@spinajs/rbac-http 1.2.108

package/README.md

@@ -0,0 +1,11 @@
+# `rbac-http`
+
+> TODO: description
+
+## Usage
+
+```
+const rbacHttp = require('rbac-http');
+
+// TODO: DEMONSTRATE API
+```

package/lib/config/rbac-http.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/config/rbac-http.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const middlewares_1 = require("../middlewares");
+const path_1 = require("path");
+function dir(path) {
+    return (0, path_1.resolve)((0, path_1.normalize)((0, path_1.join)(__dirname, path)));
+}
+module.exports = {
+    system: {
+        dirs: {
+            controllers: [dir('./../controllers')],
+            locales: [dir('./../locales')],
+            views: [dir('./../views')],
+        },
+    },
+    http: {
+        middlewares: [
+            // add global user from session middleware
+            (0, middlewares_1.UserFromSession)(),
+        ],
+    },
+};
+//# sourceMappingURL=rbac-http.js.map

package/lib/config/rbac-http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-http.js","sourceRoot":"","sources":["../../src/config/rbac-http.ts"],"names":[],"mappings":";;AAAA,gDAAiD;AACjD,+BAAgD;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,OAAO,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC;AACD,MAAM,CAAC,OAAO,GAAG;IACf,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,WAAW,EAAE,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACtC,OAAO,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC9B,KAAK,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;SAC3B;KACF;IACD,IAAI,EAAE;QACJ,WAAW,EAAE;YACX,0CAA0C;YAC1C,IAAA,6BAAe,GAAE;SAClB;KACF;CACF,CAAC"}

package/lib/controllers/LoginController.d.ts

@@ -0,0 +1,12 @@
+import { LoginDto } from './../dto/login-dto';
+import { BaseController, Ok, CookieResponse, Unauthorized } from '@spinajs/http';
+import { AuthProvider, SessionProvider } from '@spinajs/rbac';
+import { Configuration } from '@spinajs/configuration';
+export declare class LoginController extends BaseController {
+    protected Configuration: Configuration;
+    protected AuthProvider: AuthProvider;
+    protected SessionProvider: SessionProvider;
+    protected SessionExpirationTime: number;
+    login(credentials: LoginDto): Promise<Unauthorized | CookieResponse>;
+    logout(ssid: string): Promise<Ok | CookieResponse>;
+}

package/lib/controllers/LoginController.js

@@ -0,0 +1,91 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoginController = void 0;
+const login_dto_1 = require("./../dto/login-dto");
+const http_1 = require("@spinajs/http");
+const rbac_1 = require("@spinajs/rbac");
+const di_1 = require("@spinajs/di");
+const configuration_1 = require("@spinajs/configuration");
+const luxon_1 = require("luxon");
+let LoginController = class LoginController extends http_1.BaseController {
+    async login(credentials) {
+        const user = await this.AuthProvider.authenticate(credentials.Login, credentials.Password);
+        if (!user) {
+            return new http_1.Unauthorized({
+                error: {
+                    message: 'login or password incorrect',
+                },
+            });
+        }
+        const lifetime = luxon_1.DateTime.now().plus({ minutes: this.SessionExpirationTime });
+        const uObject = {
+            Login: user.Login,
+            Email: user.Email,
+            NiceName: user.NiceName,
+            Metadata: user.Metadata.map((m) => ({ Key: m.Key, Value: m.Value })),
+            Role: user.Role,
+            Id: user.Id,
+        };
+        const session = new rbac_1.Session({
+            Data: uObject,
+            Expiration: lifetime,
+        });
+        await this.SessionProvider.updateSession(session);
+        return new http_1.CookieResponse('ssid', session.SessionId, this.SessionExpirationTime, uObject);
+    }
+    async logout(ssid) {
+        if (!ssid) {
+            return new http_1.Ok();
+        }
+        await this.SessionProvider.deleteSession(ssid);
+        // send empty cookie to confirm session deletion
+        return new http_1.CookieResponse('ssid', null, this.SessionExpirationTime);
+    }
+};
+__decorate([
+    (0, di_1.Autoinject)(),
+    __metadata("design:type", configuration_1.Configuration)
+], LoginController.prototype, "Configuration", void 0);
+__decorate([
+    (0, di_1.Autoinject)(),
+    __metadata("design:type", rbac_1.AuthProvider)
+], LoginController.prototype, "AuthProvider", void 0);
+__decorate([
+    (0, di_1.Autoinject)(),
+    __metadata("design:type", rbac_1.SessionProvider)
+], LoginController.prototype, "SessionProvider", void 0);
+__decorate([
+    (0, configuration_1.Config)('acl.session.expiration', 10),
+    __metadata("design:type", Number)
+], LoginController.prototype, "SessionExpirationTime", void 0);
+__decorate([
+    (0, http_1.Post)(),
+    __param(0, (0, http_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [login_dto_1.LoginDto]),
+    __metadata("design:returntype", Promise)
+], LoginController.prototype, "login", null);
+__decorate([
+    (0, http_1.Get)(),
+    __param(0, (0, http_1.Cookie)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], LoginController.prototype, "logout", null);
+LoginController = __decorate([
+    (0, http_1.BasePath)('auth')
+], LoginController);
+exports.LoginController = LoginController;
+//# sourceMappingURL=LoginController.js.map

