@restorecommerce/acs-client 3.1.0 → 3.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +22 -0
- package/cfg/config.json +10 -17
- package/cfg/config_test.json +49 -0
- package/lib/acs/authz.d.ts +0 -1
- package/lib/acs/authz.d.ts.map +1 -1
- package/lib/acs/authz.js +13 -29
- package/lib/acs/authz.js.map +1 -1
- package/lib/acs/cache.d.ts.map +1 -1
- package/lib/acs/cache.js +1 -1
- package/lib/acs/cache.js.map +1 -1
- package/lib/acs/decorators.d.ts +46 -25
- package/lib/acs/decorators.d.ts.map +1 -1
- package/lib/acs/decorators.js +60 -84
- package/lib/acs/decorators.js.map +1 -1
- package/lib/acs/interfaces.d.ts +3 -15
- package/lib/acs/interfaces.d.ts.map +1 -1
- package/lib/acs/interfaces.js.map +1 -1
- package/lib/acs/middleware.d.ts.map +1 -1
- package/lib/acs/resolver.d.ts.map +1 -1
- package/lib/acs/resolver.js +17 -32
- package/lib/acs/resolver.js.map +1 -1
- package/lib/config.d.ts +50 -1
- package/lib/config.d.ts.map +1 -1
- package/lib/config.js +52 -1
- package/lib/config.js.map +1 -1
- package/lib/tsconfig.tsbuildinfo +1 -1
- package/lib/utils.d.ts +2 -2
- package/lib/utils.d.ts.map +1 -1
- package/lib/utils.js +50 -40
- package/lib/utils.js.map +1 -1
- package/package.json +22 -22
- package/tsconfig.json +4 -1
package/lib/acs/decorators.js
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { Metadata, } from 'nice-grpc';
|
|
2
1
|
import { ServiceConfig } from '@restorecommerce/service-config';
|
|
3
2
|
import { Logger } from '@restorecommerce/logger';
|
|
4
3
|
import { createClient, createChannel, } from '@restorecommerce/grpc-client';
|
|
@@ -6,25 +5,32 @@ import { UserServiceDefinition } from '@restorecommerce/rc-grpc-clients/dist/gen
|
|
|
6
5
|
import { Response_Decision } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control.js';
|
|
7
6
|
import { initAuthZ, } from './authz.js';
|
|
8
7
|
import { initializeCache, } from './cache.js';
|
|
8
|
+
import { AuthZAction, } from './interfaces.js';
|
|
9
9
|
import { accessRequest, } from './resolver.js';
|
|
10
|
-
import { cfg } from '../config.js';
|
|
11
|
-
import { _ } from '../utils.js';
|
|
10
|
+
import { cfg, urns } from '../config.js';
|
|
12
11
|
import { randomUUID } from 'crypto';
|
|
13
12
|
import { Filter_Operation, Filter_ValueType } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/filter.js';
|
|
14
|
-
export const DefaultACSClientContextFactory = async (self, request, context) =>
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
}
|
|
13
|
+
export const DefaultACSClientContextFactory = async (self, request, context) => {
|
|
14
|
+
const ids = request.ids ?? request.items?.map((item) => item.id);
|
|
15
|
+
const resources = await self.get(ids, request.subject, context, true);
|
|
16
|
+
return {
|
|
17
|
+
...context,
|
|
18
|
+
subject: request.subject,
|
|
19
|
+
resources: [
|
|
20
|
+
...resources.items ?? [],
|
|
21
|
+
...request.items ?? [],
|
|
22
|
+
],
|
|
23
|
+
};
|
|
24
|
+
};
|
|
25
|
+
export const DefaultResourceFactory = (...resourceNames) => async (self, request, context) => (resourceNames?.length ? resourceNames : [self.name ?? self.constructor?.name])?.map(resourceName => ({
|
|
26
|
+
resource: resourceName,
|
|
27
|
+
id: request.items?.map((item) => item.id)
|
|
28
|
+
}));
|
|
29
|
+
export const DefaultResourceFactoryInstance = DefaultResourceFactory();
|
|
25
30
|
export const DefaultSubjectResolver = async (self, request, ...args) => {
|
|
26
31
|
const subject = request?.subject;
|
|
27
32
|
if (subject?.id) {
|
|
33
|
+
// we don't trust incoming subject id!
|
|
28
34
|
delete subject.id;
|
|
29
35
|
}
|
|
30
36
|
if (subject?.token) {
|
|
@@ -36,8 +42,7 @@ export const DefaultSubjectResolver = async (self, request, ...args) => {
|
|
|
36
42
|
return request;
|
|
37
43
|
};
|
|
38
44
|
export const DefaultMetaDataInjector = async (self, request, ...args) => {
|
|
39
|
-
const
|
|
40
|
-
const ids = [...new Set(request.items?.map((item) => item.id).filter(id => id) ?? []).values()];
|
|
45
|
+
const ids = Array.from(new Set(request.items?.map((item) => item.id).filter(id => id) ?? []).values());
|
|
41
46
|
const meta_map = ids.length ? await self.read({
|
|
42
47
|
filters: [{
|
|
43
48
|
filters: [{
|
|
@@ -76,18 +81,6 @@ export const DefaultMetaDataInjector = async (self, request, ...args) => {
|
|
|
76
81
|
});
|
|
77
82
|
return request;
|
|
78
83
|
};
|
|
79
|
-
export var ByPass;
|
|
80
|
-
(function (ByPass) {
|
|
81
|
-
ByPass["SUBJECT"] = "SUBJECT";
|
|
82
|
-
ByPass["META"] = "META";
|
|
83
|
-
ByPass["ACS"] = "ACS";
|
|
84
|
-
})(ByPass || (ByPass = {}));
|
|
85
|
-
;
|
|
86
|
-
export function setByPass(...args) {
|
|
87
|
-
return {
|
|
88
|
-
metadata: new Metadata(args.map(arg => ['bypass', arg.toString()]))
|
|
89
|
-
};
|
|
90
|
-
}
|
|
91
84
|
export function access_controlled_service(baseService) {
|
|
92
85
|
return class extends baseService {
|
|
93
86
|
__userService;
|
|
@@ -107,42 +100,38 @@ export function access_controlled_service(baseService) {
|
|
|
107
100
|
};
|
|
108
101
|
}
|
|
109
102
|
export function access_controlled_function(kwargs) {
|
|
110
|
-
return function (target,
|
|
111
|
-
const
|
|
112
|
-
descriptor.value = async function () {
|
|
113
|
-
const that = this;
|
|
114
|
-
const request = arguments[0];
|
|
115
|
-
const context = arguments[1];
|
|
116
|
-
const args = [...arguments].slice(2);
|
|
117
|
-
if (context?.byPassACS) {
|
|
118
|
-
return await method.apply(this, arguments);
|
|
119
|
-
}
|
|
103
|
+
return function (target, context, fallback) {
|
|
104
|
+
const reflection = async function (request, ...args) {
|
|
120
105
|
try {
|
|
121
|
-
if (!
