@toa.io/extensions.exposition 1.0.0-alpha.14 → 1.0.0-alpha.143
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/components/context.toa.yaml +2 -2
- package/components/identity.bans/manifest.toa.yaml +1 -1
- package/components/identity.bans/operations/tsconfig.tsbuildinfo +1 -1
- package/components/identity.basic/manifest.toa.yaml +43 -10
- package/components/identity.basic/operations/authenticate.d.ts +5 -1
- package/components/identity.basic/operations/authenticate.js +7 -4
- package/components/identity.basic/operations/authenticate.js.map +1 -1
- package/components/identity.basic/operations/check.d.ts +7 -0
- package/components/identity.basic/operations/check.js +15 -0
- package/components/identity.basic/operations/check.js.map +1 -0
- package/components/identity.basic/operations/incept.d.ts +12 -0
- package/components/identity.basic/operations/incept.js +26 -0
- package/components/identity.basic/operations/incept.js.map +1 -0
- package/components/identity.basic/operations/transit.d.ts +4 -4
- package/components/identity.basic/operations/transit.js +8 -6
- package/components/identity.basic/operations/transit.js.map +1 -1
- package/components/identity.basic/operations/tsconfig.tsbuildinfo +1 -1
- package/components/identity.basic/operations/types.d.ts +8 -4
- package/components/identity.basic/source/authenticate.ts +18 -7
- package/components/identity.basic/source/check.ts +20 -0
- package/components/identity.basic/source/incept.ts +38 -0
- package/components/identity.basic/source/transit.ts +11 -9
- package/components/identity.basic/source/types.ts +8 -4
- package/components/identity.federation/manifest.toa.yaml +65 -19
- package/components/identity.federation/operations/authenticate.d.ts +13 -2
- package/components/identity.federation/operations/authenticate.js +11 -10
- package/components/identity.federation/operations/authenticate.js.map +1 -1
- package/components/identity.federation/operations/decode.d.ts +2 -0
- package/{transpiled/directives/octets/Permute.js → components/identity.federation/operations/decode.js} +7 -32
- package/components/identity.federation/operations/decode.js.map +1 -0
- package/components/identity.federation/operations/incept.d.ts +10 -0
- package/components/identity.federation/operations/incept.js +14 -0
- package/components/identity.federation/operations/incept.js.map +1 -0
- package/components/identity.federation/operations/lib/assertions-as-values.js +4 -2
- package/components/identity.federation/operations/lib/assertions-as-values.js.map +1 -1
- package/components/identity.federation/operations/lib/get.d.ts +1 -0
- package/components/identity.federation/operations/lib/get.js +64 -0
- package/components/identity.federation/operations/lib/get.js.map +1 -0
- package/components/identity.federation/operations/lib/jwt.d.ts +5 -5
- package/components/identity.federation/operations/lib/jwt.js +35 -19
- package/components/identity.federation/operations/lib/jwt.js.map +1 -1
- package/components/identity.federation/operations/tsconfig.tsbuildinfo +1 -1
- package/components/identity.federation/operations/types/configuration.d.ts +15 -0
- package/components/identity.federation/operations/types/configuration.js +3 -0
- package/components/identity.federation/operations/types/configuration.js.map +1 -0
- package/components/identity.federation/operations/{types.d.ts → types/context.d.ts} +15 -13
- package/{transpiled/directives/vary/embeddings/Embedding.js → components/identity.federation/operations/types/context.js} +1 -1
- package/components/identity.federation/operations/types/context.js.map +1 -0
- package/components/identity.federation/operations/types/entity.d.ts +6 -0
- package/components/identity.federation/operations/types/entity.js +3 -0
- package/components/identity.federation/operations/types/entity.js.map +1 -0
- package/components/identity.federation/operations/types/index.d.ts +3 -0
- package/components/identity.federation/operations/types/index.js +20 -0
- package/components/identity.federation/operations/types/index.js.map +1 -0
- package/components/identity.federation/source/authenticate.ts +26 -16
- package/components/identity.federation/source/decode.ts +9 -0
- package/components/identity.federation/source/incept.ts +26 -0
- package/components/identity.federation/source/lib/assertions-as-values.ts +5 -2
- package/components/identity.federation/source/lib/get.ts +82 -0
- package/components/identity.federation/source/lib/jwt.test.ts +127 -4
- package/components/identity.federation/source/lib/jwt.ts +48 -21
- package/components/identity.federation/source/types/configuration.ts +16 -0
- package/components/identity.federation/source/{types.ts → types/context.ts} +16 -13
- package/components/identity.federation/source/types/entity.ts +6 -0
- package/components/identity.federation/source/types/index.ts +3 -0
- package/components/identity.federation/tsconfig.json +5 -4
- package/components/identity.keys/manifest.toa.yaml +57 -0
- package/components/identity.keys/operations/create.d.ts +22 -0
- package/components/identity.keys/operations/create.js +16 -0
- package/components/identity.keys/operations/create.js.map +1 -0
- package/components/identity.keys/operations/tsconfig.tsbuildinfo +1 -0
- package/components/identity.keys/source/create.ts +35 -0
- package/components/identity.keys/tsconfig.json +9 -0
- package/components/identity.passkeys/manifest.toa.yaml +268 -0
- package/components/identity.passkeys/operations/authenticate.d.ts +16 -0
- package/components/identity.passkeys/operations/authenticate.js +34 -0
- package/components/identity.passkeys/operations/authenticate.js.map +1 -0
- package/components/identity.passkeys/operations/challenge.d.ts +35 -0
- package/components/identity.passkeys/operations/challenge.js +73 -0
- package/components/identity.passkeys/operations/challenge.js.map +1 -0
- package/components/identity.passkeys/operations/create.d.ts +19 -0
- package/components/identity.passkeys/operations/create.js +58 -0
- package/components/identity.passkeys/operations/create.js.map +1 -0
- package/components/identity.passkeys/operations/delete.d.ts +8 -0
- package/components/identity.passkeys/operations/delete.js +12 -0
- package/components/identity.passkeys/operations/delete.js.map +1 -0
- package/components/identity.passkeys/operations/lib/const.d.ts +1 -0
- package/components/identity.passkeys/operations/lib/const.js +5 -0
- package/components/identity.passkeys/operations/lib/const.js.map +1 -0
- package/components/identity.passkeys/operations/list.d.ts +7 -0
- package/components/identity.passkeys/operations/list.js +15 -0
- package/components/identity.passkeys/operations/list.js.map +1 -0
- package/components/identity.passkeys/operations/tsconfig.tsbuildinfo +1 -0
- package/components/identity.passkeys/operations/types/Configuration.d.ts +6 -0
- package/components/identity.passkeys/operations/types/Configuration.js +3 -0
- package/components/identity.passkeys/operations/types/Configuration.js.map +1 -0
- package/components/identity.passkeys/operations/types/Context.d.ts +16 -0
- package/components/identity.passkeys/operations/types/Context.js +3 -0
- package/components/identity.passkeys/operations/types/Context.js.map +1 -0
- package/components/identity.passkeys/operations/types/Passkey.d.ts +13 -0
- package/components/identity.passkeys/operations/types/Passkey.js +3 -0
- package/components/identity.passkeys/operations/types/Passkey.js.map +1 -0
- package/components/identity.passkeys/operations/types/index.d.ts +2 -0
- package/components/identity.passkeys/operations/types/index.js +3 -0
- package/components/identity.passkeys/operations/types/index.js.map +1 -0
- package/components/identity.passkeys/operations/use.d.ts +16 -0
- package/components/identity.passkeys/operations/use.js +57 -0
- package/components/identity.passkeys/operations/use.js.map +1 -0
- package/components/identity.passkeys/source/authenticate.ts +48 -0
- package/components/identity.passkeys/source/challenge.ts +115 -0
- package/components/identity.passkeys/source/create.ts +77 -0
- package/components/identity.passkeys/source/delete.ts +15 -0
- package/components/identity.passkeys/source/lib/const.ts +1 -0
- package/components/identity.passkeys/source/list.ts +17 -0
- package/components/identity.passkeys/source/types/Configuration.ts +6 -0
- package/components/identity.passkeys/source/types/Context.ts +17 -0
- package/components/identity.passkeys/source/types/Passkey.ts +14 -0
- package/components/identity.passkeys/source/types/index.ts +2 -0
- package/components/identity.passkeys/source/use.ts +75 -0
- package/components/identity.passkeys/tsconfig.json +9 -0
- package/components/identity.roles/manifest.toa.yaml +3 -1
- package/components/identity.roles/operations/grant.js +2 -2
- package/components/identity.roles/operations/grant.js.map +1 -1
- package/components/identity.roles/operations/tsconfig.tsbuildinfo +1 -1
- package/components/identity.roles/source/grant.ts +2 -2
- package/components/identity.tokens/manifest.toa.yaml +97 -13
- package/components/identity.tokens/operations/authenticate.d.ts +3 -3
- package/components/identity.tokens/operations/authenticate.js +15 -11
- package/components/identity.tokens/operations/authenticate.js.map +1 -1
- package/components/identity.tokens/operations/decrypt.d.ts +12 -3