package/lib/controllers/LoginController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,kDAA8C;AAC9C,wCAAoH;AACpH,wCAAuE;AACvE,oCAAyC;AACzC,0DAA+D;AAC/D,iCAAiC;AAGjC,IAAa,eAAe,GAA5B,MAAa,eAAgB,SAAQ,qBAAc;IAc1C,KAAK,CAAC,KAAK,CAAS,WAAqB;QAC9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE3F,IAAI,CAAC,IAAI,EAAE;YACT,OAAO,IAAI,mBAAY,CAAC;gBACtB,KAAK,EAAE;oBACL,OAAO,EAAE,6BAA6B;iBACvC;aACF,CAAC,CAAC;SACJ;QACD,MAAM,QAAQ,GAAG,gBAAQ,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,qBAAqB,EAAE,CAAC,CAAC;QAE9E,MAAM,OAAO,GAAG;YACd,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACpE,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,EAAE,EAAE,IAAI,CAAC,EAAE;SACZ,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,cAAO,CAAC;YAC1B,IAAI,EAAE,OAAO;YACb,UAAU,EAAE,QAAQ;SACrB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO,IAAI,qBAAc,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;IAC5F,CAAC;IAGM,KAAK,CAAC,MAAM,CAAW,IAAY;QACxC,IAAI,CAAC,IAAI,EAAE;YACT,OAAO,IAAI,SAAE,EAAE,CAAC;SACjB;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAE/C,gDAAgD;QAChD,OAAO,IAAI,qBAAc,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACtE,CAAC;CACF,CAAA;AAtDC;IADC,IAAA,eAAU,GAAE;8BACY,6BAAa;sDAAC;AAGvC;IADC,IAAA,eAAU,GAAE;8BACW,mBAAY;qDAAC;AAGrC;IADC,IAAA,eAAU,GAAE;8BACc,sBAAe;wDAAC;AAG3C;IADC,IAAA,sBAAM,EAAC,wBAAwB,EAAE,EAAE,CAAC;;8DACG;AAGxC;IADC,IAAA,WAAI,GAAE;IACa,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAAc,oBAAQ;;4CA6B/C;AAGD;IADC,IAAA,UAAG,GAAE;IACe,WAAA,IAAA,aAAM,GAAE,CAAA;;;;6CAS5B;AAvDU,eAAe;IAD3B,IAAA,eAAQ,EAAC,MAAM,CAAC;GACJ,eAAe,CAwD3B;AAxDY,0CAAe"}

package/lib/controllers/UsersController.d.ts

@@ -0,0 +1,17 @@
+import { PasswordDto } from './../dto/password-dto';
+import { UserDto } from './../dto/user-dto';
+import * as express from 'express';
+import { BaseController, Ok, NotFound } from '@spinajs/http';
+import { IContainer } from '@spinajs/di';
+import { UserDataTransformer, IUserResult } from '../transformers';
+import { SORT_ORDER } from '@spinajs/orm/lib/enums';
+export declare class UsersController extends BaseController {
+    protected DataTransformer: UserDataTransformer<IUserResult>;
+    protected Container: IContainer;
+    listUsers(search: string, page: number, perPage: number, order: string, orderDirection: SORT_ORDER, request: express.Request): Promise<NotFound | Ok>;
+    getUser(id: number): Promise<Ok>;
+    addUser(user: UserDto): Promise<Ok>;
+    deleteUser(id: number): Promise<Ok>;
+    updateUser(id: number, user: UserDto): Promise<Ok>;
+    updateUserPassword(id: number, pwd: PasswordDto): Promise<Ok>;
+}

package/lib/controllers/UsersController.js

@@ -0,0 +1,199 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UsersController = void 0;
+const password_dto_1 = require("./../dto/password-dto");
+const user_dto_1 = require("./../dto/user-dto");
+const rbac_1 = require("@spinajs/rbac");
+const express = __importStar(require("express"));
+const http_1 = require("@spinajs/http");
+const exceptions_1 = require("@spinajs/exceptions");
+const orm_1 = require("@spinajs/orm");
+const di_1 = require("@spinajs/di");
+const transformers_1 = require("../transformers");
+const enums_1 = require("@spinajs/orm/lib/enums");
+const OrderSchema = {
+    type: 'string',
+    enum: ['asc', 'desc'],
+};
+let UsersController = class UsersController extends http_1.BaseController {
+    async listUsers(search, page, perPage, order, orderDirection, request) {
+        const query = rbac_1.User.all()
+            .whereNull('DeletedAt')
+            .skip((page - 1) * perPage)
+            .take(perPage)
+            .order(order, orderDirection)
+            .populate('Roles')
+            .populate('Metadata');
+        const countQuery = rbac_1.User.query().select(new orm_1.RawQuery('count(*) as count')).whereNull('DeletedAt');
+        if (search) {
+            const searchFunc = function () {
+                this.where('Email', 'like', `%${search}%`);
+                this.orWhere('Login', 'like', `${search}%`);
+                this.orWhere('NiceName', 'like', `%${search}%`);
+            };
+            query.where(searchFunc);
+            countQuery.where(searchFunc);
+        }
+        const r = await query;
+        const c = await countQuery.asRaw();
+        if (r.length === 0) {
+            return new http_1.NotFound('no users met search criteria');
+        }
+        return new http_1.Ok(this.DataTransformer.transform({
+            Data: r,
+            Total: c[0].count,
+        }, request));
+    }
+    async getUser(id) {
+        const user = await rbac_1.User.where({
+            Id: id,
+        })
+            .whereNull('DeletedAt')
+            .populate('Metadata')
+            .populate('Roles')
+            .firstOrFail();
+        return new http_1.Ok(user);
+    }
+    async addUser(user) {
+        const password = this.Container.resolve(rbac_1.PasswordProvider);
+        if (user.Password !== user.ConfirmPassword) {
+            throw new exceptions_1.InvalidArgument('password does not match');
+        }
+        let hashedPassword = '';
+        let userPassword = user.Password;
+        if (!userPassword) {
+            userPassword = password.generate();
+        }
+        hashedPassword = await password.hash(userPassword);
+        const entity = new rbac_1.User({
+            Email: user.Email,
+            Login: user.Login,
+            NiceName: user.NiceName,
+            Password: hashedPassword,
+            CreatedAt: new Date(),
+        });
+        await entity.insert();
+        return new http_1.Ok({ Id: entity.Id });
+    }
+    async deleteUser(id) {
+        const entity = await rbac_1.User.getOrFail(id);
+        await entity.destroy();
+        return new http_1.Ok();
+    }
+    async updateUser(id, user) {
+        const entity = await rbac_1.User.getOrFail(id);
+        entity.Email = user.Email;
+        entity.NiceName = user.NiceName;
+        entity.Login = user.Login;
+        await entity.update();
+        return new http_1.Ok();
+    }
+    async updateUserPassword(id, pwd) {
+        if (pwd.Password !== pwd.ConfirmPassword) {
+            throw new exceptions_1.InvalidArgument('password does not match');
+        }
+        const entity = await rbac_1.User.getOrFail(id);
+        const password = this.Container.resolve(rbac_1.PasswordProvider);
+        const hashedPassword = await password.hash(pwd.Password);
+        entity.Password = hashedPassword;
+        await entity.update();
+        return new http_1.Ok();
+    }
+};
+__decorate([
+    (0, di_1.Autoinject)(),
+    __metadata("design:type", transformers_1.UserDataTransformer)
+], UsersController.prototype, "DataTransformer", void 0);
+__decorate([
+    (0, di_1.Autoinject)(di_1.Container),
+    __metadata("design:type", Object)
+], UsersController.prototype, "Container", void 0);
+__decorate([
+    (0, http_1.Get)('/'),
+    __param(0, (0, http_1.Query)()),
+    __param(1, (0, http_1.Query)({ type: 'number', min: 1, default: 0 })),
+    __param(2, (0, http_1.Query)({ type: 'number', min: 1, default: 30 })),
+    __param(3, (0, http_1.Query)()),
+    __param(4, (0, http_1.Query)(OrderSchema)),
+    __param(5, (0, http_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Number, Number, String, String, Object]),
+    __metadata("design:returntype", Promise)
+], UsersController.prototype, "listUsers", null);
+__decorate([
+    (0, http_1.Get)(':id'),
+    __param(0, (0, http_1.PKey)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Number]),
+    __metadata("design:returntype", Promise)
+], UsersController.prototype, "getUser", null);
+__decorate([
+    (0, http_1.Post)('/'),
+    __param(0, (0, http_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [user_dto_1.UserDto]),
+    __metadata("design:returntype", Promise)
+], UsersController.prototype, "addUser", null);
+__decorate([
+    (0, http_1.Del)(':id'),
+    __param(0, (0, http_1.PKey)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Number]),
+    __metadata("design:returntype", Promise)
+], UsersController.prototype, "deleteUser", null);
+__decorate([
+    (0, http_1.Put)(':id'),
+    __param(0, (0, http_1.PKey)()),
+    __param(1, (0, http_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Number, user_dto_1.UserDto]),
+    __metadata("design:returntype", Promise)
+], UsersController.prototype, "updateUser", null);
+__decorate([
+    (0, http_1.Put)(':id/change-password'),
+    __param(0, (0, http_1.PKey)()),
+    __param(1, (0, http_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Number, password_dto_1.PasswordDto]),
+    __metadata("design:returntype", Promise)
+], UsersController.prototype, "updateUserPassword", null);
+UsersController = __decorate([
+    (0, http_1.BasePath)('users')
+], UsersController);
+exports.UsersController = UsersController;
+//# sourceMappingURL=UsersController.js.map