|
|
106
|
+
if (!this.__userService) {
|
|
122
107
|
throw new Error('An @access_controlled_function must be member of an @access_controlled_service class');
|
|
123
108
|
}
|
|
109
|
+
request = kwargs.subject === undefined
|
|
110
|
+
? await DefaultSubjectResolver(this, request, ...args)
|
|
111
|
+
: await kwargs.subject?.(this, request, ...args) ?? request;
|
|
112
|
+
// Read actions should not require Meta from request
|
|
113
|
+
// use null to disable MetaDataInjector
|
|
114
|
+
// however, kwargs.meta can still be undefined!
|
|
115
|
+
if (kwargs.action !== AuthZAction.READ && kwargs.meta !== null) {
|
|
116
|
+
if (kwargs.meta) {
|
|
117
|
+
await kwargs.meta(this, request, ...args);
|
|
118
|
+
}
|
|
119
|
+
else {
|
|
120
|
+
await DefaultMetaDataInjector(this, request, ...args);
|
|
121
|
+
}
|
|
122
|
+
}
|
|
124
123
|
const acsContext = typeof (kwargs.context) === 'function'
|
|
125
124
|
? await kwargs.context(this, request, ...args)
|
|
126
|
-
: kwargs.context;
|
|
125
|
+
: kwargs.context ?? await DefaultACSClientContextFactory(this, request, ...args);
|
|
127
126
|
const resource = typeof (kwargs.resource) === 'function'
|
|
128
127
|
? await kwargs.resource(this, request, ...args)
|
|
129
|
-
: kwargs.resource;
|
|
128
|
+
: kwargs.resource ?? await DefaultResourceFactoryInstance(this, request, ...args);
|
|
130
129
|
const database = typeof (kwargs.database) === 'function'
|
|
131
130
|
? await kwargs.database(this, request, ...args)
|
|
132
|
-
: kwargs.database;
|
|
133
|
-
const
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
}
|
|
137
|
-
if (subject?.token) {
|
|
138
|
-
const user = await that.__userService.findByToken({ token: subject.token });
|
|
139
|
-
if (user?.payload?.id) {
|
|
140
|
-
subject.id = user.payload.id;
|
|
141
|
-
}
|
|
142
|
-
}
|
|
143
|
-
const acsResponse = await accessRequest(subject, resource ?? [], kwargs.action, acsContext, {
|
|
144
|
-
operation: kwargs.operation, database: database ?? that.__acsDatabaseProvider ?? 'arangoDB',
|
|
145
|
-
useCache: kwargs.useCache ?? false
|
|
131
|
+
: kwargs.database ?? this.__acsDatabaseProvider ?? 'arangoDB';
|
|
132
|
+
const acsResponse = await accessRequest(acsContext.subject, resource ?? [], kwargs.action, acsContext, {
|
|
133
|
+
operation: kwargs.operation, database: database ?? this.__acsDatabaseProvider ?? 'arangoDB',
|
|
134
|
+
useCache: kwargs.useCache ?? cfg.get('authorization:cache:enabled') ?? false
|
|
146
135
|
});
|
|
147
136
|
if (acsResponse?.decision !== Response_Decision.PERMIT) {
|
|
148
137
|
return acsResponse;
|
|
@@ -152,43 +141,30 @@ export function access_controlled_function(kwargs) {
|
|
|
152
141
|
request.custom_queries = arg?.custom_queries;
|
|
153
142
|
request.custom_arguments = arg?.custom_arguments;
|
|
154
143
|
}
|
|
155
|
-
|
|
156
|
-
const property = acsResponse.obligations?.filter((o) => resource.some((r) => r.resource === o.resource)).flatMap(o => o.property).flatMap(p => [p, new RegExp(p)]);
|
|
157
|
-
// @ts-expect-error TS2339
|
|
158
|
-
return property?.length ? _.omitDeep(appResponse, property) : appResponse;
|
|
144
|
+
return await target.call(this, request, ...args);
|
|
159
145
|
}
|
|
160
146
|
catch (err) {
|
|
161
|
-
|
|
147
|
+
const { code, message, details, stack } = err;
|
|
148
|
+
this.logger?.error('Operation Status Error:', { code, message, details, stack });
|
|
162
149
|
return {
|
|
163
150
|
operation_status: {
|
|
164
|
-
code: Number.isInteger(
|
|
165
|
-
message:
|
|
151
|
+
code: Number.isInteger(code) ? code : 500,
|
|
152
|
+
message: details ?? message ?? err,
|
|
166
153
|
}
|
|
167
154
|
};
|
|
168
155
|
}
|
|
169
156
|
};
|
|
157
|
+
if (fallback) {
|
|
158
|
+
// A 3rd param?
|
|
159
|
+
// fallback to decorator stage 1 or 2.
|
|
160
|
+
// is it a pure function or a stage 2 descriptor? let's guess!
|
|
161
|
+
target = fallback.value ?? fallback;
|
|
162
|
+
fallback.value = reflection;
|
|
163
|
+
}
|
|
164
|
+
else {
|
|
165
|
+
// lucky we are on stage 3 - simple:
|
|
166
|
+
return reflection;
|
|
167
|
+
}
|
|
170
168
|
};
|
|
171
169
|
}
|
|
172
|
-
export function resolves_subject(subjectResolver = (DefaultSubjectResolver)) {
|
|
173
|
-
return function (target, propertyName, descriptor) {
|
|
174
|
-
const method = descriptor.value;
|
|
175
|
-
descriptor.value = async function () {
|
|
176
|
-
const args = [...arguments].slice(1);
|
|
177
|
-
const request = await subjectResolver(this, arguments[0], ...args);
|
|
178
|
-
return await method.apply(this, [request, ...args]);
|
|
179
|
-
};
|
|
180
|
-
};
|
|
181
|
-
}
|
|
182
|
-
;
|
|
183
|
-
export function injects_meta_data(metaDataInjector = (DefaultMetaDataInjector)) {
|
|
184
|
-
return function (target, propertyName, descriptor) {
|
|
185
|
-
const method = descriptor.value;
|
|
186
|
-
descriptor.value = async function () {
|
|
187
|
-
const args = [...arguments].slice(1);
|
|
188
|
-
const request = await metaDataInjector(this, arguments[0], ...args);
|
|
189
|
-
return await method.apply(this, [request, ...args]);
|
|
190
|
-
};
|
|
191
|
-
};
|
|
192
|
-
}
|
|
193
|
-
;
|
|
194
170
|
