@spinajs/rbac-http 2.0.180 → 2.0.181
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/decorators.d.ts +25 -25
- package/lib/cjs/decorators.js +85 -85
- package/lib/cjs/index.d.ts +6 -6
- package/lib/cjs/index.js +22 -22
- package/lib/cjs/interfaces.d.ts +65 -65
- package/lib/cjs/interfaces.js +9 -9
- package/lib/cjs/middlewares/AttributeFilter.d.ts +10 -10
- package/lib/cjs/middlewares/AttributeFilter.js +18 -18
- package/lib/cjs/middlewares.d.ts +11 -11
- package/lib/cjs/middlewares.js +91 -91
- package/lib/cjs/middlewares.js.map +1 -1
- package/lib/cjs/policies/AllowGuest.d.ts +8 -8
- package/lib/cjs/policies/AllowGuest.js +28 -28
- package/lib/cjs/policies/BlockGuest.d.ts +8 -8
- package/lib/cjs/policies/BlockGuest.js +24 -24
- package/lib/cjs/policies/LoggedPolicy.d.ts +9 -9
- package/lib/cjs/policies/LoggedPolicy.js +22 -22
- package/lib/cjs/policies/NotLoggedPolicy.d.ts +9 -9
- package/lib/cjs/policies/NotLoggedPolicy.js +21 -21
- package/lib/cjs/policies/RbacPolicy.d.ts +15 -15
- package/lib/cjs/policies/RbacPolicy.js +58 -58
- package/lib/cjs/route-args.d.ts +16 -16
- package/lib/cjs/route-args.js +35 -35
- package/lib/cjs/route-args.js.map +1 -1
- package/lib/cjs/transformers.d.ts +10 -10
- package/lib/cjs/transformers.js +33 -33
- package/lib/cjs/transformers.js.map +1 -1
- package/lib/mjs/decorators.d.ts +25 -25
- package/lib/mjs/decorators.js +77 -77
- package/lib/mjs/index.d.ts +6 -6
- package/lib/mjs/index.js +6 -6
- package/lib/mjs/interfaces.d.ts +65 -65
- package/lib/mjs/interfaces.js +4 -4
- package/lib/mjs/middlewares/AttributeFilter.d.ts +10 -10
- package/lib/mjs/middlewares/AttributeFilter.js +14 -14
- package/lib/mjs/middlewares.d.ts +11 -11
- package/lib/mjs/middlewares.js +65 -65
- package/lib/mjs/middlewares.js.map +1 -1
- package/lib/mjs/policies/AllowGuest.d.ts +8 -8
- package/lib/mjs/policies/AllowGuest.js +24 -24
- package/lib/mjs/policies/BlockGuest.d.ts +8 -8
- package/lib/mjs/policies/BlockGuest.js +20 -20
- package/lib/mjs/policies/LoggedPolicy.d.ts +9 -9
- package/lib/mjs/policies/LoggedPolicy.js +18 -18
- package/lib/mjs/policies/NotLoggedPolicy.d.ts +9 -9
- package/lib/mjs/policies/NotLoggedPolicy.js +17 -17
- package/lib/mjs/policies/RbacPolicy.d.ts +15 -15
- package/lib/mjs/policies/RbacPolicy.js +51 -51
- package/lib/mjs/route-args.d.ts +16 -16
- package/lib/mjs/route-args.js +32 -32
- package/lib/mjs/route-args.js.map +1 -1
- package/lib/mjs/transformers.d.ts +10 -10
- package/lib/mjs/transformers.js +27 -27
- package/lib/mjs/transformers.js.map +1 -1
- package/lib/tsconfig.cjs.tsbuildinfo +1 -1
- package/lib/tsconfig.mjs.tsbuildinfo +1 -1
- package/package.json +10 -10
package/lib/cjs/middlewares.js
CHANGED
|
@@ -1,92 +1,92 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
19
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
-
};
|
|
24
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
25
|
-
if (mod && mod.__esModule) return mod;
|
|
26
|
-
var result = {};
|
|
27
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
28
|
-
__setModuleDefault(result, mod);
|
|
29
|
-
return result;
|
|
30
|
-
};
|
|
31
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
32
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
33
|
-
};
|
|
34
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
|
-
exports.RbacMiddleware = void 0;
|
|
36
|
-
const rbac_1 = require("@spinajs/rbac");
|
|
37
|
-
const di_1 = require("@spinajs/di");
|
|
38
|
-
require("reflect-metadata");
|
|
39
|
-
const configuration_1 = require("@spinajs/configuration");
|
|
40
|
-
