@spinajs/rbac-http-user 2.0.474 → 2.0.476

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/lib/cjs/controllers/LoginController.d.ts +4 -27
  2. package/lib/cjs/controllers/LoginController.d.ts.map +1 -1
  3. package/lib/cjs/controllers/LoginController.js +27 -46
  4. package/lib/cjs/controllers/LoginController.js.map +1 -1
  5. package/lib/cjs/index.d.ts +0 -5
  6. package/lib/cjs/index.d.ts.map +1 -1
  7. package/lib/cjs/index.js +0 -5
  8. package/lib/cjs/index.js.map +1 -1
  9. package/lib/mjs/controllers/LoginController.d.ts +4 -27
  10. package/lib/mjs/controllers/LoginController.d.ts.map +1 -1
  11. package/lib/mjs/controllers/LoginController.js +29 -48
  12. package/lib/mjs/controllers/LoginController.js.map +1 -1
  13. package/lib/mjs/index.d.ts +0 -5
  14. package/lib/mjs/index.d.ts.map +1 -1
  15. package/lib/mjs/index.js +0 -5
  16. package/lib/mjs/index.js.map +1 -1
  17. package/lib/tsconfig.cjs.tsbuildinfo +1 -1
  18. package/lib/tsconfig.mjs.tsbuildinfo +1 -1
  19. package/package.json +11 -11
  20. package/lib/cjs/controllers/ActiveRoleController.d.ts +0 -41
  21. package/lib/cjs/controllers/ActiveRoleController.d.ts.map +0 -1
  22. package/lib/cjs/controllers/ActiveRoleController.js +0 -135
  23. package/lib/cjs/controllers/ActiveRoleController.js.map +0 -1
  24. package/lib/cjs/controllers/ImpersonationController.d.ts +0 -72
  25. package/lib/cjs/controllers/ImpersonationController.d.ts.map +0 -1
  26. package/lib/cjs/controllers/ImpersonationController.js +0 -277
  27. package/lib/cjs/controllers/ImpersonationController.js.map +0 -1
  28. package/lib/cjs/dto/impersonate-dto.d.ts +0 -24
  29. package/lib/cjs/dto/impersonate-dto.d.ts.map +0 -1
  30. package/lib/cjs/dto/impersonate-dto.js +0 -34
  31. package/lib/cjs/dto/impersonate-dto.js.map +0 -1
  32. package/lib/cjs/dto/switchRole-dto.d.ts +0 -24
  33. package/lib/cjs/dto/switchRole-dto.d.ts.map +0 -1
  34. package/lib/cjs/dto/switchRole-dto.js +0 -34
  35. package/lib/cjs/dto/switchRole-dto.js.map +0 -1
  36. package/lib/cjs/handlers/DefaultLogoutHandler.d.ts +0 -14
  37. package/lib/cjs/handlers/DefaultLogoutHandler.d.ts.map +0 -1
  38. package/lib/cjs/handlers/DefaultLogoutHandler.js +0 -61
  39. package/lib/cjs/handlers/DefaultLogoutHandler.js.map +0 -1
  40. package/lib/cjs/handlers/ImpersonationLogoutHandler.d.ts +0 -18
  41. package/lib/cjs/handlers/ImpersonationLogoutHandler.d.ts.map +0 -1
  42. package/lib/cjs/handlers/ImpersonationLogoutHandler.js +0 -66
  43. package/lib/cjs/handlers/ImpersonationLogoutHandler.js.map +0 -1
  44. package/lib/cjs/logout.d.ts +0 -51
  45. package/lib/cjs/logout.d.ts.map +0 -1
  46. package/lib/cjs/logout.js +0 -29
  47. package/lib/cjs/logout.js.map +0 -1
  48. package/lib/mjs/controllers/ActiveRoleController.d.ts +0 -41
  49. package/lib/mjs/controllers/ActiveRoleController.d.ts.map +0 -1
  50. package/lib/mjs/controllers/ActiveRoleController.js +0 -132
  51. package/lib/mjs/controllers/ActiveRoleController.js.map +0 -1
  52. package/lib/mjs/controllers/ImpersonationController.d.ts +0 -72
  53. package/lib/mjs/controllers/ImpersonationController.d.ts.map +0 -1
  54. package/lib/mjs/controllers/ImpersonationController.js +0 -274
  55. package/lib/mjs/controllers/ImpersonationController.js.map +0 -1
  56. package/lib/mjs/dto/impersonate-dto.d.ts +0 -24
  57. package/lib/mjs/dto/impersonate-dto.d.ts.map +0 -1
  58. package/lib/mjs/dto/impersonate-dto.js +0 -31
  59. package/lib/mjs/dto/impersonate-dto.js.map +0 -1
  60. package/lib/mjs/dto/switchRole-dto.d.ts +0 -24
  61. package/lib/mjs/dto/switchRole-dto.d.ts.map +0 -1
  62. package/lib/mjs/dto/switchRole-dto.js +0 -31
  63. package/lib/mjs/dto/switchRole-dto.js.map +0 -1
  64. package/lib/mjs/handlers/DefaultLogoutHandler.d.ts +0 -14
  65. package/lib/mjs/handlers/DefaultLogoutHandler.d.ts.map +0 -1
  66. package/lib/mjs/handlers/DefaultLogoutHandler.js +0 -58
  67. package/lib/mjs/handlers/DefaultLogoutHandler.js.map +0 -1
  68. package/lib/mjs/handlers/ImpersonationLogoutHandler.d.ts +0 -18
  69. package/lib/mjs/handlers/ImpersonationLogoutHandler.d.ts.map +0 -1
  70. package/lib/mjs/handlers/ImpersonationLogoutHandler.js +0 -63
  71. package/lib/mjs/handlers/ImpersonationLogoutHandler.js.map +0 -1
  72. package/lib/mjs/logout.d.ts +0 -51
  73. package/lib/mjs/logout.d.ts.map +0 -1
  74. package/lib/mjs/logout.js +0 -25
  75. package/lib/mjs/logout.js.map +0 -1
@@ -1,274 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- var __param = (this && this.__param) || function (paramIndex, decorator) {
11
- return function (target, key) { decorator(target, key, paramIndex); }
12
- };
13
- import { ImpersonateDto } from '../dto/impersonate-dto.js';
14
- import { BaseController, BasePath, Post, Del, Body, Ok, Get, BadRequestResponse, Unauthorized, ForbiddenResponse, Conflict, NotFound, Policy } from '@spinajs/http';
15
- import { AccessControl, PasswordProvider, SessionProvider, User, UserImpersonationStarted, UserImpersonationEnded, _unwindGrants, canImpersonate, } from '@spinajs/rbac';
16
- import { Autoinject } from '@spinajs/di';
17
- import { AutoinjectService, Config } from '@spinajs/configuration';
18
- import { _ev } from '@spinajs/queue';
19
- import { DateTime } from 'luxon';
20
- import { LoggedPolicy, User as UserRouteArg, Session as SessionRouteArg, FromSession, } from '@spinajs/rbac-http';
21
- const IMPERSONATE_RESOURCE = 'user:impersonate';
22
- /**
23
- * Impersonation endpoints.
