@privateaim/server-http-kit 0.8.3 → 0.8.4

package/CHANGELOG.md

@@ -1,5 +1,30 @@
 # Changelog
 
+## [0.8.4](https://github.com/PrivateAIM/hub/compare/v0.8.3...v0.8.4) (2024-10-24)
+
+
+### Features
+
+* bump authup & implement async policy & permission evaluation ([#807](https://github.com/PrivateAIM/hub/issues/807)) ([d065562](https://github.com/PrivateAIM/hub/commit/d065562585076e26553ad5a39f4a5789f7e18f24))
+* bump authup & vuecs packages + refactored navigation ([c4db8d5](https://github.com/PrivateAIM/hub/commit/c4db8d51588b3d701815e2ba2f9b80e594f3663f))
+* handle permission-/policy-error in error middleware ([4b4fae4](https://github.com/PrivateAIM/hub/commit/4b4fae4fd048ddf9509af3d611a201484b0d4eaf))
+
+
+### Bug Fixes
+
+* condition for exposing error via middleware ([e7a5fee](https://github.com/PrivateAIM/hub/commit/e7a5feec09eec7f63c91e13781b4abc19cb787f6))
+* **deps:** bump locter from 2.1.1 to 2.1.2 ([#795](https://github.com/PrivateAIM/hub/issues/795)) ([fdb8cba](https://github.com/PrivateAIM/hub/commit/fdb8cba0c5a991a57ed9a26a324b9f2fed6caf5c))
+* **deps:** bump locter from 2.1.2 to 2.1.4 ([#816](https://github.com/PrivateAIM/hub/issues/816)) ([0af403a](https://github.com/PrivateAIM/hub/commit/0af403a0eef7bca9c4f316e6598607c2897a8065))
+* **deps:** bump typeorm-extension from 3.6.1 to 3.6.2 ([#810](https://github.com/PrivateAIM/hub/issues/810)) ([c9af9ae](https://github.com/PrivateAIM/hub/commit/c9af9aea537c4a51aae13f1059c1565180045a83))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @privateaim/kit bumped from ^0.8.3 to ^0.8.4
+    * @privateaim/server-kit bumped from ^0.8.3 to ^0.8.4
+
 ## [0.8.3](https://github.com/PrivateAIM/hub/compare/v0.8.2...v0.8.3) (2024-09-19)
 
 

package/dist/middlewares/error.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/middlewares/error.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAIrC,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,QA0ClD"}
+{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/middlewares/error.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAKrC,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,QAgElD"}

package/dist/middlewares/error.js

@@ -7,11 +7,35 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.mountErrorMiddleware = mountErrorMiddleware;
-const kit_1 = require("@privateaim/kit");
+const kit_1 = require("@authup/kit");
+const kit_2 = require("@privateaim/kit");
 const routup_1 = require("routup");
 const server_kit_1 = require("@privateaim/server-kit");
+const typeorm_extension_1 = require("typeorm-extension");
 function mountErrorMiddleware(router) {
     router.use((0, routup_1.errorHandler)((error, req, res) => {
+        const isServerError = error.statusCode >= 500 &&
+            error.statusCode < 600;
+        if (isServerError || error.logMessage) {
+            (0, server_kit_1.useLogger)().error(error);
+            if (error.cause) {
+                (0, server_kit_1.useLogger)().error(error.cause);
+            }
+        }
+        if (error.cause instanceof kit_1.PermissionError) {
+            error.expose = true;
+            if (error.cause.policy &&
+                error.cause.policy.type === kit_1.BuiltInPolicyType.IDENTITY) {
+                error.statusCode = 401;
+            }
+            else {
+                error.statusCode = 403;
+            }
+        }
+        if (error.cause instanceof typeorm_extension_1.EntityRelationLookupError) {
+            error.expose = true;
+            error.statusCode = 400;
+        }
         // catch and decorate some db errors :)
         switch (error.code) {
             case 'ER_DUP_ENTRY':
@@ -27,15 +51,10 @@ function mountErrorMiddleware(router) {
                 error.expose = true;
                 break;
         }
-        const isServerError = (typeof error.expose !== 'undefined' && !error.expose) ||
-            (error.statusCode >= 500 && error.statusCode < 600);
-        if (isServerError || error.logMessage) {
-            (0, server_kit_1.useLogger)().error(error);
-            if (error.cause) {
-                (0, server_kit_1.useLogger)().error(error.cause);
-            }
-        }
-        if (isServerError) {
+        const exposeError = typeof error.expose === 'boolean' ?
+            error.expose :
+            !isServerError;
+        if (!exposeError) {
             error.message = 'An internal server error occurred.';
         }
         res.statusCode = error.statusCode;
@@ -43,7 +62,7 @@ function mountErrorMiddleware(router) {
             statusCode: error.statusCode,
             code: `${error.code}`,
             message: error.message,
-            ...((0, kit_1.isObject)(error.data) && !isServerError ? error.data : {}),
+            ...(exposeError && (0, kit_2.isObject)(error.data) ? error.data : {}),
         };
     }));
 }

package/dist/middlewares/error.js.map

@@ -1 +1 @@
-{"version":3,"file":"error.js","sourceRoot":"","sources":["../../src/middlewares/error.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAOH,oDA0CC;AA/CD,yCAA2C;AAE3C,mCAAsC;AACtC,uDAAmD;AAEnD,SAAgB,oBAAoB,CAAC,MAAc;IAC/C,MAAM,CAAC,GAAG,CAAC,IAAA,qBAAY,EAAC,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACxC,uCAAuC;QACvC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,cAAc,CAAC;YACpB,KAAK,0BAA0B,CAAC,CAAC,CAAC;gBAC9B,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;gBACvB,KAAK,CAAC,OAAO,GAAG,qDAAqD,CAAC;gBACtE,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;gBACpB,MAAM;YACV,CAAC;YACD,KAAK,cAAc;gBACf,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;gBACvB,KAAK,CAAC,OAAO,GAAG,kEAAkE,CAAC;gBACnF,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;gBACpB,MAAM;QACd,CAAC;QAED,MAAM,aAAa,GAAG,CAAC,OAAO,KAAK,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;YACxE,CAAC,KAAK,CAAC,UAAU,IAAI,GAAG,IAAI,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC;QAExD,IAAI,aAAa,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACpC,IAAA,sBAAS,GAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAEzB,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;gBACd,IAAA,sBAAS,GAAE,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;QACL,CAAC;QAED,IAAI,aAAa,EAAE,CAAC;YAChB,KAAK,CAAC,OAAO,GAAG,oCAAoC,CAAC;QACzD,CAAC;QAED,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;QAElC,OAAO;YACH,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,IAAI,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE;YACrB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,GAAG,CAAC,IAAA,cAAQ,EAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;SAChE,CAAC;IACN,CAAC,CAAC,CAAC,CAAC;AACR,CAAC"}
+{"version":3,"file":"error.js","sourceRoot":"","sources":["../../src/middlewares/error.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AASH,oDAgEC;AAvED,qCAAiE;AACjE,yCAA2C;AAE3C,mCAAsC;AACtC,uDAAmD;AACnD,yDAA8D;AAE9D,SAAgB,oBAAoB,CAAC,MAAc;IAC/C,MAAM,CAAC,GAAG,CAAC,IAAA,qBAAY,EAAC,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACxC,MAAM,aAAa,GAAG,KAAK,CAAC,UAAU,IAAI,GAAG;YACzC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;QAE3B,IAAI,aAAa,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACpC,IAAA,sBAAS,GAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAEzB,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;gBACd,IAAA,sBAAS,GAAE,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,YAAY,qBAAe,EAAE,CAAC;YACzC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;YAEpB,IACI,KAAK,CAAC,KAAK,CAAC,MAAM;gBAClB,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,uBAAiB,CAAC,QAAQ,EACxD,CAAC;gBACC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACJ,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;YAC3B,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,YAAY,6CAAyB,EAAE,CAAC;YACnD,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;YACpB,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;QAC3B,CAAC;QAED,uCAAuC;QACvC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,cAAc,CAAC;YACpB,KAAK,0BAA0B,CAAC,CAAC,CAAC;gBAC9B,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;gBACvB,KAAK,CAAC,OAAO,GAAG,qDAAqD,CAAC;gBACtE,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;gBACpB,MAAM;YACV,CAAC;YACD,KAAK,cAAc;gBACf,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC;gBACvB,KAAK,CAAC,OAAO,GAAG,kEAAkE,CAAC;gBACnF,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC;gBACpB,MAAM;QACd,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;YACnD,KAAK,CAAC,MAAM,CAAC,CAAC;YACd,CAAC,aAAa,CAAC;QAEnB,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,KAAK,CAAC,OAAO,GAAG,oCAAoC,CAAC;QACzD,CAAC;QAED,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;QAElC,OAAO;YACH,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,IAAI,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE;YACrB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,GAAG,CAAC,WAAW,IAAI,IAAA,cAAQ,EAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;SAC7D,CAAC;IACN,CAAC,CAAC,CAAC,CAAC;AACR,CAAC"}