- package/components/identity.tokens/operations/decrypt.js +62 -17
- package/components/identity.tokens/operations/decrypt.js.map +1 -1
- package/components/identity.tokens/operations/encrypt.d.ts +3 -3
- package/components/identity.tokens/operations/encrypt.js +24 -7
- package/components/identity.tokens/operations/encrypt.js.map +1 -1
- package/components/identity.tokens/operations/issue.d.ts +24 -0
- package/components/identity.tokens/operations/issue.js +59 -0
- package/components/identity.tokens/operations/issue.js.map +1 -0
- package/components/identity.tokens/operations/lib/index.d.ts +2 -0
- package/components/identity.tokens/operations/lib/index.js +19 -0
- package/components/identity.tokens/operations/lib/index.js.map +1 -0
- package/components/identity.tokens/operations/lib/pad.d.ts +1 -0
- package/components/identity.tokens/operations/lib/pad.js +5 -0
- package/components/identity.tokens/operations/lib/pad.js.map +1 -0
- package/components/identity.tokens/operations/lib/types.d.ts +74 -0
- package/components/identity.tokens/operations/lib/types.js.map +1 -0
- package/components/identity.tokens/operations/revoke.d.ts +2 -2
- package/components/identity.tokens/operations/revoke.js.map +1 -1
- package/components/identity.tokens/operations/tsconfig.tsbuildinfo +1 -1
- package/components/identity.tokens/source/authenticate.test.ts +22 -9
- package/components/identity.tokens/source/authenticate.ts +18 -13
- package/components/identity.tokens/source/decrypt.test.ts +33 -18
- package/components/identity.tokens/source/decrypt.ts +91 -20
- package/components/identity.tokens/source/encrypt.test.ts +47 -13
- package/components/identity.tokens/source/encrypt.ts +36 -11
- package/components/identity.tokens/source/issue.ts +82 -0
- package/components/identity.tokens/source/lib/index.ts +2 -0
- package/components/identity.tokens/source/lib/pad.ts +1 -0
- package/components/identity.tokens/source/lib/paseto.test.ts +16 -0
- package/components/identity.tokens/source/lib/types.ts +85 -0
- package/components/identity.tokens/source/revoke.ts +2 -2
- package/components/octets.storage/manifest.toa.yaml +11 -11
- package/components/octets.storage/operations/get.js +3 -3
- package/components/octets.storage/operations/head.js +7 -0
- package/components/octets.storage/operations/put.js +135 -0
- package/documentation/access.md +83 -31
- package/documentation/authorities.md +48 -0
- package/documentation/cache.md +8 -1
- package/documentation/components.md +123 -51
- package/documentation/dev.md +30 -0
- package/documentation/flow.md +44 -0
- package/documentation/identity.md +55 -23
- package/documentation/introspection.md +82 -0
- package/documentation/map.md +86 -0
- package/documentation/octets.md +122 -69
- package/documentation/passkeys.md +4 -0
- package/documentation/protocol.md +11 -4
- package/documentation/query.md +29 -4
- package/documentation/require.md +15 -0
- package/documentation/tree.md +13 -0
- package/features/access.feature +122 -9
- package/features/annotation.feature +1 -0
- package/features/auth.assert.feature +57 -0
- package/features/auth.claims.feature +171 -0
- package/features/auth.incept.feature +120 -0
- package/features/auth.input.feature +59 -0
- package/features/auth.issue.feature +32 -0
- package/features/authorities.basic.feature +141 -0
- package/features/authorities.feature +32 -0
- package/features/authorities.federation.feature +100 -0
- package/features/authorities.tokens.feature +117 -0
- package/features/body.feature +2 -0
- package/features/cache.feature +164 -5
- package/features/cors.feature +8 -2
- package/features/debug.feature +34 -0
- package/features/dev.feature +56 -0
- package/features/directives.feature +3 -0
- package/features/dynamic.feature +48 -0
- package/features/errors.feature +29 -6
- package/features/etag.feature +109 -1
- package/features/flow.feature +148 -0
- package/features/identity.bans.feature +12 -3
- package/features/identity.basic.feature +104 -21
- package/features/identity.feature +18 -6
- package/features/identity.federation.feature +125 -18
- package/features/identity.roles.feature +60 -20
- package/features/identity.tokens.feature +12 -44
- package/features/identtiy.tokens.custom.feature +247 -0
- package/features/interruptions.feature +19 -0
- package/features/introspection.feature +153 -0
- package/features/io.feature +9 -1
- package/features/map.feature +305 -0
- package/features/methods.feature +47 -0
- package/features/octets.cloudinary.feature +71 -0
- package/features/octets.download.feature +189 -0
- package/features/octets.entries.feature +13 -55
- package/features/octets.feature +90 -114
- package/features/octets.head.feature +40 -0
- package/features/octets.location.feature +83 -0
- package/features/octets.meta.feature +65 -15
- package/features/octets.workflows.feature +339 -66
- package/features/passkeys.feature +66 -0
- package/features/probes.feature +14 -0
- package/features/{queries.feature → query.feature} +77 -2
- package/features/realtime.feature +34 -0
- package/features/require.feature +67 -0
- package/features/response.feature +34 -2
- package/features/routes.feature +93 -2
- package/features/server.feature +21 -0
- package/features/steps/.env.example +3 -0
- package/features/steps/Common.ts +4 -0
- package/features/steps/Gateway.ts +26 -7
- package/features/steps/HTTP.ts +25 -2
- package/features/steps/IdP.ts +64 -2
- package/features/steps/Identity.ts +51 -0
- package/features/steps/Parameters.ts +45 -2
- package/features/steps/Realtime.ts +151 -0
- package/features/steps/components/echo/manifest.toa.yaml +12 -0
- package/features/steps/components/echo/operations/echo.js +7 -0
- package/features/steps/components/echo/operations/parameters.js +7 -0
- package/features/steps/components/echo/operations/ping.js +7 -0
- package/features/steps/components/echo.beacon/manifest.toa.yaml +2 -0
- package/features/steps/components/echo.beacon/operations/hello.js +5 -0
- package/features/steps/components/greeter/manifest.toa.yaml +0 -1
- package/features/steps/components/octets.tester/manifest.toa.yaml +25 -3
- package/features/steps/components/octets.tester/operations/authority.js +7 -0
- package/features/steps/components/octets.tester/operations/bar.js +0 -1
- package/features/steps/components/octets.tester/operations/baz.js +0 -2
- package/features/steps/components/octets.tester/operations/echo.js +1 -1
- package/features/steps/components/octets.tester/operations/foo.js +1 -2
- package/features/steps/components/octets.tester/operations/id.js +7 -0
- package/features/steps/components/octets.tester/operations/identity.js +7 -0
- package/features/steps/components/octets.tester/operations/redirect.js +12 -0
- package/features/steps/components/octets.tester/operations/yex.js +16 -0
- package/features/steps/components/octets.tester/operations/yield.js +13 -0
- package/features/steps/components/pots/manifest.toa.yaml +12 -4
- package/features/steps/components/sequences/manifest.toa.yaml +0 -1
- package/features/steps/components/users/manifest.toa.yaml +4 -2
- package/features/steps/components/users/operations/create.js +15 -0
- package/features/steps/components/users.properties/manifest.toa.yaml +1 -2
- package/features/streams.feature +5 -0
- package/features/timestamps.feature +41 -0
- package/features/timing.feature +4 -1
- package/package.json +25 -13
- package/readme.md +19 -14
- package/schemas/annotation.cos.yaml +1 -1
- package/schemas/method.cos.yaml +2 -1
- package/schemas/node.cos.yaml +2 -0
- package/schemas/octets/put.cos.yaml +28 -0
- package/schemas/query.cos.yaml +4 -10
- package/source/Annotation.ts +3 -3
- package/source/Branch.ts +1 -0
- package/source/Composition.ts +0 -6
- package/source/Context.ts +1 -0
- package/source/Directive.test.ts +1 -1
- package/source/Directive.ts +14 -8
- package/source/Endpoint.ts +70 -17
- package/source/Factory.ts +22 -13
- package/source/Gateway.ts +73 -19
- package/source/HTTP/Context.ts +29 -7
- package/source/HTTP/Server.ts +119 -49
- package/source/HTTP/exceptions.ts +12 -0
- package/source/HTTP/formats/index.ts +3 -3
- package/source/HTTP/messages.test.ts +46 -2
- package/source/HTTP/messages.ts +44 -9
- package/source/Introspection.ts +11 -0
- package/source/Mapping.ts +68 -21
- package/source/Query.test.ts +3 -3
- package/source/Query.ts +123 -33
- package/source/RTD/Context.ts +1 -1
- package/source/RTD/Endpoint.ts +3 -0
- package/source/RTD/Method.ts +16 -0
- package/source/RTD/Node.ts +29 -13
- package/source/RTD/Route.ts +5 -4
- package/source/RTD/Tree.ts +2 -2
- package/source/RTD/factory.ts +4 -1
- package/source/RTD/syntax/parse.test.ts +1 -1
- package/source/RTD/syntax/parse.ts +37 -24
- package/source/RTD/syntax/types.ts +6 -4
- package/source/Remotes.ts +7 -6
- package/source/Tenant.ts +6 -12
- package/source/deployment.ts +33 -23
- package/source/directives/auth/Anonymous.ts +3 -3
- package/source/directives/auth/Anyone.ts +13 -0
- package/source/directives/auth/Assert.ts +30 -0
- package/source/directives/auth/Authorization.ts +68 -26
- package/source/directives/auth/Delegate.ts +9 -5
- package/source/directives/auth/Echo.ts +16 -6
- package/source/directives/auth/Federation.ts +84 -0
- package/source/directives/auth/Id.ts +1 -1
- package/source/directives/auth/Incept.ts +62 -24
- package/source/directives/auth/Input.ts +72 -0
