@spinajs/rbac 1.2.108

package/README.md

@@ -0,0 +1,11 @@
+# `rbac`
+
+> TODO: description
+
+## Usage
+
+```
+const rbac = require('rbac');
+
+// TODO: DEMONSTRATE API
+```

package/lib/auth.d.ts

@@ -0,0 +1,8 @@
+import { AuthProvider } from './interfaces';
+import { User } from './models/User';
+import { IContainer } from '@spinajs/di';
+export declare class SimpleDbAuthProvider implements AuthProvider<User> {
+    protected Container: IContainer;
+    exists(user: User | string): Promise<boolean>;
+    authenticate(email: string, password: string): Promise<User>;
+}

package/lib/auth.js

@@ -0,0 +1,47 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SimpleDbAuthProvider = void 0;
+const interfaces_1 = require("./interfaces");
+const User_1 = require("./models/User");
+const di_1 = require("@spinajs/di");
+class SimpleDbAuthProvider {
+    async exists(user) {
+        const result = await User_1.User.where('Email', user instanceof User_1.User ? user.Email : user).first();
+        if (result) {
+            return true;
+        }
+        return false;
+    }
+    async authenticate(email, password) {
+        const pwd = this.Container.resolve(interfaces_1.PasswordProvider);
+        const result = await User_1.User.where({
+            Email: email,
+        })
+            .andWhere('DeletedAt', null)
+            .populate('Metadata')
+            .first();
+        if (!result) {
+            return null;
+        }
+        const valid = await pwd.verify(result.Password, password);
+        if (valid) {
+            return result;
+        }
+        return null;
+    }
+}
+__decorate([
+    (0, di_1.Autoinject)(di_1.Container),
+    __metadata("design:type", Object)
+], SimpleDbAuthProvider.prototype, "Container", void 0);
+exports.SimpleDbAuthProvider = SimpleDbAuthProvider;
+//# sourceMappingURL=auth.js.map

package/lib/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAA8D;AAC9D,wCAAqC;AACrC,oCAAgE;AAEhE,MAAa,oBAAoB;IAIxB,KAAK,CAAC,MAAM,CAAC,IAAmB;QACrC,MAAM,MAAM,GAAG,MAAM,WAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,YAAY,WAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QAC3F,IAAI,MAAM,EAAE;YACV,OAAO,IAAI,CAAC;SACb;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,KAAa,EAAE,QAAgB;QACvD,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,6BAAgB,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,WAAI,CAAC,KAAK,CAAC;YAC9B,KAAK,EAAE,KAAK;SACb,CAAC;aACC,QAAQ,CAAC,WAAW,EAAE,IAAI,CAAC;aAC3B,QAAQ,CAAC,UAAU,CAAC;aACpB,KAAK,EAAE,CAAC;QAEX,IAAI,CAAC,MAAM,EAAE;YACX,OAAO,IAAI,CAAC;SACb;QAED,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC1D,IAAI,KAAK,EAAE;YACT,OAAO,MAAM,CAAC;SACf;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AA/BC;IADC,IAAA,eAAU,EAAC,cAAS,CAAC;;uDACU;AAFlC,oDAiCC"}

package/lib/config/rbac.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/config/rbac.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const path_1 = require("path");
+function dir(path) {
+    return (0, path_1.resolve)((0, path_1.normalize)((0, path_1.join)(__dirname, path)));
+}
+module.exports = {
+    system: {
+        dirs: {
+            migrations: [dir('./../migrations')],
+            models: [dir('./../models')],
+        },
+    },
+    rbac: {
+        // default roles to manage users & guest account
+        roles: [
+            {
+                Name: 'Admin',
+                Description: 'Administrator',
+            },
+            {
+                Name: 'User',
+                Description: 'Simple account without any privlidge',
+            },
+        ],
+        defaultRole: 'guest',
+        session: {
+            // 2h session expiration  time
+            expiration: 120,
+        },
+    },
+};
+//# sourceMappingURL=rbac.js.map

