@siriux/access-control 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/AccessControlManager.d.ts +24 -0
- package/dist/AccessControlManager.d.ts.map +1 -0
- package/dist/AccessControlManager.js +165 -0
- package/dist/AccessControlManager.js.map +1 -0
- package/dist/guards/index.d.ts +17 -0
- package/dist/guards/index.d.ts.map +1 -0
- package/dist/guards/index.js +155 -0
- package/dist/guards/index.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +36 -0
- package/dist/index.js.map +1 -0
- package/dist/policies/PolicyEngine.d.ts +14 -0
- package/dist/policies/PolicyEngine.d.ts.map +1 -0
- package/dist/policies/PolicyEngine.js +102 -0
- package/dist/policies/PolicyEngine.js.map +1 -0
- package/dist/types/index.d.ts +114 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +45 -0
- package/dist/types/index.js.map +1 -0
- package/package.json +41 -0
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { Permission, AccessResult, AccessContext, AccessControlConfig } from './types';
|
|
2
|
+
import { UserRole } from '@siriux/core';
|
|
3
|
+
export declare class AccessControlManager {
|
|
4
|
+
private policyEngine;
|
|
5
|
+
private guardRegistry;
|
|
6
|
+
private rolePermissions;
|
|
7
|
+
constructor(config: AccessControlConfig);
|
|
8
|
+
can(permission: Permission, context: AccessContext, guards?: string[]): Promise<AccessResult>;
|
|
9
|
+
canAny(permissions: Permission[], context: AccessContext, guards?: string[]): Promise<AccessResult>;
|
|
10
|
+
canAll(permissions: Permission[], context: AccessContext, guards?: string[]): Promise<AccessResult>;
|
|
11
|
+
getUserPermissions(role: UserRole): Permission[];
|
|
12
|
+
ownsResource(userId: string, resourceId: string): Promise<boolean>;
|
|
13
|
+
addPolicy(policy: any): void;
|
|
14
|
+
removePolicy(policyId: string): void;
|
|
15
|
+
addGuard(guard: any): void;
|
|
16
|
+
removeGuard(guardName: string): void;
|
|
17
|
+
createMiddleware(options: {
|
|
18
|
+
permission: Permission;
|
|
19
|
+
guards?: string[];
|
|
20
|
+
getResourceContext?: (req: any) => Partial<AccessContext>;
|
|
21
|
+
}): (req: any, res: any, next: any) => Promise<any>;
|
|
22
|
+
static createDefault(): AccessControlManager;
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=AccessControlManager.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessControlManager.d.ts","sourceRoot":"","sources":["../src/AccessControlManager.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EAEV,YAAY,EACZ,aAAa,EAEb,mBAAmB,EAEpB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAIxC,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,eAAe,CAA0C;gBAErD,MAAM,EAAE,mBAAmB;IAcjC,GAAG,CACP,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,aAAa,EACtB,MAAM,CAAC,EAAE,MAAM,EAAE,GAChB,OAAO,CAAC,YAAY,CAAC;IAwBlB,MAAM,CACV,WAAW,EAAE,UAAU,EAAE,EACzB,OAAO,EAAE,aAAa,EACtB,MAAM,CAAC,EAAE,MAAM,EAAE,GAChB,OAAO,CAAC,YAAY,CAAC;IAelB,MAAM,CACV,WAAW,EAAE,UAAU,EAAE,EACzB,OAAO,EAAE,aAAa,EACtB,MAAM,CAAC,EAAE,MAAM,EAAE,GAChB,OAAO,CAAC,YAAY,CAAC;IAYxB,kBAAkB,CAAC,IAAI,EAAE,QAAQ,GAAG,UAAU,EAAE;IAK1C,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYxE,SAAS,CAAC,MAAM,EAAE,GAAG,GAAG,IAAI;IAK5B,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKpC,QAAQ,CAAC,KAAK,EAAE,GAAG,GAAG,IAAI;IAK1B,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAKpC,gBAAgB,CAAC,OAAO,EAAE;QACxB,UAAU,EAAE,UAAU,CAAC;QACvB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,kBAAkB,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,aAAa,CAAC,CAAC;KAC3D,IACe,KAAK,GAAG,EAAE,KAAK,GAAG,EAAE,MAAM,GAAG;IAgD7C,MAAM,CAAC,aAAa,IAAI,oBAAoB;CA2B7C"}
|
|
@@ -0,0 +1,165 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AccessControlManager = void 0;
|
|
4
|
+
const types_1 = require("./types");
|
|
5
|
+
const core_1 = require("@siriux/core");
|
|
6
|
+
const PolicyEngine_1 = require("./policies/PolicyEngine");
|
|
7
|
+
const guards_1 = require("./guards");
|
|
8
|
+
class AccessControlManager {
|
|
9
|
+
constructor(config) {
|
|
10
|
+
this.rolePermissions = new Map();
|
|
11
|
+
this.policyEngine = new PolicyEngine_1.DefaultPolicyEngine(config.policies);
|
|
12
|
+
this.guardRegistry = new guards_1.GuardRegistry();
|
|
13
|
+
// Register custom guards
|
|
14
|
+
config.guards.forEach(guard => this.guardRegistry.register(guard));
|
|
15
|
+
// Set up role permissions
|
|
16
|
+
config.defaultRoles.forEach(roleDef => {
|
|
17
|
+
this.rolePermissions.set(roleDef.role, roleDef.permissions);
|
|
18
|
+
});
|
|
19
|
+
}
|
|
20
|
+
// Check if a user has permission for a specific action
|
|
21
|
+
async can(permission, context, guards) {
|
|
22
|
+
const request = {
|
|
23
|
+
permission,
|
|
24
|
+
context
|
|
25
|
+
};
|
|
26
|
+
// First check permission
|
|
27
|
+
const permissionResult = await this.policyEngine.evaluate(request);
|
|
28
|
+
if (!permissionResult.granted) {
|
|
29
|
+
return permissionResult;
|
|
30
|
+
}
|
|
31
|
+
// Then check guards if specified
|
|
32
|
+
if (guards && guards.length > 0) {
|
|
33
|
+
const guardResult = await this.guardRegistry.evaluateGuards(guards, request);
|
|
34
|
+
if (!guardResult.granted) {
|
|
35
|
+
return guardResult;
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
return { granted: true };
|
|
39
|
+
}
|
|
40
|
+
// Check multiple permissions at once
|
|
41
|
+
async canAny(permissions, context, guards) {
|
|
42
|
+
for (const permission of permissions) {
|
|
43
|
+
const result = await this.can(permission, context, guards);
|
|
44
|
+
if (result.granted) {
|
|
45
|
+
return result;
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
return {
|
|
49
|
+
granted: false,
|
|
50
|
+
reason: `None of the required permissions are granted: ${permissions.join(', ')}`
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
// Check if user has all specified permissions
|
|
54
|
+
async canAll(permissions, context, guards) {
|
|
55
|
+
for (const permission of permissions) {
|
|
56
|
+
const result = await this.can(permission, context, guards);
|
|
57
