@restorecommerce/acs-client 3.0.22 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -0
- package/lib/acs/authz.d.ts +4 -4
- package/lib/acs/authz.d.ts.map +1 -1
- package/lib/acs/authz.js +77 -108
- package/lib/acs/authz.js.map +1 -1
- package/lib/acs/cache.d.ts.map +1 -1
- package/lib/acs/cache.js +31 -65
- package/lib/acs/cache.js.map +1 -1
- package/lib/acs/decorators.d.ts +3 -3
- package/lib/acs/decorators.d.ts.map +1 -1
- package/lib/acs/decorators.js +39 -51
- package/lib/acs/decorators.js.map +1 -1
- package/lib/acs/errors.js +3 -9
- package/lib/acs/errors.js.map +1 -1
- package/lib/acs/interfaces.d.ts +10 -10
- package/lib/acs/interfaces.d.ts.map +1 -1
- package/lib/acs/interfaces.js +9 -18
- package/lib/acs/interfaces.js.map +1 -1
- package/lib/acs/middleware.js +3 -7
- package/lib/acs/middleware.js.map +1 -1
- package/lib/acs/resolver.d.ts +5 -5
- package/lib/acs/resolver.d.ts.map +1 -1
- package/lib/acs/resolver.js +75 -85
- package/lib/acs/resolver.js.map +1 -1
- package/lib/config.js +5 -9
- package/lib/config.js.map +1 -1
- package/lib/index.d.ts +9 -9
- package/lib/index.d.ts.map +1 -1
- package/lib/index.js +9 -25
- package/lib/index.js.map +1 -1
- package/lib/logger.js +7 -11
- package/lib/logger.js.map +1 -1
- package/lib/tsconfig.tsbuildinfo +1 -1
- package/lib/utils.d.ts +4 -4
- package/lib/utils.d.ts.map +1 -1
- package/lib/utils.js +82 -94
- package/lib/utils.js.map +1 -1
- package/package.json +10 -9
package/lib/acs/interfaces.js
CHANGED
|
@@ -1,18 +1,9 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
Object.defineProperty(exports, "PolicyRQ", { enumerable: true, get: function () { return policy_1.PolicyRQ; } });
|
|
8
|
-
const rule_1 = require("@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/rule");
|
|
9
|
-
Object.defineProperty(exports, "RuleRQ", { enumerable: true, get: function () { return rule_1.RuleRQ; } });
|
|
10
|
-
Object.defineProperty(exports, "AttributeTarget", { enumerable: true, get: function () { return rule_1.Target; } });
|
|
11
|
-
const access_control_1 = require("@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control");
|
|
12
|
-
Object.defineProperty(exports, "Decision", { enumerable: true, get: function () { return access_control_1.Response_Decision; } });
|
|
13
|
-
Object.defineProperty(exports, "Context", { enumerable: true, get: function () { return access_control_1.Context; } });
|
|
14
|
-
Object.defineProperty(exports, "ACSResponse", { enumerable: true, get: function () { return access_control_1.Response; } });
|
|
15
|
-
var AuthZAction;
|
|
1
|
+
import { PolicySetRQ, } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/policy_set.js';
|
|
2
|
+
import { PolicyRQ, } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/policy.js';
|
|
3
|
+
import { RuleRQ, Target as AttributeTarget, } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/rule.js';
|
|
4
|
+
import { Response_Decision as Decision, Context, Response, } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control.js';
|
|
5
|
+
export { Decision, Context, RuleRQ, PolicyRQ, PolicySetRQ, Response as ACSResponse, AttributeTarget, };
|
|
6
|
+
export var AuthZAction;
|
|
16
7
|
(function (AuthZAction) {
|
|
17
8
|
AuthZAction["CREATE"] = "CREATE";
|
|
18
9
|
AuthZAction["READ"] = "READ";
|
|
@@ -21,11 +12,11 @@ var AuthZAction;
|
|
|
21
12
|
AuthZAction["EXECUTE"] = "EXECUTE";
|
|
22
13
|
AuthZAction["DROP"] = "DROP";
|
|
23
14
|
AuthZAction["ALL"] = "*";
|
|
24
|
-
})(AuthZAction || (
|
|
25
|
-
var Operation;
|
|
15
|
+
})(AuthZAction || (AuthZAction = {}));
|
|
16
|
+
export var Operation;
|
|
26
17
|
(function (Operation) {
|
|
27
18
|
Operation["isAllowed"] = "isAllowed";
|
|
28
19
|
Operation["whatIsAllowed"] = "whatIsAllowed";
|
|
29
|
-
})(Operation || (
|
|
20
|
+
})(Operation || (Operation = {}));
|
|
30
21
|
;
|
|
31
22
|
//# sourceMappingURL=interfaces.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../src/acs/interfaces.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../src/acs/interfaces.ts"],"names":[],"mappings":"AAaA,OAAO,EACL,WAAW,GACZ,MAAM,yFAAyF,CAAC;AACjG,OAAO,EACL,QAAQ,GACT,MAAM,qFAAqF,CAAC;AAC7F,OAAO,EACL,MAAM,EACN,MAAM,IAAI,eAAe,GAC1B,MAAM,mFAAmF,CAAC;AAC3F,OAAO,EACL,iBAAiB,IAAI,QAAQ,EAC7B,OAAO,EACP,QAAQ,GACT,MAAM,6FAA6F,CAAC;AAErG,OAAO,EACL,QAAQ,EACR,OAAO,EACP,MAAM,EACN,QAAQ,EACR,WAAW,EACX,QAAQ,IAAI,WAAW,EACvB,eAAe,GAChB,CAAC;AAEF,MAAM,CAAN,IAAY,WAQX;AARD,WAAY,WAAW;IACrB,gCAAiB,CAAA;IACjB,4BAAa,CAAA;IACb,gCAAiB,CAAA;IACjB,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,4BAAa,CAAA;IACb,wBAAS,CAAA;AACX,CAAC,EARW,WAAW,KAAX,WAAW,QAQtB;AAED,MAAM,CAAN,IAAY,SAGX;AAHD,WAAY,SAAS;IACnB,oCAAuB,CAAA;IACvB,4CAA+B,CAAA;AACjC,CAAC,EAHW,SAAS,KAAT,SAAS,QAGpB;AA0BA,CAAC"}
|
package/lib/acs/middleware.js
CHANGED
|
@@ -1,15 +1,11 @@
|
|
|
1
|
-
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.acsClientMiddleware = void 0;
|
|
4
|
-
const authz_1 = require("./authz");
|
|
1
|
+
import { initAuthZ } from './authz.js';
|
|
5
2
|
/**
|
|
6
3
|
* Koa middleware using the BMSLSA implementation for `iam-authn`.