const cs = __importStar(require("cookie-signature"));
|
|
41
|
-
const http_1 = require("@spinajs/http");
|
|
42
|
-
let RbacMiddleware = class RbacMiddleware extends http_1.ServerMiddleware {
|
|
43
|
-
async resolve() {
|
|
44
|
-
if (!this.CoockieSecret) {
|
|
45
|
-
throw new Error('http.cookie.secrets is not set, cannot start UserFromSessionMiddleware. Set this value in configuration file !');
|
|
46
|
-
}
|
|
47
|
-
}
|
|
48
|
-
before() {
|
|
49
|
-
return async (req, _res, next) => {
|
|
50
|
-
try {
|
|
51
|
-
let session = null;
|
|
52
|
-
if (req.cookies?.ssid) {
|
|
53
|
-
const ssid = cs.unsign(req.cookies.ssid, this.CoockieSecret);
|
|
54
|
-
if (ssid) {
|
|
55
|
-
session = await this.SessionProvider.restore(ssid);
|
|
56
|
-
}
|
|
57
|
-
}
|
|
58
|
-
if (session) {
|
|
59
|
-
/**
|
|
60
|
-
* If we have session, try to restore user with data from session
|
|
61
|
-
* otherwise try to create guest
|
|
62
|
-
*/
|
|
63
|
-
req.storage.user = di_1.DI.resolve('RbacUserFactory', [session.Data.get('User')]);
|
|
64
|
-
req.storage.session = session;
|
|
65
|
-
}
|
|
66
|
-
else {
|
|
67
|
-
req.storage.user = di_1.DI.resolve('RbacGuestUserFactory');
|
|
68
|
-
}
|
|
69
|
-
next();
|
|
70
|
-
}
|
|
71
|
-
catch (err) {
|
|
72
|
-
next(err);
|
|
73
|
-
}
|
|
74
|
-
};
|
|
75
|
-
}
|
|
76
|
-
after() {
|
|
77
|
-
return null;
|
|
78
|
-
}
|
|
79
|
-
};
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
RbacMiddleware
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
19
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
+
};
|
|
24
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
25
|
+
if (mod && mod.__esModule) return mod;
|
|
26
|
+
var result = {};
|
|
27
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
28
|
+
__setModuleDefault(result, mod);
|
|
29
|
+
return result;
|
|
30
|
+
};
|
|
31
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
32
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
33
|
+
};
|
|
34
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
|
+
exports.RbacMiddleware = void 0;
|
|
36
|
+
const rbac_1 = require("@spinajs/rbac");
|
|
37
|
+
const di_1 = require("@spinajs/di");
|
|
38
|
+
require("reflect-metadata");
|
|
39
|
+
const configuration_1 = require("@spinajs/configuration");
|
|
40
|
+
const cs = __importStar(require("cookie-signature"));
|
|
41
|
+
const http_1 = require("@spinajs/http");
|
|
42
|
+
let RbacMiddleware = class RbacMiddleware extends http_1.ServerMiddleware {
|
|
43
|
+
async resolve() {
|
|
44
|
+
if (!this.CoockieSecret) {
|
|
45
|
+
throw new Error('http.cookie.secrets is not set, cannot start UserFromSessionMiddleware. Set this value in configuration file !');
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
before() {
|
|
49
|
+
return async (req, _res, next) => {
|
|
50
|
+
try {
|
|
51
|
+
let session = null;
|
|
52
|
+
if (req.cookies?.ssid) {
|
|
53
|
+
const ssid = cs.unsign(req.cookies.ssid, this.CoockieSecret);
|
|
54
|
+
if (ssid) {
|
|
55
|
+
session = await this.SessionProvider.restore(ssid);
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
if (session) {
|
|
59
|
+
/**
|
|
60
|
+
* If we have session, try to restore user with data from session
|
|
61
|
+
* otherwise try to create guest
|
|
62
|
+
*/
|
|
63
|
+
req.storage.user = di_1.DI.resolve('RbacUserFactory', [session.Data.get('User')]);
|
|
64
|
+
req.storage.session = session;
|
|
65
|
+
}
|
|
66
|
+
else {
|
|
67
|
+
req.storage.user = di_1.DI.resolve('RbacGuestUserFactory');
|
|
68
|
+
}
|
|
69
|
+
next();
|
|
70
|
+
}
|
|
71
|
+
catch (err) {
|
|
72
|
+
next(err);
|
|
