@privateaim/server-http-kit 0.8.3 → 0.8.5

package/dist/services/authup/middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/services/authup/middleware.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAYH,sDA4FC;AApGD,6EAAmE;AACnE,iDAAwD;AACxD,iCAAiD;AAEjD,mCAAuD;AAEvD,mCAAsF;AAEtF,SAAgB,qBAAqB,CACjC,MAAc,EACd,OAA4C;IAE5C,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,IAAI,GAAG,IAAA,uCAA+B,GAAE,CAAC;QAE/C,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACtC,IAAA,kCAA0B,EAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;YAC7D,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,CAAC,CAAC;QAEJ,OAAO;IACX,CAAC;IAED,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC5C,MAAM,SAAS,GAAG,IAAA,yBAAgB,EAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QACzD,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAChC,IAAI,EAAE,CAAC;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,wBAAwB,SAAS,EAAE,CAAC;QAErD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrD,IAAI,IAAI,EAAE,CAAC;gBACP,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,UAAU,IAAI,EAAE,CAAC;gBAC7C,IAAI,EAAE,CAAC;gBACP,OAAO;YACX,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,gCAAwB,EAAC,SAAS,CAAC,CAAC;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC;gBAC7D,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC5B,CAAC,CAAC;YAEH,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,CAAC,YAAY,EAAE,CAAC;YAC3D,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACtB,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;YACpF,CAAC;QACL,CAAC;QAED,IAAI,EAAE,CAAC;IACX,CAAC,CAAC,CAAC,CAAC;IAEJ,IAAI,YAAkC,CAAC;IACvC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACtB,YAAY,GAAG;YACX,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,OAAO,CAAC,WAAW;YAC1B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;SACvC,CAAC;IACN,CAAC;SAAM,CAAC;QACJ,YAAY,GAAG;YACX,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;SACvC,CAAC;IACN,CAAC;IAED,IAAI,UAAuD,CAAC;IAC5D,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACtB,UAAU,GAAG;YACT,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,OAAO,CAAC,WAAW;SAC9B,CAAC;IACN,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,0CAAgB,EAAC;QAChC,aAAa,EAAE,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE,CAAC,IAAA,yBAAgB,EAAC,GAAG,EAAE,UAAU,CAAC;QACrE,aAAa,EAAE;YACX,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;YACpC,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,UAAU;SACpB;QACD,oBAAoB,EAAE,CAClB,GAAG,EACH,IAAI,EACN,EAAE,CAAC,IAAA,kCAA0B,EAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC;KACpE,CAAC,CAAC;IAEH,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,CACnB,GAAG,EACH,GAAG,EACH,IAAI,EACN,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC"}
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/services/authup/middleware.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAYH,sDA4FC;AApGD,qEAA+D;AAC/D,iDAAwD;AACxD,iCAAiD;AAEjD,mCAAuD;AAEvD,mCAAsF;AAEtF,SAAgB,qBAAqB,CACjC,MAAc,EACd,OAA4C;IAE5C,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,IAAI,GAAG,IAAA,uCAA+B,GAAE,CAAC;QAE/C,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACtC,IAAA,kCAA0B,EAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;YAC7D,IAAI,EAAE,CAAC;QACX,CAAC,CAAC,CAAC,CAAC;QAEJ,OAAO;IACX,CAAC;IAED,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC5C,MAAM,SAAS,GAAG,IAAA,yBAAgB,EAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QACzD,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAChC,IAAI,EAAE,CAAC;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,wBAAwB,SAAS,EAAE,CAAC;QAErD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrD,IAAI,IAAI,EAAE,CAAC;gBACP,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,UAAU,IAAI,EAAE,CAAC;gBAC7C,IAAI,EAAE,CAAC;gBACP,OAAO;YACX,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,gCAAwB,EAAC,SAAS,CAAC,CAAC;QAEnD,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC;gBACxD,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC5B,CAAC,CAAC;YAEH,GAAG,CAAC,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,CAAC,YAAY,EAAE,CAAC;YAC3D,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACtB,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;YACpF,CAAC;QACL,CAAC;QAED,IAAI,EAAE,CAAC;IACX,CAAC,CAAC,CAAC,CAAC;IAEJ,IAAI,YAAkC,CAAC;IACvC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACtB,YAAY,GAAG;YACX,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,QAAQ;YACd,KAAK,EAAE,OAAO,CAAC,WAAW;YAC1B,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;SACvC,CAAC;IACN,CAAC;SAAM,CAAC;QACJ,YAAY,GAAG;YACX,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,UAAU;YACpB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;SACvC,CAAC;IACN,CAAC;IAED,IAAI,UAAuD,CAAC;IAC5D,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACtB,UAAU,GAAG;YACT,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,OAAO,CAAC,WAAW;SAC9B,CAAC;IACN,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,sCAAgB,EAAC;QAChC,aAAa,EAAE,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE,CAAC,IAAA,yBAAgB,EAAC,GAAG,EAAE,UAAU,CAAC;QACrE,aAAa,EAAE;YACX,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE;YACpC,OAAO,EAAE,YAAY;YACrB,KAAK,EAAE,UAAU;SACpB;QACD,oBAAoB,EAAE,CAClB,GAAG,EACH,IAAI,EACN,EAAE,CAAC,IAAA,kCAA0B,EAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,aAAa,CAAC;KACpE,CAAC,CAAC;IAEH,MAAM,CAAC,GAAG,CAAC,IAAA,oBAAW,EAAC,CACnB,GAAG,EACH,GAAG,EACH,IAAI,EACN,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC"}