|
|
7
4
|
*/
|
|
8
|
-
const acsClientMiddleware = (config) => {
|
|
5
|
+
export const acsClientMiddleware = (config) => {
|
|
9
6
|
return async (ctx, next) => {
|
|
10
|
-
ctx.authZ =
|
|
7
|
+
ctx.authZ = initAuthZ(config);
|
|
11
8
|
await next();
|
|
12
9
|
};
|
|
13
10
|
};
|
|
14
|
-
exports.acsClientMiddleware = acsClientMiddleware;
|
|
15
11
|
//# sourceMappingURL=middleware.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/acs/middleware.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/acs/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,MAAY,EAAE,EAAE;IAClD,OAAO,KAAK,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;QACnC,GAAG,CAAC,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9B,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
package/lib/acs/resolver.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import { Subject, DeepPartial } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth';
|
|
2
|
-
import { Request } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control';
|
|
3
|
-
import { FilterOp } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/resource_base';
|
|
4
|
-
import { ACSAuthZ } from './authz';
|
|
5
|
-
import { ACSClientContext, DecisionResponse, PolicySetRQResponse, ACSResource, AuthZAction, ACSClientOptions } from './interfaces';
|
|
1
|
+
import { Subject, DeepPartial } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth.js';
|
|
2
|
+
import { Request } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control.js';
|
|
3
|
+
import { FilterOp } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/resource_base.js';
|
|
4
|
+
import { ACSAuthZ } from './authz.js';
|
|
5
|
+
import { ACSClientContext, DecisionResponse, PolicySetRQResponse, ACSResource, AuthZAction, ACSClientOptions } from './interfaces.js';
|
|
6
6
|
export declare const isAllowedRequest: (subject: Subject, resources: ACSResource[], actions: AuthZAction, ctx: ACSClientContext, useCache: boolean) => Promise<DecisionResponse>;
|
|
7
7
|
/**
|
|
8
8
|
* It turns an API request as can be found in typical Web frameworks like express, koa etc.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../../src/acs/resolver.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,OAAO,EACP,WAAW,EACZ,MAAM,
|
|
1
|
+
{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../../src/acs/resolver.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,OAAO,EACP,WAAW,EACZ,MAAM,mFAAmF,CAAC;AAC3F,OAAO,EACL,OAAO,EAER,MAAM,6FAA6F,CAAC;AACrG,OAAO,EACL,QAAQ,EACT,MAAM,4FAA4F,CAAC;AACpG,OAAO,EACL,QAAQ,EAGT,MAAM,YAAY,CAAC;AACpB,OAAO,EAEL,gBAAgB,EAEhB,gBAAgB,EAChB,mBAAmB,EAEnB,WAAW,EACX,WAAW,EACX,gBAAgB,EACjB,MAAM,iBAAiB,CAAC;AAkCzB,eAAO,MAAM,gBAAgB,YAAmB,OAAO,aAC1C,WAAW,EAAE,WAAW,WAAW,OAAO,gBAAgB,YAAY,OAAO,KAAG,OAAO,CAAC,gBAAgB,CAsBpH,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,aAAa,YACf,WAAW,CAAC,OAAO,CAAC,YACnB,WAAW,EAAE,UACf,WAAW,OACd,gBAAgB,YACX,gBAAgB,KACzB,OAAO,CAAC,gBAAgB,GAAG,mBAAmB,CA0MhD,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,SAAS,YAAmB,OAAO,SAAS,QAAQ,KAAG,OAAO,CAAC,gBAAgB,CAe3F,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,aAAa,YAAmB,OAAO,SAAS,QAAQ,KAAG,OAAO,CAAC,mBAAmB,CAkBlG,CAAC;AAEF,MAAM,WAAW,MAAM;IACrB,OAAO,CAAC,EAAE,aAAa,EAAE,CAAC;IAC1B,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,KAAK,CAAC,EAAE,UAAU,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC;IACrB,KAAK,CAAC,EAAE,GAAG,CAAC;IACZ,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,MAAM,CAAC,EAAE,GAAG,CAAC;IACb,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,EAAE,GAAG,CAAC;CACvB;AAED,MAAM,WAAW,kBAAmB,SAAQ,cAAc;IACxD,SAAS,EAAE,WAAW,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB"}
|
package/lib/acs/resolver.js
CHANGED
|
@@ -1,21 +1,15 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
};
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
const utils_1 = require("../utils");
|
|
8
|
-
const access_control_1 = require("@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control");
|
|
9
|
-
const authz_1 = require("./authz");
|
|
10
|
-
const interfaces_1 = require("./interfaces");
|
|
11
|
-
const logger_1 = __importDefault(require("../logger"));
|
|
12
|
-
const config_1 = require("../config");
|
|
1
|
+
import { _, generateOperationStatus, createResourceFilterMap, mapResourceURNObligationProperties, } from '../utils.js';
|
|
2
|
+
import { Response_Decision, } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control.js';