//# sourceMappingURL=decorators.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../../src/acs/decorators.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../../src/acs/decorators.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,OAAO,EAEL,YAAY,EACZ,aAAa,GAEd,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,qBAAqB,EACtB,MAAM,mFAAmF,CAAC;AAC3F,OAAO,EACL,iBAAiB,EAClB,MAAM,6FAA6F,CAAC;AAOrG,OAAO,EACL,SAAS,GACV,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,eAAe,GAChB,MAAM,YAAY,CAAC;AACpB,OAAO,EAGL,WAAW,GAIZ,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,aAAa,GACd,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EACjB,MAAM,qFAAqF,CAAC;AA0D7F,MAAM,CAAC,MAAM,8BAA8B,GAAG,KAAK,EACjD,IAA+B,EAC/B,OAA0B,EAC1B,OAAqB,EACM,EAAE;IAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACtE,OAAO;QACL,GAAG,OAAO;QACV,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,SAAS,EAAE;YACT,GAAG,SAAS,CAAC,KAAK,IAAI,EAAE;YACxB,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE;SACvB;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,sBAAsB,GAAG,CACpC,GAAG,aAAuB,EACN,EAAE,CAAC,KAAK,EAC5B,IAA+B,EAC/B,OAAU,EACV,OAAqB,EACrB,EAAE,CAAC,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,EAAE,GAAG,CACvF,YAAY,CAAC,EAAE,CAAC,CAAC;IACf,QAAQ,EAAE,YAAY;IACtB,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;CAC/C,CAAC,CACH,CAAC;AACF,MAAM,CAAC,MAAM,8BAA8B,GAAG,sBAAsB,EAAE,CAAC;AAEvE,MAAM,CAAC,MAAM,sBAAsB,GAAG,KAAK,EACzC,IAAS,EACT,OAAU,EACV,GAAG,IAAS,EACA,EAAE;IACd,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;IACjC,IAAI,OAAO,EAAE,EAAE,EAAE,CAAC;QAChB,sCAAsC;QACtC,OAAO,OAAO,CAAC,EAAE,CAAC;IACpB,CAAC;IACD,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAC5E,IAAI,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YACtB,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG,KAAK,EAC1C,IAAS,EACT,OAAU,EACV,GAAG,IAAS,EACA,EAAE;IACd,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAC5B,OAAO,CAAC,KAAK,EAAE,GAAG,CAChB,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAClB,CAAC,MAAM,CACN,EAAE,CAAC,EAAE,CAAC,EAAE,CACT,IAAI,EAAE,CACR,CAAC,MAAM,EAAE,CAAC,CAAC;IACZ,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC;QAC5C,OAAO,EAAE,CAAC;gBACR,OAAO,EAAE,CAAC;wBACR,KAAK,EAAE,MAAM;wBACb,SAAS,EAAE,gBAAgB,CAAC,EAAE;wBAC9B,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC;wBAC1B,IAAI,EAAE,gBAAgB,CAAC,KAAK;qBAC7B,CAAC;aACH,CAAC;QACF,KAAK,EAAE,GAAG,CAAC,MAAM;QACjB,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC,CAAC,IAAI,CACL,CAAC,QAA8B,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAChE,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CACrB,CAAC,GAAG,CACH,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAC7C,CAAC,CACH,CAAC,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QAC9B,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,WAAW,KAAK,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK;YACnB,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;gBACvB,EAAE,EAAE,IAAI,CAAC,qBAAqB;gBAC9B,KAAK,EAAE,IAAI,CAAC,YAAY;gBACxB,UAAU,EAAE,CAAC;wBACX,EAAE,EAAE,IAAI,CAAC,aAAa;wBACtB,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK;qBAC7B,CAAC;aACH,CAAC,CAAC,CAAC,SAAS;YACb,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;gBACpB,EAAE,EAAE,IAAI,CAAC,qBAAqB;gBAC9B,KAAK,EAAE,IAAI,CAAC,IAAI;gBAChB,UAAU,EAAE,CAAC;wBACX,EAAE,EAAE,IAAI,CAAC,aAAa;wBACtB,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE;qBAC1B,CAAC;aACH,CAAC,CAAC,CAAC,SAAS;SACd,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAClB,IAAI,CAAC,EAAE,KAAK,UAAU,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,UAAU,yBAAyB,CAA6D,WAAc;IAClH,OAAO,KAAM,SAAQ,WAAW;QACd,aAAa,CAAgC;QAC7C,qBAAqB,CAAmB;QAExD,YAAY,GAAG,IAAS;YACtB,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;YACf,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC,GAAG,YAAY,aAAa,CAAC,CAAkB,CAAC;YACrF,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC,GAAG,YAAY,MAAM,CAAC,CAAW,CAAC;YAC1E,IAAI,CAAC,qBAAqB,GAAG,GAAG,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,UAAU,CAAC;YAC7E,IAAI,CAAC,aAAa,GAAG,YAAY,CAC/B;gBACE,GAAG,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC;gBACzB,MAAM;aACa,EACrB,qBAAqB,EACrB,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAC9C,CAAC;YACF,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACvB,eAAe,EAAE,CAAC;QACpB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,MAA0C;IAE1C,OAAO,UACL,MAAoD,EACpD,OAAoC,EACpC,QAAc;QAEd,MAAM,UAAU,GAAG,KAAK,WAA0C,OAAU,EAAE,GAAG,IAAW;YAC1F,IAAI,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;oBACxB,MAAM,IAAI,KAAK,CAAC,sFAAsF,CAAC,CAAC;gBAC1G,CAAC;gBAED,OAAO,GAAG,MAAM,CAAC,OAAO,KAAK,SAAS;oBACpC,CAAC,CAAC,MAAM,sBAAsB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;oBACtD,CAAC,CAAC,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,OAAO,CAAC;gBAE9D,oDAAoD;gBACpD,uCAAuC;gBACvC,+CAA+C;gBAC/C,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;oBAC/D,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;wBAChB,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;oBAC5C,CAAC;yBACI,CAAC;wBACJ,MAAM,uBAAuB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;oBACxD,CAAC;gBACH,CAAC;gBAED,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU;oBACvD,CAAC,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;oBAC9C,CAAC,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,8BAA8B,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;gBAEnF,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,UAAU;oBACtD,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;oBAC/C,CAAC,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,8BAA8B,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;gBAEpF,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,UAAU;oBACtD,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;oBAC/C,CAAC,CAAC,MAAM,CAAC,QAAQ,IAAI,IAAI,CAAC,qBAAqB,IAAG,UAAU,CAAC;gBAE/D,MAAM,WAAW,GAA2C,MAAM,aAAa,CAC7E,UAAU,CAAC,OAAO,EAClB,QAAQ,IAAI,EAAE,EACd,MAAM,CAAC,MAAM,EACb,UAAU,EACV;oBACE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,IAAI,IAAI,CAAC,qBAAqB,IAAI,UAAU;oBAC3F,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,GAAG,CAAC,GAAG,CAAC,6BAA6B,CAAC,IAAI,KAAK;iBAC7E,CACF,CAAC;gBAEF,IAAI,WAAW,EAAE,QAAQ,KAAK,iBAAiB,CAAC,MAAM,EAAE,CAAC;oBACvD,OAAO,WAAW,CAAC;gBACrB,CAAC;gBAED,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAM,GAAG,GAAG,WAAW,EAAE,iBAAiB,EAAE,IAAI,CAC9C,