@spinajs/rbac-http 2.0.28 → 2.0.44

package/lib/middlewares/AttributeFilter.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FilterAttribute = void 0;
+const http_1 = require("@spinajs/http");
+/**
+ * Filters attributes of db models
+ */
+class FilterAttribute extends http_1.RouteMiddleware {
+    async onResponse() { }
+    isEnabled(_action, _instance) {
+        return true;
+    }
+    // tslint:disable-next-line: no-empty
+    async onBefore() { }
+    // tslint:disable-next-line: no-empty
+    async onAfter() { }
+}
+exports.FilterAttribute = FilterAttribute;
+//# sourceMappingURL=AttributeFilter.js.map

package/lib/middlewares/AttributeFilter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AttributeFilter.js","sourceRoot":"","sources":["../../src/middlewares/AttributeFilter.ts"],"names":[],"mappings":";;;AAAA,wCAAqE;AAErE;;GAEG;AACH,MAAa,eAAgB,SAAQ,sBAAe;IAC3C,KAAK,CAAC,UAAU,KAAmB,CAAC;IAEpC,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qCAAqC;IAC9B,KAAK,CAAC,QAAQ,KAAmB,CAAC;IAEzC,qCAAqC;IAC9B,KAAK,CAAC,OAAO,KAAmB,CAAC;CACzC;AAZD,0CAYC"}

package/lib/middlewares.d.ts

@@ -5,7 +5,7 @@ import { Request as sRequest, ServerMiddleware } from '@spinajs/http';
 export declare class RbacMiddleware extends ServerMiddleware {
     protected CoockieSecret: string;
     protected SessionProvider: SessionProvider;
-    resolveAsync(): Promise<void>;
+    resolve(): Promise<void>;
     before(): (req: sRequest, res: express.Response, next: express.NextFunction) => void;
     after(): (req: sRequest, res: express.Response, next: express.NextFunction) => void;
 }

package/lib/middlewares.js

@@ -40,7 +40,7 @@ const configuration_1 = require("@spinajs/configuration");
 const cs = __importStar(require("cookie-signature"));
 const http_1 = require("@spinajs/http");
 let RbacMiddleware = class RbacMiddleware extends http_1.ServerMiddleware {
-    async resolveAsync() {
+    async resolve() {
         if (!this.CoockieSecret) {
             throw new Error('http.cookie.secres is not set, cannot start UserFromSessionMiddleware. Set this value in configuration file !');
         }

package/lib/middlewares.js.map

@@ -1 +1 @@
-{"version":3,"file":"middlewares.js","sourceRoot":"","sources":["../src/middlewares.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAsD;AACtD,oCAAqD;AACrD,4BAA0B;AAE1B,0DAAgD;AAChD,qDAAuC;AACvC,wCAAsE;AAGtE,IAAa,cAAc,GAA3B,MAAa,cAAe,SAAQ,uBAAgB;IAO3C,KAAK,CAAC,YAAY;QACvB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE;YACvB,MAAM,IAAI,KAAK,CAAC,+GAA+G,CAAC,CAAC;SAClI;IACH,CAAC;IAEM,MAAM;QACX,OAAO,KAAK,EAAE,GAAa,EAAE,IAAsB,EAAE,IAA0B,EAAE,EAAE;YACjF,IAAI;gBACF,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;oBACpB,MAAM,IAAI,GAAmB,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;oBAC7E,IAAI,IAAI,EAAE;wBACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;wBACzD,IAAI,OAAO,EAAE;4BACX,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,WAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;4BACtD,GAAG,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;yBAC/B;6BAAM;4BACL,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;yBACzB;qBACF;yBAAM;wBACL,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;qBACzB;iBACF;gBACD,IAAI,EAAE,CAAC;aACR;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,GAAG,CAAC,CAAC;aACX;QACH,CAAC,CAAC;IACJ,CAAC;IACM,KAAK;QACV,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AArCC;IADC,IAAA,sBAAM,EAAC,oBAAoB,CAAC;;qDACG;AAGhC;IADC,IAAA,eAAU,GAAE;8BACc,sBAAe;uDAAC;AALhC,cAAc;IAD1B,IAAA,eAAU,EAAC,uBAAgB,CAAC;GAChB,cAAc,CAuC1B;AAvCY,wCAAc"}
+{"version":3,"file":"middlewares.js","sourceRoot":"","sources":["../src/middlewares.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wCAAsD;AACtD,oCAAqD;AACrD,4BAA0B;AAE1B,0DAAgD;AAChD,qDAAuC;AACvC,wCAAsE;AAGtE,IAAa,cAAc,GAA3B,MAAa,cAAe,SAAQ,uBAAgB;IAO3C,KAAK,CAAC,OAAO;QAClB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE;YACvB,MAAM,IAAI,KAAK,CAAC,+GAA+G,CAAC,CAAC;SAClI;IACH,CAAC;IAEM,MAAM;QACX,OAAO,KAAK,EAAE,GAAa,EAAE,IAAsB,EAAE,IAA0B,EAAE,EAAE;YACjF,IAAI;gBACF,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;oBACpB,MAAM,IAAI,GAAmB,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;oBAC7E,IAAI,IAAI,EAAE;wBACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;wBACzD,IAAI,OAAO,EAAE;4BACX,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,WAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;4BACtD,GAAG,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;yBAC/B;6BAAM;4BACL,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;yBACzB;qBACF;yBAAM;wBACL,GAAG,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;qBACzB;iBACF;gBACD,IAAI,EAAE,CAAC;aACR;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,GAAG,CAAC,CAAC;aACX;QACH,CAAC,CAAC;IACJ,CAAC;IACM,KAAK;QACV,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AArCC;IADC,IAAA,sBAAM,EAAC,oBAAoB,CAAC;;qDACG;AAGhC;IADC,IAAA,eAAU,GAAE;8BACc,sBAAe;uDAAC;AALhC,cAAc;IAD1B,IAAA,eAAU,EAAC,uBAAgB,CAAC;GAChB,cAAc,CAuC1B;AAvCY,wCAAc"}