package/lib/config/rbac.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../src/config/rbac.ts"],"names":[],"mappings":";;AAAA,+BAAgD;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,OAAO,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,CAAC,OAAO,GAAG;IACf,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,UAAU,EAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACpC,MAAM,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;SAC7B;KACF;IACD,IAAI,EAAE;QACJ,gDAAgD;QAChD,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,OAAO;gBACb,WAAW,EAAE,eAAe;aAC7B;YACD;gBACE,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,sCAAsC;aACpD;SACF;QACD,WAAW,EAAE,OAAO;QACpB,OAAO,EAAE;YACP,8BAA8B;YAC9B,UAAU,EAAE,GAAG;SAChB;KACF;CACF,CAAC"}

package/lib/index.d.ts

@@ -0,0 +1,11 @@
+import { Bootstrapper } from '@spinajs/di';
+export * from './interfaces';
+export * from './auth';
+export * from './password';
+export * from './session';
+export * from './models/User';
+export * from './models/UserMetadata';
+export { AccessControl } from 'accesscontrol';
+export declare class RbacBootstrapper extends Bootstrapper {
+    bootstrap(): void;
+}

package/lib/index.js

@@ -0,0 +1,54 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RbacBootstrapper = exports.AccessControl = void 0;
+const di_1 = require("@spinajs/di");
+const auth_1 = require("./auth");
+const interfaces_1 = require("./interfaces");
+const password_1 = require("./password");
+const session_1 = require("./session");
+const accesscontrol_1 = require("accesscontrol");
+__exportStar(require("./interfaces"), exports);
+__exportStar(require("./auth"), exports);
+__exportStar(require("./password"), exports);
+__exportStar(require("./session"), exports);
+__exportStar(require("./models/User"), exports);
+__exportStar(require("./models/UserMetadata"), exports);
+var accesscontrol_2 = require("accesscontrol");
+Object.defineProperty(exports, "AccessControl", { enumerable: true, get: function () { return accesscontrol_2.AccessControl; } });
+let RbacBootstrapper = class RbacBootstrapper extends di_1.Bootstrapper {
+    bootstrap() {
+        di_1.DI.register(password_1.BasicPasswordProvider).as(interfaces_1.PasswordProvider);
+        di_1.DI.register(auth_1.SimpleDbAuthProvider).as(interfaces_1.AuthProvider);
+        di_1.DI.register(session_1.MemorySessionProvider).as(interfaces_1.SessionProvider);
+        const ac = new accesscontrol_1.AccessControl();
+        di_1.DI.register(ac).as('AccessControl');
+        ac.grant('admin.users').createAny('users').updateAny('users').deleteAny('users').readAny('users');
+        ac.grant('user').updateOwn('users', ['Email', 'Login', 'Password', 'NiceName']);
+        ac.grant('admin').extend('admin.users');
+    }
+};
+RbacBootstrapper = __decorate([
+    (0, di_1.Injectable)(di_1.Bootstrapper)
+], RbacBootstrapper);
+exports.RbacBootstrapper = RbacBootstrapper;
+//# sourceMappingURL=index.js.map

package/lib/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAAA,oCAA2D;AAC3D,iCAA8C;AAC9C,6CAA+E;AAC/E,yCAAmD;AACnD,uCAAkD;AAClD,iDAA8C;AAE9C,+CAA6B;AAC7B,yCAAuB;AACvB,6CAA2B;AAC3B,4CAA0B;AAC1B,gDAA8B;AAC9B,wDAAsC;AACtC,+CAA8C;AAArC,8GAAA,aAAa,OAAA;AAGtB,IAAa,gBAAgB,GAA7B,MAAa,gBAAiB,SAAQ,iBAAY;IACzC,SAAS;QACd,OAAE,CAAC,QAAQ,CAAC,gCAAqB,CAAC,CAAC,EAAE,CAAC,6BAAgB,CAAC,CAAC;QACxD,OAAE,CAAC,QAAQ,CAAC,2BAAoB,CAAC,CAAC,EAAE,CAAC,yBAAY,CAAC,CAAC;QACnD,OAAE,CAAC,QAAQ,CAAC,+BAAqB,CAAC,CAAC,EAAE,CAAC,4BAAe,CAAC,CAAC;QAEvD,MAAM,EAAE,GAAG,IAAI,6BAAa,EAAE,CAAC;QAC/B,OAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC;QAEpC,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClG,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;QAChF,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC1C,CAAC;CACF,CAAA;AAbY,gBAAgB;IAD5B,IAAA,eAAU,EAAC,iBAAY,CAAC;GACZ,gBAAgB,CAa5B;AAbY,4CAAgB"}