|
+
if (!result.granted) {
|
|
58
|
+
return result;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
return { granted: true };
|
|
62
|
+
}
|
|
63
|
+
// Get user permissions
|
|
64
|
+
getUserPermissions(role) {
|
|
65
|
+
return this.rolePermissions.get(role) || [];
|
|
66
|
+
}
|
|
67
|
+
// Check if user owns a resource
|
|
68
|
+
async ownsResource(userId, resourceId) {
|
|
69
|
+
const context = {
|
|
70
|
+
userId,
|
|
71
|
+
userRole: core_1.UserRole.USER, // Role doesn't matter for ownership check
|
|
72
|
+
resourceId
|
|
73
|
+
};
|
|
74
|
+
const result = await this.can(types_1.Permission.READ_OWN_PROFILE, context, ['ownership']);
|
|
75
|
+
return result.granted;
|
|
76
|
+
}
|
|
77
|
+
// Add custom policy
|
|
78
|
+
addPolicy(policy) {
|
|
79
|
+
this.policyEngine.addPolicy(policy);
|
|
80
|
+
}
|
|
81
|
+
// Remove policy
|
|
82
|
+
removePolicy(policyId) {
|
|
83
|
+
this.policyEngine.removePolicy(policyId);
|
|
84
|
+
}
|
|
85
|
+
// Add custom guard
|
|
86
|
+
addGuard(guard) {
|
|
87
|
+
this.guardRegistry.register(guard);
|
|
88
|
+
}
|
|
89
|
+
// Remove guard
|
|
90
|
+
removeGuard(guardName) {
|
|
91
|
+
this.guardRegistry.unregister(guardName);
|
|
92
|
+
}
|
|
93
|
+
// Create middleware for Express
|
|
94
|
+
createMiddleware(options) {
|
|
95
|
+
return async (req, res, next) => {
|
|
96
|
+
try {
|
|
97
|
+
// Get user from request (assuming auth middleware already ran)
|
|
98
|
+
if (!req.user) {
|
|
99
|
+
return res.status(401).json({
|
|
100
|
+
success: false,
|
|
101
|
+
error: 'Authentication required'
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
// Build access context
|
|
105
|
+
const baseContext = {
|
|
106
|
+
userId: req.user.userId || req.user.id,
|
|
107
|
+
userRole: req.user.role,
|
|
108
|
+
ip: req.ip || req.connection.remoteAddress
|
|
109
|
+
};
|
|
110
|
+
// Add custom context if provided
|
|
111
|
+
const customContext = options.getResourceContext
|
|
112
|
+
? options.getResourceContext(req)
|
|
113
|
+
: {};
|
|
114
|
+
const context = { ...baseContext, ...customContext };
|
|
115
|
+
// Check permission
|
|
116
|
+
const result = await this.can(options.permission, context, options.guards);
|
|
117
|
+
if (!result.granted) {
|
|
118
|
+
return res.status(403).json({
|
|
119
|
+
success: false,
|
|
120
|
+
error: result.reason || 'Access denied'
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
// Attach access result to request
|
|
124
|
+
req.access = result;
|
|
125
|
+
next();
|
|
126
|
+
}
|
|
127
|
+
catch (error) {
|
|
128
|
+
console.error('Access control error:', error);
|
|
129
|
+
res.status(500).json({
|
|
130
|
+
success: false,
|
|
131
|
+
error: 'Internal server error'
|
|
132
|
+
});
|
|
133
|
+
}
|
|
134
|
+
};
|
|
135
|
+
}
|
|
136
|
+
// Factory method to create default configuration
|
|
137
|
+
static createDefault() {
|
|
138
|
+
const config = {
|
|
139
|
+
defaultRoles: [
|
|
140
|
+
{
|
|
141
|
+
role: core_1.UserRole.USER,
|
|
142
|
+
permissions: [
|
|
143
|
+
types_1.Permission.READ_OWN_PROFILE,
|
|
144
|
+
types_1.Permission.UPDATE_OWN_PROFILE,
|
|
145
|
+
types_1.Permission.DELETE_OWN_ACCOUNT,
|
|
146
|
+
types_1.Permission.READ_ALL_CONTENT,
|
|
147
|
+
types_1.Permission.CREATE_CONTENT,
|
|
148
|
+
types_1.Permission.UPDATE_OWN_CONTENT,
|
|
149
|
+
types_1.Permission.DELETE_OWN_CONTENT
|
|
150
|
+
]
|
|
151
|
+
},
|
|
152
|
+
{
|
|
153
|
+
role: core_1.UserRole.ADMIN,
|
|
154
|
+
permissions: Object.values(types_1.Permission)
|
|
155
|
+
}
|
|
156
|
+
],
|
|
157
|
+
policies: [],
|
|
158
|
+
guards: [],
|
|
159
|
+
strictMode: true
|
|
160
|
+
};
|
|
161
|
+
return new AccessControlManager(config);
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
exports.AccessControlManager = AccessControlManager;
|
|
165
|
+
//# sourceMappingURL=AccessControlManager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AccessControlManager.js","sourceRoot":"","sources":["../src/AccessControlManager.ts"],"names":[],"mappings":";;;AAAA,mCAQiB;AACjB,uCAAwC;AACxC,0DAA8D;AAC9D,qCAAiE;AAEjE,MAAa,oBAAoB;IAK/B,YAAY,MAA2B;QAF/B,oBAAe,GAAgC,IAAI,GAAG,EAAE,CAAC;QAG/D,IAAI,CAAC,YAAY,GAAG,IAAI,kCAAmB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC7D,IAAI,CAAC,aAAa,GAAG,IAAI,sBAAoB,EAAE,CAAC;QAEhD,yBAAyB;QACzB,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QAEnE,0BAA0B;QAC1B,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACpC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,KAAK,CAAC,GAAG,CACP,UAAsB,EACtB,OAAsB,EACtB,MAAiB;QAEjB,MAAM,OAAO,GAAkB;YAC7B,UAAU;YACV,OAAO;SACR,CAAC;QAEF,yBAAyB;QACzB,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACnE,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;YAC9B,OAAO,gBAAgB,CAAC;QAC1B,CAAC;QAED,iCAAiC;QACjC,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC7E,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,OAAO,WAAW,CAAC;YACrB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,qCAAqC;IACrC,KAAK,CAAC,MAAM,CACV,WAAyB,EACzB,OAAsB,EACtB,MAAiB;QAEjB,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;YAC3D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,iDAAiD,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SAClF,CAAC;IACJ,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,MAAM,CACV,WAAyB,EACzB,OAAsB,EACtB,MAAiB;QAEjB,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,uBAAuB;IACvB,kBAAkB,CAAC,IAAc;QAC/B,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAC9C,CAAC;IAED,gCAAgC;IAChC,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,UAAkB;QACnD,MAAM,OAAO,GAAkB;YAC7B,MAAM;YACN,QAAQ,EAAE,eAAQ,CAAC,IAAI,EAAE,0CAA0C;YACnE,UAAU;SACX,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAU,CAAC,gBAAgB,EAAE,OAAO,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QACnF,OAAO,MAAM,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,oBAAoB;IACpB,SAAS,CAAC,MAAW;QACnB,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAED,gBAAgB;IAChB,YAAY,CAAC,QAAgB;QAC3B,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAED,mBAAmB;IACnB,QAAQ,CAAC,KAAU;QACjB,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,eAAe;IACf,WAAW,CAAC,SAAiB;QAC3B,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC3C,CAAC;IAED,gCAAgC;IAChC,gBAAgB,CAAC,OAIhB;QACC,OAAO,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;YAC7C,IAAI,CAAC;gBACH,+DAA+D;gBAC/D,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;oBACd,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC1B,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,yBAAyB;qBACjC,CAAC,CAAC;gBACL,CAAC;gBAED,uBAAuB;gBACvB,MAAM,WAAW,GAAkB;oBACjC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,EAAE;oBACtC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI;oBACvB,EAAE,EAAE,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,UAAU,CAAC,aAAa;iBAC3C,CAAC;gBAEF,iCAAiC;gBACjC,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB;oBAC9C,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC;oBACjC,CAAC,CAAC,EAAE,CAAC;gBAEP,MAAM,OAAO,GAAkB,EAAE,GAAG,WAAW,EAAE,GAAG,aAAa,EAAE,CAAC;gBAEpE,mBAAmB;gBACnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;gBAE3E,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC1B,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,MAAM,CAAC,MAAM,IAAI,eAAe;qBACxC,CAAC,CAAC;gBACL,CAAC;gBAED,kCAAkC;gBAClC,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC;gBACpB,IAAI,EAAE,CAAC;YACT,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;gBAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,uBAAuB;iBAC/B,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IAED,iDAAiD;IACjD,MAAM,CAAC,aAAa;QAClB,MAAM,MAAM,GAAwB;YAClC,YAAY,EAAE;gBACZ;oBACE,IAAI,EAAE,eAAQ,CAAC,IAAI;oBACnB,WAAW,EAAE;wBACX,kBAAU,CAAC,gBAAgB;wBAC3B,kBAAU,CAAC,kBAAkB;wBAC7B,kBAAU,CAAC,kBAAkB;wBAC7B,kBAAU,CAAC,gBAAgB;wBAC3B,kBAAU,CAAC,cAAc;wBACzB,kBAAU,CAAC,kBAAkB;wBAC7B,kBAAU,CAAC,kBAAkB;qBAC9B;iBACF;gBACD;oBACE,IAAI,EAAE,eAAQ,CAAC,KAAK;oBACpB,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,kBAAU,CAAC;iBACvC;aACF;YACD,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,IAAI;SACjB,CAAC;QAEF,OAAO,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;CACF;AAvMD,oDAuMC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { Guard, AccessRequest, AccessResult } from '../types';
|
|
2
|
+
export declare const OwnershipGuard: Guard;
|
|
3
|
+
export declare const TimeGuard: Guard;
|
|
4
|
+
export declare const IPGuard: Guard;
|
|
5
|
+
export declare const RoleGuard: Guard;
|
|
6
|
+
export declare const ResourceStateGuard: Guard;
|
|
7
|
+
export declare function createCustomGuard(name: string, checkFunction: (request: AccessRequest) => AccessResult | Promise<AccessResult>): Guard;
|
|
8
|
+
export declare class GuardRegistry {
|
|
9
|
+
private guards;
|
|
10
|
+
constructor();
|
|
11
|
+
register(guard: Guard): void;
|
|
12
|
+
unregister(guardName: string): void;
|
|
13
|
+
get(guardName: string): Guard | undefined;
|
|
14
|
+
getAll(): Guard[];
|
|
15
|
+
evaluateGuards(guardNames: string[], request: AccessRequest): Promise<AccessResult>;
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,YAAY,EAAiB,MAAM,UAAU,CAAC;AAG7E,eAAO,MAAM,cAAc,EAAE,KAsB5B,CAAC;AAGF,eAAO,MAAM,SAAS,EAAE,KAcvB,CAAC;AAGF,eAAO,MAAM,OAAO,EAAE,KAqBrB,CAAC;AAGF,eAAO,MAAM,SAAS,EAAE,KA0BvB,CAAC;AAGF,eAAO,MAAM,kBAAkB,EAAE,KA2BhC,CAAC;AAGF,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,EACZ,aAAa,EAAE,CAAC,OAAO,EAAE,aAAa,KAAK,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,GAC9E,KAAK,CAKP;AAGD,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAiC;;IAW/C,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,IAAI;IAI5B,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAInC,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,KAAK,GAAG,SAAS;IAIzC,MAAM,IAAI,KAAK,EAAE;IAIX,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;CAkB1F"}
|
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.GuardRegistry = exports.ResourceStateGuard = exports.RoleGuard = exports.IPGuard = exports.TimeGuard = exports.OwnershipGuard = void 0;
|
|
4
|
+
exports.createCustomGuard = createCustomGuard;
|
|
5
|
+
// Ownership guard - checks if user owns the resource
|
|
6
|
+
exports.OwnershipGuard = {
|
|
7
|
+
name: 'ownership',
|
|
8
|
+
check: (request) => {
|
|
9
|
+
const { userId } = request.context;
|
|
10
|
+
const { resourceId } = request.context;
|
|
11
|
+
if (!resourceId) {
|
|
12
|
+
return {
|
|
13
|
+
granted: false,
|
|
14
|
+
reason: 'No resource ID provided for ownership check'
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
// In a real implementation, this would check the database
|
|
18
|
+
// For now, we'll assume the resource ID contains the owner ID
|
|
19
|
+
const isOwner = resourceId.includes(`owner:${userId}`);
|
|
20
|
+
return {
|
|
21
|
+
granted: isOwner,
|
|
22
|
+
reason: isOwner ? 'User owns the resource' : 'User does not own the resource'
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
};
|
|
26
|
+
// Time-based guard - checks if access is within allowed time windows
|
|
27
|
+
exports.TimeGuard = {
|
|
28
|
+
name: 'time',
|
|
29
|
+
check: (request) => {
|
|
30
|
+
const now = new Date();
|
|
31
|
+
const hour = now.getHours();
|
|
32
|
+
// Allow access during business hours (9 AM - 6 PM)
|
|
33
|
+
const isBusinessHours = hour >= 9 && hour <= 18;
|
|
34
|
+
return {
|
|
35
|
+
granted: isBusinessHours,
|
|
36
|
+
reason: isBusinessHours ? 'Access within business hours' : 'Access outside business hours'
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
};
|
|
40
|
+
// IP-based guard - checks if access is from allowed IP addresses
|
|
41
|
+
exports.IPGuard = {
|
|
42
|
+
name: 'ip',
|
|
43
|
+
check: (request) => {
|
|
44
|
+
const clientIP = request.context?.ip;
|
|
45
|
+
if (!clientIP) {
|
|
46
|
+
return {
|
|
47
|
+
granted: false,
|
|
48
|
+
reason: 'No IP address provided'
|
|
49
|
+
};
|
|
50
|
+
}
|
|
51
|
+
// In a real implementation, this would check against a whitelist
|
|
52
|
+
const allowedIPs = ['127.0.0.1', '::1']; // localhost