package/lib/controllers/UsersController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"UsersController.js","sourceRoot":"","sources":["../../src/controllers/UsersController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAAoD;AACpD,gDAA4C;AAC5C,wCAAuD;AACvD,iDAAmC;AACnC,wCAAoH;AACpH,oDAAsD;AACtD,sCAAwC;AACxC,oCAAgE;AAChE,kDAAmE;AACnE,kDAAoD;AAEpD,MAAM,WAAW,GAAG;IAClB,IAAI,EAAE,QAAQ;IACd,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;CACtB,CAAC;AAGF,IAAa,eAAe,GAA5B,MAAa,eAAgB,SAAQ,qBAAc;IAQ1C,KAAK,CAAC,SAAS,CAAU,MAAc,EAAiD,IAAY,EAAkD,OAAe,EAAW,KAAa,EAAsB,cAA0B,EAAS,OAAwB;QACnR,MAAM,KAAK,GAAG,WAAI,CAAC,GAAG,EAAE;aACrB,SAAS,CAAC,WAAW,CAAC;aACtB,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,OAAO,CAAC;aAC1B,IAAI,CAAC,OAAO,CAAC;aACb,KAAK,CAAC,KAAK,EAAE,cAAc,CAAC;aAC5B,QAAQ,CAAC,OAAO,CAAC;aACjB,QAAQ,CAAC,UAAU,CAAC,CAAC;QACxB,MAAM,UAAU,GAAG,WAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,IAAI,cAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAEjG,IAAI,MAAM,EAAE;YACV,MAAM,UAAU,GAAG;gBACjB,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,MAAM,GAAG,CAAC,CAAC;gBAC3C,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,CAAC;gBAC5C,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,MAAM,GAAG,CAAC,CAAC;YAClD,CAAC,CAAC;YAEF,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACxB,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;SAC9B;QAED,MAAM,CAAC,GAAG,MAAM,KAAK,CAAC;QACtB,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC,KAAK,EAA4B,CAAC;QAE7D,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YAClB,OAAO,IAAI,eAAQ,CAAC,8BAA8B,CAAC,CAAC;SACrD;QAED,OAAO,IAAI,SAAE,CACX,IAAI,CAAC,eAAe,CAAC,SAAS,CAC5B;YACE,IAAI,EAAE,CAAC;YACP,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK;SAClB,EACD,OAAO,CACR,CACF,CAAC;IACJ,CAAC;IAGM,KAAK,CAAC,OAAO,CAAS,EAAU;QACrC,MAAM,IAAI,GAAG,MAAM,WAAI,CAAC,KAAK,CAAC;YAC5B,EAAE,EAAE,EAAE;SACP,CAAC;aACC,SAAS,CAAC,WAAW,CAAC;aACtB,QAAQ,CAAC,UAAU,CAAC;aACpB,QAAQ,CAAC,OAAO,CAAC;aACjB,WAAW,EAAE,CAAC;QAEjB,OAAO,IAAI,SAAE,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;IAGM,KAAK,CAAC,OAAO,CAAS,IAAa;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAmB,uBAAgB,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,eAAe,EAAE;YAC1C,MAAM,IAAI,4BAAe,CAAC,yBAAyB,CAAC,CAAC;SACtD;QAED,IAAI,cAAc,GAAG,EAAE,CAAC;QACxB,IAAI,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;QAEjC,IAAI,CAAC,YAAY,EAAE;YACjB,YAAY,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC;SACpC;QAED,cAAc,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,WAAI,CAAC;YACtB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,cAAc;YACxB,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;QAEtB,OAAO,IAAI,SAAE,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;IACnC,CAAC;IAGM,KAAK,CAAC,UAAU,CAAS,EAAU;QACxC,MAAM,MAAM,GAAG,MAAM,WAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACxC,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;QACvB,OAAO,IAAI,SAAE,EAAE,CAAC;IAClB,CAAC;IAGM,KAAK,CAAC,UAAU,CAAS,EAAU,EAAU,IAAa;QAC/D,MAAM,MAAM,GAAG,MAAM,WAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAExC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QAC1B,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAChC,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QAC1B,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;QAEtB,OAAO,IAAI,SAAE,EAAE,CAAC;IAClB,CAAC;IAGM,KAAK,CAAC,kBAAkB,CAAS,EAAU,EAAU,GAAgB;QAC1E,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,eAAe,EAAE;YACxC,MAAM,IAAI,4BAAe,CAAC,yBAAyB,CAAC,CAAC;SACtD;QAED,MAAM,MAAM,GAAG,MAAM,WAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAmB,uBAAgB,CAAC,CAAC;QAC5E,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,CAAC,QAAQ,GAAG,cAAc,CAAC;QACjC,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;QAEtB,OAAO,IAAI,SAAE,EAAE,CAAC;IAClB,CAAC;CACF,CAAA;AAvHC;IADC,IAAA,eAAU,GAAE;8BACc,kCAAmB;wDAAc;AAG5D;IADC,IAAA,eAAU,EAAC,cAAS,CAAC;;kDACU;AAGhC;IADC,IAAA,UAAG,EAAC,GAAG,CAAC;IACe,WAAA,IAAA,YAAK,GAAE,CAAA;IAAkB,WAAA,IAAA,YAAK,EAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAA;IAAgB,WAAA,IAAA,YAAK,EAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAA;IAAmB,WAAA,IAAA,YAAK,GAAE,CAAA;IAAiB,WAAA,IAAA,YAAK,EAAC,WAAW,CAAC,CAAA;IAA8B,WAAA,IAAA,UAAG,GAAE,CAAA;;;;gDAqC3P;AAGD;IADC,IAAA,UAAG,EAAC,KAAK,CAAC;IACW,WAAA,IAAA,WAAI,GAAE,CAAA;;;;8CAU3B;AAGD;IADC,IAAA,WAAI,EAAC,GAAG,CAAC;IACY,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAAO,kBAAO;;8CAyBzC;AAGD;IADC,IAAA,UAAG,EAAC,KAAK,CAAC;IACc,WAAA,IAAA,WAAI,GAAE,CAAA;;;;iDAI9B;AAGD;IADC,IAAA,UAAG,EAAC,KAAK,CAAC;IACc,WAAA,IAAA,WAAI,GAAE,CAAA;IAAc,WAAA,IAAA,WAAI,GAAE,CAAA;;6CAAO,kBAAO;;iDAShE;AAGD;IADC,IAAA,UAAG,EAAC,qBAAqB,CAAC;IACM,WAAA,IAAA,WAAI,GAAE,CAAA;IAAc,WAAA,IAAA,WAAI,GAAE,CAAA;;6CAAM,0BAAW;;yDAY3E;AAxHU,eAAe;IAD3B,IAAA,eAAQ,EAAC,OAAO,CAAC;GACL,eAAe,CAyH3B;AAzHY,0CAAe"}