package/lib/interfaces.d.ts

@@ -0,0 +1,88 @@
+import { User } from './models/User';
+import { AsyncModule } from '@spinajs/di';
+import { DateTime } from 'luxon';
+export interface UserSessionData {
+    /**
+     * Session identifier
+     */
+    SessionId?: string;
+    /**
+     * Expiration date. After that date session is invalid
+     */
+    Expiration: DateTime;
+    /**
+     * Session creation date. After that date session is invalid
+     */
+    Creation?: DateTime;
+    /**
+     * Data holds by session
+     */
+    Data: any;
+}
+export interface UserSession extends UserSessionData {
+    /**
+     *
+     * Extends session lifetime
+     *
+     * @param minutes  - how mutch to extend
+     */
+    extend(minutes: number): void;
+}
+/**
+ * Service used for generating random password & for hash raw string
+ */
+export declare abstract class PasswordProvider {
+    /**
+     *
+     * Checks if hash is valid for given password
+     *
+     * @param hash - hasth to validate
+     * @param password - password to validate
+     */
+    abstract verify(hash: string, password: string): Promise<boolean>;
+    /**
+     *
+     * Generate hashed string from user password
+     *
+     * @param input - string to hash
+     */
+    abstract hash(input: string): Promise<string>;
+    /**
+     * Generates random user password
+     */
+    abstract generate(): string;
+}
+export declare abstract class AuthProvider<U = User> {
+    abstract exists(user: U): Promise<boolean>;
+    abstract authenticate(email: string, password: string): Promise<U>;
+}
+export declare abstract class SessionProvider<T = UserSession> extends AsyncModule {
+    /**
+     *
+     * Load session from store. If not exists or expired returns null
+     *
+     * @param sessionId - session identifier
+     */
+    abstract restoreSession(sessionId: string): Promise<T>;
+    /**
+     *
+     * Deletes session from store
+     *
+     * @param sessionId - session to delete
+     */
+    abstract deleteSession(sessionId: string): Promise<void>;
+    /**
+     *
+     * Adds or updates session in store
+     *
+     * @param session - session to update / insert
+     */
+    abstract updateSession(session: UserSession): Promise<void>;
+    /**
+     *
+     * Extends session expiration time. Extension is set in acl.session.expiration (in seconds)
+     *
+     * @param sessionId - session to refres
+     */
+    abstract refreshSession(sessionId: string | UserSession): Promise<void>;
+}

package/lib/interfaces.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionProvider = exports.AuthProvider = exports.PasswordProvider = void 0;
+const di_1 = require("@spinajs/di");
+/**
+ * Service used for generating random password & for hash raw string
+ */
+class PasswordProvider {
+}
+exports.PasswordProvider = PasswordProvider;
+class AuthProvider {
+}
+exports.AuthProvider = AuthProvider;
+class SessionProvider extends di_1.AsyncModule {
+}
+exports.SessionProvider = SessionProvider;
+//# sourceMappingURL=interfaces.js.map

package/lib/interfaces.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../src/interfaces.ts"],"names":[],"mappings":";;;AACA,oCAA0C;AAmC1C;;GAEG;AACH,MAAsB,gBAAgB;CAsBrC;AAtBD,4CAsBC;AAED,MAAsB,YAAY;CAIjC;AAJD,oCAIC;AAED,MAAsB,eAAiC,SAAQ,gBAAW;CAgCzE;AAhCD,0CAgCC"}

