@r2d2bzh/moleculer-authz-helpers 0.0.2 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.adoc +13 -0
- package/package.json +6 -3
- package/src/add-preflight-mixin.js +17 -18
- package/src/is-authorized.js +60 -4
package/README.adoc
CHANGED
|
@@ -83,6 +83,19 @@ It implements the following rules:
|
|
|
83
83
|
* if any answer is `false`, the whole authorization process fails
|
|
84
84
|
* if no answer was provided, the whole authorization process fails
|
|
85
85
|
|
|
86
|
+
The signature of `isAuthorized` is `(logger) => (answer) => true | false`:
|
|
87
|
+
|
|
88
|
+
. the `logger` curried argument must provide a `warn` method used to issue warnings (default: `console`)
|
|
89
|
+
. the `answer` curried argument is the authorization answer(s) to one or many authorization requests
|
|
90
|
+
|
|
91
|
+
`isAuthorized` will raise a warning in the following cases:
|
|
92
|
+
|
|
93
|
+
* an odd authorization answer was provided, known answers are:
|
|
94
|
+
** `true`:: the request is authorized
|
|
95
|
+
** `false`:: the request is denied
|
|
96
|
+
** `undefined`:: the responder is not able to answer
|
|
97
|
+
* multiple `true` or `false` answers were provided to the same authorization request
|
|
98
|
+
|
|
86
99
|
== `requestAuthorizations`
|
|
87
100
|
|
|
88
101
|
This helper operates multiple authorization requests at once and returns a promise which result can be handled by `isAuthorized`.
|
package/package.json
CHANGED
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@r2d2bzh/moleculer-authz-helpers",
|
|
3
|
-
"version": "0.0
|
|
3
|
+
"version": "2.0.0",
|
|
4
4
|
"description": "Moleculer mixin to implement preflight runner",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"scripts": {
|
|
8
|
-
"
|
|
8
|
+
"pretest": "npm run lint",
|
|
9
|
+
"test": "c8 ava -v",
|
|
10
|
+
"lint": "eslint ."
|
|
9
11
|
},
|
|
10
12
|
"keywords": [],
|
|
11
13
|
"author": "",
|
|
@@ -17,6 +19,7 @@
|
|
|
17
19
|
"@r2d2bzh/js-rules": "^0.7.1",
|
|
18
20
|
"ava": "^3.15.0",
|
|
19
21
|
"c8": "^7.10.0",
|
|
22
|
+
"eslint": "^7.32.0",
|
|
20
23
|
"moleculer": "^0.14.18",
|
|
21
24
|
"uuid": "^8.3.2"
|
|
22
25
|
},
|
|
@@ -33,7 +36,7 @@
|
|
|
33
36
|
]
|
|
34
37
|
},
|
|
35
38
|
"engines": {
|
|
36
|
-
"node": ">=
|
|
39
|
+
"node": ">=12.0.0"
|
|
37
40
|
},
|
|
38
41
|
"peerDependencies": {
|
|
39
42
|
"lodash": "^4.17.21",
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import cloneDeep from 'lodash/cloneDeep.js';
|
|
2
2
|
import moleculer from 'moleculer';
|
|
3
|
+
|
|
3
4
|
const {
|
|
4
|
-
Service,
|
|
5
5
|
Errors: { MoleculerError },
|
|
6
6
|
} = moleculer;
|
|
7
7
|
|
|
@@ -10,14 +10,13 @@ export const unsafeAddPreflightMixin = (serviceSchema) => {
|
|
|
10
10
|
([, actionSpecification]) => actionSpecification?.preflight
|
|
11
11
|
);
|
|
12
12
|
|
|
13
|
-
const preflightActions = actionsWithPreflight.map(([actionName, { params, preflight } = {}]) =>
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
);
|
|
13
|
+
const preflightActions = actionsWithPreflight.map(([actionName, { params, preflight } = {}]) => [
|
|
14
|
+
`${actionName}-preflight`,
|
|
15
|
+
{
|
|
16
|
+
handler: preflight instanceof Function ? preflight : preflight.handler,
|
|
17
|
+
...(params ? { params } : {}),
|
|
18
|
+
},
|
|
19
|
+
]);
|
|
21
20
|
|
|
22
21
|
const schema = cloneDeep(serviceSchema);
|
|
23
22
|
|
|
@@ -28,20 +27,20 @@ export const unsafeAddPreflightMixin = (serviceSchema) => {
|
|
|
28
27
|
...(serviceSchema.mixins || []),
|
|
29
28
|
{
|
|
30
29
|
actions: Object.fromEntries(preflightActions),
|
|
31
|
-
}
|
|
30
|
+
},
|
|
32
31
|
];
|
|
33
32
|
|
|
34
33
|
return schema;
|
|
35
34
|
};
|
|
