@rockster/core 0.0.4 → 0.1.1

package/remote-logs/services/opensearch.service.js

@@ -0,0 +1,167 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OpenSearchService = void 0;
+const class_injector_1 = require("@rockster/class-injector");
+const environment_1 = require("../environment");
+const CONNECT_TIMEOUT_MS = 10000;
+let OpenSearchService = class OpenSearchService {
+    getAuthHeader() {
+        const { username, password } = environment_1.environment.options;
+        return `Basic ${Buffer.from(`${username}:${password}`).toString('base64')}`;
+    }
+    getIndexName(suffix) {
+        const config = environment_1.environment.options;
+        if (!config) {
+            throw new Error('RemoteLogsModule is not initialized');
+        }
+        if (!suffix) {
+            return config.index;
+        }
+        return `${config.index}${suffix.startsWith('-') ? suffix : `-${suffix}`}`;
+    }
+    async request(path, init = {}) {
+        const config = environment_1.environment.options;
+        if (!config) {
+            throw new Error('RemoteLogsModule is not initialized');
+        }
+        const url = `${config.url}${path.startsWith('/') ? path : `/${path}`}`;
+        return fetch(url, {
+            ...init,
+            headers: {
+                Authorization: this.getAuthHeader(),
+                'Content-Type': 'application/json',
+                ...(init.headers ?? {}),
+            },
+            signal: init.signal ?? AbortSignal.timeout(CONNECT_TIMEOUT_MS),
+        });
+    }
+    async search(payload) {
+        const index = this.getIndexName();
+        const response = await this.request(`/${index}/_search`, {
+            method: 'POST',
+            body: JSON.stringify(payload),
+        });
+        if (!response.ok) {
+            const text = await response.text().catch(() => '');
+            throw new Error(`OpenSearch search failed (${response.status}): ${text.slice(0, 500)}`);
+        }
+        return await response.json();
+    }
+    async searchIndex(suffix, payload) {
+        await this.ensureIndex(suffix);
+        const index = this.getIndexName(suffix);
+        const response = await this.request(`/${index}/_search`, {
+            method: 'POST',
+            body: JSON.stringify(payload),
+        });
+        if (!response.ok) {
+            const text = await response.text().catch(() => '');
+            throw new Error(`OpenSearch search failed (${response.status}): ${text.slice(0, 500)}`);
+        }
+        return await response.json();
+    }
+    async indexDocument(suffix, id, document) {
+        await this.ensureIndex(suffix);
+        const index = this.getIndexName(suffix);
+        const response = await this.request(`/${index}/_doc/${encodeURIComponent(id)}`, {
+            method: 'PUT',
+            body: JSON.stringify(document),
+        });
+        if (!response.ok) {
+            const text = await response.text().catch(() => '');
+            throw new Error(`OpenSearch index failed (${response.status}): ${text.slice(0, 500)}`);
+        }
+    }
+    async updateDocument(suffix, id, document) {
+        await this.ensureIndex(suffix);
+        const index = this.getIndexName(suffix);
+        const response = await this.request(`/${index}/_update/${encodeURIComponent(id)}`, {
+            method: 'POST',
+            body: JSON.stringify({ doc: document }),
+        });
+        if (!response.ok) {
+            const text = await response.text().catch(() => '');
+            throw new Error(`OpenSearch update failed (${response.status}): ${text.slice(0, 500)}`);
+        }
+    }
+    async getDocument(suffix, id) {
+        await this.ensureIndex(suffix);
+        const index = this.getIndexName(suffix);
+        const response = await this.request(`/${index}/_doc/${encodeURIComponent(id)}`, {
+            method: 'GET',
+        });
+        if (response.status === 404) {
+            return null;
+        }
+        if (!response.ok) {
+            const text = await response.text().catch(() => '');
+            throw new Error(`OpenSearch get failed (${response.status}): ${text.slice(0, 500)}`);
+        }
+        const payload = await response.json();
+        return payload._source ?? null;
+    }
+    async deleteDocument(suffix, id) {
+        const index = this.getIndexName(suffix);
+        const response = await this.request(`/${index}/_doc/${encodeURIComponent(id)}`, {
+            method: 'DELETE',
+        });
+        if (!response.ok && response.status !== 404) {
+            const text = await response.text().catch(() => '');
+            throw new Error(`OpenSearch delete failed (${response.status}): ${text.slice(0, 500)}`);
+        }
+    }
+    async ensureIndex(suffix) {
+        const index = this.getIndexName(suffix);
+        const response = await this.request(`/${index}`, { method: 'HEAD' });
+        if (response.ok) {
+            return;
+        }
+        if (response.status !== 404) {
+            return;
+        }
+        const mappings = suffix === 'apps'
+            ? {
+                properties: {
+                    appId: { type: 'keyword' },
+                    date: { type: 'date' },
+                },
+            }
+            : suffix === 'settings' || suffix === 'hooks' || suffix === 'events'
+                ? {
+                    properties: {
+                        appId: { type: 'keyword' },
+                        hookId: { type: 'keyword' },
+                        date: { type: 'date' },
+                        firedAt: { type: 'date' },
+                        enabled: { type: 'boolean' },
+                        url: { type: 'keyword' },
+                        clearInterval: { type: 'keyword' },
+                        logLevel: { type: 'keyword' },
+                        name: { type: 'keyword' },
+                        displayName: { type: 'keyword' },
+                        read: { type: 'boolean' },
+                        readBy: { type: 'keyword' },
+                    },
+                }
+                : undefined;
+        const createResponse = await this.request(`/${index}`, {
+            method: 'PUT',
+            body: JSON.stringify(mappings ? { mappings } : {}),
+        });
+        if (!createResponse.ok) {
+            const text = await createResponse.text().catch(() => '');
+            throw new Error(`OpenSearch ensureIndex failed (${createResponse.status}): ${text.slice(0, 500)}`);
+        }
+    }
+};
+exports.OpenSearchService = OpenSearchService;
+exports.OpenSearchService = OpenSearchService = __decorate([
+    (0, class_injector_1.Injectable)()
+], OpenSearchService);
+//# sourceMappingURL=opensearch.service.js.map

