@thzero/library_server_fastify 0.15.35 → 0.15.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/boot/index.js +15 -6
- package/middleware/authentication.js +81 -65
- package/middleware/authorization.js +175 -155
- package/package.json +3 -3
- package/routes/admin/index.js +4 -6
- package/routes/baseNews.js +1 -1
- package/routes/baseUsers.js +5 -5
- package/routes/index.js +3 -1
- package/routes/plans.js +1 -1
- package/routes/utility.js +1 -1
- package/routes/version.js +1 -1
package/boot/index.js
CHANGED
|
@@ -9,6 +9,7 @@ import fastifyRoutes from 'fastify-routes';
|
|
|
9
9
|
import fastifyStatic from 'fastify-static';
|
|
10
10
|
|
|
11
11
|
import LibraryConstants from '@thzero/library_server/constants';
|
|
12
|
+
import LibraryCommonServiceConstants from '@thzero/library_common_service/constants';
|
|
12
13
|
|
|
13
14
|
import injector from '@thzero/library_common/utility/injector';
|
|
14
15
|
|
|
@@ -249,10 +250,18 @@ class FastifyBootMain extends BootMain {
|
|
|
249
250
|
const capitalize = (word) => {
|
|
250
251
|
return word[0].toUpperCase() + word.slice(1).toLowerCase();
|
|
251
252
|
};
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
for (let [key, value] of this.
|
|
255
|
-
|
|
253
|
+
|
|
254
|
+
let item;
|
|
255
|
+
for (let [key, value] of this._initAuthentication(new Map()).entries()) {
|
|
256
|
+
item = value.init(injector);
|
|
257
|
+
fastify.decorate('authentication' + capitalize(key), item.callback);
|
|
258
|
+
fastify.decorate('authenticationMiddleware' + capitalize(key), item.service);
|
|
259
|
+
}
|
|
260
|
+
for (let [key, value] of this._initAuthorization(new Map()).entries()) {
|
|
261
|
+
item = value.init(injector);
|
|
262
|
+
fastify.decorate('authorization' + capitalize(key), item.callback);
|
|
263
|
+
fastify.decorate('authorizationMiddleware' + capitalize(key), item.service);
|
|
264
|
+
}
|
|
256
265
|
|
|
257
266
|
this._initPostAuth(fastify);
|
|
258
267
|
|
|
@@ -297,12 +306,12 @@ class FastifyBootMain extends BootMain {
|
|
|
297
306
|
}
|
|
298
307
|
|
|
299
308
|
_initAuthentication(map) {
|
|
300
|
-
map.set('default', authenticationDefault);
|
|
309
|
+
map.set('default', new authenticationDefault());
|
|
301
310
|
return map;
|
|
302
311
|
}
|
|
303
312
|
|
|
304
313
|
_initAuthorization(map) {
|
|
305
|
-
map.set('default', authorizationDefault);
|
|
314
|
+
map.set('default', new authorizationDefault());
|
|
306
315
|
return map;
|
|
307
316
|
}
|
|
308
317
|
|
|
@@ -1,78 +1,94 @@
|
|
|
1
1
|
import LibraryConstants from '@thzero/library_server/constants';
|
|
2
2
|
import LibraryCommonServiceConstants from '@thzero/library_common_service/constants';
|
|
3
3
|
|
|
4
|
-
import injector from '@thzero/library_common/utility/injector';
|
|
5
|
-
|
|
6
4
|
const separator = ': ';
|
|
7
5
|
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
const token = request.headers[LibraryConstants.Headers.AuthKeys.AUTH];
|
|
15
|
-
logger.debug('middleware', 'getAuthToken', 'token', token, request.correlationId);
|
|
16
|
-
const split = token.split(LibraryConstants.Headers.AuthKeys.AUTH_BEARER + separator);
|
|
17
|
-
logger.debug('middleware', 'getAuthToken', 'split', split, request.correlationId);
|
|
18
|
-
logger.debug('middleware', 'getAuthToken', 'split.length', split.length, request.correlationId);
|
|
19
|
-
if (split.length > 1)
|
|
20
|
-
return split[1];
|
|
21
|
-
|
|
22
|
-
logger.debug('middleware', 'getAuthToken', 'fail', null, request.correlationId);
|
|
23
|
-
return null;
|
|
24
|
-
}
|
|
6
|
+
class DefaultAuthenticationMiddleware {
|
|
7
|
+
constructor() {
|
|
8
|
+
this._serviceAuth = null;
|
|
9
|
+
this._serviceLogger = null;
|
|
10
|
+
}
|
|
25
11
|
|
|
26
|
-
|
|
27
|
-
|
|
12
|
+
init(injector) {
|
|
13
|
+
this._serviceAuth = injector.getService(LibraryConstants.InjectorKeys.SERVICE_AUTH);
|
|
14
|
+
this._serviceLogger = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_LOGGER);
|
|
28
15
|
|
|
29
|
-