|
|
53
|
+
const isAllowed = allowedIPs.includes(clientIP);
|
|
54
|
+
return {
|
|
55
|
+
granted: isAllowed,
|
|
56
|
+
reason: isAllowed ? 'IP address allowed' : 'IP address not allowed'
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
};
|
|
60
|
+
// Role-based guard - checks if user has required role
|
|
61
|
+
exports.RoleGuard = {
|
|
62
|
+
name: 'role',
|
|
63
|
+
check: (request) => {
|
|
64
|
+
const { userRole } = request.context;
|
|
65
|
+
const requiredRole = request.context?.requiredRole;
|
|
66
|
+
if (!requiredRole) {
|
|
67
|
+
return { granted: true };
|
|
68
|
+
}
|
|
69
|
+
const roleHierarchy = {
|
|
70
|
+
'admin': 3,
|
|
71
|
+
'manager': 2,
|
|
72
|
+
'user': 1
|
|
73
|
+
};
|
|
74
|
+
const userLevel = roleHierarchy[userRole] || 0;
|
|
75
|
+
const requiredLevel = roleHierarchy[requiredRole] || 0;
|
|
76
|
+
const hasRequiredRole = userLevel >= requiredLevel;
|
|
77
|
+
return {
|
|
78
|
+
granted: hasRequiredRole,
|
|
79
|
+
reason: hasRequiredRole ? 'Role requirement satisfied' : 'Insufficient role level'
|
|
80
|
+
};
|
|
81
|
+
}
|
|
82
|
+
};
|
|
83
|
+
// Resource state guard - checks if resource is in a state that allows access
|
|
84
|
+
exports.ResourceStateGuard = {
|
|
85
|
+
name: 'resource-state',
|
|
86
|
+
check: (request) => {
|
|
87
|
+
const resourceState = request.context?.resourceState;
|
|
88
|
+
if (!resourceState) {
|
|
89
|
+
return { granted: true };
|
|
90
|
+
}
|
|
91
|
+
// Define states that allow different actions
|
|
92
|
+
const allowedStates = {
|
|
93
|
+
'read': ['active', 'archived', 'draft'],
|
|
94
|
+
'update': ['active', 'draft'],
|
|
95
|
+
'delete': ['active', 'draft'],
|
|
96
|
+
'create': []
|
|
97
|
+
};
|
|
98
|
+
const action = request.context?.action || 'read';
|
|
99
|
+
const allowedStatesForAction = allowedStates[action] || [];
|
|
100
|
+
const isAllowed = allowedStatesForAction.includes(resourceState);
|
|
101
|
+
return {
|
|
102
|
+
granted: isAllowed,
|
|
103
|
+
reason: isAllowed ? 'Resource state allows action' : 'Resource state does not allow action'
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
};
|
|
107
|
+
// Custom guard factory for creating dynamic guards
|
|
108
|
+
function createCustomGuard(name, checkFunction) {
|
|
109
|
+
return {
|
|
110
|
+
name,
|
|
111
|
+
check: checkFunction
|
|
112
|
+
};
|
|
113
|
+
}
|
|
114
|
+
// Guard registry for managing multiple guards
|
|
115
|
+
class GuardRegistry {
|
|
116
|
+
constructor() {
|
|
117
|
+
this.guards = new Map();
|
|
118
|
+
// Register default guards
|
|
119
|
+
this.register(exports.OwnershipGuard);
|
|
120
|
+
this.register(exports.TimeGuard);
|
|
121
|
+
this.register(exports.IPGuard);
|
|
122
|
+
this.register(exports.RoleGuard);
|
|
123
|
+
this.register(exports.ResourceStateGuard);
|
|
124
|
+
}
|
|
125
|
+
register(guard) {
|
|
126
|
+
this.guards.set(guard.name, guard);
|
|
127
|
+
}
|
|
128
|
+
unregister(guardName) {
|
|
129
|
+
this.guards.delete(guardName);
|
|
130
|
+
}
|
|
131
|
+
get(guardName) {
|
|
132
|
+
return this.guards.get(guardName);
|
|
133
|
+
}
|
|
134
|
+
getAll() {
|
|
135
|
+
return Array.from(this.guards.values());
|
|
136
|
+
}
|
|
137
|
+
async evaluateGuards(guardNames, request) {
|
|
138
|
+
for (const guardName of guardNames) {
|
|
139
|
+
const guard = this.get(guardName);
|
|
140
|
+
if (!guard) {
|
|
141
|
+
return {
|
|
142
|
+
granted: false,
|
|
143
|
+
reason: `Guard not found: ${guardName}`
|
|
144
|
+
};
|
|
145
|
+
}
|
|
146
|
+
const result = await guard.check(request);
|
|
147
|
+
if (!result.granted) {
|
|
148
|
+
return result;
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
return { granted: true };
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
exports.GuardRegistry = GuardRegistry;
|
|
155
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":";;;AAgIA,8CAQC;AAtID,qDAAqD;AACxC,QAAA,cAAc,GAAU;IACnC,IAAI,EAAE,WAAW;IACjB,KAAK,EAAE,CAAC,OAAsB,EAAgB,EAAE;QAC9C,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;QACnC,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;QAEvC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,6CAA6C;aACtD,CAAC;QACJ,CAAC;QAED,0DAA0D;QAC1D,8DAA8D;QAC9D,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,MAAM,EAAE,CAAC,CAAC;QAEvD,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,gCAAgC;SAC9E,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,qEAAqE;AACxD,QAAA,SAAS,GAAU;IAC9B,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,CAAC,OAAsB,EAAgB,EAAE;QAC9C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QAE5B,mDAAmD;QACnD,MAAM,eAAe,GAAG,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;QAEhD,OAAO;YACL,OAAO,EAAE,eAAe;YACxB,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAC,+BAA+B;SAC3F,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,iEAAiE;AACpD,QAAA,OAAO,GAAU;IAC5B,IAAI,EAAE,IAAI;IACV,KAAK,EAAE,CAAC,OAAsB,EAAgB,EAAE;QAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAErC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,wBAAwB;aACjC,CAAC;QACJ,CAAC;QAED,iEAAiE;QACjE,MAAM,UAAU,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,YAAY;QACrD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEhD,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,wBAAwB;SACpE,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,sDAAsD;AACzC,QAAA,SAAS,GAAU;IAC9B,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,CAAC,OAAsB,EAAgB,EAAE;QAC9C,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;QACrC,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,EAAE,YAAY,CAAC;QAEnD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,MAAM,aAAa,GAAG;YACpB,OAAO,EAAE,CAAC;YACV,SAAS,EAAE,CAAC;YACZ,MAAM,EAAE,CAAC;SACV,CAAC;QAEF,MAAM,SAAS,GAAG,aAAa,CAAC,QAAsC,CAAC,IAAI,CAAC,CAAC;QAC7E,MAAM,aAAa,GAAG,aAAa,CAAC,YAA0C,CAAC,IAAI,CAAC,CAAC;QAErF,MAAM,eAAe,GAAG,SAAS,IAAI,aAAa,CAAC;QAEnD,OAAO;YACL,OAAO,EAAE,eAAe;YACxB,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,yBAAyB;SACnF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