package/remote-logs/services/opensearch.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"opensearch.service.js","sourceRoot":"./","sources":["remote-logs/services/opensearch.service.ts"],"names":[],"mappings":";;;;;;;;;AAAA,6DAAsD;AAKtD,gDAA6C;AAE7C,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAG1B,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAEjB,aAAa;QACpB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,yBAAW,CAAC,OAAQ,CAAC;QACpD,OAAO,SAAS,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC/E,CAAC;IAES,YAAY,CAAC,MAAe;QACnC,MAAM,MAAM,GAAG,yBAAW,CAAC,OAAO,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC,KAAK,CAAC;QACvB,CAAC;QACD,OAAO,GAAG,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC;IAC7E,CAAC;IAES,KAAK,CAAC,OAAO,CAAC,IAAY,EAAE,OAAoB,EAAE;QACzD,MAAM,MAAM,GAAG,yBAAW,CAAC,OAAO,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QACvE,OAAO,KAAK,CAAC,GAAG,EAAE;YACf,GAAG,IAAI;YACP,OAAO,EAAE;gBACN,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE;gBACnC,cAAc,EAAE,kBAAkB;gBAClC,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;aACzB;YACD,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC,OAAO,CAAC,kBAAkB,CAAC;SAChE,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAgC;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE;YACtD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC/B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CACZ,6BAA6B,QAAQ,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACxE,CAAC;QACL,CAAC;QAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAA8B,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,WAAW,CACd,MAAc,EACd,OAAgC;QAEhC,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE;YACtD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;SAC/B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CACZ,6BAA6B,QAAQ,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACxE,CAAC;QACL,CAAC;QAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAA8B,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,aAAa,CAChB,MAAc,EACd,EAAU,EACV,QAAiC;QAEjC,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAAE;YAC7E,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CACZ,4BAA4B,QAAQ,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACvE,CAAC;QACL,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CACjB,MAAc,EACd,EAAU,EACV,QAAiC;QAEjC,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAAE;YAChF,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;SACzC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CACZ,6BAA6B,QAAQ,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACxE,CAAC;QACL,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CACd,MAAc,EACd,EAAU;QAEV,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAAE;YAC7E,MAAM,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACf,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CACZ,0BAA0B,QAAQ,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACrE,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA2C,CAAC;QAC/E,OAAO,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,EAAU;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAAE;YAC7E,MAAM,EAAE,QAAQ;SAClB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CACZ,6BAA6B,QAAQ,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACxE,CAAC;QACL,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAc;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAErE,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YACf,OAAO;QACV,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC3B,OAAO;QACV,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,MAAM;YAC/B,CAAC,CAAC;gBACC,UAAU,EAAE;oBACT,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oBAC1B,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;iBACxB;aACH;YACD,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,QAAQ;gBACjE,CAAC,CAAC;oBACC,UAAU,EAAE;wBACT,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC1B,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC3B,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;wBACtB,OAAO,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;wBACzB,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC5B,GAAG,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBACxB,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAClC,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAC7B,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBACzB,WAAW,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBAChC,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wBACzB,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;qBAC7B;iBACH;gBACD,CAAC,CAAC,SAAS,CAAC;QAElB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,EAAE,EAAE;YACpD,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACpD,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACzD,MAAM,IAAI,KAAK,CACZ,kCAAkC,cAAc,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACnF,CAAC;QACL,CAAC;IACJ,CAAC;CACH,CAAA;AA3MY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,2BAAU,GAAE;GACA,iBAAiB,CA2M7B"}