package/lib/policies/2FaPolicy.d.ts

@@ -0,0 +1,7 @@
+import { BasePolicy } from '@spinajs/http';
+import { TwoFactorAuthConfig } from '../interfaces';
+export declare class TwoFacRouteEnabled extends BasePolicy {
+    protected TwoFactorConfig: TwoFactorAuthConfig;
+    isEnabled(): boolean;
+    execute(): Promise<void>;
+}

package/lib/policies/2FaPolicy.js

@@ -0,0 +1,32 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TwoFacRouteEnabled = void 0;
+const exceptions_1 = require("@spinajs/exceptions");
+const configuration_1 = require("@spinajs/configuration");
+const http_1 = require("@spinajs/http");
+class TwoFacRouteEnabled extends http_1.BasePolicy {
+    isEnabled() {
+        return true;
+    }
+    execute() {
+        if (this.TwoFactorConfig.enabled === false) {
+            throw new exceptions_1.InvalidOperation('2 factor auth is not enabled');
+        }
+        return Promise.resolve();
+    }
+}
+__decorate([
+    (0, configuration_1.Config)('rbac.twoFactorAuth'),
+    __metadata("design:type", Object)
+], TwoFacRouteEnabled.prototype, "TwoFactorConfig", void 0);
+exports.TwoFacRouteEnabled = TwoFacRouteEnabled;
+//# sourceMappingURL=2FaPolicy.js.map

package/lib/policies/2FaPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"2FaPolicy.js","sourceRoot":"","sources":["../../src/policies/2FaPolicy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAuD;AACvD,0DAAgD;AAChD,wCAA2C;AAG3C,MAAa,kBAAmB,SAAQ,iBAAU;IAIzC,SAAS;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IACM,OAAO;QACZ,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,KAAK,KAAK,EAAE;YAC1C,MAAM,IAAI,6BAAgB,CAAC,8BAA8B,CAAC,CAAC;SAC5D;QAED,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF;AAZC;IADC,IAAA,sBAAM,EAAC,oBAAoB,CAAC;;2DACkB;AAFjD,gDAcC"}

package/lib/policies/AuthPolicy.d.ts

@@ -0,0 +1,9 @@
+import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
+/**
+ * Simple policy to only check if user is authorized ( do not check permissions for routes)
+ * Usefull if we want to give acces for all logged users
+ */
+export declare class AuthPolicy extends BasePolicy {
+    isEnabled(_action: IRoute, _instance: IController): boolean;
+    execute(req: sRequest): Promise<void>;
+}

