@spinajs/rbac-http 1.2.125 → 1.2.136

package/lib/decorators.d.ts

@@ -1,5 +1,6 @@
-import { PermissionType } from './interfaces';
+import { IRbacDescriptor, PermissionType } from './interfaces';
 export declare const ACL_CONTROLLER_DESCRIPTOR: unique symbol;
+export declare function setRbacMetadata(target: any, callback: (meta: IRbacDescriptor) => void): void;
 /**
  * Assign resource for controller
  *

package/lib/decorators.js

@@ -1,9 +1,24 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.FromUser = exports.Permission = exports.Resource = exports.ACL_CONTROLLER_DESCRIPTOR = void 0;
+exports.FromUser = exports.Permission = exports.Resource = exports.setRbacMetadata = exports.ACL_CONTROLLER_DESCRIPTOR = void 0;
 const http_1 = require("@spinajs/http");
 const policies_1 = require("./policies");
 exports.ACL_CONTROLLER_DESCRIPTOR = Symbol('ACL_CONTROLLER_DESCRIPTOR_SYMBOL');
+function setRbacMetadata(target, callback) {
+    let metadata = Reflect.getMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, target.prototype || target);
+    if (!metadata) {
+        metadata = {
+            Resource: '',
+            Routes: new Map(),
+            Permission: 'readOwn',
+        };
+        Reflect.defineMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, metadata, target.prototype || target);
+    }
+    if (callback) {
+        callback(metadata);
+    }
+}
+exports.setRbacMetadata = setRbacMetadata;
 function descriptor(callback) {
     return (target, propertyKey, indexOrDescriptor) => {
         let metadata = Reflect.getMetadata(exports.ACL_CONTROLLER_DESCRIPTOR, target.prototype || target);
@@ -28,7 +43,7 @@ function descriptor(callback) {
  */
 function Resource(resource, permission = 'readOwn') {
     return descriptor((metadata, target) => {
-        (0, http_1.Policy)(policies_1.AclPolicy)(target, null, null);
+        (0, http_1.Policy)(policies_1.RbacPolicy)(target, null, null);
         metadata.Resource = resource;
         metadata.Permission = permission;
     });
@@ -54,7 +69,7 @@ function Permission(permission = 'readOwn') {
             }
             metadata.Routes.set(propertyKey, route);
         }
-        (0, http_1.Policy)(policies_1.AclPolicy)(target, propertyKey, null);
+        (0, http_1.Policy)(policies_1.RbacPolicy)(target, propertyKey, null);
     });
 }
 exports.Permission = Permission;

package/lib/decorators.js.map

@@ -1 +1 @@
-{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../src/decorators.ts"],"names":[],"mappings":";;;AACA,wCAAyD;AACzD,yCAAuC;AAE1B,QAAA,yBAAyB,GAAG,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAEpF,SAAS,UAAU,CAAC,QAAyI;IAC3J,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,iBAA8C,EAAE,EAAE;QACnG,IAAI,QAAQ,GAAmB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;QAC1G,IAAI,CAAC,QAAQ,EAAE;YACb,QAAQ,GAAG;gBACT,QAAQ,EAAE,EAAE;gBACZ,MAAM,EAAE,IAAI,GAAG,EAAyC;gBACxD,UAAU,EAAE,SAAS;aACtB,CAAC;YAEF,OAAO,CAAC,cAAc,CAAC,iCAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;SACzF;QAED,IAAI,QAAQ,EAAE;YACZ,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;SAC5D;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,QAAgB,EAAE,aAA6B,SAAS;IAC/E,OAAO,UAAU,CAAC,CAAC,QAAwB,EAAE,MAAW,EAAE,EAAE;QAC1D,IAAA,aAAM