,6EAA6E;AAChE,QAAA,kBAAkB,GAAU;IACvC,IAAI,EAAE,gBAAgB;IACtB,KAAK,EAAE,CAAC,OAAsB,EAAgB,EAAE;QAC9C,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC;QAErD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,6CAA6C;QAC7C,MAAM,aAAa,GAA6B;YAC9C,MAAM,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC;YACvC,QAAQ,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;YAC7B,QAAQ,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;YAC7B,QAAQ,EAAE,EAAE;SACb,CAAC;QAEF,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,MAAM,IAAI,MAAM,CAAC;QACjD,MAAM,sBAAsB,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAE3D,MAAM,SAAS,GAAG,sBAAsB,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAEjE,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAC,sCAAsC;SAC5F,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,mDAAmD;AACnD,SAAgB,iBAAiB,CAC/B,IAAY,EACZ,aAA+E;IAE/E,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,aAAa;KACrB,CAAC;AACJ,CAAC;AAED,8CAA8C;AAC9C,MAAa,aAAa;IAGxB;QAFQ,WAAM,GAAuB,IAAI,GAAG,EAAE,CAAC;QAG7C,0BAA0B;QAC1B,IAAI,CAAC,QAAQ,CAAC,sBAAc,CAAC,CAAC;QAC9B,IAAI,CAAC,QAAQ,CAAC,iBAAS,CAAC,CAAC;QACzB,IAAI,CAAC,QAAQ,CAAC,eAAO,CAAC,CAAC;QACvB,IAAI,CAAC,QAAQ,CAAC,iBAAS,CAAC,CAAC;QACzB,IAAI,CAAC,QAAQ,CAAC,0BAAkB,CAAC,CAAC;IACpC,CAAC;IAED,QAAQ,CAAC,KAAY;QACnB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,UAAU,CAAC,SAAiB;QAC1B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAChC,CAAC;IAED,GAAG,CAAC,SAAiB;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;IAED,MAAM;QACJ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,UAAoB,EAAE,OAAsB;QAC/D,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAClC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,oBAAoB,SAAS,EAAE;iBACxC,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;CACF;AA9CD,sCA8CC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export * from './types';
|
|
2
|
+
export { AccessControlManager } from './AccessControlManager';
|
|
3
|
+
export { DefaultPolicyEngine } from './policies/PolicyEngine';
|
|
4
|
+
export { OwnershipGuard, TimeGuard, IPGuard, RoleGuard, ResourceStateGuard, createCustomGuard, GuardRegistry } from './guards';
|
|
5
|
+
export declare const SIRIUX_ACCESS_CONTROL_VERSION = "1.0.0";
|
|
6
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,SAAS,CAAC;AAGxB,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAG9D,OAAO,EACL,cAAc,EACd,SAAS,EACT,OAAO,EACP,SAAS,EACT,kBAAkB,EAClB,iBAAiB,EACjB,aAAa,EACd,MAAM,UAAU,CAAC;AAGlB,eAAO,MAAM,6BAA6B,UAAU,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.SIRIUX_ACCESS_CONTROL_VERSION = exports.GuardRegistry = exports.createCustomGuard = exports.ResourceStateGuard = exports.RoleGuard = exports.IPGuard = exports.TimeGuard = exports.OwnershipGuard = exports.DefaultPolicyEngine = exports.AccessControlManager = void 0;
|
|
18
|
+
// Core exports
|
|
19
|
+
__exportStar(require("./types"), exports);
|
|
20
|
+
// Main classes
|
|
21
|
+
var AccessControlManager_1 = require("./AccessControlManager");
|
|
22
|
+
Object.defineProperty(exports, "AccessControlManager", { enumerable: true, get: function () { return AccessControlManager_1.AccessControlManager; } });
|
|
23
|
+
var PolicyEngine_1 = require("./policies/PolicyEngine");
|
|
24
|
+
Object.defineProperty(exports, "DefaultPolicyEngine", { enumerable: true, get: function () { return PolicyEngine_1.DefaultPolicyEngine; } });
|
|
25
|
+
// Guards
|
|
26
|
+
var guards_1 = require("./guards");
|
|
27
|
+
Object.defineProperty(exports, "OwnershipGuard", { enumerable: true, get: function () { return guards_1.OwnershipGuard; } });
|
|
28
|
+
Object.defineProperty(exports, "TimeGuard", { enumerable: true, get: function () { return guards_1.TimeGuard; } });
|
|
29
|
+
Object.defineProperty(exports, "IPGuard", { enumerable: true, get: function () { return guards_1.IPGuard; } });
|
|
30
|
+
Object.defineProperty(exports, "RoleGuard", { enumerable: true, get: function () { return guards_1.RoleGuard; } });
|
|
31
|
+
Object.defineProperty(exports, "ResourceStateGuard", { enumerable: true, get: function () { return guards_1.ResourceStateGuard; } });
|
|
32
|
+
Object.defineProperty(exports, "createCustomGuard", { enumerable: true, get: function () { return guards_1.createCustomGuard; } });
|
|
33
|
+
Object.defineProperty(exports, "GuardRegistry", { enumerable: true, get: function () { return guards_1.GuardRegistry; } });
|
|
34
|
+
// Version information
|
|
35
|
+
exports.SIRIUX_ACCESS_CONTROL_VERSION = '1.0.0';
|
|
36
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,eAAe;AACf,0CAAwB;AAExB,eAAe;AACf,+DAA8D;AAArD,4HAAA,oBAAoB,OAAA;AAC7B,wDAA8D;AAArD,mHAAA,mBAAmB,OAAA;AAE5B,SAAS;AACT,mCAQkB;AAPhB,wGAAA,cAAc,OAAA;AACd,mGAAA,SAAS,OAAA;AACT,iGAAA,OAAO,OAAA;AACP,mGAAA,SAAS,OAAA;AACT,4GAAA,kBAAkB,OAAA;AAClB,2GAAA,iBAAiB,OAAA;AACjB,uGAAA,aAAa,OAAA;AAGf,sBAAsB;AACT,QAAA,6BAA6B,GAAG,OAAO,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { Policy, PolicyEngine, AccessRequest, AccessResult } from '../types';
|
|
2
|
+
export declare class DefaultPolicyEngine implements PolicyEngine {
|
|
3
|
+
private policies;
|
|
4
|
+
constructor(policies?: Policy[]);
|
|
5
|
+
evaluate(request: AccessRequest): AccessResult;
|
|
6
|
+
addPolicy(policy: Policy): void;
|
|
7
|
+
removePolicy(policyId: string): void;
|
|
8
|
+
getPolicies(): Policy[];
|
|
9
|
+
private getUserPermissions;
|
|
10
|
+
private evaluatePolicy;
|
|
11
|
+
private evaluateCondition;
|
|
12
|
+
private getFieldValue;
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=PolicyEngine.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"PolicyEngine.d.ts","sourceRoot":"","sources":["../../src/policies/PolicyEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAmB,MAAM,UAAU,CAAC;AAE9F,qBAAa,mBAAoB,YAAW,YAAY;IACtD,OAAO,CAAC,QAAQ,CAAkC;gBAEtC,QAAQ,GAAE,MAAM,EAAO;IAInC,QAAQ,CAAC,OAAO,EAAE,aAAa,GAAG,YAAY;IA0B9C,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAI/B,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAIpC,WAAW,IAAI,MAAM,EAAE;IAIvB,OAAO,CAAC,kBAAkB;IAqB1B,OAAO,CAAC,cAAc;IAkBtB,OAAO,CAAC,iBAAiB;IAyBzB,OAAO,CAAC,aAAa;CAGtB"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.DefaultPolicyEngine = void 0;