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,CAAC,CACxD,CAAC;oBACF,OAAO,CAAC,cAAc,GAAG,GAAG,EAAE,cAAc,CAAC;oBAC7C,OAAO,CAAC,gBAAgB,GAAG,GAAG,EAAE,gBAAgB,CAAC;gBACnD,CAAC;gBAED,OAAO,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;YACnD,CAAC;YACD,OAAO,GAAQ,EAAE,CAAC;gBAChB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;gBAC9C,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;gBACjF,OAAO;oBACL,gBAAgB,EAAE;wBAChB,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG;wBACzC,OAAO,EAAE,OAAO,IAAI,OAAO,IAAI,GAAG;qBACnC;iBACF,CAAC;YACJ,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,QAAQ,EAAE,CAAC;YACb,eAAe;YACf,sCAAsC;YACtC,8DAA8D;YAC9D,MAAM,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC;YACpC,QAAQ,CAAC,KAAK,GAAG,UAAU,CAAC;QAC9B,CAAC;aACI,CAAC;YACJ,oCAAoC;YACpC,OAAO,UAAU,CAAC;QACpB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
|
package/lib/acs/interfaces.d.ts
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import { Attribute } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/attribute.js';
|
|
2
2
|
import { RoleAssociation, Subject, DeepPartial } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/auth.js';
|
|
3
|
-
import {
|
|
4
|
-
import { FilterOp } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/resource_base.js';
|
|
3
|
+
import { FilterOp, Resource } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/resource_base.js';
|
|
5
4
|
import { Response_Decision, ReverseQuery } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control.js';
|
|
6
5
|
import { Effect } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/rule.js';
|
|
7
6
|
import { PolicySetRQ } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/policy_set.js';
|
|
@@ -27,14 +26,7 @@ export interface ACSResource {
|
|
|
27
26
|
id?: string | string[];
|
|
28
27
|
property?: string[];
|
|
29
28
|
}
|
|
30
|
-
export interface CtxResource {
|
|
31
|
-
id: string;
|
|
32
|
-
meta: {
|
|
33
|
-
created?: Date;
|
|
34
|
-
modified?: Date;
|
|
35
|
-
modified_by?: string;
|
|
36
|
-
owners: Attribute[];
|
|
37
|
-
};
|
|
29
|
+
export interface CtxResource extends Resource {
|
|
38
30
|
[key: string]: any;
|
|
39
31
|
}
|
|
40
32
|
export interface ACSClientContext {
|
|
@@ -95,11 +87,7 @@ export type NoAuthWhatIsAllowedTarget = Target<UnauthenticatedData, ACSResource[
|
|
|
95
87
|
export interface AuthZContext {
|
|
96
88
|
security: any;
|
|
97
89
|
}
|
|
98
|
-
export
|
|
99
|
-
id: string;
|
|
100
|
-
meta: Meta;
|
|
101
|
-
[key: string]: any;
|
|
102
|
-
}
|
|
90
|
+
export { CtxResource as ResourceData };
|
|
103
91
|
export interface AuthZRequest extends Request<AuthZTarget, AuthZContext> {
|
|
104
92
|
target: AuthZTarget;
|
|
105
93
|
context: AuthZContext;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/acs/interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wFAAwF,CAAC;AACnH,OAAO,EACL,eAAe,EACf,OAAO,EACP,WAAW,EACZ,MAAM,mFAAmF,CAAC;AAC3F,OAAO,
|
|
1
|
+
{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/acs/interfaces.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,wFAAwF,CAAC;AACnH,OAAO,EACL,eAAe,EACf,OAAO,EACP,WAAW,EACZ,MAAM,mFAAmF,CAAC;AAC3F,OAAO,EACL,QAAQ,EACR,QAAQ,EACT,MAAM,4FAA4F,CAAC;AACpG,OAAO,EACL,iBAAiB,EACjB,YAAY,EACb,MAAM,6FAA6F,CAAC;AACrG,OAAO,EAAE,MAAM,EAAE,MAAM,mFAAmF,CAAC;AAC3G,OAAO,EACL,WAAW,EACZ,MAAM,yFAAyF,CAAC;AACjG,OAAO,EACL,QAAQ,EACT,MAAM,qFAAqF,CAAC;AAC7F,OAAO,EACL,MAAM,EACN,MAAM,IAAI,eAAe,EAC1B,MAAM,mFAAmF,CAAC;AAC3F,OAAO,EACL,iBAAiB,IAAI,QAAQ,EAC7B,OAAO,EACP,QAAQ,EACT,MAAM,6FAA6F,CAAC;AAErG,OAAO,EACL,QAAQ,EACR,OAAO,EACP,MAAM,EACN,QAAQ,EACR,WAAW,EACX,QAAQ,IAAI,WAAW,EACvB,eAAe,GAChB,CAAC;AAEF,oBAAY,WAAW;IACrB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,IAAI,SAAS;IACb,GAAG,MAAM;CACV;AAED,oBAAY,SAAS;IACnB,SAAS,cAAc;IACvB,aAAa,kBAAkB;CAChC;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,WAAY,SAAQ,QAAQ;IAC3C,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;IAC/B,SAAS,CAAC,EAAE,WAAW,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,QAAQ;IACvB,QAAQ,EAAE,UAAU,GAAG,UAAU,CAAC;CACnC;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;CAGZ;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,iBAAiB,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,CAAC,EAAE,eAAe,EAAE,CAAC;IACtC,mBAAmB,CAAC,EAAE,iBAAiB,EAAE,CAAC;CAC3C;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG;IACxC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;CAC5B,CAAC;AAEF,MAAM,WAAW,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO;IAClD,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,OAAO,CAAC,OAAO,EAAE,QAAQ;IACxC,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,QAAQ,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,KAAK,CAAC,QAAQ,EAAE,QAAQ,GAAG,GAAG,EAAE,SAAS,GAAG,WAAW,EAAE,OAAO,GAAG,WAAW;IAC7F;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EACxE,GAAG,EAAE,gBAAgB,EAAE,QAAQ,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CACtG;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,EAAE,WAAW,EAAE,EAAE,WAAW,CAAC,CAAC;AACtE,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,mBAAmB,EAAE,WAAW,EAAE,EAAE,WAAW,CAAC,CAAC;AAEnF,MAAM,MAAM,wBAAwB,GAAG,MAAM,CAAC,OAAO,EAAE,WAAW,EAAE,EAAE,WAAW,CAAC,CAAC;AACnF,MAAM,MAAM,yBAAyB,GAAG,MAAM,CAAC,mBAAmB,EAAE,WAAW,EAAE,EAAE,WAAW,CAAC,CAAC;AAEhG,MAAM,WAAW,YAAY;IAE3B,QAAQ,EAAE,GAAG,CAAC;CACf;AAED,OAAO,EAAE,WAAW,IAAI,YAAY,EAAE,CAAC;AAEvC,MAAM,WAAW,YAAa,SAAQ,OAAO,CAAC,WAAW,EAAE,YAAY,CAAC;IACtE,MAAM,EAAE,WAAW,CAAC;IACpB,OAAO,EAAE,YAAY,CAAC;CACvB;AAED,MAAM,WAAW,aAAc,SAAQ,QAAQ;IAC7C,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,MAAO,SAAQ,KAAK,CAAC,OAAO,GAAG,mBAAmB,EAAE,YAAY,EAAE,WAAW,EAAE,EAAE,WAAW,CAAC;IAC5G,aAAa,EAAE,CACb,OAAO,EAAE,OAAO,CAAC,wBAAwB,GAAG,yBAAyB,EAAE,YAAY,CAAC,EACpF,GAAG,EAAE,gBAAgB,EACrB,QAAQ,EAAE,OAAO,EACjB,oBAAoB,EAAE,MAAM,KACzB,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,sBAAsB,CAAC;CACjC;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,mBAAmB,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IAClC,eAAe,EAAE,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,SAAS;IACxB,iBAAiB,EAAE,eAAe,EAAE,CAAC;IAErC,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,4BAA4B;IAC3C,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,eAAe,CAAC;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAGD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,QAAQ,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,EAAE,GAAG,CAAC;CACvB;AAGD,MAAM,MAAM,mBAAmB,GAAG,YAAY,GAAG;IAC/C,OAAO,CAAC,EAAE,iBAAiB,EAAE,CAAC;IAC9B,iBAAiB,CAAC,EAAE,eAAe,EAAE,CAAC;IACtC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,QAAQ,CAAC,EAAE,iBAAiB,CAAC;CAC9B,CAAC;AAEF,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtB,SAAS,EAAE,SAAS,EAAE,CAAC;IACvB,OAAO,EAAE,SAAS,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,QAAQ,CAAC,EAAE,UAAU,GAAG,UAAU,CAAC;IACnC,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../src/acs/interfaces.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../src/acs/interfaces.ts"],"names":[],"mappings":"AAeA,OAAO,EACL,WAAW,GACZ,MAAM,yFAAyF,CAAC;AACjG,OAAO,EACL,QAAQ,GACT,MAAM,qFAAqF,CAAC;AAC7F,OAAO,EACL,MAAM,EACN,MAAM,IAAI,eAAe,GAC1B,MAAM,mFAAmF,CAAC;AAC3F,OAAO,EACL,iBAAiB,IAAI,QAAQ,EAC7B,OAAO,EACP,QAAQ,GACT,MAAM,6FAA6F,CAAC;AAErG,OAAO,EACL,QAAQ,EACR,OAAO,EACP,MAAM,EACN,QAAQ,EACR,WAAW,EACX,QAAQ,IAAI,WAAW,EACvB,eAAe,GAChB,CAAC;AAEF,MAAM,CAAN,IAAY,WAQX;AARD,WAAY,WAAW;IACrB,gCAAiB,CAAA;IACjB,4BAAa,CAAA;IACb,gCAAiB,CAAA;IACjB,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,4BAAa,CAAA;IACb,wBAAS,CAAA;AACX,CAAC,EARW,WAAW,KAAX,WAAW,QAQtB;AAED,MAAM,CAAN,IAAY,SAGX;AAHD,WAAY,SAAS;IACnB,oCAAuB,CAAA;IACvB,4CAA+B,CAAA;AACjC,CAAC,EAHW,SAAS,KAAT,SAAS,QAGpB;AAmBA,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/acs/middleware.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,mBAAmB,
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/acs/middleware.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,mBAAmB,GAAI,SAAS,GAAG,MAChC,KAAK,GAAG,EAAE,MAAM,GAAG,kBAIlC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../../src/acs/resolver.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,OAAO,EACP,WAAW,EACZ,MAAM,mFAAmF,CAAC;AAC3F,OAAO,EACL,OAAO,EAER,MAAM,6FAA6F,CAAC;AACrG,OAAO,EACL,QAAQ,EACT,MAAM,4FAA4F,CAAC;AACpG,OAAO,EACL,QAAQ,EAGT,MAAM,YAAY,CAAC;AACpB,OAAO,EAEL,gBAAgB,EAEhB,gBAAgB,EAChB,mBAAmB,EAEnB,WAAW,EACX,WAAW,EACX,gBAAgB,EACjB,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../../src/acs/resolver.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,OAAO,EACP,WAAW,EACZ,MAAM,mFAAmF,CAAC;AAC3F,OAAO,EACL,OAAO,EAER,MAAM,6FAA6F,CAAC;AACrG,OAAO,EACL,QAAQ,EACT,MAAM,4FAA4F,CAAC;AACpG,OAAO,EACL,QAAQ,EAGT,MAAM,YAAY,CAAC;AACpB,OAAO,EAEL,gBAAgB,EAEhB,gBAAgB,EAChB,mBAAmB,EAEnB,WAAW,EACX,WAAW,EACX,gBAAgB,EACjB,MAAM,iBAAiB,CAAC;AAuCzB,eAAO,MAAM,gBAAgB,GAAU,SAAS,OAAO,EACrD,WAAW,WAAW,EAAE,EAAE,SAAS,WAAW,EAAE,KAAK,gBAAgB,EAAE,UAAU,OAAO,KAAG,OAAO,CAAC,gBAAgB,CAsBpH,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,WAAW,CAAC,OAAO,CAAC,EAC7B,UAAU,WAAW,EAAE,EACvB,QAAQ,WAAW,EACnB,KAAK,gBAAgB,EACrB,UAAU,gBAAgB,KACzB,OAAO,CAAC,gBAAgB,GAAG,mBAAmB,CAkNhD,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,SAAS,GAAU,SAAS,OAAO,EAAE,OAAO,QAAQ,KAAG,OAAO,CAAC,gBAAgB,CAe3F,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,aAAa,GAAU,SAAS,OAAO,EAAE,OAAO,QAAQ,KAAG,OAAO,CAAC,mBAAmB,CAkBlG,CAAC;AAEF,MAAM,WAAW,MAAM;IACrB,OAAO,CAAC,EAAE,aAAa,EAAE,CAAC;IAC1B,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,GAAG,CAAC;IACb,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,KAAK,CAAC,EAAE,UAAU,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC;IACrB,KAAK,CAAC,EAAE,GAAG,CAAC;IACZ,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,MAAM,CAAC,EAAE,GAAG,CAAC;IACb,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,gBAAgB,EAAE,GAAG,CAAC;CACvB;AAED,MAAM,WAAW,kBAAmB,SAAQ,cAAc;IACxD,SAAS,EAAE,WAAW,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB"}
|
package/lib/acs/resolver.js
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { generateOperationStatus, createResourceFilterMap, mapResourceURNObligationProperties, notAllowedMessage, } from '../utils.js';
|
|
2
2
|
import { Response_Decision, } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/access_control.js';
|
|
3
3
|
import { authZ, unauthZ, } from './authz.js';
|
|
4
4
|
import { Operation, } from './interfaces.js';
|
|
5
5
|
import logger from '../logger.js';
|
|
6
6
|
import { errors, cfg } from '../config.js';
|
|
7
|
+
import { clone, isEmptyish } from "remeda";
|
|
7
8
|
const subjectIsUnauthenticated = (subject) => {
|
|
8
9
|
return subject?.unauthenticated === true;
|
|
9
10
|
};
|
|
@@ -74,7 +75,7 @@ export const isAllowedRequest = async (subject, resources, actions, ctx, useCach
|
|
|
74
75
|
* @returns {DecisionResponse | PolicySetRQResponse}
|
|
75
76
|
*/
|
|
76
77
|
export const accessRequest = async (subject, resource, action, ctx, options) => {
|
|
77
|
-
if (
|
|
78
|
+
if (isEmptyish(subject) || !subject.token) {
|
|
78
79
|
// check if unauthenticated user is configured in config.json
|
|
79
80
|
subject = cfg.get('authorization:users:unauthenticated_user')
|
|
80
81
|
// fallback to old configs
|
|
@@ -82,7 +83,7 @@ export const accessRequest = async (subject, resource, action, ctx, options) =>
|
|
|
82
83
|
// when subject is not passed (if auth header is not set)
|
|
83
84
|
?? { unauthenticated: true };
|
|
84
85
|
}
|
|
85
|
-
const subClone =
|
|
86
|
+
const subClone = clone(subject);
|
|
86
87
|
// by default if the config for authorization enabling and enforcement is missing