,EAAC,oBAAS,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAEtC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAPD,4BAOC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,aAA6B,SAAS;IAC/D,OAAO,UAAU,CAAC,CAAC,QAAwB,EAAE,MAAW,EAAE,WAAmB,EAAE,EAAE;QAC/E,IAAI,KAAK,GAAkC,IAAI,CAAC;QAEhD,IAAI,WAAW,EAAE;YACf,IAAI,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;gBACpC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;aAC1C;iBAAM;gBACL,KAAK,GAAG;oBACN,UAAU,EAAE,UAAU;iBACvB,CAAC;aACH;YAED,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;SACzC;QAED,IAAA,aAAM,EAAC,oBAAS,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC;AAlBD,gCAkBC;AAED,SAAgB,QAAQ;IACtB,OAAO,IAAA,YAAK,EAAC,IAAA,gBAAS,EAAC,SAAS,CAAC,CAAC,CAAC;AACrC,CAAC;AAFD,4BAEC"}
+{"version":3,"file":"decorators.js","sourceRoot":"","sources":["../src/decorators.ts"],"names":[],"mappings":";;;AACA,wCAAyD;AACzD,yCAAwC;AAE3B,QAAA,yBAAyB,GAAG,MAAM,CAAC,kCAAkC,CAAC,CAAC;AAEpF,SAAgB,eAAe,CAAC,MAAW,EAAE,QAAyC;IACpF,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;IAC3G,IAAI,CAAC,QAAQ,EAAE;QACb,QAAQ,GAAG;YACT,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;YACzD,UAAU,EAAE,SAAS;SACtB,CAAC;QAEF,OAAO,CAAC,cAAc,CAAC,iCAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;KACzF;IAED,IAAI,QAAQ,EAAE;QACZ,QAAQ,CAAC,QAAQ,CAAC,CAAC;KACpB;AACH,CAAC;AAfD,0CAeC;AAED,SAAS,UAAU,CAAC,QAA0I;IAC5J,OAAO,CAAC,MAAW,EAAE,WAA4B,EAAE,iBAA8C,EAAE,EAAE;QACnG,IAAI,QAAQ,GAAoB,OAAO,CAAC,WAAW,CAAC,iCAAyB,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;QAC3G,IAAI,CAAC,QAAQ,EAAE;YACb,QAAQ,GAAG;gBACT,QAAQ,EAAE,EAAE;gBACZ,MAAM,EAAE,IAAI,GAAG,EAA0C;gBACzD,UAAU,EAAE,SAAS;aACtB,CAAC;YAEF,OAAO,CAAC,cAAc,CAAC,iCAAyB,EAAE,QAAQ,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;SACzF;QAED,IAAI,QAAQ,EAAE;YACZ,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;SAC5D;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,QAAgB,EAAE,aAA6B,SAAS;IAC/E,OAAO,UAAU,CAAC,CAAC,QAAyB,EAAE,MAAW,EAAE,EAAE;QAC3D,IAAA,aAAM,EAAC,qBAAU,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAEvC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,QAAQ,CAAC,UAAU,GAAG,UAAU,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAPD,4BAOC;AAED;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,aAA6B,SAAS;IAC/D,OAAO,UAAU,CAAC,CAAC,QAAyB,EAAE,MAAW,EAAE,WAAmB,EAAE,EAAE;QAChF,IAAI,KAAK,GAAmC,IAAI,CAAC;QAEjD,IAAI,WAAW,EAAE;YACf,IAAI,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;gBACpC,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;aAC1C;iBAAM;gBACL,KAAK,GAAG;oBACN,UAAU,EAAE,UAAU;iBACvB,CAAC;aACH;YAED,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;SACzC;QAED,IAAA,aAAM,EAAC,qBAAU,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC;AAlBD,gCAkBC;AAED,SAAgB,QAAQ;IACtB,OAAO,IAAA,YAAK,EAAC,IAAA,gBAAS,EAAC,SAAS,CAAC,CAAC,CAAC;AACrC,CAAC;AAFD,4BAEC"}

package/lib/http/src/interfaces.d.ts

@@ -0,0 +1,443 @@
+import * as express from 'express';
+import { Constructor, AsyncModule } from '@spinajs/di';
+import { Configuration } from '@spinajs/configuration';
+/**
+ * Accept header enum
+ */
+export declare enum HttpAcceptHeaders {
+    /**
+     * Accept header for JSON
+     */
+    JSON = 1,
+    /**
+     * Accept header for HTML
+     */
+    HTML = 2,