|
|
3
|
+
import { authZ, unauthZ, } from './authz.js';
|
|
4
|
+
import { Operation, } from './interfaces.js';
|
|
5
|
+
import logger from '../logger.js';
|
|
6
|
+
import { errors, cfg } from '../config.js';
|
|
13
7
|
const subjectIsUnauthenticated = (subject) => {
|
|
14
8
|
return subject?.unauthenticated === true;
|
|
15
9
|
};
|
|
16
10
|
const whatIsAllowedRequest = async (subject, resources, actions, ctx, useCache) => {
|
|
17
11
|
if (subjectIsUnauthenticated(subject)) {
|
|
18
|
-
return await
|
|
12
|
+
return await unauthZ.whatIsAllowed({
|
|
19
13
|
target: {
|
|
20
14
|
subjects: subject, resources, actions
|
|
21
15
|
},
|
|
@@ -25,7 +19,7 @@ const whatIsAllowedRequest = async (subject, resources, actions, ctx, useCache)
|
|
|
25
19
|
}, ctx, useCache);
|
|
26
20
|
}
|
|
27
21
|
else {
|
|
28
|
-
return await
|
|
22
|
+
return await authZ.whatIsAllowed({
|
|
29
23
|
context: {
|
|
30
24
|
security: {}
|
|
31
25
|
},
|
|
@@ -37,9 +31,9 @@ const whatIsAllowedRequest = async (subject, resources, actions, ctx, useCache)
|
|
|
37
31
|
}, ctx, useCache);
|
|
38
32
|
}
|
|
39
33
|
};
|
|
40
|
-
const isAllowedRequest = async (subject, resources, actions, ctx, useCache) => {
|
|
34
|
+
export const isAllowedRequest = async (subject, resources, actions, ctx, useCache) => {
|
|
41
35
|
if (subjectIsUnauthenticated(subject)) {
|
|
42
|
-
return await
|
|
36
|
+
return await unauthZ.isAllowed({
|
|
43
37
|
target: {
|
|
44
38
|
subjects: subject, resources, actions
|
|
45
39
|
},
|
|
@@ -49,7 +43,7 @@ const isAllowedRequest = async (subject, resources, actions, ctx, useCache) => {
|
|
|
49
43
|
}, ctx, useCache);
|
|
50
44
|
}
|
|
51
45
|
else {
|
|
52
|
-
return await
|
|
46
|
+
return await authZ.isAllowed({
|
|
53
47
|
context: {
|
|
54
48
|
security: {}
|
|
55
49
|
},
|
|
@@ -61,7 +55,6 @@ const isAllowedRequest = async (subject, resources, actions, ctx, useCache) => {
|
|
|
61
55
|
}, ctx, useCache);
|
|
62
56
|
}
|
|
63
57
|
};
|
|
64
|
-
exports.isAllowedRequest = isAllowedRequest;
|
|
65
58
|
/**
|
|
66
59
|
* It turns an API request as can be found in typical Web frameworks like express, koa etc.
|
|
67
60
|
* into a proper ACS request. For `whatIsAllowed` operation it returns the filters
|
|
@@ -80,66 +73,66 @@ exports.isAllowedRequest = isAllowedRequest;
|
|
|
80
73
|
* is not used and ACS request is made to `access-control-srv`
|
|
81
74
|
* @returns {DecisionResponse | PolicySetRQResponse}
|
|
82
75
|
*/
|
|
83
|
-
const accessRequest = async (subject, resource, action, ctx, options) => {
|
|
84
|
-
if (
|
|
76
|
+
export const accessRequest = async (subject, resource, action, ctx, options) => {
|
|
77
|
+
if (_.isEmpty(subject) || !subject.token) {
|
|
85
78
|
// check if unauthenticated user is configured in config.json
|
|
86
|
-
subject =
|
|
79
|
+
subject = cfg.get('authorization:users:unauthenticated_user')
|
|
87
80
|
// fallback to old configs
|
|
88
|
-
??
|
|
81
|
+
?? cfg.get('authorization:unauthenticated_user')
|
|
89
82
|
// when subject is not passed (if auth header is not set)
|
|
90
83
|
?? { unauthenticated: true };
|
|
91
84
|
}
|
|
92
|
-
const subClone =
|
|
85
|
+
const subClone = _.cloneDeep(subject);
|
|
93
86
|
// by default if the config for authorization enabling and enforcement is missing
|
|
94
87
|
// enable it by default (true)
|
|
95
|
-
const authzEnabled =
|
|
96
|
-
const authzEnforced =
|
|
88
|
+
const authzEnabled = cfg.get('authorization:enabled') ?? true;
|
|
89
|
+
const authzEnforced = cfg.get('authorization:enforce') ?? true;
|
|
97
90
|
// if authorization is disabled
|
|
98
91
|
if (!authzEnabled) {
|
|
99
92
|
return {
|
|
100
|
-
decision:
|
|
101
|
-
operation_status:
|
|
93
|
+
decision: Response_Decision.PERMIT,
|
|
94
|
+
operation_status: generateOperationStatus(200, 'success')
|
|
102
95
|
};
|
|
103
96
|
}
|
|
104
|
-
if (
|
|
97
|
+
if (_.isEmpty(subject)) {
|
|
105
98
|
return {
|
|
106
|
-
decision:
|
|
107
|
-
operation_status:
|
|
99
|
+
decision: Response_Decision.DENY,
|
|
100
|
+
operation_status: generateOperationStatus(errors.USER_NOT_LOGGED_IN.code, errors.USER_NOT_LOGGED_IN.message)
|
|
108
101
|
};
|
|
109
102
|
}
|
|
110
103
|
// resolve userID by token
|
|
111
104
|
const subjectID = subject?.id;
|
|
112
105
|
const targetScope = subject?.scope;
|
|
113
106
|
const targetScopeMessage = targetScope ? `, target_scope:${targetScope};` : ';';
|
|
114
|
-
if (resource && !