package/lib/decorators.d.ts

@@ -0,0 +1,16 @@
+export declare const ACL_CONTROLLER_DESCRIPTOR: unique symbol;
+/**
+ * Assign resource for controller
+ *
+ * @param resource - name of resource
+ * @param permission - default permission
+ */
+export declare function Resource(resource: string, permission?: 'readAny' | 'readOwn' | 'updateAny' | 'updateOwn' | 'deleteAny' | 'deleteOwn' | 'createAny' | 'createOwn'): any;
+/**
+ *
+ * Assigns permission for controller route
+ *
+ * @param permission - permission to set
+ */
+export declare function Permission(permission: string): any;
+export declare function FromUser(): (target: any, propertyKey?: string | symbol, indexOrDescriptor?: number | PropertyDescriptor) => void;

package/lib/decorators.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FromUser = exports.Permission = exports.Resource = exports.ACL_CONTROLLER_DESCRIPTOR = void 0;
+const http_1 = require("@spinajs/http");
+const policies_1 = require("./policies");
+exports.ACL_CONTROLLER_DESCRIPTOR = Symbol('ACL_CONTROLLER_DESCRIPTOR_SYMBOL');
+function descriptor(callback) {
+    return (target, propertyKey, indexOrDescriptor) => {
+        let metadata = Reflect.getMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, target.prototype || target);
+        if (!metadata) {
+            metadata = {
+                Resource: '',
+                Routes: new Map(),
+                Permission: 'readOwn',
+            };
+            Reflect.defineMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, metadata, target.prototype || target);
+        }
+        if (callback) {
+            callback(metadata, target, propertyKey, indexOrDescriptor);
+        }
+    };
+}
+/**
+ * Assign resource for controller
+ *
+ * @param resource - name of resource
+ * @param permission - default permission
+ */
+function Resource(resource, permission = 'readOwn') {
+    return descriptor((metadata, target) => {
+        (0, http_1.Policy)(policies_1.AclPolicy)(target, null, null);
+        metadata.Resource = resource;
+        metadata.Permission = permission;
+    });
+}
+exports.Resource = Resource;
+/**
+ *
+ * Assigns permission for controller route
+ *
+ * @param permission - permission to set
+ */
+function Permission(permission) {
+    return descriptor((metadata, target, propertyKey) => {
+        let route = null;
+        if (propertyKey) {
+            if (metadata.Routes.has(propertyKey)) {
+                route = metadata.Routes.get(propertyKey);
+            }
+            else {
+                route = {
+                    Permission: permission,
+                };
+            }
+            metadata.Routes.set(propertyKey, route);
+        }
+        (0, http_1.Policy)(policies_1.AclPolicy)(target, propertyKey, null);
+    });
+}
+exports.Permission = Permission;
+function FromUser() {
+    return (0, http_1.Route)((0, http_1.Parameter)('UserArg'));
+}
+exports.FromUser = FromUser;
+//# sourceMappingURL=decorators.js.map