|
|
16
|
+
return {
|
|
17
|
+
callback: async (request, reply, done, options) => {
|
|
18
|
+
const middleware = request.server.authenticationMiddlewareDefault;
|
|
19
|
+
await middleware.authenticate(request, reply, done, options)
|
|
20
|
+
},
|
|
21
|
+
service: this
|
|
22
|
+
}
|
|
23
|
+
}
|
|
30
24
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
25
|
+
async authenticate(request, reply, done, options) {
|
|
26
|
+
const required = options && (options.required !== null) && (options.required !== undefined) ? options.required : true;
|
|
27
|
+
|
|
28
|
+
const token = this._getAuthToken(request);
|
|
29
|
+
this._serviceLogger.debug('middleware', 'authentication', 'token', token, request.correlationId);
|
|
30
|
+
this._serviceLogger.debug('middleware', 'authentication', 'required', required, request.correlationId);
|
|
31
|
+
const valid = ((required && !String.isNullOrEmpty(token)) || !required);
|
|
32
|
+
this._serviceLogger.debug('middleware', 'authentication', 'valid', valid, request.correlationId);
|
|
33
|
+
if (valid) {
|
|
34
|
+
if (!String.isNullOrEmpty(token)) {
|
|
35
|
+
const results = await this._serviceAuth.verifyToken(request.correlationId, token);
|
|
36
|
+
this._serviceLogger.debug('middleware', 'authentication', 'results', results, request.correlationId);
|
|
37
|
+
if (!results || !results.success) {
|
|
38
|
+
this._serviceLogger.warn('middleware', 'authentication', 'Unauthenticated... invalid token', null, request.correlationId);
|
|
39
|
+
ctx.throw(401);
|
|
40
|
+
return;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
request.token = token;
|
|
44
|
+
request.user = results.user;
|
|
45
|
+
request.claims = results.claims;
|
|
45
46
|
}
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
request.claims = results.claims;
|
|
47
|
+
|
|
48
|
+
// done(); // not for async
|
|
49
|
+
return;
|
|
50
50
|
}
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
51
|
+
|
|
52
|
+
(async () => {
|
|
53
|
+
const usageMetrics = {
|
|
54
|
+
url: request.routerPath,
|
|
55
|
+
correlationId: request.correlationId,
|
|
56
|
+
href: request.url,
|
|
57
|
+
headers: request.headers,
|
|
58
|
+
host: request.hostname,
|
|
59
|
+
hostname: request.hostname,
|
|
60
|
+
querystring: request.query,
|
|
61
|
+
token: request.token
|
|
62
|
+
};
|
|
63
|
+
const serviceUsageMetrics = request.server[LibraryConstants.InjectorKeys.SERVICE_USAGE_METRIC];
|
|
64
|
+
await serviceUsageMetrics.register(usageMetrics).catch((err) => {
|
|
65
|
+
this._serviceLogger.error('middleware', 'authentication', err, null, request.correlationId);
|
|
66
|
+
});
|
|
67
|
+
})();
|
|
68
|
+
|
|
69
|
+
this._serviceLogger.warn('middleware', 'authentication', 'Unauthorized... authentication unknown', null, request.correlationId);
|
|
70
|
+
// reply.code(401);
|
|
71
|
+
// done(new Error('Unauthorized... authentication unknown')); // not for async
|
|
72
|
+
throw new Error('Unauthorized... authentication unknown');
|
|
54
73
|
}
|
|
55
74
|
|
|
56
|
-
(
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
logger.warn('middleware', 'authentication', 'Unauthorized... authentication unknown', null, request.correlationId);
|
|
75
|
-
// reply.code(401);
|
|
76
|
-
// done(new Error('Unauthorized... authentication unknown')); // not for async
|
|
77
|
-
throw new Error('Unauthorized... authentication unknown');
|
|
75
|
+
_getAuthToken(request) {
|
|
76
|
+
if (!request)
|
|
77
|
+
return null;
|
|
78
|
+
|
|
79
|
+
const token = request.headers[LibraryConstants.Headers.AuthKeys.AUTH];
|
|
80
|
+
if (token !== null && token !== undefined) {
|
|
81
|
+
this._serviceLogger.debug('middleware', 'getAuthToken', 'token', token, request.correlationId);
|
|
82
|
+
const split = token.split(LibraryConstants.Headers.AuthKeys.AUTH_BEARER + separator);
|
|
83
|
+
this._serviceLogger.debug('middleware', 'getAuthToken', 'split', split, request.correlationId);
|
|
84
|
+