|
|
107
|
+
if (resource && !_.isArray(resource)) {
|
|
115
108
|
resource = [resource];
|
|
116
109
|
}
|
|
117
110
|
const resourceName = resource?.map(r => r.resource).join(',');
|
|
118
|
-
if (
|
|
111
|
+
if (_.isEmpty(resource)) {
|
|
119
112
|
const msg = [
|
|
120
113
|
`Access not allowed for request with`,
|
|
121
114
|
`subject:${subjectID}, resource:${resourceName}, action:${action}${targetScopeMessage}`,
|
|
122
|
-
`the response was ${
|
|
115
|
+
`the response was ${Response_Decision.INDETERMINATE}`,
|
|
123
116
|
].join(' ');
|
|
124
117
|
const details = 'Entity missing';
|
|
125
|
-
|
|
126
|
-
|
|
118
|
+
logger?.verbose(msg);
|
|
119
|
+
logger?.verbose('Details:', { details });
|
|
127
120
|
return {
|
|
128
|
-
decision:
|
|
129
|
-
operation_status:
|
|
121
|
+
decision: Response_Decision.DENY,
|
|
122
|
+
operation_status: generateOperationStatus(Number(errors.ACTION_NOT_ALLOWED.code), msg)
|
|
130
123
|
};
|
|
131
124
|
}
|
|
132
125
|
// default ACS operation is isAllowed
|
|
133
|
-
const operation = options?.operation ? options.operation :
|
|
126
|
+
const operation = options?.operation ? options.operation : Operation.isAllowed;
|
|
134
127
|
// default database is arangoDB
|
|
135
128
|
const database = options?.database ? options.database : 'arangoDB';
|
|
136
129
|
const useCache = options?.useCache ? options.useCache : true;
|
|
137
130
|
// ctx.resources
|
|
138
|
-
if (ctx.resources && !
|
|
131
|
+
if (ctx.resources && !_.isArray(ctx.resources)) {
|
|
139
132
|
ctx.resources = [ctx.resources];
|
|
140
133
|
}
|
|
141
134
|
// whatIsAllowed Operation
|
|
142
|
-
if (operation ===
|
|
135
|
+
if (operation === Operation.whatIsAllowed) {
|
|
143
136
|
let policySetResponse;
|
|
144
137
|
try {
|
|
145
138
|
// retrieving set of applicable policies/rules from ACS
|
|
@@ -147,33 +140,33 @@ const accessRequest = async (subject, resource, action, ctx, options) => {
|
|
|
147
140
|
policySetResponse = await whatIsAllowedRequest(subClone, resource, action, ctx, useCache);
|
|
148
141
|
}
|
|
149
142
|
catch (err) {
|
|
150
|
-
|
|
143
|
+
logger?.error('Error calling whatIsAllowed operation', {
|
|
151
144
|
code: err.code,
|
|
152
145
|
message: err.message,
|
|
153
146
|
stack: err.stack,
|
|
154
147
|
});
|
|
155
148
|
return {
|
|
156
|
-
decision:
|
|
157
|
-
operation_status:
|
|
149
|
+
decision: Response_Decision.DENY,
|
|
150
|
+
operation_status: generateOperationStatus(err.code, err.message)
|
|
158
151
|
};
|
|
159
152
|
}
|
|
160
153
|
// handle case if policySet is empty
|
|
161
|
-
if (authzEnforced && (!policySetResponse ||
|
|
154
|
+
if (authzEnforced && (!policySetResponse || _.isEmpty(policySetResponse.policy_sets))) {
|
|
162
155
|
const msg = [
|
|
163
156
|
`Access not allowed for request with subject:${subjectID},`,
|
|
164
157
|
`resource:${resourceName}, action:${action}${targetScopeMessage}`,
|
|
165
158
|
'the response was INDETERMINATE'
|
|
166
159
|
].join(' ');
|
|
167
160
|
const details = 'no matching policy/rule could be found';
|
|
168
|
-
|
|
169
|
-
|
|
161
|
+
logger?.verbose(msg);
|
|
162
|
+
logger?.verbose('Details:', { details });
|
|
170
163
|
return {
|
|
171
|
-
decision:
|
|
172
|
-
operation_status:
|
|
164
|
+
decision: Response_Decision.DENY,
|
|
165
|
+
operation_status: generateOperationStatus(Number(errors.ACTION_NOT_ALLOWED.code), msg)
|
|
173
166
|
};
|
|
174
167
|
}
|
|
175
|
-
if (!authzEnforced && (!policySetResponse ||
|
|
176
|
-
|
|
168
|
+
if (!authzEnforced && (!policySetResponse || _.isEmpty(policySetResponse.policy_sets))) {
|
|
169
|
+
logger?.verbose([
|
|
177
170
|
`The Access response was INDETERMIATE for a request with subject:${subjectID},`,
|
|
178
171
|
`resource:${resourceName}, action:${action}${targetScopeMessage}`,
|
|
179
172
|
`as no matching policy/rule could be found, but since ACS enforcement`,
|
|
@@ -182,68 +175,67 @@ const accessRequest = async (subject, resource, action, ctx, options) => {
|
|
|
182
175
|
}
|
|
183
176
|
// create filters to enforce applicable policies and custom query / args if applicable
|
|
184
177
|
// TODO check and modify this
|
|
185
|
-
const resourceFilters = await
|
|
178
|
+
const resourceFilters = await createResourceFilterMap(resource, policySetResponse, ctx.resources, action, subClone, subjectID, authzEnforced, targetScope, database);
|
|
186
179
|
if (resourceFilters.decision) {
|
|
187
180
|
return resourceFilters;
|
|
188
181
|
}
|
|
189
182
|
policySetResponse.filters = resourceFilters.resourceFilterMap;
|
|
190
183
|
policySetResponse.custom_query_args = resourceFilters.customQueryArgs;
|
|
191
|
-
policySetResponse.decision =
|
|
192
|
-
policySetResponse.operation_status =
|
|
184
|
+
policySetResponse.decision = Response_Decision.PERMIT; // Adding Permit to read response (since we no longer throw errors)
|
|
185
|
+
policySetResponse.operation_status = generateOperationStatus(200, 'success');
|
|
193
186
|
return policySetResponse;
|
|
194
187
|
}
|
|
195
188
|
// default deny
|
|
196
|
-
let decisionResponse = { decision:
|
|
189
|
+
let decisionResponse = { decision: Response_Decision.DENY, operation_status: { code: 0, message: '' } };
|
|
197
190
|
// isAllowed operation
|
|
198
|
-
if (operation ===
|
|
191
|
+
if (operation === Operation.isAllowed) {
|
|
199
192
|
// authorization
|
|
200
193
|
try {
|
|
201
|
-
decisionResponse = await