package/dist/middlewares/force-logged-in.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"force-logged-in.d.ts","sourceRoot":"","sources":["../../src/middlewares/force-logged-in.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,KAAK,EACR,IAAI,EAAE,OAAO,EAAE,QAAQ,EAC1B,MAAM,QAAQ,CAAC;AAGhB,qBAAa,uBAAwB,YAAW,gBAAgB;IACrD,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI;CAU9D"}
+{"version":3,"file":"force-logged-in.d.ts","sourceRoot":"","sources":["../../src/middlewares/force-logged-in.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,KAAK,EACR,IAAI,EAAE,OAAO,EAAE,QAAQ,EAC1B,MAAM,QAAQ,CAAC;AAGhB,qBAAa,uBAAwB,YAAW,gBAAgB;IACrD,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI;CAK9D"}

package/dist/middlewares/force-logged-in.js

@@ -7,14 +7,10 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ForceLoggedInMiddleware = void 0;
-const http_1 = require("@ebec/http");
 const request_1 = require("../request");
 class ForceLoggedInMiddleware {
     run(request, response, next) {
-        if (typeof (0, request_1.useRequestEnv)(request, 'userId') === 'undefined' &&
-            typeof (0, request_1.useRequestEnv)(request, 'robotId') === 'undefined') {
-            throw new http_1.UnauthorizedError();
-        }
+        (0, request_1.useRequestIdentityOrFail)(request);
         next();
     }
 }

package/dist/middlewares/force-logged-in.js.map

@@ -1 +1 @@
-{"version":3,"file":"force-logged-in.js","sourceRoot":"","sources":["../../src/middlewares/force-logged-in.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,qCAA+C;AAK/C,wCAA2C;AAE3C,MAAa,uBAAuB;IACzB,GAAG,CAAC,OAAgB,EAAE,QAAkB,EAAE,IAAU;QACvD,IACI,OAAO,IAAA,uBAAa,EAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,WAAW;YACvD,OAAO,IAAA,uBAAa,EAAC,OAAO,EAAE,SAAS,CAAC,KAAK,WAAW,EAC1D,CAAC;YACC,MAAM,IAAI,wBAAiB,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,EAAE,CAAC;IACX,CAAC;CACJ;AAXD,0DAWC"}
+{"version":3,"file":"force-logged-in.js","sourceRoot":"","sources":["../../src/middlewares/force-logged-in.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAMH,wCAAsD;AAEtD,MAAa,uBAAuB;IACzB,GAAG,CAAC,OAAgB,EAAE,QAAkB,EAAE,IAAU;QACvD,IAAA,kCAAwB,EAAC,OAAO,CAAC,CAAC;QAElC,IAAI,EAAE,CAAC;IACX,CAAC;CACJ;AAND,0DAMC"}

package/dist/middlewares/rate-limit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/middlewares/rate-limit.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAW,MAAM,EAAE,MAAM,QAAQ,CAAC;AAG9C,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,MAAM,QAiCxD"}
+{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/middlewares/rate-limit.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAW,MAAM,EAAE,MAAM,QAAQ,CAAC;AAG9C,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,MAAM,QA4BxD"}

package/dist/middlewares/rate-limit.js

@@ -13,22 +13,18 @@ const request_1 = require("../request");
 function mountRateLimiterMiddleware(router) {
     const options = {
         skip(req) {
-            const robot = (0, request_1.useRequestEnv)(req, 'robotId');
-            if (robot) {
-                const { name } = (0, request_1.useRequestEnv)(req, 'realm');
-                if (name === core_kit_1.REALM_MASTER_NAME &&
-                    (0, request_1.useRequestEnv)(req, 'robotName') === 'system') {
-                    return true;
-                }
-            }
-            return false;
+            const identity = (0, request_1.useRequestIdentity)(req);
+            return identity &&
+                identity.type === 'robot' &&
+                identity.realmName === core_kit_1.REALM_MASTER_NAME;
         },
         max(req) {
-            if ((0, request_1.useRequestEnv)(req, 'userId')) {
+            const identity = (0, request_1.useRequestIdentity)(req);
+            if (identity && identity.type === 'user') {
                 return 60 * 100; // 100 req p. sec
             }
-            const robot = (0, request_1.useRequestEnv)(req, 'robotId');
-            if (robot) {
+            if (identity &&
+                (identity.type === 'robot' || identity.type === 'client')) {
                 return 60 * 1000; // 1000 req p. sec
             }
             return 60 * 20; // 20 req p. sec

package/dist/middlewares/rate-limit.js.map

@@ -1 +1 @@
-{"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../src/middlewares/rate-limit.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAQH,gEAiCC;AAvCD,+CAAqD;AAErD,mDAA+C;AAE/C,wCAA2C;AAE3C,SAAgB,0BAA0B,CAAC,MAAc;IACrD,MAAM,OAAO,GAAkB;QAC3B,IAAI,CAAC,GAAY;YACb,MAAM,KAAK,GAAG,IAAA,uBAAa,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAC5C,IAAI,KAAK,EAAE,CAAC;gBACR,MAAM,EAAE,IAAI,EAAE,GAAG,IAAA,uBAAa,EAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBAE7C,IACI,IAAI,KAAK,4BAAiB;oBAC1B,IAAA,uBAAa,EAAC,GAAG,EAAE,WAAW,CAAC,KAAK,QAAQ,EAC9C,CAAC;oBACC,OAAO,IAAI,CAAC;gBAChB,CAAC;YACL,CAAC;YAED,OAAO,KAAK,CAAC;QACjB,CAAC;QACD,GAAG,CAAC,GAAY;YACZ,IAAI,IAAA,uBAAa,EAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC;gBAC/B,OAAO,EAAE,GAAG,GAAG,CAAC,CAAC,iBAAiB;YACtC,CAAC;YAED,MAAM,KAAK,GAAG,IAAA,uBAAa,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAC5C,IAAI,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,kBAAkB;YACxC,CAAC;YAED,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,gBAAgB;QACpC,CAAC;QACD,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,SAAS;KACjC,CAAC;IAEF,MAAM,CAAC,GAAG,CAAC,IAAA,sBAAS,EAAC,OAAO,CAAC,CAAC,CAAC;AACnC,CAAC"}
+{"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../src/middlewares/rate-limit.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAQH,gEA4BC;AAlCD,+CAAqD;AAErD,mDAA+C;AAE/C,wCAAgD;AAEhD,SAAgB,0BAA0B,CAAC,MAAc;IACrD,MAAM,OAAO,GAAkB;QAC3B,IAAI,CAAC,GAAY;YACb,MAAM,QAAQ,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAEzC,OAAO,QAAQ;gBACX,QAAQ,CAAC,IAAI,KAAK,OAAO;gBACzB,QAAQ,CAAC,SAAS,KAAK,4BAAiB,CAAC;QACjD,CAAC;QACD,GAAG,CAAC,GAAY;YACZ,MAAM,QAAQ,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YACzC,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACvC,OAAO,EAAE,GAAG,GAAG,CAAC,CAAC,iBAAiB;YACtC,CAAC;YAED,IACI,QAAQ;gBACR,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC,EAC3D,CAAC;gBACC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,kBAAkB;YACxC,CAAC;YAED,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,gBAAgB;QACpC,CAAC;QACD,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,SAAS;KACjC,CAAC;IAEF,MAAM,CAAC,GAAG,CAAC,IAAA,sBAAS,EAAC,OAAO,CAAC,CAAC,CAAC;AACnC,CAAC"}