|
|
87
88
|
// enable it by default (true)
|
|
88
89
|
const authzEnabled = cfg.get('authorization:enabled') ?? true;
|
|
@@ -94,7 +95,7 @@ export const accessRequest = async (subject, resource, action, ctx, options) =>
|
|
|
94
95
|
operation_status: generateOperationStatus(200, 'success')
|
|
95
96
|
};
|
|
96
97
|
}
|
|
97
|
-
if (
|
|
98
|
+
if (isEmptyish(subject)) {
|
|
98
99
|
return {
|
|
99
100
|
decision: Response_Decision.DENY,
|
|
100
101
|
operation_status: generateOperationStatus(errors.USER_NOT_LOGGED_IN.code, errors.USER_NOT_LOGGED_IN.message)
|
|
@@ -103,17 +104,12 @@ export const accessRequest = async (subject, resource, action, ctx, options) =>
|
|
|
103
104
|
// resolve userID by token
|
|
104
105
|
const subjectID = subject?.id;
|
|
105
106
|
const targetScope = subject?.scope;
|
|
106
|
-
|
|
107
|
-
if (resource && !_.isArray(resource)) {
|
|
107
|
+
if (resource && !Array.isArray(resource)) {
|
|
108
108
|
resource = [resource];
|
|
109
109
|
}
|
|
110
110
|
const resourceName = resource?.map(r => r.resource).join(',');
|
|
111
|
-
if (
|
|
112
|
-
const msg =
|
|
113
|
-
`Access not allowed for request with`,
|
|
114
|
-
`subject:${subjectID}, resource:${resourceName}, action:${action}${targetScopeMessage}`,
|
|
115
|
-
`the response was ${Response_Decision.INDETERMINATE}`,
|
|
116
|
-
].join(' ');
|
|
111
|
+
if (isEmptyish(resource)) {
|
|
112
|
+
const msg = notAllowedMessage(subjectID, resourceName, action, targetScope, Response_Decision.INDETERMINATE);
|
|
117
113
|
const details = 'Entity missing';
|
|
118
114
|
logger?.verbose(msg);
|
|
119
115
|
logger?.verbose('Details:', { details });
|
|
@@ -128,7 +124,7 @@ export const accessRequest = async (subject, resource, action, ctx, options) =>
|
|
|
128
124
|
const database = options?.database ? options.database : 'arangoDB';
|
|
129
125
|
const useCache = options?.useCache ? options.useCache : true;
|
|
130
126
|
// ctx.resources
|
|
131
|
-
if (ctx.resources && !
|
|
127
|
+
if (ctx.resources && !Array.isArray(ctx.resources)) {
|
|
132
128
|
ctx.resources = [ctx.resources];
|
|
133
129
|
}
|
|
134
130
|
// whatIsAllowed Operation
|
|
@@ -151,12 +147,8 @@ export const accessRequest = async (subject, resource, action, ctx, options) =>
|
|
|
151
147
|
};
|
|
152
148
|
}
|
|
153
149
|
// handle case if policySet is empty
|
|
154
|
-
if (authzEnforced && (
|
|
155
|
-
const msg =
|
|
156
|
-
`Access not allowed for request with subject:${subjectID},`,
|
|
157
|
-
`resource:${resourceName}, action:${action}${targetScopeMessage}`,
|
|
158
|
-
'the response was INDETERMINATE'
|
|
159
|
-
].join(' ');
|
|
150
|
+
if (authzEnforced && (isEmptyish(policySetResponse?.policy_sets))) {
|
|
151
|
+
const msg = notAllowedMessage(subjectID, resourceName, action, targetScope, Response_Decision.INDETERMINATE);
|
|
160
152
|
const details = 'no matching policy/rule could be found';
|
|
161
153
|
logger?.verbose(msg);
|
|
162
154
|
logger?.verbose('Details:', { details });
|
|
@@ -165,10 +157,10 @@ export const accessRequest = async (subject, resource, action, ctx, options) =>
|
|
|
165
157
|
operation_status: generateOperationStatus(Number(errors.ACTION_NOT_ALLOWED.code), msg)
|
|
166
158
|
};
|
|
167
159
|
}
|
|
168
|
-
if (!authzEnforced && (
|
|
160
|
+
if (!authzEnforced && (isEmptyish(policySetResponse?.policy_sets))) {
|
|
169
161
|
logger?.verbose([
|
|
170
|
-
`The Access response was INDETERMIATE for a request with subject:${subjectID},`,
|
|
171
|
-
`resource:${resourceName}, action:${action}
|
|
162
|
+
`The Access response was INDETERMIATE for a request with subject:${subjectID ?? 'undefined'},`,
|
|
163
|
+
`resource:${resourceName ?? 'undefined'}, action:${action ?? 'undefined'}, target_scope:${targetScope ?? 'undefined'}`,
|
|
172
164
|
`as no matching policy/rule could be found, but since ACS enforcement`,
|
|
173
165
|
`config is disabled overriding the ACS result`,
|
|
174
166
|
].join(' '));
|
|
@@ -205,11 +197,7 @@ export const accessRequest = async (subject, resource, action, ctx, options) =>
|
|
|
205
197
|
else if (decisionResponse.decision === Response_Decision.DENY) {
|
|
206
198
|
details = `Subject:${subjectID} does not have access to requested target scope ${targetScope}`;
|
|
207
199
|
}
|
|
208
|
-
const msg = [
|
|
209
|
-
`Access not allowed for request with subject:${subjectID},`,
|
|
210
|
-
`resource:${resourceName}, action:${action}${targetScopeMessage}`,
|
|
211
|
-
`the response was ${Response_Decision[decisionResponse.decision]}`,
|
|
212
|
-
].join(' ');
|
|
200
|
+
const msg = notAllowedMessage(subjectID, resourceName, action, targetScope, Response_Decision[decisionResponse.decision]);
|
|
213
201
|
logger?.verbose(msg);
|
|
214
202
|
logger?.verbose('Details:', { details });
|
|
215
203
|
return {
|
|
@@ -226,11 +214,8 @@ export const accessRequest = async (subject, resource, action, ctx, options) =>
|
|
|
226
214
|
else if (decisionResponse.decision === Response_Decision.DENY) {
|
|
227
215
|
details = `Subject:${subjectID} does not have access to requested target scope ${targetScope}`;
|
|
228
216
|
}
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
`resource:${resourceName}, action:${action}${targetScopeMessage}`,
|
|
232
|
-
`the response was ${Response_Decision[decisionResponse.decision]}`,
|
|
233
|
-
].join(' '));
|
|
217
|
+
const msg = notAllowedMessage(subjectID, resourceName, action, targetScope, Response_Decision[decisionResponse.decision]);
|
|
218
|
+
logger?.verbose(msg);
|
|
234
219
|
logger?.verbose(`${details}, Overriding the ACS result as ACS enforce config is disabled`);
|
|
235
220
|
decisionResponse.decision = Response_Decision.PERMIT;
|
|
236
221
|
}
|