73
|
+
}
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
after() {
|
|
77
|
+
return null;
|
|
78
|
+
}
|
|
79
|
+
};
|
|
80
|
+
exports.RbacMiddleware = RbacMiddleware;
|
|
81
|
+
__decorate([
|
|
82
|
+
(0, configuration_1.Config)('http.cookie.secret'),
|
|
83
|
+
__metadata("design:type", String)
|
|
84
|
+
], RbacMiddleware.prototype, "CoockieSecret", void 0);
|
|
85
|
+
__decorate([
|
|
86
|
+
(0, di_1.Autoinject)(),
|
|
87
|
+
__metadata("design:type", rbac_1.SessionProvider)
|
|
88
|
+
], RbacMiddleware.prototype, "SessionProvider", void 0);
|
|
89
|
+
exports.RbacMiddleware = RbacMiddleware = __decorate([
|
|
90
|
+
(0, di_1.Injectable)(http_1.ServerMiddleware)
|
|
91
|
+
], RbacMiddleware);
|
|
92
92
|
//# sourceMappingURL=middlewares.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middlewares.js","sourceRoot":"","sources":["../../src/middlewares.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAgE;AAChE,oCAAyD;AACzD,4BAA0B;AAE1B,0DAAgD;AAChD,qDAAuC;AACvC,wCAAsE;AAG/D,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,uBAAgB;IAO3C,KAAK,CAAC,OAAO;QAClB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE;YACvB,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;SACnI;IACH,CAAC;IAEM,MAAM;QACX,OAAO,KAAK,EAAE,GAAa,EAAE,IAAsB,EAAE,IAA0B,EAAE,EAAE;YACjF,IAAI;gBACF,IAAI,OAAO,GAAa,IAAI,CAAC;gBAC7B,IAAI,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE;oBACrB,MAAM,IAAI,GAAmB,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;oBAC7E,IAAI,IAAI,EAAE;wBACR,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;qBACpD;iBACF;gBAED,IAAI,OAAO,EAAE;oBACX;;;uBAGG;oBACH,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,OAAE,CAAC,OAAO,CAAO,iBAAiB,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBACnF,GAAG,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;iBAC/B;qBAAM;oBACL,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,OAAE,CAAC,OAAO,CAAO,sBAAsB,CAAC,CAAC;iBAC7D;gBAED,IAAI,EAAE,CAAC;aACR;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,GAAG,CAAC,CAAC;aACX;QACH,CAAC,CAAC;IACJ,CAAC;IACM,KAAK;QACV,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;
|
|
1
|
+
{"version":3,"file":"middlewares.js","sourceRoot":"","sources":["../../src/middlewares.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAgE;AAChE,oCAAyD;AACzD,4BAA0B;AAE1B,0DAAgD;AAChD,qDAAuC;AACvC,wCAAsE;AAG/D,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,uBAAgB;IAO3C,KAAK,CAAC,OAAO;QAClB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE;YACvB,MAAM,IAAI,KAAK,CAAC,gHAAgH,CAAC,CAAC;SACnI;IACH,CAAC;IAEM,MAAM;QACX,OAAO,KAAK,EAAE,GAAa,EAAE,IAAsB,EAAE,IAA0B,EAAE,EAAE;YACjF,IAAI;gBACF,IAAI,OAAO,GAAa,IAAI,CAAC;gBAC7B,IAAI,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE;oBACrB,MAAM,IAAI,GAAmB,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;oBAC7E,IAAI,IAAI,EAAE;wBACR,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;qBACpD;iBACF;gBAED,IAAI,OAAO,EAAE;oBACX;;;uBAGG;oBACH,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,OAAE,CAAC,OAAO,CAAO,iBAAiB,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBACnF,GAAG,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;iBAC/B;qBAAM;oBACL,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,OAAE,CAAC,OAAO,CAAO,sBAAsB,CAAC,CAAC;iBAC7D;gBAED,IAAI,EAAE,CAAC;aACR;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,GAAG,CAAC,CAAC;aACX;QACH,CAAC,CAAC;IACJ,CAAC;IACM,KAAK;QACV,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AA5CY,wCAAc;AAEf;IADT,IAAA,sBAAM,EAAC,oBAAoB,CAAC;;qDACG;AAGtB;IADT,IAAA,eAAU,GAAE;8BACc,sBAAe;uDAAC;yBALhC,cAAc;IAD1B,IAAA,eAAU,EAAC,uBAAgB,CAAC;GAChB,cAAc,CA4C1B"}
