@postxl/generators 1.18.0 → 1.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/backend-actions/actions.generator.d.ts +1 -0
- package/dist/backend-actions/actions.generator.js +6 -0
- package/dist/backend-actions/actions.generator.js.map +1 -1
- package/dist/backend-actions/generators/actions-module.generator.js +3 -2
- package/dist/backend-actions/generators/actions-module.generator.js.map +1 -1
- package/dist/backend-actions/generators/authorization-policy-service.generator.d.ts +2 -0
- package/dist/backend-actions/generators/authorization-policy-service.generator.js +214 -0
- package/dist/backend-actions/generators/authorization-policy-service.generator.js.map +1 -0
- package/dist/backend-actions/generators/authorization-service.generator.d.ts +1 -1
- package/dist/backend-actions/generators/authorization-service.generator.js +20 -8
- package/dist/backend-actions/generators/authorization-service.generator.js.map +1 -1
- package/dist/backend-actions/generators/dispatcher-service.generator.js +3 -2
- package/dist/backend-actions/generators/dispatcher-service.generator.js.map +1 -1
- package/dist/backend-ai/generators/ai-route.generator.js +3 -3
- package/dist/backend-authentication/authentication.generator.js +23 -1
- package/dist/backend-authentication/authentication.generator.js.map +1 -1
- package/dist/backend-authentication/generators/auth-guard.generator.js +5 -8
- package/dist/backend-authentication/generators/auth-guard.generator.js.map +1 -1
- package/dist/backend-authentication/generators/authentication-module.generator.js +1 -1
- package/dist/backend-authentication/generators/authentication-service.generator.js +11 -8
- package/dist/backend-authentication/generators/authentication-service.generator.js.map +1 -1
- package/dist/backend-authentication/generators/authentication-types.generator.js +4 -3
- package/dist/backend-authentication/generators/authentication-types.generator.js.map +1 -1
- package/dist/backend-authentication/template/src/authentication.config.ts +9 -0
- package/dist/backend-authentication/template/src/authentication.mock.service.ts +77 -13
- package/dist/backend-authentication/template/src/utils.ts +45 -0
- package/dist/backend-core/backend.generator.js +16 -0
- package/dist/backend-core/backend.generator.js.map +1 -1
- package/dist/backend-core/generators/api-config.generator.js +5 -0
- package/dist/backend-core/generators/api-config.generator.js.map +1 -1
- package/dist/backend-core/types.d.ts +4 -0
- package/dist/backend-excel-io/generators/excel-io-service.generator.js +27 -11
- package/dist/backend-excel-io/generators/excel-io-service.generator.js.map +1 -1
- package/dist/backend-excel-io/template/excel-io.controller.ts +3 -3
- package/dist/backend-rest-api/generators/model-controller.generator.js +9 -5
- package/dist/backend-rest-api/generators/model-controller.generator.js.map +1 -1
- package/dist/backend-rest-api/template/restApi/src/restApi.utils.ts +9 -0
- package/dist/backend-router-trpc/generators/audit-log-route.generator.js +2 -2
- package/dist/backend-router-trpc/generators/excel-io-route.generator.js +1 -1
- package/dist/backend-router-trpc/generators/middleware.generator.js +8 -5
- package/dist/backend-router-trpc/generators/middleware.generator.js.map +1 -1
- package/dist/backend-router-trpc/generators/model-routes.generator.js +27 -7
- package/dist/backend-router-trpc/generators/model-routes.generator.js.map +1 -1
- package/dist/backend-router-trpc/generators/trpc-plugin.generator.js +9 -6
- package/dist/backend-router-trpc/generators/trpc-plugin.generator.js.map +1 -1
- package/dist/backend-router-trpc/generators/trpc-shared.generator.js +4 -24
- package/dist/backend-router-trpc/generators/trpc-shared.generator.js.map +1 -1
- package/dist/backend-router-trpc/router-trpc.generator.d.ts +4 -0
- package/dist/backend-router-trpc/router-trpc.generator.js +1 -0
- package/dist/backend-router-trpc/router-trpc.generator.js.map +1 -1
- package/dist/backend-router-trpc/template/viewer.router.ts +1 -6
- package/dist/backend-update/update-actions.decoders.d.ts +4 -4
- package/dist/backend-upload/template/src/upload.controller.ts +1 -1
- package/dist/backend-upload/template/src/upload.service.ts +11 -5
- package/dist/backend-view/model-view-service.generator.js +105 -52
- package/dist/backend-view/model-view-service.generator.js.map +1 -1
- package/dist/backend-view/view.generator.d.ts +2 -1
- package/dist/backend-view/view.generator.js +8 -1
- package/dist/backend-view/view.generator.js.map +1 -1
- package/dist/base/base.generator.js +2 -0
- package/dist/base/base.generator.js.map +1 -1
- package/dist/e2e/template/e2e/specs/example.spec.ts-snapshots/Navigate-to-homepage-and-take-snapshot-1-chromium-linux.png +0 -0
- package/dist/frontend-admin/admin.generator.js +2 -0
- package/dist/frontend-admin/admin.generator.js.map +1 -1
- package/dist/frontend-admin/generators/authorization-utils.generator.d.ts +1 -0
- package/dist/frontend-admin/generators/authorization-utils.generator.js +20 -0
- package/dist/frontend-admin/generators/authorization-utils.generator.js.map +1 -0
- package/dist/frontend-admin/generators/comment-sidebar.generator.js +9 -1
- package/dist/frontend-admin/generators/comment-sidebar.generator.js.map +1 -1
- package/dist/frontend-admin/generators/model-admin-page.generator.js +347 -184
- package/dist/frontend-admin/generators/model-admin-page.generator.js.map +1 -1
- package/dist/frontend-core/frontend.generator.d.ts +6 -0
- package/dist/frontend-core/frontend.generator.js +10 -3
- package/dist/frontend-core/frontend.generator.js.map +1 -1
- package/dist/frontend-core/template/README.md +2 -0
- package/dist/frontend-core/template/src/context-providers/auth-context-provider.tsx +1 -2
- package/dist/frontend-core/template/src/pages/dashboard/dashboard.page.tsx +10 -1
- package/dist/frontend-core/template/src/pages/login/login.page.tsx +1 -1
- package/dist/frontend-core/template/vite.config.ts +5 -0
- package/dist/frontend-core/types/component.d.ts +1 -1
- package/dist/frontend-core/types/contextprovider.d.ts +1 -1
- package/dist/frontend-core/types/hook.d.ts +1 -1
- package/dist/frontend-trpc-client/generators/model-hook.generator.js +104 -39
- package/dist/frontend-trpc-client/generators/model-hook.generator.js.map +1 -1
- package/dist/frontend-trpc-client/trpc-client.generator.js +28 -14
- package/dist/frontend-trpc-client/trpc-client.generator.js.map +1 -1
- package/dist/types/types.generator.d.ts +7 -0
- package/dist/types/types.generator.js +80 -0
- package/dist/types/types.generator.js.map +1 -1
- package/package.json +3 -3
|
@@ -48,6 +48,7 @@ const types_1 = require("../types");