36
35
|
|
|
37
36
|
export default (serviceSchema) => {
|
|
38
|
-
Object.entries(serviceSchema.actions || {})
|
|
39
|
-
([, actionSpecification]) =>
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
37
|
+
Object.entries(serviceSchema.actions || {})
|
|
38
|
+
.filter(([, actionSpecification]) => actionSpecification?.rest && actionSpecification.rest?.authorization !== false)
|
|
39
|
+
.forEach(([actionName, actionSpecification]) => {
|
|
40
|
+
if (!(actionSpecification?.preflight instanceof Function || actionSpecification?.preflight?.handler)) {
|
|
41
|
+
throw new MoleculerError('missing preflight handler', 500, 'MISSING_PREFLIGHT', { actionName });
|
|
42
|
+
}
|
|
43
|
+
});
|
|
45
44
|
|
|
46
45
|
return unsafeAddPreflightMixin(serviceSchema);
|
|
47
|
-
};
|
|
46
|
+
};
|
package/src/is-authorized.js
CHANGED
|
@@ -1,6 +1,62 @@
|
|
|
1
|
-
const
|
|
2
|
-
(Array.isArray(something) ? something : [something]).flat(Infinity).filter((response) => response !== undefined);
|
|
1
|
+
const removeUnanswered = (authzAnswers) => authzAnswers.filter((answer) => answer !== undefined);
|
|
3
2
|
|
|
4
|
-
const
|
|
3
|
+
const reduceAnswers = (answers, reducer) =>
|
|
4
|
+
answers.length
|
|
5
|
+
? answers.reduce(
|
|
6
|
+
([authorizationStatus, authorizationsCount], answer) =>
|
|
7
|
+
reducer(answer, authorizationStatus, authorizationsCount),
|
|
8
|
+
[true, 0]
|
|
9
|
+
)
|
|
10
|
+
: [false, 0];
|
|
5
11
|
|
|
6
|
-
|
|
12
|
+
const onMultipleAuthorizations =
|
|
13
|
+
(handle) =>
|
|
14
|
+
([answersAuthorization, authorizationsCount]) => {
|
|
15
|
+
if (authorizationsCount > 1) {
|
|
16
|
+
handle(authorizationsCount);
|
|
17
|
+
}
|
|
18
|
+
return answersAuthorization;
|
|
19
|
+
};
|
|
20
|
+
|
|
21
|
+
const processAndCountManyAnswers = (warn) => {
|
|
22
|
+
const warnOnMultipleAuthorizations = onMultipleAuthorizations((authorizationsCount) =>
|
|
23
|
+
warn(`multiple answers to the same authorization request (${authorizationsCount})`)
|
|
24
|
+
);
|
|
25
|
+
return (answers, authorizationStatus) => {
|
|
26
|
+
const newRequestIsAuthorized = warnOnMultipleAuthorizations(
|
|
27
|
+
reduceAnswers(removeUnanswered(answers), processAndCountAnswer(warn))
|
|
28
|
+
);
|
|
29
|
+
return authorizationStatus && newRequestIsAuthorized;
|
|
30
|
+
};
|
|
31
|
+
};
|
|
32
|
+
|
|
33
|
+
const processAndCountAnswer = (warn) => {
|
|
34
|
+
const doAnswersAuthorize = processAndCountManyAnswers(warn);
|
|
35
|
+
return function (answer, authorizationStatus = true, authorizationsCount = 0) {
|
|
36
|
+
switch (Object.prototype.toString.call(answer)) {
|
|
37
|
+
case '[object Boolean]':
|
|
38
|
+
return [authorizationStatus && answer, authorizationsCount + 1];
|
|
39
|
+
case '[object Array]':
|
|
40
|
+
// A new array means a new authorization request with its own
|
|
41
|
+
// answers count that does not reflect on the current one
|
|
42
|
+
return [doAnswersAuthorize(answer, authorizationStatus), authorizationsCount];
|
|
43
|
+
case '[object Undefined]':
|
|
44
|
+
return [false, authorizationsCount];
|
|
45
|
+
default:
|
|
46
|
+
warn(`odd authorization answer (${answer})`);
|
|
47
|
+
return [false, authorizationsCount];
|
|
48
|
+
}
|
|
49
|
+
};
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
export default (logger) => {
|
|
53
|
+
try {
|
|
54
|
+
const doesAnswerAuthorizeAndWarn = processAndCountAnswer(logger.warn.bind(logger));
|
|
55
|
+
return function (answer) {
|
|
56
|
+
const [authorize] = doesAnswerAuthorizeAndWarn(answer);
|
|
57
|
+
return authorize;
|
|
58
|
+
};
|
|
59
|
+
} catch (e) {
|
|
60
|
+
throw new Error(`logger.warn must be a function`);
|
|
61
|
+
}
|
|
62
|
+
};
|