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
2
|
-
/**
|
|
3
|
-
* Policy to block guests
|
|
4
|
-
*/
|
|
5
|
-
export declare class BlockGuest extends BasePolicy {
|
|
6
|
-
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
7
|
-
execute(req: sRequest): Promise<void>;
|
|
8
|
-
}
|
|
1
|
+
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
2
|
+
/**
|
|
3
|
+
* Policy to block guests
|
|
4
|
+
*/
|
|
5
|
+
export declare class BlockGuest extends BasePolicy {
|
|
6
|
+
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
7
|
+
execute(req: sRequest): Promise<void>;
|
|
8
|
+
}
|
|
9
9
|
//# sourceMappingURL=AllowGuest.d.ts.map
|
|
@@ -1,29 +1,29 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BlockGuest = void 0;
|
|
4
|
-
const http_1 = require("@spinajs/http");
|
|
5
|
-
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
-
/**
|
|
7
|
-
* Policy to block guests
|
|
8
|
-
*/
|
|
9
|
-
class BlockGuest extends http_1.BasePolicy {
|
|
10
|
-
isEnabled(_action, _instance) {
|
|
11
|
-
// acl is always on if set
|
|
12
|
-
return true;
|
|
13
|
-
}
|
|
14
|
-
async execute(req) {
|
|
15
|
-
if (!req.storage || !req.storage.user) {
|
|
16
|
-
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
17
|
-
}
|
|
18
|
-
const user = req.storage.user;
|
|
19
|
-
if (user.IsGuest) {
|
|
20
|
-
// if we disable guest account in config file, throw
|
|
21
|
-
if (!user.IsActive) {
|
|
22
|
-
throw new exceptions_1.Forbidden('guest account is disabled');
|
|
23
|
-
}
|
|
24
|
-
}
|
|
25
|
-
return Promise.resolve();
|
|
26
|
-
}
|
|
27
|
-
}
|
|
28
|
-
exports.BlockGuest = BlockGuest;
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BlockGuest = void 0;
|
|
4
|
+
const http_1 = require("@spinajs/http");
|
|
5
|
+
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
+
/**
|
|
7
|
+
* Policy to block guests
|
|
8
|
+
*/
|
|
9
|
+
class BlockGuest extends http_1.BasePolicy {
|
|
10
|
+
isEnabled(_action, _instance) {
|
|
11
|
+
// acl is always on if set
|
|
12
|
+
return true;
|
|
13
|
+
}
|
|
14
|
+
async execute(req) {
|
|
15
|
+
if (!req.storage || !req.storage.user) {
|
|
16
|
+
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
17
|
+
}
|
|
18
|
+
const user = req.storage.user;
|
|
19
|
+
if (user.IsGuest) {
|
|
20
|
+
// if we disable guest account in config file, throw
|
|
21
|
+
if (!user.IsActive) {
|
|
22
|
+
throw new exceptions_1.Forbidden('guest account is disabled');
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
return Promise.resolve();
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
exports.BlockGuest = BlockGuest;
|
|
29
29
|
//# sourceMappingURL=AllowGuest.js.map
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
2
|
-
/**
|
|
3
|
-
* Policy to block guests
|
|
4
|
-
*/
|
|
5
|
-
export declare class BlockGuest extends BasePolicy {
|
|
6
|
-
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
7
|
-
execute(req: sRequest): Promise<void>;
|
|
8
|
-
}
|
|
1
|
+
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
2
|
+
/**
|
|
3
|
+
* Policy to block guests
|
|
4
|
+
*/
|
|
5
|
+
export declare class BlockGuest extends BasePolicy {
|
|
6
|
+
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
7
|
+
execute(req: sRequest): Promise<void>;
|
|
8
|
+
}
|
|
9
9
|
//# sourceMappingURL=BlockGuest.d.ts.map
|
|
@@ -1,25 +1,25 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BlockGuest = void 0;
|
|
4
|
-
const http_1 = require("@spinajs/http");
|
|
5
|
-
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
-
/**
|
|
7
|
-