package/lib/decorators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../src/decorators.ts"],"names":[],"mappings":";;;AACA,wCAAyD;AACzD,yCAAuC;AAE1B,QAAA,yBAAyB,GAAG,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAEpF,SAAS,UAAU,CAAC,QAAyI;IAC3J,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,iBAA8C,EAAE,EAAE;QACnG,IAAI,QAAQ,GAAmB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;QAC1G,IAAI,CAAC,QAAQ,EAAE;YACb,QAAQ,GAAG;gBACT,QAAQ,EAAE,EAAE;gBACZ,MAAM,EAAE,IAAI,GAAG,EAAyC;gBACxD,UAAU,EAAE,SAAS;aACtB,CAAC;YAEF,OAAO,CAAC,cAAc,CAAC,iCAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;SACzF;QAED,IAAI,QAAQ,EAAE;YACZ,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;SAC5D;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,QAAgB,EAAE,aAAwH,SAAS;IAC1K,OAAO,UAAU,CAAC,CAAC,QAAwB,EAAE,MAAW,EAAE,EAAE;QAC1D,IAAA,aAAM,EAAC,oBAAS,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAEtC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAPD,4BAOC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,UAAkB;IAC3C,OAAO,UAAU,CAAC,CAAC,QAAwB,EAAE,MAAW,EAAE,WAAmB,EAAE,EAAE;QAC/E,IAAI,KAAK,GAAkC,IAAI,CAAC;QAEhD,IAAI,WAAW,EAAE;YACf,IAAI,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;gBACpC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;aAC1C;iBAAM;gBACL,KAAK,GAAG;oBACN,UAAU,EAAE,UAAU;iBACvB,CAAC;aACH;YAED,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;SACzC;QAED,IAAA,aAAM,EAAC,oBAAS,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC;AAlBD,gCAkBC;AAED,SAAgB,QAAQ;IACtB,OAAO,IAAA,YAAK,EAAC,IAAA,gBAAS,EAAC,SAAS,CAAC,CAAC,CAAC;AACrC,CAAC;AAFD,4BAEC"}

package/lib/dto/login-dto.d.ts

@@ -0,0 +1,20 @@
+export declare const LoginDtoSchema: {
+    $schema: string;
+    title: string;
+    type: string;
+    properties: {
+        Login: {
+            type: string;
+            maxLength: number;
+        };
+        Password: {
+            type: string;
+            maxLength: number;
+        };
+    };
+    required: string[];
+};
+export declare class LoginDto {
+    Login: string;
+    Password: string;
+}

package/lib/dto/login-dto.js

@@ -0,0 +1,27 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoginDto = exports.LoginDtoSchema = void 0;
+const validation_1 = require("@spinajs/validation");
+exports.LoginDtoSchema = {
+    $schema: 'http://json-schema.org/draft-07/schema#',
+    title: 'User login DTO',
+    type: 'object',
+    properties: {
+        Login: { type: 'string', maxLength: 32 },
+        Password: { type: 'string', maxLength: 32 },
+    },
+    required: ['Login', 'Password'],
+};
+let LoginDto = class LoginDto {
+};
+LoginDto = __decorate([
+    (0, validation_1.Schema)(exports.LoginDtoSchema)
+], LoginDto);
+exports.LoginDto = LoginDto;
+//# sourceMappingURL=login-dto.js.map

package/lib/dto/login-dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login-dto.js","sourceRoot":"","sources":["../../src/dto/login-dto.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAA6C;AAEhC,QAAA,cAAc,GAAG;IAC5B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,gBAAgB;IACvB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;QACxC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;KAC5C;IACD,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;CAChC,CAAC;AAGF,IAAa,QAAQ,GAArB,MAAa,QAAQ;CAIpB,CAAA;AAJY,QAAQ;IADpB,IAAA,mBAAM,EAAC,sBAAc,CAAC;GACV,QAAQ,CAIpB;AAJY,4BAAQ"}

package/lib/dto/password-dto.d.ts

@@ -0,0 +1,22 @@
+export declare const PasswordDtoSchema: {
+    $schema: string;
+    title: string;
+    type: string;
+    properties: {
+        Password: {
+            type: string;
+            maxLength: number;
+            minLength: number;
+        };
+        ConfirmPassword: {
+            type: string;
+            maxLength: number;
+            minLength: number;
+        };
+    };
+    required: string[];
+};
+export declare class PasswordDto {
+    Password: string;
+    ConfirmPassword: string;
+}

package/lib/dto/password-dto.js

@@ -0,0 +1,27 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasswordDto = exports.PasswordDtoSchema = void 0;
+const validation_1 = require("@spinajs/validation");
+exports.PasswordDtoSchema = {
+    $schema: 'http://json-schema.org/draft-07/schema#',
+    title: 'User password DTO',
+    type: 'object',
+    properties: {
+        Password: { type: 'string', maxLength: 32, minLength: 6 },
+        ConfirmPassword: { type: 'string', maxLength: 32, minLength: 6 },
+    },
+    required: ['Password', 'ConfirmPassword'],
+};
+let PasswordDto = class PasswordDto {
+};
+PasswordDto = __decorate([
+    (0, validation_1.Schema)(exports.PasswordDtoSchema)
+], PasswordDto);
+exports.PasswordDto = PasswordDto;
+//# sourceMappingURL=password-dto.js.map

package/lib/dto/password-dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password-dto.js","sourceRoot":"","sources":["../../src/dto/password-dto.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAA6C;AAEhC,QAAA,iBAAiB,GAAG;IAC/B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,mBAAmB;IAC1B,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE;QACzD,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE;KACjE;IACD,QAAQ,EAAE,CAAC,UAAU,EAAE,iBAAiB,CAAC;CAC1C,CAAC;AAGF,IAAa,WAAW,GAAxB,MAAa,WAAW;CAIvB,CAAA;AAJY,WAAW;IADvB,IAAA,mBAAM,EAAC,yBAAiB,CAAC;GACb,WAAW,CAIvB;AAJY,kCAAW"}