|
|
194
|
+
decisionResponse = await isAllowedRequest(subClone, resource, action, ctx, useCache);
|
|
202
195
|
}
|
|
203
196
|
catch (err) {
|
|
204
|
-
|
|
205
|
-
return { decision:
|
|
197
|
+
logger?.error('Error calling isAllowed operation', { code: err.code, message: err.message, stack: err.stack });
|
|
198
|
+
return { decision: Response_Decision.DENY, operation_status: generateOperationStatus(err.code, err.message) };
|
|
206
199
|
}
|
|
207
|
-
if (authzEnforced && decisionResponse && decisionResponse.decision !=
|
|
200
|
+
if (authzEnforced && decisionResponse && decisionResponse.decision != Response_Decision.PERMIT) {
|
|
208
201
|
let details = '';
|
|
209
|
-
if (decisionResponse.decision ===
|
|
202
|
+
if (decisionResponse.decision === Response_Decision.INDETERMINATE) {
|
|
210
203
|
details = 'No matching policy / rule was found';
|
|
211
204
|
}
|
|
212
|
-
else if (decisionResponse.decision ===
|
|
205
|
+
else if (decisionResponse.decision === Response_Decision.DENY) {
|
|
213
206
|
details = `Subject:${subjectID} does not have access to requested target scope ${targetScope}`;
|
|
214
207
|
}
|
|
215
208
|
const msg = [
|
|
216
209
|
`Access not allowed for request with subject:${subjectID},`,
|
|
217
210
|
`resource:${resourceName}, action:${action}${targetScopeMessage}`,
|
|
218
|
-
`the response was ${
|
|
211
|
+
`the response was ${Response_Decision[decisionResponse.decision]}`,
|
|
219
212
|
].join(' ');
|
|
220
|
-
|
|
221
|
-
|
|
213
|
+
logger?.verbose(msg);
|
|
214
|
+
logger?.verbose('Details:', { details });
|
|
222
215
|
return {
|
|
223
|
-
decision:
|
|
224
|
-
operation_status:
|
|
216
|
+
decision: Response_Decision.DENY,
|
|
217
|
+
operation_status: generateOperationStatus(Number(errors.ACTION_NOT_ALLOWED.code), msg)
|
|
225
218
|
};
|
|
226
219
|
}
|
|
227
220
|
}
|
|
228
|
-
if (!authzEnforced && decisionResponse && decisionResponse.decision !=
|
|
221
|
+
if (!authzEnforced && decisionResponse && decisionResponse.decision != Response_Decision.PERMIT) {
|
|
229
222
|
let details = '';
|
|
230
|
-
if (decisionResponse.decision ===
|
|
223
|
+
if (decisionResponse.decision === Response_Decision.INDETERMINATE) {
|
|
231
224
|
details = 'No matching policy / rule was found';
|
|
232
225
|
}
|
|
233
|
-
else if (decisionResponse.decision ===
|
|
226
|
+
else if (decisionResponse.decision === Response_Decision.DENY) {
|
|
234
227
|
details = `Subject:${subjectID} does not have access to requested target scope ${targetScope}`;
|
|
235
228
|
}
|
|
236
|
-
|
|
229
|
+
logger?.verbose([
|
|
237
230
|
`Access not allowed for request with subject:${subjectID},`,
|
|
238
231
|
`resource:${resourceName}, action:${action}${targetScopeMessage}`,
|
|
239
|
-
`the response was ${
|
|
232
|
+
`the response was ${Response_Decision[decisionResponse.decision]}`,
|
|
240
233
|
].join(' '));
|
|
241
|
-
|
|
242
|
-
decisionResponse.decision =
|
|
234
|
+
logger?.verbose(`${details}, Overriding the ACS result as ACS enforce config is disabled`);
|
|
235
|
+
decisionResponse.decision = Response_Decision.PERMIT;
|
|
243
236
|
}
|
|
244
237
|
return decisionResponse;
|
|
245
238
|
};
|
|
246
|
-
exports.accessRequest = accessRequest;
|
|
247
239
|
/**
|
|
248
240
|
* Exposes the isAllowed() api of `access-control-srv` and retruns the response
|
|
249
241
|
* as `Decision`.
|
|
@@ -251,23 +243,22 @@ exports.accessRequest = accessRequest;
|
|
|
251
243
|
* @param {ACSContext} ctx Context Object containing requester's subject information
|
|
252
244
|
* @return {Decision} PERMIT or DENY or INDETERMINATE
|
|
253
245
|
*/
|
|
254
|
-
const isAllowed = async (request, authZ) => {
|
|
246
|
+
export const isAllowed = async (request, authZ) => {
|
|
255
247
|
let response;
|
|
256
248
|
try {
|
|
257
249
|
const isAllowedResponse = await authZ.acs.isAllowed(request);
|
|
258
250
|
response = {
|
|
259
251
|
decision: isAllowedResponse.decision,
|
|
260
|
-
obligations:
|
|
252
|
+
obligations: mapResourceURNObligationProperties(isAllowedResponse.obligations),
|
|
261
253
|
operation_status: isAllowedResponse.operation_status
|
|
262
254
|
};
|
|
263
255
|
}
|
|
264
256
|
catch (err) {
|
|
265
|
-
|
|
266
|
-
return { decision:
|
|
257
|
+
logger?.error('Error invoking acs-srv isAllowed method', { code: err.code, message: err.message, stack: err.stack });
|
|
258
|
+
return { decision: Response_Decision.DENY, operation_status: generateOperationStatus(err.code, err.message) };
|
|
267
259
|
}
|
|
268
260
|
return response;
|
|
269
261
|
};
|
|
270
|
-
exports.isAllowed = isAllowed;
|
|
271
262
|
/**
|
|
272
263
|
* Exposes the whatIsAllowed() api of `access-control-srv` and retruns the response
|
|
273
264
|
* a policy set reverse query `PolicySetRQ`
|
|
@@ -275,24 +266,23 @@ exports.isAllowed = isAllowed;
|
|
|
275
266
|
* @param {ACSContext} ctx Context Object containing requester's subject information
|
|
276
267
|
* @return {PolicySetRQ} set of applicable policies and rules for the input request
|
|
277
268
|
*/
|
|
278
|
-
const whatIsAllowed = async (request, authZ) => {
|
|
269
|
+
export const whatIsAllowed = async (request, authZ) => {
|
|
279
270
|
let response;
|
|
280
271
|
try {
|
|
281
272
|
const whatIsAllowedResponse = await authZ.acs.whatIsAllowed(request);
|
|
282
273
|
response = {
|
|
283
274
|
...whatIsAllowedResponse
|
|
284
275
|
}; // TODO Decision?
