions: CorePermissionGroup | CorePikkuPermission[], packageName?: string | null) => CorePermissionGroup | CorePikkuPermission[];
|
|
116
32
|
/**
|
|
117
33
|
* Runs permission checks using combined permissions from all sources.
|
|
118
34
|
* Combines permissions from wire and function levels, then validates them.
|
|
119
35
|
*/
|
|
120
|
-
export declare const runPermissions: (wireType: PikkuWiringTypes, uid: string, { wireInheritedPermissions, wirePermissions, funcInheritedPermissions, funcPermissions,
|
|
36
|
+
export declare const runPermissions: (wireType: PikkuWiringTypes, uid: string, { wireInheritedPermissions, wirePermissions, funcInheritedPermissions, funcPermissions, services, wire, data, packageName, }: {
|
|
121
37
|
wireInheritedPermissions?: PermissionMetadata[];
|
|
122
38
|
wirePermissions?: CorePermissionGroup | CorePikkuPermission[];
|
|
123
39
|
funcInheritedPermissions?: PermissionMetadata[];
|
|
124
40
|
funcPermissions?: CorePermissionGroup | CorePikkuPermission[];
|
|
125
|
-
|
|
41
|
+
services: CoreServices;
|
|
42
|
+
wire: PikkuWire<any, never, any, never, never, never>;
|
|
126
43
|
data: any;
|
|
127
|
-
|
|
44
|
+
packageName?: string | null;
|
|
128
45
|
}) => Promise<void>;
|
package/dist/permissions.js
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { PikkuWiringTypes, } from './types/core.types.js';
|
|
2
1
|
import { pikkuState } from './pikku-state.js';
|
|
3
2
|
import { ForbiddenError } from './errors/errors.js';
|
|
4
3
|
import { freezeDedupe } from './utils.js';
|
|
@@ -6,10 +5,10 @@ import { freezeDedupe } from './utils.js';
|
|
|
6
5
|
* This function validates permissions by iterating over permission groups and executing the corresponding permission functions. If all functions in at least one group return true, the permission is considered valid.
|
|
7
6
|
* @param services - The core services required for permission validation.
|
|
8
7
|
* @param data - The data to be used in the permission validation functions.
|
|
9
|
-
* @param
|
|
8
|
+
* @param wire - The wire object containing request/response context and session.
|
|
10
9
|
* @returns A promise that resolves to void.
|
|
11
10
|
*/
|
|
12
|
-
|
|
11
|
+
const verifyPermissions = async (permissions, services, data, wire) => {
|
|
13
12
|
if (!permissions) {
|
|
14
13
|
return true;
|
|
15
14
|
}
|
|
@@ -20,13 +19,13 @@ export const verifyPermissions = async (permissions, services, data, session) =>
|
|
|
20
19
|
}
|
|
21
20
|
for (const funcs of permissionGroups) {
|
|
22
21
|
if (funcs instanceof Array) {
|
|
23
|
-
const permissioned = await Promise.all(funcs.map((func) => func(services, data,
|
|
22
|
+
const permissioned = await Promise.all(funcs.map((func) => func(services, data, wire)));
|
|
24
23
|
if (permissioned.every((result) => result)) {
|
|
25
24
|
valid = true;
|
|
26
25
|
}
|
|
27
26
|
}
|
|
28
27
|
else {
|
|
29
|
-
valid = await funcs(services, data,
|
|
28
|
+
valid = await funcs(services, data, wire);
|
|
30
29
|
}
|
|
31
30
|
if (valid) {
|
|
32
31
|
return true;
|
|
@@ -34,27 +33,6 @@ export const verifyPermissions = async (permissions, services, data, session) =>
|
|
|
34
33
|
}
|
|
35
34
|
return false;
|
|
36
35
|
};
|
|
37
|
-
/**
|
|
38
|
-
* Registers a single permission function by name in the global permission store.
|
|
39
|
-
*
|
|
40
|
-
* This function is used by CLI-generated code to register permission functions
|
|
41
|
-
* that can be referenced by name in metadata. It stores permissions in a special
|
|
42
|
-
* namespace to avoid conflicts with tag-based permissions.
|
|
43
|
-
*
|
|
44
|
-
* @param {string} name - The unique name (pikkuFuncName) of the permission function.
|
|
45
|
-
* @param {CorePikkuPermission} permission - The permission function to register.