24
- *
25
- * A user holding `createAny` on the virtual resource `user:impersonate` can
26
- * temporarily act as another user. While impersonation is active, the session
27
- * carries both identities — `User` is the target, `Impersonator` is the
28
- * original. Permission checks therefore "see" the target by default; the
29
- * original is preserved only for audit and for ending the impersonation.
30
- *
31
- * @tags Authentication
32
- */
33
- let ImpersonationController = class ImpersonationController extends BaseController {
34
- /**
35
- * Get impersonation state
36
- * Returns whether an impersonation is currently active for this session.
37
- * @security cookieAuth
38
- * @returns {IImpersonationState}
39
- * @response 401 No active session
40
- */
41
- async getState(Impersonator, User, ImpersonationStartedAt) {
42
- if (!Impersonator) {
43
- return new Ok({ Active: false });
44
- }
45
- return new Ok({
46
- Active: true,
47
- ImpersonatorUuid: Impersonator,
48
- TargetUuid: User,
49
- StartedAt: ImpersonationStartedAt,
50
- });
51
- }
52
- /**
53
- * Start impersonation
54
- * Begins impersonating the target user. The caller must have `createAny` on
55
- * virtual resource `user:impersonate`. The target must not hold any role in
56
- * `rbac.impersonation.protectedRoles` and must not have effective grants
57
- * exceeding the caller's. If `rbac.impersonation.requirePassword` is true,
58
- * the caller's password must be supplied and is verified.
59
- * @security cookieAuth
60
- * @returns {IImpersonationResponse}
61
- * @response 400 Target equals caller or invalid payload
62
- * @response 401 Password required or invalid
63
- * @response 403 Caller lacks permission, target is protected, or escalation detected
64
- * @response 404 Target user not found / inactive / banned / deleted
65
- * @response 409 An impersonation is already in progress for this session
66
- */
67
- async start(caller, session, payload) {
68
- if (session?.Data.get('Impersonator')) {
69
- return new Conflict({
70
- error: {
71
- code: 'E_IMPERSONATION_ACTIVE',
72
- message: 'An impersonation is already in progress. Stop the current one before starting another.',
73
- },
74
- });
75
- }
76
- if (caller.Uuid === payload.TargetUuid) {
77
- return new BadRequestResponse({
78
- error: { code: 'E_SELF_IMPERSONATION', message: 'Cannot impersonate yourself' },
79
- });
80
- }
81
- // Permission to impersonate is itself an RBAC permission honoring ActiveRole.
82
- const activeRole = session?.Data.get('ActiveRole') ?? caller.Role?.[0];
83
- const roles = activeRole ? [activeRole] : caller.Role;
84
- const allowed = this.AC.can(roles).createAny(IMPERSONATE_RESOURCE).granted;
85
- if (!allowed) {
86
- return new ForbiddenResponse({
87
- error: { code: 'E_IMPERSONATE_FORBIDDEN', message: `Role(s) ${roles} cannot impersonate other users` },
88
- });
89
- }
90
- const target = await this.loadTarget(payload.TargetUuid);
91
- if (!target) {
92
- return new NotFound({ error: { code: 'E_TARGET_NOT_FOUND', message: 'Target user not found' } });
93
- }
94
- if (!target.IsActive || target.IsBanned) {
95
- return new NotFound({ error: { code: 'E_TARGET_UNAVAILABLE', message: 'Target user is not available' } });
96
- }
97
- const check = canImpersonate({
98
- originalRoles: caller.Role,
99
- targetRoles: target.Role,
100
- protectedRoles: this.ProtectedRoles ?? [],
101
- ac: this.AC,
102
- });
103
- if (!check.allowed) {
104
- return new ForbiddenResponse({
105
- error: {
106
- code: check.reason === 'PROTECTED_ROLE' ? 'E_TARGET_PROTECTED' : 'E_PRIVILEGE_ESCALATION',
107
- message: check.reason === 'PROTECTED_ROLE'
108
- ? `Target has a protected role (${check.detail}) and cannot be impersonated`
109
- : `Target has a privilege the impersonator lacks (${check.detail})`,
110
- },
111
- });
112
- }
113
- if (this.RequirePassword) {
114
- if (!payload.Password) {
115
- return new Unauthorized({
116
- error: { code: 'E_PASSWORD_REQUIRED', message: 'Password confirmation is required to start impersonation' },
117
- });
118
- }
119
- const valid = await this.PasswordProvider.verify(caller.Password, payload.Password);
120
- if (!valid) {
121
- return new Unauthorized({ error: { code: 'E_PASSWORD_INVALID', message: 'Invalid password' } });
122
- }
123
- }
124
- // Persist impersonation state. We keep the impersonator's previous
125
- // ActiveRole so it can be restored on stop; effective ActiveRole becomes
126
- // the target's first role.