+    /**
+     * Accept header for XML
+     */
+    XML = 4,
+    /**
+     * Accept all accept headers shorcut
+     */
+    ALL = 7
+}
+/**
+ * Config options for static files
+ */
+export interface IHttpStaticFileConfiguration {
+    /**
+     * virtual prefix in url eg. http://localhost:3000/static/images/kitten.jpg
+     */
+    Route: string;
+    /**
+     * full path to folder with static content
+     */
+    Path: string;
+}
+/**
+ * Uploaded file fields
+ */
+export interface IUploadedFile {
+    Size: number;
+    Path: string;
+    Name: string;
+    Type: string;
+    LastModifiedDate?: Date;
+    Hash?: string;
+}
+export interface Request extends express.Request {
+    storage: IActionLocalStoregeContext;
+}
+export interface IActionLocalStoregeContext {
+    requestId: string;
+    responseStart: Date;
+}
+export declare abstract class ServerMiddleware extends AsyncModule {
+    Order: number;
+    abstract before(): (req: express.Request, res: express.Response, next: express.NextFunction) => void | null;
+    abstract after(): (req: express.Request, res: express.Response, next: express.NextFunction) => void | null;
+}
+/**
+ * HTTP response statuses
+ */
+export declare enum HTTP_STATUS_CODE {
+    /**
+     * All ok with content
+     */
+    OK = 200,
+    /**
+     * Request is OK and new resource has been created.
+     */
+    CREATED = 201,
+    /**
+     * Request is accepted, but has not been completed yet.
+     */
+    ACCEPTED = 202,
+    /**
+     * ALl is ok & no content to return
+     */
+    NO_CONTENT = 204,
+    /**
+     * The server is delivering only part of the resource (byte serving) due to a range header
+     * sent by the client. The range header is used by HTTP clients to enable resuming of
+     * interrupted downloads, or split a download into multiple simultaneous streams.
+     */
+    PARTIAL_CONTENT = 206,
+    /**
+     * Resource is not modified
+     */
+    NOT_MODIFIED = 304,
+    /**
+     * Invalid request, eg. invalid parameters
+     */
+    BAD_REQUEST = 400,
+    /**
+     * Auth required
+     */
+    UNAUTHORIZED = 401,
+    /**
+     * No permission
+     */
+    FORBIDDEN = 403,
+    /**
+     * Resource not found
+     */
+    NOT_FOUND = 404,
+    /**
+     * Not acceptable request headers (Accept header)
+     */
+    NOT_ACCEPTABLE = 406,
+    /**
+     * Conflict
+     */
+    CONFLICT = 409,
+    /**
+     * Internal server error.
+     */
+    INTERNAL_ERROR = 500,
+    /**
+     * Method not implemented
+     */
+    NOT_IMPLEMENTED = 501
+}
+/**
+ * Avaible route types, match HTTP methods
+ */
+export declare enum RouteType {
+    /**
+     * POST method - used to create new resource or send data to server
+     */
+    POST = "post",
+    /**
+     * GET method - used to retrieve data from server
+     */
+    GET = "get",
+    /**
+     * PUT method - used to updates resource
+     */
+    PUT = "put",
+    /**
+     * DELETE method - used to delete resource
+     */
+    DELETE = "delete",
+    /**
+     * PATCH method - used to partially update resource eg. one field
+     */
+    PATCH = "patch",
+    /**
+     * HEAD method - same as get, but returns no data. usefull for checking if resource exists etc.
