@things-factory/integration-base 6.2.50 → 6.2.52
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-server/engine/connector/operato-connector.js +3 -18
- package/dist-server/engine/connector/operato-connector.js.map +1 -1
- package/dist-server/engine/types.js.map +1 -1
- package/dist-server/service/scenario-instance/scenario-instance-mutation.js +12 -24
- package/dist-server/service/scenario-instance/scenario-instance-mutation.js.map +1 -1
- package/dist-server/service/scenario-instance/scenario-instance-type.js +3 -2
- package/dist-server/service/scenario-instance/scenario-instance-type.js.map +1 -1
- package/dist-server/tsconfig.tsbuildinfo +1 -1
- package/package.json +7 -7
- package/server/engine/connector/operato-connector.ts +8 -37
- package/server/engine/types.ts +2 -1
- package/server/service/scenario-instance/scenario-instance-mutation.ts +25 -43
- package/server/service/scenario-instance/scenario-instance-type.ts +3 -2
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@things-factory/integration-base",
|
|
3
|
-
"version": "6.2.
|
|
3
|
+
"version": "6.2.52",
|
|
4
4
|
"main": "dist-server/index.js",
|
|
5
5
|
"browser": "client/index.js",
|
|
6
6
|
"things-factory": true,
|
|
@@ -26,12 +26,12 @@
|
|
|
26
26
|
},
|
|
27
27
|
"dependencies": {
|
|
28
28
|
"@apollo/client": "^3.6.9",
|
|
29
|
-
"@things-factory/api": "^6.2.
|
|
30
|
-
"@things-factory/auth-base": "^6.2.
|
|
29
|
+
"@things-factory/api": "^6.2.52",
|
|
30
|
+
"@things-factory/auth-base": "^6.2.52",
|
|
31
31
|
"@things-factory/env": "^6.2.33",
|
|
32
|
-
"@things-factory/oauth2-client": "^6.2.
|
|
33
|
-
"@things-factory/scheduler-client": "^6.2.
|
|
34
|
-
"@things-factory/shell": "^6.2.
|
|
32
|
+
"@things-factory/oauth2-client": "^6.2.52",
|
|
33
|
+
"@things-factory/scheduler-client": "^6.2.52",
|
|
34
|
+
"@things-factory/shell": "^6.2.52",
|
|
35
35
|
"async-mqtt": "^2.5.0",
|
|
36
36
|
"chance": "^1.1.11",
|
|
37
37
|
"cross-fetch": "^3.0.4",
|
|
@@ -46,5 +46,5 @@
|
|
|
46
46
|
"devDependencies": {
|
|
47
47
|
"@types/cron": "^2.0.1"
|
|
48
48
|
},
|
|
49
|
-
"gitHead": "
|
|
49
|
+
"gitHead": "234f95b63937521f1791a9e2141024ee7816d26d"
|
|
50
50
|
}
|
|
@@ -15,7 +15,7 @@ import { Connector } from '../types'
|
|
|
15
15
|
import { Scenario, ScenarioInstance } from '../../service'
|
|
16
16
|
|
|
17
17
|
import { getRepository, GraphqlLocalClient, Domain } from '@things-factory/shell'
|
|
18
|
-
import { PrivilegeObject, User } from '@things-factory/auth-base'
|
|
18
|
+
import { PrivilegeObject, User, checkPermission } from '@things-factory/auth-base'
|
|
19
19
|
|
|
20
20
|
const debug = require('debug')('things-factory:integration-base:operato-connector-subscription')
|
|
21
21
|
|
|
@@ -40,39 +40,6 @@ const cache = new InMemoryCache({
|
|
|
40
40
|
export const GRAPHQL_URI = '/graphql'
|
|
41
41
|
export const SUBSCRIPTION_URI = GRAPHQL_URI
|
|
42
42
|
|
|
43
|
-
async function checkPermission(
|
|
44
|
-
privilegeObject: PrivilegeObject,
|
|
45
|
-
user: User,
|
|
46
|
-
domain: Domain,
|
|
47
|
-
protectedIP: boolean
|
|
48
|
-
): Promise<boolean> {
|
|
49
|
-
if (!privilegeObject) {
|
|
50
|
-
return true
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
const {
|
|
54
|
-
owner: domainOwnerGranted,
|
|
55
|
-
super: superUserGranted,
|
|
56
|
-
category,
|
|
57
|
-
privilege,
|
|
58
|
-
protected: protectedIPOnly
|
|
59
|
-
} = privilegeObject
|
|
60
|
-
|
|
61
|
-
if (protectedIPOnly && !protectedIP) {
|
|
62
|
-
return false
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
if (!privilege || !category) {
|
|
66
|
-
return true
|
|
67
|
-
}
|
|
68
|
-
|
|
69
|
-
return (
|
|
70
|
-
(domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
|
|
71
|
-
(superUserGranted && (await process.superUserGranted(domain, user))) ||