package/dist/services/authup/permission-provider.d.ts

@@ -0,0 +1,5 @@
+import type { PermissionGetOptions, PermissionItem, PermissionProvider } from '@authup/access';
+export declare class FakePermissionProvider implements PermissionProvider {
+    get(criteria: PermissionGetOptions): Promise<PermissionItem | undefined>;
+}
+//# sourceMappingURL=permission-provider.d.ts.map

package/dist/services/authup/permission-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-provider.d.ts","sourceRoot":"","sources":["../../../src/services/authup/permission-provider.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,oBAAoB,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAE/F,qBAAa,sBAAuB,YAAW,kBAAkB;IACvD,GAAG,CAAC,QAAQ,EAAE,oBAAoB,GAAG,OAAO,CAAC,cAAc,GAAG,SAAS,CAAC;CAOjF"}

package/dist/services/authup/permission-provider.js

@@ -0,0 +1,20 @@
+"use strict";
+/*
+ * Copyright (c) 2025.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FakePermissionProvider = void 0;
+class FakePermissionProvider {
+    async get(criteria) {
+        return {
+            name: criteria.name,
+            realm_id: criteria.realmId,
+            policy: null,
+        };
+    }
+}
+exports.FakePermissionProvider = FakePermissionProvider;
+//# sourceMappingURL=permission-provider.js.map

package/dist/services/authup/permission-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-provider.js","sourceRoot":"","sources":["../../../src/services/authup/permission-provider.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAIH,MAAa,sBAAsB;IAC/B,KAAK,CAAC,GAAG,CAAC,QAA8B;QACpC,OAAO;YACH,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,QAAQ,EAAE,QAAQ,CAAC,OAAO;YAC1B,MAAM,EAAE,IAAI;SACf,CAAC;IACN,CAAC;CACJ;AARD,wDAQC"}

package/dist/services/authup/utils.d.ts

@@ -1,6 +1,6 @@
-import type { TokenVerificationData } from '@authup/server-core-plugin-kit';
+import type { TokenVerificationData } from '@authup/server-adapter-kit';
 import type { Request } from 'routup';
-type TokenVerificationDataMinimal = Pick<TokenVerificationData, 'permissions' | 'realm_id' | 'realm_name' | 'sub' | 'sub_kind' | 'sub_name'>;
+type TokenVerificationDataMinimal = Pick<TokenVerificationData, 'permissions' | 'realm_id' | 'realm_name' | 'sub' | 'sub_kind' | 'sub_name' | 'scope'>;
 export declare function createFakeTokenVerificationData(): TokenVerificationDataMinimal;
 export declare function applyTokenVerificationData(req: Request, data: TokenVerificationDataMinimal, fakeAbilities?: boolean): void;
 export {};