|
|
4
|
+
class DefaultPolicyEngine {
|
|
5
|
+
constructor(policies = []) {
|
|
6
|
+
this.policies = new Map();
|
|
7
|
+
policies.forEach(policy => this.addPolicy(policy));
|
|
8
|
+
}
|
|
9
|
+
evaluate(request) {
|
|
10
|
+
const userPermissions = this.getUserPermissions(request.context.userRole);
|
|
11
|
+
// Check if user has the required permission
|
|
12
|
+
if (!userPermissions.includes(request.permission)) {
|
|
13
|
+
return {
|
|
14
|
+
granted: false,
|
|
15
|
+
reason: `User does not have permission: ${request.permission}`
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
// Evaluate policies
|
|
19
|
+
for (const policy of this.policies.values()) {
|
|
20
|
+
if (!policy.permissions.includes(request.permission)) {
|
|
21
|
+
continue;
|
|
22
|
+
}
|
|
23
|
+
const result = this.evaluatePolicy(policy, request);
|
|
24
|
+
if (!result.granted) {
|
|
25
|
+
return result;
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
return { granted: true };
|
|
29
|
+
}
|
|
30
|
+
addPolicy(policy) {
|
|
31
|
+
this.policies.set(policy.id, policy);
|
|
32
|
+
}
|
|
33
|
+
removePolicy(policyId) {
|
|
34
|
+
this.policies.delete(policyId);
|
|
35
|
+
}
|
|
36
|
+
getPolicies() {
|
|
37
|
+
return Array.from(this.policies.values());
|
|
38
|
+
}
|
|
39
|
+
getUserPermissions(role) {
|
|
40
|
+
// This would typically come from a role manager
|
|
41
|
+
// For now, return basic role permissions
|
|
42
|
+
switch (role) {
|
|
43
|
+
case 'admin':
|
|
44
|
+
return Object.values(require('../types').Permission);
|
|
45
|
+
case 'user':
|
|
46
|
+
return [
|
|
47
|
+
require('../types').Permission.READ_OWN_PROFILE,
|
|
48
|
+
require('../types').Permission.UPDATE_OWN_PROFILE,
|
|
49
|
+
require('../types').Permission.DELETE_OWN_ACCOUNT,
|
|
50
|
+
require('../types').Permission.READ_ALL_CONTENT,
|
|
51
|
+
require('../types').Permission.CREATE_CONTENT,
|
|
52
|
+
require('../types').Permission.UPDATE_OWN_CONTENT,
|
|
53
|
+
require('../types').Permission.DELETE_OWN_CONTENT
|
|
54
|
+
];
|
|
55
|
+
default:
|
|
56
|
+
return [];
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
evaluatePolicy(policy, request) {
|
|
60
|
+
if (!policy.conditions || policy.conditions.length === 0) {
|
|
61
|
+
return { granted: true, policy: policy.id };
|
|
62
|
+
}
|
|
63
|
+
for (const condition of policy.conditions) {
|
|
64
|
+
if (!this.evaluateCondition(condition, request.context)) {
|
|
65
|
+
return {
|
|
66
|
+
granted: false,
|
|
67
|
+
reason: `Policy condition failed: ${policy.name}`,
|
|
68
|
+
policy: policy.id
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
return { granted: true, policy: policy.id };
|
|
73
|
+
}
|
|
74
|
+
evaluateCondition(condition, context) {
|
|
75
|
+
const fieldValue = this.getFieldValue(context, condition.field);
|
|
76
|
+
switch (condition.operator) {
|
|
77
|
+
case 'eq':
|
|
78
|
+
return fieldValue === condition.value;
|
|
79
|
+
case 'ne':
|
|
80
|
+
return fieldValue !== condition.value;
|
|
81
|
+
case 'in':
|
|
82
|
+
return Array.isArray(condition.value) && condition.value.includes(fieldValue);
|
|
83
|
+
case 'nin':
|
|
84
|
+
return Array.isArray(condition.value) && !condition.value.includes(fieldValue);
|
|
85
|
+
case 'gt':
|
|
86
|
+
return fieldValue > condition.value;
|
|
87
|
+
case 'gte':
|
|
88
|
+
return fieldValue >= condition.value;
|
|
89
|
+
case 'lt':
|
|
90
|
+
return fieldValue < condition.value;
|
|
91
|
+
case 'lte':
|
|
92
|
+
return fieldValue <= condition.value;
|
|
93
|
+
default:
|
|
94
|
+
return false;
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
getFieldValue(context, field) {
|
|
98
|
+
return field.split('.').reduce((obj, key) => obj?.[key], context);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
exports.DefaultPolicyEngine = DefaultPolicyEngine;
|
|
102
|
+
//# sourceMappingURL=PolicyEngine.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"PolicyEngine.js","sourceRoot":"","sources":["../../src/policies/PolicyEngine.ts"],"names":[],"mappings":";;;AAEA,MAAa,mBAAmB;IAG9B,YAAY,WAAqB,EAAE;QAF3B,aAAQ,GAAwB,IAAI,GAAG,EAAE,CAAC;QAGhD,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,QAAQ,CAAC,OAAsB;QAC7B,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE1E,4CAA4C;QAC5C,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAClD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,kCAAkC,OAAO,CAAC,UAAU,EAAE;aAC/D,CAAC;QACJ,CAAC;QAED,oBAAoB;QACpB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAC5C,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACrD,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,SAAS,CAAC,MAAc;QACtB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,YAAY,CAAC,QAAgB;QAC3B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;IAED,WAAW;QACT,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAEO,kBAAkB,CAAC,IAAY;QACrC,gDAAgD;QAChD,yCAAyC;QACzC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,OAAO;gBACV,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,CAAC;YACvD,KAAK,MAAM;gBACT,OAAO;oBACL,OAAO,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,gBAAgB;oBAC/C,OAAO,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,kBAAkB;oBACjD,OAAO,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,kBAAkB;oBACjD,OAAO,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,gBAAgB;oBAC/C,OAAO,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,cAAc;oBAC7C,OAAO,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,kBAAkB;oBACjD,OAAO,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,kBAAkB;iBAClD,CAAC;YACJ;gBACE,OAAO,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,MAAc,EAAE,OAAsB;QAC3D,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC9C,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,4BAA4B,MAAM,CAAC,IAAI,EAAE;oBACjD,MAAM,EAAE,MAAM,CAAC,EAAE;iBAClB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;IAC9C,CAAC;IAEO,iBAAiB,CAAC,SAA0B,EAAE,OAAY;QAChE,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QAEhE,QAAQ,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3B,KAAK,IAAI;gBACP,OAAO,UAAU,KAAK,SAAS,CAAC,KAAK,CAAC;YACxC,KAAK,IAAI;gBACP,OAAO,UAAU,KAAK,SAAS,CAAC,KAAK,CAAC;YACxC,KAAK,IAAI;gBACP,OAAO,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAChF,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACjF,KAAK,IAAI;gBACP,OAAO,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC;YACtC,KAAK,KAAK;gBACR,OAAO,UAAU,IAAI,SAAS,CAAC,KAAK,CAAC;YACvC,KAAK,IAAI;gBACP,OAAO,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC;YACtC,KAAK,KAAK;gBACR,OAAO,UAAU,IAAI,SAAS,CAAC,KAAK,CAAC;YACvC;gBACE,OAAO,KAAK,CAAC;QACjB,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,OAAY,EAAE,KAAa;QAC/C,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC;IACpE,CAAC;CACF;AAhHD,kDAgHC"}
|
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
import { UserRole } from '@siriux/core';
|
|
2
|
+
export declare enum Permission {
|
|
3
|
+
READ_OWN_PROFILE = "read:own:profile",
|
|
4
|
+
UPDATE_OWN_PROFILE = "update:own:profile",
|
|
5
|
+
DELETE_OWN_ACCOUNT = "delete:own:account",
|
|
6
|
+
READ_ALL_USERS = "read:all:users",
|
|
7
|
+
UPDATE_ALL_USERS = "update:all:users",
|
|
8
|
+
DELETE_ALL_USERS = "delete:all:users",
|
|
9
|
+
MANAGE_ROLES = "manage:roles",
|
|
10
|
+
READ_ALL_CONTENT = "read:all:content",
|
|
11
|
+
CREATE_CONTENT = "create:content",
|
|
12
|
+
UPDATE_OWN_CONTENT = "update:own:content",
|
|
13
|
+
UPDATE_ALL_CONTENT = "update:all:content",
|
|
14
|
+
DELETE_OWN_CONTENT = "delete:own:content",
|
|
15
|
+
DELETE_ALL_CONTENT = "delete:all:content",
|
|
16
|
+
READ_SYSTEM_LOGS = "read:system:logs",
|
|
17
|
+
MANAGE_SYSTEM = "manage:system",
|
|
18
|
+
VIEW_ANALYTICS = "view:analytics"
|
|
19
|
+
}
|
|
20
|
+
export declare enum ResourceType {
|
|
21
|
+
USER = "user",
|
|
22
|
+
CONTENT = "content",
|
|
23
|
+
SYSTEM = "system",
|
|
24
|
+
ANALYTICS = "analytics"
|
|
25
|
+
}
|
|
26
|
+
export declare enum ActionType {
|
|
27
|
+
CREATE = "create",
|
|
28
|
+
READ = "read",
|
|
29
|
+
UPDATE = "update",
|
|
30
|
+
DELETE = "delete",
|
|
31
|
+
MANAGE = "manage"
|
|
32
|
+
}
|
|
33
|
+
export interface Policy {
|
|
34
|
+
id: string;
|
|
35
|
+
name: string;
|
|
36
|
+
description: string;
|
|
37
|
+
permissions: Permission[];
|
|
38
|
+
conditions?: PolicyCondition[];
|
|
39
|
+
}
|
|
40
|
+
export interface PolicyCondition {
|
|
41
|
+
field: string;
|
|
42
|
+
operator: 'eq' | 'ne' | 'in' | 'nin' | 'gt' | 'gte' | 'lt' | 'lte';
|
|
43
|
+
value: any;
|
|
44
|
+
}
|
|
45
|
+
export interface RoleDefinition {
|
|
46
|
+
role: UserRole;
|
|
47
|
+
permissions: Permission[];
|
|
48
|
+
policies?: string[];
|
|
49
|
+
}
|
|
50
|
+
export interface AccessContext {
|
|
51
|
+
userId: string;
|
|
52
|
+
userRole: UserRole;
|
|
53
|
+
resourceId?: string;
|
|
54
|
+
resourceType?: ResourceType;
|
|
55
|
+
action?: ActionType;
|
|
56
|
+
ip?: string;
|
|
57
|
+
requiredRole?: UserRole;
|
|
58
|
+
resourceState?: string;
|
|
59
|
+
context?: Record<string, any>;
|
|
60
|
+
}
|
|
61
|
+
export interface AccessRequest {
|
|
62
|
+
permission: Permission;
|
|
63
|
+
context: AccessContext;
|
|
64
|
+
}
|
|
65
|
+
export interface AccessResult {
|
|
66
|
+
granted: boolean;
|
|
67
|
+
reason?: string;
|
|
68
|
+
policy?: string;
|
|
69
|
+
}
|
|
70
|
+
export interface Resource {
|
|
71
|
+
id: string;
|
|
72
|
+
type: ResourceType;
|
|
73
|
+
ownerId?: string;
|
|
74
|
+
attributes: Record<string, any>;
|
|
75
|
+
}
|
|
76
|
+
export interface Guard {
|
|
77
|
+
name: string;
|
|
78
|
+
check: (request: AccessRequest) => AccessResult | Promise<AccessResult>;
|
|
79
|
+
}
|
|
80
|
+
export interface PolicyEngine {
|
|
81
|
+
evaluate: (request: AccessRequest) => AccessResult | Promise<AccessResult>;
|
|
82
|
+
addPolicy: (policy: Policy) => void;
|
|
83
|
+
removePolicy: (policyId: string) => void;
|
|
84
|
+
getPolicies: () => Policy[];
|
|
85
|
+
}
|
|
86
|
+
export interface RoleManager {
|
|
87
|
+
getRolePermissions: (role: UserRole) => Permission[];
|
|
88
|
+
assignRole: (userId: string, role: UserRole) => void;
|
|
89
|
+
removeRole: (userId: string, role: UserRole) => void;
|
|
90
|
+
getUserRoles: (userId: string) => UserRole[];
|
|
91
|
+
}
|
|
92
|
+
export interface AccessControlConfig {
|
|
93
|
+
defaultRoles: RoleDefinition[];
|
|
94
|
+
policies: Policy[];
|
|
95
|
+
guards: Guard[];
|
|
96
|
+
strictMode?: boolean;
|
|
97
|
+
}
|
|
98
|
+
export interface AccessControlMiddlewareOptions {
|
|
99
|
+
resourceType: ResourceType;
|
|
100
|
+
action: ActionType;
|
|
101
|
+
resourceIdParam?: string;
|
|
102
|
+
checkOwnership?: boolean;
|
|
103
|
+
customGuards?: string[];
|
|
104
|
+
}
|
|
105
|
+
export interface AccessControlRequest {
|
|
106
|
+
user?: {
|
|
107
|
+
id: string;
|
|
108
|
+
role: UserRole;
|
|
109
|
+
permissions: Permission[];
|
|
110
|
+
};
|
|
111
|
+
resource?: Resource;
|
|
112
|
+
access?: AccessResult;
|
|
113
|
+
}
|
|
114