|
|
72
|
-
(category && privilege && (await User.hasPrivilege(privilege, category, domain, user)))
|
|
73
|
-
)
|
|
74
|
-
}
|
|
75
|
-
|
|
76
43
|
interface SubscriberData {
|
|
77
44
|
tag: string
|
|
78
45
|
scenario: any
|
|
@@ -230,7 +197,7 @@ export class OperatoConnector implements Connector {
|
|
|
230
197
|
}
|
|
231
198
|
|
|
232
199
|
async runScenario(subscriptions: SubscriberData[], variables: any): Promise<ScenarioInstance> {
|
|
233
|
-
const { domain, user } = this.context
|
|
200
|
+
const { domain, user, unsafeIP, prohibitedPrivileges } = this.context
|
|
234
201
|
const { tag } = variables
|
|
235
202
|
|
|
236
203
|
if (!tag) {
|
|
@@ -242,9 +209,13 @@ export class OperatoConnector implements Connector {
|
|
|
242
209
|
throw new Error(`scenario is not found - ${tag}`)
|
|
243
210
|
}
|
|
244
211
|
|
|
245
|
-
if (!(await checkPermission(scenario.privilege, user, domain,
|
|
212
|
+
if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
|
|
246
213
|
const { category, privilege } = scenario.privilege || {}
|
|
247
|
-
throw new Error(
|
|
214
|
+
throw new Error(
|
|
215
|
+
`Unauthorized! ${
|
|
216
|
+
category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
|
|
217
|
+
} required`
|
|
218
|
+
)
|
|
248
219
|
}
|
|
249
220
|
|
|
250
221
|
/* create a scenario instance */
|
package/server/engine/types.ts
CHANGED
|
@@ -14,7 +14,8 @@ export type Context = {
|
|
|
14
14
|
domain: Object
|
|
15
15
|
user: Object
|
|
16
16
|
lng: string
|
|
17
|
-
|
|
17
|
+
unsafeIP: boolean | undefined
|
|
18
|
+
prohibitedPrivileges: { category: string; privilege: string }[] | undefined
|
|
18
19
|
logger: any
|
|
19
20
|
publish: Function
|
|
20
21
|
load: Function
|
|
@@ -5,7 +5,7 @@ import { getRepository, Domain, GraphqlLocalClient, ScalarObject } from '@things
|
|
|
5
5
|
import { ScenarioEngine } from '../../engine'
|
|
6
6
|
import { Scenario } from '../scenario/scenario-type'
|
|
7
7
|
import { ScenarioInstance } from './scenario-instance-type'
|
|
8
|
-
import { PrivilegeObject, User } from '@things-factory/auth-base'
|
|
8
|
+
import { PrivilegeObject, User, checkPermission } from '@things-factory/auth-base'
|
|
9
9
|
import { Step } from '../step/step-type'
|
|
10
10
|
|
|
11
11
|
const debug = require('debug')('things-factory:integration-base:scenario-instance-mutation')
|
|
@@ -31,39 +31,6 @@ async function findScenario(
|
|
|
31
31
|
return scenario as any
|
|
32
32
|
}
|
|
33
33
|
|
|
34
|
-
async function checkPermission(
|
|
35
|
-
privilegeObject: PrivilegeObject,
|
|
36
|
-
user: User,
|
|
37
|
-
domain: Domain,
|
|
38
|
-
protectedIP?: boolean
|
|
39
|
-
): Promise<boolean> {
|
|
40
|
-
if (!privilegeObject) {
|
|
41
|
-
return true
|
|
42
|
-
}
|
|
43
|
-
|
|
44
|
-
const {
|
|
45
|
-
owner: domainOwnerGranted,
|
|
46
|
-
super: superUserGranted,
|
|
47
|
-
category,
|
|
48
|
-
privilege,
|
|
49
|
-
protected: protectedIPOnly
|
|
50
|
-
} = privilegeObject || {}
|
|
51
|
-
|
|
52
|
-
if (protectedIPOnly && !protectedIP) {
|
|
53
|
-
return false
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
if (!privilege || !category) {
|
|
57
|
-
return true
|
|
58
|
-
}
|
|
59
|
-
|
|
60
|
-
return (
|
|
61
|
-
(domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
|
|
62
|
-
(superUserGranted && (await process.superUserGranted(domain, user))) ||
|
|
63
|
-
(category && privilege && (await User.hasPrivilege(privilege, category, domain, user)))
|
|
64
|
-
)
|
|
65
|
-
}
|
|
66
|
-
|
|
67
34
|
@Resolver(ScenarioInstance)
|
|
68
35
|
export class ScenarioInstanceMutation {
|
|
69
36
|
@Mutation(returns => ScenarioInstance, {
|
|
@@ -75,7 +42,7 @@ export class ScenarioInstanceMutation {
|
|
|
75
42
|
@Arg('variables', type => ScalarObject, { nullable: true }) variables: any,