|
|
285
|
-
response.obligations =
|
|
276
|
+
response.obligations = mapResourceURNObligationProperties(whatIsAllowedResponse.obligations);
|
|
286
277
|
}
|
|
287
278
|
catch (err) {
|
|
288
|
-
|
|
279
|
+
logger?.error('Error invoking acs-srv whatIsAllowed method', { code: err.code, message: err.message, stack: err.stack });
|
|
289
280
|
return {
|
|
290
|
-
decision:
|
|
281
|
+
decision: Response_Decision.DENY,
|
|
291
282
|
policy_sets: [],
|
|
292
|
-
operation_status:
|
|
283
|
+
operation_status: generateOperationStatus(err.code, err.message)
|
|
293
284
|
};
|
|
294
285
|
}
|
|
295
286
|
return response;
|
|
296
287
|
};
|
|
297
|
-
exports.whatIsAllowed = whatIsAllowed;
|
|
298
288
|
//# sourceMappingURL=resolver.js.map
|
package/lib/acs/resolver.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolver.js","sourceRoot":"","sources":["../../src/acs/resolver.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"resolver.js","sourceRoot":"","sources":["../../src/acs/resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,CAAC,EACD,uBAAuB,EACvB,uBAAuB,EAEvB,kCAAkC,GACnC,MAAM,aAAa,CAAC;AAKrB,OAAO,EAEL,iBAAiB,GAClB,MAAM,6FAA6F,CAAC;AAIrG,OAAO,EAEL,KAAK,EACL,OAAO,GACR,MAAM,YAAY,CAAC;AACpB,OAAO,EAML,SAAS,GAIV,MAAM,iBAAiB,CAAC;AACzB,OAAO,MAAM,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAG3C,MAAM,wBAAwB,GAAG,CAAC,OAAY,EAAqC,EAAE;IACnF,OAAO,OAAO,EAAE,eAAe,KAAK,IAAI,CAAC;AAC3C,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,KAAK,EAAE,OAA6B,EAAE,SAAwB,EACzF,OAAoB,EAAE,GAAqB,EAAE,QAAiB,EAAE,EAAE;IAClE,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,OAAO,MAAM,OAAO,CAAC,aAAa,CAAC;YACjC,MAAM,EAAE;gBACN,QAAQ,EAAG,OAA+B,EAAE,SAAS,EAAE,OAAO;aAC/D;YACD,OAAO,EAAE;gBACP,QAAQ,EAAE,EAAE;aACb;SACF,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpB,CAAC;SAAM,CAAC;QACN,OAAO,MAAM,KAAK,CAAC,aAAa,CAAC;YAC/B,OAAO,EAAE;gBACP,QAAQ,EAAE,EAAE;aACb;YACD,MAAM,EAAE;gBACN,QAAQ,EAAE,OAAkB;gBAC5B,SAAS;gBACT,OAAO;aACR;SACF,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpB,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,EAAE,OAAgB,EACrD,SAAwB,EAAE,OAAoB,EAAE,GAAqB,EAAE,QAAiB,EAA6B,EAAE;IACvH,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,OAAO,MAAM,OAAO,CAAC,SAAS,CAAC;YAC7B,MAAM,EAAE;gBACN,QAAQ,EAAG,OAA+B,EAAE,SAAS,EAAE,OAAO;aAC/D;YACD,OAAO,EAAE;gBACP,QAAQ,EAAE,EAAE;aACb;SACF,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpB,CAAC;SAAM,CAAC;QACN,OAAO,MAAM,KAAK,CAAC,SAAS,CAAC;YAC3B,OAAO,EAAE;gBACP,QAAQ,EAAE,EAAE;aACb;YACD,MAAM,EAAE;gBACN,QAAQ,EAAE,OAAO;gBACjB,SAAS;gBACT,OAAO;aACR;SACF,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpB,CAAC;AACH,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,OAA6B,EAC7B,QAAuB,EACvB,MAAmB,EACnB,GAAqB,EACrB,OAA0B,EACuB,EAAE;IACnD,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAG,CAAC;QAC1C,6DAA6D;QAC7D,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,0CAA0C,CAAC;YAC3D,0BAA0B;eACvB,GAAG,CAAC,GAAG,CAAC,oCAAoC,CAAC;YAChD,yDAAyD;eACtD,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;IACjC,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAEtC,iFAAiF;IACjF,8BAA8B;IAC9B,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,IAAI,CAAC;IAC9D,MAAM,aAAa,GAAG,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,IAAI,CAAC;IAE/D,+BAA+B;IAC/B,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,QAAQ,EAAE,iBAAiB,CAAC,MAAM;YAClC,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,EAAE,SAAS,CAAC;SAC1D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;YAChC,gBAAgB,EAAE,uBAAuB,CACvC,MAAM,CAAC,kBAAkB,CAAC,IAAI,EAC9B,MAAM,CAAC,kBAAkB,CAAC,OAAO,CAClC;SACF,CAAC;IACJ,CAAC;IAED,0BAA0B;IAC1B,MAAM,SAAS,GAAG,OAAO,EAAE,EAAE,CAAC;IAC9B,MAAM,WAAW,GAAG,OAAO,EAAE,KAAK,CAAC;IACnC,MAAM,kBAAkB,GAAG,WAAW,CAAC,CAAC,CAAC,kBAAmB,WAAY,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAClF,IAAI,QAAQ,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,QAAQ,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxB,CAAC;IACD,MAAM,YAAY,GAAG,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE9D,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG;YACV,qCAAqC;YACrC,WAAY,SAAU,cAAe,YAAa,YAAa,MAAO,GAAG,kBAAkB,EAAE;YAC7F,oBAAqB,iBAAiB,CAAC,aAAc,EAAE;SACxD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,MAAM,OAAO,GAAG,gBAAgB,CAAC;QACjC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACrB,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QACzC,OAAO;YACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;YAChC,gBAAgB,EAAE,uBAAuB,CACvC,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EACtC,GAAG,CACJ;SACF,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC;IAC/E,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;IACnE,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7D,gBAAgB;IAChB,IAAI,GAAG,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/C,GAAG,CAAC,SAAS,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IAED,0BAA0B;IAC1B,IAAI,SAAS,KAAK,SAAS,CAAC,aAAa,EAAE,CAAC;QAC1C,IAAI,iBAAsC,CAAC;QAC3C,IAAI,CAAC;YACH,uDAAuD;YACvD,wDAAwD;YACxD,iBAAiB,GAAG,MAAM,oBAAoB,CAC5C,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,GAAG,EACH,QAAQ,CACT,CAAC;QACJ,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,EAAE,KAAK,CACX,uCAAuC,EACvC;gBACE,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,KAAK,EAAE,GAAG,CAAC,KAAK;aACjB,CACF,CAAC;YACF,OAAO;gBACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC;aACjE,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,aAAa,IAAI,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACtF,MAAM,GAAG,GAAG;gBACV,+CAAgD,SAAU,GAAG;gBAC7D,YAAa,YAAa,YAAa,MAAO,GAAG,kBAAkB,EAAE;gBACrE,gCAAgC;aACjC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,MAAM,OAAO,GAAG,wCAAwC,CAAC;YACzD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACrB,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACzC,OAAO;gBACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE,uBAAuB,CACvC,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EACtC,GAAG,CACJ;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,aAAa,IAAI,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACvF,MAAM,EAAE,OAAO,CAAC;gBACd,mEAAoE,SAAU,GAAG;gBACjF,YAAa,YAAa,YAAa,MAAO,GAAG,kBAAkB,EAAE;gBACrE,sEAAsE;gBACtE,8CAA8C;aAC/C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACf,CAAC;QAED,sFAAsF;QACtF,6BAA6B;QAC7B,MAAM,eAAe,GAAG,MAAM,uBAAuB,CACnD,QAAQ,EACR,iBAAiB,EACjB,GAAG,CAAC,SAAS,EACb,MAAM,EACN,QAAQ,EACR,SAAS,EACT,aAAa,EACb,WAAW,EACX,QAAQ,CACT,CAAC;QAEF,IAAK,eAAoC,CAAC,QAAQ,EAAE,CAAC;YACnD,OAAO,eAAmC,CAAC;QAC7C,CAAC;QAED,iBAAiB,CAAC,OAAO,GAAI,eAAqC,CAAC,iBAAiB,CAAC;QACrF,iBAAiB,CAAC,iBAAiB,GAAI,eAAqC,CAAC,eAAe,CAAC;QAC7F,iBAAiB,CAAC,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,mEAAmE;QAC1H,iBAAiB,CAAC,gBAAgB,GAAG,uBAAuB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC7E,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAED,eAAe;IACf,IAAI,gBAAgB,GAAqB,EAAE,QAAQ,EAAE,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,CAAC;IAC1H,sBAAsB;IACtB,IAAI,SAAS,KAAK,SAAS,CAAC,SAAS,EAAE,CAAC;QACtC,gBAAgB;QAChB,IAAI,CAAC;YACH,gBAAgB,GAAG,MAAM,gBAAgB,CAAC,QAAmB,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;QAClG,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,EAAE,KAAK,CAAC,mCAAmC,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/G,OAAO,EAAE,QAAQ,EAAE,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAChH,CAAC;QAED,IAAI,aAAa,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,IAAI,iBAAiB,CAAC,MAAM,EAAE,CAAC;YAC/F,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,gBAAgB,CAAC,QAAQ,KAAK,iBAAiB,CAAC,aAAa,EAAE,CAAC;gBAClE,OAAO,GAAG,qCAAqC,CAAC;YAClD,CAAC;iBAAM,IAAI,gBAAgB,CAAC,QAAQ,KAAK,iBAAiB,CAAC,IAAI,EAAE,CAAC;gBAChE,OAAO,GAAG,WAAW,SAAS,mDAAmD,WAAW,EAAE,CAAC;YACjG,CAAC;YACD,MAAM,GAAG,GAAG;gBACV,+CAAgD,SAAU,GAAG;gBAC7D,YAAa,YAAa,YAAa,MAAO,GAAG,kBAAkB,EAAE;gBACrE,oBAAoB,iBAAiB,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE;aACnE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACZ,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACrB,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACzC,OAAO;gBACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC;aACvF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,CAAC,aAAa,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,IAAI,iBAAiB,CAAC,MAAM,EAAE,CAAC;QAChG,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,gBAAgB,CAAC,QAAQ,KAAK,iBAAiB,CAAC,aAAa,EAAE,CAAC;YAClE,OAAO,GAAG,qCAAqC,CAAC;QAClD,CAAC;aAAM,IAAI,gBAAgB,CAAC,QAAQ,KAAK,iBAAiB,CAAC,IAAI,EAAE,CAAC;YAChE,OAAO,GAAG,WAAY,SAAU,mDAAoD,WAAY,EAAE,CAAC;QACrG,CAAC;QACD,MAAM,EAAE,OAAO,CAAC;YACd,+CAAgD,SAAU,GAAG;YAC7D,YAAa,YAAa,YAAa,MAAO,GAAG,kBAAkB,EAAE;YACrE,oBAAoB,iBAAiB,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE;SACnE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACb,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,+DAA+D,CAAC,CAAC;QAC3F,gBAAgB,CAAC,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC;IACvD,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,EAAE,OAAgB,EAAE,KAAe,EAA6B,EAAE;IAC9F,IAAI,QAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,iBAAiB,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC7D,QAAQ,GAAG;YACT,