package/lib/dto/user-dto.d.ts

@@ -0,0 +1,42 @@
+export declare const UserDtoSchema: {
+    $schema: string;
+    title: string;
+    type: string;
+    properties: {
+        Id: {
+            type: string;
+        };
+        Email: {
+            type: string;
+            format: string;
+            maxLength: number;
+        };
+        Login: {
+            type: string;
+            maxLength: number;
+        };
+        ConfirmPassword: {
+            type: string;
+            maxLength: number;
+            minLength: number;
+        };
+        Password: {
+            type: string;
+            maxLength: number;
+            minLength: number;
+        };
+        NiceName: {
+            type: string;
+            maxLength: number;
+        };
+    };
+    required: string[];
+};
+export declare class UserDto {
+    Id?: number;
+    Email: string;
+    Login: string;
+    Password: string;
+    ConfirmPassword: string;
+    NiceName: string;
+}

package/lib/dto/user-dto.js

@@ -0,0 +1,31 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserDto = exports.UserDtoSchema = void 0;
+const validation_1 = require("@spinajs/validation");
+exports.UserDtoSchema = {
+    $schema: 'http://json-schema.org/draft-07/schema#',
+    title: 'User DTO',
+    type: 'object',
+    properties: {
+        Id: { type: 'number' },
+        Email: { type: 'string', format: 'email', maxLength: 64 },
+        Login: { type: 'string', maxLength: 64 },
+        ConfirmPassword: { type: 'string', maxLength: 32, minLength: 6 },
+        Password: { type: 'string', maxLength: 32, minLength: 6 },
+        NiceName: { type: 'string', maxLength: 64 },
+    },
+    required: ['Email', 'NiceName'],
+};
+let UserDto = class UserDto {
+};
+UserDto = __decorate([
+    (0, validation_1.Schema)(exports.UserDtoSchema)
+], UserDto);
+exports.UserDto = UserDto;
+//# sourceMappingURL=user-dto.js.map

package/lib/dto/user-dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-dto.js","sourceRoot":"","sources":["../../src/dto/user-dto.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAA6C;AAChC,QAAA,aAAa,GAAG;IAC3B,OAAO,EAAE,yCAAyC;IAClD,KAAK,EAAE,UAAU;IACjB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;QACtB,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE;QACzD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;QACxC,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE;QAChE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE;QACzD,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;KAC5C;IACD,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC;CAChC,CAAC;AAGF,IAAa,OAAO,GAApB,MAAa,OAAO;CAYnB,CAAA;AAZY,OAAO;IADnB,IAAA,mBAAM,EAAC,qBAAa,CAAC;GACT,OAAO,CAYnB;AAZY,0BAAO"}

package/lib/index.d.ts

@@ -0,0 +1,8 @@
+export * from './decorators';
+export * from './interfaces';
+export * from './middlewares';
+export * from './policies';
+export * from './controllers/LoginController';
+export * from './controllers/UsersController';
+export * from './transformers';
+export * from './route-args';

package/lib/index.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./decorators"), exports);
+__exportStar(require("./interfaces"), exports);
+__exportStar(require("./middlewares"), exports);
+__exportStar(require("./policies"), exports);
+__exportStar(require("./controllers/LoginController"), exports);
+__exportStar(require("./controllers/UsersController"), exports);
+__exportStar(require("./transformers"), exports);
+__exportStar(require("./route-args"), exports);
+//# sourceMappingURL=index.js.map

package/lib/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,+CAA6B;AAC7B,gDAA8B;AAC9B,6CAA2B;AAC3B,gEAA8C;AAC9C,gEAA8C;AAC9C,iDAA+B;AAC/B,+CAA6B"}

package/lib/interfaces.d.ts

@@ -0,0 +1,22 @@
+export interface IAclDescriptor {
+    /**
+     * Resource name
+     */
+    Resource: string;
+    /**
+     * Assigned permission
+     *
+     * '*' means that to acces resource we only need role with assigned resource
+     */
+    Permission: 'readAny' | 'readOwn' | 'updateAny' | 'updateOwn' | 'deleteAny' | 'deleteOwn' | 'createAny' | 'createOwn';
+    /**
+     * Per routes permissions
+     */
+    Routes: Map<string, IAclRoutePermissionDescriptor>;
+}
+export interface IAclRoutePermissionDescriptor {
+    /**
+     * controller route permission. It overrides acl descriptor options
+     */
+    Permission: string;
+}

package/lib/interfaces.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=interfaces.js.map

package/lib/interfaces.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../src/interfaces.ts"],"names":[],"mappings":""}

package/lib/middlewares.d.ts

@@ -0,0 +1,6 @@
+import 'reflect-metadata';
+import * as express from 'express';
+/**
+ * global express middleware that loads user from session
+ */
+export declare function UserFromSession(): (req: express.Request, _res: express.Response, next: express.NextFunction) => Promise<void>;

package/lib/middlewares.js

@@ -0,0 +1,71 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserFromSession = void 0;
+const rbac_1 = require("@spinajs/rbac");
+const di_1 = require("@spinajs/di");
+require("reflect-metadata");
+const configuration_1 = require("@spinajs/configuration");
+const cs = __importStar(require("cookie-signature"));
+const console_1 = require("console");
+const luxon_1 = require("luxon");
+/**
+ * global express middleware that loads user from session
+ */
+function UserFromSession() {
+    const wrapper = async (req, _res, next) => {
+        if (req.cookies.ssid) {
+            const secureKey = di_1.DI.get(configuration_1.Configuration).get('http.cookie.secret');
+            if (!secureKey) {
+                next();
+                (0, console_1.assert)(secureKey, 'coockie secure key should be set');
+                return;
+            }
+            const ssid = cs.unsign(req.cookies.ssid, secureKey);
+            if (ssid) {
+                const sessionProvider = di_1.DI.has(rbac_1.SessionProvider) ? di_1.DI.get(rbac_1.SessionProvider) : await di_1.DI.resolve(rbac_1.SessionProvider);
+                const session = (await sessionProvider.restoreSession(ssid));
+                if (session) {
+                    req.User = new rbac_1.User(session.Data);
+                    const liveTimeDiff = session.Expiration.diff(luxon_1.DateTime.now());
+                    if (liveTimeDiff.minutes < 30) {
+                        await sessionProvider.refreshSession(session);
+                    }
+                }
+            }
+            else {
+                req.User = null;
+            }
+        }
+        next();
+    };
+    Object.defineProperty(wrapper, 'name', {
+        value: 'userFromSession',
+        writable: true,
+    });
+    return wrapper;
+}
+exports.UserFromSession = UserFromSession;
+//# sourceMappingURL=middlewares.js.map