package/dist/request/identity-realm.d.ts

@@ -0,0 +1,8 @@
+import type { Request } from 'routup';
+type RequestRealm = {
+    id: string;
+    name: string;
+};
+export declare function useRequestIdentityRealm(req: Request): RequestRealm;
+export {};
+//# sourceMappingURL=identity-realm.d.ts.map

package/dist/request/identity-realm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-realm.d.ts","sourceRoot":"","sources":["../../src/request/identity-realm.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAGtC,KAAK,YAAY,GAAG;IAChB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAA;CACf,CAAC;AAEF,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,OAAO,GAAI,YAAY,CAUnE"}

package/dist/request/identity-realm.js

@@ -0,0 +1,21 @@
+"use strict";
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useRequestIdentityRealm = useRequestIdentityRealm;
+const identity_1 = require("./identity");
+function useRequestIdentityRealm(req) {
+    const identity = (0, identity_1.useRequestIdentity)(req);
+    if (!identity) {
+        return undefined;
+    }
+    return {
+        id: identity.realmId,
+        name: identity.realmName,
+    };
+}
+//# sourceMappingURL=identity-realm.js.map

package/dist/request/identity-realm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-realm.js","sourceRoot":"","sources":["../../src/request/identity-realm.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAUH,0DAUC;AAjBD,yCAAgD;AAOhD,SAAgB,uBAAuB,CAAC,GAAY;IAChD,MAAM,QAAQ,GAAG,IAAA,6BAAkB,EAAC,GAAG,CAAC,CAAC;IACzC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,OAAO;QACH,EAAE,EAAE,QAAQ,CAAC,OAAO;QACpB,IAAI,EAAE,QAAQ,CAAC,SAAS;KAC3B,CAAC;AACN,CAAC"}

package/dist/request/identity.d.ts

@@ -0,0 +1,7 @@
+import type { Request } from 'routup';
+import type { RequestIdentity } from './types';
+export declare function useRequestIdentity(req: Request): RequestIdentity | undefined;
+export declare function setRequestIdentity(req: Request, identity: RequestIdentity): void;
+export declare function useRequestIdentityOrFail(req: Request): RequestIdentity;
+export declare function isRequestIdentityMasterRealmMember(input: RequestIdentity): boolean;
+//# sourceMappingURL=identity.d.ts.map

package/dist/request/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/request/identity.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAG/C,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAI,eAAe,GAAG,SAAS,CAE7E;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,eAAe,GAAI,IAAI,CAEjF;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,OAAO,GAAI,eAAe,CAOvE;AAED,wBAAgB,kCAAkC,CAAC,KAAK,EAAE,eAAe,GAAI,OAAO,CAEnF"}

package/dist/request/identity.js

@@ -0,0 +1,32 @@
+"use strict";
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useRequestIdentity = useRequestIdentity;
+exports.setRequestIdentity = setRequestIdentity;
+exports.useRequestIdentityOrFail = useRequestIdentityOrFail;
+exports.isRequestIdentityMasterRealmMember = isRequestIdentityMasterRealmMember;
+const core_kit_1 = require("@authup/core-kit");
+const http_1 = require("@ebec/http");
+const env_1 = require("./env");
+function useRequestIdentity(req) {
+    return (0, env_1.useRequestEnv)(req, 'identity');
+}
+function setRequestIdentity(req, identity) {
+    (0, env_1.setRequestEnv)(req, 'identity', identity);
+}
+function useRequestIdentityOrFail(req) {
+    const identity = useRequestIdentity(req);
+    if (!identity) {
+        throw new http_1.UnauthorizedError();
+    }
+    return identity;
+}
+function isRequestIdentityMasterRealmMember(input) {
+    return input.realmName === core_kit_1.REALM_MASTER_NAME;
+}
+//# sourceMappingURL=identity.js.map

package/dist/request/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/request/identity.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAQH,gDAEC;AAED,gDAEC;AAED,4DAOC;AAED,gFAEC;AAzBD,+CAAqD;AACrD,qCAA+C;AAG/C,+BAAqD;AAErD,SAAgB,kBAAkB,CAAC,GAAY;IAC3C,OAAO,IAAA,mBAAa,EAAC,GAAG,EAAE,UAAU,CAAC,CAAC;AAC1C,CAAC;AAED,SAAgB,kBAAkB,CAAC,GAAY,EAAE,QAAyB;IACtE,IAAA,mBAAa,EAAC,GAAG,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAED,SAAgB,wBAAwB,CAAC,GAAY;IACjD,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,MAAM,IAAI,wBAAiB,EAAE,CAAC;IAClC,CAAC;IAED,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED,SAAgB,kCAAkC,CAAC,KAAsB;IACrE,OAAO,KAAK,CAAC,SAAS,KAAK,4BAAiB,CAAC;AACjD,CAAC"}

package/dist/request/index.d.ts

@@ -1,3 +1,6 @@
+export * from './permission';
 export * from './env';
+export * from './identity';
+export * from './identity-realm';
 export * from './types';
 //# sourceMappingURL=index.d.ts.map

package/dist/request/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/request/index.ts"],"names":[],"mappings":"AAOA,cAAc,OAAO,CAAC;AACtB,cAAc,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/request/index.ts"],"names":[],"mappings":"AAOA,cAAc,cAAc,CAAC;AAC7B,cAAc,OAAO,CAAC;AACtB,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC;AACjC,cAAc,SAAS,CAAC"}

package/dist/request/index.js

@@ -20,6 +20,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./permission"), exports);
 __exportStar(require("./env"), exports);
+__exportStar(require("./identity"), exports);
+__exportStar(require("./identity-realm"), exports);
 __exportStar(require("./types"), exports);
 //# sourceMappingURL=index.js.map

package/dist/request/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/request/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;AAEH,wCAAsB;AACtB,0CAAwB"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/request/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;AAEH,+CAA6B;AAC7B,wCAAsB;AACtB,6CAA2B;AAC3B,mDAAiC;AACjC,0CAAwB"}

package/dist/request/permission/helper.d.ts

@@ -0,0 +1,5 @@
+import type { Request } from 'routup';
+import type { RequestPermissionChecker } from './module';
+export declare function setRequestPermissionChecker(req: Request, checker: RequestPermissionChecker): void;
+export declare function useRequestPermissionChecker(req: Request): RequestPermissionChecker;
+//# sourceMappingURL=helper.d.ts.map

package/dist/request/permission/helper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helper.d.ts","sourceRoot":"","sources":["../../../src/request/permission/helper.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAGtC,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAC;AAEzD,wBAAgB,2BAA2B,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,wBAAwB,QAE1F;AAED,wBAAgB,2BAA2B,CAAC,GAAG,EAAE,OAAO,GAAI,wBAAwB,CAOnF"}