127
- const startedAt = DateTime.now().toISO();
128
- const previousActiveRole = session.Data.get('ActiveRole');
129
- session.Data.set('Impersonator', caller.Uuid);
130
- session.Data.set('User', target.Uuid);
131
- session.Data.set('ImpersonationStartedAt', startedAt);
132
- if (previousActiveRole !== undefined) {
133
- session.Data.set('OriginalActiveRole', previousActiveRole);
134
- }
135
- const targetActiveRole = target.Role?.[0];
136
- if (targetActiveRole) {
137
- session.Data.set('ActiveRole', targetActiveRole);
138
- }
139
- await this.SessionProvider.save(session);
140
- await this.emitEvent(new UserImpersonationStarted(caller, target));
141
- return new Ok(this.buildResponse(target, caller, targetActiveRole, startedAt));
142
- }
143
- /**
144
- * Stop impersonation
145
- * Restores the original user's session and returns their login-style payload.
146
- * @security cookieAuth
147
- * @returns {IUserWithGrants}
148
- * @response 400 No impersonation is currently active
149
- */
150
- async stop(target, session) {
151
- const impersonatorUuid = session?.Data.get('Impersonator');
152
- if (!impersonatorUuid) {
153
- return new BadRequestResponse({
154
- error: { code: 'E_NO_IMPERSONATION', message: 'No impersonation is currently in progress' },
155
- });
156
- }
157
- const original = await this.loadOriginal(impersonatorUuid);
158
- if (!original) {
159
- // Stale session referencing a deleted impersonator — destroy the
160
- // impersonation block to recover but report an error so the caller
161
- // can re-authenticate.
162
- session.Data.delete('Impersonator');
163
- session.Data.delete('ImpersonationStartedAt');
164
- session.Data.delete('OriginalActiveRole');
165
- await this.SessionProvider.save(session);
166
- return new BadRequestResponse({
167
- error: { code: 'E_IMPERSONATOR_GONE', message: 'Original user no longer exists' },
168
- });
169
- }
170
- // Restore the original session state.
171
- session.Data.set('User', original.Uuid);
172
- session.Data.delete('Impersonator');
173
- session.Data.delete('ImpersonationStartedAt');
174
- const restoredActiveRole = session.Data.get('OriginalActiveRole') ?? original.Role?.[0];
175
- if (restoredActiveRole) {
176
- session.Data.set('ActiveRole', restoredActiveRole);
177
- }
178
- session.Data.delete('OriginalActiveRole');
179
- await this.SessionProvider.save(session);
180
- await this.emitEvent(new UserImpersonationEnded(original, target));
181
- const grants = restoredActiveRole ? _unwindGrants(restoredActiveRole, this.AC.getGrants()) : {};
182
- return new Ok({
183
- ...original.dehydrateWithRelations({ dateTimeFormat: 'iso' }),
184
- ActiveRole: restoredActiveRole,
185
- Grants: grants,
186
- });
187
- }
188
- /**
189
- * Emit an impersonation lifecycle event. Wrapped in a protected method so
190
- * tests can intercept without stubbing module-level ESM bindings.
191
- */
192
- emitEvent(event) {
193
- return _ev(event)();
194
- }
195
- /**
196
- * Load the impersonation target (with Metadata so IsBanned works). Extracted
197
- * as a protected method so tests can stub it without setting up a database.
198
- */
199
- loadTarget(uuid) {
200
- return User.query().whereUuid(uuid).populate('Metadata').notDeleted().first();
201
- }
202
- /**
203
- * Load the original (impersonator) user. Extracted for the same reason as
204
- * loadTarget — keeps the controller easy to test in isolation.