|
|
46
|
-
*
|
|
47
|
-
* @example
|
|
48
|
-
* ```typescript
|
|
49
|
-
* // Called by CLI-generated pikku-permissions.gen.ts
|
|
50
|
-
* registerPermission('adminPermission_src_permissions_ts_10_5', adminPermission)
|
|
51
|
-
* registerPermission('readPermission_src_permissions_ts_20_10', readPermission)
|
|
52
|
-
* ```
|
|
53
|
-
*/
|
|
54
|
-
export const registerPermission = (name, permission) => {
|
|
55
|
-
const permissionStore = pikkuState('misc', 'permissions');
|
|
56
|
-
permissionStore[name] = [permission];
|
|
57
|
-
};
|
|
58
36
|
/**
|
|
59
37
|
* Retrieves a registered permission function by its name.
|
|
60
38
|
*
|
|
@@ -66,8 +44,8 @@ export const registerPermission = (name, permission) => {
|
|
|
66
44
|
*
|
|
67
45
|
* @internal
|
|
68
46
|
*/
|
|
69
|
-
|
|
70
|
-
const permissionStore = pikkuState('misc', 'permissions');
|
|
47
|
+
const getPermissionByName = (name) => {
|
|
48
|
+
const permissionStore = pikkuState(null, 'misc', 'permissions');
|
|
71
49
|
const permission = permissionStore[name];
|
|
72
50
|
if (Array.isArray(permission) && permission.length === 1) {
|
|
73
51
|
return permission[0];
|
|
@@ -102,59 +80,23 @@ export const getPermissionByName = (name) => {
|
|
|
102
80
|
* ])
|
|
103
81
|
* ```
|
|
104
82
|
*/
|
|
105
|
-
export const addPermission = (tag, permissions) => {
|
|
106
|
-
const tagGroups = pikkuState('permissions', 'tagGroup');
|
|
83
|
+
export const addPermission = (tag, permissions, packageName = null) => {
|
|
84
|
+
const tagGroups = pikkuState(packageName, 'permissions', 'tagGroup');
|
|
107
85
|
if (tagGroups[tag]) {
|
|
108
86
|
throw new Error(`Permissions for tag '${tag}' already exist. Use a different tag or remove the existing permissions first.`);
|
|
109
87
|
}
|
|
110
88
|
tagGroups[tag] = permissions;
|
|
111
89
|
return permissions;
|
|
112
90
|
};
|
|
113
|
-
const EMPTY = [];
|
|
114
|
-
/**
|
|
115
|
-
* Retrieves permissions for a given set of tags.
|
|
116
|
-
*
|
|
117
|
-
* This function looks up all permissions registered for any of the provided tags
|
|
118
|
-
* and returns them as a flattened array.
|
|
119
|
-
*
|
|
120
|
-
* @param {string[]} tags - Array of tags to look up permissions for.
|
|
121
|
-
* @returns {any[]} Array of permission functions that apply to the given tags.
|
|
122
|
-
*
|
|
123
|
-
* @example
|
|
124
|
-
* ```typescript
|
|
125
|
-
* // Get all permissions for tags 'api' and 'auth'
|
|
126
|
-
* const permissions = getPermissionsForTags(['api', 'auth'])
|
|
127
|
-
* ```
|
|
128
|
-
*/
|
|
129
|
-
export const getPermissionsForTags = (tags) => {
|
|
130
|
-
if (!tags || tags.length === 0) {
|
|
131
|
-
return EMPTY;
|
|
132
|
-
}
|
|
133
|
-
const permissionsStore = pikkuState('permissions', 'tagGroup');
|
|
134
|
-
const applicablePermissions = [];
|
|
135
|
-
// Collect permissions for all matching tags
|
|
136
|
-
for (const tag of new Set(tags)) {
|
|
137
|
-
const tagPermissions = permissionsStore[tag];
|
|
138
|
-
if (tagPermissions) {
|
|
139
|
-
if (Array.isArray(tagPermissions)) {
|
|
140
|
-
applicablePermissions.push(...tagPermissions);
|
|
141
|
-
}
|
|
142
|
-
else {
|
|
143
|
-
applicablePermissions.push(tagPermissions);
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
}
|
|
147
|
-
return applicablePermissions;
|
|
148
|
-
};
|
|
149
91
|
const combinedPermissionsCache = {
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
92
|
+
http: {},
|
|
93
|
+
rpc: {},
|
|
94
|
+
channel: {},
|
|
95
|
+
queue: {},
|
|
96
|
+
scheduler: {},
|
|
97
|
+
mcp: {},
|
|
98
|
+
cli: {},
|
|
99
|
+
workflow: {},
|
|
158
100
|
};
|
|
159
101
|
/**
|
|
160
102
|
* Combines wiring-specific permissions with function-level permissions.