|
|
|
48
48
|
const action_types_generator_1 = require("./generators/action-types.generator");
|
|
49
49
|
const actions_config_class_generator_1 = require("./generators/actions-config-class.generator");
|
|
50
50
|
const actions_module_generator_1 = require("./generators/actions-module.generator");
|
|
51
|
+
const authorization_policy_service_generator_1 = require("./generators/authorization-policy-service.generator");
|
|
51
52
|
const authorization_service_generator_1 = require("./generators/authorization-service.generator");
|
|
52
53
|
const dispatcher_service_generator_1 = require("./generators/dispatcher-service.generator");
|
|
53
54
|
const execution_class_generator_1 = require("./generators/execution-class.generator");
|
|
@@ -100,6 +101,10 @@ exports.generator = {
|
|
|
100
101
|
name: Generator.toClassName('AuthorizationService'),
|
|
101
102
|
location: Generator.toBackendModuleLocation(`@actions/authorization/authorization.service`),
|
|
102
103
|
},
|
|
104
|
+
policy: {
|
|
105
|
+
name: Generator.toClassName('AuthorizationPolicyService'),
|
|
106
|
+
location: Generator.toBackendModuleLocation(`@actions/authorization/authorization-policy.service`),
|
|
107
|
+
},
|
|
103
108
|
},
|
|
104
109
|
execution: {
|
|
105
110
|
interface: {
|
|
@@ -180,6 +185,7 @@ exports.generator = {
|
|
|
180
185
|
const srcVfs = new Generator.VirtualFileSystem();
|
|
181
186
|
srcVfs.write(Generator.toLocalFile(actions.dispatcher), (0, dispatcher_service_generator_1.generateDispatcher)(context));
|
|
182
187
|
srcVfs.write(Generator.toLocalFile(actions.authorization.service), (0, authorization_service_generator_1.generateAuthorizationService)(context));
|
|
188
|
+
srcVfs.write(Generator.toLocalFile(actions.authorization.policy), (0, authorization_policy_service_generator_1.generateAuthorizationPolicyService)(context));
|
|
183
189
|
srcVfs.write(Generator.toLocalFile(actions.execution.class), (0, execution_class_generator_1.generateActionExecutionClass)(context));
|
|
184
190
|
srcVfs.write(Generator.toLocalFile(actions.execution.interface), (0, execution_interface_generator_1.generateActionExecutionInterface)(context));
|
|
185
191
|
srcVfs.write(Generator.toLocalFile(actions.summary.action), (0, action_types_generator_1.generateActionTypes)(actions));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actions.generator.js","sourceRoot":"","sources":["../../src/backend-actions/actions.generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAmC;AACnC,8CAAmB;AAEnB,6DAA8C;AAC9C,uDAAwC;AAExC,kDAA+E;AAC/E,wEAA8E;AAC9E,kCAAmD;AACnD,oCAAsD;AAEtD,gFAAyE;AACzE,gGAAmF;AACnF,oFAA6E;AAC7E,kGAA2F;AAC3F,4FAA8E;AAC9E,sFAAqF;AACrF,8FAA6F;
|
|
1
|
+
{"version":3,"file":"actions.generator.js","sourceRoot":"","sources":["../../src/backend-actions/actions.generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAmC;AACnC,8CAAmB;AAEnB,6DAA8C;AAC9C,uDAAwC;AAExC,kDAA+E;AAC/E,wEAA8E;AAC9E,kCAAmD;AACnD,oCAAsD;AAEtD,gFAAyE;AACzE,gGAAmF;AACnF,oFAA6E;AAC7E,gHAAwG;AACxG,kGAA2F;AAC3F,4FAA8E;AAC9E,sFAAqF;AACrF,8FAA6F;AAgH7F,MAAM,UAAU,GAAG,aAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;AAK7C,MAAM,WAAW,GAAG,CAAC,KAAa,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;AAAxD,QAAA,WAAW,eAA6C;AAmBxD,QAAA,WAAW,GAAG,SAAS,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,CAAA;AAEjE,QAAA,SAAS,GAAiC;IACrD,EAAE,EAAE,mBAAW;IACf,QAAQ,EAAE,CAAC,iCAAkB,EAAE,sBAAe,EAAE,wBAAgB,EAAE,6CAAmB,CAAC;IAEtF,QAAQ,EAAE,CAAsC,OAAgB,EAAwB,EAAE;QACxF,aAAa,CAAC,OAAO,CAAC,CAAA;QAEtB,MAAM,MAAM,GAA6B;YACvC,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,eAAe,CAAC;YAC5C,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,yBAAyB,CAAC;SACvE,CAAA;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,uBAAuB,CAAC,+BAA+B,CAAC,CAAA;QACzF,MAAM,MAAM,GAAG;YACb,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,eAAe,CAAC;YAC5C,QAAQ,EAAE,cAAc;YACxB,OAAO,EAAE;gBACP,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,sBAAsB,CAAC;gBAClD,QAAQ,EAAE,cAAc;aACzB;SACF,CAAA;QAED,MAAM,aAAa,GAAiB;YAClC,IAAI,EAAE,SAAS,CAAC,mBAAmB,CAAC,SAAS,CAAC;YAC9C,WAAW,EAAE,MAAM;YACnB,qBAAqB,EAAE;gBACrB,IAAI,EAAE,SAAS,CAAC,EAAE,CAAC,uCAAuC,CAAC;aAC5D;YACD,SAAS,EAAE;gBACT,WAAW,EAAE,SAAS,CAAC,EAAE,CAAC,yCAAyC,CAAC;gBACpE,kFAAkF;gBAClF,aAAa,EAAE,EAAE;gBACjB,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC;aAC1B;SACF,CAAA;QACD,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAA;QAE3C,MAAM,OAAO,GAAmB;YAC9B,MAAM;YACN,MAAM;YACN,UAAU,EAAE;gBACV,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,mBAAmB,CAAC;gBAChD,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,6BAA6B,CAAC;aAC3E;YACD,aAAa,EAAE;gBACb,OAAO,EAAE;oBACP,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,sBAAsB,CAAC;oBACnD,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,8CAA8C,CAAC;iBAC5F;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,4BAA4B,CAAC;oBACzD,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,qDAAqD,CAAC;iBACnG;aACF;YACD,SAAS,EAAE;gBACT,SAAS,EAAE;oBACT,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,kBAAkB,CAAC;oBAC9C,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,wCAAwC,CAAC;oBACrF,iBAAiB,EAAE;wBACjB,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,mBAAmB,CAAC;wBAC/C,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,wCAAwC,CAAC;qBACtF;oBACD,0BAA0B,EAAE;wBAC1B,IAAI,EAAE,SAAS,CAAC,cAAc,CAAC,qBAAqB,CAAC;wBACrD,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,wCAAwC,CAAC;qBACtF;iBACF;gBACD,KAAK,EAAE;oBACL,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,wBAAwB,CAAC;oBACrD,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,oCAAoC,CAAC;iBAClF;gBACD,aAAa,EAAE,SAAS,CAAC,WAAW,CAAC,iBAAiB,CAAC;gBACvD,SAAS,EAAE;oBACT,MAAM,EAAE;wBACN,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,qBAAqB,CAAC;wBACtD,MAAM,EAAE,SAAS,CAAC,cAAc,CAAC,sBAAsB,CAAC;qBACzD;oBACD,UAAU,EAAE;wBACV,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,yBAAyB,CAAC;wBAC1D,MAAM,EAAE,SAAS,CAAC,cAAc,CAAC,0BAA0B,CAAC;qBAC7D;oBACD,MAAM,EAAE;wBACN,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,qBAAqB,CAAC;wBACtD,MAAM,EAAE,SAAS,CAAC,cAAc,CAAC,sBAAsB,CAAC;qBACzD;oBACD,UAAU,EAAE;wBACV,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,yBAAyB,CAAC;wBAC1D,MAAM,EAAE,SAAS,CAAC,cAAc,CAAC,0BAA0B,CAAC;qBAC7D;oBACD,MAAM,EAAE;wBACN,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,qBAAqB,CAAC;wBACtD,MAAM,EAAE,SAAS,CAAC,cAAc,CAAC,sBAAsB,CAAC;qBACzD;oBACD,UAAU,EAAE;wBACV,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,yBAAyB,CAAC;wBAC1D,MAAM,EAAE,SAAS,CAAC,cAAc,CAAC,0BAA0B,CAAC;qBAC7D;oBACD,KAAK,EAAE;wBACL,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC;wBACrD,MAAM,EAAE,SAAS,CAAC,cAAc,CAAC,qBAAqB,CAAC;qBACxD;iBACF;gBACD,cAAc,EAAE;oBACd,eAAe,EAAE,SAAS,CAAC,cAAc,CAAC,wBAAwB,CAAC;oBACnE,aAAa,EAAE,SAAS,CAAC,cAAc,CAAC,uBAAuB,CAAC;oBAChE,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,qBAAqB,CAAC;oBACtD,MAAM,EAAE,SAAS,CAAC,cAAc,CAAC,sBAAsB,CAAC;iBACzD;gBACD,cAAc,EAAE,SAAS,CAAC,cAAc,CAAC,sBAAsB,CAAC;aACjE;YACD,SAAS,EAAE,EAAE;YACb,OAAO,EAAE;gBACP,MAAM,EAAE;oBACN,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC;oBACpC,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,wBAAwB,CAAC;iBACtE;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,cAAc,CAAC;oBAC1C,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,wBAAwB,CAAC;iBACtE;gBACD,oBAAoB,EAAE;oBACpB,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,gBAAgB,CAAC;oBAC5C,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,wBAAwB,CAAC;iBACtE;aACF;SACF,CAAA;QACD,OAAO,EAAE,GAAG,OAAO,EAAE,OAAO,EAAE,CAAA;IAChC,CAAC;IAED,QAAQ,EAAE,KAAK,EAAiC,OAAgB,EAAoB,EAAE;QACpF,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;QAE3B,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAA;QAChD,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,IAAA,iDAAkB,EAAC,OAAO,CAAC,CAAC,CAAA;QACpF,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,IAAA,8DAA4B,EAAC,OAAO,CAAC,CAAC,CAAA;QACzG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,IAAA,2EAAkC,EAAC,OAAO,CAAC,CAAC,CAAA;QAC9G,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,IAAA,wDAA4B,EAAC,OAAO,CAAC,CAAC,CAAA;QACnG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,IAAA,gEAAgC,EAAC,OAAO,CAAC,CAAC,CAAA;QAC3G,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAA,4CAAmB,EAAC,OAAO,CAAC,CAAC,CAAA;QACzF,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAA,sDAAqB,EAAC,OAAO,CAAC,CAAC,CAAA;QACnF,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAA,gDAAqB,EAAC,OAAO,CAAC,CAAC,CAAA;QAEnF,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAA;QAC7C,GAAG,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAA;QACrD,GAAG,CAAC,KAAK,CAAC,oBAAoB,EAAE,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAA;QAEpE,MAAM,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAA,mBAAO,EAAC,SAAS,EAAE,YAAY,CAAC,EAAE,CAAC,CAAA;QAEpE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,sBAAsB,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;QAE3E,OAAO,OAAO,CAAA;IAChB,CAAC;CACF,CAAA;AACD,SAAS,aAAa,CAAoC,OAAgB;IACxE,SAAS,CAAC,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACrE,SAAS,CAAC,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IACvE,SAAS,CAAC,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IACnE,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;IACzE,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,OAAO,CAAC,CAAA;IAC3E,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC,gBAAgB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;AAC3E,CAAC"}
|
|
@@ -8,6 +8,7 @@ function generateActionsModule({ actions, database }) {
|
|
|
8
8
|
.from(actions.module.location)
|
|
9
9
|
.add(actions.execution.class)
|
|
10
10
|
.add(actions.dispatcher)
|
|
11
|
+
.add(actions.authorization.policy)
|
|
11
12
|
.add(actions.authorization.service)
|
|
12
13
|
.add(actions.config)
|
|
13
14
|
.addType(actions.config.options)
|
|
@@ -37,8 +38,8 @@ export class ${actions.module.name} {
|
|
|
37
38
|
${database.module.moduleClass.name},
|
|
38
39
|
${moduleImports.join(',\n')}
|
|
39
40
|
],
|
|
40
|
-
providers: [${actions.dispatcher.name}, ${actions.execution.class.name}, ${actions.authorization.service.name}, configProvider],
|
|
41
|
-
exports: [${actions.dispatcher.name}, ${actions.execution.class.name}, ${actions.authorization.service.name}],
|
|
41
|
+
providers: [${actions.dispatcher.name}, ${actions.execution.class.name}, ${actions.authorization.policy.name}, ${actions.authorization.service.name}, configProvider],
|
|
42
|
+
exports: [${actions.dispatcher.name}, ${actions.execution.class.name}, ${actions.authorization.policy.name}, ${actions.authorization.service.name}],
|
|
42
43
|
global: true
|
|
43
44
|
}
|
|
44
45
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actions-module.generator.js","sourceRoot":"","sources":["../../../src/backend-actions/generators/actions-module.generator.ts"],"names":[],"mappings":";;AAIA,
|
|
1
|
+
{"version":3,"file":"actions-module.generator.js","sourceRoot":"","sources":["../../../src/backend-actions/generators/actions-module.generator.ts"],"names":[],"mappings":";;AAIA,sDA8CC;AAlDD,iDAAmD;AAInD,SAAgB,qBAAqB,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAiB;IACxE,MAAM,OAAO,GAAG,2BAAe;QAC7B,EAAE;SACD,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;SAC7B,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC;SAC5B,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC;SACvB,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC;SACjC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC;SAClC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;SACnB,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;SAC/B,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAY,CAAC,CAAA,CAAC,UAAU;IAE/C,MAAM,aAAa,GAAa,EAAE,CAAA;IAClC,KAAK,MAAM,EACT,MAAM,EAAE,EAAE,WAAW,EAAE,GACxB,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,SAAQ;QACV,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACxB,aAAa,CAAC,IAAI,CAAC,oBAAoB,WAAW,CAAC,IAAI,GAAG,CAAC,CAAA;IAC7D,CAAC;IAED,OAAO,QAAQ,CAAC;;;EAGhB,OAAO,CAAC,QAAQ,EAAE;;eAEL,OAAO,CAAC,MAAM,CAAC,IAAI;mCACC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI;;iBAE7C,OAAO,CAAC,MAAM,CAAC,IAAI;sBACd,OAAO,CAAC,MAAM,CAAC,IAAI;;;gBAGzB,OAAO,CAAC,MAAM,CAAC,IAAI;;UAEzB,QAAQ,CAAC,MAAM,CAAC,WAAY,CAAC,IAAI;UACjC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;;oBAEf,OAAO,CAAC,UAAU,CAAC,IAAI,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI;kBACvI,OAAO,CAAC,UAAU,CAAC,IAAI,KAAK,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI;;;;EAIrJ,CAAA;AACF,CAAC"}
|
|
@@ -0,0 +1,214 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.generateAuthorizationPolicyService = generateAuthorizationPolicyService;
|
|
4
|
+
const generator_1 = require("@postxl/generator");
|
|
5
|
+
function stringifyAuthRuleSet(input) {
|
|
6
|
+
if (!input) {
|
|
7
|
+
return '{}';
|
|
8
|
+
}
|
|
9
|
+
const typedInput = input;
|
|
10
|
+
const result = {};
|
|
11
|
+
if (typedInput.read) {
|
|
12
|
+
result.read = typedInput.read;
|
|
13
|
+
}
|
|
14
|
+
if (typedInput.write) {
|
|
15
|
+
result.write = typedInput.write;
|
|
16
|
+
}
|
|
17
|
+
if (typedInput.create) {
|
|
18
|
+
result.create = typedInput.create;
|
|
19
|
+
}
|
|
20
|
+
if (typedInput.update) {
|
|
21
|
+
result.update = typedInput.update;
|
|
22
|
+
}
|
|
23
|
+
if (typedInput.delete) {
|
|
24
|