package/security/auth.controller.js

@@ -33,13 +33,13 @@ let AuthController = class AuthController {
             .contexts;
         for (const preSchemaContext of env_1.env.preSchema.contexts) {
             const context = contexts
-                .find((context) => {
-                return context.protector() === preSchemaContext.protector();
+                .find((registered) => {
+                return registered.name.toLowerCase() === preSchemaContext.name.toLowerCase();
             });
             if (!context) {
-                this.logger.throw(new Error(`AuthContext not found for {${preSchemaContext.protector().name}}`));
+                this.logger.throw(new Error(`AuthContext not found for {${preSchemaContext.name}}`));
             }
-            for (const key of preSchemaContext.keys) {
+            for (const key of preSchemaContext.keys ?? []) {
                 context
                     .keys
                     .pushIfNotExists(key, (source, target) => {

package/security/auth.controller.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.controller.js","sourceRoot":"./","sources":["security/auth.controller.ts"],"names":[],"mappings":";;;;;;;;;AAAA,6DAGkC;AAClC,6CAA0C;AAC1C,+BAA4B;AAE5B,kEAA8D;AAC9D,sCAA6C;AAGtC,IAAM,cAAc,GAApB,MAAM,cAAc;IAApB;QAEM,WAAM,GAAG,IAAI,eAAM,CAAC,UAAU,CAAC,CAAC;IA0D7C,CAAC;IAxDE,KAAK,CAAC,MAAM,CAAC,MAAoB;QAC9B,IAAI,CAAC,SAAG,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;QACD,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;IAC/B,CAAC;IAES,KAAK,CAAC,cAAc;QAE3B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YACxC,OAAO;QACV,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI;aACjB,OAAO;aACP,QAAQ;aACR,aAAa;aACb,QAAQ,CAAC;QAEb,KAAK,MAAM,gBAAgB,IAAI,SAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACrD,MAAM,OAAO,GAAG,QAAQ;iBACpB,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;gBACf,OAAO,OAAO,CAAC,SAAS,EAAE,KAAK,gBAAgB,CAAC,SAAS,EAAE,CAAA;YAC9D,CAAC,CAAC,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,SAAS,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;YACpG,CAAC;YACD,KAAK,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,EAAE,CAAC;gBACvC,OAAO;qBACH,IAAI;qBACJ,eAAe,CACb,GAAG,EACH,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE;oBAChB,OAAO,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAA;gBACrC,CAAC,CACH,CAAC;YACR,CAAC;QACJ,CAAC;QAED,SAAG,CAAC,MAAM,GAAG,IAAI;aACb,OAAO;aACP,QAAQ;aACR,aAAa,CAAC;QAElB,MAAM,yBAAgB;aAClB,QAAQ;aACR,YAAY,CAAC,CAAC,kCAAe,CAAC,CAAC,CAAC;QAEpC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,MAAoB;QAClD,SAAG,CAAC,QAAQ,GAAG,MAAM,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IAC5D,CAAC;CACH,CAAA;AA5DY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,2BAAU,GAAE;GACA,cAAc,CA4D1B"}
+{"version":3,"file":"auth.controller.js","sourceRoot":"./","sources":["security/auth.controller.ts"],"names":[],"mappings":";;;;;;;;;AAAA,6DAGkC;AAClC,6CAA0C;AAC1C,+BAA4B;AAE5B,kEAA8D;AAC9D,sCAA6C;AAGtC,IAAM,cAAc,GAApB,MAAM,cAAc;IAApB;QAEM,WAAM,GAAG,IAAI,eAAM,CAAC,UAAU,CAAC,CAAC;IA0D7C,CAAC;IAxDE,KAAK,CAAC,MAAM,CAAC,MAAoB;QAC9B,IAAI,CAAC,SAAG,CAAC,QAAQ,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;QACD,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;IAC/B,CAAC;IAES,KAAK,CAAC,cAAc;QAE3B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YACxC,OAAO;QACV,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI;aACjB,OAAO;aACP,QAAQ;aACR,aAAa;aACb,QAAQ,CAAC;QAEb,KAAK,MAAM,gBAAgB,IAAI,SAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACrD,MAAM,OAAO,GAAG,QAAQ;iBACpB,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE;gBAClB,OAAO,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAChF,CAAC,CAAC,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;YACxF,CAAC;YACD,KAAK,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC7C,OAAO;qBACH,IAAI;qBACJ,eAAe,CACb,GAAG,EACH,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE;oBAChB,OAAO,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC;gBACtC,CAAC,CACH,CAAC;YACR,CAAC;QACJ,CAAC;QAED,SAAG,CAAC,MAAM,GAAG,IAAI;aACb,OAAO;aACP,QAAQ;aACR,aAAa,CAAC;QAElB,MAAM,yBAAgB;aAClB,QAAQ;aACR,YAAY,CAAC,CAAC,kCAAe,CAAC,CAAC,CAAC;QAEpC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,MAAoB;QAClD,SAAG,CAAC,QAAQ,GAAG,MAAM,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;QAC5C,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IAC5D,CAAC;CACH,CAAA;AA5DY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,2BAAU,GAAE;GACA,cAAc,CA4D1B"}