- package/source/directives/auth/Role.ts +5 -19
- package/source/directives/auth/Rule.ts +3 -5
- package/source/directives/auth/Scheme.ts +5 -5
- package/source/directives/auth/create.ts +11 -0
- package/source/directives/auth/schemes.ts +2 -0
- package/source/directives/auth/split.ts +1 -1
- package/source/directives/auth/types.ts +10 -5
- package/source/directives/cache/Cache.ts +15 -6
- package/source/directives/cache/Control.ts +45 -19
- package/source/directives/cors/CORS.ts +3 -2
- package/source/directives/dev/Development.ts +12 -7
- package/source/directives/dev/Sleep.ts +40 -0
- package/source/directives/dev/types.ts +1 -1
- package/source/directives/flow/Compose.ts +92 -0
- package/source/directives/flow/Fetch.ts +86 -0
- package/source/directives/flow/Flow.ts +42 -0
- package/source/directives/flow/index.ts +3 -0
- package/source/directives/flow/types.ts +7 -0
- package/source/directives/index.ts +4 -2
- package/source/directives/io/IO.ts +1 -1
- package/source/directives/io/Input.ts +8 -5
- package/source/directives/io/Output.ts +5 -4
- package/source/directives/map/Authority.ts +15 -0
- package/source/directives/map/Claims.ts +58 -0
- package/source/directives/map/Directive.ts +4 -0
- package/source/directives/map/Headers.ts +38 -0
- package/source/directives/map/Language.ts +42 -0
- package/source/directives/map/Languages.ts +11 -0
- package/source/directives/map/Map.ts +61 -0
- package/source/directives/map/Mapping.ts +19 -0
- package/source/directives/{vary → map}/Properties.ts +2 -4
- package/source/directives/map/Segments.ts +33 -0
- package/source/directives/map/index.ts +3 -0
- package/source/directives/octets/Context.ts +3 -2
- package/source/directives/octets/Delete.ts +21 -17
- package/source/directives/octets/Get.ts +86 -0
- package/source/directives/octets/Octets.ts +9 -12
- package/source/directives/octets/{Store.ts → Put.ts} +52 -38
- package/source/directives/octets/Workflow.ts +9 -3
- package/source/directives/octets/bytes.test.ts +30 -0
- package/source/directives/octets/bytes.ts +18 -0
- package/source/directives/octets/schemas.ts +4 -8
- package/source/directives/octets/types.ts +2 -0
- package/source/directives/octets/workflows/Execution.ts +61 -8
- package/source/directives/octets/workflows/Workflow.ts +17 -7
- package/source/directives/octets/workflows/index.ts +1 -1
- package/source/directives/require/Directive.ts +5 -0
- package/source/directives/require/Headers.ts +20 -0
- package/source/directives/require/Require.ts +28 -0
- package/source/directives/require/index.ts +3 -0
- package/source/exceptions.ts +2 -1
- package/source/manifest.ts +10 -11
- package/source/root.ts +16 -1
- package/source/schemas.ts +1 -1
- package/transpiled/Annotation.d.ts +3 -3
- package/transpiled/Branch.d.ts +1 -0
- package/transpiled/Composition.d.ts +0 -1
- package/transpiled/Composition.js +0 -4
- package/transpiled/Composition.js.map +1 -1
- package/transpiled/Context.d.ts +1 -0
- package/transpiled/Directive.js +13 -8
- package/transpiled/Directive.js.map +1 -1
- package/transpiled/Endpoint.d.ts +6 -4
- package/transpiled/Endpoint.js +46 -9
- package/transpiled/Endpoint.js.map +1 -1
- package/transpiled/Factory.d.ts +3 -2
- package/transpiled/Factory.js +18 -10
- package/transpiled/Factory.js.map +1 -1
- package/transpiled/Gateway.d.ts +3 -0
- package/transpiled/Gateway.js +55 -12
- package/transpiled/Gateway.js.map +1 -1
- package/transpiled/HTTP/Context.d.ts +9 -2
- package/transpiled/HTTP/Context.js +19 -6
- package/transpiled/HTTP/Context.js.map +1 -1
- package/transpiled/HTTP/Server.d.ts +15 -4
- package/transpiled/HTTP/Server.js +86 -42
- package/transpiled/HTTP/Server.js.map +1 -1
- package/transpiled/HTTP/exceptions.d.ts +6 -0
- package/transpiled/HTTP/exceptions.js +13 -1
- package/transpiled/HTTP/exceptions.js.map +1 -1
- package/transpiled/HTTP/formats/index.js +3 -3
- package/transpiled/HTTP/formats/index.js.map +1 -1
- package/transpiled/HTTP/messages.d.ts +2 -1
- package/transpiled/HTTP/messages.js +40 -8
- package/transpiled/HTTP/messages.js.map +1 -1
- package/transpiled/Introspection.d.ts +9 -0
- package/transpiled/Introspection.js +3 -0
- package/transpiled/Introspection.js.map +1 -0
- package/transpiled/Mapping.d.ts +11 -2
- package/transpiled/Mapping.js +50 -19
- package/transpiled/Mapping.js.map +1 -1
- package/transpiled/Query.d.ts +10 -1
- package/transpiled/Query.js +87 -30
- package/transpiled/Query.js.map +1 -1
- package/transpiled/RTD/Context.d.ts +1 -1
- package/transpiled/RTD/Endpoint.d.ts +1 -0
- package/transpiled/RTD/Method.d.ts +4 -0
- package/transpiled/RTD/Method.js +11 -0
- package/transpiled/RTD/Method.js.map +1 -1
- package/transpiled/RTD/Node.d.ts +4 -1
- package/transpiled/RTD/Node.js +23 -12
- package/transpiled/RTD/Node.js.map +1 -1
- package/transpiled/RTD/Route.d.ts +1 -1
- package/transpiled/RTD/Route.js +0 -1
- package/transpiled/RTD/Route.js.map +1 -1
- package/transpiled/RTD/Tree.d.ts +1 -1
- package/transpiled/RTD/Tree.js.map +1 -1
- package/transpiled/RTD/factory.js +4 -1
- package/transpiled/RTD/factory.js.map +1 -1
- package/transpiled/RTD/syntax/parse.js +34 -22
- package/transpiled/RTD/syntax/parse.js.map +1 -1
- package/transpiled/RTD/syntax/types.d.ts +5 -3
- package/transpiled/RTD/syntax/types.js +1 -1
- package/transpiled/RTD/syntax/types.js.map +1 -1
- package/transpiled/Remotes.d.ts +4 -4
- package/transpiled/Remotes.js +6 -5
- package/transpiled/Remotes.js.map +1 -1
- package/transpiled/Tenant.d.ts +5 -4
- package/transpiled/Tenant.js +2 -7
- package/transpiled/Tenant.js.map +1 -1
- package/transpiled/deployment.d.ts +1 -1
- package/transpiled/deployment.js +28 -20
- package/transpiled/deployment.js.map +1 -1
- package/transpiled/directives/auth/Anonymous.d.ts +2 -2
- package/transpiled/directives/auth/Anonymous.js +2 -2
- package/transpiled/directives/auth/Anonymous.js.map +1 -1
- package/transpiled/directives/auth/Anyone.d.ts +6 -0
- package/transpiled/directives/auth/Anyone.js +14 -0
- package/transpiled/directives/auth/Anyone.js.map +1 -0
- package/transpiled/directives/auth/Assert.d.ts +6 -0
- package/transpiled/directives/auth/Assert.js +53 -0
- package/transpiled/directives/auth/Assert.js.map +1 -0
- package/transpiled/directives/auth/Authorization.d.ts +4 -3
- package/transpiled/directives/auth/Authorization.js +52 -23
- package/transpiled/directives/auth/Authorization.js.map +1 -1
- package/transpiled/directives/auth/Delegate.d.ts +5 -4
- package/transpiled/directives/auth/Delegate.js +7 -3
- package/transpiled/directives/auth/Delegate.js.map +1 -1
- package/transpiled/directives/auth/Echo.d.ts +4 -4
- package/transpiled/directives/auth/Echo.js +11 -4
- package/transpiled/directives/auth/Echo.js.map +1 -1
- package/transpiled/directives/auth/Federation.d.ts +16 -0
- package/transpiled/directives/auth/Federation.js +57 -0
- package/transpiled/directives/auth/Federation.js.map +1 -0
- package/transpiled/directives/auth/Id.d.ts +1 -1
- package/transpiled/directives/auth/Id.js.map +1 -1
- package/transpiled/directives/auth/Incept.d.ts +7 -5
- package/transpiled/directives/auth/Incept.js +47 -18
- package/transpiled/directives/auth/Incept.js.map +1 -1
- package/transpiled/directives/auth/Input.d.ts +13 -0
- package/transpiled/directives/auth/Input.js +49 -0
- package/transpiled/directives/auth/Input.js.map +1 -0
- package/transpiled/directives/auth/Role.d.ts +1 -1
- package/transpiled/directives/auth/Role.js +5 -15
- package/transpiled/directives/auth/Role.js.map +1 -1
- package/transpiled/directives/auth/Rule.d.ts +2 -4
- package/transpiled/directives/auth/Rule.js +2 -2
- package/transpiled/directives/auth/Rule.js.map +1 -1
- package/transpiled/directives/auth/Scheme.d.ts +2 -2
- package/transpiled/directives/auth/Scheme.js +4 -4
- package/transpiled/directives/auth/Scheme.js.map +1 -1
- package/transpiled/directives/auth/create.d.ts +2 -0
- package/transpiled/directives/auth/create.js +14 -0
- package/transpiled/directives/auth/create.js.map +1 -0
- package/transpiled/directives/auth/schemes.d.ts +1 -0
- package/transpiled/directives/auth/schemes.js +2 -1
- package/transpiled/directives/auth/schemes.js.map +1 -1
- package/transpiled/directives/auth/split.js +1 -1
- package/transpiled/directives/auth/split.js.map +1 -1
- package/transpiled/directives/auth/types.d.ts +8 -5
- package/transpiled/directives/cache/Cache.d.ts +3 -3
- package/transpiled/directives/cache/Cache.js +12 -4
- package/transpiled/directives/cache/Cache.js.map +1 -1
- package/transpiled/directives/cache/Control.d.ts +3 -2
- package/transpiled/directives/cache/Control.js +32 -15
- package/transpiled/directives/cache/Control.js.map +1 -1
- package/transpiled/directives/cors/CORS.js +3 -2
- package/transpiled/directives/cors/CORS.js.map +1 -1
- package/transpiled/directives/dev/Development.d.ts +1 -1
- package/transpiled/directives/dev/Development.js +13 -7
- package/transpiled/directives/dev/Development.js.map +1 -1
- package/transpiled/directives/dev/Sleep.d.ts +8 -0
- package/transpiled/directives/dev/Sleep.js +36 -0
- package/transpiled/directives/dev/Sleep.js.map +1 -0
- package/transpiled/directives/dev/types.d.ts +1 -1
- package/transpiled/directives/flow/Compose.d.ts +9 -0
- package/transpiled/directives/flow/Compose.js +94 -0
- package/transpiled/directives/flow/Compose.js.map +1 -0
- package/transpiled/directives/flow/Fetch.d.ts +12 -0