205
- */
206
- loadOriginal(uuid) {
207
- return User.getByUuid(uuid);
208
- }
209
- buildResponse(target, impersonator, activeRole, startedAt) {
210
- const grants = activeRole ? _unwindGrants(activeRole, this.AC.getGrants()) : {};
211
- return {
212
- User: target.dehydrateWithRelations({ dateTimeFormat: 'iso' }),
213
- Impersonator: impersonator.dehydrateWithRelations({ dateTimeFormat: 'iso' }),
214
- ActiveRole: activeRole,
215
- AvailableRoles: target.Role ?? [],
216
- Grants: grants,
217
- StartedAt: startedAt,
218
- };
219
- }
220
- };
221
- __decorate([
222
- Autoinject(AccessControl),
223
- __metadata("design:type", AccessControl)
224
- ], ImpersonationController.prototype, "AC", void 0);
225
- __decorate([
226
- AutoinjectService('rbac.password'),
227
- __metadata("design:type", PasswordProvider)
228
- ], ImpersonationController.prototype, "PasswordProvider", void 0);
229
- __decorate([
230
- AutoinjectService('rbac.session'),
231
- __metadata("design:type", SessionProvider)
232
- ], ImpersonationController.prototype, "SessionProvider", void 0);
233
- __decorate([
234
- Config('rbac.impersonation.requirePassword', { defaultValue: true }),
235
- __metadata("design:type", Boolean)
236
- ], ImpersonationController.prototype, "RequirePassword", void 0);
237
- __decorate([
238
- Config('rbac.impersonation.protectedRoles', { defaultValue: ['system'] }),
239
- __metadata("design:type", Array)
240
- ], ImpersonationController.prototype, "ProtectedRoles", void 0);
241
- __decorate([
242
- Get('impersonate'),
243
- Policy(LoggedPolicy),
244
- __param(0, FromSession()),
245
- __param(1, FromSession()),
246
- __param(2, FromSession()),
247
- __metadata("design:type", Function),
248
- __metadata("design:paramtypes", [String, String, String]),
249
- __metadata("design:returntype", Promise)
250
- ], ImpersonationController.prototype, "getState", null);
251
- __decorate([
252
- Post('impersonate'),
253
- Policy(LoggedPolicy),
254
- __param(0, UserRouteArg()),
255
- __param(1, SessionRouteArg()),
256
- __param(2, Body()),
257
- __metadata("design:type", Function),
258
- __metadata("design:paramtypes", [User, Object, ImpersonateDto]),
259
- __metadata("design:returntype", Promise)
260
- ], ImpersonationController.prototype, "start", null);
261
- __decorate([
262
- Del('impersonate'),
263
- Policy(LoggedPolicy),
264
- __param(0, UserRouteArg()),
265
- __param(1, SessionRouteArg()),
266
- __metadata("design:type", Function),
267
- __metadata("design:paramtypes", [User, Object]),
268
- __metadata("design:returntype", Promise)
269
- ], ImpersonationController.prototype, "stop", null);
270
- ImpersonationController = __decorate([
271
- BasePath('auth')
272
- ], ImpersonationController);
273
- export { ImpersonationController };
274
- //# sourceMappingURL=ImpersonationController.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"ImpersonationController.js","sourceRoot":"","sources":["../../../src/controllers/ImpersonationController.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,kBAAkB,EAAE,YAAY,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACpK,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,eAAe,EACf,IAAI,EACJ,wBAAwB,EACxB,sBAAsB,EACtB,aAAa,EACb,cAAc,GACf,MAAM,eAAe,CAAC;AAEvB,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACjC,OAAO,EACL,YAAY,EACZ,IAAI,IAAI,YAAY,EACpB,OAAO,IAAI,eAAe,EAC1B,WAAW,GAIZ,MAAM,oBAAoB,CAAC;AAE5B,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AAEhD;;;;;;;;;;GAUG;AAEI,IAAM,uBAAuB,GAA7B,MAAM,uBAAwB,SAAQ,cAAc;IAgBzD;;;;;;OAMG;IAGU,AAAN,KAAK,CAAC,QAAQ,CACJ,YAAoB,EACpB,IAAY,EACZ,sBAA8B;QAE7C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,EAAE,IAAI;YACZ,gBAAgB,EAAE,YAAY;YAC9B,UAAU,EAAE,IAAI;YAChB,SAAS,EAAE,sBAAsB;SAClC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;OAcG;IAGU,AAAN,KAAK,CAAC,KAAK,CACA,MAAY,EACT,OAAiB,EAC5B,OAAuB;QAI/B,IAAI,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,QAAQ,CAAC;gBAClB,KAAK,EAAE;oBACL,IAAI,EAAE,wBAAwB;oBAC9B,OAAO,EAAE,wFAAwF;iBAClG;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC;YACvC,OAAO,IAAI,kBAAkB,CAAC;gBAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,6BAA6B,EAAE;aAChF,CAAC,CAAC;QACL,CAAC;QAED,8EAA8E;QAC9E,MAAM,UAAU,GAAI,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,YAAY,CAAwB,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/F,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;QACtD,MAAM,OAAO,GAAI,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAS,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC;QACpF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,iBAAiB,CAAC;gBAC3B,KAAK,EAAE,EAAE,IAAI,EAAE,yBAAyB,EAAE,OAAO,EAAE,WAAW,KAAK,iCAAiC,EAAE;aACvG,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,QAAQ,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,uBAAuB,EAAE,EAAE,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACxC,OAAO,IAAI,QAAQ,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,8BAA8B,EAAE,EAAE,CAAC,CAAC;QAC5G,CAAC;QAED,MAAM,KAAK,GAAG,cAAc,CAAC;YAC3B,aAAa,EAAE,MAAM,CAAC,IAAI;YAC1B,WAAW,EAAE,MAAM,CAAC,IAAI;YACxB,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,EAAE;YACzC,EAAE,EAAE,IAAI,CAAC,EAAE;SACZ,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,IAAI,iBAAiB,CAAC;gBAC3B,KAAK,EAAE;oBACL,IAAI,EAAE,KAAK,CAAC,MAAM,KAAK,gBAAgB,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,wBAAwB;oBACzF,OAAO,EAAE,KAAK,CAAC,MAAM,KAAK,gBAAgB;wBACxC,CAAC,CAAC,gCAAgC,KAAK,CAAC,MAAM,8BAA8B;wBAC5E,CAAC,CAAC,kDAAkD,KAAK,CAAC,MAAM,GAAG;iBACtE;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACtB,OAAO,IAAI,YAAY,CAAC;oBACtB,KAAK,EAAE,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,0DAA0D,EAAE;iBAC5G,CAAC,CAAC;YACL,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;YACpF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,YAAY,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAC;YAClG,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,yEAAyE;QACzE,2BAA2B;QAC3B,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC,KAAK,EAAG,CAAC;QAC1C,MAAM,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAuB,CAAC;QAEhF,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAC;QACtD,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,kBAAkB,CAAC,CAAC;QAC7D,CAAC;QACD,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1C,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,gBAAgB,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,wBAAwB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QAEnE,OAAO,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAiB,EAAE,SAAS,CAAC,CAAC,CAAC;IAClF,CAAC;IAED;;;;;;OAMG;IAGU,AAAN,KAAK,CAAC,IAAI,CACC,MAAY,EACT,OAAiB;QAEpC,MAAM,gBAAgB,GAAG,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,cAAc,CAAuB,CAAC;QACjF,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO,IAAI,kBAAkB,CAAC;gBAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,2CAA2C,EAAE;aAC5F,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,iEAAiE;YACjE,mEAAmE;YACnE,uBAAuB;YACvB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YACpC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC;YAC9C,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;YAC1C,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzC,OAAO,IAAI,kBAAkB,CAAC;gBAC5B,KAAK,EAAE,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,gCAAgC,EAAE;aAClF,CAAC,CAAC;QACL,CAAC;QAED,sCAAsC;QACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAE9C,MAAM,kBAAkB,GAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAwB,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAChH,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAE1C,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,sBAAsB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAEnE,MAAM,MAAM,GAAG,kBAAkB,CAAC,CAAC,CAAC,aAAa,CAAC,kBAAkB,EAAE,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAChG,OAAO,IAAI,EAAE,CAAC;YACZ,GAAI,QAAQ,CAAC,sBAAsB,CAAC,EAAE,cAAc,EAAE,KAAK,EAAE,CAAS;YACtE,UAAU,EAAE,kBAAkB;YAC9B,MAAM,EAAE,MAAM;SACI,CAAC,CAAC;IACxB,CAAC;IAED;;;OAGG;IACO,SAAS,CAAC,KAAwD;QAC1E,OAAO,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;IACtB,CAAC;IAED;;;OAGG;IACO,UAAU,CAAC,IAAY;QAC/B,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,CAAC,KAAK,EAA+B,CAAC;IAC7G,CAAC;IAED;;;OAGG;IACO,YAAY,CAAC,IAAY;QACjC,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAA8B,CAAC;IAC3D,CAAC;IAES,aAAa,CAAC,MAAY,EAAE,YAAkB,EAAE,UAAkB,EAAE,SAAiB;QAC7F,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAChF,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,sBAAsB,CAAC,EAAE,cAAc,EAAE,KAAK,EAAE,CAAQ;YACrE,YAAY,EAAE,YAAY,CAAC,sBAAsB,CAAC,EAAE,cAAc,EAAE,KAAK,EAAE,CAAQ;YACnF,UAAU,EAAE,UAAU;YACtB,cAAc,EAAE,MAAM,CAAC,IAAI,IAAI,EAAE;YACjC,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,SAAS;SACrB,CAAC;IACJ,CAAC;CACF,CAAA;AA/OW;IADT,UAAU,CAAC,aAAa,CAAC;8BACZ,aAAa;mDAAC;AAGlB;IADT,iBAAiB,CAAC,eAAe,CAAC;8BACP,gBAAgB;iEAAC;AAGnC;IADT,iBAAiB,CAAC,cAAc,CAAC;8BACP,eAAe;gEAAC;AAGjC;IADT,MAAM,CAAC,oCAAoC,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;;gEAClC;AAGzB;IADT,MAAM,CAAC,mCAAmC,EAAE,EAAE,YAAY,EAAE,CAAC,QAAQ,CAAa,EAAE,CAAC;;+DACnD;AAWtB;IAFZ,GAAG,CAAC,aAAa,CAAC;IAClB,MAAM,CAAC,YAAY,CAAC;IAElB,WAAA,WAAW,EAAE,CAAA;IACb,WAAA,WAAW,EAAE,CAAA;IACb,WAAA,WAAW,EAAE,CAAA;;;;uDAWf;AAmBY;IAFZ,IAAI,CAAC,aAAa,CAAC;IACnB,MAAM,CAAC,YAAY,CAAC;IAElB,WAAA,YAAY,EAAE,CAAA;IACd,WAAA,eAAe,EAAE,CAAA;IACjB,WAAA,IAAI,EAAE,CAAA;;qCAFiB,IAAI,UAEX,cAAc;;oDAuFhC;AAWY;IAFZ,GAAG,CAAC,aAAa,CAAC;IAClB,MAAM,CAAC,YAAY,CAAC;IAElB,WAAA,YAAY,EAAE,CAAA;IACd,WAAA,eAAe,EAAE,CAAA;;qCADM,IAAI;;mDA4C7B;AA5MU,uBAAuB;IADnC,QAAQ,CAAC,MAAM,CAAC;GACJ,uBAAuB,CAiPnC"}
@@ -1,24 +0,0 @@
1
- export declare const ImpersonateDtoSchema: {
2
- $schema: string;
3
- title: string;
4
- type: string;
5
- properties: {
6
- TargetUuid: {
7
- type: string;
8
- format: string;
9
- description: string;
10
- };
11
- Password: {
12
- type: string;
13
- maxLength: number;
14
- description: string;
15
- };
16
- };
17
- required: string[];
18
- };
19
- export declare class ImpersonateDto {
20
- TargetUuid: string;
21
- Password?: string;
22
- constructor(data: any);
23
- }
24
- //# sourceMappingURL=impersonate-dto.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"impersonate-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/impersonate-dto.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;CAShC,CAAC;AAEF,qBACa,cAAc;IAClB,UAAU,EAAE,MAAM,CAAC;IAEnB,QAAQ,CAAC,EAAE,MAAM,CAAC;gBAEb,IAAI,EAAE,GAAG;CAGtB"}
@@ -1,31 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- import { Schema } from '@spinajs/validation';