package/security/functions/add-protected.d.ts

@@ -1,3 +1,3 @@
-import { GetTypeCallback } from "../../common";
 import { IAuthorizationKey } from "../interfaces/authorization-schema";
-export declare const addProtected: (protector: GetTypeCallback, keys: IAuthorizationKey[]) => void;
+/** Registers authorization keys for a scope context name (legacy security schema). */
+export declare const addProtected: (contextName: string, keys?: IAuthorizationKey[]) => void;

package/security/functions/add-protected.js

@@ -2,17 +2,20 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.addProtected = void 0;
 const env_1 = require("../env");
-const addProtected = (protector, keys) => {
+/** Registers authorization keys for a scope context name (legacy security schema). */
+const addProtected = (contextName, keys = []) => {
     let context = env_1.env
         .preSchema
         .contexts
-        .find((context) => {
-        return context.protector() === protector();
+        .find((entry) => {
+        return entry.name.toLowerCase() === contextName.toLowerCase();
     });
     if (!context) {
         context = {
-            protector: protector,
-            keys: keys || []
+            name: contextName,
+            keys: keys || [],
+            ownerKey: { name: "owner" },
+            adminKey: { name: "admin" },
         };
         env_1.env.preSchema.contexts.push(context);
     }

package/security/functions/add-protected.js.map

@@ -1 +1 @@
-{"version":3,"file":"add-protected.js","sourceRoot":"./","sources":["security/functions/add-protected.ts"],"names":[],"mappings":";;;AACA,gCAA4B;AAMrB,MAAM,YAAY,GAAG,CACzB,SAA0B,EAC1B,IAAyB,EAC1B,EAAE;IACD,IAAI,OAAO,GAAG,SAAG;SACb,SAAS;SACT,QAAQ;SACR,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,OAAO,OAAO,CAAC,SAAS,EAAE,KAAK,SAAS,EAAE,CAAC;IAC9C,CAAC,CAAC,CAAC;IACN,IAAI,CAAC,OAAO,EAAE,CAAC;QACZ,OAAO,GAAG;YACP,SAAS,EAAE,SAAS;YACpB,IAAI,EAAE,IAAI,IAAI,EAAE;SACO,CAAC;QAC3B,SAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;SAAM,CAAC;QACL,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;IAC9B,CAAC;AACJ,CAAC,CAAA;AAnBY,QAAA,YAAY,gBAmBxB"}
+{"version":3,"file":"add-protected.js","sourceRoot":"./","sources":["security/functions/add-protected.ts"],"names":[],"mappings":";;;AAAA,gCAA6B;AAG7B,sFAAsF;AAC/E,MAAM,YAAY,GAAG,CACzB,WAAmB,EACnB,OAA4B,EAAE,EAC/B,EAAE;IACD,IAAI,OAAO,GAAG,SAAG;SACb,SAAS;SACT,QAAQ;SACR,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QACb,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,WAAW,CAAC,WAAW,EAAE,CAAC;IACjE,CAAC,CAAC,CAAC;IAEN,IAAI,CAAC,OAAO,EAAE,CAAC;QACZ,OAAO,GAAG;YACP,IAAI,EAAE,WAAW;YACjB,IAAI,EAAE,IAAI,IAAI,EAAE;YAChB,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;YAC3B,QAAQ,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;SACJ,CAAC;QAC3B,SAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;SAAM,CAAC;QACL,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;IAC9B,CAAC;AACJ,CAAC,CAAC;AAtBW,QAAA,YAAY,gBAsBvB"}

package/security/functions/create-authentication-interceptor.d.ts

@@ -0,0 +1,44 @@
+import { Instantiable } from "@rockster/common";
+import { IAuthController } from "../interfaces/auth-controller";
+/** Config for {@link createAuthenticationInterceptor}. */
+export type AuthenticationInterceptorConfig = {
+    /** Unique name (registry key) — also the name you give your decorator. */
+    name: string;
+    /** Lazy ref to the auth service (implements {@link IAuthController}). */
+    service: () => Instantiable<IAuthController>;
+    /** Human description surfaced in the generated docs/SDK. */
+    description?: string;
+    /** Pipeline phase(s) to run on. Defaults to `onBeforeExecute`. */
+    filters?: string[];
+};
+/**
+ * Builds a **named** authentication decorator in the `createInterceptor` style,
+ * so each integration can name and document its own (e.g. `@ServiceApiAuth()`).
+ *
+ * The produced decorator marks the endpoint as `public` (it opts out of the
+ * default auth service) **and** `authenticated` (it runs a special auth
+ * strategy). That suppresses the standing `[PUBLIC]` warning and lets the docs
+ * present a custom auth requirement instead of "no auth".
+ *
+ * The interceptor runs the configured service (lazy `() => Service`, same
+ * `IAuthController` shape as the default `AuthController`) and, on success, sets
+ * `context.session` / `req.session`; it throws `UnauthorizedError` otherwise.
+ *
+ * Usage:
+ * ```ts
+ * export const ServiceApiAuth = createAuthenticationInterceptor({
+ *    name: "ServiceApiAuth",
+ *    service: () => ServiceApiKeyAuthService,
+ *    description: "Autentica via API key de serviço (header X-Api-Key).",
+ * });
+ *
+ * @ServiceApiAuth()
+ * @Get("/things")
+ * async list() { ... }
+ * ```
+ *
+ * Note: it authenticates in the execute phase. To combine special auth with
+ * scope keys on the **same** endpoint, the auth must run before scope
+ * assertion — refine the `filters` when that case first appears.
+ */
+export declare function createAuthenticationInterceptor<TParams = void>(config: AuthenticationInterceptorConfig): (params?: TParams) => PropertyDecorator;