- package/transpiled/directives/flow/Fetch.js +58 -0
- package/transpiled/directives/flow/Fetch.js.map +1 -0
- package/transpiled/directives/flow/Flow.d.ts +10 -0
- package/transpiled/directives/flow/Flow.js +33 -0
- package/transpiled/directives/flow/Flow.js.map +1 -0
- package/transpiled/directives/flow/index.d.ts +2 -0
- package/transpiled/directives/flow/index.js +6 -0
- package/transpiled/directives/flow/index.js.map +1 -0
- package/transpiled/directives/flow/types.d.ts +6 -0
- package/transpiled/directives/flow/types.js.map +1 -0
- package/transpiled/directives/index.js +4 -2
- package/transpiled/directives/index.js.map +1 -1
- package/transpiled/directives/io/IO.js +1 -1
- package/transpiled/directives/io/IO.js.map +1 -1
- package/transpiled/directives/io/Input.js +4 -2
- package/transpiled/directives/io/Input.js.map +1 -1
- package/transpiled/directives/io/Output.js +2 -2
- package/transpiled/directives/io/Output.js.map +1 -1
- package/transpiled/directives/map/Authority.d.ts +6 -0
- package/transpiled/directives/map/Authority.js +19 -0
- package/transpiled/directives/map/Authority.js.map +1 -0
- package/transpiled/directives/map/Claims.d.ts +10 -0
- package/transpiled/directives/map/Claims.js +44 -0
- package/transpiled/directives/map/Claims.js.map +1 -0
- package/transpiled/directives/map/Directive.d.ts +3 -0
- package/transpiled/directives/map/Directive.js.map +1 -0
- package/transpiled/directives/map/Headers.d.ts +7 -0
- package/transpiled/directives/map/Headers.js +34 -0
- package/transpiled/directives/map/Headers.js.map +1 -0
- package/transpiled/directives/map/Language.d.ts +10 -0
- package/transpiled/directives/map/Language.js +38 -0
- package/transpiled/directives/map/Language.js.map +1 -0
- package/transpiled/directives/map/Languages.d.ts +4 -0
- package/transpiled/directives/map/Languages.js +17 -0
- package/transpiled/directives/map/Languages.js.map +1 -0
- package/transpiled/directives/map/Map.d.ts +13 -0
- package/transpiled/directives/map/Map.js +46 -0
- package/transpiled/directives/map/Map.js.map +1 -0
- package/transpiled/directives/map/Mapping.d.ts +13 -0
- package/transpiled/directives/map/Mapping.js +13 -0
- package/transpiled/directives/map/Mapping.js.map +1 -0
- package/transpiled/directives/{vary → map}/Properties.d.ts +2 -2
- package/transpiled/directives/{vary → map}/Properties.js +1 -3
- package/transpiled/directives/map/Properties.js.map +1 -0
- package/transpiled/directives/map/Segments.d.ts +6 -0
- package/transpiled/directives/map/Segments.js +30 -0
- package/transpiled/directives/map/Segments.js.map +1 -0
- package/transpiled/directives/map/index.d.ts +2 -0
- package/transpiled/directives/map/index.js +6 -0
- package/transpiled/directives/map/index.js.map +1 -0
- package/transpiled/directives/octets/Context.js +4 -24
- package/transpiled/directives/octets/Context.js.map +1 -1
- package/transpiled/directives/octets/Delete.js +15 -12
- package/transpiled/directives/octets/Delete.js.map +1 -1
- package/transpiled/directives/octets/{Fetch.d.ts → Get.d.ts} +5 -6
- package/transpiled/directives/octets/{Fetch.js → Get.js} +25 -29
- package/transpiled/directives/octets/Get.js.map +1 -0
- package/transpiled/directives/octets/Octets.js +9 -12
- package/transpiled/directives/octets/Octets.js.map +1 -1
- package/transpiled/directives/octets/{Store.d.ts → Put.d.ts} +8 -2
- package/transpiled/directives/octets/{Store.js → Put.js} +33 -27
- package/transpiled/directives/octets/Put.js.map +1 -0
- package/transpiled/directives/octets/Workflow.js +7 -2
- package/transpiled/directives/octets/Workflow.js.map +1 -1
- package/transpiled/directives/octets/bytes.d.ts +1 -0
- package/transpiled/directives/octets/bytes.js +21 -0
- package/transpiled/directives/octets/bytes.js.map +1 -0
- package/transpiled/directives/octets/schemas.d.ts +4 -8
- package/transpiled/directives/octets/schemas.js +3 -6
- package/transpiled/directives/octets/schemas.js.map +1 -1
- package/transpiled/directives/octets/types.d.ts +2 -0
- package/transpiled/directives/octets/workflows/Execution.d.ts +6 -1
- package/transpiled/directives/octets/workflows/Execution.js +44 -9
- package/transpiled/directives/octets/workflows/Execution.js.map +1 -1
- package/transpiled/directives/octets/workflows/Workflow.d.ts +8 -3
- package/transpiled/directives/octets/workflows/Workflow.js +9 -4
- package/transpiled/directives/octets/workflows/Workflow.js.map +1 -1
- package/transpiled/directives/octets/workflows/index.d.ts +1 -1
- package/transpiled/directives/octets/workflows/index.js.map +1 -1
- package/transpiled/directives/require/Directive.d.ts +4 -0
- package/transpiled/directives/require/Directive.js +3 -0
- package/transpiled/directives/require/Directive.js.map +1 -0
- package/transpiled/directives/require/Headers.d.ts +7 -0
- package/transpiled/directives/require/Headers.js +19 -0
- package/transpiled/directives/require/Headers.js.map +1 -0
- package/transpiled/directives/require/Require.d.ts +9 -0
- package/transpiled/directives/require/Require.js +27 -0
- package/transpiled/directives/require/Require.js.map +1 -0
- package/transpiled/directives/require/index.d.ts +2 -0
- package/transpiled/directives/require/index.js +6 -0
- package/transpiled/directives/require/index.js.map +1 -0
- package/transpiled/exceptions.js +2 -1
- package/transpiled/exceptions.js.map +1 -1
- package/transpiled/manifest.js +10 -11
- package/transpiled/manifest.js.map +1 -1
- package/transpiled/root.js +16 -1
- package/transpiled/root.js.map +1 -1
- package/transpiled/schemas.d.ts +1 -1
- package/transpiled/schemas.js +2 -2
- package/transpiled/schemas.js.map +1 -1
- package/transpiled/tsconfig.tsbuildinfo +1 -1
- package/components/identity.basic/operations/create.d.ts +0 -10
- package/components/identity.basic/operations/create.js +0 -10
- package/components/identity.basic/operations/create.js.map +0 -1
- package/components/identity.basic/source/create.ts +0 -18
- package/components/identity.federation/operations/create.d.ts +0 -10
- package/components/identity.federation/operations/create.js +0 -15
- package/components/identity.federation/operations/create.js.map +0 -1
- package/components/identity.federation/operations/schemas.d.ts +0 -59
- package/components/identity.federation/operations/schemas.js +0 -9
- package/components/identity.federation/operations/schemas.js.map +0 -1
- package/components/identity.federation/operations/types.js.map +0 -1
- package/components/identity.federation/source/create.ts +0 -26
- package/components/identity.federation/source/schemas.ts +0 -61
- package/components/identity.tokens/operations/types.d.ts +0 -39
- package/components/identity.tokens/operations/types.js.map +0 -1
- package/components/identity.tokens/source/types.ts +0 -47
- package/components/octets.storage/operations/fetch.js +0 -46
- package/components/octets.storage/operations/list.js +0 -7
- package/components/octets.storage/operations/permute.js +0 -7
- package/components/octets.storage/operations/store.js +0 -11
- package/documentation/vary.md +0 -69
- package/features/steps/components/octets.tester/operations/diversify.js +0 -14
- package/features/vary.feature +0 -180
- package/schemas/octets/context.cos.yaml +0 -1
- package/schemas/octets/fetch.cos.yaml +0 -3
- package/schemas/octets/permute.cos.yaml +0 -1
- package/schemas/octets/store.cos.yaml +0 -3
- package/source/HTTP/Server.test.ts +0 -126
- package/source/directives/octets/Fetch.ts +0 -100
- package/source/directives/octets/List.ts +0 -72
- package/source/directives/octets/Permute.ts +0 -44
- package/source/directives/vary/Directive.ts +0 -6
- package/source/directives/vary/Embed.ts +0 -62
- package/source/directives/vary/Vary.ts +0 -48
- package/source/directives/vary/embeddings/Embedding.ts +0 -6
- package/source/directives/vary/embeddings/Header.ts +0 -32
- package/source/directives/vary/embeddings/Language.ts +0 -31
- package/source/directives/vary/embeddings/index.ts +0 -11
- package/source/directives/vary/index.ts +0 -3
- package/transpiled/directives/octets/Fetch.js.map +0 -1
- package/transpiled/directives/octets/List.d.ts +0 -16
- package/transpiled/directives/octets/List.js +0 -74
- package/transpiled/directives/octets/List.js.map +0 -1
- package/transpiled/directives/octets/Permute.d.ts +0 -11
- package/transpiled/directives/octets/Permute.js.map +0 -1
- package/transpiled/directives/octets/Store.js.map +0 -1
- package/transpiled/directives/vary/Directive.d.ts +0 -5
- package/transpiled/directives/vary/Directive.js.map +0 -1
- package/transpiled/directives/vary/Embed.d.ts +0 -10
- package/transpiled/directives/vary/Embed.js +0 -49
- package/transpiled/directives/vary/Embed.js.map +0 -1
- package/transpiled/directives/vary/Properties.js.map +0 -1
- package/transpiled/directives/vary/Vary.d.ts +0 -10
- package/transpiled/directives/vary/Vary.js +0 -36
- package/transpiled/directives/vary/Vary.js.map +0 -1
- package/transpiled/directives/vary/embeddings/Embedding.d.ts +0 -5
- package/transpiled/directives/vary/embeddings/Embedding.js.map +0 -1
- package/transpiled/directives/vary/embeddings/Header.d.ts +0 -7
- package/transpiled/directives/vary/embeddings/Header.js +0 -28
- package/transpiled/directives/vary/embeddings/Header.js.map +0 -1
- package/transpiled/directives/vary/embeddings/Language.d.ts +0 -7