package/lib/migrations/RBACInitial_2022_06_28_01_13_00.d.ts

@@ -0,0 +1,5 @@
+import { OrmMigration, OrmDriver } from '@spinajs/orm';
+export declare class RBACInitial_2022_06_28_01_13_00 extends OrmMigration {
+    up(connection: OrmDriver): Promise<void>;
+    down(_connection: OrmDriver): Promise<void>;
+}

package/lib/migrations/RBACInitial_2022_06_28_01_13_00.js

@@ -0,0 +1,43 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RBACInitial_2022_06_28_01_13_00 = void 0;
+/* eslint-disable @typescript-eslint/no-unused-vars */
+const orm_1 = require("@spinajs/orm");
+let RBACInitial_2022_06_28_01_13_00 = class RBACInitial_2022_06_28_01_13_00 extends orm_1.OrmMigration {
+    async up(connection) {
+        await connection.schema().createTable('users', (table) => {
+            table.int('Id').autoIncrement().primaryKey();
+            table.string('Login', 64).unique().notNull();
+            table.string('Email', 64).unique().notNull();
+            table.string('Password', 128).notNull();
+            table.string('NiceName', 64).notNull();
+            table.string('Role', 64).notNull();
+            table.dateTime('RegisteredAt');
+            table.dateTime('CreatedAt').notNull();
+            table.dateTime('DeletedAt');
+        });
+        await connection.schema().createTable('user_metadatas', (table) => {
+            table.int('Id').autoIncrement().primaryKey();
+            table.string('Key', 255).notNull();
+            table.text('Value').notNull();
+            table.int('user_id').notNull();
+            table.foreignKey('user_id').references('users', 'Id').cascade();
+        });
+        await connection.index().unique().table('users').name('users_email_idx').columns(['Email']);
+        await connection.index().unique().table('user_metadatas').name('owner_user_meta_key_idx').columns(['user_id', 'Key']);
+    }
+    // tslint:disable-next-line: no-empty
+    // eslint-disable-next-line @typescript-eslint/no-empty-function
+    async down(_connection) { }
+};
+RBACInitial_2022_06_28_01_13_00 = __decorate([
+    (0, orm_1.Migration)('default')
+], RBACInitial_2022_06_28_01_13_00);
+exports.RBACInitial_2022_06_28_01_13_00 = RBACInitial_2022_06_28_01_13_00;
+//# sourceMappingURL=RBACInitial_2022_06_28_01_13_00.js.map

package/lib/migrations/RBACInitial_2022_06_28_01_13_00.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RBACInitial_2022_06_28_01_13_00.js","sourceRoot":"","sources":["../../src/migrations/RBACInitial_2022_06_28_01_13_00.ts"],"names":[],"mappings":";;;;;;;;;AAAA,sDAAsD;AACtD,sCAAkE;AAGlE,IAAa,+BAA+B,GAA5C,MAAa,+BAAgC,SAAQ,kBAAY;IACxD,KAAK,CAAC,EAAE,CAAC,UAAqB;QACnC,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YACvD,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE,CAAC;YAC7C,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,CAAC;YAC7C,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,CAAC;YAC7C,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;YACxC,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;YACvC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;YACnC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;YAC/B,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC;YACtC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,KAAK,EAAE,EAAE;YAChE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC,UAAU,EAAE,CAAC;YAC7C,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;YAC9B,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;YAC/B,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,MAAM,UAAU,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QAE5F,MAAM,UAAU,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;IACxH,CAAC;IAED,qCAAqC;IACrC,gEAAgE;IACzD,KAAK,CAAC,IAAI,CAAC,WAAsB,IAAkB,CAAC;CAC5D,CAAA;AA9BY,+BAA+B;IAD3C,IAAA,eAAS,EAAC,SAAS,CAAC;GACR,+BAA+B,CA8B3C;AA9BY,0EAA+B"}