package/dist/request/permission/helper.js

@@ -0,0 +1,23 @@
+"use strict";
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setRequestPermissionChecker = setRequestPermissionChecker;
+exports.useRequestPermissionChecker = useRequestPermissionChecker;
+const http_1 = require("@ebec/http");
+const env_1 = require("../env");
+function setRequestPermissionChecker(req, checker) {
+    (0, env_1.setRequestEnv)(req, 'permissionChecker', checker);
+}
+function useRequestPermissionChecker(req) {
+    const checker = (0, env_1.useRequestEnv)(req, 'permissionChecker');
+    if (!checker) {
+        throw new http_1.BadRequestError('The request permission checker is not initialized.');
+    }
+    return checker;
+}
+//# sourceMappingURL=helper.js.map

package/dist/request/permission/helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helper.js","sourceRoot":"","sources":["../../../src/request/permission/helper.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAOH,kEAEC;AAED,kEAOC;AAfD,qCAA6C;AAC7C,gCAAsD;AAGtD,SAAgB,2BAA2B,CAAC,GAAY,EAAE,OAAiC;IACvF,IAAA,mBAAa,EAAC,GAAG,EAAE,mBAAmB,EAAE,OAAO,CAAC,CAAC;AACrD,CAAC;AAED,SAAgB,2BAA2B,CAAC,GAAY;IACpD,MAAM,OAAO,GAAG,IAAA,mBAAa,EAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,MAAM,IAAI,sBAAe,CAAC,oDAAoD,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,OAAO,CAAC;AACnB,CAAC"}

package/dist/request/permission/index.d.ts

@@ -0,0 +1,3 @@
+export * from './helper';
+export * from './module';
+//# sourceMappingURL=index.d.ts.map

package/dist/request/permission/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/request/permission/index.ts"],"names":[],"mappings":"AAOA,cAAc,UAAU,CAAC;AACzB,cAAc,UAAU,CAAC"}

package/dist/request/permission/index.js

@@ -0,0 +1,25 @@
+"use strict";
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./helper"), exports);
+__exportStar(require("./module"), exports);
+//# sourceMappingURL=index.js.map

package/dist/request/permission/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/request/permission/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;AAEH,2CAAyB;AACzB,2CAAyB"}

package/dist/request/permission/module.d.ts

@@ -0,0 +1,13 @@
+import type { PermissionChecker, PermissionCheckerCheckContext } from '@authup/kit';
+import type { Request } from 'routup';
+export declare class RequestPermissionChecker {
+    protected req: Request;
+    protected checker: PermissionChecker;
+    constructor(req: Request, checker: PermissionChecker);
+    check(ctx: PermissionCheckerCheckContext): Promise<void>;
+    preCheck(ctx: PermissionCheckerCheckContext): Promise<void>;
+    preCheckOneOf(ctx: PermissionCheckerCheckContext): Promise<void>;
+    checkOneOf(ctx: PermissionCheckerCheckContext): Promise<void>;
+    protected extendCheckContext(ctx: PermissionCheckerCheckContext): PermissionCheckerCheckContext;
+}
+//# sourceMappingURL=module.d.ts.map

package/dist/request/permission/module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"module.d.ts","sourceRoot":"","sources":["../../../src/request/permission/module.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EACR,iBAAiB,EACjB,6BAA6B,EAChC,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAItC,qBAAa,wBAAwB;IACjC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC;IAEvB,SAAS,CAAC,OAAO,EAAE,iBAAiB,CAAC;gBAEzB,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB;IAO9C,KAAK,CAAC,GAAG,EAAE,6BAA6B,GAAI,OAAO,CAAC,IAAI,CAAC;IAIzD,QAAQ,CAAC,GAAG,EAAE,6BAA6B,GAAI,OAAO,CAAC,IAAI,CAAC;IAM5D,aAAa,CAAC,GAAG,EAAE,6BAA6B,GAAI,OAAO,CAAC,IAAI,CAAC;IAIjE,UAAU,CAAC,GAAG,EAAE,6BAA6B,GAAI,OAAO,CAAC,IAAI,CAAC;IAMpE,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE,6BAA6B;CAWlE"}

package/dist/request/permission/module.js

@@ -0,0 +1,47 @@
+"use strict";
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequestPermissionChecker = void 0;
+const core_kit_1 = require("@authup/core-kit");
+const env_1 = require("../env");
+const identity_1 = require("../identity");
+class RequestPermissionChecker {
+    req;
+    checker;
+    constructor(req, checker) {
+        this.req = req;
+        this.checker = checker;
+    }
+    // --------------------------------------------------------------
+    async check(ctx) {
+        return this.checker.check(this.extendCheckContext(ctx));
+    }
+    async preCheck(ctx) {
+        return this.checker.preCheck(this.extendCheckContext(ctx));
+    }
+    // --------------------------------------------------------------
+    async preCheckOneOf(ctx) {
+        return this.checker.preCheckOneOf(this.extendCheckContext(ctx));
+    }
+    async checkOneOf(ctx) {
+        return this.checker.checkOneOf(this.extendCheckContext(ctx));
+    }
+    // --------------------------------------------------------------
+    extendCheckContext(ctx) {
+        const scopes = (0, env_1.useRequestEnv)(this.req, 'scopes') || [];
+        if (scopes.indexOf(core_kit_1.ScopeName.GLOBAL) !== -1) {
+            ctx.data = {
+                ...ctx.data || {},
+                identity: (0, identity_1.useRequestIdentity)(this.req),
+            };
+        }
+        return ctx;
+    }
+}
+exports.RequestPermissionChecker = RequestPermissionChecker;
+//# sourceMappingURL=module.js.map

package/dist/request/permission/module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"module.js","sourceRoot":"","sources":["../../../src/request/permission/module.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEH,+CAA6C;AAM7C,gCAAuC;AACvC,0CAAiD;AAEjD,MAAa,wBAAwB;IACvB,GAAG,CAAU;IAEb,OAAO,CAAoB;IAErC,YAAY,GAAY,EAAE,OAA0B;QAChD,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAED,iEAAiE;IAEjE,KAAK,CAAC,KAAK,CAAC,GAAkC;QAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAkC;QAC7C,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,iEAAiE;IAEjE,KAAK,CAAC,aAAa,CAAC,GAAkC;QAClD,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAkC;QAC/C,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;IACjE,CAAC;IAED,iEAAiE;IAEvD,kBAAkB,CAAC,GAAkC;QAC3D,MAAM,MAAM,GAAG,IAAA,mBAAa,EAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACvD,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1C,GAAG,CAAC,IAAI,GAAG;gBACP,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE;gBACjB,QAAQ,EAAE,IAAA,6BAAkB,EAAC,IAAI,CAAC,GAAG,CAAC;aACzC,CAAC;QACN,CAAC;QAED,OAAO,GAAG,CAAC;IACf,CAAC;CACJ;AA3CD,4DA2CC"}

package/dist/request/types.d.ts

@@ -1,15 +1,14 @@
-import type { Abilities } from '@authup/kit';
+import type { RequestPermissionChecker } from './permission';
+export type RequestIdentity = {
+    id: string;
+    type: 'user' | 'client' | 'robot';
+    realmId: string;
+    realmName: string;
+    attributes?: Record<string, any>;
+};
 export type RequestEnv = {
-    abilities?: Abilities;
-    realmId?: string;
-    realmName?: string;
-    realm?: {
-        id?: string;
-        name?: string;
-    };
-    userId?: string;
-    userName?: string;
-    robotId?: string;
-    robotName?: string;
+    permissionChecker?: RequestPermissionChecker;
+    identity?: RequestIdentity;
+    scopes?: string[];
 };
 //# sourceMappingURL=types.d.ts.map