package/dist/services/authup/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/services/authup/utils.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAE5E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAGtC,KAAK,4BAA4B,GAAG,IAAI,CACxC,qBAAqB,EACrB,aAAa,GACb,UAAU,GACV,YAAY,GACZ,KAAK,GACL,UAAU,GACV,UAAU,CACT,CAAC;AAWF,wBAAgB,+BAA+B,IAAI,4BAA4B,CAW9E;AAED,wBAAgB,0BAA0B,CACtC,GAAG,EAAE,OAAO,EACZ,IAAI,EAAE,4BAA4B,EAClC,aAAa,CAAC,EAAE,OAAO,QA+B1B"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/services/authup/utils.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACxE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAItC,KAAK,4BAA4B,GAAG,IAAI,CACxC,qBAAqB,EACrB,aAAa,GACb,UAAU,GACV,YAAY,GACZ,KAAK,GACL,UAAU,GACV,UAAU,GACV,OAAO,CACN,CAAC;AAEF,wBAAgB,+BAA+B,IAAI,4BAA4B,CAW9E;AAED,wBAAgB,0BAA0B,CACtC,GAAG,EAAE,OAAO,EACZ,IAAI,EAAE,4BAA4B,EAClC,aAAa,CAAC,EAAE,OAAO,QA2B1B"}

package/dist/services/authup/utils.js

@@ -8,18 +8,10 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createFakeTokenVerificationData = createFakeTokenVerificationData;
 exports.applyTokenVerificationData = applyTokenVerificationData;
-const kit_1 = require("@authup/kit");
+const access_1 = require("@authup/access");
 const core_kit_1 = require("@authup/core-kit");
-const kit_2 = require("@privateaim/kit");
 const request_1 = require("../../request");
-function generateAbilities() {
-    return Object.values({
-        ...kit_2.PermissionName,
-        ...core_kit_1.PermissionName,
-    }).map((name) => ({
-        name,
-    }));
-}
+const permission_provider_1 = require("./permission-provider");
 function createFakeTokenVerificationData() {
     return {
         realm_id: 'd94b2f28-29e3-4ced-b8f1-6923a01dc1ee',
@@ -27,36 +19,32 @@ function createFakeTokenVerificationData() {
         sub_kind: 'user',
         sub: 'd94b2f28-29e3-4ced-b8f1-6923a01dc1ee',
         sub_name: 'admin',
-        permissions: generateAbilities(),
+        permissions: [],
     };
 }
 function applyTokenVerificationData(req, data, fakeAbilities) {
-    let abilities;
+    let provider;
     if (fakeAbilities) {
-        abilities = generateAbilities();
+        provider = new permission_provider_1.FakePermissionProvider();
     }
     else {
-        abilities = data.permissions;
+        provider = new access_1.PermissionMemoryProvider(data.permissions);
     }
-    const ability = new kit_1.Abilities(abilities);
-    (0, request_1.setRequestEnv)(req, 'abilities', ability);
-    (0, request_1.setRequestEnv)(req, 'realmId', data.realm_id);
-    (0, request_1.setRequestEnv)(req, 'realmName', data.realm_name);
-    (0, request_1.setRequestEnv)(req, 'realm', {
-        id: data.realm_id,
-        name: data.realm_name,
+    const permissionChecker = new access_1.PermissionChecker({
+        provider,
     });
-    switch (data.sub_kind) {
-        case 'user': {
-            (0, request_1.setRequestEnv)(req, 'userId', data.sub);
-            (0, request_1.setRequestEnv)(req, 'userName', data.sub_name);
-            break;
-        }
-        case 'robot': {
-            (0, request_1.setRequestEnv)(req, 'robotId', data.sub);
-            (0, request_1.setRequestEnv)(req, 'robotName', data.sub_name);
-            break;
-        }
-    }
+    const requestPermissionChecker = new request_1.RequestPermissionChecker(req, permissionChecker);
+    (0, request_1.setRequestEnv)(req, 'permissionChecker', requestPermissionChecker);
+    (0, request_1.setRequestEnv)(req, 'identity', {
+        id: data.sub,
+        type: data.sub_kind,
+        realmId: data.realm_id,
+        realmName: data.realm_name,
+        attributes: {
+            id: data.sub,
+            name: data.sub_name,
+        },
+    });
+    (0, request_1.setRequestEnv)(req, 'scopes', (0, core_kit_1.transformOAuth2ScopeToArray)(data.scope));
 }
 //# sourceMappingURL=utils.js.map