package/lib/acs/resolver.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolver.js","sourceRoot":"","sources":["../../src/acs/resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,
|
|
1
|
+
{"version":3,"file":"resolver.js","sourceRoot":"","sources":["../../src/acs/resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,uBAAuB,EACvB,uBAAuB,EAEvB,kCAAkC,EAClC,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAKrB,OAAO,EAEL,iBAAiB,GAClB,MAAM,6FAA6F,CAAC;AAIrG,OAAO,EAEL,KAAK,EACL,OAAO,GACR,MAAM,YAAY,CAAC;AACpB,OAAO,EAML,SAAS,GAIV,MAAM,iBAAiB,CAAC;AACzB,OAAO,MAAM,MAAM,cAAc,CAAC;AAClC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAE3C,MAAM,wBAAwB,GAAG,CAAC,OAAY,EAAqC,EAAE;IACnF,OAAO,OAAO,EAAE,eAAe,KAAK,IAAI,CAAC;AAC3C,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,KAAK,EAChC,OAA6B,EAC7B,SAAwB,EACxB,OAAoB,EACpB,GAAqB,EACrB,QAAiB,EACjB,EAAE;IACF,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,OAAO,MAAM,OAAO,CAAC,aAAa,CAAC;YACjC,MAAM,EAAE;gBACN,QAAQ,EAAG,OAA+B,EAAE,SAAS,EAAE,OAAO;aAC/D;YACD,OAAO,EAAE;gBACP,QAAQ,EAAE,EAAE;aACb;SACF,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpB,CAAC;SAAM,CAAC;QACN,OAAO,MAAM,KAAK,CAAC,aAAa,CAAC;YAC/B,OAAO,EAAE;gBACP,QAAQ,EAAE,EAAE;aACb;YACD,MAAM,EAAE;gBACN,QAAQ,EAAE,OAAkB;gBAC5B,SAAS;gBACT,OAAO;aACR;SACF,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpB,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,EAAE,OAAgB,EACrD,SAAwB,EAAE,OAAoB,EAAE,GAAqB,EAAE,QAAiB,EAA6B,EAAE;IACvH,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,OAAO,MAAM,OAAO,CAAC,SAAS,CAAC;YAC7B,MAAM,EAAE;gBACN,QAAQ,EAAG,OAA+B,EAAE,SAAS,EAAE,OAAO;aAC/D;YACD,OAAO,EAAE;gBACP,QAAQ,EAAE,EAAE;aACb;SACF,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpB,CAAC;SAAM,CAAC;QACN,OAAO,MAAM,KAAK,CAAC,SAAS,CAAC;YAC3B,OAAO,EAAE;gBACP,QAAQ,EAAE,EAAE;aACb;YACD,MAAM,EAAE;gBACN,QAAQ,EAAE,OAAO;gBACjB,SAAS;gBACT,OAAO;aACR;SACF,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpB,CAAC;AACH,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,OAA6B,EAC7B,QAAuB,EACvB,MAAmB,EACnB,GAAqB,EACrB,OAA0B,EACuB,EAAE;IACnD,IAAI,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAG,CAAC;QAC3C,6DAA6D;QAC7D,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,0CAA0C,CAAC;YAC3D,0BAA0B;eACvB,GAAG,CAAC,GAAG,CAAC,oCAAoC,CAAC;YAChD,yDAAyD;eACtD,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;IACjC,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;IAEhC,iFAAiF;IACjF,8BAA8B;IAC9B,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,IAAI,CAAC;IAC9D,MAAM,aAAa,GAAG,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,IAAI,CAAC;IAE/D,+BAA+B;IAC/B,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,QAAQ,EAAE,iBAAiB,CAAC,MAAM;YAClC,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,EAAE,SAAS,CAAC;SAC1D,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;YAChC,gBAAgB,EAAE,uBAAuB,CACvC,MAAM,CAAC,kBAAkB,CAAC,IAAI,EAC9B,MAAM,CAAC,kBAAkB,CAAC,OAAO,CAClC;SACF,CAAC;IACJ,CAAC;IAED,0BAA0B;IAC1B,MAAM,SAAS,GAAG,OAAO,EAAE,EAAE,CAAC;IAC9B,MAAM,WAAW,GAAG,OAAO,EAAE,KAAK,CAAC;IACnC,IAAI,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,QAAQ,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxB,CAAC;IACD,MAAM,YAAY,GAAG,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE9D,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,iBAAiB,CAC3B,SAAS,EACT,YAAY,EACZ,MAAM,EACN,WAAW,EACX,iBAAiB,CAAC,aAAa,CAChC,CAAC;QACF,MAAM,OAAO,GAAG,gBAAgB,CAAC;QACjC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACrB,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QACzC,OAAO;YACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;YAChC,gBAAgB,EAAE,uBAAuB,CACvC,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EACtC,GAAG,CACJ;SACF,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC;IAC/E,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;IACnE,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7D,gBAAgB;IAChB,IAAI,GAAG,CAAC,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,GAAG,CAAC,SAAS,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IAED,0BAA0B;IAC1B,IAAI,SAAS,KAAK,SAAS,CAAC,aAAa,EAAE,CAAC;QAC1C,IAAI,iBAAsC,CAAC;QAC3C,IAAI,CAAC;YACH,uDAAuD;YACvD,wDAAwD;YACxD,iBAAiB,GAAG,MAAM,oBAAoB,CAC5C,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,GAAG,EACH,QAAQ,CACT,CAAC;QACJ,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,EAAE,KAAK,CACX,uCAAuC,EACvC;gBACE,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,KAAK,EAAE,GAAG,CAAC,KAAK;aACjB,CACF,CAAC;YACF,OAAO;gBACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC;aACjE,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,aAAa,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC,EAAE,CAAC;YAClE,MAAM,GAAG,GAAG,iBAAiB,CAC3B,SAAS,EACT,YAAY,EACZ,MAAM,EACN,WAAW,EACX,iBAAiB,CAAC,aAAa,CAChC,CAAC;YACF,MAAM,OAAO,GAAG,wCAAwC,CAAC;YACzD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACrB,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACzC,OAAO;gBACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE,uBAAuB,CACvC,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EACtC,GAAG,CACJ;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,aAAa,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC,EAAE,CAAC;YACnE,MAAM,EAAE,OAAO,CAAC;gBACd,mEAAoE,SAAS,IAAI,WAAY,GAAG;gBAChG,YAAa,YAAY,IAAI,WAAY,YAAa,MAAM,IAAI,WAAY,kBAAmB,WAAW,IAAI,WAAY,EAAE;gBAC5H,sEAAsE;gBACtE,8CAA8C;aAC/C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACf,CAAC;QAED,sFAAsF;QACtF,6BAA6B;QAC7B,MAAM,eAAe,GAAG,MAAM,uBAAuB,CACnD,QAAQ,EACR,iBAAiB,EACjB,GAAG,CAAC,SAAS,EACb,MAAM,EACN,QAAQ,EACR,SAAS,EACT,aAAa,EACb,WAAW,EACX,QAAQ,CACT,CAAC;QAEF,IAAK,eAAoC,CAAC,QAAQ,EAAE,CAAC;YACnD,OAAO,eAAmC,CAAC;QAC7C,CAAC;QAED,iBAAiB,CAAC,OAAO,GAAI,eAAqC,CAAC,iBAAiB,CAAC;QACrF,iBAAiB,CAAC,iBAAiB,GAAI,eAAqC,CAAC,eAAe,CAAC;QAC7F,iBAAiB,CAAC,