this._serviceLogger.debug('middleware', 'getAuthToken', 'split.length', split.length, request.correlationId);
|
|
85
|
+
if (split.length > 1)
|
|
86
|
+
return split[1];
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
this._serviceLogger.debug('middleware', 'getAuthToken', 'fail', null, request.correlationId);
|
|
90
|
+
return null;
|
|
91
|
+
}
|
|
78
92
|
}
|
|
93
|
+
|
|
94
|
+
export default DefaultAuthenticationMiddleware;
|
|
@@ -1,8 +1,6 @@
|
|
|
1
1
|
import LibraryConstants from '@thzero/library_server/constants';
|
|
2
2
|
import LibraryCommonServiceConstants from '@thzero/library_common_service/constants';
|
|
3
3
|
|
|
4
|
-
import injector from '@thzero/library_common/utility/injector';
|
|
5
|
-
|
|
6
4
|
// require('../utility/string.cjs');
|
|
7
5
|
String.isNullOrEmpty = function(value) {
|
|
8
6
|
//return !(typeof value === 'string' && value.length > 0)
|
|
@@ -22,93 +20,196 @@ String.trim = function(value) {
|
|
|
22
20
|
const logicalAnd = 'and';
|
|
23
21
|
const logicalOr = 'or';
|
|
24
22
|
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
success = false;
|
|
44
|
-
|
|
45
|
-
roleObj = roleParts[0];
|
|
46
|
-
roleAct = roleParts.length >= 2 ? roleParts[1] : null
|
|
47
|
-
|
|
48
|
-
result = await security.validate(claim, null, roleObj, roleAct);
|
|
49
|
-
logger.debug('middleware', 'authorization', 'result', result, request.correlationId);
|
|
50
|
-
if (logical === logicalOr)
|
|
51
|
-
success = success || result;
|
|
52
|
-
else
|
|
53
|
-
success = success && result;
|
|
23
|
+
class DefaultAuthenticationMiddleware {
|
|
24
|
+
constructor() {
|
|
25
|
+
this._serviceConfig = null;
|
|
26
|
+
this._serviceLogger = null;
|
|
27
|
+
this._serviceSecurity = null;
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
init(injector) {
|
|
31
|
+
this._serviceConfig = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_CONFIG);
|
|
32
|
+
this._serviceLogger = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_LOGGER);
|
|
33
|
+
this._serviceSecurity = injector.getService(LibraryConstants.InjectorKeys.SERVICE_SECURITY);
|
|
34
|
+
|
|
35
|
+
return {
|
|
36
|
+
callback: async (request, reply, done, options) => {
|
|
37
|
+
const middleware = request.server.authorizationMiddlewareDefault;
|
|
38
|
+
await middleware.authorization(request, reply, done, options)
|
|
39
|
+
},
|
|
40
|
+
service: this
|
|
54
41
|
}
|
|
55
42
|
}
|
|
56
43
|
|
|
57
|
-
|
|
58
|
-
|
|
44
|
+
async authorization(request, reply, done, options) {
|
|
45
|
+
let logical = logicalOr;
|
|
46
|
+
let roles = [];
|
|
47
|
+
if (options) {
|
|
48
|
+
logical = options.logical;
|
|
49
|
+
if (String.isNullOrEmpty(logical) || (logical !== logicalAnd) || (logical !== logicalOr))
|
|
50
|
+
logical = logicalOr;
|
|
51
|
+
|
|
52
|
+
if (options.roles && Array.isArray(options.roles) && (options.roles.length > 0))
|
|
53
|
+
roles = options.roles;
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
// this._serviceLogger.debug('token', request.token);
|
|
57
|
+
this._serviceLogger.debug('middleware', 'authorization', 'user', request.user, request.correlationId);
|
|
58
|
+
this._serviceLogger.debug('middleware', 'authorization', 'claims', request.claims, request.correlationId);
|
|
59
|
+
this._serviceLogger.debug('middleware', 'authorization', 'roles1', roles, request.correlationId);
|
|
60
|
+
request.roles = [];
|
|
61
|
+
if (roles) {
|
|
62
|
+
// this._serviceLogger.debug('authorization.roles1', roles);
|
|
63
|
+
// this._serviceLogger.debug('authorization.roles1', (typeof roles));
|
|
64
|
+
// this._serviceLogger.debug('authorization.roles1', Array.isArray(roles));
|
|
65
|
+
// this._serviceLogger.debug('authorization.roles1', ((typeof(roles) === 'string') || (roles instanceof String)));
|
|
66
|
+
// if (Array.isArray(roles)) {
|
|
67
|
+
// // this._serviceLogger.debug('authorization.roles1a', roles);
|
|
68
|
+
// request.roles = roles;
|
|
69
|
+
// }
|
|
70
|
+
