@spinajs/rbac-http 2.0.322 → 2.0.324
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/interfaces.d.ts +2 -2
- package/lib/cjs/middlewares.js +3 -3
- package/lib/cjs/policies/AllowGuest.js +2 -2
- package/lib/cjs/policies/BlockGuest.js +2 -2
- package/lib/cjs/policies/LoggedPolicy.js +1 -1
- package/lib/cjs/policies/NotLoggedPolicy.js +1 -1
- package/lib/cjs/policies/RbacPolicy.js +4 -4
- package/lib/cjs/route-args.js +3 -3
- package/lib/mjs/interfaces.d.ts +2 -2
- package/lib/mjs/middlewares.js +3 -3
- package/lib/mjs/policies/AllowGuest.js +2 -2
- package/lib/mjs/policies/BlockGuest.js +2 -2
- package/lib/mjs/policies/LoggedPolicy.js +1 -1
- package/lib/mjs/policies/NotLoggedPolicy.js +1 -1
- package/lib/mjs/policies/RbacPolicy.js +4 -4
- package/lib/mjs/route-args.js +3 -3
- package/lib/tsconfig.cjs.tsbuildinfo +1 -1
- package/lib/tsconfig.mjs.tsbuildinfo +1 -1
- package/package.json +10 -10
package/lib/cjs/interfaces.d.ts
CHANGED
|
@@ -2,8 +2,8 @@ import { User, ISession } from '@spinajs/rbac';
|
|
|
2
2
|
export type PermissionType = 'readAny' | 'readOwn' | 'updateAny' | 'updateOwn' | 'deleteAny' | 'deleteOwn' | 'createAny' | 'createOwn';
|
|
3
3
|
declare module '@spinajs/http' {
|
|
4
4
|
interface IActionLocalStoregeContext {
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
User: User | null;
|
|
6
|
+
Session: ISession;
|
|
7
7
|
}
|
|
8
8
|
}
|
|
9
9
|
export interface IRbacDescriptor {
|
package/lib/cjs/middlewares.js
CHANGED
|
@@ -60,11 +60,11 @@ let RbacMiddleware = class RbacMiddleware extends http_1.ServerMiddleware {
|
|
|
60
60
|
* If we have session, try to restore user with data from session
|
|
61
61
|
* otherwise try to create guest
|
|
62
62
|
*/
|
|
63
|
-
req.storage.
|
|
64
|
-
req.storage.
|
|
63
|
+
req.storage.User = di_1.DI.resolve('RbacUserFactory', [session.Data.get('User')]);
|
|
64
|
+
req.storage.Session = session;
|
|
65
65
|
}
|
|
66
66
|
else {
|
|
67
|
-
req.storage.
|
|
67
|
+
req.storage.User = di_1.DI.resolve('RbacGuestUserFactory');
|
|
68
68
|
}
|
|
69
69
|
next();
|
|
70
70
|
}
|
|
@@ -12,10 +12,10 @@ class AllowGuest extends http_1.BasePolicy {
|
|
|
12
12
|
return true;
|
|
13
13
|
}
|
|
14
14
|
async execute(req) {
|
|
15
|
-
if (!req.storage || !req.storage.
|
|
15
|
+
if (!req.storage || !req.storage.User) {
|
|
16
16
|
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
17
17
|
}
|
|
18
|
-
const user = req.storage.
|
|
18
|
+
const user = req.storage.User;
|
|
19
19
|
if (user.IsGuest) {
|
|
20
20
|
// if we disable guest account in config file, throw
|
|
21
21
|
if (!user.IsActive) {
|
|
@@ -12,10 +12,10 @@ class BlockGuest extends http_1.BasePolicy {
|
|
|
12
12
|
return true;
|
|
13
13
|
}
|
|
14
14
|
async execute(req) {
|
|
15
|
-
if (!req.storage || !req.storage.
|
|
15
|
+
if (!req.storage || !req.storage.User) {
|
|
16
16
|
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
17
17
|
}
|
|
18
|
-
if (req.storage.