package/dist/services/authup/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/services/authup/utils.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AA6BH,0EAWC;AAED,gEAkCC;AAzED,qCAAwC;AACxC,+CAA6F;AAE7F,yCAAiD;AAEjD,2CAA8C;AAY9C,SAAS,iBAAiB;IACtB,OAAO,MAAM,CAAC,MAAM,CAAC;QACjB,GAAG,oBAAc;QACjB,GAAG,yBAAoB;KAC1B,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACd,IAAI;KACY,CAAA,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,+BAA+B;IAC3C,OAAO;QACH,QAAQ,EAAE,sCAAsC;QAChD,UAAU,EAAE,4BAAiB;QAE7B,QAAQ,EAAE,MAAM;QAChB,GAAG,EAAE,sCAAsC;QAC3C,QAAQ,EAAE,OAAO;QAEjB,WAAW,EAAE,iBAAiB,EAAE;KACnC,CAAC;AACN,CAAC;AAED,SAAgB,0BAA0B,CACtC,GAAY,EACZ,IAAkC,EAClC,aAAuB;IAEvB,IAAI,SAAoB,CAAC;IACzB,IAAI,aAAa,EAAE,CAAC;QAChB,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACpC,CAAC;SAAM,CAAC;QACJ,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,eAAS,CAAC,SAAS,CAAC,CAAC;IACzC,IAAA,uBAAa,EAAC,GAAG,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;IAEzC,IAAA,uBAAa,EAAC,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC7C,IAAA,uBAAa,EAAC,GAAG,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,IAAA,uBAAa,EAAC,GAAG,EAAE,OAAO,EAAE;QACxB,EAAE,EAAE,IAAI,CAAC,QAAQ;QACjB,IAAI,EAAE,IAAI,CAAC,UAAU;KACxB,CAAC,CAAC;IAEH,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,CAAC,CAAC;YACV,IAAA,uBAAa,EAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YACvC,IAAA,uBAAa,EAAC,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9C,MAAM;QACV,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACX,IAAA,uBAAa,EAAC,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YACxC,IAAA,uBAAa,EAAC,GAAG,EAAE,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM;QACV,CAAC;IACL,CAAC;AACL,CAAC"}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/services/authup/utils.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAqBH,0EAWC;AAED,gEA8BC;AA7DD,2CAA6E;AAC7E,+CAAkF;AAGlF,2CAAwE;AACxE,+DAA+D;AAa/D,SAAgB,+BAA+B;IAC3C,OAAO;QACH,QAAQ,EAAE,sCAAsC;QAChD,UAAU,EAAE,4BAAiB;QAE7B,QAAQ,EAAE,MAAM;QAChB,GAAG,EAAE,sCAAsC;QAC3C,QAAQ,EAAE,OAAO;QAEjB,WAAW,EAAE,EAAE;KAClB,CAAC;AACN,CAAC;AAED,SAAgB,0BAA0B,CACtC,GAAY,EACZ,IAAkC,EAClC,aAAuB;IAEvB,IAAI,QAA6B,CAAC;IAClC,IAAI,aAAa,EAAE,CAAC;QAChB,QAAQ,GAAG,IAAI,4CAAsB,EAAE,CAAC;IAC5C,CAAC;SAAM,CAAC;QACJ,QAAQ,GAAG,IAAI,iCAAwB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,iBAAiB,GAAG,IAAI,0BAAiB,CAAC;QAC5C,QAAQ;KACX,CAAC,CAAC;IACH,MAAM,wBAAwB,GAAG,IAAI,kCAAwB,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACtF,IAAA,uBAAa,EAAC,GAAG,EAAE,mBAAmB,EAAE,wBAAwB,