package/lib/models/User.d.ts

@@ -0,0 +1,41 @@
+import { DateTime } from 'luxon';
+import { ModelBase, Relation } from '@spinajs/orm';
+import { UserMetadata } from './UserMetadata';
+/**
+ * Base modele for users used by ACL
+ *
+ * To add / extend fields simply extend this model and register as default user model in ACL service
+ */
+export declare class User extends ModelBase {
+    Id: number;
+    Email: string;
+    Login: string;
+    /**
+     * Hashed password for user
+     */
+    Password: string;
+    /**
+     * Registration date. User is registered when clicked confirmation link sended to provided email.
+     */
+    RegisteredAt: DateTime;
+    /**
+     * Displayed name ( for others to see )
+     */
+    NiceName: string;
+    /**
+     * User role
+     */
+    Role: string;
+    /**
+     * User creation date
+     */
+    CreatedAt: DateTime;
+    /**
+     * User deletion date
+     */
+    DeletedAt: DateTime;
+    /**
+     * User additional information. Can be anything
+     */
+    Metadata: Relation<UserMetadata>;
+}

package/lib/models/User.js

@@ -0,0 +1,44 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.User = void 0;
+const luxon_1 = require("luxon");
+const orm_1 = require("@spinajs/orm");
+const UserMetadata_1 = require("./UserMetadata");
+/**
+ * Base modele for users used by ACL
+ *
+ * To add / extend fields simply extend this model and register as default user model in ACL service
+ */
+let User = class User extends orm_1.ModelBase {
+};
+__decorate([
+    (0, orm_1.Primary)(),
+    __metadata("design:type", Number)
+], User.prototype, "Id", void 0);
+__decorate([
+    (0, orm_1.CreatedAt)(),
+    __metadata("design:type", luxon_1.DateTime)
+], User.prototype, "CreatedAt", void 0);
+__decorate([
+    (0, orm_1.SoftDelete)(),
+    __metadata("design:type", luxon_1.DateTime)
+], User.prototype, "DeletedAt", void 0);
+__decorate([
+    (0, orm_1.HasMany)(UserMetadata_1.UserMetadata),
+    __metadata("design:type", orm_1.Relation)
+], User.prototype, "Metadata", void 0);
+User = __decorate([
+    (0, orm_1.Connection)('default'),
+    (0, orm_1.Model)('users')
+], User);
+exports.User = User;
+//# sourceMappingURL=User.js.map

package/lib/models/User.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"User.js","sourceRoot":"","sources":["../../src/models/User.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iCAAiC;AACjC,sCAA+G;AAC/G,iDAA8C;AAE9C;;;;GAIG;AAGH,IAAa,IAAI,GAAjB,MAAa,IAAK,SAAQ,eAAS;CA6ClC,CAAA;AA3CC;IADC,IAAA,aAAO,GAAE;;gCACQ;AA8BlB;IADC,IAAA,eAAS,GAAE;8BACM,gBAAQ;uCAAC;AAM3B;IADC,IAAA,gBAAU,GAAE;8BACK,gBAAQ;uCAAC;AAM3B;IADC,IAAA,aAAO,EAAC,2BAAY,CAAC;8BACL,cAAQ;sCAAe;AA5C7B,IAAI;IAFhB,IAAA,gBAAU,EAAC,SAAS,CAAC;IACrB,IAAA,WAAK,EAAC,OAAO,CAAC;GACF,IAAI,CA6ChB;AA7CY,oBAAI"}

package/lib/models/UserMetadata.d.ts

@@ -0,0 +1,6 @@
+import { ModelBase } from '@spinajs/orm';
+export declare class UserMetadata extends ModelBase {
+    Id: number;
+    Key: string;
+    Value: string;
+}