11
- export const ImpersonateDtoSchema = {
12
- $schema: 'http://json-schema.org/draft-07/schema#',
13
- title: 'Impersonate DTO',
14
- type: 'object',
15
- properties: {
16
- TargetUuid: { type: 'string', format: 'uuid', description: 'UUID of the user to impersonate' },
17
- Password: { type: 'string', maxLength: 32, description: 'Impersonator password (required when rbac.impersonation.requirePassword is true)' },
18
- },
19
- required: ['TargetUuid'],
20
- };
21
- let ImpersonateDto = class ImpersonateDto {
22
- constructor(data) {
23
- Object.assign(this, data);
24
- }
25
- };
26
- ImpersonateDto = __decorate([
27
- Schema(ImpersonateDtoSchema),
28
- __metadata("design:paramtypes", [Object])
29
- ], ImpersonateDto);
30
- export { ImpersonateDto };
31
- //# sourceMappingURL=impersonate-dto.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"impersonate-dto.js","sourceRoot":"","sources":["../../../src/dto/impersonate-dto.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,iBAAiB;IACxB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,iCAAiC,EAAE;QAC9F,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW,EAAE,kFAAkF,EAAE;KAC7I;IACD,QAAQ,EAAE,CAAC,YAAY,CAAC;CACzB,CAAC;AAGK,IAAM,cAAc,GAApB,MAAM,cAAc;IAKzB,YAAY,IAAS;QACnB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;CACF,CAAA;AARY,cAAc;IAD1B,MAAM,CAAC,oBAAoB,CAAC;;GAChB,cAAc,CAQ1B"}
@@ -1,24 +0,0 @@
1
- export declare const SwitchRoleDtoSchema: {
2
- $schema: string;
3
- title: string;
4
- type: string;
5
- properties: {
6
- Role: {
7
- type: string;
8
- minLength: number;
9
- description: string;
10
- };
11
- Password: {
12
- type: string;
13
- maxLength: number;
14
- description: string;
15
- };
16
- };
17
- required: string[];
18
- };
19
- export declare class SwitchRoleDto {
20
- Role: string;
21
- Password?: string;
22
- constructor(data: any);
23
- }
24
- //# sourceMappingURL=switchRole-dto.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"switchRole-dto.d.ts","sourceRoot":"","sources":["../../../src/dto/switchRole-dto.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;CAS/B,CAAC;AAEF,qBACa,aAAa;IACjB,IAAI,EAAE,MAAM,CAAC;IAEb,QAAQ,CAAC,EAAE,MAAM,CAAC;gBAEb,IAAI,EAAE,GAAG;CAGtB"}
@@ -1,31 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- import { Schema } from '@spinajs/validation';
11
- export const SwitchRoleDtoSchema = {
12
- $schema: 'http://json-schema.org/draft-07/schema#',
13
- title: 'Switch active role DTO',
14
- type: 'object',
15
- properties: {
16
- Role: { type: 'string', minLength: 1, description: 'Role to activate. Must be one of the user\'s assigned roles.' },
17
- Password: { type: 'string', maxLength: 32, description: 'User password. Required when activating roles listed in rbac.roleSwitch.requirePassword.' },
18
- },
19
- required: ['Role'],
20
- };
21
- let SwitchRoleDto = class SwitchRoleDto {
22
- constructor(data) {
23
- Object.assign(this, data);
24
- }
25
- };
26
- SwitchRoleDto = __decorate([
27
- Schema(SwitchRoleDtoSchema),
28
- __metadata("design:paramtypes", [Object])
29
- ], SwitchRoleDto);
30
- export { SwitchRoleDto };
31
- //# sourceMappingURL=switchRole-dto.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"switchRole-dto.js","sourceRoot":"","sources":["../../../src/dto/switchRole-dto.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,wBAAwB;IAC/B,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE,WAAW,EAAE,8DAA8D,EAAE;QACnH,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW,EAAE,0FAA0F,EAAE;KACrJ;IACD,QAAQ,EAAE,CAAC,MAAM,CAAC;CACnB,CAAC;AAGK,IAAM,aAAa,GAAnB,MAAM,aAAa;IAKxB,YAAY,IAAS;QACnB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC;CACF,CAAA;AARY,aAAa;IADzB,MAAM,CAAC,mBAAmB,CAAC;;GACf,aAAa,CAQzB"}
@@ -1,14 +0,0 @@
1
- import { SessionProvider } from '@spinajs/rbac';
2
- import { LogoutHandler, ILogoutContext, ILogoutResult } from '../logout.js';
3
- /**
4
- * Default logout handler: deletes the session and clears the ssid cookie.
5
- * Runs last (priority 999) so any earlier handler can short-circuit (e.g.
6
- * the impersonation revert handler) before the session is destroyed.
7
- */
8
- export declare class DefaultLogoutHandler extends LogoutHandler {
9
- Priority: number;
10
- protected SessionProvider: SessionProvider;
11
- protected SessionCookieConfig: Record<string, unknown>;
12
- handle(context: ILogoutContext): Promise<ILogoutResult | null>;
13
- }
14
- //# sourceMappingURL=DefaultLogoutHandler.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"DefaultLogoutHandler.d.ts","sourceRoot":"","sources":["../../../src/handlers/DefaultLogoutHandler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAE5E;;;;GAIG;AACH,qBACa,oBAAqB,SAAQ,aAAa;IAC9C,QAAQ,SAAO;IAGtB,SAAS,CAAC,eAAe,EAAG,eAAe,CAAC;IAG5C,SAAS,CAAC,mBAAmB,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE3C,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;CAuB5E"}
@@ -1,58 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- import { Injectable } from '@spinajs/di';
11
- import { AutoinjectService, Config } from '@spinajs/configuration';
12
- import { SessionProvider } from '@spinajs/rbac';
13
- import { LogoutHandler } from '../logout.js';
14
- /**
15
- * Default logout handler: deletes the session and clears the ssid cookie.