CAAC,CAAC;IAElE,IAAA,uBAAa,EAAC,GAAG,EAAE,UAAU,EAAE;QAC3B,EAAE,EAAE,IAAI,CAAC,GAAG;QACZ,IAAI,EAAE,IAAI,CAAC,QAAQ;QACnB,OAAO,EAAE,IAAI,CAAC,QAAQ;QACtB,SAAS,EAAE,IAAI,CAAC,UAAU;QAC1B,UAAU,EAAE;YACR,EAAE,EAAE,IAAI,CAAC,GAAG;YACZ,IAAI,EAAE,IAAI,CAAC,QAAQ;SACtB;KACJ,CAAC,CAAC;IAEH,IAAA,uBAAa,EAAC,GAAG,EAAE,QAAQ,EAAE,IAAA,sCAA2B,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AAC1E,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@privateaim/server-http-kit",
-    "version": "0.8.3",
+    "version": "0.8.5",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",
     "author": {
@@ -11,35 +11,35 @@
     "license": "Apache-2.0",
     "description": "This package contains the realtime application which connects the API with socket based clients.",
     "dependencies": {
-        "@authup/kit": "^1.0.0-beta.19",
-        "@authup/core-kit": "^1.0.0-beta.19",
-        "@authup/core-http-kit": "^1.0.0-beta.19",
-        "@authup/server-core-plugin-kit": "^1.0.0-beta.18",
-        "@authup/server-core-plugin-http": "^1.0.0-beta.18",
+        "@authup/access": "^1.0.0-beta.24",
+        "@authup/kit": "^1.0.0-beta.24",
+        "@authup/core-kit": "^1.0.0-beta.24",
+        "@authup/core-http-kit": "^1.0.0-beta.24",
+        "@authup/server-adapter-kit": "^1.0.0-beta.24",
+        "@authup/server-adapter-http": "^1.0.0-beta.24",
         "@ebec/http": "^2.3.0",
-        "@privateaim/kit": "^0.8.3",
-        "@privateaim/server-kit": "^0.8.3",
+        "@privateaim/kit": "^0.8.5",
+        "@privateaim/server-kit": "^0.8.5",
         "@routup/basic": "^1.4.1",
         "@routup/decorators": "^3.4.1",
         "@routup/prometheus": "^2.4.0",
         "@routup/rate-limit": "^2.4.0",
         "@routup/swagger": "^2.4.1",
         "cors": "^2.8.5",
-        "hapic": "^2.5.1",
-        "locter": "^2.1.1"
+        "hapic": "^2.5.2",
+        "locter": "^2.1.4",
+        "validup": "^0.1.8"
     },
     "devDependencies": {
         "@types/cors": "^2.8.17",
-        "express-validator": "^7.2.0",
-        "redis-extension": "^1.5.0",
+        "redis-extension": "^2.0.1",
         "routup": "^4.0.1",
-        "typeorm-extension": "^3.6.1"
+        "typeorm-extension": "^3.6.2"
     },
     "peerDependencies": {
-        "express-validator": "^7.2.0",
-        "redis-extension": "^1.5.0",
+        "redis-extension": "^2.0.1",
         "routup": "^4.0.1",
-        "typeorm-extension": "^3.6.1"
+        "typeorm-extension": "^3.6.2"
     },
     "scripts": {
         "dev": "ts-node src/index.ts",