package/lib/models/UserMetadata.js

@@ -0,0 +1,25 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserMetadata = void 0;
+const orm_1 = require("@spinajs/orm");
+let UserMetadata = class UserMetadata extends orm_1.ModelBase {
+};
+__decorate([
+    (0, orm_1.Primary)(),
+    __metadata("design:type", Number)
+], UserMetadata.prototype, "Id", void 0);
+UserMetadata = __decorate([
+    (0, orm_1.Connection)('default'),
+    (0, orm_1.Model)('user_metadatas')
+], UserMetadata);
+exports.UserMetadata = UserMetadata;
+//# sourceMappingURL=UserMetadata.js.map

package/lib/models/UserMetadata.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"UserMetadata.js","sourceRoot":"","sources":["../../src/models/UserMetadata.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,sCAAqE;AAIrE,IAAa,YAAY,GAAzB,MAAa,YAAa,SAAQ,eAAS;CAO1C,CAAA;AALC;IADC,IAAA,aAAO,GAAE;;wCACQ;AAFP,YAAY;IAFxB,IAAA,gBAAU,EAAC,SAAS,CAAC;IACrB,IAAA,WAAK,EAAC,gBAAgB,CAAC;GACX,YAAY,CAOxB;AAPY,oCAAY"}

package/lib/password.d.ts

@@ -0,0 +1,16 @@
+import { PasswordProvider } from './interfaces';
+/**
+ * Simple password service that use argon2 hash alghoritm and entropy-string to generate password
+ */
+export declare class BasicPasswordProvider implements PasswordProvider {
+    hash(input: string): Promise<string>;
+    /**
+     *
+     * Checks if hash is valid for given password
+     *
+     * @param hash - hash to validate
+     * @param password - password to validate
+     */
+    verify(hash: string, password: string): Promise<boolean>;
+    generate(): string;
+}

package/lib/password.js

@@ -0,0 +1,55 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BasicPasswordProvider = void 0;
+// tslint:disable-next-line: no-var-requires
+const { Entropy, charset32 } = require('entropy-string');
+const argon = __importStar(require("argon2"));
+/**
+ * Simple password service that use argon2 hash alghoritm and entropy-string to generate password
+ */
+class BasicPasswordProvider {
+    async hash(input) {
+        // uses default argon settings, no need to tweak
+        return await argon.hash(input);
+    }
+    /**
+     *
+     * Checks if hash is valid for given password
+     *
+     * @param hash - hash to validate
+     * @param password - password to validate
+     */
+    async verify(hash, password) {
+        return await argon.verify(hash, password);
+    }
+    generate() {
+        // generates password with entropy of 60 bits ( balance of ease vs value )
+        const random = new Entropy({ charset: charset32 });
+        return random.string(60);
+    }
+}
+exports.BasicPasswordProvider = BasicPasswordProvider;
+//# sourceMappingURL=password.js.map

package/lib/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../src/password.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,4CAA4C;AAC5C,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;AACzD,8CAAgC;AAEhC;;GAEG;AACH,MAAa,qBAAqB;IACzB,KAAK,CAAC,IAAI,CAAC,KAAa;QAC7B,gDAAgD;QAChD,OAAO,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,MAAM,CAAC,IAAY,EAAE,QAAgB;QAChD,OAAO,MAAM,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAEM,QAAQ;QACb,0EAA0E;QAC1E,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;QACnD,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;CACF;AAtBD,sDAsBC"}

package/lib/rbac.js

@@ -0,0 +1,7 @@
+'use strict';
+
+module.exports = rbac;
+
+function rbac() {
+    // TODO
+}

package/lib/session.d.ts

@@ -0,0 +1,32 @@
+import { DateTime } from 'luxon';
+import { SessionProvider, UserSession, UserSessionData } from './interfaces';
+import { Configuration } from '@spinajs/configuration';
+/**
+ * Session base class
+ */
+export declare class Session implements UserSession {
+    protected SessionExpirationTime: number;
+    SessionId: string;
+    Expiration: DateTime;
+    Data: any;
+    Creation: DateTime;
+    constructor(data?: UserSessionData);
+    /**
+     * Extends lifetime of session
+     *
+     * @param minutes - hom mutch to extend
+     */
+    extend(minutes: number): void;
+}
+/**
+ * Simple session storage in memory
+ */
+export declare class MemorySessionProvider<T = UserSession> extends SessionProvider<T> {
+    protected Configuration: Configuration;
+    protected Sessions: Map<string, UserSession>;
+    restoreSession(sessionId: string): Promise<T>;
+    resolveAsync(): Promise<void>;
+    deleteSession(sessionId: string): Promise<void>;
+    updateSession(session: UserSession): Promise<void>;
+    refreshSession(sessionId: string): Promise<void>;
+}