package/dist/request/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/request/types.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,MAAM,UAAU,GAAG;IACrB,SAAS,CAAC,EAAE,SAAS,CAAC;IAEtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAEvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAA;CACrB,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/request/types.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAE7D,MAAM,MAAM,eAAe,GAAG;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACrB,iBAAiB,CAAC,EAAE,wBAAwB,CAAC;IAE7C,QAAQ,CAAC,EAAE,eAAe,CAAC;IAE3B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB,CAAC"}

package/dist/services/authup/middleware.js

@@ -7,7 +7,7 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.mountAuthupMiddleware = mountAuthupMiddleware;
-const server_core_plugin_http_1 = require("@authup/server-core-plugin-http");
+const server_adapter_http_1 = require("@authup/server-adapter-http");
 const cookie_1 = require("@routup/basic/cookie");
 const hapic_1 = require("hapic");
 const routup_1 = require("routup");
@@ -72,7 +72,7 @@ function mountAuthupMiddleware(router, options) {
             client: options.redisClient,
         };
     }
-    const middleware = (0, server_core_plugin_http_1.createMiddleware)({
+    const middleware = (0, server_adapter_http_1.createMiddleware)({
         tokenByCookie: (req, cookieName) => (0, cookie_1.useRequestCookie)(req, cookieName),
         tokenVerifier: {
             baseURL: options.client.getBaseURL(),

package/dist/services/authup/middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/services/authup/middleware.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAYH,sDA4FC;AApGD,6EAAmE;AACnE,iDAAwD;AACxD,iCAAiD;AAEjD,mCAAuD;AAEvD,mCAAsF;AAEtF,SAAgB,qBAAqB,CACjC,MAAc,EACd,OAA4C;IAE5C,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,IAAI,GAAG,IAAA,uCAA+B,GAAE,CAAC;QAE/C,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACtC,IAAA,kCAA0B,EAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;YAC7D,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,CAAC,CAAC;QAEJ,OAAO;IACX,CAAC;IAED,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC5C,MAAM,SAAS,GAAG,IAAA,yBAAgB,EAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QACzD,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAChC,IAAI,EAAE,CAAC;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,wBAAwB,SAAS,EAAE,CAAC;QAErD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrD,IAAI,IAAI,EAAE,CAAC;gBACP,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,UAAU,IAAI,EAAE,CAAC;gBAC7C,IAAI,EAAE,CAAC;gBACP,OAAO;YACX,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,gCAAwB,EAAC,SAAS,CAAC,CAAC;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC;gBAC7D,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC5B,CAAC,CAAC;YAEH,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,CAAC,YAAY,EAAE,CAAC;YAC3D,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACtB,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;YACpF,CAAC;QACL,CAAC;QAED,IAAI,EAAE,CAAC;IACX,CAAC,CAAC,CAAC,CAAC;IAEJ,IAAI,YAAkC,CAAC;IACvC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACtB,YAAY,GAAG;YACX,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,OAAO,CAAC,WAAW;YAC1B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;SACvC,CAAC;IACN,CAAC;SAAM,CAAC;QACJ,YAAY,GAAG;YACX,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;SACvC,CAAC;IACN,CAAC;IAED,IAAI,UAAuD,CAAC;IAC5D,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACtB,UAAU,GAAG;YACT,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,OAAO,CAAC,WAAW;SAC9B,CAAC;IACN,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,0CAAgB,EAAC;QAChC,aAAa,EAAE,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE,CAAC,IAAA,yBAAgB,EAAC,GAAG,EAAE,UAAU,CAAC;QACrE,aAAa,EAAE;YACX,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;YACpC,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,UAAU;SACpB;QACD,oBAAoB,EAAE,CAClB,GAAG,EACH,IAAI,EACN,EAAE,CAAC,IAAA,kCAA0B,EAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC;KACpE,CAAC,CAAC;IAEH,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,CACnB,GAAG,EACH,GAAG,EACH,IAAI,EACN,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC"}
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/services/authup/middleware.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAYH,sDA4FC;AApGD,qEAA+D;AAC/D,iDAAwD;AACxD,iCAAiD;AAEjD,mCAAuD;AAEvD,mCAAsF;AAEtF,SAAgB,qBAAqB,CACjC,MAAc,EACd,OAA4C;IAE5C,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,IAAI,GAAG,IAAA,uCAA+B,GAAE,CAAC;QAE/C,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACtC,IAAA,kCAA0B,EAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;YAC7D,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,CAAC,CAAC;QAEJ,OAAO;IACX,CAAC;IAED,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC5C,MAAM,SAAS,GAAG,IAAA,yBAAgB,EAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QACzD,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAChC,IAAI,EAAE,CAAC;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,wBAAwB,SAAS,EAAE,CAAC;QAErD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrD,IAAI,IAAI,EAAE,CAAC;gBACP,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,UAAU,IAAI,EAAE,CAAC;gBAC7C,IAAI,EAAE,CAAC;gBACP,OAAO;YACX,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,gCAAwB,EAAC,SAAS,CAAC,CAAC;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC;gBAC7D,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC5B,CAAC,CAAC;YAEH,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,CAAC,YAAY,EAAE,CAAC;YAC3D,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACtB,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;YACpF,CAAC;QACL,CAAC;QAED,IAAI,EAAE,CAAC;IACX,CAAC,CAAC,CAAC,CAAC;IAEJ,IAAI,YAAkC,CAAC;IACvC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACtB,YAAY,GAAG;YACX,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,OAAO,CAAC,WAAW;YAC1B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;SACvC,CAAC;IACN,CAAC;SAAM,CAAC;QACJ,YAAY,GAAG;YACX,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;SACvC,CAAC;IACN,CAAC;IAED,IAAI,UAAuD,CAAC;IAC5D,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACtB,UAAU,GAAG;YACT,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,OAAO,CAAC,WAAW;SAC9B,CAAC;IACN,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,sCAAgB,EAAC;QAChC,aAAa,EAAE,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE,CAAC,IAAA,yBAAgB,EAAC,GAAG,EAAE,UAAU,CAAC;QACrE,aAAa,EAAE;YACX,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;YACpC,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,UAAU;SACpB;QACD,oBAAoB,EAAE,CAClB,GAAG,EACH,IAAI,EACN,EAAE,CAAC,IAAA,kCAA0B,EAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC;KACpE,CAAC,CAAC;IAEH,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,CACnB,GAAG,EACH,GAAG,EACH,IAAI,EACN,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC"}

package/dist/services/authup/utils.d.ts

@@ -1,6 +1,6 @@
-import type { TokenVerificationData } from '@authup/server-core-plugin-kit';
+import type { TokenVerificationData } from '@authup/server-adapter-kit';
 import type { Request } from 'routup';
-type TokenVerificationDataMinimal = Pick<TokenVerificationData, 'permissions' | 'realm_id' | 'realm_name' | 'sub' | 'sub_kind' | 'sub_name'>;
+type TokenVerificationDataMinimal = Pick<TokenVerificationData, 'permissions' | 'realm_id' | 'realm_name' | 'sub' | 'sub_kind' | 'sub_name' | 'scope'>;
 export declare function createFakeTokenVerificationData(): TokenVerificationDataMinimal;
 export declare function applyTokenVerificationData(req: Request, data: TokenVerificationDataMinimal, fakeAbilities?: boolean): void;
 export {};