package/{dist/validation/type.js → src/constants.ts}

@@ -1,9 +1,11 @@
-"use strict";
 /*
- * Copyright (c) 2022-2024.
+ * Copyright (c) 2024.
  * Author Peter Placzek (tada5hi)
  * For the full copyright and license information,
  * view the LICENSE file that was distributed with this source code.
  */
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=type.js.map
+
+export enum HTTPHandlerOperation {
+    CREATE = 'create',
+    UPDATE = 'update',
+}

package/src/index.ts

@@ -5,8 +5,8 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
+export * from './constants';
 export * from './middlewares';
 export * from './request';
 export * from './services';
 export * from './swagger';
-export * from './validation';

package/src/middlewares/error.ts

@@ -5,13 +5,54 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
+import { BuiltInPolicyType, PermissionError } from '@authup/access';
 import { isObject } from '@privateaim/kit';
 import type { Router } from 'routup';
 import { errorHandler } from 'routup';
 import { useLogger } from '@privateaim/server-kit';
+import { EntityRelationLookupError } from 'typeorm-extension';
+import { ValidupNestedError } from 'validup';
 
 export function mountErrorMiddleware(router: Router) {
     router.use(errorHandler((error, req, res) => {
+        const isServerError = error.statusCode >= 500 &&
+            error.statusCode < 600;
+
+        if (isServerError || error.logMessage) {
+            useLogger().error(error);
+
+            if (error.cause) {
+                useLogger().error(error.cause);
+            }
+        }
+
+        if (error.cause instanceof PermissionError) {
+            error.expose = true;
+
+            if (
+                error.cause.policy &&
+                error.cause.policy.type === BuiltInPolicyType.IDENTITY
+            ) {
+                error.statusCode = 401;
+            } else {
+                error.statusCode = 403;
+            }
+        }
+
+        if (error.cause instanceof EntityRelationLookupError) {
+            error.expose = true;
+            error.statusCode = 400;
+        }
+
+        if (error.cause instanceof ValidupNestedError) {
+            error.expose = true;
+            error.statusCode = 400;
+            error.data = {
+                children: error.cause.children,
+                attributes: error.cause.children.map((child) => child.pathAbsolute),
+            };
+        }
+
         // catch and decorate some db errors :)
         switch (error.code) {
             case 'ER_DUP_ENTRY':
@@ -28,18 +69,11 @@ export function mountErrorMiddleware(router: Router) {
                 break;
         }
 
-        const isServerError = (typeof error.expose !== 'undefined' && !error.expose) ||
-            (error.statusCode >= 500 && error.statusCode < 600);
-
-        if (isServerError || error.logMessage) {
-            useLogger().error(error);
-
-            if (error.cause) {
-                useLogger().error(error.cause);
-            }
-        }
+        const exposeError = typeof error.expose === 'boolean' ?
+            error.expose :
+            !isServerError;
 
-        if (isServerError) {
+        if (!exposeError) {
             error.message = 'An internal server error occurred.';
         }
 
@@ -49,7 +83,7 @@ export function mountErrorMiddleware(router: Router) {
             statusCode: error.statusCode,
             code: `${error.code}`,
             message: error.message,
-            ...(isObject(error.data) && !isServerError ? error.data : {}),
+            ...(exposeError && isObject(error.data) ? error.data : {}),
         };
     }));
 }

package/src/middlewares/force-logged-in.ts

@@ -5,21 +5,15 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
-import { UnauthorizedError } from '@ebec/http';
 import type { HandlerInterface } from '@routup/decorators';
 import type {
     Next, Request, Response,
 } from 'routup';
-import { useRequestEnv } from '../request';
+import { useRequestIdentityOrFail } from '../request';
 
 export class ForceLoggedInMiddleware implements HandlerInterface {
     public run(request: Request, response: Response, next: Next) {
-        if (
-            typeof useRequestEnv(request, 'userId') === 'undefined' &&
-            typeof useRequestEnv(request, 'robotId') === 'undefined'
-        ) {
-            throw new UnauthorizedError();
-        }
+        useRequestIdentityOrFail(request);
 
         next();
     }

package/src/middlewares/rate-limit.ts

@@ -9,32 +9,27 @@ import { REALM_MASTER_NAME } from '@authup/core-kit';
 import type { OptionsInput } from '@routup/rate-limit';
 import { rateLimit } from '@routup/rate-limit';
 import type { Request, Router } from 'routup';
-import { useRequestEnv } from '../request';
+import { useRequestIdentity } from '../request';
 
 export function mountRateLimiterMiddleware(router: Router) {
     const options : OptionsInput = {
         skip(req: Request) {
-            const robot = useRequestEnv(req, 'robotId');
-            if (robot) {
-                const { name } = useRequestEnv(req, 'realm');
+            const identity = useRequestIdentity(req);
 