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAGxC,oBAAY,UAAU;IAEpB,gBAAgB,qBAAqB;IACrC,kBAAkB,uBAAuB;IACzC,kBAAkB,uBAAuB;IAGzC,cAAc,mBAAmB;IACjC,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,YAAY,iBAAiB;IAG7B,gBAAgB,qBAAqB;IACrC,cAAc,mBAAmB;IACjC,kBAAkB,uBAAuB;IACzC,kBAAkB,uBAAuB;IACzC,kBAAkB,uBAAuB;IACzC,kBAAkB,uBAAuB;IAGzC,gBAAgB,qBAAqB;IACrC,aAAa,kBAAkB;IAC/B,cAAc,mBAAmB;CAClC;AAGD,oBAAY,YAAY;IACtB,IAAI,SAAS;IACb,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,SAAS,cAAc;CACxB;AAGD,oBAAY,UAAU;IACpB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,MAAM,WAAW;CAClB;AAGD,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,UAAU,CAAC,EAAE,eAAe,EAAE,CAAC;CAChC;AAGD,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,CAAC;IACnE,KAAK,EAAE,GAAG,CAAC;CACZ;AAGD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,QAAQ,CAAC;IACf,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAGD,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,YAAY,CAAC,EAAE,QAAQ,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AAGD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,UAAU,CAAC;IACvB,OAAO,EAAE,aAAa,CAAC;CACxB;AAGD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAGD,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,YAAY,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACjC;AAGD,MAAM,WAAW,KAAK;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,CAAC,OAAO,EAAE,aAAa,KAAK,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CACzE;AAGD,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,CAAC,OAAO,EAAE,aAAa,KAAK,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAC3E,SAAS,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IACpC,YAAY,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACzC,WAAW,EAAE,MAAM,MAAM,EAAE,CAAC;CAC7B;AAGD,MAAM,WAAW,WAAW;IAC1B,kBAAkB,EAAE,CAAC,IAAI,EAAE,QAAQ,KAAK,UAAU,EAAE,CAAC;IACrD,UAAU,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,KAAK,IAAI,CAAC;IACrD,UAAU,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,KAAK,IAAI,CAAC;IACrD,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;CAC9C;AAGD,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,cAAc,EAAE,CAAC;IAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,EAAE,KAAK,EAAE,CAAC;IAChB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAGD,MAAM,WAAW,8BAA8B;IAC7C,YAAY,EAAE,YAAY,CAAC;IAC3B,MAAM,EAAE,UAAU,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAGD,MAAM,WAAW,oBAAoB;IACnC,IAAI,CAAC,EAAE;QACL,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,QAAQ,CAAC;QACf,WAAW,EAAE,UAAU,EAAE,CAAC;KAC3B,CAAC;IACF,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,MAAM,CAAC,EAAE,YAAY,CAAC;CACvB"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ActionType = exports.ResourceType = exports.Permission = void 0;
|
|
4
|
+
// Permission types
|
|
5
|
+
var Permission;
|
|
6
|
+
(function (Permission) {
|
|
7
|
+
// User permissions
|
|
8
|
+
Permission["READ_OWN_PROFILE"] = "read:own:profile";
|
|
9
|
+
Permission["UPDATE_OWN_PROFILE"] = "update:own:profile";
|
|
10
|
+
Permission["DELETE_OWN_ACCOUNT"] = "delete:own:account";
|
|
11
|
+
// Admin permissions
|
|
12
|
+
Permission["READ_ALL_USERS"] = "read:all:users";
|
|
13
|
+
Permission["UPDATE_ALL_USERS"] = "update:all:users";
|
|
14
|
+
Permission["DELETE_ALL_USERS"] = "delete:all:users";
|
|
15
|
+
Permission["MANAGE_ROLES"] = "manage:roles";
|
|
16
|
+
// Content permissions
|
|
17
|
+
Permission["READ_ALL_CONTENT"] = "read:all:content";
|
|
18
|
+
Permission["CREATE_CONTENT"] = "create:content";
|
|
19
|
+
Permission["UPDATE_OWN_CONTENT"] = "update:own:content";
|
|
20
|
+
Permission["UPDATE_ALL_CONTENT"] = "update:all:content";
|
|
21
|
+
Permission["DELETE_OWN_CONTENT"] = "delete:own:content";
|
|
22
|
+
Permission["DELETE_ALL_CONTENT"] = "delete:all:content";
|
|
23
|
+
// System permissions
|
|
24
|
+
Permission["READ_SYSTEM_LOGS"] = "read:system:logs";
|
|
25
|
+
Permission["MANAGE_SYSTEM"] = "manage:system";
|
|
26
|
+
Permission["VIEW_ANALYTICS"] = "view:analytics";
|
|
27
|
+
})(Permission || (exports.Permission = Permission = {}));
|
|
28
|
+
// Resource types
|
|
29
|
+
var ResourceType;
|
|
30
|
+
(function (ResourceType) {
|
|
31
|
+
ResourceType["USER"] = "user";
|
|
32
|
+
ResourceType["CONTENT"] = "content";
|
|
33
|
+
ResourceType["SYSTEM"] = "system";
|
|
34
|
+
ResourceType["ANALYTICS"] = "analytics";
|
|
35
|
+
})(ResourceType || (exports.ResourceType = ResourceType = {}));
|
|
36
|
+
// Action types
|
|
37
|
+
var ActionType;
|
|
38
|
+
(function (ActionType) {
|
|
39
|
+
ActionType["CREATE"] = "create";
|
|
40
|
+
ActionType["READ"] = "read";
|
|
41
|
+
ActionType["UPDATE"] = "update";
|
|
42
|
+
ActionType["DELETE"] = "delete";
|
|
43
|
+
ActionType["MANAGE"] = "manage";
|
|
44
|
+
})(ActionType || (exports.ActionType = ActionType = {}));
|
|
45
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";;;AAEA,mBAAmB;AACnB,IAAY,UAwBX;AAxBD,WAAY,UAAU;IACpB,mBAAmB;IACnB,mDAAqC,CAAA;IACrC,uDAAyC,CAAA;IACzC,uDAAyC,CAAA;IAEzC,oBAAoB;IACpB,+CAAiC,CAAA;IACjC,mDAAqC,CAAA;IACrC,mDAAqC,CAAA;IACrC,2CAA6B,CAAA;IAE7B,sBAAsB;IACtB,mDAAqC,CAAA;IACrC,+CAAiC,CAAA;IACjC,uDAAyC,CAAA;IACzC,uDAAyC,CAAA;IACzC,uDAAyC,CAAA;IACzC,uDAAyC,CAAA;IAEzC,qBAAqB;IACrB,mDAAqC,CAAA;IACrC,6CAA+B,CAAA;IAC/B,+CAAiC,CAAA;AACnC,CAAC,EAxBW,UAAU,0BAAV,UAAU,QAwBrB;AAED,iBAAiB;AACjB,IAAY,YAKX;AALD,WAAY,YAAY;IACtB,6BAAa,CAAA;IACb,mCAAmB,CAAA;IACnB,iCAAiB,CAAA;IACjB,uCAAuB,CAAA;AACzB,CAAC,EALW,YAAY,4BAAZ,YAAY,QAKvB;AAED,eAAe;AACf,IAAY,UAMX;AAND,WAAY,UAAU;IACpB,+BAAiB,CAAA;IACjB,2BAAa,CAAA;IACb,+BAAiB,CAAA;IACjB,+BAAiB,CAAA;IACjB,+BAAiB,CAAA;AACnB,CAAC,EANW,UAAU,0BAAV,UAAU,QAMrB"}
|
package/package.json
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@siriux/access-control",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "Siriux Access Control - Role-based access control, permissions, and policies",
|
|
5
|
+
"main": "dist/index.js",
|
|
6
|
+
"types": "dist/index.d.ts",
|
|
7
|
+
"scripts": {
|
|
8
|
+
"build": "tsc",
|
|
9
|
+
"dev": "tsc --watch",
|
|
10
|
+
"test": "jest",
|
|
11
|
+
"clean": "rm -rf dist",
|
|
12
|
+
"prepublishOnly": "npm run clean && npm run build"
|
|
13
|
+
},
|
|
14
|
+
"keywords": [
|
|
15
|
+
"siriux",
|
|
16
|
+
"access-control",
|
|
17
|
+
"rbac",
|
|
18
|
+
"permissions",
|
|
19
|
+
"authorization",
|
|
20
|
+
"policies",
|
|
21
|
+
"guards",
|
|
22
|
+
"security"
|
|
23
|
+
],
|
|
24
|
+
"author": "jawwad@alsirius.co.uk",
|
|
25
|
+
"license": "MIT",
|
|
26
|
+
"dependencies": {
|
|
27
|
+
"@siriux/core": "^2.0.0"
|
|
28
|
+
},
|
|
29
|
+
"devDependencies": {
|
|
30
|
+
"@types/node": "^20.10.5",
|
|
31
|
+
"typescript": "^5.3.3",
|
|
32
|
+
"jest": "^29.7.0",
|
|
33
|
+
"@types/jest": "^29.5.8"
|
|
34
|
+
},
|
|
35
|
+
"files": [
|
|
36
|
+
"dist/**/*"
|
|
37
|
+
],
|
|
38
|
+
"publishConfig": {
|
|
39
|
+
"access": "public"
|
|
40
|
+
}
|
|
41
|
+
}
|