package/lib/middlewares.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middlewares.js","sourceRoot":"","sources":["../src/middlewares.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAmE;AACnE,oCAAiC;AACjC,4BAA0B;AAE1B,0DAAuD;AACvD,qDAAuC;AACvC,qCAAiC;AACjC,iCAAiC;AAEjC;;GAEG;AACH,SAAgB,eAAe;IAC7B,MAAM,OAAO,GAAG,KAAK,EAAE,GAAoB,EAAE,IAAsB,EAAE,IAA0B,EAAE,EAAE;QACjG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;YACpB,MAAM,SAAS,GAAG,OAAE,CAAC,GAAG,CAAC,6BAAa,CAAC,CAAC,GAAG,CAAS,oBAAoB,CAAC,CAAC;YAE1E,IAAI,CAAC,SAAS,EAAE;gBACd,IAAI,EAAE,CAAC;gBACP,IAAA,gBAAM,EAAC,SAAS,EAAE,kCAAkC,CAAC,CAAC;gBACtD,OAAO;aACR;YAED,MAAM,IAAI,GAAmB,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YACpE,IAAI,IAAI,EAAE;gBACR,MAAM,eAAe,GAAG,OAAE,CAAC,GAAG,CAAC,sBAAe,CAAC,CAAC,CAAC,CAAC,OAAE,CAAC,GAAG,CAAC,sBAAe,CAAC,CAAC,CAAC,CAAC,MAAM,OAAE,CAAC,OAAO,CAAC,sBAAe,CAAC,CAAC;gBAC9G,MAAM,OAAO,GAAG,CAAC,MAAM,eAAe,CAAC,cAAc,CAAC,IAAI,CAAC,CAAgB,CAAC;gBAC5E,IAAI,OAAO,EAAE;oBACX,GAAG,CAAC,IAAI,GAAG,IAAI,WAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAClC,MAAM,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAQ,CAAC,GAAG,EAAE,CAAC,CAAC;oBAC7D,IAAI,YAAY,CAAC,OAAO,GAAG,EAAE,EAAE;wBAC7B,MAAM,eAAe,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;qBAC/C;iBACF;aACF;iBAAM;gBACL,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;aACjB;SACF;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;IAEF,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE;QACrC,KAAK,EAAE,iBAAiB;QACxB,QAAQ,EAAE,IAAI;KACf,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AApCD,0CAoCC"}

package/lib/policies.d.ts

@@ -0,0 +1,9 @@
+import { AccessControl } from '@spinajs/rbac';
+import { BasePolicy, IController, IRoute } from '@spinajs/http';
+import * as express from 'express';
+export declare class AclPolicy extends BasePolicy {
+    protected Ac: AccessControl;
+    constructor();
+    isEnabled(_action: IRoute, _instance: IController): boolean;
+    execute(req: express.Request, action: IRoute, instance: IController): Promise<void>;
+}

package/lib/policies.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AclPolicy = void 0;
+const http_1 = require("@spinajs/http");
+const exceptions_1 = require("@spinajs/exceptions");
+const decorators_1 = require("./decorators");
+const di_1 = require("@spinajs/di");
+class AclPolicy extends http_1.BasePolicy {
+    constructor() {
+        super();
+        this.Ac = di_1.DI.get('AccessControl');
+    }
+    isEnabled(_action, _instance) {
+        // acl is always on if set
+        return true;
+    }
+    async execute(req, action, instance) {
+        var _a, _b;
+        const descriptor = Reflect.getMetadata(decorators_1.ACL_CONTROLLER_DESCRIPTOR, instance);
+        let permission = (_a = descriptor.Permission) !== null && _a !== void 0 ? _a : '';
+        // check if route has its own permission
+        if (descriptor.Routes.has(action.Method)) {
+            permission = (_b = descriptor.Routes.get(action.Method).Permission) !== null && _b !== void 0 ? _b : '';
+        }
+        if (!descriptor || !descriptor.Permission) {
+            throw new exceptions_1.Forbidden(`no route permission or resources assigned`);
+        }
+        if (!req.User) {
+            throw new exceptions_1.AuthenticationFailed();
+        }
+        if (!this.Ac.can(req.User.Role.split(',')).resource(descriptor.Resource)[permission]()) {
+            throw new exceptions_1.Forbidden(`role(s) ${req.User.Role} does not have permission ${permission} for resource ${descriptor.Resource}`);
+        }
+    }
+}
+exports.AclPolicy = AclPolicy;
+//# sourceMappingURL=policies.js.map

package/lib/policies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policies.js","sourceRoot":"","sources":["../src/policies.ts"],"names":[],"mappings":";;;AACA,wCAAgE;AAEhE,oDAAsE;AACtE,6CAAyD;AAEzD,oCAAiC;AAEjC,MAAa,SAAU,SAAQ,iBAAU;IAGvC;QACE,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,EAAE,GAAG,OAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpC,CAAC;IAEM,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAoB,EAAE,MAAc,EAAE,QAAqB;;QAC9E,MAAM,UAAU,GAAmB,OAAO,CAAC,WAAW,CAAC,sCAAyB,EAAE,QAAQ,CAAC,CAAC;QAC5F,IAAI,UAAU,GAAG,MAAA,UAAU,CAAC,UAAU,mCAAI,EAAE,CAAC;QAE7C,wCAAwC;QACxC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACxC,UAAU,GAAG,MAAA,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,mCAAI,EAAE,CAAC;SACpE;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;YACzC,MAAM,IAAI,sBAAS,CAAC,2CAA2C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;YACb,MAAM,IAAI,iCAAoB,EAAE,CAAC;SAClC;QAED,IAAI,CAAE,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAS,CAAC,UAAU,CAAC,EAAE,EAAE;YAC/F,MAAM,IAAI,sBAAS,CAAC,WAAW,GAAG,CAAC,IAAI,CAAC,IAAI,6BAA6B,UAAU,iBAAiB,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;SAC5H;IACH,CAAC;CACF;AAnCD,8BAmCC"}