|
|
76
43
|
@Ctx() context: ResolverContext
|
|
77
44
|
): Promise<ScenarioInstance> {
|
|
78
|
-
const { domain, user, lng,
|
|
45
|
+
const { domain, user, lng, unsafeIP, prohibitedPrivileges } = context.state
|
|
79
46
|
|
|
80
47
|
debug('runScenario', scenarioName, instanceName, variables)
|
|
81
48
|
|
|
@@ -89,8 +56,13 @@ export class ScenarioInstanceMutation {
|
|
|
89
56
|
)
|
|
90
57
|
}
|
|
91
58
|
|
|
92
|
-
if (!(await checkPermission(scenario.privilege, user, domain,
|
|
93
|
-
|
|
59
|
+
if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
|
|
60
|
+
const { category, privilege } = scenario.privilege || {}
|
|
61
|
+
throw new Error(
|
|
62
|
+
`Unauthorized! ${
|
|
63
|
+
category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
|
|
64
|
+
} required`
|
|
65
|
+
)
|
|
94
66
|
}
|
|
95
67
|
|
|
96
68
|
/* 시나리오 인스턴스를 생성한다. */
|
|
@@ -115,7 +87,7 @@ export class ScenarioInstanceMutation {
|
|
|
115
87
|
@Arg('variables', type => ScalarObject, { nullable: true }) variables: any,
|
|
116
88
|
@Ctx() context: ResolverContext
|
|
117
89
|
): Promise<ScenarioInstance> {
|
|
118
|
-
const { domain, user, lng,
|
|
90
|
+
const { domain, user, lng, unsafeIP, prohibitedPrivileges } = context.state
|
|
119
91
|
|
|
120
92
|
debug('startScenario', instanceName, scenarioName, variables)
|
|
121
93
|
|
|
@@ -129,8 +101,13 @@ export class ScenarioInstanceMutation {
|
|
|
129
101
|
)
|
|
130
102
|
}
|
|
131
103
|
|
|
132
|
-
if (!(await checkPermission(scenario.privilege, user, domain,
|
|
133
|
-
|
|
104
|
+
if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
|
|
105
|
+
const { category, privilege } = scenario.privilege || {}
|
|
106
|
+
throw new Error(
|
|
107
|
+
`Unauthorized! ${
|
|
108
|
+
category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
|
|
109
|
+
} required`
|
|
110
|
+
)
|
|
134
111
|
}
|
|
135
112
|
|
|
136
113
|
instanceName = instanceName || scenarioName
|
|
@@ -142,7 +119,7 @@ export class ScenarioInstanceMutation {
|
|
|
142
119
|
@Arg('instanceName', { nullable: true }) instanceName: string,
|
|
143
120
|
@Ctx() context: ResolverContext
|
|
144
121
|
): Promise<ScenarioInstance | undefined> {
|
|
145
|
-
const { domain, user,
|
|
122
|
+
const { domain, user, unsafeIP, prohibitedPrivileges } = context.state
|
|
146
123
|
|
|
147
124
|
debug('stopScenario', instanceName)
|
|
148
125
|
|
|
@@ -159,8 +136,13 @@ export class ScenarioInstanceMutation {
|
|
|
159
136
|
|
|
160
137
|
var scenario = await findScenario(scenarioInstance.scenarioName, domain)
|
|
161
138
|
|
|
162
|
-
if (!(await checkPermission(scenario.privilege, user, domain,
|
|
163
|
-
|
|
139
|
+
if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
|
|
140
|
+
const { category, privilege } = scenario.privilege || {}
|
|
141
|
+
throw new Error(
|
|
142
|
+
`Unauthorized! ${
|
|
143
|
+
category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'
|
|
144
|
+
} required`
|
|
145
|
+
)
|
|
164
146
|
}
|
|
165
147
|
|
|
166
148
|
await ScenarioEngine.unload(domain, instanceName)
|
|
@@ -153,7 +153,7 @@ export class ScenarioInstance {
|
|
|
153
153
|
}
|
|
154
154
|
|
|
155
155
|
constructor(instanceName, { name: scenarioName, steps, domain: scenarioDomain }, context?) {
|
|
156
|
-
var { domain, user, lng,
|
|
156
|
+
var { domain, user, lng, unsafeIP, prohibitedPrivileges } = context || {}
|
|
157
157
|
domain ||= scenarioDomain
|
|
158
158
|
|
|
159
159
|
this.instanceName = instanceName
|
|
@@ -167,7 +167,8 @@ export class ScenarioInstance {
|
|
|
167
167
|
domain,
|
|
168
168
|
user,
|
|
169
169
|
lng,
|
|
170
|
-
|
|
170
|
+
unsafeIP,
|
|
171
|
+
prohibitedPrivileges,
|
|
171
172
|
logger:
|
|
172
173
|
context?.logger ||
|
|
173
174
|
createLogger({
|