package/dist/services/authup/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/services/authup/utils.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAE5E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAGtC,KAAK,4BAA4B,GAAG,IAAI,CACxC,qBAAqB,EACrB,aAAa,GACb,UAAU,GACV,YAAY,GACZ,KAAK,GACL,UAAU,GACV,UAAU,CACT,CAAC;AAWF,wBAAgB,+BAA+B,IAAI,4BAA4B,CAW9E;AAED,wBAAgB,0BAA0B,CACtC,GAAG,EAAE,OAAO,EACZ,IAAI,EAAE,4BAA4B,EAClC,aAAa,CAAC,EAAE,OAAO,QA+B1B"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/services/authup/utils.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAExE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAGtC,KAAK,4BAA4B,GAAG,IAAI,CACxC,qBAAqB,EACrB,aAAa,GACb,UAAU,GACV,YAAY,GACZ,KAAK,GACL,UAAU,GACV,UAAU,GACV,OAAO,CACN,CAAC;AAWF,wBAAgB,+BAA+B,IAAI,4BAA4B,CAW9E;AAED,wBAAgB,0BAA0B,CACtC,GAAG,EAAE,OAAO,EACZ,IAAI,EAAE,4BAA4B,EAClC,aAAa,CAAC,EAAE,OAAO,QA2B1B"}

package/dist/services/authup/utils.js

@@ -38,25 +38,21 @@ function applyTokenVerificationData(req, data, fakeAbilities) {
     else {
         abilities = data.permissions;
     }
-    const ability = new kit_1.Abilities(abilities);
-    (0, request_1.setRequestEnv)(req, 'abilities', ability);
-    (0, request_1.setRequestEnv)(req, 'realmId', data.realm_id);
-    (0, request_1.setRequestEnv)(req, 'realmName', data.realm_name);
-    (0, request_1.setRequestEnv)(req, 'realm', {
-        id: data.realm_id,
-        name: data.realm_name,
+    const permissionChecker = new kit_1.PermissionChecker({
+        provider: new kit_1.PermissionMemoryProvider(abilities),
     });
-    switch (data.sub_kind) {
-        case 'user': {
-            (0, request_1.setRequestEnv)(req, 'userId', data.sub);
-            (0, request_1.setRequestEnv)(req, 'userName', data.sub_name);
-            break;
-        }
-        case 'robot': {
-            (0, request_1.setRequestEnv)(req, 'robotId', data.sub);
-            (0, request_1.setRequestEnv)(req, 'robotName', data.sub_name);
-            break;
-        }
-    }
+    const requestPermissionChecker = new request_1.RequestPermissionChecker(req, permissionChecker);
+    (0, request_1.setRequestEnv)(req, 'permissionChecker', requestPermissionChecker);
+    (0, request_1.setRequestEnv)(req, 'identity', {
+        id: data.sub,
+        type: data.sub_kind,
+        realmId: data.realm_id,
+        realmName: data.realm_name,
+        attributes: {
+            id: data.sub,
+            name: data.sub_name,
+        },
+    });
+    (0, request_1.setRequestEnv)(req, 'scopes', (0, core_kit_1.transformOAuth2ScopeToArray)(data.scope));
 }
 //# sourceMappingURL=utils.js.map

package/dist/services/authup/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/services/authup/utils.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AA6BH,0EAWC;AAED,gEAkCC;AAzED,qCAAwC;AACxC,+CAA6F;AAE7F,yCAAiD;AAEjD,2CAA8C;AAY9C,SAAS,iBAAiB;IACtB,OAAO,MAAM,CAAC,MAAM,CAAC;QACjB,GAAG,oBAAc;QACjB,GAAG,yBAAoB;KAC1B,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,IAAI;KACY,CAAA,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,+BAA+B;IAC3C,OAAO;QACH,QAAQ,EAAE,sCAAsC;QAChD,UAAU,EAAE,4BAAiB;QAE7B,QAAQ,EAAE,MAAM;QAChB,GAAG,EAAE,sCAAsC;QAC3C,QAAQ,EAAE,OAAO;QAEjB,WAAW,EAAE,iBAAiB,EAAE;KACnC,CAAC;AACN,CAAC;AAED,SAAgB,0BAA0B,CACtC,GAAY,EACZ,IAAkC,EAClC,aAAuB;IAEvB,IAAI,SAAoB,CAAC;IACzB,IAAI,aAAa,EAAE,CAAC;QAChB,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACpC,CAAC;SAAM,CAAC;QACJ,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,eAAS,CAAC,SAAS,CAAC,CAAC;IACzC,IAAA,uBAAa,EAAC,GAAG,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAEzC,IAAA,uBAAa,EAAC,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC7C,IAAA,uBAAa,EAAC,GAAG,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,IAAA,uBAAa,EAAC,GAAG,EAAE,OAAO,EAAE;QACxB,EAAE,EAAE,IAAI,CAAC,QAAQ;QACjB,IAAI,EAAE,IAAI,CAAC,UAAU;KACxB,CAAC,CAAC;IAEH,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,CAAC,CAAC;YACV,IAAA,uBAAa,EAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YACvC,IAAA,uBAAa,EAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9C,MAAM;QACV,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACX,IAAA,uBAAa,EAAC,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YACxC,IAAA,uBAAa,EAAC,GAAG,EAAE,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM;QACV,CAAC;IACL,CAAC;AACL,CAAC"}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/services/authup/utils.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AA8BH,0EAWC;AAED,gEA8BC;AAtED,qCAA0E;AAC1E,+CAA0H;AAE1H,yCAAiD;AAEjD,2CAAwE;AAaxE,SAAS,iBAAiB;IACtB,OAAO,MAAM,CAAC,MAAM,CAAC;QACjB,GAAG,oBAAc;QACjB,GAAG,yBAAoB;KAC1B,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,IAAI;KACmB,CAAA,CAAC,CAAC;AACjC,CAAC;AAED,SAAgB,+BAA+B;IAC3C,OAAO;QACH,QAAQ,EAAE,sCAAsC;QAChD,UAAU,EAAE,4BAAiB;QAE7B,QAAQ,EAAE,MAAM;QAChB,GAAG,EAAE,sCAAsC;QAC3C,QAAQ,EAAE,OAAO;QAEjB,WAAW,EAAE,iBAAiB,EAAE;KACnC,CAAC;AACN,CAAC;AAED,SAAgB,0BAA0B,CACtC,GAAY,EACZ,IAAkC,EAClC,aAAuB;IAEvB,IAAI,SAA2B,CAAC;IAChC,IAAI,aAAa,EAAE,CAAC;QAChB,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACpC,CAAC;SAAM,CAAC;QACJ,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,MAAM,iBAAiB,GAAG,IAAI,uBAAiB,CAAC;QAC5C,QAAQ,EAAE,IAAI,8BAAwB,CAAC,SAAS,CAAC;KACpD,CAAC,CAAC;IACH,MAAM,wBAAwB,GAAG,IAAI,kCAAwB,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACtF,IAAA,uBAAa,EAAC,GAAG,EAAE,mBAAmB,EAAE,wBAAwB,CAAC,CAAC;IAElE,IAAA,uBAAa,EAAC,GAAG,EAAE,UAAU,EAAE;QAC3B,EAAE,EAAE,IAAI,CAAC,GAAG;QACZ,IAAI,EAAE,IAAI,CAAC,QAAQ;QACnB,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,SAAS,EAAE,IAAI,CAAC,UAAU;QAC1B,UAAU,EAAE;YACR,EAAE,EAAE,IAAI,CAAC,GAAG;YACZ,IAAI,EAAE,IAAI,CAAC,QAAQ;SACtB;KACJ,CAAC,CAAC;IAEH,IAAA,uBAAa,EAAC,GAAG,EAAE,QAAQ,EAAE,IAAA,sCAA2B,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AAC1E,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@privateaim/server-http-kit",
-    "version": "0.8.3",
+    "version": "0.8.4",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",
     "author": {
@@ -11,14 +11,14 @@
     "license": "Apache-2.0",
     "description": "This package contains the realtime application which connects the API with socket based clients.",
     "dependencies": {
-        "@authup/kit": "^1.0.0-beta.19",
-        "@authup/core-kit": "^1.0.0-beta.19",
-        "@authup/core-http-kit": "^1.0.0-beta.19",
-        "@authup/server-core-plugin-kit": "^1.0.0-beta.18",
-        "@authup/server-core-plugin-http": "^1.0.0-beta.18",
+        "@authup/kit": "^1.0.0-beta.22",
+        "@authup/core-kit": "^1.0.0-beta.22",
+        "@authup/core-http-kit": "^1.0.0-beta.22",
+        "@authup/server-adapter-kit": "^1.0.0-beta.20",
+        "@authup/server-adapter-http": "^1.0.0-beta.20",
         "@ebec/http": "^2.3.0",
-        "@privateaim/kit": "^0.8.3",
-        "@privateaim/server-kit": "^0.8.3",
+        "@privateaim/kit": "^0.8.4",
+        "@privateaim/server-kit": "^0.8.4",
         "@routup/basic": "^1.4.1",
         "@routup/decorators": "^3.4.1",
         "@routup/prometheus": "^2.4.0",
@@ -26,20 +26,20 @@
         "@routup/swagger": "^2.4.1",
         "cors": "^2.8.5",
         "hapic": "^2.5.1",
-        "locter": "^2.1.1"
+        "locter": "^2.1.4"
     },
     "devDependencies": {
         "@types/cors": "^2.8.17",
         "express-validator": "^7.2.0",
         "redis-extension": "^1.5.0",
         "routup": "^4.0.1",
-        "typeorm-extension": "^3.6.1"
+        "typeorm-extension": "^3.6.2"
     },
     "peerDependencies": {
         "express-validator": "^7.2.0",
         "redis-extension": "^1.5.0",
         "routup": "^4.0.1",
-        "typeorm-extension": "^3.6.1"
+        "typeorm-extension": "^3.6.2"
     },
     "scripts": {
         "dev": "ts-node src/index.ts",