|
|
18
|
+
if (req.storage.User) {
|
|
19
19
|
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
20
20
|
}
|
|
21
21
|
return Promise.resolve();
|
|
@@ -13,7 +13,7 @@ class LoggedPolicy extends http_1.BasePolicy {
|
|
|
13
13
|
return true;
|
|
14
14
|
}
|
|
15
15
|
async execute(req) {
|
|
16
|
-
if (!req.storage || !req.storage.
|
|
16
|
+
if (!req.storage || !req.storage.User || !req.storage.Session?.Data.get('Authorized')) {
|
|
17
17
|
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
18
18
|
}
|
|
19
19
|
return Promise.resolve();
|
|
@@ -12,7 +12,7 @@ class NotLoggedPolicy extends http_1.BasePolicy {
|
|
|
12
12
|
return true;
|
|
13
13
|
}
|
|
14
14
|
async execute(req) {
|
|
15
|
-
if (!req.storage || !req.storage.
|
|
15
|
+
if (!req.storage || !req.storage.User || !req.storage.Session?.Data.get('Authorized')) {
|
|
16
16
|
return Promise.resolve();
|
|
17
17
|
}
|
|
18
18
|
throw new exceptions_1.Forbidden('User already logged in, please logout first');
|
|
@@ -27,11 +27,11 @@ class RbacPolicy extends http_1.BasePolicy {
|
|
|
27
27
|
if (!descriptor || !descriptor.Permission) {
|
|
28
28
|
throw new exceptions_1.Forbidden(`no route permission or resources assigned`);
|
|
29
29
|
}
|
|
30
|
-
if (!req.storage || !req.storage.
|
|
30
|
+
if (!req.storage || !req.storage.User || !req.storage.Session.Data.get('Authorized')) {
|
|
31
31
|
throw new exceptions_1.Forbidden('user not logged or session expired');
|
|
32
32
|
}
|
|
33
33
|
if (!checkRoutePermission(req, descriptor.Resource, permission).granted) {
|
|
34
|
-
throw new exceptions_1.Forbidden(`role(s) ${req.storage.
|
|
34
|
+
throw new exceptions_1.Forbidden(`role(s) ${req.storage.User.Role} does not have permission ${permission} for resource ${descriptor.Resource}`);
|
|
35
35
|
}
|
|
36
36
|
}
|
|
37
37
|
}
|
|
@@ -50,10 +50,10 @@ function checkUserPermission(user, resource, permission) {
|
|
|
50
50
|
}
|
|
51
51
|
exports.checkUserPermission = checkUserPermission;
|
|
52
52
|
function checkRoutePermission(req, resource, permission) {
|
|
53
|
-
if (!req.storage || !req.storage.
|
|
53
|
+
if (!req.storage || !req.storage.User) {
|
|
54
54
|
return null;
|
|
55
55
|
}
|
|
56
|
-
return checkUserPermission(req.storage.
|
|
56
|
+
return checkUserPermission(req.storage.User, resource, permission);
|
|
57
57
|
}
|
|
58
58
|
exports.checkRoutePermission = checkRoutePermission;
|
|
59
59
|
//# sourceMappingURL=RbacPolicy.js.map
|
package/lib/cjs/route-args.js
CHANGED
|
@@ -14,7 +14,7 @@ let UserArg = class UserArg extends http_1.RouteArgs {
|
|
|
14
14
|
return http_1.ParameterType.Other;
|
|
15
15
|
}
|
|
16
16
|
async extract(callData, _param, req) {
|
|
17
|
-
return { CallData: callData, Args: req.storage.
|
|
17
|
+
return { CallData: callData, Args: req.storage.User };
|
|
18
18
|
}
|
|
19
19
|
};
|
|
20
20
|
exports.UserArg = UserArg;
|
|
@@ -26,7 +26,7 @@ let SessionArg = class SessionArg extends http_1.RouteArgs {
|
|
|
26
26
|
return http_1.ParameterType.FromSession;
|
|
27
27
|
}
|
|
28
28
|
async extract(callData, param, req) {
|
|
29
|
-
return { CallData: callData, Args: req.storage.