* Policy to block guests
|
|
8
|
-
*/
|
|
9
|
-
class BlockGuest extends http_1.BasePolicy {
|
|
10
|
-
isEnabled(_action, _instance) {
|
|
11
|
-
// acl is always on if set
|
|
12
|
-
return true;
|
|
13
|
-
}
|
|
14
|
-
async execute(req) {
|
|
15
|
-
if (!req.storage || !req.storage.user) {
|
|
16
|
-
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
17
|
-
}
|
|
18
|
-
if (req.storage.user) {
|
|
19
|
-
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
20
|
-
}
|
|
21
|
-
return Promise.resolve();
|
|
22
|
-
}
|
|
23
|
-
}
|
|
24
|
-
exports.BlockGuest = BlockGuest;
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.BlockGuest = void 0;
|
|
4
|
+
const http_1 = require("@spinajs/http");
|
|
5
|
+
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
+
/**
|
|
7
|
+
* Policy to block guests
|
|
8
|
+
*/
|
|
9
|
+
class BlockGuest extends http_1.BasePolicy {
|
|
10
|
+
isEnabled(_action, _instance) {
|
|
11
|
+
// acl is always on if set
|
|
12
|
+
return true;
|
|
13
|
+
}
|
|
14
|
+
async execute(req) {
|
|
15
|
+
if (!req.storage || !req.storage.user) {
|
|
16
|
+
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
17
|
+
}
|
|
18
|
+
if (req.storage.user) {
|
|
19
|
+
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
20
|
+
}
|
|
21
|
+
return Promise.resolve();
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
exports.BlockGuest = BlockGuest;
|
|
25
25
|
//# sourceMappingURL=BlockGuest.js.map
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
2
|
-
/**
|
|
3
|
-
* Simple policy to only check if user is authorized ( do not check permissions for routes)
|
|
4
|
-
* Usefull if we want to give acces for all logged users
|
|
5
|
-
*/
|
|
6
|
-
export declare class LoggedPolicy extends BasePolicy {
|
|
7
|
-
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
8
|
-
execute(req: sRequest): Promise<void>;
|
|
9
|
-
}
|
|
1
|
+
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
2
|
+
/**
|
|
3
|
+
* Simple policy to only check if user is authorized ( do not check permissions for routes)
|
|
4
|
+
* Usefull if we want to give acces for all logged users
|
|
5
|
+
*/
|
|
6
|
+
export declare class LoggedPolicy extends BasePolicy {
|
|
7
|
+
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
8
|
+
execute(req: sRequest): Promise<void>;
|
|
9
|
+
}
|
|
10
10
|
//# sourceMappingURL=LoggedPolicy.d.ts.map
|
|
@@ -1,23 +1,23 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.LoggedPolicy = void 0;
|
|
4
|
-
const http_1 = require("@spinajs/http");
|
|
5
|
-
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
-
/**
|
|
7
|
-
* Simple policy to only check if user is authorized ( do not check permissions for routes)
|
|
8
|
-
* Usefull if we want to give acces for all logged users
|
|
9
|
-
*/
|
|
10
|
-
class LoggedPolicy extends http_1.BasePolicy {
|
|
11
|
-
isEnabled(_action, _instance) {
|
|
12
|
-
// acl is always on if set
|
|
13
|
-
return true;
|
|
14
|
-
}
|
|
15
|
-
async execute(req) {
|
|
16
|
-
if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
|
|
17
|
-
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
18
|
-
}
|
|
19
|
-
return Promise.resolve();
|
|
20
|
-
}
|
|
21
|
-
}
|
|
22
|
-
exports.LoggedPolicy = LoggedPolicy;
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.LoggedPolicy = void 0;
|
|
4
|
+
const http_1 = require("@spinajs/http");
|
|
5
|
+
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
+
/**
|
|
7
|
+
* Simple policy to only check if user is authorized ( do not check permissions for routes)
|
|
8
|
+
* Usefull if we want to give acces for all logged users