package/lib/session.js

@@ -0,0 +1,96 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemorySessionProvider = exports.Session = void 0;
+const luxon_1 = require("luxon");
+const interfaces_1 = require("./interfaces");
+const di_1 = require("@spinajs/di");
+const configuration_1 = require("@spinajs/configuration");
+const uuid_1 = require("uuid");
+/**
+ * Session base class
+ */
+let Session = class Session {
+    constructor(data) {
+        if (data) {
+            Object.assign(this, data);
+        }
+        if (!this.SessionId) {
+            this.SessionId = (0, uuid_1.v4)();
+        }
+        /**
+         * always extend session time
+         */
+        this.Expiration = luxon_1.DateTime.now().plus({ minutes: this.SessionExpirationTime });
+        if (!this.Creation) {
+            this.Creation = luxon_1.DateTime.now();
+        }
+    }
+    /**
+     * Extends lifetime of session
+     *
+     * @param minutes - hom mutch to extend
+     */
+    extend(minutes) {
+        this.Expiration.plus({ minutes });
+    }
+};
+__decorate([
+    (0, configuration_1.Config)('rbac.session.expiration'),
+    __metadata("design:type", Number)
+], Session.prototype, "SessionExpirationTime", void 0);
+Session = __decorate([
+    (0, di_1.NewInstance)(),
+    __metadata("design:paramtypes", [Object])
+], Session);
+exports.Session = Session;
+/**
+ * Simple session storage in memory
+ */
+class MemorySessionProvider extends interfaces_1.SessionProvider {
+    constructor() {
+        super(...arguments);
+        this.Sessions = new Map();
+    }
+    async restoreSession(sessionId) {
+        if (this.Sessions.has(sessionId)) {
+            const session = this.Sessions.get(sessionId);
+            if (session.Expiration <= luxon_1.DateTime.now()) {
+                this.deleteSession(session.SessionId);
+                return null;
+            }
+            return session;
+        }
+        return null;
+    }
+    // tslint:disable-next-line: no-empty
+    async resolveAsync() { }
+    async deleteSession(sessionId) {
+        if (this.Sessions.has(sessionId)) {
+            this.Sessions.delete(sessionId);
+        }
+    }
+    async updateSession(session) {
+        this.Sessions.set(session.SessionId, session);
+    }
+    async refreshSession(sessionId) {
+        if (this.Sessions.has(sessionId)) {
+            const session = this.Sessions.get(sessionId);
+            session.extend(this.Configuration.get('acl.session.expiration', 10));
+        }
+    }
+}
+__decorate([
+    (0, di_1.Autoinject)(),
+    __metadata("design:type", configuration_1.Configuration)
+], MemorySessionProvider.prototype, "Configuration", void 0);
+exports.MemorySessionProvider = MemorySessionProvider;
+//# sourceMappingURL=session.js.map