package/src/middlewares/error.ts

@@ -5,13 +5,44 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
+import { BuiltInPolicyType, PermissionError } from '@authup/kit';
 import { isObject } from '@privateaim/kit';
 import type { Router } from 'routup';
 import { errorHandler } from 'routup';
 import { useLogger } from '@privateaim/server-kit';
+import { EntityRelationLookupError } from 'typeorm-extension';
 
 export function mountErrorMiddleware(router: Router) {
     router.use(errorHandler((error, req, res) => {
+        const isServerError = error.statusCode >= 500 &&
+            error.statusCode < 600;
+
+        if (isServerError || error.logMessage) {
+            useLogger().error(error);
+
+            if (error.cause) {
+                useLogger().error(error.cause);
+            }
+        }
+
+        if (error.cause instanceof PermissionError) {
+            error.expose = true;
+
+            if (
+                error.cause.policy &&
+                error.cause.policy.type === BuiltInPolicyType.IDENTITY
+            ) {
+                error.statusCode = 401;
+            } else {
+                error.statusCode = 403;
+            }
+        }
+
+        if (error.cause instanceof EntityRelationLookupError) {
+            error.expose = true;
+            error.statusCode = 400;
+        }
+
         // catch and decorate some db errors :)
         switch (error.code) {
             case 'ER_DUP_ENTRY':
@@ -28,18 +59,11 @@ export function mountErrorMiddleware(router: Router) {
                 break;
         }
 
-        const isServerError = (typeof error.expose !== 'undefined' && !error.expose) ||
-            (error.statusCode >= 500 && error.statusCode < 600);
-
-        if (isServerError || error.logMessage) {
-            useLogger().error(error);
-
-            if (error.cause) {
-                useLogger().error(error.cause);
-            }
-        }
+        const exposeError = typeof error.expose === 'boolean' ?
+            error.expose :
+            !isServerError;
 
-        if (isServerError) {
+        if (!exposeError) {
             error.message = 'An internal server error occurred.';
         }
 
@@ -49,7 +73,7 @@ export function mountErrorMiddleware(router: Router) {
             statusCode: error.statusCode,
             code: `${error.code}`,
             message: error.message,
-            ...(isObject(error.data) && !isServerError ? error.data : {}),
+            ...(exposeError && isObject(error.data) ? error.data : {}),
         };
     }));
 }

package/src/middlewares/force-logged-in.ts

@@ -5,21 +5,15 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
-import { UnauthorizedError } from '@ebec/http';
 import type { HandlerInterface } from '@routup/decorators';
 import type {
     Next, Request, Response,
 } from 'routup';
-import { useRequestEnv } from '../request';
+import { useRequestIdentityOrFail } from '../request';
 
 export class ForceLoggedInMiddleware implements HandlerInterface {
     public run(request: Request, response: Response, next: Next) {
-        if (
-            typeof useRequestEnv(request, 'userId') === 'undefined' &&
-            typeof useRequestEnv(request, 'robotId') === 'undefined'
-        ) {
-            throw new UnauthorizedError();
-        }
+        useRequestIdentityOrFail(request);
 
         next();
     }

package/src/middlewares/rate-limit.ts

@@ -9,32 +9,27 @@ import { REALM_MASTER_NAME } from '@authup/core-kit';
 import type { OptionsInput } from '@routup/rate-limit';
 import { rateLimit } from '@routup/rate-limit';
 import type { Request, Router } from 'routup';
-import { useRequestEnv } from '../request';
+import { useRequestIdentity } from '../request';
 
 export function mountRateLimiterMiddleware(router: Router) {
     const options : OptionsInput = {
         skip(req: Request) {
-            const robot = useRequestEnv(req, 'robotId');
-            if (robot) {
-                const { name } = useRequestEnv(req, 'realm');
+            const identity = useRequestIdentity(req);
 
-                if (
-                    name === REALM_MASTER_NAME &&
-                    useRequestEnv(req, 'robotName') === 'system'
-                ) {
-                    return true;
-                }
-            }
-
-            return false;
+            return identity &&
+                identity.type === 'robot' &&
+                identity.realmName === REALM_MASTER_NAME;
         },
         max(req: Request) {
-            if (useRequestEnv(req, 'userId')) {
+            const identity = useRequestIdentity(req);
+            if (identity && identity.type === 'user') {
                 return 60 * 100; // 100 req p. sec
             }
 
-            const robot = useRequestEnv(req, 'robotId');
-            if (robot) {
+            if (
+                identity &&
+                (identity.type === 'robot' || identity.type === 'client')
+            ) {
                 return 60 * 1000; // 1000 req p. sec
             }
 

package/src/request/identity-realm.ts

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { Request } from 'routup';
+import { useRequestIdentity } from './identity';
+
+type RequestRealm = {
+    id: string,
+    name: string
+};
+
+export function useRequestIdentityRealm(req: Request) : RequestRealm {
+    const identity = useRequestIdentity(req);
+    if (!identity) {
+        return undefined;
+    }
+
+    return {
+        id: identity.realmId,
+        name: identity.realmName,
+    };
+}

package/src/request/identity.ts

@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import { REALM_MASTER_NAME } from '@authup/core-kit';
+import { UnauthorizedError } from '@ebec/http';
+import type { Request } from 'routup';
+import type { RequestIdentity } from './types';
+import { setRequestEnv, useRequestEnv } from './env';
+
+export function useRequestIdentity(req: Request) : RequestIdentity | undefined {
+    return useRequestEnv(req, 'identity');
+}
+
+export function setRequestIdentity(req: Request, identity: RequestIdentity) : void {
+    setRequestEnv(req, 'identity', identity);
+}
+
+export function useRequestIdentityOrFail(req: Request) : RequestIdentity {
+    const identity = useRequestIdentity(req);
+    if (!identity) {
+        throw new UnauthorizedError();
+    }
+
+    return identity;
+}
+
+export function isRequestIdentityMasterRealmMember(input: RequestIdentity) : boolean {
+    return input.realmName === REALM_MASTER_NAME;
+}