|
|
9
|
+
*/
|
|
10
|
+
class LoggedPolicy extends http_1.BasePolicy {
|
|
11
|
+
isEnabled(_action, _instance) {
|
|
12
|
+
// acl is always on if set
|
|
13
|
+
return true;
|
|
14
|
+
}
|
|
15
|
+
async execute(req) {
|
|
16
|
+
if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
|
|
17
|
+
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
18
|
+
}
|
|
19
|
+
return Promise.resolve();
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
exports.LoggedPolicy = LoggedPolicy;
|
|
23
23
|
//# sourceMappingURL=LoggedPolicy.js.map
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
2
|
-
/**
|
|
3
|
-
* Simple policy to only check if user is authorized ( do not check permissions for routes)
|
|
4
|
-
* Usefull if we want to give acces for all logged users
|
|
5
|
-
*/
|
|
6
|
-
export declare class NotLoggedPolicy extends BasePolicy {
|
|
7
|
-
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
8
|
-
execute(req: sRequest): Promise<void>;
|
|
9
|
-
}
|
|
1
|
+
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
2
|
+
/**
|
|
3
|
+
* Simple policy to only check if user is authorized ( do not check permissions for routes)
|
|
4
|
+
* Usefull if we want to give acces for all logged users
|
|
5
|
+
*/
|
|
6
|
+
export declare class NotLoggedPolicy extends BasePolicy {
|
|
7
|
+
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
8
|
+
execute(req: sRequest): Promise<void>;
|
|
9
|
+
}
|
|
10
10
|
//# sourceMappingURL=NotLoggedPolicy.d.ts.map
|
|
@@ -1,22 +1,22 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.NotLoggedPolicy = void 0;
|
|
4
|
-
const http_1 = require("@spinajs/http");
|
|
5
|
-
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
-
/**
|
|
7
|
-
* Simple policy to only check if user is authorized ( do not check permissions for routes)
|
|
8
|
-
* Usefull if we want to give acces for all logged users
|
|
9
|
-
*/
|
|
10
|
-
class NotLoggedPolicy extends http_1.BasePolicy {
|
|
11
|
-
isEnabled(_action, _instance) {
|
|
12
|
-
return true;
|
|
13
|
-
}
|
|
14
|
-
async execute(req) {
|
|
15
|
-
if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
|
|
16
|
-
return Promise.resolve();
|
|
17
|
-
}
|
|
18
|
-
throw new exceptions_1.InvalidOperation('Cannot perform action when user is logged.');
|
|
19
|
-
}
|
|
20
|
-
}
|
|
21
|
-
exports.NotLoggedPolicy = NotLoggedPolicy;
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.NotLoggedPolicy = void 0;
|
|
4
|
+
const http_1 = require("@spinajs/http");
|
|
5
|
+
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
+
/**
|
|
7
|
+
* Simple policy to only check if user is authorized ( do not check permissions for routes)
|
|
8
|
+
* Usefull if we want to give acces for all logged users
|
|
9
|
+
*/
|
|
10
|
+
class NotLoggedPolicy extends http_1.BasePolicy {
|
|
11
|
+
isEnabled(_action, _instance) {
|
|
12
|
+
return true;
|
|
13
|
+
}
|
|
14
|
+
async execute(req) {
|
|
15
|
+
if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
|
|
16
|
+
return Promise.resolve();
|
|
17
|
+
}
|
|
18
|
+
throw new exceptions_1.InvalidOperation('Cannot perform action when user is logged.');
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
exports.NotLoggedPolicy = NotLoggedPolicy;
|
|
22
22
|
//# sourceMappingURL=NotLoggedPolicy.js.map
|
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
import { AccessControl, Permission } from 'accesscontrol';
|
|
2
|
-
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
3
|
-
import { User } from '@spinajs/rbac';
|
|
4
|
-
/**
|
|
5
|
-
* Checks if user is logged, authorized & have proper permissions