// else if ((typeof(roles) === 'string') || (roles instanceof String)) {
|
|
71
|
+
// // this._serviceLogger.debug('authorization.roles1b', roles);
|
|
72
|
+
// request.roles = roles.split(',');
|
|
73
|
+
// request.roles.map(item => item ? item.trim() : item);
|
|
74
|
+
// }
|
|
75
|
+
this._initalizeRoles(request, roles);
|
|
76
|
+
}
|
|
77
|
+
this._serviceLogger.debug('middleware', 'authorization', 'roles2', request.roles, request.correlationId);
|
|
78
|
+
|
|
79
|
+
let success = false; //(logical === logicalOr ? false : true);
|
|
80
|
+
if (request.roles && Array.isArray(request.roles) && (request.roles.length > 0)) {
|
|
81
|
+
const auth = this._serviceConfig.get('auth');
|
|
82
|
+
if (auth) {
|
|
83
|
+
this._serviceLogger.debug('middleware', 'authorization', 'auth.claims', auth.claims, request.correlationId);
|
|
84
|
+
this._serviceLogger.debug('middleware', 'authorization', 'auth.claims.check', auth.claims.check, request.correlationId);
|
|
85
|
+
}
|
|
86
|
+
if (auth && auth.claims && auth.claims.check)
|
|
87
|
+
success = await this._authorizationCheckClaims(request, (logical === logicalOr ? false : true), logical);
|
|
88
|
+
|
|
89
|
+
if (!success)
|
|
90
|
+
success = await this._authorizationCheckRoles(request, (logical === logicalOr ? false : true), logical);
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
this._serviceLogger.debug('middleware', 'authorization', 'success', null, request.success, request.correlationId);
|
|
94
|
+
if (success) {
|
|
95
|
+
// done(); // not for async
|
|
96
|
+
return;
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
(async () => {
|
|
100
|
+
const usageMetrics = {
|
|
101
|
+
url: request.routerPath,
|
|
102
|
+
correlationId: request.correlationId,
|
|
103
|
+
href: request.url,
|
|
104
|
+
headers: request.headers,
|
|
105
|
+
host: request.hostname,
|
|
106
|
+
hostname: request.hostname,
|
|
107
|
+
querystring: request.query,
|
|
108
|
+
token: request.token
|
|
109
|
+
};
|
|
110
|
+
const serviceUsageMetrics = request.server[LibraryConstants.InjectorKeys.SERVICE_USAGE_METRIC];
|
|
111
|
+
await serviceUsageMetrics.register(usageMetrics).catch((err) => {
|
|
112
|
+
this._serviceLogger.error('middleware', 'authorization', err, null, request.correlationId);
|
|
113
|
+
});
|
|
114
|
+
})();
|
|
115
|
+
|
|
116
|
+
this._serviceLogger.warn('middleware', 'authorization', 'Unauthorized... authorization unknown', null, request.correlationId);
|
|
117
|
+
// reply.code(401);
|
|
118
|
+
// done(new Error('Unauthorized... authentication unknown')); // not for async
|
|
119
|
+
throw new Error('Unauthorized... authentication unknown');
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
async _authorizationCheckClaims (request, success, logical) {
|
|
123
|
+
if (!request)
|
|
124
|
+
return false;
|
|
125
|
+
if (!(request.claims && Array.isArray(request.claims)))
|
|
126
|
+
return false;
|
|
127
|
+
|
|
128
|
+
let result;
|
|
129
|
+
let roleAct;
|
|
130
|
+
let roleObj;
|
|
131
|
+
let roleParts;
|
|
132
|
+
for (const claim of request.claims) {
|
|
133
|
+
this._serviceLogger.debug('middleware', 'authorization', 'authorization.claim', claim, request.correlationId);
|
|
134
|
+
|
|
135
|
+
for (const role of request.roles) {
|
|
136
|
+
this._serviceLogger.debug('middleware', 'authorization', 'role', role, request.correlationId);
|
|
137
|
+
|
|
138
|
+
roleParts = role.split('.');
|
|
139
|
+
if (roleParts && roleParts.length < 1)
|
|
140
|
+
success = false;
|
|
141
|
+
|
|
142
|
+
roleObj = roleParts[0];
|
|
143
|
+
roleAct = roleParts.length >= 2 ? roleParts[1] : null
|
|
144
|
+
|
|
145
|
+
result = await this._serviceSecurity.validate(claim, null, roleObj, roleAct);
|
|
146
|
+
this._serviceLogger.debug('middleware', 'authorization', 'result', result, request.correlationId);
|
|
147
|
+
if (logical === logicalOr)
|
|
148
|
+
success = success || result;
|
|
149
|
+
else
|
|
150
|
+
success = success && result;
|
|
151
|
+
}
|
|
152
|