-                if (
-                    name === REALM_MASTER_NAME &&
-                    useRequestEnv(req, 'robotName') === 'system'
-                ) {
-                    return true;
-                }
-            }
-
-            return false;
+            return identity &&
+                identity.type === 'robot' &&
+                identity.realmName === REALM_MASTER_NAME;
         },
         max(req: Request) {
-            if (useRequestEnv(req, 'userId')) {
+            const identity = useRequestIdentity(req);
+            if (identity && identity.type === 'user') {
                 return 60 * 100; // 100 req p. sec
             }
 
-            const robot = useRequestEnv(req, 'robotId');
-            if (robot) {
+            if (
+                identity &&
+                (identity.type === 'robot' || identity.type === 'client')
+            ) {
                 return 60 * 1000; // 1000 req p. sec
             }
 

package/src/request/identity-realm.ts

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { Request } from 'routup';
+import { useRequestIdentity } from './identity';
+
+type RequestRealm = {
+    id: string,
+    name: string
+};
+
+export function useRequestIdentityRealm(req: Request) : RequestRealm {
+    const identity = useRequestIdentity(req);
+    if (!identity) {
+        return undefined;
+    }
+
+    return {
+        id: identity.realmId,
+        name: identity.realmName,
+    };
+}

package/src/request/identity.ts

@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import { REALM_MASTER_NAME } from '@authup/core-kit';
+import { UnauthorizedError } from '@ebec/http';
+import type { Request } from 'routup';
+import type { RequestIdentity } from './types';
+import { setRequestEnv, useRequestEnv } from './env';
+
+export function useRequestIdentity(req: Request) : RequestIdentity | undefined {
+    return useRequestEnv(req, 'identity');
+}
+
+export function setRequestIdentity(req: Request, identity: RequestIdentity) : void {
+    setRequestEnv(req, 'identity', identity);
+}
+
+export function useRequestIdentityOrFail(req: Request) : RequestIdentity {
+    const identity = useRequestIdentity(req);
+    if (!identity) {
+        throw new UnauthorizedError();
+    }
+
+    return identity;
+}
+
+export function isRequestIdentityMasterRealmMember(input: RequestIdentity) : boolean {
+    return input.realmName === REALM_MASTER_NAME;
+}

package/src/request/index.ts

@@ -5,5 +5,8 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
+export * from './permission';
 export * from './env';
+export * from './identity';
+export * from './identity-realm';
 export * from './types';

package/src/request/permission/helper.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { Request } from 'routup';
+import { BadRequestError } from '@ebec/http';
+import { setRequestEnv, useRequestEnv } from '../env';
+import type { RequestPermissionChecker } from './module';
+
+export function setRequestPermissionChecker(req: Request, checker: RequestPermissionChecker) {
+    setRequestEnv(req, 'permissionChecker', checker);
+}
+
+export function useRequestPermissionChecker(req: Request) : RequestPermissionChecker {
+    const checker = useRequestEnv(req, 'permissionChecker');
+    if (!checker) {
+        throw new BadRequestError('The request permission checker is not initialized.');
+    }
+
+    return checker;
+}

package/src/{validation → request/permission}/index.ts

@@ -1,11 +1,9 @@
 /*
- * Copyright (c) 2021-2024.
+ * Copyright (c) 2024.
  * Author Peter Placzek (tada5hi)
  * For the full copyright and license information,
  * view the LICENSE file that was distributed with this source code.
  */
 