+
result.delete = typedInput.delete;
|
|
25
|
+
}
|
|
26
|
+
if (typedInput.actions) {
|
|
27
|
+
result.actions = typedInput.actions;
|
|
28
|
+
}
|
|
29
|
+
if (typedInput.adminUi) {
|
|
30
|
+
result.adminUi = typedInput.adminUi;
|
|
31
|
+
}
|
|
32
|
+
return JSON.stringify(result);
|
|
33
|
+
}
|
|
34
|
+
function stringifyAuthScopeRuleSet(input) {
|
|
35
|
+
if (!input) {
|
|
36
|
+
return '{}';
|
|
37
|
+
}
|
|
38
|
+
const typedInput = input;
|
|
39
|
+
const result = {};
|
|
40
|
+
if (typedInput.actions) {
|
|
41
|
+
result.actions = typedInput.actions;
|
|
42
|
+
}
|
|
43
|
+
return JSON.stringify(result);
|
|
44
|
+
}
|
|
45
|
+
function generateAuthorizationPolicyService({ actions, schema, types }) {
|
|
46
|
+
const imports = generator_1.ImportGenerator.from(actions.authorization.policy.location)
|
|
47
|
+
.addType(types.modelNames)
|
|
48
|
+
.addType(types.authorizationContext)
|
|
49
|
+
.addType(types.userRoles)
|
|
50
|
+
.addType(actions.summary.action);
|
|
51
|
+
const schemaRules = [...schema.schemaAuth.entries()]
|
|
52
|
+
.map(([schemaName, ruleSet]) => ` ${JSON.stringify(schemaName)}: ${stringifyAuthRuleSet(ruleSet)},`)
|
|
53
|
+
.join('\n');
|
|
54
|
+
const modelRules = schema.modelNames
|
|
55
|
+
.map((modelName) => {
|
|
56
|
+
const model = schema.models.get(modelName);
|
|
57
|
+
return ` ${JSON.stringify(modelName)}: ${stringifyAuthRuleSet(model?.auth)},`;
|
|
58
|
+
})
|
|
59
|
+
.join('\n');
|
|
60
|
+
const modelSchemas = schema.modelNames
|
|
61
|
+
.map((modelName) => {
|
|
62
|
+
const model = schema.models.get(modelName);
|
|
63
|
+
return ` ${JSON.stringify(modelName)}: ${JSON.stringify(model?.databaseSchema ?? schema.defaultDatabaseSchema)},`;
|
|
64
|
+
})
|
|
65
|
+
.join('\n');
|
|
66
|
+
const scopeRules = Object.entries(schema.auth?.scopes ?? {})
|
|
67
|
+
.map(([scope, ruleSet]) => ` ${JSON.stringify(scope)}: ${stringifyAuthScopeRuleSet(ruleSet)},`)
|
|
68
|
+
.join('\n');
|
|
69
|
+
const knownScopes = new Set();
|
|
70
|
+
for (const provider of actions.providers) {
|
|
71
|
+
for (const scope of provider.scopes) {
|
|
72
|
+
knownScopes.add(scope);
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
const scopeToModel = schema.modelNames
|
|
76
|
+
.map((modelName) => {
|
|
77
|
+
const scope = `${modelName.charAt(0).toLowerCase()}${modelName.slice(1)}`;
|
|
78
|
+
if (!knownScopes.has(scope)) {
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
return ` ${JSON.stringify(scope)}: ${JSON.stringify(modelName)},`;
|
|
82
|
+
})
|
|
83
|
+
.filter(Boolean)
|
|
84
|
+
.join('\n');
|
|
85
|
+
return /* ts */ `
|
|
86
|
+
import { Injectable } from '@nestjs/common'
|
|
87
|
+
|
|
88
|
+
${imports.generate()}
|
|
89
|
+
|
|
90
|
+
type RoleRule = { anyRole: string[] }
|
|
91
|
+
|
|
92
|
+
type RuleSet = {
|
|
93
|
+
read?: RoleRule
|
|
94
|
+
write?: RoleRule
|
|
95
|
+
create?: RoleRule
|
|
96
|
+
update?: RoleRule
|
|
97
|
+
delete?: RoleRule
|
|
98
|
+
actions?: Record<string, RoleRule>
|
|
99
|
+
adminUi?: {
|
|
100
|
+
visibleFor: string[]
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
type Operation = 'read' | 'write' | 'create' | 'update' | 'delete'
|
|
105
|
+
type ActionScope = Action['scope']
|
|
106
|
+
type ScopeRuleSet = {
|
|
107
|
+
actions?: Record<string, RoleRule>
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
type PolicyMatrix = {
|
|
111
|
+
defaultDeny: boolean
|
|
112
|
+
schemas: Record<string, RuleSet>
|
|
113
|
+
models: Record<ModelName, RuleSet>
|
|
114
|
+
modelSchemas: Record<ModelName, string>
|
|
115
|
+
scopes: Partial<Record<ActionScope, ScopeRuleSet>>
|
|
116
|
+
scopeModels: Partial<Record<ActionScope, ModelName>>
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
@Injectable()
|
|
120
|
+
export class ${actions.authorization.policy.name} {
|
|
121
|
+
private readonly matrix: PolicyMatrix = {
|
|
122
|
+
defaultDeny: ${schema.auth?.defaultDeny ?? true},
|
|
123
|
+
schemas: {
|
|
124
|
+
${schemaRules}
|
|
125
|
+
},
|
|
126
|
+
models: {
|
|
127
|
+
${modelRules}
|
|
128
|
+
},
|
|
129
|
+
modelSchemas: {
|
|
130
|
+
${modelSchemas}
|
|
131
|
+
},
|
|
132
|
+
scopes: {
|
|
133
|
+
${scopeRules}
|
|
134
|
+
},
|
|
135
|
+
scopeModels: {
|
|
136
|
+
${scopeToModel}
|
|
137
|
+
},
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
public canRead(params: { authorization: AuthorizationContext; modelName: ModelName }): boolean {
|
|
141
|
+
return this.canOperate({ ...params, operation: 'read' })
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
public canRunAction(params: { authorization: AuthorizationContext; scope: ActionScope; actionType: string }): boolean {
|
|
145
|
+
const scopeRules = this.matrix.scopes[params.scope]
|
|
146
|
+
const scopedRule = scopeRules?.actions?.[params.actionType] ?? scopeRules?.actions?.['*']
|
|
147
|
+
if (scopedRule) {
|
|
148
|
+
return this.matchesAnyRole(params.authorization.userRoles, scopedRule.anyRole)
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
const modelName = this.matrix.scopeModels[params.scope]
|
|
152
|
+
if (modelName) {
|
|
153
|
+
const rules = this.getEffectiveRules(modelName)
|
|
154
|
+
const direct = rules.actions?.[params.actionType]
|
|
155
|
+
const wildcard = rules.actions?.['*']
|
|
156
|
+
const selectedRule = direct ?? wildcard
|
|
157
|
+
|
|
158
|
+
if (selectedRule) {
|
|
159
|
+
return this.matchesAnyRole(params.authorization.userRoles, selectedRule.anyRole)
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
return this.canOperate({ authorization: params.authorization, modelName, operation: 'write' })
|
|
163
|
+
}
|
|
164
|
+
|
|
165
|
+
return !this.matrix.defaultDeny
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
public canWriteOperation(params: { authorization: AuthorizationContext; modelName: ModelName; operation: Exclude<Operation, 'read'> }): boolean {
|
|
169
|
+
return this.canOperate(params)
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
public canAccessAdminUi(params: { authorization: AuthorizationContext; modelName: ModelName }): boolean {
|
|
173
|
+
const rules = this.getEffectiveRules(params.modelName)
|
|
174
|
+
const adminRule = rules.adminUi
|
|
175
|
+
if (adminRule) {
|
|
176
|
+
return this.matchesAnyRole(params.authorization.userRoles, adminRule.visibleFor)
|
|
177
|
+
}
|
|
178
|
+
return !this.matrix.defaultDeny
|
|
179
|
+
}
|
|
180
|
+
|
|
181
|
+
private canOperate(params: { authorization: AuthorizationContext; modelName: ModelName; operation: Operation }): boolean {
|
|
182
|
+
const rules = this.getEffectiveRules(params.modelName)
|
|
183
|
+
const selectedRule =
|
|
184
|
+
rules[params.operation] ??