package/lib/policies/AuthPolicy.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthPolicy = void 0;
+const http_1 = require("@spinajs/http");
+const exceptions_1 = require("@spinajs/exceptions");
+/**
+ * Simple policy to only check if user is authorized ( do not check permissions for routes)
+ * Usefull if we want to give acces for all logged users
+ */
+class AuthPolicy extends http_1.BasePolicy {
+    isEnabled(_action, _instance) {
+        // acl is always on if set
+        return true;
+    }
+    async execute(req) {
+        if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
+            throw new exceptions_1.Forbidden('user not logged or session expired');
+        }
+        return Promise.resolve();
+    }
+}
+exports.AuthPolicy = AuthPolicy;
+//# sourceMappingURL=AuthPolicy.js.map

package/lib/policies/AuthPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthPolicy.js","sourceRoot":"","sources":["../../src/policies/AuthPolicy.ts"],"names":[],"mappings":";;;AAAA,wCAAqF;AACrF,oDAAgD;AAEhD;;;GAGG;AACH,MAAa,UAAW,SAAQ,iBAAU;IACjC,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAa;QAChC,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACpF,MAAM,IAAI,sBAAS,CAAC,oCAAoC,CAAC,CAAC;SAC3D;QAED,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF;AAbD,gCAaC"}

package/lib/policies/LoggedPolicy.d.ts

@@ -0,0 +1,9 @@
+import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
+/**
+ * Simple policy to only check if user is authorized ( do not check permissions for routes)
+ * Usefull if we want to give acces for all logged users
+ */
+export declare class LoggedPolicy extends BasePolicy {
+    isEnabled(_action: IRoute, _instance: IController): boolean;
+    execute(req: sRequest): Promise<void>;
+}

package/lib/policies/LoggedPolicy.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoggedPolicy = void 0;
+const http_1 = require("@spinajs/http");
+const exceptions_1 = require("@spinajs/exceptions");
+/**
+ * Simple policy to only check if user is authorized ( do not check permissions for routes)
+ * Usefull if we want to give acces for all logged users
+ */
+class LoggedPolicy extends http_1.BasePolicy {
+    isEnabled(_action, _instance) {
+        // acl is always on if set
+        return true;
+    }
+    async execute(req) {
+        if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
+            throw new exceptions_1.Forbidden('user not logged or session expired');
+        }
+        return Promise.resolve();
+    }
+}
+exports.LoggedPolicy = LoggedPolicy;
+//# sourceMappingURL=LoggedPolicy.js.map

package/lib/policies/LoggedPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"LoggedPolicy.js","sourceRoot":"","sources":["../../src/policies/LoggedPolicy.ts"],"names":[],"mappings":";;;AAAA,wCAAqF;AACrF,oDAAgD;AAEhD;;;GAGG;AACH,MAAa,YAAa,SAAQ,iBAAU;IACnC,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAa;QAChC,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACpF,MAAM,IAAI,sBAAS,CAAC,oCAAoC,CAAC,CAAC;SAC3D;QAED,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF;AAbD,oCAaC"}

package/lib/policies/NotLoggedPolicy.d.ts

@@ -0,0 +1,9 @@
+import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
+/**
+ * Simple policy to only check if user is authorized ( do not check permissions for routes)
+ * Usefull if we want to give acces for all logged users
+ */
+export declare class NotLoggedPolicy extends BasePolicy {
+    isEnabled(_action: IRoute, _instance: IController): boolean;
+    execute(req: sRequest): Promise<void>;
+}

package/lib/policies/NotLoggedPolicy.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NotLoggedPolicy = void 0;
+const http_1 = require("@spinajs/http");
+const exceptions_1 = require("@spinajs/exceptions");
+/**
+ * Simple policy to only check if user is authorized ( do not check permissions for routes)
+ * Usefull if we want to give acces for all logged users
+ */
+class NotLoggedPolicy extends http_1.BasePolicy {
+    isEnabled(_action, _instance) {
+        return true;
+    }
+    async execute(req) {
+        if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
+            return Promise.resolve();
+        }
+        throw new exceptions_1.InvalidOperation('Cannot perform action when user is logged.');
+    }
+}
+exports.NotLoggedPolicy = NotLoggedPolicy;
+//# sourceMappingURL=NotLoggedPolicy.js.map