- package/transpiled/directives/vary/embeddings/Language.js +0 -28
- package/transpiled/directives/vary/embeddings/Language.js.map +0 -1
- package/transpiled/directives/vary/embeddings/index.d.ts +0 -5
- package/transpiled/directives/vary/embeddings/index.js +0 -10
- package/transpiled/directives/vary/embeddings/index.js.map +0 -1
- package/transpiled/directives/vary/index.d.ts +0 -2
- package/transpiled/directives/vary/index.js +0 -6
- package/transpiled/directives/vary/index.js.map +0 -1
- /package/components/{identity.federation/operations → identity.tokens/operations/lib}/types.js +0 -0
- /package/schemas/octets/{list.cos.yaml → get.cos.yaml} +0 -0
- /package/{components/identity.tokens/operations → transpiled/directives/flow}/types.js +0 -0
- /package/transpiled/directives/{vary → map}/Directive.js +0 -0
|
@@ -29,15 +29,21 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
29
29
|
exports.Authorization = void 0;
|
|
30
30
|
const node_assert_1 = __importDefault(require("node:assert"));
|
|
31
31
|
const matchacho_1 = require("matchacho");
|
|
32
|
+
const openspan_1 = require("openspan");
|
|
33
|
+
const minimatch_1 = require("minimatch");
|
|
32
34
|
const http = __importStar(require("../../HTTP"));
|
|
33
35
|
const Anonymous_1 = require("./Anonymous");
|
|
34
36
|
const Id_1 = require("./Id");
|
|
35
37
|
const Role_1 = require("./Role");
|
|
36
38
|
const Rule_1 = require("./Rule");
|
|
37
39
|
const Incept_1 = require("./Incept");
|
|
40
|
+
const Assert_1 = require("./Assert");
|
|
38
41
|
const Echo_1 = require("./Echo");
|
|
39
42
|
const Scheme_1 = require("./Scheme");
|
|
40
43
|
const Delegate_1 = require("./Delegate");
|
|
44
|
+
const Federation_1 = require("./Federation");
|
|
45
|
+
const Anyone_1 = require("./Anyone");
|
|
46
|
+
const Input_1 = require("./Input");
|
|
41
47
|
const split_1 = require("./split");
|
|
42
48
|
const schemes_1 = require("./schemes");
|
|
43
49
|
class Authorization {
|
|
@@ -49,56 +55,66 @@ class Authorization {
|
|
|
49
55
|
tokens = null;
|
|
50
56
|
bans = null;
|
|
51
57
|
create(name, value, remotes) {
|
|
52
|
-
node_assert_1.default.ok(name in constructors, `Directive 'auth:${name}' is not implemented
|
|
58
|
+
node_assert_1.default.ok(name in constructors, `Directive 'auth:${name}' is not implemented`);
|
|
53
59
|
const Class = constructors[name];
|
|
54
60
|
for (const name of REMOTES)
|
|
55
61
|
this.discovery[name] ??= remotes.discover('identity', name);
|
|
56
|
-
return (0, matchacho_1.match)(Class, Role_1.Role, () => new Role_1.Role(value, this.discovery.roles), Rule_1.Rule, () => new Rule_1.Rule(value, this.create.bind(this)), Incept_1.Incept, () => new Incept_1.Incept(value, this.discovery), () => new Class(value));
|
|
62
|
+
return (0, matchacho_1.match)(Class, Role_1.Role, () => new Role_1.Role(value, this.discovery.roles), Rule_1.Rule, () => new Rule_1.Rule(value, this.create.bind(this)), Input_1.Input, () => new Input_1.Input(value, this.create.bind(this)), Incept_1.Incept, () => new Incept_1.Incept(value, this.discovery), Delegate_1.Delegate, () => new Delegate_1.Delegate(value, this.discovery.roles), () => new Class(value));
|
|
57
63
|
}
|
|
58
|
-
async preflight(directives,
|
|
59
|
-
|
|
60
|
-
|
|
64
|
+
async preflight(directives, context, parameters) {
|
|
65
|
+
context.identity = await this.resolve(context.authority, context.request.headers.authorization);
|
|
66
|
+
directives.sort((a, b) => (a.priority ?? 1) - (b.priority ?? 1));
|
|
61
67
|
for (const directive of directives) {
|
|
62
|
-
const allow = await directive.authorize(identity,
|
|
68
|
+
const allow = await directive.authorize(context.identity, context, parameters);
|
|
63
69
|
if (allow)
|
|
64
|
-
|
|
70
|
+
if (this.permitted(context))
|
|
71
|
+
return directive.reply?.(context) ?? null;
|
|
72
|
+
else
|
|
73
|
+
throw new http.Forbidden();
|
|
65
74
|
}
|
|
66
|
-
if (identity === null)
|
|
75
|
+
if (context.identity === null)
|
|
67
76
|
throw new http.Unauthorized();
|
|
68
77
|
else
|
|
69
78
|
throw new http.Forbidden();
|
|
70
79
|
}
|
|
71
|
-
async settle(directives,
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
const identity = request.identity;
|
|
80
|
+
async settle(directives, context, response) {
|
|
81
|
+
await Promise.all(directives.map(async (directive) => directive.settle?.(context, response)));
|
|
82
|
+
const identity = context.identity;
|
|
75
83
|
if (identity === null)
|
|
76
84
|
return;
|
|
77
85
|
if (identity.scheme === schemes_1.PRIMARY && !identity.refresh)
|
|
78
86
|
return;
|
|
79
87
|
// Role directive may have already set the value
|
|
80
|
-
|
|
81
|
-
await Role_1.Role.set(identity, this.discovery.roles);
|
|
88
|
+
identity.roles ??= await Role_1.Role.get(identity, this.discovery.roles);
|
|
82
89
|
this.tokens ??= await this.discovery.tokens;
|
|
83
|
-
const token = await this.tokens.invoke('encrypt', {
|
|
90
|
+
const token = await this.tokens.invoke('encrypt', {
|
|
91
|
+
input: { authority: context.authority, identity }
|
|
92
|
+
});
|
|
84
93
|
const authorization = `Token ${token}`;
|
|
85
|
-
|
|
86
|
-
response.headers = new Headers();
|
|
94
|
+
response.headers ??= new Headers();
|
|
87
95
|
response.headers.set('authorization', authorization);
|
|
96
|
+
response.headers.set('cache-control', 'no-store');
|
|
88
97
|
}
|
|
89
|
-
async resolve(authorization) {
|
|
98
|
+
async resolve(authority, authorization) {
|
|
90
99
|
if (authorization === undefined)
|
|
91
100
|
return null;
|
|
92
101
|
const [scheme, credentials] = (0, split_1.split)(authorization);
|
|
93
102
|
const provider = schemes_1.PROVIDERS[scheme];
|
|
94
|
-
if (
|
|
95
|
-
throw new http.Unauthorized(`Unknown authentication scheme '${scheme}'
|
|
103
|
+
if (provider === undefined)
|
|
104
|
+
throw new http.Unauthorized(`Unknown authentication scheme '${scheme}'`);
|
|
96
105
|
this.schemes[scheme] ??= await this.discovery[provider];
|
|
97
106
|
const result = await this.schemes[scheme].invoke('authenticate', {
|
|
98
|
-
input:
|
|
107
|
+
input: {
|
|
108
|
+
authority,
|
|
109
|
+
credentials
|
|
110
|
+
}
|
|
99
111
|
});
|
|
100
|
-
if (result instanceof Error)
|
|
112
|
+
if (result instanceof Error) {
|
|
113
|
+
const code = result.code;
|
|
114
|
+
if (typeof code === 'string')
|
|
115
|
+
openspan_1.console.info('Authentication failed', { code });
|
|
101
116
|
return null;
|
|
117
|
+
}
|
|
102
118
|
const identity = result.identity;
|
|
103
119
|
if (scheme !== schemes_1.PRIMARY && (await this.banned(identity)))
|
|
104
120
|
throw new http.Unauthorized();
|
|
@@ -106,6 +122,15 @@ class Authorization {
|
|
|
106
122
|
identity.refresh = result.refresh;
|
|
107
123
|
return identity;
|
|
108
124
|
}
|
|
125
|
+
permitted(context) {
|
|
126
|
+
const permissions = context.identity?.permissions;
|
|
127
|
+
if (permissions === undefined)
|
|
128
|
+
return true;
|
|
129
|
+
return Object.entries(permissions).some(([pattern, methods]) => {
|
|
130
|
+
return methods.some((method) => method === '*' || method === context.request.method) &&
|
|
131
|
+
(0, minimatch_1.minimatch)(context.request.url, pattern);
|
|
132
|
+
});
|
|
133
|
+
}
|
|
109
134
|
async banned(identity) {
|
|
110
135
|
this.bans ??= await this.discovery.bans;
|
|
111
136
|
const ban = await this.bans.invoke('observe', { query: { id: identity.id } });
|
|
@@ -115,13 +140,17 @@ class Authorization {
|
|
|
115
140
|
exports.Authorization = Authorization;
|
|
116
141
|
const constructors = {
|
|
117
142
|
anonymous: Anonymous_1.Anonymous,
|
|
143
|
+
anyone: Anyone_1.Anyone,
|
|
118
144
|
id: Id_1.Id,
|
|
119
145
|
role: Role_1.Role,
|
|
120
146
|
rule: Rule_1.Rule,
|
|
121
147
|
incept: Incept_1.Incept,
|
|
148
|
+
assert: Assert_1.Assert,
|
|
122
149
|
scheme: Scheme_1.Scheme,
|
|
123
150
|
echo: Echo_1.Echo,
|
|
124
|
-
delegate: Delegate_1.Delegate
|
|
151
|
+
delegate: Delegate_1.Delegate,
|
|
152
|
+
claims: Federation_1.Federation,
|
|
153
|
+
input: Input_1.Input
|
|
125
154
|
};
|
|
126
155
|
const REMOTES = ['basic', 'federation', 'tokens', 'roles', 'bans'];
|
|
127
156
|
//# sourceMappingURL=Authorization.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Authorization.js","sourceRoot":"","sources":["../../../source/directives/auth/Authorization.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8DAAgC;AAChC,yCAAiC;AACjC,iDAAkC;AAClC,2CAAuC;AACvC,6BAAyB;AACzB,iCAA6B;AAC7B,iCAA6B;AAC7B,qCAAiC;AACjC,iCAA6B;AAC7B,qCAAiC;AACjC,yCAAqC;AACrC,mCAA+B;AAC/B,uCAA8C;AAiB9C,MAAa,aAAa;IACR,OAAO,GAAa,CAAC,MAAM,CAAC,CAAA;IAC5B,IAAI,GAAW,MAAM,CAAA;IACrB,SAAS,GAAY,IAAI,CAAA;IAExB,OAAO,GAAG,EAAwB,CAAA;IAClC,SAAS,GAAG,EAA0B,CAAA;IAC/C,MAAM,GAAqB,IAAI,CAAA;IAC/B,IAAI,GAAqB,IAAI,CAAA;IAE9B,MAAM,CAAE,IAAY,EAAE,KAAU,EAAE,OAAgB;QACvD,qBAAM,CAAC,EAAE,CAAC,IAAI,IAAI,YAAY,EAC5B,mBAAmB,IAAI,
|
|
1
|
+