|
|
@@ -180,7 +122,7 @@ const combinedPermissionsCache = {
|
|
|
180
122
|
* })
|
|
181
123
|
* ```
|
|
182
124
|
*/
|
|
183
|
-
|
|
125
|
+
const combinePermissions = (wireType, uid, { wireInheritedPermissions, wirePermissions, funcInheritedPermissions, funcPermissions, packageName = null, } = {}) => {
|
|
184
126
|
if (combinedPermissionsCache[wireType][uid]) {
|
|
185
127
|
return combinedPermissionsCache[wireType][uid];
|
|
186
128
|
}
|
|
@@ -190,7 +132,7 @@ export const combinePermissions = (wireType, uid, { wireInheritedPermissions, wi
|
|
|
190
132
|
for (const meta of wireInheritedPermissions) {
|
|
191
133
|
if (meta.type === 'http') {
|
|
192
134
|
// Look up HTTP permission group from pikkuState
|
|
193
|
-
const group = pikkuState('permissions', 'httpGroup')[meta.route];
|
|
135
|
+
const group = pikkuState(packageName, 'permissions', 'httpGroup')[meta.route];
|
|
194
136
|
if (group) {
|
|
195
137
|
if (Array.isArray(group)) {
|
|
196
138
|
resolved.push(...group);
|
|
@@ -202,7 +144,7 @@ export const combinePermissions = (wireType, uid, { wireInheritedPermissions, wi
|
|
|
202
144
|
}
|
|
203
145
|
else if (meta.type === 'tag') {
|
|
204
146
|
// Look up tag permission group from pikkuState
|
|
205
|
-
const group = pikkuState('permissions', 'tagGroup')[meta.tag];
|
|
147
|
+
const group = pikkuState(packageName, 'permissions', 'tagGroup')[meta.tag];
|
|
206
148
|
if (group) {
|
|
207
149
|
if (Array.isArray(group)) {
|
|
208
150
|
resolved.push(...group);
|
|
@@ -235,7 +177,7 @@ export const combinePermissions = (wireType, uid, { wireInheritedPermissions, wi
|
|
|
235
177
|
for (const meta of funcInheritedPermissions) {
|
|
236
178
|
if (meta.type === 'tag') {
|
|
237
179
|
// Look up tag permission group from pikkuState
|
|
238
|
-
const group = pikkuState('permissions', 'tagGroup')[meta.tag];
|
|
180
|
+
const group = pikkuState(packageName, 'permissions', 'tagGroup')[meta.tag];
|
|
239
181
|
if (group) {
|
|
240
182
|
if (Array.isArray(group)) {
|
|
241
183
|
resolved.push(...group);
|
|
@@ -265,26 +207,27 @@ export const combinePermissions = (wireType, uid, { wireInheritedPermissions, wi
|
|
|
265
207
|
* Runs permission checks using combined permissions from all sources.
|
|
266
208
|
* Combines permissions from wire and function levels, then validates them.
|
|
267
209
|
*/
|
|
268
|
-
export const runPermissions = async (wireType, uid, { wireInheritedPermissions, wirePermissions, funcInheritedPermissions, funcPermissions,
|
|
210
|
+
export const runPermissions = async (wireType, uid, { wireInheritedPermissions, wirePermissions, funcInheritedPermissions, funcPermissions, services, wire, data, packageName = null, }) => {
|
|
269
211
|
// Combine all permissions: wireInheritedPermissions → wirePermissions → funcInheritedPermissions → funcPermissions
|
|
270
212
|
const allPermissions = combinePermissions(wireType, uid, {
|
|
271
213
|
wireInheritedPermissions,
|
|
272
214
|
wirePermissions,
|
|
273
215
|
funcInheritedPermissions,
|
|
274
216
|
funcPermissions,
|
|
217
|
+
packageName,
|
|
275
218
|
});
|
|
276
219
|
// Check all combined permissions - at least one must pass if any exist
|
|
277
220
|
if (allPermissions.length > 0) {
|
|
278
221
|
let permissioned = false;
|
|
279
222
|
for (const permission of allPermissions) {
|
|
280
|
-
const result = await verifyPermissions(typeof permission === 'function' ? { permission } : permission,
|
|
223
|
+
const result = await verifyPermissions(typeof permission === 'function' ? { permission } : permission, services, data, wire);
|
|
281
224
|
if (result) {
|
|
282
225
|
permissioned = true;
|
|
283
226
|
// Continue executing all permissions (don't break early)
|
|
284
227
|
}
|
|
285
228
|
}
|
|
286
229
|
if (!permissioned) {
|
|
287
|
-
|
|
230
|
+
services.logger.debug('Permission denied - combined permissions');
|
|
288
231
|
throw new ForbiddenError('Permission denied');
|
|
289
232
|
}
|
|
290
233
|
}
|