|
|
185
|
+
(params.operation === 'create' || params.operation === 'update' || params.operation === 'delete'
|
|
186
|
+
? rules.write
|
|
187
|
+
: undefined)
|
|
188
|
+
|
|
189
|
+
if (!selectedRule) {
|
|
190
|
+
return !this.matrix.defaultDeny
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
return this.matchesAnyRole(params.authorization.userRoles, selectedRule.anyRole)
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
private getEffectiveRules(modelName: ModelName): RuleSet {
|
|
197
|
+
const modelRules = this.matrix.models[modelName] ?? {}
|
|
198
|
+
const schemaName = this.matrix.modelSchemas[modelName]
|
|
199
|
+
const schemaRules = schemaName ? (this.matrix.schemas[schemaName] ?? {}) : {}
|
|
200
|
+
return { ...schemaRules, ...modelRules }
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
private matchesAnyRole(userRoles: UserRoles, requiredRoles: string[]): boolean {
|
|
204
|
+
for (const role of userRoles) {
|
|
205
|
+
if (requiredRoles.includes(role)) {
|
|
206
|
+
return true
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
return false
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
`;
|
|
213
|
+
}
|
|
214
|
+
//# sourceMappingURL=authorization-policy-service.generator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorization-policy-service.generator.js","sourceRoot":"","sources":["../../../src/backend-actions/generators/authorization-policy-service.generator.ts"],"names":[],"mappings":";;AAwEA,gFA+KC;AAvPD,iDAAmD;AAwBnD,SAAS,oBAAoB,CAAC,KAAc;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,UAAU,GAAG,KAAoB,CAAA;IACvC,MAAM,MAAM,GAAgB,EAAE,CAAA;IAE9B,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,GAAG,UAAU,CAAC,IAAI,CAAA;IAC/B,CAAC;IACD,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;QACrB,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,KAAK,CAAA;IACjC,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAA;IACnC,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAA;IACnC,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAA;IACnC,CAAC;IACD,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACvB,MAAM,CAAC,OAAO,GAAG,UAAU,CAAC,OAAO,CAAA;IACrC,CAAC;IACD,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACvB,MAAM,CAAC,OAAO,GAAG,UAAU,CAAC,OAAO,CAAA;IACrC,CAAC;IAED,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;AAC/B,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAc;IAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,UAAU,GAAG,KAAyB,CAAA;IAC5C,MAAM,MAAM,GAAqB,EAAE,CAAA;IAEnC,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACvB,MAAM,CAAC,OAAO,GAAG,UAAU,CAAC,OAAO,CAAA;IACrC,CAAC;IAED,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;AAC/B,CAAC;AAED,SAAgB,kCAAkC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAiB;IAC1F,MAAM,OAAO,GAAG,2BAAe,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC;SACxE,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC;SACzB,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC;SACnC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;SACxB,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IAElC,MAAM,WAAW,GAAG,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;SACjD,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,KAAK,oBAAoB,CAAC,OAAO,CAAC,GAAG,CAAC;SACtG,IAAI,CAAC,IAAI,CAAC,CAAA;IAEb,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU;SACjC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;QACjB,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC1C,OAAO,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,oBAAoB,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAA;IAClF,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAA;IAEb,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU;SACnC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;QACjB,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC1C,OAAO,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,IAAI,MAAM,CAAC,qBAAqB,CAAC,GAAG,CAAA;IACtH,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAA;IAEb,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,IAAI,EAAE,CAAC;SACzD,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,yBAAyB,CAAC,OAAO,CAAC,GAAG,CAAC;SACjG,IAAI,CAAC,IAAI,CAAC,CAAA;IAEb,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAA;IACrC,KAAK,MAAM,QAAQ,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACzC,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU;SACnC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;QACjB,MAAM,KAAK,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;QACzE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAA;QACb,CAAC;QACD,OAAO,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,CAAA;IACtE,CAAC,CAAC;SACD,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAA;IAEb,OAAO,QAAQ,CAAC;;;EAGhB,OAAO,CAAC,QAAQ,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAgCL,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI;;mBAE7B,MAAM,CAAC,IAAI,EAAE,WAAW,IAAI,IAAI;;EAEjD,WAAW;;;EAGX,UAAU;;;EAGV,YAAY;;;EAGZ,UAAU;;;EAGV,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4Eb,CAAA;AACD,CAAC"}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
import { ContextResult } from '../actions.generator';
|
|
2
|
-
export declare function generateAuthorizationService({ actions,
|
|
2
|
+
export declare function generateAuthorizationService({ actions, types, schema }: ContextResult): string;
|
|
@@ -2,31 +2,43 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.generateAuthorizationService = generateAuthorizationService;
|
|
4
4
|
const generator_1 = require("@postxl/generator");
|
|
5
|
-
function generateAuthorizationService({ actions,
|
|
5
|
+
function generateAuthorizationService({ actions, types, schema }) {
|
|
6
6
|
const imports = generator_1.ImportGenerator.from(actions.authorization.service.location)
|
|
7
|
-
.add(
|
|
7
|
+
.add(actions.authorization.policy)
|
|
8
8
|
.addType(actions.summary.action)
|
|
9
|
-
.addType(types.
