@thzero/library_server 0.17.9 → 0.17.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +3 -3
  2. package/service/baseSecurity.js +129 -1
package/package.json CHANGED
@@ -1,11 +1,11 @@
1
1
  {
2
2
  "name": "@thzero/library_server",
3
3
  "type": "module",
4
- "version": "0.17.9",
4
+ "version": "0.17.11",
5
5
  "version_major": 0,
6
6
  "version_minor": 17,
7
- "version_patch": 9,
8
- "version_date": "03/22/2023",
7
+ "version_patch": 11,
8
+ "version_date": "04/15/2023",
9
9
  "description": "An opinionated library of common functionality to bootstrap an API using either Fastify or Koa as the web server.",
10
10
  "author": "thZero",
11
11
  "license": "MIT",
package/service/baseSecurity.js CHANGED
@@ -18,9 +18,134 @@ class BaseSecurityService extends Service {
18
18
 
19
19
  this._enforcer = new rbac(model)
20
20
  }
21
+
22
+ async authorizationCheckClaims(correlationId, claims, roles, logical) {
23
+ if (!claims)
24
+ return false;
25
+ if (!(claims && Array.isArray(claims)))
26
+ return false;
27
+ if (!roles)
28
+ return true;
29
+
30
+ if (String.isNullOrEmpty(logical) || (logical !== BaseSecurityService.logicalAnd) || (logical !== BaseSecurityService.logicalOr))
31
+ logical = BaseSecurityService.logicalOr;
32
+
33
+ let success = (logical === BaseSecurityService.logicalOr ? false : true);
34
+
35
+ let result;
36
+ let roleAct;
37
+ let roleObj;
38
+ let roleParts;
39
+ for (const claim of claims) {
40
+ this._logger.debug('BaseSecurityService', 'authorizationCheckClaims', 'authorization.claim', claim, correlationId);
41
+
42
+ for (const role of roles) {
43
+ this._logger.debug('BaseSecurityService', 'authorizationCheckClaims', 'role', role, correlationId);
44
+
45
+ roleParts = role.split('.');
46
+ if (roleParts && roleParts.length < 1)
47
+ success = false;
48
+
49
+ roleObj = roleParts[0];
50
+ roleAct = roleParts.length >= 2 ? roleParts[1] : null
51
+
52
+ result = await this.validate(claim, null, roleObj, roleAct);
53
+ this._logger.debug('BaseSecurityService', 'authorizationCheckClaims', 'result', result, correlationId);
54
+ if (logical === BaseSecurityService.logicalOr)
55
+ success = success || result;
56
+ else
57
+ success = success && result;
58
+ }
59
+ }
60
+
61
+ return success;
62
+ }
63
+
64
+ async authorizationCheckRoles(correlationId, user, roles, logical) {
65
+ if (!user)
66
+ return false;
67
+ if (!roles)
68
+ return true;
69
+
70
+ this._logger.debug('BaseSecurityService', 'authorizationCheckRoles', 'user', user, correlationId);
71
+ if (!(user && user.roles && Array.isArray(user.roles)))
72
+ return false;
73
+
74
+ this._logger.debug('BaseSecurityService', 'authorizationCheckRoles', 'logical', logical, correlationId);
75
+
76
+ if (String.isNullOrEmpty(logical) || (logical !== BaseSecurityService.logicalAnd) || (logical !== BaseSecurityService.logicalOr))
77
+ logical = BaseSecurityService.logicalOr;
78
+
79
+ let success = (logical === BaseSecurityService.logicalOr ? false : true);
80
+
81
+ let result;
82
+ let roleAct;
83
+ let roleObj;
84
+ let roleParts;
85
+ for (const userRole of user.roles) {
86
+ this._logger.debug('BaseSecurityService', 'authorizationCheckRoles', 'userRole', userRole, correlationId);
87
+
88
+ for (const role of roles) {
89
+ this._logger.debug('BaseSecurityService', 'authorizationCheckRoles', 'role', role, correlationId);
90
+
91
+ roleParts = role.split('.');
92
+ if (roleParts && roleParts.length < 1)
93
+ success = false;
94
+
95
+ roleObj = roleParts[0];
96
+ roleAct = roleParts.length >= 2 ? roleParts[1] : null
97
+
98
+ result = await this.validate(userRole, null, roleObj, roleAct);
99
+ this._logger.debug('BaseSecurityService', 'authorizationCheckRoles', 'result', result, correlationId);
100
+ if (logical === BaseSecurityService.logicalOr) {
101
+ if (result)
102
+ return result;
103
+
104
+ success = false;
105
+ }
106
+ else
107
+ success = success && result;
108
+ }
109
+ }
110
+
111
+ return success;
112
+ }
113
+
114
+ initializeRoles(correlationId, requestRoles, roles) {
115
+ if (Array.isArray(roles)) {
116
+ this._logger.debug('BaseSecurityService', 'initalizeRoles', 'roles1a', roles, correlationId);
117
+ requestRoles = roles;
118
+ return requestRoles;
119
+ }
120
+
121
+ if ((typeof(roles) === 'string') || (roles instanceof String)) {
122
+ // this._logger.debug('BaseSecurityService', 'initalizeRoles', 'roles1b', roles, correlationId);
123
+ requestRoles = roles.split(',');
124
+ requestRoles.map(item => item ? item.trim() : item);
125
+ return requestRoles;
126
+ }
127
+ }
128
+
129
+ initializeOptionsLogical(correlationId, options) {
130
+ if (!options)
131
+ return logicalOr;
132
+
133
+ let logical = options.logical;
134
+ if (String.isNullOrEmpty(logical) || (logical !== logicalAnd) || (logical !== logicalOr))
135
+ logical = logicalOr;
136
+
137
+ return logical;
138
+ }
139
+
140
+ initializeOptionsRoles(correlationId, options) {
141
+ let roles = [];
142
+ if (options.roles && Array.isArray(options.roles) && (options.roles.length > 0))
143
+ roles = options.roles;
144
+ return roles;
145
+ }
21
146
 
22
147
  // eslint-disable-next-line
23
- async validate(sub, dom, obj, act) {
148
+ async validate(correlationId, sub, dom, obj, act) {
24
149
  if (!this._enforcer)
25
150
  throw Error('No enforcer found');
26
151
 
@@ -39,6 +164,9 @@ class BaseSecurityService extends Service {
39
164
  _initModel() {
40
165
  return null;
41
166
  }
167
+
168
+ static logicalAnd = 'and';
169
+ static logicalOr = 'or';
42
170
  }
43
171
 
44
172
  export default BaseSecurityService;