{"version":3,"file":"Authorization.js","sourceRoot":"","sources":["../../../source/directives/auth/Authorization.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8DAAgC;AAChC,yCAAiC;AACjC,uCAAkC;AAClC,yCAAqC;AACrC,iDAAkC;AAClC,2CAAuC;AACvC,6BAAyB;AACzB,iCAA6B;AAC7B,iCAA6B;AAC7B,qCAAiC;AACjC,qCAAiC;AACjC,iCAA6B;AAC7B,qCAAiC;AACjC,yCAAqC;AACrC,6CAAyC;AACzC,qCAAiC;AACjC,mCAAiD;AACjD,mCAA+B;AAC/B,uCAA8C;AAiB9C,MAAa,aAAa;IACR,OAAO,GAAa,CAAC,MAAM,CAAC,CAAA;IAC5B,IAAI,GAAW,MAAM,CAAA;IACrB,SAAS,GAAY,IAAI,CAAA;IAExB,OAAO,GAAG,EAAwB,CAAA;IAClC,SAAS,GAAG,EAA0B,CAAA;IAC/C,MAAM,GAAqB,IAAI,CAAA;IAC/B,IAAI,GAAqB,IAAI,CAAA;IAE9B,MAAM,CAAE,IAAY,EAAE,KAAU,EAAE,OAAgB;QACvD,qBAAM,CAAC,EAAE,CAAC,IAAI,IAAI,YAAY,EAC5B,mBAAmB,IAAI,sBAAsB,CAAC,CAAA;QAEhD,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;QAEhC,KAAK,MAAM,IAAI,IAAI,OAAO;YACxB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;QAE7D,OAAO,IAAA,iBAAK,EAAC,KAAK,EAChB,WAAI,EAAE,GAAG,EAAE,CAAC,IAAI,WAAI,CAAC,KAA0B,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EACtE,WAAI,EAAE,GAAG,EAAE,CAAC,IAAI,WAAI,CAAC,KAA+B,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAC7E,aAAK,EAAE,GAAG,EAAE,CAAC,IAAI,aAAK,CAAC,KAAsB,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EACtE,eAAM,EAAE,GAAG,EAAE,CAAC,IAAI,eAAM,CAAC,KAAe,EAAE,IAAI,CAAC,SAAS,CAAC,EACzD,mBAAQ,EAAE,GAAG,EAAE,CAAC,IAAI,mBAAQ,CAAC,KAAe,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EACnE,GAAG,EAAE,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAA;IAC3B,CAAC;IAEM,KAAK,CAAC,SAAS,CAAE,UAAuB,EAC7C,OAAgB,EAChB,UAAuB;QACvB,OAAO,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QAC/F,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAA;QAEhE,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,CAAA;YAE9E,IAAI,KAAK;gBACP,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;oBACzB,OAAO,SAAS,CAAC,KAAK,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,CAAA;;oBAEzC,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAA;QAChC,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI;YAC3B,MAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAA;;YAE7B,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAA;IAC9B,CAAC;IAEM,KAAK,CAAC,MAAM,CAAE,UAAuB,EAC1C,OAAgB,EAChB,QAA8B;QAC9B,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,CACnD,SAAS,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAA;QAEzC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;QAEjC,IAAI,QAAQ,KAAK,IAAI;YACnB,OAAM;QAER,IAAI,QAAQ,CAAC,MAAM,KAAK,iBAAO,IAAI,CAAC,QAAQ,CAAC,OAAO;YAClD,OAAM;QAER,gDAAgD;QAChD,QAAQ,CAAC,KAAK,KAAK,MAAM,WAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACjE,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAA;QAE3C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAS,SAAS,EAAE;YACxD,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE;SAClD,CAAC,CAAA;QAEF,MAAM,aAAa,GAAG,SAAS,KAAK,EAAE,CAAA;QAEtC,QAAQ,CAAC,OAAO,KAAK,IAAI,OAAO,EAAE,CAAA;QAClC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,aAAa,CAAC,CAAA;QACpD,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IACnD,CAAC;IAEO,KAAK,CAAC,OAAO,CAAE,SAAiB,EAAE,aAAiC;QACzE,IAAI,aAAa,KAAK,SAAS;YAC7B,OAAO,IAAI,CAAA;QAEb,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAA,aAAK,EAAC,aAAa,CAAC,CAAA;QAClD,MAAM,QAAQ,GAAG,mBAAS,CAAC,MAAM,CAAC,CAAA;QAElC,IAAI,QAAQ,KAAK,SAAS;YACxB,MAAM,IAAI,IAAI,CAAC,YAAY,CAAC,kCAAkC,MAAM,GAAG,CAAC,CAAA;QAE1E,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;QAEvD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAuB,cAAc,EAAE;YACrF,KAAK,EAAE;gBACL,SAAS;gBACT,WAAW;aACZ;SACF,CAAC,CAAA;QAEF,IAAI,MAAM,YAAY,KAAK,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAsB,MAAsC,CAAC,IAAI,CAAA;YAE3E,IAAI,OAAO,IAAI,KAAK,QAAQ;gBAC1B,kBAAO,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;YAEjD,OAAO,IAAI,CAAA;QACb,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAA;QAEhC,IAAI,MAAM,KAAK,iBAAO,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAAE,MAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAA;QAEtF,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAA;QACxB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAA;QAEjC,OAAO,QAAQ,CAAA;IACjB,CAAC;IAEO,SAAS,CAAE,OAAgB;QACjC,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAA;QAEjD,IAAI,WAAW,KAAK,SAAS;YAC3B,OAAO,IAAI,CAAA;QAEb,OAAO,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE;YAC7D,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;gBAClF,IAAA,qBAAS,EAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAC3C,CAAC,CAAC,CAAA;IACJ,CAAC;IAEO,KAAK,CAAC,MAAM,CAAE,QAAkB;QACtC,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAA;QAEvC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAM,SAAS,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QAElF,OAAO,GAAG,CAAC,MAAM,CAAA;IACnB,CAAC;CACF;AAxID,sCAwIC;AAED,MAAM,YAAY,GAAkE;IAClF,SAAS,EAAE,qBAAS;IACpB,MAAM,EAAE,eAAM;IACd,EAAE,EAAE,OAAE;IACN,IAAI,EAAE,WAAI;IACV,IAAI,EAAE,WAAI;IACV,MAAM,EAAE,eAAM;IACd,MAAM,EAAE,eAAM;IACd,MAAM,EAAE,eAAM;IACd,IAAI,EAAE,WAAI;IACV,QAAQ,EAAE,mBAAQ;IAClB,MAAM,EAAE,uBAAU;IAClB,KAAK,EAAE,aAAK;CACb,CAAA;AAED,MAAM,OAAO,GAAa,CAAC,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAA"}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import type {
|
|
1
|
+
import type { Context, Directive, Identity } from './types';
|
|
2
|
+
import type { Component } from '@toa.io/core';
|
|
3
3
|
export declare class Delegate implements Directive {
|
|
4
4
|
private readonly property;
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
private readonly discovery;
|
|
6
|
+
constructor(property: string, discovery: Promise<Component>);
|
|
7
|
+
authorize(identity: Identity | null, context: Context): Promise<boolean>;
|
|
7
8
|
private embed;
|
|
8
9
|
}
|
|
@@ -2,14 +2,18 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.Delegate = void 0;
|
|
4
4
|
const HTTP_1 = require("../../HTTP");
|
|
5
|
+
const Role_1 = require("./Role");
|
|
5
6
|
class Delegate {
|
|
6
7
|
property;
|
|
7
|
-
|
|
8
|
+
discovery;
|
|
9
|
+
constructor(property, discovery) {
|
|
8
10
|
this.property = property;
|
|
11
|
+
this.discovery = discovery;
|
|
9
12
|
}
|
|
10
|
-
authorize(identity, context) {
|
|
13
|
+
async authorize(identity, context) {
|
|
11
14
|
if (identity === null)
|
|
12
15
|
return false;
|
|
16
|
+
identity.roles ??= await Role_1.Role.get(identity, this.discovery);
|
|
13
17
|
context.pipelines.body.push((body) => this.embed(body, identity));
|
|
14
18
|
return true;
|
|
15
19
|
}
|
|
@@ -17,7 +21,7 @@ class Delegate {
|
|
|
17
21
|
if (body === undefined)
|
|
18
22
|
body = {};
|
|
19
23
|
check(body);
|
|
20
|
-
body[this.property] = identity;
|
|
24
|
+
body[this.property] = structuredClone(identity);
|
|
21
25
|
return body;
|
|
22
26
|
}
|
|
23
27
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Delegate.js","sourceRoot":"","sources":["../../../source/directives/auth/Delegate.ts"],"names":[],"mappings":";;;AAAA,qCAAuC;
|
|
1
|
+
{"version":3,"file":"Delegate.js","sourceRoot":"","sources":["../../../source/directives/auth/Delegate.ts"],"names":[],"mappings":";;;AAAA,qCAAuC;AACvC,iCAA6B;AAI7B,MAAa,QAAQ;IACF,QAAQ,CAAQ;IAChB,SAAS,CAAoB;IAE9C,YAAoB,QAAgB,EAAE,SAA6B;QACjE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAEM,KAAK,CAAC,SAAS,CAAE,QAAyB,EAAE,OAAgB;QACjE,IAAI,QAAQ,KAAK,IAAI;YACnB,OAAO,KAAK,CAAA;QAEd,QAAQ,CAAC,KAAK,KAAK,MAAM,WAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAC3D,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAA;QAEjE,OAAO,IAAI,CAAA;IACb,CAAC;IAEO,KAAK,CAAE,IAAa,EAAE,QAAkB;QAC9C,IAAI,IAAI,KAAK,SAAS;YACpB,IAAI,GAAG,EAAE,CAAA;QAEX,KAAK,CAAC,IAAI,CAAC,CAAA;QACX,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAA;QAE/C,OAAO,IAAI,CAAA;IACb,CAAC;CACF;AA5BD,4BA4BC;AAED,SAAS,KAAK,CAAE,IAAa;IAC3B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;QAC3C,MAAM,IAAI,iBAAU,CAAC,sBAAsB,CAAC,CAAA;AAChD,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
1
|
+
import type { OutgoingMessage } from '../../HTTP';
|
|
2
|
+
import type { Directive, Identity, Context } from './types';
|
|
3
3
|
export declare class Echo implements Directive {
|
|
4
|
-
authorize(identity: Identity | null): boolean;
|
|
5
|
-
reply(
|
|
4
|
+
authorize(identity: Identity | null, context: Context): boolean;
|
|
5
|
+
reply(context: Context): OutgoingMessage;
|
|
6
6
|
}
|
|
@@ -1,12 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.Echo = void 0;
|
|
4
|
+
const create_1 = require("./create");
|
|
4
5
|
class Echo {
|
|
5
|
-
authorize(identity) {
|
|
6
|
-
|
|
6
|
+
authorize(identity, context) {
|
|
7
|
+
if (identity === null && 'authorization' in context.request.headers)
|
|
8
|
+
return false;
|
|
9
|
+
context.identity ??= (0, create_1.create)();
|
|
10
|
+
return true;
|
|
7
11
|
}
|
|
8
|
-
reply(
|
|
9
|
-
|
|
12
|
+
reply(context) {
|
|
13
|
+
const body = context.identity;
|
|
14
|
+
return body.scheme === null
|
|
15
|
+
? { status: 201, body }
|
|
16
|
+
: { body };
|
|
10
17
|
}
|
|
11
18
|
}
|
|
12
19
|
exports.Echo = Echo;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Echo.js","sourceRoot":"","sources":["../../../source/directives/auth/Echo.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"Echo.js","sourceRoot":"","sources":["../../../source/directives/auth/Echo.ts"],"names":[],"mappings":";;;AAAA,qCAAiC;AAIjC,MAAa,IAAI;IACR,SAAS,CAAE,QAAyB,EAAE,OAAgB;QAC3D,IAAI,QAAQ,KAAK,IAAI,IAAI,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO;YACjE,OAAO,KAAK,CAAA;QAEd,OAAO,CAAC,QAAQ,KAAK,IAAA,eAAM,GAAE,CAAA;QAE7B,OAAO,IAAI,CAAA;IACb,CAAC;IAEM,KAAK,CAAE,OAAgB;QAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,QAAS,CAAA;QAE9B,OAAO,IAAI,CAAC,MAAM,KAAK,IAAI;YACzB,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE;YACvB,CAAC,CAAC,EAAE,IAAI,EAAE,CAAA;IACd,CAAC;CACF;AAjBD,oBAiBC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import type { Directive, Identity, Context } from './types';