package/lib/policies/NotLoggedPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NotLoggedPolicy.js","sourceRoot":"","sources":["../../src/policies/NotLoggedPolicy.ts"],"names":[],"mappings":";;;AAAA,wCAAqF;AACrF,oDAAuD;AAEvD;;;GAGG;AACH,MAAa,eAAgB,SAAQ,iBAAU;IACtC,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAa;QAChC,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACpF,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;SAC1B;QAED,MAAM,IAAI,6BAAgB,CAAC,4CAA4C,CAAC,CAAC;IAC3E,CAAC;CACF;AAZD,0CAYC"}

package/lib/policies/RbacPolicy.d.ts

@@ -0,0 +1,15 @@
+import { AccessControl, Permission } from 'accesscontrol';
+import { BasePolicy, IController, IRoute, Request as sRequest } from '@spinajs/http';
+import { User } from '@spinajs/rbac';
+/**
+ * Checks if user is logged, authorized & have proper permissions
+ */
+export declare class RbacPolicy extends BasePolicy {
+    protected Ac: AccessControl;
+    constructor();
+    isEnabled(_action: IRoute, _instance: IController): boolean;
+    execute(req: sRequest, action: IRoute, instance: IController): Promise<void>;
+}
+export declare function checkRbacPermission(role: string | string[], resource: string, permission: string): Permission;
+export declare function checkUserPermission(user: User, resource: string, permission: string): Permission;
+export declare function checkRoutePermission(req: sRequest, resource: string, permission: string): Permission;

package/lib/policies/RbacPolicy.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkRoutePermission = exports.checkUserPermission = exports.checkRbacPermission = exports.RbacPolicy = void 0;
+const http_1 = require("@spinajs/http");
+const exceptions_1 = require("@spinajs/exceptions");
+const decorators_1 = require("../decorators");
+const di_1 = require("@spinajs/di");
+/**
+ * Checks if user is logged, authorized & have proper permissions
+ */
+class RbacPolicy extends http_1.BasePolicy {
+    constructor() {
+        super();
+        this.Ac = di_1.DI.get('AccessControl');
+    }
+    isEnabled(_action, _instance) {
+        // acl is always on if set
+        return true;
+    }
+    async execute(req, action, instance) {
+        var _a, _b;
+        const descriptor = Reflect.getMetadata(decorators_1.ACL_CONTROLLER_DESCRIPTOR, instance);
+        let permission = (_a = descriptor.Permission) !== null && _a !== void 0 ? _a : '';
+        // check if route has its own permission
+        if (descriptor.Routes.has(action.Method)) {
+            permission = (_b = descriptor.Routes.get(action.Method).Permission) !== null && _b !== void 0 ? _b : '';
+        }
+        if (!descriptor || !descriptor.Permission) {
+            throw new exceptions_1.Forbidden(`no route permission or resources assigned`);
+        }
+        if (!req.storage || !req.storage.user || !req.storage.session.Data.get('Authorized')) {
+            throw new exceptions_1.Forbidden('user not logged or session expired');
+        }
+        if (!checkRoutePermission(req, descriptor.Resource, permission).granted) {
+            throw new exceptions_1.Forbidden(`role(s) ${req.storage.user.Role} does not have permission ${permission} for resource ${descriptor.Resource}`);
+        }
+    }
+}
+exports.RbacPolicy = RbacPolicy;
+function checkRbacPermission(role, resource, permission) {
+    const ac = di_1.DI.get('AccessControl');
+    return ac.can(role)[permission](resource);
+}
+exports.checkRbacPermission = checkRbacPermission;
+function checkUserPermission(user, resource, permission) {
+    const ac = di_1.DI.get('AccessControl');
+    if (!user) {
+        return null;
+    }
+    return ac.can(user.Role)[permission](resource);
+}
+exports.checkUserPermission = checkUserPermission;
+function checkRoutePermission(req, resource, permission) {
+    if (!req.storage || !req.storage.user) {
+        return null;
+    }
+    return checkUserPermission(req.storage.user, resource, permission);
+}
+exports.checkRoutePermission = checkRoutePermission;
+//# sourceMappingURL=RbacPolicy.js.map