+
}
|
|
59
153
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
154
|
+
return success;
|
|
155
|
+
}
|
|
156
|
+
|
|
157
|
+
async _authorizationCheckRoles (request, success, logical) {
|
|
158
|
+
if (!request)
|
|
159
|
+
return false;
|
|
63
160
|
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
161
|
+
this._serviceLogger.debug('middleware', '_authorizationCheckRoles', 'user', request.user, request.correlationId);
|
|
162
|
+
if (!(request.user && request.user.roles && Array.isArray(request.user.roles)))
|
|
163
|
+
return false;
|
|
67
164
|
|
|
68
|
-
|
|
165
|
+
this._serviceLogger.debug('middleware', '_authorizationCheckRoles', 'logical', logical, request.correlationId);
|
|
69
166
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
167
|
+
let result;
|
|
168
|
+
let roleAct;
|
|
169
|
+
let roleObj;
|
|
170
|
+
let roleParts;
|
|
171
|
+
for (const userRole of request.user.roles) {
|
|
172
|
+
this._serviceLogger.debug('middleware', '_authorizationCheckRoles', 'userRole', userRole, request.correlationId);
|
|
76
173
|
|
|
77
|
-
|
|
78
|
-
|
|
174
|
+
for (const role of request.roles) {
|
|
175
|
+
this._serviceLogger.debug('middleware', '_authorizationCheckRoles', 'role', role, request.correlationId);
|
|
79
176
|
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
177
|
+
roleParts = role.split('.');
|
|
178
|
+
if (roleParts && roleParts.length < 1)
|
|
179
|
+
success = false;
|
|
83
180
|
|
|
84
|
-
|
|
85
|
-
|
|
181
|
+
roleObj = roleParts[0];
|
|
182
|
+
roleAct = roleParts.length >= 2 ? roleParts[1] : null
|
|
86
183
|
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
184
|
+
result = await this._serviceSecurity.validate(userRole, null, roleObj, roleAct);
|
|
185
|
+
this._serviceLogger.debug('middleware', '_authorizationCheckRoles', 'result', result, request.correlationId);
|
|
186
|
+
if (logical === logicalOr) {
|
|
187
|
+
if (result)
|
|
188
|
+
return result;
|
|
92
189
|
|
|
93
|
-
|
|
190
|
+
success = false;
|
|
191
|
+
}
|
|
192
|
+
else
|
|
193
|
+
success = success && result;
|
|
94
194
|
}
|
|
95
|
-
else
|
|
96
|
-
success = success && result;
|
|
97
195
|
}
|
|
98
|
-
}
|
|
99
|
-
|
|
100
|
-
return success;
|
|
101
|
-
}
|
|
102
196
|
|
|
103
|
-
|
|
104
|
-
if (Array.isArray(roles)) {
|
|
105
|
-
// logger.debug('middleware', 'initalizeRoles', 'roles1a', roles);
|
|
106
|
-
request.roles = roles;
|
|
197
|
+
return success;
|
|
107
198
|
}
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
199
|
+
|
|
200
|
+
_initalizeRoles (request, roles) {
|
|
201
|
+
if (Array.isArray(roles)) {
|
|
202
|
+
this._serviceLogger.debug('middleware', '_initalizeRoles', 'roles1a', roles);
|
|
203
|
+
request.roles = roles;
|
|
204
|
+
return;
|
|
205
|
+
}
|
|
206
|
+
|
|
207
|
+
if ((typeof(roles) === 'string') || (roles instanceof String)) {
|
|
208
|
+
// logger.debug('middleware', '_initalizeRoles', 'roles1b', roles);
|
|
209
|
+
request.roles = roles.split(',');
|
|
210
|
+
request.roles.map(item => item ? item.trim() : item);
|
|
211
|
+
return;
|
|
212
|
+
}
|
|
112
213
|
}
|
|
113
214
|
}
|
|
114
215
|
|
|
@@ -116,85 +217,4 @@ const initalizeRoles = (request, roles, logger) => {
|
|
|
116
217
|
// if (String.isNullOrEmpty(logical) || (logical !== logicalAnd) || (logical !== logicalOr))
|
|
117
218
|
// logical = logicalOr;
|
|
118
219
|
|
|
119
|
-
export default
|
|
120
|
-
let logical = logicalOr;
|
|
121
|
-
let roles = [];
|
|
122
|
-
if (options) {
|
|
123
|
-
logical = options.logical;
|
|
124
|
-
if (String.isNullOrEmpty(logical) || (logical !== logicalAnd) || (logical !== logicalOr))
|
|
125
|
-
logical = logicalOr;
|
|
126
|
-
|
|
127
|
-
if (options.roles && Array.isArray(options.roles) && (options.roles.length > 0))
|
|
128
|
-
roles = options.roles;
|
|
129
|
-
}
|
|
130
|
-
|
|
131
|
-
const config = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_CONFIG);
|
|
132
|
-
const logger = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_LOGGER);