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,mEAAmE;QAC1H,iBAAiB,CAAC,gBAAgB,GAAG,uBAAuB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAC7E,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAED,eAAe;IACf,IAAI,gBAAgB,GAAqB,EAAE,QAAQ,EAAE,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,CAAC;IAC1H,sBAAsB;IACtB,IAAI,SAAS,KAAK,SAAS,CAAC,SAAS,EAAE,CAAC;QACtC,gBAAgB;QAChB,IAAI,CAAC;YACH,gBAAgB,GAAG,MAAM,gBAAgB,CAAC,QAAmB,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;QAClG,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,EAAE,KAAK,CAAC,mCAAmC,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/G,OAAO,EAAE,QAAQ,EAAE,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAChH,CAAC;QAED,IAAI,aAAa,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,IAAI,iBAAiB,CAAC,MAAM,EAAE,CAAC;YAC/F,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,gBAAgB,CAAC,QAAQ,KAAK,iBAAiB,CAAC,aAAa,EAAE,CAAC;gBAClE,OAAO,GAAG,qCAAqC,CAAC;YAClD,CAAC;iBAAM,IAAI,gBAAgB,CAAC,QAAQ,KAAK,iBAAiB,CAAC,IAAI,EAAE,CAAC;gBAChE,OAAO,GAAG,WAAW,SAAS,mDAAmD,WAAW,EAAE,CAAC;YACjG,CAAC;YACD,MAAM,GAAG,GAAG,iBAAiB,CAC3B,SAAS,EACT,YAAY,EACZ,MAAM,EACN,WAAW,EACX,iBAAiB,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAC7C,CAAC;YACF,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACrB,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACzC,OAAO;gBACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;gBAChC,gBAAgB,EAAE,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC;aACvF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,CAAC,aAAa,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,IAAI,iBAAiB,CAAC,MAAM,EAAE,CAAC;QAChG,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,gBAAgB,CAAC,QAAQ,KAAK,iBAAiB,CAAC,aAAa,EAAE,CAAC;YAClE,OAAO,GAAG,qCAAqC,CAAC;QAClD,CAAC;aAAM,IAAI,gBAAgB,CAAC,QAAQ,KAAK,iBAAiB,CAAC,IAAI,EAAE,CAAC;YAChE,OAAO,GAAG,WAAY,SAAU,mDAAoD,WAAY,EAAE,CAAC;QACrG,CAAC;QACD,MAAM,GAAG,GAAG,iBAAiB,CAC3B,SAAS,EACT,YAAY,EACZ,MAAM,EACN,WAAW,EACX,iBAAiB,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAC7C,CAAC;QACF,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACrB,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,+DAA+D,CAAC,CAAC;QAC3F,gBAAgB,CAAC,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC;IACvD,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,EAAE,OAAgB,EAAE,KAAe,EAA6B,EAAE;IAC9F,IAAI,QAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,iBAAiB,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC7D,QAAQ,GAAG;YACT,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;YACpC,WAAW,EAAE,kCAAkC,CAAC,iBAAiB,CAAC,WAAW,CAAC;YAC9E,gBAAgB,EAAE,iBAAiB,CAAC,gBAAgB;SACrD,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,EAAE,KAAK,CAAC,yCAAyC,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QACrH,OAAO,EAAE,QAAQ,EAAE,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;IAChH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,OAAgB,EAAE,KAAe,EAAgC,EAAE;IACrG,IAAI,QAA6B,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,qBAAqB,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACrE,QAAQ,GAAG;YACT,GAAG,qBAAqB;SAClB,CAAC,CAAC,iBAAiB;QAC3B,QAAQ,CAAC,WAAW,GAAG,kCAAkC,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;IAC/F,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,EAAE,KAAK,CAAC,6CAA6C,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QACzH,OAAO;YACL,QAAQ,EAAE,iBAAiB,CAAC,IAAI;YAChC,WAAW,EAAE,EAAE;YACf,gBAAgB,EAAE,uBAAuB,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC;SACjE,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC,CAAC"}
|
package/lib/config.d.ts
CHANGED
|
@@ -1,4 +1,53 @@
|
|
|
1
1
|
export declare let cfg: any;
|
|
2
|
-
export declare const errors:
|
|
2
|
+
export declare const errors: {
|
|
3
|
+
INVALID_CREDENTIALS: {
|
|
4
|
+
code: number;
|
|
5
|
+
message: string;
|
|
6
|
+
};
|
|
7
|
+
USER_NOT_LOGGED_IN: {
|
|
8
|
+
code: number;
|
|
9
|
+
message: string;
|
|
10
|
+
};
|
|
11
|
+
ACTION_NOT_ALLOWED: {
|
|
12
|
+
code: number;
|
|
13
|
+
message: string;
|
|
14
|
+
};
|
|
15
|
+
SYSTEM_ERROR: {
|
|
16
|
+
code: number;
|
|
17
|
+
message: string;
|
|
18
|
+
};
|
|
19
|
+
};
|
|
20
|
+
export type KnownErrors = typeof errors;
|
|
21
|
+
export declare const urns: {
|
|
22
|
+
model: string;
|
|
23
|
+
user: string;
|
|
24
|
+
organization: string;
|
|
25
|
+
entity: string;
|
|
26
|
+
role: string;
|
|
27
|
+
roleScopingEntity: string;
|
|
28
|
+
roleScopingInstance: string;
|
|
29
|
+
hierarchicalRoleScoping: string;
|
|
30
|
+
unauthenticated_user: string;
|
|
31
|
+
property: string;
|
|
32
|
+
ownerIndicatoryEntity: string;
|
|
33
|
+
ownerInstance: string;
|
|
34
|
+
subjectID: string;
|
|
35
|
+
resourceID: string;
|
|
36
|
+
actionID: string;
|
|
37
|
+
action: string;
|
|
38
|
+
operation: string;
|
|
39
|
+
execute: string;
|
|
40
|
+
permitOverrides: string;
|
|
41
|
+
denyOverrides: string;
|
|
42
|
+
create: string;
|
|
43
|
+
read: string;
|
|
44
|
+
modify: string;
|
|
45
|
+
delete: string;
|
|
46
|
+
aclIndicatoryEntity: string;
|
|
47
|
+
aclInstance: string;
|
|
48
|
+
skipACL: string;
|
|
49
|
+
maskedProperty: string;
|
|
50
|
+
};
|
|
51
|
+
export type KnownUrns = typeof urns;
|
|
3
52
|
export declare const updateConfig: (config: any) => void;
|
|
4
53
|
//# sourceMappingURL=config.d.ts.map
|
package/lib/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAEA,eAAO,IAAI,GAAG,EAAE,GAAwC,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAEA,eAAO,IAAI,GAAG,EAAE,GAAwC,CAAC;AAGzD,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;CAiBlB,CAAC;AACF,MAAM,MAAM,WAAW,GAAG,OAAO,MAAM,CAAC;AAGxC,eAAO,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6BhB,CAAC;AACF,MAAM,MAAM,SAAS,GAAG,OAAO,IAAI,CAAC;AAGpC,eAAO,MAAM,YAAY,GAAI,QAAQ,GAAG,SAIvC,CAAC"}
|