package/lib/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iCAAiC;AACjC,6CAA6E;AAC7E,oCAAsD;AACtD,0DAA+D;AAC/D,+BAAoC;AAEpC;;GAEG;AAEH,IAAa,OAAO,GAApB,MAAa,OAAO;IAYlB,YAAY,IAAsB;QAChC,IAAI,IAAI,EAAE;YACR,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;SAC3B;QAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;YACnB,IAAI,CAAC,SAAS,GAAG,IAAA,SAAM,GAAE,CAAC;SAC3B;QAED;;WAEG;QACH,IAAI,CAAC,UAAU,GAAG,gBAAQ,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,qBAAqB,EAAE,CAAC,CAAC;QAE/E,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;YAClB,IAAI,CAAC,QAAQ,GAAG,gBAAQ,CAAC,GAAG,EAAE,CAAC;SAChC;IACH,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,OAAe;QAC3B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACpC,CAAC;CACF,CAAA;AArCC;IADC,IAAA,sBAAM,EAAC,yBAAyB,CAAC;;sDACM;AAF7B,OAAO;IADnB,IAAA,gBAAW,GAAE;;GACD,OAAO,CAuCnB;AAvCY,0BAAO;AAyCpB;;GAEG;AACH,MAAa,qBAAuC,SAAQ,4BAAkB;IAA9E;;QAIY,aAAQ,GAA6B,IAAI,GAAG,EAAuB,CAAC;IAqChF,CAAC;IAnCQ,KAAK,CAAC,cAAc,CAAC,SAAiB;QAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE;YAChC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE7C,IAAI,OAAO,CAAC,UAAU,IAAI,gBAAQ,CAAC,GAAG,EAAE,EAAE;gBACxC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBACtC,OAAO,IAAI,CAAC;aACb;YAED,OAAO,OAAc,CAAC;SACvB;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qCAAqC;IAC9B,KAAK,CAAC,YAAY,KAAI,CAAC;IAEvB,KAAK,CAAC,aAAa,CAAC,SAAiB;QAC1C,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE;YAChC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;SACjC;IACH,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,OAAoB;QAC7C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,SAAiB;QAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE;YAChC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE7C,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAS,wBAAwB,EAAE,EAAE,CAAC,CAAC,CAAC;SAC9E;IACH,CAAC;CACF;AAvCC;IADC,IAAA,eAAU,GAAE;8BACY,6BAAa;4DAAC;AAFzC,sDAyCC"}

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@spinajs/rbac",
+  "version": "1.2.108",
+  "description": "Role and Attribute based Access Control for SpinaJS framework",
+  "main": "lib/index.js",
+  "private": false,
+  "scripts": {
+    "build": "npm run clean && npm run compile",
+    "compile": "tsc -p tsconfig.build.json",
+    "clean": "",
+    "test": "ts-mocha -p tsconfig.json test/**/*.test.ts",
+    "coverage": "nyc npm run test",
+    "build-docs": "rimraf docs && typedoc --options typedoc.json src/",
+    "prepare": "npm run build",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "lint": "eslint -c .eslintrc.js --ext .ts src --fix",
+    "prepublishOnly": "npm test && npm run lint",
+    "preversion": "npm run lint",
+    "version": "npm run format && git add -A src",
+    "postversion": "git push && git push --tags"
+  },
+  "files": [
+    "lib/**/*"
+  ],
+  "types": "lib",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/spinajs/main.git"
+  },
+  "keywords": [
+    "spinajs",
+    "rbac"
+  ],
+  "author": "SpinaJS <spinajs@coderush.pl> (https://github.com/spinajs/main)",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/spinajs/main/issues"
+  },
+  "homepage": "https://github.com/spinajs/main#readme",
+  "dependencies": {
+    "@spinajs/configuration": "^1.2.81",
+    "@spinajs/di": "^1.2.81",
+    "@spinajs/exceptions": "^1.2.81",
+    "@spinajs/log": "^1.2.103",
+    "@spinajs/orm": "^1.2.108",
+    "@spinajs/reflection": "^1.2.103",
+    "accesscontrol": "^2.2.1",
+    "argon2": "^0.28.5",
+    "entropy-string": "^4.2.0",
+    "lodash": "^4.17.21",
+    "luxon": "^2.4.0",
+    "uuid": "^8.1.0"
+  },
+  "devDependencies": {
+    "@spinajs/orm-sqlite": "^1.2.108"
+  },
+  "gitHead": "81e996198a9d4dac8970f71181b0f5eaf6070918"
+}