package/lib/policies/RbacPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RbacPolicy.js","sourceRoot":"","sources":["../../src/policies/RbacPolicy.ts"],"names":[],"mappings":";;;AACA,wCAAqF;AACrF,oDAAgD;AAChD,8CAA0D;AAE1D,oCAAiC;AAGjC;;GAEG;AACH,MAAa,UAAW,SAAQ,iBAAU;IAGxC;QACE,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,EAAE,GAAG,OAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpC,CAAC;IAEM,SAAS,CAAC,OAAe,EAAE,SAAsB;QACtD,0BAA0B;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,GAAa,EAAE,MAAc,EAAE,QAAqB;;QACvE,MAAM,UAAU,GAAoB,OAAO,CAAC,WAAW,CAAC,sCAAyB,EAAE,QAAQ,CAAC,CAAC;QAC7F,IAAI,UAAU,GAAG,MAAA,UAAU,CAAC,UAAU,mCAAI,EAAE,CAAC;QAE7C,wCAAwC;QACxC,IAAI,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACxC,UAAU,GAAG,MAAA,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,UAAU,mCAAI,EAAE,CAAC;SACpE;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE;YACzC,MAAM,IAAI,sBAAS,CAAC,2CAA2C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE;YACpF,MAAM,IAAI,sBAAS,CAAC,oCAAoC,CAAC,CAAC;SAC3D;QAED,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,OAAO,EAAE;YACvE,MAAM,IAAI,sBAAS,CAAC,WAAW,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,6BAA6B,UAAU,iBAAiB,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;SACpI;IACH,CAAC;CACF;AAnCD,gCAmCC;AAED,SAAgB,mBAAmB,CAAC,IAAuB,EAAE,QAAgB,EAAE,UAAkB;IAC/F,MAAM,EAAE,GAAG,OAAE,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;IAClD,OAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;AACrD,CAAC;AAHD,kDAGC;AAED,SAAgB,mBAAmB,CAAC,IAAU,EAAE,QAAgB,EAAE,UAAkB;IAClF,MAAM,EAAE,GAAG,OAAE,CAAC,GAAG,CAAgB,eAAe,CAAC,CAAC;IAElD,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,IAAI,CAAC;KACb;IAED,OAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC1D,CAAC;AARD,kDAQC;AAED,SAAgB,oBAAoB,CAAC,GAAa,EAAE,QAAgB,EAAE,UAAkB;IACtF,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;QACrC,OAAO,IAAI,CAAC;KACb;IAED,OAAO,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;AACrE,CAAC;AAND,oDAMC"}

package/lib/policies/captchaPolicy.js

@@ -0,0 +1 @@
+//# sourceMappingURL=captchaPolicy.js.map

package/lib/policies/captchaPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"captchaPolicy.js","sourceRoot":"","sources":["../../src/policies/captchaPolicy.ts"],"names":[],"mappings":""}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@spinajs/rbac-http",
-  "version": "2.0.28",
+  "version": "2.0.44",
   "description": "HTTP API for user session & permissions",
   "main": "lib/index.js",
   "private": false,
@@ -38,20 +38,26 @@
   },
   "homepage": "https://github.com/spinajs/main#readme",
   "dependencies": {
-    "@spinajs/configuration": "^2.0.19",
-    "@spinajs/di": "^2.0.19",
-    "@spinajs/exceptions": "^2.0.12",
-    "@spinajs/http": "^2.0.25",
-    "@spinajs/log": "^2.0.19",
-    "@spinajs/orm": "^2.0.19",
-    "@spinajs/orm-http": "^2.0.28",
-    "@spinajs/rbac": "^2.0.28",
-    "@spinajs/reflection": "^2.0.19",
+    "@spinajs/configuration": "^2.0.44",
+    "@spinajs/di": "^2.0.44",
+    "@spinajs/exceptions": "^2.0.39",
+    "@spinajs/http": "^2.0.44",
+    "@spinajs/log": "^2.0.44",
+    "@spinajs/orm": "^2.0.44",
+    "@spinajs/orm-http": "^2.0.44",
+    "@spinajs/rbac": "^2.0.44",
+    "@spinajs/reflection": "^2.0.44",
     "accesscontrol": "^2.2.1",
-    "luxon": "^2.4.0"
+    "luxon": "^3.2.1",
+    "qrcode": "^1.5.1",
+    "speakeasy": "^2.0.0",
+    "uuid": "^8.3.2"
   },
   "devDependencies": {
-    "@spinajs/orm-sqlite": "^2.0.28"
+    "@spinajs/orm-sqlite": "^2.0.44",
+    "@types/qrcode": "^1.4.2",
+    "@types/speakeasy": "^2.0.7",
+    "@types/uuid": "^8.3.3"
   },
-  "gitHead": "dd6039040e370e66e341d27839573a748966aa08"
+  "gitHead": "1857a6e3626e0fed22ffb0b44b48d587c79898db"
 }