-export * from './message';
+export * from './helper';
 export * from './module';
-export * from './type';
-export * from './result';

package/src/request/permission/module.ts

@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2024.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import { ScopeName } from '@authup/core-kit';
+import type {
+    PermissionChecker,
+    PermissionCheckerCheckContext,
+} from '@authup/access';
+import type { Request } from 'routup';
+import { useRequestEnv } from '../env';
+import { useRequestIdentity } from '../identity';
+
+export class RequestPermissionChecker {
+    protected req: Request;
+
+    protected checker: PermissionChecker;
+
+    constructor(req: Request, checker: PermissionChecker) {
+        this.req = req;
+        this.checker = checker;
+    }
+
+    // --------------------------------------------------------------
+
+    async check(ctx: PermissionCheckerCheckContext) : Promise<void> {
+        return this.checker.check(this.extendCheckContext(ctx));
+    }
+
+    async preCheck(ctx: PermissionCheckerCheckContext) : Promise<void> {
+        return this.checker.preCheck(this.extendCheckContext(ctx));
+    }
+
+    // --------------------------------------------------------------
+
+    async preCheckOneOf(ctx: PermissionCheckerCheckContext) : Promise<void> {
+        return this.checker.preCheckOneOf(this.extendCheckContext(ctx));
+    }
+
+    async checkOneOf(ctx: PermissionCheckerCheckContext) : Promise<void> {
+        return this.checker.checkOneOf(this.extendCheckContext(ctx));
+    }
+
+    // --------------------------------------------------------------
+
+    protected extendCheckContext(ctx: PermissionCheckerCheckContext) {
+        const scopes = useRequestEnv(this.req, 'scopes') || [];
+        if (scopes.indexOf(ScopeName.GLOBAL) !== -1) {
+            ctx.data = {
+                ...ctx.data || {},
+                identity: useRequestIdentity(this.req),
+            };
+        }
+
+        return ctx;
+    }
+}

package/src/request/types.ts

@@ -5,18 +5,20 @@
  * view the LICENSE file that was distributed with this source code.
  */
 
-import type { Abilities } from '@authup/kit';
+import type { RequestPermissionChecker } from './permission';
 
-export type RequestEnv = {
-    abilities?: Abilities,
+export type RequestIdentity = {
+    id: string;
+    type: 'user' | 'client' | 'robot',
+    realmId: string,
+    realmName: string
+    attributes?: Record<string, any>,
+};
 
-    realmId?: string,
-    realmName?: string,
-    realm?: { id?: string, name?: string },
+export type RequestEnv = {
+    permissionChecker?: RequestPermissionChecker,
 
-    userId?: string,
-    userName?: string,
+    identity?: RequestIdentity,
 
-    robotId?: string,
-    robotName?: string
+    scopes?: string[],
 };

package/src/services/authup/middleware.ts

@@ -6,8 +6,8 @@
  */
 
 import type { TokenCreatorOptions } from '@authup/core-http-kit';
-import type { TokenVerifierRedisCacheOptions } from '@authup/server-core-plugin-kit';
-import { createMiddleware } from '@authup/server-core-plugin-http';
+import type { TokenVerifierRedisCacheOptions } from '@authup/server-adapter-kit';
+import { createMiddleware } from '@authup/server-adapter-http';
 import { useRequestCookie } from '@routup/basic/cookie';
 import { parseAuthorizationHeader } from 'hapic';
 import type { Router } from 'routup';
@@ -50,7 +50,7 @@ export function mountAuthupMiddleware(
         const header = parseAuthorizationHeader(headerRaw);
 
         if (header.type === 'Basic') {
-            const token = await options.client.token.createWithPasswordGrant({
+            const token = await options.client.token.createWithPassword({
                 username: header.username,
                 password: header.password,
             });

package/src/services/authup/permission-provider.ts

@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2025.
+ * Author Peter Placzek (tada5hi)
+ * For the full copyright and license information,
+ * view the LICENSE file that was distributed with this source code.
+ */
+
+import type { PermissionGetOptions, PermissionItem, PermissionProvider } from '@authup/access';
+
+export class FakePermissionProvider implements PermissionProvider {
+    async get(criteria: PermissionGetOptions): Promise<PermissionItem | undefined> {
+        return {
+            name: criteria.name,
+            realm_id: criteria.realmId,
+            policy: null,
+        };
+    }
+}