|
|
6
|
-
*/
|
|
7
|
-
export declare class RbacPolicy extends BasePolicy {
|
|
8
|
-
protected Ac: AccessControl;
|
|
9
|
-
constructor();
|
|
10
|
-
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
11
|
-
execute(req: sRequest, action: IRoute, instance: IController): Promise<void>;
|
|
12
|
-
}
|
|
13
|
-
export declare function checkRbacPermission(role: string | string[], resource: string, permission: string): Permission;
|
|
14
|
-
export declare function checkUserPermission(user: User, resource: string, permission: string): Permission;
|
|
15
|
-
export declare function checkRoutePermission(req: sRequest, resource: string, permission: string): Permission;
|
|
1
|
+
import { AccessControl, Permission } from 'accesscontrol';
|
|
2
|
+
import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
|
|
3
|
+
import { User } from '@spinajs/rbac';
|
|
4
|
+
/**
|
|
5
|
+
* Checks if user is logged, authorized & have proper permissions
|
|
6
|
+
*/
|
|
7
|
+
export declare class RbacPolicy extends BasePolicy {
|
|
8
|
+
protected Ac: AccessControl;
|
|
9
|
+
constructor();
|
|
10
|
+
isEnabled(_action: IRoute, _instance: IController): boolean;
|
|
11
|
+
execute(req: sRequest, action: IRoute, instance: IController): Promise<void>;
|
|
12
|
+
}
|
|
13
|
+
export declare function checkRbacPermission(role: string | string[], resource: string, permission: string): Permission;
|
|
14
|
+
export declare function checkUserPermission(user: User, resource: string, permission: string): Permission;
|
|
15
|
+
export declare function checkRoutePermission(req: sRequest, resource: string, permission: string): Permission;
|
|
16
16
|
//# sourceMappingURL=RbacPolicy.d.ts.map
|
|
@@ -1,59 +1,59 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.checkRoutePermission = exports.checkUserPermission = exports.checkRbacPermission = exports.RbacPolicy = void 0;
|
|
4
|
-
const http_1 = require("@spinajs/http");
|
|
5
|
-
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
-
const decorators_js_1 = require("../decorators.js");
|
|
7
|
-
const di_1 = require("@spinajs/di");
|
|
8
|
-
/**
|
|
9
|
-
* Checks if user is logged, authorized & have proper permissions
|
|
10
|
-
*/
|
|
11
|
-
class RbacPolicy extends http_1.BasePolicy {
|
|
12
|
-
constructor() {
|
|
13
|
-
super();
|
|
14
|
-
this.Ac = di_1.DI.get('AccessControl');
|
|
15
|
-
}
|
|
16
|
-
isEnabled(_action, _instance) {
|
|
17
|
-
// acl is always on if set
|
|
18
|
-
return true;
|
|
19
|
-
}
|
|
20
|
-
async execute(req, action, instance) {
|
|
21
|
-
const descriptor = Reflect.getMetadata(decorators_js_1.ACL_CONTROLLER_DESCRIPTOR, instance);
|
|
22
|
-
let permission = descriptor.Permission ?? '';
|
|
23
|
-
// check if route has its own permission
|
|
24
|
-
if (descriptor.Routes.has(action.Method)) {
|
|
25
|
-
permission = descriptor.Routes.get(action.Method).Permission ?? '';
|
|
26
|
-
}
|
|
27
|
-
if (!descriptor || !descriptor.Permission) {
|
|
28
|
-
throw new exceptions_1.Forbidden(`no route permission or resources assigned`);
|
|
29
|
-
}
|
|
30
|
-
if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
|
|
31
|
-
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
32
|
-
}
|
|
33
|
-
if (!checkRoutePermission(req, descriptor.Resource, permission).granted) {
|
|
34
|
-
throw new exceptions_1.Forbidden(`role(s) ${req.storage.user.Role} does not have permission ${permission} for resource ${descriptor.Resource}`);
|
|
35
|
-
}
|
|
36
|
-
}
|
|
37
|
-
}
|
|
38
|
-
exports.RbacPolicy = RbacPolicy;
|
|
39
|
-
function checkRbacPermission(role, resource, permission) {