|
|
133
|
-
const security = injector.getService(LibraryConstants.InjectorKeys.SERVICE_SECURITY);
|
|
134
|
-
|
|
135
|
-
// logger.debug('token', request.token);
|
|
136
|
-
logger.debug('middleware', 'authorization', 'user', request.user, request.correlationId);
|
|
137
|
-
logger.debug('middleware', 'authorization', 'claims', request.claims, request.correlationId);
|
|
138
|
-
logger.debug('middleware', 'authorization', 'roles1', roles, request.correlationId);
|
|
139
|
-
request.roles = [];
|
|
140
|
-
if (roles) {
|
|
141
|
-
// logger.debug('authorization.roles1', roles);
|
|
142
|
-
// logger.debug('authorization.roles1', (typeof roles));
|
|
143
|
-
// logger.debug('authorization.roles1', Array.isArray(roles));
|
|
144
|
-
// logger.debug('authorization.roles1', ((typeof(roles) === 'string') || (roles instanceof String)));
|
|
145
|
-
// if (Array.isArray(roles)) {
|
|
146
|
-
// // logger.debug('authorization.roles1a', roles);
|
|
147
|
-
// request.roles = roles;
|
|
148
|
-
// }
|
|
149
|
-
// else if ((typeof(roles) === 'string') || (roles instanceof String)) {
|
|
150
|
-
// // logger.debug('authorization.roles1b', roles);
|
|
151
|
-
// request.roles = roles.split(',');
|
|
152
|
-
// request.roles.map(item => item ? item.trim() : item);
|
|
153
|
-
// }
|
|
154
|
-
initalizeRoles(request, roles, logger);
|
|
155
|
-
}
|
|
156
|
-
logger.debug('middleware', 'authorization', 'roles2', request.roles, request.correlationId);
|
|
157
|
-
|
|
158
|
-
let success = false; //(logical === logicalOr ? false : true);
|
|
159
|
-
if (request.roles && Array.isArray(request.roles) && (request.roles.length > 0)) {
|
|
160
|
-
const auth = config.get('auth');
|
|
161
|
-
if (auth) {
|
|
162
|
-
logger.debug('middleware', 'authorization', 'auth.claims', auth.claims, request.correlationId);
|
|
163
|
-
logger.debug('middleware', 'authorization', 'auth.claims.check', auth.claims.check, request.correlationId);
|
|
164
|
-
}
|
|
165
|
-
if (auth && auth.claims && auth.claims.check)
|
|
166
|
-
success = await authorizationCheckClaims(request, (logical === logicalOr ? false : true), logical, security, logger);
|
|
167
|
-
|
|
168
|
-
if (!success)
|
|
169
|
-
success = await authorizationCheckRoles(request, (logical === logicalOr ? false : true), logical, security, logger);
|
|
170
|
-
}
|
|
171
|
-
|
|
172
|
-
logger.debug('middleware', 'authorization', 'success', null, request.success, request.correlationId);
|
|
173
|
-
if (success) {
|
|
174
|
-
// done(); // not for async
|
|
175
|
-
return;
|
|
176
|
-
}
|
|
177
|
-
|
|
178
|
-
(async () => {
|
|
179
|
-
const usageMetrics = {
|
|
180
|
-
url: request.routerPath,
|
|
181
|
-
correlationId: request.correlationId,
|
|
182
|
-
href: request.url,
|
|
183
|
-
headers: request.headers,
|
|
184
|
-
host: request.hostname,
|
|
185
|
-
hostname: request.hostname,
|
|
186
|
-
querystring: request.query,
|
|
187
|
-
token: request.token
|
|
188
|
-
};
|
|
189
|
-
const serviceUsageMetrics = injector.getService(LibraryConstants.InjectorKeys.SERVICE_USAGE_METRIC);
|
|
190
|
-
await serviceUsageMetrics.register(usageMetrics).catch((err) => {
|
|
191
|
-
// const logger = injector.getService(LibraryCommonServiceConstants.InjectorKeys.SERVICE_LOGGER);
|
|
192
|
-
logger.error('middleware', 'authorization', err, null, request.correlationId);
|
|
193
|
-
});
|
|
194
|
-
})();
|
|
195
|
-
|
|
196
|
-
logger.warn('middleware', 'authorization', 'Unauthorized... authorization unknown', null, request.correlationId);
|
|
197
|
-
// reply.code(401);
|
|
198
|
-
// done(new Error('Unauthorized... authentication unknown')); // not for async
|
|
199
|
-
throw new Error('Unauthorized... authentication unknown');
|
|
200
|
-
}
|
|
220
|
+
export default DefaultAuthenticationMiddleware;
|
package/package.json
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@thzero/library_server_fastify",
|
|
3
3
|
"type": "module",
|
|
4
|
-
"version": "0.15.