package/lib/rbac-http.js

@@ -0,0 +1,7 @@
+'use strict';
+
+module.exports = rbacHttp;
+
+function rbacHttp() {
+    // TODO
+}

package/lib/route-args.d.ts

@@ -0,0 +1,9 @@
+import { RouteArgs, IRouteParameter, ParameterType, IRouteCall } from '@spinajs/http';
+import * as express from 'express';
+export declare class UserArg extends RouteArgs {
+    get SupportedType(): ParameterType;
+    extract(callData: IRouteCall, _param: IRouteParameter, req: express.Request): Promise<{
+        CallData: IRouteCall;
+        Args: import("@spinajs/rbac/lib").User;
+    }>;
+}

package/lib/route-args.js

@@ -0,0 +1,24 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserArg = void 0;
+const http_1 = require("@spinajs/http");
+const di_1 = require("@spinajs/di");
+let UserArg = class UserArg extends http_1.RouteArgs {
+    get SupportedType() {
+        return http_1.ParameterType.Res;
+    }
+    async extract(callData, _param, req) {
+        return { CallData: callData, Args: req.User };
+    }
+};
+UserArg = __decorate([
+    (0, di_1.Injectable)()
+], UserArg);
+exports.UserArg = UserArg;
+//# sourceMappingURL=route-args.js.map

package/lib/route-args.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"route-args.js","sourceRoot":"","sources":["../src/route-args.ts"],"names":[],"mappings":";;;;;;;;;AAAA,wCAAsF;AAEtF,oCAAyC;AAGzC,IAAa,OAAO,GAApB,MAAa,OAAQ,SAAQ,gBAAS;IACpC,IAAW,aAAa;QACtB,OAAO,oBAAa,CAAC,GAAG,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,QAAoB,EAAE,MAAuB,EAAE,GAAoB;QACtF,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC;IAChD,CAAC;CACF,CAAA;AARY,OAAO;IADnB,IAAA,eAAU,GAAE;GACA,OAAO,CAQnB;AARY,0BAAO"}

package/lib/transformers.d.ts

@@ -0,0 +1,11 @@
+import { DataTransformer } from '@spinajs/http';
+import { User } from '@spinajs/rbac';
+import * as express from 'express';
+export interface IUserResult {
+    Data: User[] | User;
+    Total: number;
+}
+export declare class UserDataTransformer<T> extends DataTransformer<IUserResult, IUserResult | T> {
+    get Type(): string;
+    transform(data: IUserResult, _request: express.Request): IUserResult | T;
+}

package/lib/transformers.js

@@ -0,0 +1,34 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserDataTransformer = void 0;
+const http_1 = require("@spinajs/http");
+const lodash_1 = __importDefault(require("lodash"));
+const di_1 = require("@spinajs/di");
+let UserDataTransformer = class UserDataTransformer extends http_1.DataTransformer {
+    get Type() {
+        return 'user-model-result';
+    }
+    transform(data, _request) {
+        if (lodash_1.default.isArray(data.Data)) {
+            data.Data.forEach((x) => delete x.Password);
+        }
+        else {
+            delete data.Data.Password;
+        }
+        return data;
+    }
+};
+UserDataTransformer = __decorate([
+    (0, di_1.Injectable)()
+], UserDataTransformer);
+exports.UserDataTransformer = UserDataTransformer;
+//# sourceMappingURL=transformers.js.map

package/lib/transformers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transformers.js","sourceRoot":"","sources":["../src/transformers.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wCAAgD;AAChD,oDAAuB;AAEvB,oCAAyC;AASzC,IAAa,mBAAmB,GAAhC,MAAa,mBAAuB,SAAQ,sBAA6C;IACvF,IAAI,IAAI;QACN,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAEM,SAAS,CAAC,IAAiB,EAAE,QAAyB;QAC3D,IAAI,gBAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACxB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC;SAC7C;aAAM;YACL,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3B;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAdY,mBAAmB;IAD/B,IAAA,eAAU,GAAE;GACA,mBAAmB,CAc/B;AAdY,kDAAmB"}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@spinajs/rbac-http",
+  "version": "1.2.108",
+  "description": "HTTP API for user session & permissions",
+  "main": "lib/index.js",
+  "private": false,
+  "scripts": {
+    "build": "npm run clean && npm run compile",
+    "compile": "tsc -p tsconfig.build.json",
+    "clean": "",
+    "test": "ts-mocha -p tsconfig.json test/**/*.test.ts",
+    "coverage": "nyc npm run test",
+    "build-docs": "rimraf docs && typedoc --options typedoc.json src/",
+    "prepare": "npm run build",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "lint": "eslint -c .eslintrc.js --ext .ts src --fix",
+    "prepublishOnly": "npm test && npm run lint",
+    "preversion": "npm run lint",
+    "version": "npm run format && git add -A src",
+    "postversion": "git push && git push --tags"
+  },
+  "files": [
+    "lib/**/*"
+  ],
+  "types": "lib",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/spinajs/main.git"
+  },
+  "keywords": [
+    "spinajs",
+    "rbac"
+  ],
+  "author": "SpinaJS <spinajs@coderush.pl> (https://github.com/spinajs/main)",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/spinajs/main/issues"
+  },
+  "homepage": "https://github.com/spinajs/main#readme",
+  "dependencies": {
+    "@spinajs/configuration": "^1.2.81",
+    "@spinajs/di": "^1.2.81",
+    "@spinajs/exceptions": "^1.2.81",
+    "@spinajs/log": "^1.2.103",
+    "@spinajs/orm": "^1.2.108",
+    "@spinajs/rbac": "^1.2.108",
+    "@spinajs/reflection": "^1.2.103",
+    "luxon": "^2.4.0"
+  },
+  "devDependencies": {
+    "@spinajs/orm-sqlite": "^1.2.108"
+  },
+  "gitHead": "81e996198a9d4dac8970f71181b0f5eaf6070918"
+}