16
- * Runs last (priority 999) so any earlier handler can short-circuit (e.g.
17
- * the impersonation revert handler) before the session is destroyed.
18
- */
19
- let DefaultLogoutHandler = class DefaultLogoutHandler extends LogoutHandler {
20
- constructor() {
21
- super(...arguments);
22
- this.Priority = 999;
23
- }
24
- async handle(context) {
25
- if (!context.Ssid) {
26
- // Nothing to delete; still return a result so the chain stops.
27
- return { Body: null };
28
- }
29
- await this.SessionProvider.delete(context.Ssid);
30
- return {
31
- Body: null,
32
- Cookies: [
33
- {
34
- Name: 'ssid',
35
- Value: '',
36
- Options: {
37
- httpOnly: true,
38
- maxAge: 0,
39
- ...this.SessionCookieConfig,
40
- },
41
- },
42
- ],
43
- };
44
- }
45
- };
46
- __decorate([
47
- AutoinjectService('rbac.session'),
48
- __metadata("design:type", SessionProvider)
49
- ], DefaultLogoutHandler.prototype, "SessionProvider", void 0);
50
- __decorate([
51
- Config('rbac.session.cookie', {}),
52
- __metadata("design:type", Object)
53
- ], DefaultLogoutHandler.prototype, "SessionCookieConfig", void 0);
54
- DefaultLogoutHandler = __decorate([
55
- Injectable(LogoutHandler)
56
- ], DefaultLogoutHandler);
57
- export { DefaultLogoutHandler };
58
- //# sourceMappingURL=DefaultLogoutHandler.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"DefaultLogoutHandler.js","sourceRoot":"","sources":["../../../src/handlers/DefaultLogoutHandler.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,aAAa,EAAiC,MAAM,cAAc,CAAC;AAE5E;;;;GAIG;AAEI,IAAM,oBAAoB,GAA1B,MAAM,oBAAqB,SAAQ,aAAa;IAAhD;;QACE,aAAQ,GAAG,GAAG,CAAC;IA+BxB,CAAC;IAvBQ,KAAK,CAAC,MAAM,CAAC,OAAuB;QACzC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,+DAA+D;YAC/D,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACxB,CAAC;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEhD,OAAO;YACL,IAAI,EAAE,IAAI;YACV,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE;wBACP,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC;wBACT,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF;SACF,CAAC;IACJ,CAAC;CACF,CAAA;AA5BW;IADT,iBAAiB,CAAC,cAAc,CAAC;8BACN,eAAe;6DAAC;AAGlC;IADT,MAAM,CAAC,qBAAqB,EAAE,EAAE,CAAC;;iEACsB;AAP7C,oBAAoB;IADhC,UAAU,CAAC,aAAa,CAAC;GACb,oBAAoB,CAgChC"}
@@ -1,18 +0,0 @@
1
- import { SessionProvider, User } from '@spinajs/rbac';
2
- import { LogoutHandler, ILogoutContext, ILogoutResult } from '../logout.js';
3
- /**
4
- * Logout handler that detects an active impersonation and reverts it instead
5
- * of destroying the session. Runs early (priority 10) so it short-circuits
6
- * the default session-deletion handler when applicable.
7
- */
8
- export declare class ImpersonationLogoutHandler extends LogoutHandler {
9
- Priority: number;
10
- protected SessionProvider: SessionProvider;
11
- handle(context: ILogoutContext): Promise<ILogoutResult | null>;
12
- /**
13
- * Hook for tests to intercept event emission without stubbing the module-level
14
- * `_ev` ESM binding.
15
- */
16
- protected emitEvent(original: User, target: User): Promise<void>;
17
- }
18
- //# sourceMappingURL=ImpersonationLogoutHandler.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"ImpersonationLogoutHandler.d.ts","sourceRoot":"","sources":["../../../src/handlers/ImpersonationLogoutHandler.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,IAAI,EAA0B,MAAM,eAAe,CAAC;AAE9E,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAE5E;;;;GAIG;AACH,qBACa,0BAA2B,SAAQ,aAAa;IACpD,QAAQ,SAAM;IAGrB,SAAS,CAAC,eAAe,EAAG,eAAe,CAAC;IAE/B,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IA0B3E;;;OAGG;IACH,SAAS,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAGjE"}
@@ -1,63 +0,0 @@
1
- var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
2
- var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
3
- if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
4
- else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
5
- return c > 3 && r && Object.defineProperty(target, key, r), r;
6
- };
7
- var __metadata = (this && this.__metadata) || function (k, v) {
8
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
9
- };
10
- import { Injectable } from '@spinajs/di';
11
- import { AutoinjectService } from '@spinajs/configuration';
12
- import { SessionProvider, User, UserImpersonationEnded } from '@spinajs/rbac';
13
- import { _ev } from '@spinajs/queue';
14
- import { LogoutHandler } from '../logout.js';
15
- /**
16
- * Logout handler that detects an active impersonation and reverts it instead
17
- * of destroying the session. Runs early (priority 10) so it short-circuits
18
- * the default session-deletion handler when applicable.