|
|
29
|
+
return { CallData: callData, Args: req.storage.Session ? req.storage.Session.Data.get(param.Name) : undefined };
|
|
30
30
|
}
|
|
31
31
|
};
|
|
32
32
|
exports.SessionArg = SessionArg;
|
|
@@ -38,7 +38,7 @@ let CurrentSessionArg = class CurrentSessionArg extends http_1.RouteArgs {
|
|
|
38
38
|
return http_1.ParameterType.Other;
|
|
39
39
|
}
|
|
40
40
|
async extract(callData, _param, req) {
|
|
41
|
-
return { CallData: callData, Args: req.storage.
|
|
41
|
+
return { CallData: callData, Args: req.storage.Session };
|
|
42
42
|
}
|
|
43
43
|
};
|
|
44
44
|
exports.CurrentSessionArg = CurrentSessionArg;
|
package/lib/mjs/interfaces.d.ts
CHANGED
|
@@ -2,8 +2,8 @@ import { User, ISession } from '@spinajs/rbac';
|
|
|
2
2
|
export type PermissionType = 'readAny' | 'readOwn' | 'updateAny' | 'updateOwn' | 'deleteAny' | 'deleteOwn' | 'createAny' | 'createOwn';
|
|
3
3
|
declare module '@spinajs/http' {
|
|
4
4
|
interface IActionLocalStoregeContext {
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
User: User | null;
|
|
6
|
+
Session: ISession;
|
|
7
7
|
}
|
|
8
8
|
}
|
|
9
9
|
export interface IRbacDescriptor {
|
package/lib/mjs/middlewares.js
CHANGED
|
@@ -34,11 +34,11 @@ let RbacMiddleware = class RbacMiddleware extends ServerMiddleware {
|
|
|
34
34
|
* If we have session, try to restore user with data from session
|
|
35
35
|
* otherwise try to create guest
|
|
36
36
|
*/
|
|
37
|
-
req.storage.
|
|
38
|
-
req.storage.
|
|
37
|
+
req.storage.User = DI.resolve('RbacUserFactory', [session.Data.get('User')]);
|
|
38
|
+
req.storage.Session = session;
|
|
39
39
|
}
|
|
40
40
|
else {
|
|
41
|
-
req.storage.
|
|
41
|
+
req.storage.User = DI.resolve('RbacGuestUserFactory');
|
|
42
42
|
}
|
|
43
43
|
next();
|
|
44
44
|
}
|
|
@@ -9,10 +9,10 @@ export class AllowGuest extends BasePolicy {
|
|
|
9
9
|
return true;
|
|
10
10
|
}
|
|
11
11
|
async execute(req) {
|
|
12
|
-
if (!req.storage || !req.storage.
|
|
12
|
+
if (!req.storage || !req.storage.User) {
|
|
13
13
|
throw new Forbidden('user not logged or session expired');
|
|
14
14
|
}
|
|
15
|
-
const user = req.storage.
|
|
15
|
+
const user = req.storage.User;
|
|
16
16
|
if (user.IsGuest) {
|
|
17
17
|
// if we disable guest account in config file, throw
|
|
18
18
|
if (!user.IsActive) {
|
|
@@ -9,10 +9,10 @@ export class BlockGuest extends BasePolicy {
|
|
|
9
9
|
return true;
|
|
10
10
|
}
|
|
11
11
|
async execute(req) {
|
|
12
|
-
if (!req.storage || !req.storage.
|
|
12
|
+
if (!req.storage || !req.storage.User) {
|
|
13
13
|
throw new Forbidden('user not logged or session expired');
|
|
14
14
|
}
|
|
15
|
-
if (req.storage.
|
|
15
|
+
if (req.storage.User) {
|
|
16
16
|
throw new Forbidden('user not logged or session expired');
|
|
17
17
|
}
|
|
18
18
|
return Promise.resolve();
|
|
@@ -10,7 +10,7 @@ export class LoggedPolicy extends BasePolicy {
|
|
|
10
10
|
return true;
|
|
11
11
|
}
|
|
12
12
|
async execute(req) {
|
|
13
|
-
if (!req.storage || !req.storage.