|
|
9
|
+
.addType(types.authorizationContext)
|
|
10
10
|
.addType(actions.execution.interface);
|
|
11
11
|
return /* ts */ `
|
|
12
12
|
import { Injectable, Logger } from '@nestjs/common'
|
|
13
13
|
|
|
14
14
|
${imports.generate()}
|
|
15
15
|
|
|
16
|
-
type
|
|
16
|
+
type AuthorizeActionContext = AuthorizationContext & {
|
|
17
17
|
action: Action
|
|
18
|
-
user: User
|
|
19
18
|
execution: IActionExecution
|
|
20
19
|
}
|
|
21
20
|
|
|
22
21
|
@Injectable()
|
|
23
22
|
export class ${actions.authorization.service.name} {
|
|
24
23
|
private readonly _logger = new Logger(${actions.authorization.service.name}.name)
|
|
24
|
+
private static readonly SYSTEM_USER_ID = ${JSON.stringify(schema.systemUser.id ?? 'root')}
|
|
25
25
|
|
|
26
|
-
constructor(private readonly
|
|
26
|
+
constructor(private readonly authorizationPolicyService: ${actions.authorization.policy.name}) {}
|
|
27
27
|
|
|
28
|
-
public
|
|
29
|
-
|
|
28
|
+
public authorizeAction({ action, user, userRoles, execution: _execution }: AuthorizeActionContext): boolean {
|
|
29
|
+
if (user.id === ${actions.authorization.service.name}.SYSTEM_USER_ID) {
|
|
30
|
+
return true
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
const isAllowed = this.authorizationPolicyService.canRunAction({
|
|
34
|
+
authorization: { user, userRoles },
|
|
35
|
+
scope: action.scope,
|
|
36
|
+
actionType: action.type,
|
|
37
|
+
})
|
|
38
|
+
if (!isAllowed) {
|
|
39
|
+
this._logger.warn(\`Authorization denied for action scope/type "\${action.scope}.\${action.type}".\`)
|
|
40
|
+
}
|
|
41
|
+
return isAllowed
|
|
30
42
|
}
|
|
31
43
|
|
|
32
44
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.generator.js","sourceRoot":"","sources":["../../../src/backend-actions/generators/authorization-service.generator.ts"],"names":[],"mappings":";;AAIA,
|
|
1
|
+
{"version":3,"file":"authorization-service.generator.js","sourceRoot":"","sources":["../../../src/backend-actions/generators/authorization-service.generator.ts"],"names":[],"mappings":";;AAIA,oEA0CC;AA9CD,iDAAmD;AAInD,SAAgB,4BAA4B,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAiB;IACpF,MAAM,OAAO,GAAG,2BAAe,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC;SACzE,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC;SACjC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;SAC/B,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC;SACnC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;IAEvC,OAAO,QAAQ,CAAC;;;EAGhB,OAAO,CAAC,QAAQ,EAAE;;;;;;;;eAQL,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI;0CACP,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI;6CAC/B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,IAAI,MAAM,CAAC;;6DAE9B,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI;;;sBAGxE,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI;;;;;;;;;;;;;;;;CAgBvD,CAAA;AACD,CAAC"}
|
|
@@ -12,6 +12,7 @@ function generateDispatcher({ actions, database, types }) {
|
|
|
12
12
|
imports.add(actions.summary.resultOfActionHelper);
|
|
13
13
|
imports.add(actions.authorization.service);
|
|
14
14
|
imports.addType(types.user);
|
|
15
|
+
imports.addType(types.userRoles);
|
|
15
16
|
const injections = [];
|
|
16
17
|
const executeMethods = [];
|
|
17
18
|
if (actions.providers.length === 0) {
|
|
@@ -50,10 +51,10 @@ export class DispatcherService {
|
|
|
50
51
|
public async dispatch<
|
|
51
52
|
A extends Action,
|
|
52
53
|
Result = ${actions.summary.resultOfActionHelper.name}<A, ${actions.summary.result.name}>
|
|
53
|
-
>({ action, user, migrationOrder }: { action: A; user: User; migrationOrder?: number }): Promise<Result> {
|
|
54
|
+
>({ action, user, userRoles = [], migrationOrder }: { action: A; user: User; userRoles?: UserRoles; migrationOrder?: number }): Promise<Result> {
|
|
54
55
|
const execution = await this.actionExecutionFactory.create({ action, databaseService: this.databaseService, user, migrationOrder })
|
|
55
56
|
|
|
56
|
-
const isAuthorized =
|
|
57
|
+
const isAuthorized = this.authorizationService.authorizeAction({ action, user, userRoles, execution })
|
|
57
58
|
if (!isAuthorized) {
|
|
58
59
|
const message = \`User \${user.id} is not authorized to execute \${action.scope}.\${action.type}\`
|
|
59
60
|
await execution.error(message)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dispatcher-service.generator.js","sourceRoot":"","sources":["../../../src/backend-actions/generators/dispatcher-service.generator.ts"],"names":[],"mappings":";;AAIA,
|
|
1
|
+
{"version":3,"file":"dispatcher-service.generator.js","sourceRoot":"","sources":["../../../src/backend-actions/generators/dispatcher-service.generator.ts"],"names":[],"mappings":";;AAIA,gDAmGC;AAvGD,iDAAmD;AAInD,SAAgB,kBAAkB,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAiB;IAC5E,MAAM,OAAO,GAAG,2BAAe,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;IACjE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;IAC7B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IACpC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IACnC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IACnC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAA;IACjD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;IAC1C,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3B,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IAEhC,MAAM,UAAU,GAAa,EAAE,CAAA;IAC/B,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,cAAc,CAAC,IAAI,CACjB;;KAED,CACA,CAAA;IACH,CAAC;IAED,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACpB,UAAU,CAAC,IAAI,CACb,4BAA4B,OAAO,CAAC,IAAI,uBAAuB,OAAO,CAAC,YAAY,KAAK,OAAO,CAAC,IAAI,EAAE,CACvG,CAAA;QACD,KAAK,MAAM,SAAS,IAAI,MAAM,EAAE,CAAC;YAC/B,cAAc,CAAC,IAAI,CAAC;gBACV,SAAS;wBACD,OAAO,CAAC,YAAY,qDAAqD,CAAC,CAAA;QAC9F,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;;;;EAIhB,OAAO,CAAC,QAAQ,EAAE;;;;;;;;;;;;MAYd,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;;;;;eAKjB,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,IAAI,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;eA0B3E,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,IAAI,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI;;;;;;;;;;QAUlF,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;CAOhC,CAAA;AACD,CAAC"}
|
|
@@ -14,15 +14,15 @@ export const ai = router({
|
|
|
14
14
|
ask: procedure
|
|
15
15
|
.use(authMiddleware)
|
|
16
16
|
.input(zAskTaskInput)
|
|
17
|
-
.mutation(async ({ input, ctx }) => ctx.aiAgent.startExecution(input, ctx.user.id)),
|
|
17
|
+
.mutation(async ({ input, ctx }) => ctx.aiAgent.startExecution(input, ctx.viewer.user.id)),
|
|
18
18
|
step: procedure
|
|
19
19
|
.use(authMiddleware)
|
|
20
20
|
.input(zAskStepInput)
|
|
21
|
-
.mutation(async ({ input, ctx }) => ctx.aiAgent.continueExecution(input, ctx.user.id)),