package/security/functions/create-authentication-interceptor.js

@@ -0,0 +1,114 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthenticationInterceptor = createAuthenticationInterceptor;
+const class_injector_1 = require("@rockster/class-injector");
+const common_1 = require("@rockster/common");
+const core_1 = require("../../core");
+/** Auth services are singletons — instantiate each once. */
+const instanceCache = new Map();
+async function resolveAuthService(ServiceRef) {
+    const ServiceClass = ServiceRef();
+    let instance = instanceCache.get(ServiceClass);
+    if (!instance) {
+        instance = (await (0, class_injector_1.createInstance)(ServiceClass));
+        instanceCache.set(ServiceClass, instance);
+    }
+    return instance;
+}
+let AuthenticationInterceptor = class AuthenticationInterceptor {
+    async intercept(args) {
+        const config = args.params?.__config;
+        if (!config) {
+            throw new common_1.UnauthorizedError();
+        }
+        const request = args.req ?? args.context?.httpRequest;
+        const service = await resolveAuthService(config.service);
+        if (request?.isWs && service.wsInterceptor) {
+            const connection = await service.wsInterceptor(request);
+            if (!connection) {
+                throw new common_1.UnauthorizedError();
+            }
+            if (args.context) {
+                args.context.session = connection;
+                args.context.isAuthenticated = true;
+            }
+            if (args.req) {
+                args.req.session = connection;
+            }
+            return;
+        }
+        if (!request) {
+            throw new common_1.UnauthorizedError();
+        }
+        const session = await service.httpInterceptor(request);
+        if (!session) {
+            throw new common_1.UnauthorizedError();
+        }
+        if (args.context) {
+            args.context.session = session;
+            args.context.isAuthenticated = true;
+        }
+        if (args.req) {
+            args.req.session = session;
+        }
+    }
+};
+AuthenticationInterceptor = __decorate([
+    (0, class_injector_1.Injectable)()
+], AuthenticationInterceptor);
+/**
+ * Builds a **named** authentication decorator in the `createInterceptor` style,
+ * so each integration can name and document its own (e.g. `@ServiceApiAuth()`).
+ *
+ * The produced decorator marks the endpoint as `public` (it opts out of the
+ * default auth service) **and** `authenticated` (it runs a special auth
+ * strategy). That suppresses the standing `[PUBLIC]` warning and lets the docs
+ * present a custom auth requirement instead of "no auth".
+ *
+ * The interceptor runs the configured service (lazy `() => Service`, same
+ * `IAuthController` shape as the default `AuthController`) and, on success, sets
+ * `context.session` / `req.session`; it throws `UnauthorizedError` otherwise.
+ *
+ * Usage:
+ * ```ts
+ * export const ServiceApiAuth = createAuthenticationInterceptor({
+ *    name: "ServiceApiAuth",
+ *    service: () => ServiceApiKeyAuthService,
+ *    description: "Autentica via API key de serviço (header X-Api-Key).",
+ * });
+ *
+ * @ServiceApiAuth()
+ * @Get("/things")
+ * async list() { ... }
+ * ```
+ *
+ * Note: it authenticates in the execute phase. To combine special auth with
+ * scope keys on the **same** endpoint, the auth must run before scope
+ * assertion — refine the `filters` when that case first appears.
+ */
+function createAuthenticationInterceptor(config) {
+    return core_1.createInterceptor.custom({
+        name: config.name,
+        filters: config.filters ?? [core_1.commonInterceptor.onBeforeExecute],
+        executor: AuthenticationInterceptor,
+    }, (decorator, interceptor) => {
+        return (params) => {
+            return (target, propertyKey) => {
+                const property = core.storage.createProperty(target, propertyKey);
+                property.public = true;
+                property.authenticated = true;
+                decorator(interceptor, {
+                    __config: config,
+                    params,
+                })(target, propertyKey);
+            };
+        };
+    });
+}
+//# sourceMappingURL=create-authentication-interceptor.js.map