|
|
4
|
+
"version": "0.15.36",
|
|
5
5
|
"version_major": 0,
|
|
6
6
|
"version_minor": 15,
|
|
7
|
-
"version_patch":
|
|
8
|
-
"version_date": "04/
|
|
7
|
+
"version_patch": 36,
|
|
8
|
+
"version_date": "04/22/2022",
|
|
9
9
|
"description": "An opinionated library of common functionality to bootstrap a Fastify based API application.",
|
|
10
10
|
"author": "thZero",
|
|
11
11
|
"license": "MIT",
|
package/routes/admin/index.js
CHANGED
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
import LibraryUtility from '@thzero/library_common/utility';
|
|
2
|
-
|
|
3
1
|
import BaseRoute from '../index';
|
|
4
2
|
|
|
5
3
|
class AdminBaseRoute extends BaseRoute {
|
|
@@ -52,7 +50,7 @@ class AdminBaseRoute extends BaseRoute {
|
|
|
52
50
|
// eslint-disable-next-line
|
|
53
51
|
async (request, reply) => {
|
|
54
52
|
const response = (await router[this._options.serviceKey].create(request.correlationId, request.user, request.body)).check(request);
|
|
55
|
-
this._jsonResponse(reply,
|
|
53
|
+
this._jsonResponse(reply, response);
|
|
56
54
|
}
|
|
57
55
|
);
|
|
58
56
|
}
|
|
@@ -74,7 +72,7 @@ class AdminBaseRoute extends BaseRoute {
|
|
|
74
72
|
// eslint-disable-next-line
|
|
75
73
|
async (request, reply) => {
|
|
76
74
|
const response = (await router[this._options.serviceKey].delete(request.correlationId, request.user, request.params.id)).check(request);
|
|
77
|
-
this._jsonResponse(reply,
|
|
75
|
+
this._jsonResponse(reply, response);
|
|
78
76
|
}
|
|
79
77
|
);
|
|
80
78
|
}
|
|
@@ -96,7 +94,7 @@ class AdminBaseRoute extends BaseRoute {
|
|
|
96
94
|
// eslint-disable-next-line
|
|
97
95
|
async (request, reply) => {
|
|
98
96
|
const response = (await router[this._options.serviceKey].update(request.correlationId, request.user, request.params.id, request.body)).check(request);
|
|
99
|
-
this._jsonResponse(reply,
|
|
97
|
+
this._jsonResponse(reply, response);
|
|
100
98
|
}
|
|
101
99
|
);
|
|
102
100
|
}
|
|
@@ -121,7 +119,7 @@ class AdminBaseRoute extends BaseRoute {
|
|
|
121
119
|
// eslint-disable-next-line
|
|
122
120
|
async (request, reply) => {
|
|
123
121
|
const response = (await router[this._options.serviceKey].search(request.correlationId, request.user, request.body)).check(request);
|
|
124
|
-
this._jsonResponse(reply,
|
|
122
|
+
this._jsonResponse(reply, response);
|
|
125
123
|
}
|
|
126
124
|
);
|
|
127
125
|
|
package/routes/baseNews.js
CHANGED
|
@@ -38,7 +38,7 @@ class BaseNewsRoute extends BaseRoute {
|
|
|
38
38
|
async (request, reply) => {
|
|
39
39
|
// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_NEWS);
|
|
40
40
|
const response = (await router[LibraryConstants.InjectorKeys.SERVICE_NEWS].latest(request.correlationId, request.user, parseInt(request.params.date))).check(request);
|
|
41
|
-
this._jsonResponse(reply,
|
|
41
|
+
this._jsonResponse(reply, response);
|
|
42
42
|
});
|
|
43
43
|
}
|
|
44
44
|
}
|
package/routes/baseUsers.js
CHANGED
|
@@ -48,7 +48,7 @@ class BaseUsersRoute extends BaseRoute {
|
|
|
48
48
|
async (request, reply) => {
|
|
49
49
|
// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
|
|
50
50
|
const response = (await router[LibraryConstants.InjectorKeys.SERVICE_USERS].fetchByGamerId(request.correlationId, request.params.gamerId)).check(request);
|
|
51
|
-
this._jsonResponse(reply,
|
|
51
|
+
this._jsonResponse(reply, response);
|
|
52
52
|
}
|
|
53
53
|
);
|
|
54
54
|
}
|
|
@@ -72,7 +72,7 @@ class BaseUsersRoute extends BaseRoute {
|
|
|
72
72
|
async (request, reply) => {
|
|
73
73
|
// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
|
|
74
74
|
const response = (await router[LibraryConstants.InjectorKeys.SERVICE_USERS].fetchByGamerTag(request.correlationId, request.params.gamerTag)).check(request);