package/src/request/index.ts

@@ -5,5 +5,8 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
+export * from './permission';
 export * from './env';
+export * from './identity';
+export * from './identity-realm';
 export * from './types';

package/src/request/permission/helper.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { Request } from 'routup';
+import { BadRequestError } from '@ebec/http';
+import { setRequestEnv, useRequestEnv } from '../env';
+import type { RequestPermissionChecker } from './module';
+
+export function setRequestPermissionChecker(req: Request, checker: RequestPermissionChecker) {
+    setRequestEnv(req, 'permissionChecker', checker);
+}
+
+export function useRequestPermissionChecker(req: Request) : RequestPermissionChecker {
+    const checker = useRequestEnv(req, 'permissionChecker');
+    if (!checker) {
+        throw new BadRequestError('The request permission checker is not initialized.');
+    }
+
+    return checker;
+}

package/src/request/permission/index.ts

@@ -0,0 +1,9 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+export * from './helper';
+export * from './module';

package/src/request/permission/module.ts

@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import { ScopeName } from '@authup/core-kit';
+import type {
+    PermissionChecker,
+    PermissionCheckerCheckContext,
+} from '@authup/kit';
+import type { Request } from 'routup';
+import { useRequestEnv } from '../env';
+import { useRequestIdentity } from '../identity';
+
+export class RequestPermissionChecker {
+    protected req: Request;
+
+    protected checker: PermissionChecker;
+
+    constructor(req: Request, checker: PermissionChecker) {
+        this.req = req;
+        this.checker = checker;
+    }
+
+    // --------------------------------------------------------------
+
+    async check(ctx: PermissionCheckerCheckContext) : Promise<void> {
+        return this.checker.check(this.extendCheckContext(ctx));
+    }
+
+    async preCheck(ctx: PermissionCheckerCheckContext) : Promise<void> {
+        return this.checker.preCheck(this.extendCheckContext(ctx));
+    }
+
+    // --------------------------------------------------------------
+
+    async preCheckOneOf(ctx: PermissionCheckerCheckContext) : Promise<void> {
+        return this.checker.preCheckOneOf(this.extendCheckContext(ctx));
+    }
+
+    async checkOneOf(ctx: PermissionCheckerCheckContext) : Promise<void> {
+        return this.checker.checkOneOf(this.extendCheckContext(ctx));
+    }
+
+    // --------------------------------------------------------------
+
+    protected extendCheckContext(ctx: PermissionCheckerCheckContext) {
+        const scopes = useRequestEnv(this.req, 'scopes') || [];
+        if (scopes.indexOf(ScopeName.GLOBAL) !== -1) {
+            ctx.data = {
+                ...ctx.data || {},
+                identity: useRequestIdentity(this.req),
+            };
+        }
+
+        return ctx;
+    }
+}

package/src/request/types.ts

@@ -5,18 +5,20 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
-import type { Abilities } from '@authup/kit';
+import type { RequestPermissionChecker } from './permission';
 
-export type RequestEnv = {
-    abilities?: Abilities,
+export type RequestIdentity = {
+    id: string;
+    type: 'user' | 'client' | 'robot',
+    realmId: string,
+    realmName: string
+    attributes?: Record<string, any>,
+};
 
-    realmId?: string,
-    realmName?: string,
-    realm?: { id?: string, name?: string },
+export type RequestEnv = {
+    permissionChecker?: RequestPermissionChecker,
 
-    userId?: string,
-    userName?: string,
+    identity?: RequestIdentity,
 
-    robotId?: string,
-    robotName?: string
+    scopes?: string[],
 };

package/src/services/authup/middleware.ts

@@ -6,8 +6,8 @@
  */
 
 import type { TokenCreatorOptions } from '@authup/core-http-kit';
-import type { TokenVerifierRedisCacheOptions } from '@authup/server-core-plugin-kit';
-import { createMiddleware } from '@authup/server-core-plugin-http';
+import type { TokenVerifierRedisCacheOptions } from '@authup/server-adapter-kit';
+import { createMiddleware } from '@authup/server-adapter-http';
 import { useRequestCookie } from '@routup/basic/cookie';
 import { parseAuthorizationHeader } from 'hapic';
 import type { Router } from 'routup';

package/src/services/authup/utils.ts

@@ -5,13 +5,13 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
-import type { Ability } from '@authup/kit';
-import { Abilities } from '@authup/kit';
-import { PermissionName as AuthupPermissionName, REALM_MASTER_NAME } from '@authup/core-kit';
-import type { TokenVerificationData } from '@authup/server-core-plugin-kit';
+import type { PermissionItem } from '@authup/kit';
+import { PermissionChecker, PermissionMemoryProvider } from '@authup/kit';
+import { PermissionName as AuthupPermissionName, REALM_MASTER_NAME, transformOAuth2ScopeToArray } from '@authup/core-kit';
+import type { TokenVerificationData } from '@authup/server-adapter-kit';
 import { PermissionName } from '@privateaim/kit';
 import type { Request } from 'routup';
-import { setRequestEnv } from '../../request';
+import { RequestPermissionChecker, setRequestEnv } from '../../request';
 
 type TokenVerificationDataMinimal = Pick<
 TokenVerificationData,
@@ -20,16 +20,17 @@ TokenVerificationData,
 'realm_name' |
 'sub' |
 'sub_kind' |
-'sub_name'
+'sub_name' |
+'scope'
 >;
 
-function generateAbilities(): Ability[] {
+function generateAbilities(): PermissionItem[] {
     return Object.values({
         ...PermissionName,
         ...AuthupPermissionName,
     }).map((name) => ({
         name,
-    } satisfies Ability));
+    } satisfies PermissionItem));
 }
 
 export function createFakeTokenVerificationData(): TokenVerificationDataMinimal {
@@ -50,33 +51,29 @@ export function applyTokenVerificationData(
     data: TokenVerificationDataMinimal,
     fakeAbilities?: boolean,
 ) {
-    let abilities: Ability[];
+    let abilities: PermissionItem[];
     if (fakeAbilities) {
         abilities = generateAbilities();
     } else {
         abilities = data.permissions;
     }
 
-    const ability = new Abilities(abilities);
-    setRequestEnv(req, 'abilities', ability);
+    const permissionChecker = new PermissionChecker({
+        provider: new PermissionMemoryProvider(abilities),
+    });
+    const requestPermissionChecker = new RequestPermissionChecker(req, permissionChecker);
+    setRequestEnv(req, 'permissionChecker', requestPermissionChecker);
 
-    setRequestEnv(req, 'realmId', data.realm_id);
-    setRequestEnv(req, 'realmName', data.realm_name);
-    setRequestEnv(req, 'realm', {
-        id: data.realm_id,
-        name: data.realm_name,
+    setRequestEnv(req, 'identity', {
+        id: data.sub,
+        type: data.sub_kind,
+        realmId: data.realm_id,
+        realmName: data.realm_name,
+        attributes: {
+            id: data.sub,
+            name: data.sub_name,
+        },
     });
 
-    switch (data.sub_kind) {
-        case 'user': {
-            setRequestEnv(req, 'userId', data.sub);
-            setRequestEnv(req, 'userName', data.sub_name);
-            break;
-        }
-        case 'robot': {
-            setRequestEnv(req, 'robotId', data.sub);
-            setRequestEnv(req, 'robotName', data.sub_name);
-            break;
-        }
-    }
+    setRequestEnv(req, 'scopes', transformOAuth2ScopeToArray(data.scope));
 }