package/security/functions/create-authentication-interceptor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-authentication-interceptor.js","sourceRoot":"./","sources":["security/functions/create-authentication-interceptor.ts"],"names":[],"mappings":";;;;;;;;AAqHA,0EA2BC;AAhJD,6DAAsE;AACtE,6CAAmE;AACnE,qCAKoB;AAoBpB,4DAA4D;AAC5D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAiC,CAAC;AAE/D,KAAK,UAAU,kBAAkB,CAC9B,UAA+C;IAE/C,MAAM,YAAY,GAAG,UAAU,EAAE,CAAC;IAClC,IAAI,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACb,QAAQ,GAAG,CAAC,MAAM,IAAA,+BAAc,EAAC,YAAY,CAAC,CAAoB,CAAC;QACnE,aAAa,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,QAAQ,CAAC;AACnB,CAAC;AAGD,IAAM,yBAAyB,GAA/B,MAAM,yBAAyB;IAC5B,KAAK,CAAC,SAAS,CAAC,IAA6B;QAC1C,MAAM,MAAM,GAAI,IAAI,CAAC,MAA4C,EAAE,QAAQ,CAAC;QAC5E,IAAI,CAAC,MAAM,EAAE,CAAC;YACX,MAAM,IAAI,0BAAiB,EAAE,CAAC;QACjC,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC;QACtD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEzD,IAAI,OAAO,EAAE,IAAI,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1C,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,OAAgB,CAAC,CAAC;YACjE,IAAI,CAAC,UAAU,EAAE,CAAC;gBACf,MAAM,IAAI,0BAAiB,EAAE,CAAC;YACjC,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAChB,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,UAAmB,CAAC;gBAC3C,IAAI,CAAC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;YACvC,CAAC;YACD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACX,IAAI,CAAC,GAA6B,CAAC,OAAO,GAAG,UAAU,CAAC;YAC5D,CAAC;YACD,OAAO;QACV,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,0BAAiB,EAAE,CAAC;QACjC,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,0BAAiB,EAAE,CAAC;QACjC,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAChB,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;QACvC,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,GAA6B,CAAC,OAAO,GAAG,OAAO,CAAC;QACzD,CAAC;IACJ,CAAC;CACH,CAAA;AA1CK,yBAAyB;IAD9B,IAAA,2BAAU,GAAE;GACP,yBAAyB,CA0C9B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,SAAgB,+BAA+B,CAC5C,MAAuC;IAEvC,OAAO,wBAAiB,CAAC,MAAM,CAC5B;QACG,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,CAAC,wBAAiB,CAAC,eAAe,CAAC;QAC9D,QAAQ,EAAE,yBAAyB;KACrC,EACD,CAAC,SAAS,EAAE,WAAW,EAAE,EAAE;QACxB,OAAO,CAAC,MAAgB,EAAqB,EAAE;YAC5C,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE;gBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CACzC,MAAsB,EACtB,WAAqB,CAC0B,CAAC;gBACnD,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC;gBACvB,QAAQ,CAAC,aAAa,GAAG,IAAI,CAAC;gBAE9B,SAAS,CAAC,WAAW,EAAE;oBACpB,QAAQ,EAAE,MAAM;oBAChB,MAAM;iBACiB,CAAC,CAAC,MAAM,EAAE,WAAqB,CAAC,CAAC;YAC9D,CAAC,CAAC;QACL,CAAC,CAAC;IACL,CAAC,CACH,CAAC;AACL,CAAC"}

package/security/functions/find-auth-context.d.ts

@@ -1,3 +1,2 @@
-import { Instantiable } from "@rockster/common";
 import { IAuthorizationContext } from "../interfaces/authorization-schema";
-export declare const findAuthContext: (nameOrTarget: string | Instantiable) => IAuthorizationContext;
+export declare const findAuthContext: (contextName: string) => IAuthorizationContext;

package/security/functions/find-auth-context.js

@@ -3,21 +3,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.findAuthContext = void 0;
 const common_1 = require("@rockster/common");
 const env_1 = require("../env");
-const findAuthContext = (nameOrTarget) => {
-    const check = typeof nameOrTarget === 'string'
-        ? (source) => {
-            return source.name.toLowerCase() === nameOrTarget.toLowerCase();
-        }
-        : (source) => {
-            return source.protector() === nameOrTarget;
-        };
+const findAuthContext = (contextName) => {
     const authContext = env_1.env
         .schema
-        .contexts
-        .find(check);
+        ?.contexts
+        ?.find((source) => {
+        return source.name.toLowerCase() === contextName.toLowerCase();
+    });
     if (!authContext) {
         throw new common_1.NotFoundError({
-            message: `AuthContext [${[nameOrTarget]}] not found`
+            message: `AuthContext [${contextName}] not found`,
         });
     }
     return authContext;