19
- */
20
- let ImpersonationLogoutHandler = class ImpersonationLogoutHandler extends LogoutHandler {
21
- constructor() {
22
- super(...arguments);
23
- this.Priority = 10;
24
- }
25
- async handle(context) {
26
- const session = context.Session;
27
- if (!session)
28
- return null;
29
- const impersonatorUuid = session.Data.get('Impersonator');
30
- if (!impersonatorUuid)
31
- return null;
32
- const original = await User.getByUuid(impersonatorUuid);
33
- session.Data.set('User', original.Uuid);
34
- session.Data.delete('Impersonator');
35
- session.Data.delete('ImpersonationStartedAt');
36
- const restoredActiveRole = session.Data.get('OriginalActiveRole') ?? original.Role?.[0];
37
- if (restoredActiveRole) {
38
- session.Data.set('ActiveRole', restoredActiveRole);
39
- }
40
- session.Data.delete('OriginalActiveRole');
41
- await this.SessionProvider.save(session);
42
- await this.emitEvent(original, context.User);
43
- // Take ownership of the response: no cookie change — the original user's
44
- // session continues.
45
- return { Body: { ImpersonationEnded: true } };
46
- }
47
- /**
48
- * Hook for tests to intercept event emission without stubbing the module-level
49
- * `_ev` ESM binding.
50
- */
51
- emitEvent(original, target) {
52
- return _ev(new UserImpersonationEnded(original, target))();
53
- }
54
- };
55
- __decorate([
56
- AutoinjectService('rbac.session'),
57
- __metadata("design:type", SessionProvider)
58
- ], ImpersonationLogoutHandler.prototype, "SessionProvider", void 0);
59
- ImpersonationLogoutHandler = __decorate([
60
- Injectable(LogoutHandler)
61
- ], ImpersonationLogoutHandler);
62
- export { ImpersonationLogoutHandler };
63
- //# sourceMappingURL=ImpersonationLogoutHandler.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"ImpersonationLogoutHandler.js","sourceRoot":"","sources":["../../../src/handlers/ImpersonationLogoutHandler.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AAC9E,OAAO,EAAE,GAAG,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,aAAa,EAAiC,MAAM,cAAc,CAAC;AAE5E;;;;GAIG;AAEI,IAAM,0BAA0B,GAAhC,MAAM,0BAA2B,SAAQ,aAAa;IAAtD;;QACE,aAAQ,GAAG,EAAE,CAAC;IAsCvB,CAAC;IAjCQ,KAAK,CAAC,MAAM,CAAC,OAAuB;QACzC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAChC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,MAAM,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,CAAuB,CAAC;QAChF,IAAI,CAAC,gBAAgB;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAExD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QACpC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAC9C,MAAM,kBAAkB,GAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAwB,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAChH,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAE1C,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QAE7C,yEAAyE;QACzE,qBAAqB;QACrB,OAAO,EAAE,IAAI,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,EAAE,CAAC;IAChD,CAAC;IAED;;;OAGG;IACO,SAAS,CAAC,QAAc,EAAE,MAAY;QAC9C,OAAO,GAAG,CAAC,IAAI,sBAAsB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;IAC7D,CAAC;CACF,CAAA;AAnCW;IADT,iBAAiB,CAAC,cAAc,CAAC;8BACN,eAAe;mEAAC;AAJjC,0BAA0B;IADtC,UAAU,CAAC,aAAa,CAAC;GACb,0BAA0B,CAuCtC"}
@@ -1,51 +0,0 @@
1
- import type { ISession, User } from '@spinajs/rbac';
2
- /**
3
- * Per-request context handed to each {@link LogoutHandler} during logout.
4
- * The session may be null when the caller has no active session — handlers
5
- * should treat that as a no-op.
6
- */
7
- export interface ILogoutContext {
8
- /** Raw signed session cookie value (already unsigned by the framework) */
9
- Ssid: string;
10
- /** Restored session, or null when none is active */
11
- Session: ISession | null;
12
- /** Logged-in user as resolved by RbacMiddleware */
13
- User: User;
14
- }
15
- /** Cookie operation a handler may attach to its response */
16
- export interface ILogoutCookie {
17
- Name: string;
18
- Value: string;
19
- Options: Record<string, unknown>;
20
- }
21
- /** Response payload a handler returns when it takes ownership of the logout */
22
- export interface ILogoutResult {
23
- /** Response body */
24
- Body?: unknown;
25
- /** Cookie operations to attach */
26
- Cookies?: ILogoutCookie[];
27
- }
28
- /**
29
- * Pluggable logout step. Handlers are resolved via `DI.resolve(Array.ofType(LogoutHandler))`
30
- * by the logout controller and executed in ascending Priority order. The first
31
- * handler that returns a non-null result takes ownership of the response — the
32
- * chain stops there. Returning null defers to the next handler.
33
- *
34
- * Built-ins:
35
- * - {@link ImpersonationLogoutHandler} (priority 10) — when an impersonation
36
- * is active, revert it and keep the session alive.
37
- * - {@link DefaultLogoutHandler} (priority 999) — destroy the session and
38
- * clear the ssid cookie.
39
- *
40
- * Register custom handlers with @Injectable(LogoutHandler). Choose a Priority
41
- * lower than 999 to run before the default session destruction.
42
- */
43
- export declare abstract class LogoutHandler {
44
- /**
45
- * Lower runs first. Default 100. The default cleanup handler runs at 999;
46
- * pick a value below that to run before it.
47
- */
48
- Priority: number;
49
- abstract handle(context: ILogoutContext): Promise<ILogoutResult | null>;
50
- }
51
- //# sourceMappingURL=logout.d.ts.map