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;YACpC,WAAW,EAAE,kCAAkC,CAAC,iBAAiB,CAAC,WAAW,CAAC;YAC9E,gBAAgB,EAAE,iBAAiB,CAAC,gBAAgB;SACrD,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,EAAE,KAAK,CAAC,yCAAyC,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QACrH,OAAO,EAAE,QAAQ,EAAE,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;IAChH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,OAAgB,EAAE,KAAe,EAAgC,EAAE;IACrG,IAAI,QAA6B,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,qBAAqB,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACrE,QAAQ,GAAG;YACT,GAAG,qBAAqB;SAClB,CAAC,CAAC,iBAAiB;QAC3B,QAAQ,CAAC,WAAW,GAAG,kCAAkC,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;IAC/F,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,EAAE,KAAK,CAAC,6CAA6C,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QACzH,OAAO;YACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;YAChC,WAAW,EAAE,EAAE;YACf,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC;SACjE,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC"}
|
package/lib/config.js
CHANGED
|
@@ -1,13 +1,9 @@
|
|
|
1
|
-
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.updateConfig = exports.errors = exports.cfg = void 0;
|
|
4
|
-
const service_config_1 = require("@restorecommerce/service-config");
|
|
1
|
+
import { createServiceConfig } from '@restorecommerce/service-config';
|
|
5
2
|
// Export cfg Object
|
|
6
|
-
|
|
3
|
+
export let cfg = createServiceConfig(process.cwd());
|
|
7
4
|
// errors mapped to code and message
|
|
8
|
-
|
|
9
|
-
const updateConfig = (config) => {
|
|
10
|
-
|
|
5
|
+
export const errors = cfg.get('errors');
|
|
6
|
+
export const updateConfig = (config) => {
|
|
7
|
+
cfg = config;
|
|
11
8
|
};
|
|
12
|
-
exports.updateConfig = updateConfig;
|
|
13
9
|
//# sourceMappingURL=config.js.map
|
package/lib/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AACtE,oBAAoB;AACpB,MAAM,CAAC,IAAI,GAAG,GAAQ,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;AACzD,oCAAoC;AACpC,MAAM,CAAC,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAExC,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,MAAW,EAAE,EAAE;IAC1C,GAAG,GAAG,MAAM,CAAC;AACf,CAAC,CAAC"}
|
package/lib/index.d.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
export * from './acs/resolver';
|
|
2
|
-
export * from './acs/authz';
|
|
3
|
-
export * from './config';
|
|
4
|
-
export * from './acs/middleware';
|
|
5
|
-
export * from './acs/interfaces';
|
|
6
|
-
export * from './acs/cache';
|
|
7
|
-
export * from './acs/decorators';
|
|
8
|
-
export * from './utils';
|
|
9
|
-
export * from './acs/errors';
|
|
1
|
+
export * from './acs/resolver.js';
|
|
2
|
+
export * from './acs/authz.js';
|
|
3
|
+
export * from './config.js';
|
|
4
|
+
export * from './acs/middleware.js';
|
|
5
|
+
export * from './acs/interfaces.js';
|
|
6
|
+
export * from './acs/cache.js';
|
|
7
|
+
export * from './acs/decorators.js';
|
|
8
|
+
export * from './utils.js';
|
|
9
|
+
export * from './acs/errors.js';
|
|
10
10
|
//# sourceMappingURL=index.d.ts.map
|
package/lib/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,aAAa,CAAC;AAC5B,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,aAAa,CAAC;AAC5B,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,YAAY,CAAC;AAC3B,cAAc,iBAAiB,CAAC"}
|
package/lib/index.js
CHANGED
|
@@ -1,26 +1,10 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
-
};
|
|
16
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./acs/resolver"), exports);
|
|
18
|
-
__exportStar(require("./acs/authz"), exports);
|
|
19
|
-
__exportStar(require("./config"), exports);
|
|
20
|
-
__exportStar(require("./acs/middleware"), exports);
|
|
21
|
-
__exportStar(require("./acs/interfaces"), exports);
|
|
22
|
-
__exportStar(require("./acs/cache"), exports);
|
|
23
|
-
__exportStar(require("./acs/decorators"), exports);
|
|
24
|
-
__exportStar(require("./utils"), exports);
|
|
25
|
-
__exportStar(require("./acs/errors"), exports);
|
|
1
|
+
export * from './acs/resolver.js';
|
|
2
|
+
export * from './acs/authz.js';
|
|
3
|
+
export * from './config.js';
|
|
4
|
+
export * from './acs/middleware.js';
|
|
5
|
+
export * from './acs/interfaces.js';
|
|
6
|
+
export * from './acs/cache.js';
|
|
7
|
+
export * from './acs/decorators.js';
|
|
8
|
+
export * from './utils.js';
|
|
9
|
+
export * from './acs/errors.js';
|
|
26
10
|
//# sourceMappingURL=index.js.map
|
package/lib/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,aAAa,CAAC;AAC5B,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,YAAY,CAAC;AAC3B,cAAc,iBAAiB,CAAC"}
|