|
|
2
|
+
import type { Parameter } from '../../RTD';
|
|
3
|
+
export declare class Federation implements Directive {
|
|
4
|
+
private readonly matchers;
|
|
5
|
+
constructor(options: Options);
|
|
6
|
+
authorize(identity: Identity | null, context: Context, parameters: Parameter[]): boolean;
|
|
7
|
+
}
|
|
8
|
+
interface Claims {
|
|
9
|
+
iss: string;
|
|
10
|
+
sub: string;
|
|
11
|
+
aud: string | string[];
|
|
12
|
+
}
|
|
13
|
+
interface Options extends Partial<Claims> {
|
|
14
|
+
iss: string;
|
|
15
|
+
}
|
|
16
|
+
export {};
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.Federation = void 0;
|
|
7
|
+
const node_assert_1 = __importDefault(require("node:assert"));
|
|
8
|
+
class Federation {
|
|
9
|
+
matchers;
|
|
10
|
+
constructor(options) {
|
|
11
|
+
this.matchers = Object.entries(options)
|
|
12
|
+
.map(([key, value]) => [key, toMatcher(value)]);
|
|
13
|
+
node_assert_1.default.ok(this.matchers.length > 0, '`auth:claims` requires at least one property defined');
|
|
14
|
+
}
|
|
15
|
+
authorize(identity, context, parameters) {
|
|
16
|
+
if (identity === null || !('claims' in identity))
|
|
17
|
+
return false;
|
|
18
|
+
const claims = identity.claims;
|
|
19
|
+
for (const [key, match] of this.matchers)
|
|
20
|
+
if (!match(claims[key], context, parameters))
|
|
21
|
+
return false;
|
|
22
|
+
return true;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
exports.Federation = Federation;
|
|
26
|
+
function toMatcher(expression) {
|
|
27
|
+
if (expression.startsWith(':')) {
|
|
28
|
+
const key = expression.slice(1);
|
|
29
|
+
if (key === 'authority')
|
|
30
|
+
return (value, context) => matches(value, context[key]);
|
|
31
|
+
if (key === 'domain')
|
|
32
|
+
return (value, context) => {
|
|
33
|
+
return Array.isArray(value)
|
|
34
|
+
? value.some((iss) => codomain(iss, context))
|
|
35
|
+
: codomain(value, context);
|
|
36
|
+
};
|
|
37
|
+
throw new Error('Unknown `auth:claims` syntax: ' + expression);
|
|
38
|
+
}
|
|
39
|
+
if (expression.startsWith('/:')) {
|
|
40
|
+
const name = expression.slice(2);
|
|
41
|
+
return (value, _, parameters) => parameters
|
|
42
|
+
.some((parameter) => parameter.name === name && matches(value, parameter.value));
|
|
43
|
+
}
|
|
44
|
+
return (value) => matches(value, expression);
|
|
45
|
+
}
|
|
46
|
+
function matches(value, reference) {
|
|
47
|
+
return Array.isArray(value)
|
|
48
|
+
? value.includes(reference)
|
|
49
|
+
: value === reference;
|
|
50
|
+
}
|
|
51
|
+
function codomain(iss, context) {
|
|
52
|
+
const hostname = new URL(iss).hostname;
|
|
53
|
+
const dot = hostname.indexOf('.');
|
|
54
|
+
const basename = dot === -1 ? hostname : hostname.slice(dot);
|
|
55
|
+
return context.authority.slice(-basename.length) === basename;
|
|
56
|
+
}
|
|
57
|
+
//# sourceMappingURL=Federation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"Federation.js","sourceRoot":"","sources":["../../../source/directives/auth/Federation.ts"],"names":[],"mappings":";;;;;;AAAA,8DAAgC;AAIhC,MAAa,UAAU;IACJ,QAAQ,CAAgC;IAEzD,YAAoB,OAAgB;QAClC,IAAI,CAAC,QAAQ,GAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAmC;aACvE,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAEjD,qBAAM,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,sDAAsD,CAAC,CAAA;IAC7F,CAAC;IAEM,SAAS,CAAE,QAAyB,EAAE,OAAgB,EAAE,UAAuB;QACpF,IAAI,QAAQ,KAAK,IAAI,IAAI,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC;YAC9C,OAAO,KAAK,CAAA;QAEd,MAAM,MAAM,GAAI,QAA8B,CAAC,MAAM,CAAA;QAErD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ;YACtC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,UAAU,CAAC;gBAC1C,OAAO,KAAK,CAAA;QAEhB,OAAO,IAAI,CAAA;IACb,CAAC;CACF;AAtBD,gCAsBC;AAED,SAAS,SAAS,CAAE,UAAkB;IACpC,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAgB,CAAA;QAE9C,IAAI,GAAG,KAAK,WAAW;YACrB,OAAO,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;QAEzD,IAAI,GAAG,KAAK,QAAQ;YAClB,OAAO,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;gBACxB,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;oBACzB,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;oBAC7C,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;YAC9B,CAAC,CAAA;QAEH,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,UAAU,CAAC,CAAA;IAChE,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAEhC,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,CAAC,UAAU;aACxC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;IACpF,CAAC;IAED,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,OAAO,CAAE,KAAwB,EAAE,SAAiB;IAC3D,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzB,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC3B,CAAC,CAAC,KAAK,KAAK,SAAS,CAAA;AACzB,CAAC;AAED,SAAS,QAAQ,CAAE,GAAW,EAAE,OAAgB;IAC9C,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAA;IACtC,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAE5D,OAAO,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,QAAQ,CAAA;AAC/D,CAAC"}
|
|
@@ -3,5 +3,5 @@ import { type Directive, type Identity } from './types';
|
|
|
3
3
|
export declare class Id implements Directive {
|
|
4
4
|
private readonly parameter;
|
|
5
5
|
constructor(parameter: string);
|
|
6
|
-
authorize(identity: Identity | null, _:
|
|
6
|
+
authorize(identity: Identity | null, _: unknown, parameters: Parameter[]): boolean;
|
|
7
7
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Id.js","sourceRoot":"","sources":["../../../source/directives/auth/Id.ts"],"names":[],"mappings":";;;AAGA,MAAa,EAAE;IACI,SAAS,CAAQ;IAElC,YAAoB,SAAiB;QACnC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAEM,SAAS,CAAE,QAAyB,EAAE,
|
|
1
|
+
{"version":3,"file":"Id.js","sourceRoot":"","sources":["../../../source/directives/auth/Id.ts"],"names":[],"mappings":";;;AAGA,MAAa,EAAE;IACI,SAAS,CAAQ;IAElC,YAAoB,SAAiB;QACnC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAEM,SAAS,CAAE,QAAyB,EAAE,CAAU,EAAE,UAAuB;QAC9E,IAAI,QAAQ,KAAK,IAAI;YACnB,OAAO,KAAK,CAAA;QAEd,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,IAAI,CAAC,SAAS,CAAC,CAAA;QAEnF,OAAO,SAAS,EAAE,KAAK,KAAK,QAAQ,CAAC,EAAE,CAAA;IACzC,CAAC;CACF;AAfD,gBAeC"}
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import * as http from '../../HTTP';
|
|
2
|
-
import {
|
|
2
|
+
import type { Directive, Discovery, Identity, Context } from './types';
|
|
3
3
|
export declare class Incept implements Directive {
|
|
4
|
+
private static readonly schemes;
|
|
5
|
+
private static discovery;
|
|
4
6
|
private readonly property;
|
|
5
|
-
private readonly discovery;
|
|
6
|
-
private readonly schemes;
|
|
7
7
|
constructor(property: string, discovery: Discovery);
|
|
8
|
-
|
|
9
|
-
|
|
8
|
+
static incept(context: Context, id: string): Promise<Identity>;
|
|
9
|
+
authorize(identity: Identity | null): boolean;
|
|
10
|
+
reply(context: Context): http.OutgoingMessage | null;
|
|
11
|
+
settle(context: Context, response: http.OutgoingMessage): Promise<void>;
|
|
10
12
|
}
|
|
@@ -22,41 +22,70 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
22
22
|
__setModuleDefault(result, mod);
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
26
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
|
+
};
|
|
25
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
29
|
exports.Incept = void 0;
|
|
30
|
+
const node_assert_1 = __importDefault(require("node:assert"));
|
|
31
|
+
const openspan_1 = require("openspan");
|
|
27
32
|
const http = __importStar(require("../../HTTP"));
|
|
28
33
|
const split_1 = require("./split");
|
|
34
|
+
const create_1 = require("./create");
|
|
29
35
|
const schemes_1 = require("./schemes");
|
|
30
36
|
class Incept {
|
|
37
|
+
static schemes = {};
|
|
38
|
+
static discovery;
|
|
31
39
|
property;
|
|
32
|
-
discovery;
|
|
33
|
-
schemes = {};
|
|
34
40
|
constructor(property, discovery) {
|
|
41
|
+
node_assert_1.default.ok(property === null || typeof property === 'string', '`auth:incept` value must be a string or null');
|
|
35
42
|
this.property = property;
|
|
36
|
-
|
|
37
|
-
}
|
|
38
|
-
authorize(identity, input) {
|
|
39
|
-
return identity === null && 'authorization' in input.request.headers;
|
|
43
|
+
Incept.discovery ??= discovery;
|
|
40
44
|
}
|
|
41
|
-
async
|
|
42
|
-
const
|
|
43
|
-
if (id === undefined)
|
|
44
|
-
throw new http.Conflict('Identity inception has failed as the response body ' +
|
|
45
|
-
` does not contain the '${this.property}' property.`);
|
|
46
|
-
const [scheme, credentials] = (0, split_1.split)(input.request.headers.authorization);
|
|
45
|
+
static async incept(context, id) {
|
|
46
|
+
const [scheme, credentials] = (0, split_1.split)(context.request.headers.authorization);
|
|
47
47
|
const provider = schemes_1.PROVIDERS[scheme];
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
48
|
+
if (provider === undefined)
|
|
49
|
+
throw new http.BadRequest('Authentication scheme is not supported');
|
|
50
|
+
if (!schemes_1.INCEPTION.includes(provider))
|
|
51
|
+
throw new http.BadRequest('Authentication scheme does not support identity inception');
|
|
52
|
+
Incept.schemes[scheme] ??= await Incept.discovery[provider];
|
|
53
|
+
const identity = await Incept.schemes[scheme].invoke('incept', {
|
|
51
54
|
input: {
|
|
55
|
+
authority: context.authority,
|
|
52
56
|
id,
|
|
53
57
|
credentials
|
|
54
58
|
}
|
|
55
59
|
});
|
|
56
60
|
if (identity instanceof Error)
|
|
57
|
-
throw new http.