+     */
+    HEAD = "head",
+    /**
+     * FILE method - spine special route type. Internall its simple GET method, but informs that specified route returns binary file
+     */
+    FILE = "file",
+    UNKNOWN = "unknown"
+}
+export declare enum UuidVersion {
+    v1 = 0,
+    v3 = 1,
+    v4 = 2,
+    v5 = 3
+}
+/**
+ * Avaible route parameters type
+ */
+export declare enum ParameterType {
+    /**
+     * Parameter is injected from DI container & resolved
+     */
+    FromDi = "FromDi",
+    /**
+     * Parameter value is taken from query string eg. `?name=flavio`
+     */
+    FromQuery = "FromQuery",
+    /**
+     * From message body, eg. POST json object
+     */
+    FromBody = "FromBody",
+    /**
+     * From url params eg: `/:id`
+     */
+    FromParams = "FromParams",
+    /**
+     * From form file field
+     */
+    FromFile = "FromFile",
+    /**
+     * From form
+     */
+    FromForm = "FromForm",
+    /**
+     * From cvs file
+     */
+    FromCSV = "FromCSV",
+    /**
+     * From JSON file
+     */
+    FromJSONFile = "FromJSONFile",
+    /**
+     * From form field
+     */
+    FormField = "FromFormField",
+    /**
+     * From model object
+     */
+    FromModel = "FromModel",
+    /**
+     * Data from coockie
+     */
+    FromCookie = "FromCookie",
+    /**
+     * From http header
+     */
+    FromHeader = "FromHeader",
+    /**
+     * Req from express
+     */
+    Req = "ArgAsRequest",
+    Res = "ArgAsResponse"
+}
+export interface IFormOptions {
+    multiples: boolean;
+}
+export interface IFormOptions {
+    /**
+     * default 1000; limit the number of fields that the Querystring parser will decode, set 0 for unlimited
+     */
+    maxFields?: number;
+    /**
+     *  default 20 * 1024 * 1024 (20mb); limit the amount of memory all fields together (except files) can allocate in bytes.
+     */
+    maxFieldsSize?: number;
+    /**
+     * default 'utf-8'; sets encoding for incoming form fields,
+     */
+    encoding?: string;
+}
+export interface IUploadOptions {
+    /**
+     * default false; include checksums calculated for incoming files, set this to some hash algorithm, see crypto.createHash for available algorithms
+     */
+    hash?: false;
+    /**
+     * default os.tmpdir(); the directory for placing file uploads in. You can move them later by using fs.rename()
+     */
+    uploadDir?: string | ((cfg: Configuration) => string);
+    /**
+     * default false; when you call the .parse method, the files argument (of the callback) will contain arrays of files for inputs which submit multiple files using the HTML5 multiple attribute. Also, the fields argument will contain arrays of values for fields that have names ending with '[]'.
+     */
+    multiples?: boolean;
+    enabledPlugins?: string[];
+    /**
+     *  default 200 * 1024 * 1024 (200mb); limit the size of uploaded file.
+     */
+    maxFileSize?: number;
+    /**
+     * default false; to include the extensions of the original files or not
+     */
+    keepExtensions?: boolean;
+}
+/**
+ * Describes parameters passed to route.
+ */
+export interface IRouteParameter {
+    /**
+     * Parameter index in function args
+     */
+    Index: number;
+    /**
+     * Is value taken from query string, url params or message body
+     */
+    Type: ParameterType | string;
+    /**
+     * Schema for validation parameter ( raw value eg. to check if matches string / number constrain)
+     */
+    RouteParamSchema?: any;
+    /**
+     * Schema for paramater
+     */
+    Schema?: any;
+    /**
+     * Additional options
+     */
+    Options?: any;
+    /**
+     * Parameter runtime type eg. number or class
+     */
+    RuntimeType: any;
+    /**
+     * Name of parameter eg. `id`
+     */
+    Name: string;
+}
+/**
+ * Route action call spefici data. Used to pass data / arguments when parsing
+ * action parameters for specific call. Eg. to parse form data, and extract it
+ * as different arguments.
+ */
+export interface IRouteCall {
+    Payload: any;
+}
+export interface IRoute {
+    /**
+     * url path eg. /foo/bar/:id
+     */
+    Path: string;
+    /**
+     * HTTP request method, used internally. Not visible to others.