|
|
21
|
+
.mutation(async ({ input, ctx }) => ctx.aiAgent.continueExecution(input, ctx.viewer.user.id)),
|
|
22
22
|
cancel: procedure
|
|
23
23
|
.use(authMiddleware)
|
|
24
24
|
.input(z.object({ conversation: z.string() }))
|
|
25
|
-
.mutation(({ input, ctx }) => ctx.aiAgent.cancelExecution(input.conversation, ctx.user.id)),
|
|
25
|
+
.mutation(({ input, ctx }) => ctx.aiAgent.cancelExecution(input.conversation, ctx.viewer.user.id)),
|
|
26
26
|
})
|
|
27
27
|
`;
|
|
28
28
|
}
|
|
@@ -63,6 +63,7 @@ exports.generator = {
|
|
|
63
63
|
code: Generator.ts(`AuthenticationModule.forRoot(config.auth)`),
|
|
64
64
|
},
|
|
65
65
|
envConfig: {
|
|
66
|
+
imports: [Generator.ts(`import { parseStringList } from '@authentication/utils'`)],
|
|
66
67
|
decoder: Generator.ts(`
|
|
67
68
|
AUTH: zEnvBoolean.optional().default(true),
|
|
68
69
|
KEYCLOAK_URL: z.string().url().transform((val) => new URL(val)),
|
|
@@ -70,10 +71,17 @@ exports.generator = {
|
|
|
70
71
|
KEYCLOAK_CLIENT_SECRET: z.string(),
|
|
71
72
|
KEYCLOAK_REALM: z.string(),
|
|
72
73
|
KEYCLOAK_REDIRECT_URL: z.string().url().transform((val) => new URL(val)),
|
|
73
|
-
KEYCLOAK_LOGOUT_REDIRECT_URL: z.string().url().transform((val) => new URL(val))
|
|
74
|
+
KEYCLOAK_LOGOUT_REDIRECT_URL: z.string().url().transform((val) => new URL(val)),
|
|
75
|
+
AUTH_MOCK_SUB: z.string().optional(),
|
|
76
|
+
AUTH_MOCK_NAME: z.string().optional(),
|
|
77
|
+
AUTH_MOCK_EMAIL: z.string().optional(),
|
|
78
|
+
AUTH_MOCK_ROLES: z.string().optional(),
|
|
79
|
+
AUTH_MOCK_GROUPS: z.string().optional(),
|
|
80
|
+
AUTH_TEST_OVERRIDES: zEnvBoolean.optional().default(false),`),
|
|
74
81
|
transformer: Generator.ts(`
|
|
75
82
|
auth: val.AUTH ? {
|
|
76
83
|
enableAuthentication: true as const,
|
|
84
|
+
roleClaimPath: ${JSON.stringify(context.schema.auth?.roleClaimPath ?? 'realm_access.roles')},
|
|
77
85
|
url: val.API_URL,
|
|
78
86
|
urlPrefix: val.API_PREFIX,
|
|
79
87
|
|
|
@@ -89,6 +97,14 @@ exports.generator = {
|
|
|
89
97
|
postLogoutRedirectUrl: val.KEYCLOAK_LOGOUT_REDIRECT_URL,
|
|
90
98
|
} : {
|
|
91
99
|
enableAuthentication: false as const,
|
|
100
|
+
mockIdentity: {
|
|
101
|
+
sub: val.AUTH_MOCK_SUB ?? 'test',
|
|
102
|
+
name: val.AUTH_MOCK_NAME ?? 'Test User',
|
|
103
|
+
email: val.AUTH_MOCK_EMAIL ?? 'test@postxl.com',
|
|
104
|
+
roles: parseStringList(val.AUTH_MOCK_ROLES, ['viewer']),
|
|
105
|
+
groups: parseStringList(val.AUTH_MOCK_GROUPS),
|
|
106
|
+
},
|
|
107
|
+
allowTestOverrides: val.AUTH_TEST_OVERRIDES,
|
|
92
108
|
}`),
|
|
93
109
|
dotEnvExample: `
|
|
94
110
|
KEYCLOAK_URL=http://localhost:8080
|
|
@@ -97,6 +113,12 @@ exports.generator = {
|
|
|
97
113
|
KEYCLOAK_REALM=postxl
|
|
98
114
|
KEYCLOAK_REDIRECT_URL=\${API_URL}/auth/callback
|
|
99
115
|
KEYCLOAK_LOGOUT_REDIRECT_URL=\${FRONTEND_URL}
|
|
116
|
+
AUTH_MOCK_SUB=test
|
|
117
|
+
AUTH_MOCK_NAME="Test User"
|
|
118
|
+
AUTH_MOCK_EMAIL=test@postxl.com
|
|
119
|
+
AUTH_MOCK_ROLES=viewer
|
|
120
|
+
AUTH_MOCK_GROUPS=
|
|
121
|
+
AUTH_TEST_OVERRIDES=false
|
|
100
122
|
`,
|
|
101
123
|
},
|
|
102
124
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.generator.js","sourceRoot":"","sources":["../../src/backend-authentication/authentication.generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAmC;AAEnC,6DAA8C;AAE9C,wDAA2E;AAC3E,kDAA+E;AAC/E,kDAAkE;AAClE,kCAAmD;AAGnD,4EAAqE;AACrE,kGAA2F;AAC3F,oGAA6F;AAC7F,gGAAyF;AAiB5E,QAAA,WAAW,GAAG,SAAS,CAAC,sBAAsB,CAAC,wBAAwB,CAAC,CAAA;AAExE,QAAA,SAAS,GAAiC;IACrD,EAAE,EAAE,mBAAW;IACf,QAAQ,EAAE,CAAC,iCAAkB,EAAE,sBAAe,EAAE,qCAAsB,EAAE,2CAAyB,CAAC;IAElG,QAAQ,EAAE,CAAsC,OAAgB,EAAiB,EAAE;QACjF,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC3G,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,YAAY,CAAC,IAAI,CAC3C,EAAE,WAAW,EAAE,iBAAiB,EAAE,OAAO,EAAE,QAAQ,EAAE,EACrD,EAAE,WAAW,EAAE,eAAe,EAAE,OAAO,EAAE,QAAQ,EAAE,EACnD,EAAE,WAAW,EAAE,iBAAiB,EAAE,OAAO,EAAE,QAAQ,EAAE,EACrD,EAAE,WAAW,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO,EAAE,EACjD,EAAE,WAAW,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,CACpD,CAAA;QAED,MAAM,MAAM,GAAiE;YAC3E,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,sBAAsB,CAAC;YACnD,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,uCAAuC,CAAC;YACpF,SAAS,EAAE,SAAS,CAAC,UAAU,CAAC,yBAAyB,CAAC;SAC3D,CAAA;QACD,MAAM,oBAAoB,GAAiB;YACzC,IAAI,EAAE,SAAS,CAAC,mBAAmB,CAAC,gBAAgB,CAAC;YACrD,WAAW,EAAE,MAAM;YACnB,qBAAqB,EAAE;gBACrB,IAAI,EAAE,SAAS,CAAC,EAAE,CAAC,2CAA2C,CAAC;aAChE;YACD,SAAS,EAAE;gBACT,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC
|
|
1
|
+
{"version":3,"file":"authentication.generator.js","sourceRoot":"","sources":["../../src/backend-authentication/authentication.generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAmC;AAEnC,6DAA8C;AAE9C,wDAA2E;AAC3E,kDAA+E;AAC/E,kDAAkE;AAClE,kCAAmD;AAGnD,4EAAqE;AACrE,kGAA2F;AAC3F,oGAA6F;AAC7F,gGAAyF;AAiB5E,QAAA,WAAW,GAAG,SAAS,CAAC,sBAAsB,CAAC,wBAAwB,CAAC,CAAA;AAExE,QAAA,SAAS,GAAiC;IACrD,EAAE,EAAE,mBAAW;IACf,QAAQ,EAAE,CAAC,iCAAkB,EAAE,sBAAe,EAAE,qCAAsB,EAAE,2CAAyB,CAAC;IAElG,QAAQ,EAAE,CAAsC,OAAgB,EAAiB,EAAE;QACjF,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC3G,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,YAAY,CAAC,IAAI,CAC3C,EAAE,WAAW,EAAE,iBAAiB,EAAE,OAAO,EAAE,QAAQ,EAAE,EACrD,EAAE,WAAW,EAAE,eAAe,EAAE,OAAO,EAAE,QAAQ,EAAE,EACnD,EAAE,WAAW,EAAE,iBAAiB,EAAE,OAAO,EAAE,QAAQ,EAAE,EACrD,EAAE,WAAW,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO,EAAE,EACjD,EAAE,WAAW,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,CACpD,CAAA;QAED,MAAM,MAAM,GAAiE;YAC3E,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,sBAAsB,CAAC;YACnD,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,uCAAuC,CAAC;YACpF,SAAS,EAAE,SAAS,CAAC,UAAU,CAAC,yBAAyB,CAAC;SAC3D,CAAA;QACD,MAAM,oBAAoB,GAAiB;YACzC,IAAI,EAAE,SAAS,CAAC,mBAAmB,CAAC,gBAAgB,CAAC;YACrD,WAAW,EAAE,MAAM;YACnB,qBAAqB,EAAE;gBACrB,IAAI,EAAE,SAAS,CAAC,EAAE,CAAC,2CAA2C,CAAC;aAChE;YACD,SAAS,EAAE;gBACT,OAAO,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,yDAAyD,CAAC,CAAC;gBAClF,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;;;;;;;;;;;;;sEAawC,CAAC;gBAE/D,WAAW,EAAE,SAAS,CAAC,EAAE,CAAC;;;6BAGL,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,aAAa,IAAI,oBAAoB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;YAwB3F,CAAC;gBACL,aAAa,EAAE;;;;;;;;;;;;;WAaZ;aACJ;SACF,CAAA;QACD,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;QAElD,MAAM,OAAO,GAAkE;YAC7E,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,uBAAuB,CAAC;YACpD,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,wCAAwC,CAAC;YACrF,SAAS,EAAE,SAAS,CAAC,UAAU,CAAC,6BAA6B,CAAC;SAC/D,CAAA;QACD,MAAM,KAAK,GAAkE;YAC3E,IAAI,EAAE,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC;YACxC,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,4BAA4B,CAAC;YACzE,SAAS,EAAE,SAAS,CAAC,UAAU,CAAC,iBAAiB,CAAC;SACnD,CAAA;QAED,MAAM,qBAAqB,GAA0B;YACnD,MAAM;YACN,OAAO;YACP,KAAK;YACL,KAAK,EAAE;gBACL,QAAQ,EAAE;oBACR,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC;oBACtC,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,sCAAsC,CAAC;iBACpF;gBACD,SAAS,EAAE;oBACT,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,WAAW,CAAC;oBACvC,QAAQ,EAAE,SAAS,CAAC,uBAAuB,CAAC,sCAAsC,CAAC;iBACpF;aACF;SACF,CAAA;QACD,OAAO,EAAE,GAAG,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,CAAA;IAC9D,CAAC;IAED,QAAQ,EAAE,KAAK,EAAiC,OAAgB,EAAoB,EAAE;QACpF,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAA;QAChD,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,IAAA,8DAA4B,EAAC,OAAO,CAAC,CAAC,CAAA;QACzG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,SAAS,EAAE,IAAA,wCAAiB,EAAC,OAAO,CAAC,CAAC,CAAA;QAChF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,IAAA,gEAA6B,EAAC,OAAO,CAAC,CAAC,CAAA;QAC9F,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,IAAA,4DAA2B,EAAC,OAAO,CAAC,CAAC,CAAA;QAEhH,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAA;QAC7C,GAAG,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAA;QAErD,MAAM,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAA,mBAAO,EAAC,SAAS,EAAE,YAAY,CAAC,EAAE,CAAC,CAAA;QAEpE,GAAG,CAAC,KAAK,CAAC,oBAAoB,EAAE,SAAS,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,CAAC,CAAA;QAE7E,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,6BAA6B,EAAE,GAAG,EAAE,CAAC,CAAA;QAE7E,OAAO,OAAO,CAAA;IAChB,CAAC;CACF,CAAA"}
|
|
@@ -39,7 +39,6 @@ function generateAuthGuard(context) {
|
|
|
39
39
|
const imports = Generator.ImportGenerator.from(context.authentication.guard._filePath);
|
|
40
40
|
imports.add(context.view.service);
|
|
41
41
|
imports.add(context.actions.dispatcher);
|
|
42
|
-
imports.add(context.types.user);
|
|
43
42
|
imports.add({ name: context.authentication.service.name, location: context.authentication.service._filePath });
|
|
44
43
|
return /* ts */ `
|
|
45
44
|
import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common'
|
|
@@ -48,9 +47,10 @@ import { FastifyRequest } from 'fastify'
|
|
|
48
47
|
|
|
49
48
|
${imports.generate()}
|
|
50
49
|
|
|
51
|
-
import {
|
|
50
|
+
import type { AuthorizationContext } from '@types'
|
|
51
|
+
import { UserInfo } from './authentication.types'
|
|
52
52
|
|
|
53
|
-
export type Viewer =
|
|
53
|
+
export type Viewer = AuthorizationContext
|
|
54
54
|
|
|
55
55
|
export type FastifyRequestWithViewer = FastifyRequest & { viewer: Viewer }
|
|
56
56
|
@Injectable()
|
|
@@ -68,10 +68,7 @@ export class ${context.authentication.guard.name} implements CanActivate {
|
|
|
68
68
|
let viewer: Viewer | null = null
|
|
69
69
|
|
|
70
70
|
let userInfo: UserInfo | null = null
|
|
71
|
-
let userRoles:
|
|
72
|
-
|
|
73
|
-
// TODO: Add authorization check
|
|
74
|
-
const isAuthorized = true
|
|
71
|
+
let userRoles: Viewer['userRoles'] = []
|
|
75
72
|
|
|
76
73
|
const associatedUserInfo = await this.authService.getUserInfoFromRequest(req)
|
|
77
74
|
|
|
@@ -105,7 +102,7 @@ export class ${context.authentication.guard.name} implements CanActivate {
|
|
|
105
102
|
}
|
|
106
103
|
}
|
|
107
104
|
|
|
108
|
-
viewer = {
|
|
105
|
+
viewer = { userRoles, user }
|
|
109
106
|
}
|
|
110
107
|
|
|
111
108
|
if (!viewer) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-guard.generator.js","sourceRoot":"","sources":["../../../src/backend-authentication/generators/auth-guard.generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA,
|
|
1
|
+
{"version":3,"file":"auth-guard.generator.js","sourceRoot":"","sources":["../../../src/backend-authentication/generators/auth-guard.generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAIA,8CAgFC;AApFD,6DAA8C;AAI9C,SAAgB,iBAAiB,CAAC,OAAsB;IACtD,MAAM,OAAO,GAAG,SAAS,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IAEtF,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACjC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACvC,OAAO,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAA;IAC9G,OAAO,QAAQ,CAAC;;;;;EAKhB,OAAO,CAAC,QAAQ,EAAE;;;;;;;;;eASL,OAAO,CAAC,cAAc,CAAC,KAAK,CAAC,IAAI;;oCAEZ,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI;oCACnC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI;0CACnB,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuDvE,CAAA;AACF,CAAC"}
|
|
@@ -14,9 +14,12 @@ import jwt from 'jsonwebtoken'
|
|
|
14
14
|
import { JwksClient } from 'jwks-rsa'
|
|
15
15
|
import { OidcClient } from 'oidc-client-ts'
|
|
16
16
|
|
|
17
|
+
import { USER_ROLES } from '@types'
|
|
18
|
+
import type { UserRole, UserRoles } from '@types'
|
|
19
|
+
|
|
17
20
|
import type { AuthenticationConfig_EnabledKeycloak } from './authentication.config'
|
|
18
|
-
import { authenticationCookieName, UserInfo,
|
|
19
|
-
import { unknownToErrorMessage } from './utils'
|
|
21
|
+
import { authenticationCookieName, UserInfo, zUserInfo } from './authentication.types'
|
|
22
|
+
import { getByPath, parseStringList, unknownToErrorMessage } from './utils'
|
|
20
23
|
|
|
21
24
|
/**
|
|
22
25
|
* State object for the authentication service.
|
|
@@ -282,14 +285,14 @@ export class ${context.authentication.service.name} implements OnModuleInit {
|
|
|
282
285
|
const decoded = await _jwtVerify(accessToken, getKey, { algorithms: ['RS256'] })
|
|
283
286
|
|
|
284
287
|
if (typeof decoded === 'object' && decoded !== null) {
|
|
285
|
-
const rawUserRoles = decoded.
|
|
288
|
+
const rawUserRoles = getByPath(decoded, this.config.roleClaimPath)
|
|
289
|
+
const normalizedUserRoles = Array.isArray(rawUserRoles) ? rawUserRoles : parseStringList(rawUserRoles)
|
|
286
290
|
|
|
287
|
-
const
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
}
|
|
291
|
+
const filteredRoles = normalizedUserRoles.filter(
|
|
292
|
+
(role): role is UserRole => typeof role === 'string' && USER_ROLES.includes(role as UserRole),
|
|
293
|
+
)
|
|
291
294
|
|
|
292
|
-
return { ok:
|
|
295
|
+
return { ok: true, userRoles: filteredRoles }
|
|
293
296
|
}
|
|
294
297
|
|
|
295
298
|
return { ok: true, userRoles: [] }
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication-service.generator.js","sourceRoot":"","sources":["../../../src/backend-authentication/generators/authentication-service.generator.ts"],"names":[],"mappings":";;AAEA,
|
|
1
|
+
{"version":3,"file":"authentication-service.generator.js","sourceRoot":"","sources":["../../../src/backend-authentication/generators/authentication-service.generator.ts"],"names":[],"mappings":";;AAEA,sEAuYC;AAvYD,SAAgB,6BAA6B,CAAC,OAAsB;IAClE,OAAO,QAAQ,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAgCH,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI;yCACT,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoW1E,CAAA;AACF,CAAC"}
|