package/security/functions/find-auth-context.js.map

@@ -1 +1 @@
-{"version":3,"file":"find-auth-context.js","sourceRoot":"./","sources":["security/functions/find-auth-context.ts"],"names":[],"mappings":";;;AAAA,6CAG0B;AAC1B,gCAA6B;AAGtB,MAAM,eAAe,GAAG,CAAC,YAAmC,EAAE,EAAE;IACpE,MAAM,KAAK,GAAG,OAAO,YAAY,KAAK,QAAQ;QAC3C,CAAC,CAAC,CAAC,MAA6B,EAAE,EAAE;YACjC,OAAO,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,YAAY,CAAC,WAAW,EAAE,CAAC;QACnE,CAAC;QACD,CAAC,CAAC,CAAC,MAA6B,EAAE,EAAE;YACjC,OAAO,MAAM,CAAC,SAAS,EAAE,KAAK,YAAY,CAAA;QAC7C,CAAC,CAAA;IACJ,MAAM,WAAW,GAAG,SAAG;SACnB,MAAM;SACN,QAAQ;SACR,IAAI,CAAC,KAAK,CAAC,CAAC;IAChB,IAAI,CAAC,WAAW,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAa,CAAC;YACrB,OAAO,EAAE,gBAAgB,CAAC,YAAY,CAAC,aAAa;SACtD,CAAC,CAAC;IACN,CAAC;IACD,OAAO,WAAW,CAAC;AACtB,CAAC,CAAA;AAlBY,QAAA,eAAe,mBAkB3B"}
+{"version":3,"file":"find-auth-context.js","sourceRoot":"./","sources":["security/functions/find-auth-context.ts"],"names":[],"mappings":";;;AAAA,6CAAiD;AACjD,gCAA6B;AAGtB,MAAM,eAAe,GAAG,CAAC,WAAmB,EAAyB,EAAE;IAC3E,MAAM,WAAW,GAAG,SAAG;SACnB,MAAM;QACP,EAAE,QAAQ;QACV,EAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;QACf,OAAO,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,WAAW,CAAC,WAAW,EAAE,CAAC;IAClE,CAAC,CAAC,CAAC;IAEN,IAAI,CAAC,WAAW,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAa,CAAC;YACrB,OAAO,EAAE,gBAAgB,WAAW,aAAa;SACnD,CAAC,CAAC;IACN,CAAC;IAED,OAAO,WAAW,CAAC;AACtB,CAAC,CAAC;AAfW,QAAA,eAAe,mBAe1B"}

package/security/index.d.ts

@@ -1,3 +1,4 @@
 export * from './interfaces';
 export * from './functions/is-auth-enabled';
+export * from './functions/create-authentication-interceptor';
 export * from './interceptors';

package/security/index.js

@@ -16,5 +16,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./interfaces"), exports);
 __exportStar(require("./functions/is-auth-enabled"), exports);
+__exportStar(require("./functions/create-authentication-interceptor"), exports);
 __exportStar(require("./interceptors"), exports);
 //# sourceMappingURL=index.js.map

package/security/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"./","sources":["security/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,8DAA4C;AAC5C,iDAA+B"}
+{"version":3,"file":"index.js","sourceRoot":"./","sources":["security/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,8DAA4C;AAC5C,gFAA8D;AAC9D,iDAA+B"}

package/security/interfaces/authorization-schema.d.ts

@@ -4,13 +4,15 @@ export interface IAuthorizationKey {
     description?: string;
     iconUrl?: string;
     group?: string;
+    /** @deprecated Protector module removed; kept for schema compatibility. */
     protector?: GetTypeCallback;
 }
 export interface IAuthorizationContext {
     name: string;
     description?: string;
     iconUrl?: string;
-    protector: GetTypeCallback;
+    /** @deprecated Protector module removed; kept for schema compatibility. */
+    protector?: GetTypeCallback;
     keys?: IAuthorizationKey[];
     ownerKey: IAuthorizationKey;
     adminKey: IAuthorizationKey;

package/security/services/authorization.service.d.ts

@@ -3,9 +3,11 @@ import { AuthContextData } from "../models/auth-context-data";
 import { GetUserPermissionsPayload } from "../models/get-user-permissions-payload";
 import { SetUserPermissionsPayload } from "../models/set-user-permissions-payload";
 export declare class AuthorizationService {
-    getUserPermissions(payload: GetUserPermissionsPayload, userId: string, entityManager: EntityManager): Promise<{
+    getUserPermissions(payload: GetUserPermissionsPayload, _userId: string, _entityManager: EntityManager): Promise<{
         accessKeys: string[];
     }>;
-    changeUserPermissions(payload: SetUserPermissionsPayload, userId: string, entityManager: EntityManager): Promise<void>;
-    getAuthContextConfig(payload: AuthContextData, userId: string, entityManager: EntityManager): Promise<import("..").IAuthorizationContext>;
+    changeUserPermissions(payload: SetUserPermissionsPayload, userId: string, _entityManager: EntityManager): Promise<void>;
+    getAuthContextConfig(payload: AuthContextData, userId: string, _entityManager: EntityManager): Promise<import("..").IAuthorizationContext>;
+    protected assertCanManageContext(contextName: string, userId: string, contextId: string): Promise<void>;
+    protected assertScopeAccessService(): void;
 }