+     */
+    InternalType: RouteType;
+    /**
+     * SPINAJS API method type, mostly same as HTTP type, but can be non standard type eg. FILE
+     * This type is visible outside in api discovery.
+     */
+    Type: RouteType;
+    /**
+     * Method name assigned to this route eg. `findUsers`
+     */
+    Method: string;
+    /**
+     * Custom route parameters taken from query string or message body
+     */
+    Parameters: Map<number, IRouteParameter>;
+    /**
+     * Assigned middlewares to route
+     */
+    Middlewares: IMiddlewareDescriptor[];
+    /**
+     * Assigned policies to route
+     */
+    Policies: IPolicyDescriptor[];
+    /**
+     * Additional route options eg. file size etc.
+     */
+    Options: any;
+    Schema: any;
+}
+export interface IMiddlewareDescriptor {
+    Type: Constructor<BaseMiddleware>;
+    Options: any[];
+}
+export interface IController {
+    /**
+     * Express router with middleware stack
+     */
+    Router: express.Router;
+    /**
+     * Controller descriptor
+     */
+    Descriptor: IControllerDescriptor;
+    /**
+     * Base path for all controller routes eg. my/custom/path/
+     *
+     * It can be defined via `@BasePath` decorator, defaults to controller name without `Controller` part.
+     */
+    BasePath: string;
+}
+/**
+ * Middlewares are classes that can change request object or perform specific task before & after route execution
+ * eg. route parameter logging / headers check etc.
+ */
+export declare abstract class BaseMiddleware {
+    /**
+     * Inform, if middleware is enabled for given action
+     */
+    abstract isEnabled(action: IRoute, instance: IController): boolean;
+    /**
+     * Called before action in middleware stack eg. to modify req or resp objects.
+     */
+    abstract onBeforeAction(req: express.Request): Promise<void>;
+    /**
+     * Called after action in middleware stack eg. to modify response
+     */
+    abstract onAfterAction(req: express.Request): Promise<void>;
+}
+/**
+ * Descriptor for policies eg. attached routes, passed options eg. token etc.
+ */
+export interface IPolicyDescriptor {
+    Type: Constructor<BasePolicy>;
+    Options: any[];
+}
+/**
+ * Base class for policies.
+ *
+ * Policies checks if route can be executed eg. user have proper role
+ */
+export declare abstract class BasePolicy {
+    /**
+     * Checks if policy is enabled for given action & controlle eg. user session exists
+     *
+     * @param action action that is executed ( route info )
+     * @param instance controller instance
+     */
+    abstract isEnabled(action: IRoute, instance: IController): boolean;
+    /**
+     *
+     * Executes policy, when throws exception - route is not executed
+     *
+     * @param req express request object
+     */
+    abstract execute(req: express.Request, action: IRoute, instance: IController): Promise<void>;
+}
+/**
+ * Descriptor for controller
+ */
+export interface IControllerDescriptor {
+    /**
+     * Controller routes
+     */
+    Routes: Map<string | symbol, IRoute>;
+    /**
+     * Controller - wise middlewares
+     */
+    Middlewares: IMiddlewareDescriptor[];
+    /**
+     * Controller - wise policies
+     */
+    Policies: IPolicyDescriptor[];
+    /**
+     * Base url path for controller ( added for all child url's)
+     */
+    BasePath: string;
+}
+/**
+ * Base class for data transformers.
+ *
+ * Data formatter helps transforms data for desired format.
+ * Eg. we have API function that returns some data, but we want
+ * to easily transform data for some client
+ * eg. plain array to format that datatables.net can easily read
+ */
+export declare abstract class DataTransformer<T = any, U = any> {
+    /**
+     * Transforms data from one format to another
+     *
+     * @param data - input data
+     */
+    abstract transform(data: T, request: express.Request): U;
+    abstract get Type(): string;
+}
+export declare type RouteCallback = (req: express.Request, res: express.Response, next: express.NextFunction) => (req: express.Request, res: express.Response) => void;