|
|
40
|
-
const ac = di_1.DI.get('AccessControl');
|
|
41
|
-
return ac.can(role)[permission](resource);
|
|
42
|
-
}
|
|
43
|
-
exports.checkRbacPermission = checkRbacPermission;
|
|
44
|
-
function checkUserPermission(user, resource, permission) {
|
|
45
|
-
const ac = di_1.DI.get('AccessControl');
|
|
46
|
-
if (!user) {
|
|
47
|
-
return null;
|
|
48
|
-
}
|
|
49
|
-
return ac.can(user.Role)[permission](resource);
|
|
50
|
-
}
|
|
51
|
-
exports.checkUserPermission = checkUserPermission;
|
|
52
|
-
function checkRoutePermission(req, resource, permission) {
|
|
53
|
-
if (!req.storage || !req.storage.user) {
|
|
54
|
-
return null;
|
|
55
|
-
}
|
|
56
|
-
return checkUserPermission(req.storage.user, resource, permission);
|
|
57
|
-
}
|
|
58
|
-
exports.checkRoutePermission = checkRoutePermission;
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.checkRoutePermission = exports.checkUserPermission = exports.checkRbacPermission = exports.RbacPolicy = void 0;
|
|
4
|
+
const http_1 = require("@spinajs/http");
|
|
5
|
+
const exceptions_1 = require("@spinajs/exceptions");
|
|
6
|
+
const decorators_js_1 = require("../decorators.js");
|
|
7
|
+
const di_1 = require("@spinajs/di");
|
|
8
|
+
/**
|
|
9
|
+
* Checks if user is logged, authorized & have proper permissions
|
|
10
|
+
*/
|
|
11
|
+
class RbacPolicy extends http_1.BasePolicy {
|
|
12
|
+
constructor() {
|
|
13
|
+
super();
|
|
14
|
+
this.Ac = di_1.DI.get('AccessControl');
|
|
15
|
+
}
|
|
16
|
+
isEnabled(_action, _instance) {
|
|
17
|
+
// acl is always on if set
|
|
18
|
+
return true;
|
|
19
|
+
}
|
|
20
|
+
async execute(req, action, instance) {
|
|
21
|
+
const descriptor = Reflect.getMetadata(decorators_js_1.ACL_CONTROLLER_DESCRIPTOR, instance);
|
|
22
|
+
let permission = descriptor.Permission ?? '';
|
|
23
|
+
// check if route has its own permission
|
|
24
|
+
if (descriptor.Routes.has(action.Method)) {
|
|
25
|
+
permission = descriptor.Routes.get(action.Method).Permission ?? '';
|
|
26
|
+
}
|
|
27
|
+
if (!descriptor || !descriptor.Permission) {
|
|
28
|
+
throw new exceptions_1.Forbidden(`no route permission or resources assigned`);
|
|
29
|
+
}
|
|
30
|
+
if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
|
|
31
|
+
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
32
|
+
}
|
|
33
|
+
if (!checkRoutePermission(req, descriptor.Resource, permission).granted) {
|
|
34
|
+
throw new exceptions_1.Forbidden(`role(s) ${req.storage.user.Role} does not have permission ${permission} for resource ${descriptor.Resource}`);
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
exports.RbacPolicy = RbacPolicy;
|
|
39
|
+
function checkRbacPermission(role, resource, permission) {
|
|
40
|
+
const ac = di_1.DI.get('AccessControl');
|
|
41
|
+
return ac.can(role)[permission](resource);
|
|
42
|
+
}
|
|
43
|
+
exports.checkRbacPermission = checkRbacPermission;
|
|
44
|
+
function checkUserPermission(user, resource, permission) {
|
|
45
|
+
const ac = di_1.DI.get('AccessControl');
|
|
46
|
+
if (!user) {
|
|
47
|
+
return null;
|
|
48
|
+
}
|
|
49
|
+
return ac.can(user.Role)[permission](resource);
|
|
50
|
+
}
|
|
51
|
+
exports.checkUserPermission = checkUserPermission;
|
|
52
|
+
function checkRoutePermission(req, resource, permission) {
|
|
53
|
+
if (!req.storage || !req.storage.user) {
|
|
54
|
+
return null;
|
|
55
|
+
}
|
|
56
|
+
return checkUserPermission(req.storage.user, resource, permission);
|
|
57
|
+
}
|
|
58
|
+
exports.checkRoutePermission = checkRoutePermission;
|
|
59
59
|
//# sourceMappingURL=RbacPolicy.js.map
|