package/security/services/authorization.service.js

@@ -8,51 +8,70 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthorizationService = void 0;
 const class_injector_1 = require("@rockster/class-injector");
-const use_protector_1 = require("../../database/functions/use-protector");
+const common_1 = require("@rockster/common");
+const env_1 = require("../../access/env");
+const get_is_owner_1 = require("../../access/functions/get-is-owner");
+const get_user_keys_1 = require("../../access/functions/get-user-keys");
+const normalize_scope_keys_1 = require("../../access/functions/normalize-scope-keys");
 const find_auth_context_1 = require("../functions/find-auth-context");
 let AuthorizationService = class AuthorizationService {
-    async getUserPermissions(payload, userId, entityManager) {
-        const authContext = (0, find_auth_context_1.findAuthContext)(payload.context);
-        const target = authContext.protector();
-        const protector = (0, use_protector_1.useProtector)(target);
-        const accessKeys = await protector.getUserPermissions({
-            context: authContext.name,
-            contextId: payload.contextId,
-            targetUserId: payload.userId,
-            userId: userId,
-            entityManager: entityManager
-        });
+    async getUserPermissions(payload, _userId, _entityManager) {
+        this.assertScopeAccessService();
+        const accessKeys = payload.contextId
+            ? await env_1.env.scopeAccessService.getKeysWithCtx(payload.contextId, payload.userId)
+            : await env_1.env.scopeAccessService.getAllUserKeys(payload.userId);
         return { accessKeys };
     }
-    async changeUserPermissions(payload, userId, entityManager) {
-        const authContext = (0, find_auth_context_1.findAuthContext)(payload.context);
-        const target = authContext.protector();
-        const protector = (0, use_protector_1.useProtector)(target);
-        await protector.setUserPermissions({
-            context: authContext.name,
-            contextId: payload.contextId,
-            targetUserId: payload.userId,
-            userId: userId,
-            entityManager: entityManager,
-            accessKeys: payload.accessKeys
-        });
+    async changeUserPermissions(payload, userId, _entityManager) {
+        this.assertScopeAccessService();
+        if (!payload.contextId?.trim()) {
+            throw new common_1.ForbiddenError({
+                message: "contextId is required",
+            });
+        }
+        await this.assertCanManageContext(payload.context, userId, payload.contextId);
+        await env_1.env.scopeAccessService.updateKeys("user", payload.context, payload.contextId, payload.userId, (0, normalize_scope_keys_1.normalizeScopeKeys)(payload.accessKeys));
     }
-    async getAuthContextConfig(payload, userId, entityManager) {
+    async getAuthContextConfig(payload, userId, _entityManager) {
         const authContext = (0, find_auth_context_1.findAuthContext)(payload.context);
-        const protector = (0, use_protector_1.useProtector)(authContext.protector());
-        const canReadKeys = [
-            authContext.adminKey.name,
-            authContext.ownerKey.name
-        ];
-        await protector.isAuthorized({
-            keys: canReadKeys,
-            userId: userId,
-            context: payload.context,
-            contextId: payload.contextId,
-            entityManager
-        });
+        if (payload.contextId) {
+            await this.assertCanManageContext(payload.context, userId, payload.contextId);
+        }
         return authContext;
     }
+    async assertCanManageContext(contextName, userId, contextId) {
+        const isOwner = await (0, get_is_owner_1.getIsOwner)(contextName, userId, contextId);
+        if (isOwner) {
+            return;
+        }
+        let authContext;
+        try {
+            authContext = (0, find_auth_context_1.findAuthContext)(contextName);
+        }
+        catch (error) {
+            if (error instanceof common_1.NotFoundError) {
+                throw new common_1.ForbiddenError({
+                    message: "Action require permissions to execute",
+                });
+            }
+            throw error;
+        }
+        const userKeys = await (0, get_user_keys_1.getUserKeys)(userId, contextId);
+        const privilegedKeys = [
+            authContext.ownerKey?.name,
+            authContext.adminKey?.name,
+        ].filter((key) => Boolean(key));
+        if (!privilegedKeys.some((key) => userKeys.includes(key))) {
+            throw new common_1.ForbiddenError({
+                message: "Action require permissions to execute",
+            });
+        }
+    }
+    assertScopeAccessService() {
+        if (!env_1.env.scopeAccessService) {
+            throw new Error("ScopeAccessService is not initialized");
+        }
+    }
 };
 exports.AuthorizationService = AuthorizationService;
 exports.AuthorizationService = AuthorizationService = __decorate([