|
|
13
|
+
if (!req.storage || !req.storage.User || !req.storage.Session?.Data.get('Authorized')) {
|
|
14
14
|
throw new Forbidden('user not logged or session expired');
|
|
15
15
|
}
|
|
16
16
|
return Promise.resolve();
|
|
@@ -9,7 +9,7 @@ export class NotLoggedPolicy extends BasePolicy {
|
|
|
9
9
|
return true;
|
|
10
10
|
}
|
|
11
11
|
async execute(req) {
|
|
12
|
-
if (!req.storage || !req.storage.
|
|
12
|
+
if (!req.storage || !req.storage.User || !req.storage.Session?.Data.get('Authorized')) {
|
|
13
13
|
return Promise.resolve();
|
|
14
14
|
}
|
|
15
15
|
throw new Forbidden('User already logged in, please logout first');
|
|
@@ -24,11 +24,11 @@ export class RbacPolicy extends BasePolicy {
|
|
|
24
24
|
if (!descriptor || !descriptor.Permission) {
|
|
25
25
|
throw new Forbidden(`no route permission or resources assigned`);
|
|
26
26
|
}
|
|
27
|
-
if (!req.storage || !req.storage.
|
|
27
|
+
if (!req.storage || !req.storage.User || !req.storage.Session.Data.get('Authorized')) {
|
|
28
28
|
throw new Forbidden('user not logged or session expired');
|
|
29
29
|
}
|
|
30
30
|
if (!checkRoutePermission(req, descriptor.Resource, permission).granted) {
|
|
31
|
-
throw new Forbidden(`role(s) ${req.storage.
|
|
31
|
+
throw new Forbidden(`role(s) ${req.storage.User.Role} does not have permission ${permission} for resource ${descriptor.Resource}`);
|
|
32
32
|
}
|
|
33
33
|
}
|
|
34
34
|
}
|
|
@@ -44,9 +44,9 @@ export function checkUserPermission(user, resource, permission) {
|
|
|
44
44
|
return ac.can(user.Role)[permission](resource);
|
|
45
45
|
}
|
|
46
46
|
export function checkRoutePermission(req, resource, permission) {
|
|
47
|
-
if (!req.storage || !req.storage.
|
|
47
|
+
if (!req.storage || !req.storage.User) {
|
|
48
48
|
return null;
|
|
49
49
|
}
|
|
50
|
-
return checkUserPermission(req.storage.
|
|
50
|
+
return checkUserPermission(req.storage.User, resource, permission);
|
|
51
51
|
}
|
|
52
52
|
//# sourceMappingURL=RbacPolicy.js.map
|
package/lib/mjs/route-args.js
CHANGED
|
@@ -11,7 +11,7 @@ let UserArg = class UserArg extends RouteArgs {
|
|
|
11
11
|
return ParameterType.Other;
|
|
12
12
|
}
|
|
13
13
|
async extract(callData, _param, req) {
|
|
14
|
-
return { CallData: callData, Args: req.storage.
|
|
14
|
+
return { CallData: callData, Args: req.storage.User };
|
|
15
15
|
}
|
|
16
16
|
};
|
|
17
17
|
UserArg = __decorate([
|
|
@@ -23,7 +23,7 @@ let SessionArg = class SessionArg extends RouteArgs {
|
|
|
23
23
|
return ParameterType.FromSession;
|
|
24
24
|
}
|
|
25
25
|
async extract(callData, param, req) {
|
|
26
|
-
return { CallData: callData, Args: req.storage.
|
|
26
|
+
return { CallData: callData, Args: req.storage.Session ? req.storage.Session.Data.get(param.Name) : undefined };
|
|
27
27
|
}
|
|
28
28
|
};
|
|
29
29
|
SessionArg = __decorate([
|
|
@@ -35,7 +35,7 @@ let CurrentSessionArg = class CurrentSessionArg extends RouteArgs {
|
|
|
35
35
|
return ParameterType.Other;
|
|
36
36
|
}
|
|
37
37
|
async extract(callData, _param, req) {
|
|
38
|
-
return { CallData: callData, Args: req.storage.
|
|
38
|
+
return { CallData: callData, Args: req.storage.Session };
|
|
39
39
|
}
|
|
40
40
|
};
|
|
41
41
|
CurrentSessionArg = __decorate([
|