|
|
75
|
-
this._jsonResponse(reply,
|
|
75
|
+
this._jsonResponse(reply, response);
|
|
76
76
|
}
|
|
77
77
|
);
|
|
78
78
|
}
|
|
@@ -95,7 +95,7 @@ class BaseUsersRoute extends BaseRoute {
|
|
|
95
95
|
async (request, reply) => {
|
|
96
96
|
// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
|
|
97
97
|
const response = (await router[LibraryConstants.InjectorKeys.SERVICE_USERS].refreshSettings(request.correlationId, request.body)).check(request);
|
|
98
|
-
this._jsonResponse(reply,
|
|
98
|
+
this._jsonResponse(reply, response);
|
|
99
99
|
}
|
|
100
100
|
);
|
|
101
101
|
}
|
|
@@ -118,7 +118,7 @@ class BaseUsersRoute extends BaseRoute {
|
|
|
118
118
|
async (request, reply) => {
|
|
119
119
|
// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
|
|
120
120
|
const response = (await router[LibraryConstants.InjectorKeys.SERVICE_USERS].update(request.correlationId, request.body)).check(request);
|
|
121
|
-
this._jsonResponse(reply,
|
|
121
|
+
this._jsonResponse(reply, response);
|
|
122
122
|
}
|
|
123
123
|
);
|
|
124
124
|
}
|
|
@@ -141,7 +141,7 @@ class BaseUsersRoute extends BaseRoute {
|
|
|
141
141
|
async (request, reply) => {
|
|
142
142
|
// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_USERS);
|
|
143
143
|
const response = (await router[LibraryConstants.InjectorKeys.SERVICE_USERS].updateSettings(request.correlationId, request.body)).check(request);
|
|
144
|
-
this._jsonResponse(reply,
|
|
144
|
+
this._jsonResponse(reply, response);
|
|
145
145
|
}
|
|
146
146
|
);
|
|
147
147
|
}
|
package/routes/index.js
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import fastifyPlugin from 'fastify-plugin';
|
|
2
2
|
|
|
3
|
+
import Utility from '@thzero/library_common/utility';
|
|
4
|
+
|
|
3
5
|
import BaseRoute from'@thzero/library_server/routes/index';
|
|
4
6
|
|
|
5
7
|
class FastifyBaseRoute extends BaseRoute {
|
|
@@ -32,7 +34,7 @@ class FastifyBaseRoute extends BaseRoute {
|
|
|
32
34
|
reply
|
|
33
35
|
.code(200)
|
|
34
36
|
.header('Content-Type', 'application/json; charset=utf-8')
|
|
35
|
-
.send(json);
|
|
37
|
+
.send((typeof user === 'string') ? json : Utility.stringify(json));
|
|
36
38
|
}
|
|
37
39
|
}
|
|
38
40
|
|
package/routes/plans.js
CHANGED
|
@@ -27,7 +27,7 @@ class PlansRoute extends BaseRoute {
|
|
|
27
27
|
async (request, reply) => {
|
|
28
28
|
// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_PLANS);
|
|
29
29
|
const response = (await router[LibraryConstants.InjectorKeys.SERVICE_PLANS].listing(request.correlationId, request.body)).check(request);
|
|
30
|
-
this._jsonResponse(reply,
|
|
30
|
+
this._jsonResponse(reply, response);
|
|
31
31
|
}
|
|
32
32
|
);
|
|
33
33
|
}
|
package/routes/utility.js
CHANGED
|
@@ -40,7 +40,7 @@ class UtilityRoute extends BaseRoute {
|
|
|
40
40
|
async (request, reply) => {
|
|
41
41
|
// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_UTILITY);
|
|
42
42
|
const response = (await router[LibraryConstants.InjectorKeys.SERVICE_UTILITY].logger(request.correlationId, request.body)).check(request);
|
|
43
|
-
this._jsonResponse(reply,
|
|
43
|
+
this._jsonResponse(reply, response);
|
|
44
44
|
}
|
|
45
45
|
);
|
|
46
46
|
}
|
package/routes/version.js
CHANGED
|
@@ -27,7 +27,7 @@ class VersionRoute extends BaseRoute {
|
|
|
27
27
|
async (request, reply) => {
|
|
28
28
|
// const service = this._injector.getService(LibraryConstants.InjectorKeys.SERVICE_VERSION);
|
|
29
29
|
const response = (await router[LibraryConstants.InjectorKeys.SERVICE_VERSION].version(request.correlationId)).check(request);
|
|
30
|
-
this._jsonResponse(reply,
|
|
30
|
+
this._jsonResponse(reply, response);
|
|
31
31
|
}
|
|
32
32
|
);
|
|
33
33
|
}
|