|
|
58
|
-
|
|
59
|
-
|
|
61
|
+
throw new http.UnprocessableEntity(identity);
|
|
62
|
+
identity.scheme = scheme;
|
|
63
|
+
identity.roles = [];
|
|
64
|
+
return identity;
|
|
65
|
+
}
|
|
66
|
+
authorize(identity) {
|
|
67
|
+
return identity === null;
|
|
68
|
+
}
|
|
69
|
+
reply(context) {
|
|
70
|
+
if (this.property !== null)
|
|
71
|
+
return null;
|
|
72
|
+
const body = (0, create_1.create)(context.request.headers.authorization);
|
|
73
|
+
return { body };
|
|
74
|
+
}
|
|
75
|
+
async settle(context, response) {
|
|
76
|
+
const id = response.body?.[this.property ?? 'id'];
|
|
77
|
+
if (id === undefined) {
|
|
78
|
+
openspan_1.console.debug('Inception skipped: response does not contain expected property', {
|
|
79
|
+
property: this.property,
|
|
80
|
+
response
|
|
81
|
+
});
|
|
82
|
+
return;
|
|
83
|
+
}
|
|
84
|
+
(0, node_assert_1.default)(typeof id === 'string', `Response body property "${this.property}" expected to be a string`);
|
|
85
|
+
if (context.request.headers.authorization !== undefined)
|
|
86
|
+
context.identity = await Incept.incept(context, id);
|
|
87
|
+
else
|
|
88
|
+
context.identity = { id, scheme: null, refresh: true, roles: [] };
|
|
60
89
|
}
|
|
61
90
|
}
|
|
62
91
|
exports.Incept = Incept;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Incept.js","sourceRoot":"","sources":["../../../source/directives/auth/Incept.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"Incept.js","sourceRoot":"","sources":["../../../source/directives/auth/Incept.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8DAAgC;AAChC,uCAAkC;AAClC,iDAAkC;AAClC,mCAA+B;AAC/B,qCAAiC;AACjC,uCAAgD;AAIhD,MAAa,MAAM;IACT,MAAM,CAAU,OAAO,GAAY,EAAwB,CAAA;IAC3D,MAAM,CAAC,SAAS,CAAW;IAElB,QAAQ,CAAe;IAExC,YAAoB,QAAgB,EAAE,SAAoB;QACxD,qBAAM,CAAC,EAAE,CAAC,QAAQ,KAAK,IAAI,IAAI,OAAO,QAAQ,KAAK,QAAQ,EACzD,8CAA8C,CAAC,CAAA;QAEjD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,MAAM,CAAC,SAAS,KAAK,SAAS,CAAA;IAChC,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,MAAM,CAAE,OAAgB,EAAE,EAAU;QACtD,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAA,aAAK,EAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAc,CAAC,CAAA;QAC3E,MAAM,QAAQ,GAAG,mBAAS,CAAC,MAAM,CAAC,CAAA;QAElC,IAAI,QAAQ,KAAK,SAAS;YACxB,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,wCAAwC,CAAC,CAAA;QAErE,IAAI,CAAC,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC/B,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,2DAA2D,CAAC,CAAA;QAExF,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,MAAM,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;QAE3D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAkB,QAAQ,EAAE;YAC9E,KAAK,EAAE;gBACL,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,EAAE;gBACF,WAAW;aACZ;SACF,CAAC,CAAA;QAEF,IAAI,QAAQ,YAAY,KAAK;YAC3B,MAAM,IAAI,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAA;QAE9C,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAA;QACxB,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAA;QAEnB,OAAO,QAAQ,CAAA;IACjB,CAAC;IAEM,SAAS,CAAE,QAAyB;QACzC,OAAO,QAAQ,KAAK,IAAI,CAAA;IAC1B,CAAC;IAEM,KAAK,CAAE,OAAgB;QAC5B,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI;YACxB,OAAO,IAAI,CAAA;QAEb,MAAM,IAAI,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QAE1D,OAAO,EAAE,IAAI,EAAE,CAAA;IACjB,CAAC;IAEM,KAAK,CAAC,MAAM,CAAE,OAAgB,EAAE,QAA8B;QACnE,MAAM,EAAE,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAA;QAEjD,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;YACrB,kBAAO,CAAC,KAAK,CAAC,gEAAgE,EAAE;gBAC9E,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ;aACT,CAAC,CAAA;YAEF,OAAM;QACR,CAAC;QAED,IAAA,qBAAM,EAAC,OAAO,EAAE,KAAK,QAAQ,EAAE,2BAA2B,IAAI,CAAC,QAAQ,2BAA2B,CAAC,CAAA;QAEnG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,KAAK,SAAS;YACrD,OAAO,CAAC,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;;YAEnD,OAAO,CAAC,QAAQ,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAA;IACrE,CAAC;;AA1EH,wBA2EC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { Parameter } from '../../RTD';
|
|
2
|
+
import type { Context, Directive, Identity, Create } from './types';
|
|
3
|
+
export declare class Input implements Directive {
|
|
4
|
+
priority: number;
|
|
5
|
+
private readonly statements;
|
|
6
|
+
constructor(declarations: Declaration[], create: Create);
|
|
7
|
+
authorize(identity: Identity | null, context: Context, parameters: Parameter[]): Promise<boolean>;
|
|
8
|
+
private check;
|
|
9
|
+
}
|
|
10
|
+
export interface Declaration {
|
|
11
|
+
[key: Exclude<string, 'prop'>]: unknown;
|
|
12
|
+
prop: string | string[];
|
|
13
|
+
}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.Input = void 0;
|
|
4
|
+
const HTTP_1 = require("../../HTTP");
|
|
5
|
+
class Input {
|
|
6
|
+
priority = 0;
|
|
7
|
+
statements = [];
|
|
8
|
+
constructor(declarations, create) {
|
|
9
|
+
this.statements = declarations.map((declaration) => new Statement(declaration, create));
|
|
10
|
+
}
|
|
11
|
+
async authorize(identity, context, parameters) {
|
|
12
|
+
context.pipelines.body.push(async (body) => this.check(identity, context, parameters, body));
|
|
13
|
+
return false;
|
|
14
|
+
}
|
|
15
|
+
// eslint-disable-next-line max-params
|
|
16
|
+
async check(identity, context, parameters, body) {
|
|
17
|
+
if (body === undefined || body === null || body.constructor !== Object)
|
|
18
|
+
return body;
|
|
19
|
+
const settled = await Promise.allSettled(this.statements.map(async (statement) => statement.check(identity, context, parameters, body)));
|
|
20
|
+
for (const result of settled)
|
|
21
|
+
if (result.status === 'rejected')
|
|
22
|
+
throw result.reason;
|
|
23
|
+
return body;
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
exports.Input = Input;
|
|
27
|
+
class Statement {
|
|
28
|
+
properties;
|
|
29
|
+
directives = [];
|
|
30
|
+
constructor({ prop, ...directives }, create) {
|
|
31
|
+
this.properties = typeof prop === 'string' ? [prop] : prop;
|
|
32
|
+
for (const [name, value] of Object.entries(directives)) {
|
|
33
|
+
const directive = create(name, value);
|
|
34
|
+
this.directives.push(directive);
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
// eslint-disable-next-line max-params
|
|
38
|
+
async check(identity, context, parameters, body) {
|
|
39
|
+
const match = this.properties.some((property) => property in body);
|
|
40
|
+
if (!match)
|
|
41
|
+
return;
|
|
42
|
+
for (const directive of this.directives) {
|
|
43
|
+
const authorized = await directive.authorize(identity, context, parameters);
|
|
44
|
+
if (!authorized)
|
|
45
|
+
throw new HTTP_1.Forbidden('Input property is not authorized');
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
//# sourceMappingURL=Input.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"Input.js","sourceRoot":"","sources":["../../../source/directives/auth/Input.ts"],"names":[],"mappings":";;;AAAA,qCAAsC;AAItC,MAAa,KAAK;IACT,QAAQ,GAAG,CAAC,CAAA;IACF,UAAU,GAAgB,EAAE,CAAA;IAE7C,YAAoB,YAA2B,EAAE,MAAc;QAC7D,IAAI,CAAC,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,IAAI,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAA;IACzF,CAAC;IAEM,KAAK,CAAC,SAAS,CACrB,QAAyB,EAAE,OAAgB,EAAE,UAAuB;QACnE,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,CAAA;QAE5F,OAAO,KAAK,CAAA;IACd,CAAC;IAED,sCAAsC;IAC9B,KAAK,CAAC,KAAK,CAAE,QAAyB,EAAE,OAAgB,EAAE,UAAuB,EAAE,IAAa;QACtG,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,WAAW,KAAK,MAAM;YACpE,OAAO,IAAI,CAAA;QAEb,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,CAC/E,SAAS,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,IAAY,CAAC,CAAC,CAAC,CAAA;QAEhE,KAAK,MAAM,MAAM,IAAI,OAAO;YAC1B,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU;gBAC9B,MAAM,MAAM,CAAC,MAAM,CAAA;QAEvB,OAAO,IAAI,CAAA;IACb,CAAC;CACF;AA7BD,sBA6BC;AAED,MAAM,SAAS;IACI,UAAU,CAAU;IACpB,UAAU,GAAgB,EAAE,CAAA;IAE7C,YAAoB,EAAE,IAAI,EAAE,GAAG,UAAU,EAAe,EAAE,MAAc;QACtE,IAAI,CAAC,UAAU,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QAE1D,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YACvD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YAErC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACjC,CAAC;IACH,CAAC;IAED,sCAAsC;IAC/B,KAAK,CAAC,KAAK,CAAE,QAAyB,EAAE,OAAgB,EAAE,UAAuB,EAAE,IAAU;QAClG,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAA;QAElE,IAAI,CAAC,KAAK;YACR,OAAM;QAER,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,CAAA;YAE3E,IAAI,CAAC,UAAU;gBACb,MAAM,IAAI,gBAAS,CAAC,kCAAkC,CAAC,CAAA;QAC3D,CAAC;IACH,CAAC;CACF"}
|
|
@@ -7,7 +7,7 @@ export declare class Role implements Directive {
|
|
|
7
7
|
private readonly discovery;
|
|
8
8
|
private readonly dynamic;
|
|
9
9
|
constructor(roles: string | string[], discovery: Promise<Component>);
|
|
10
|
-
static
|
|
10
|
+
static get(identity: Identity, discovery: Promise<Component>): Promise<string[]>;
|
|
11
11
|
authorize(identity: Identity | null, _: unknown, parameters: Parameter[]): Promise<boolean>;
|
|
12
12
|
private match;
|
|
13
13
|
private substitute;
|
|
@@ -15,26 +15,24 @@ class Role {
|
|
|
15
15
|
this.discovery = discovery;
|
|
16
16
|
this.dynamic = this.roles.some((role) => role.includes('{'));
|
|
17
17
|
}
|
|
18
|
-
static async
|
|
18
|
+
static async get(identity, discovery) {
|
|
19
19
|
this.remote ??= await discovery;
|
|
20
20
|
const query = {
|
|
21
21
|
criteria: `identity==${identity.id}`,
|
|
22
22
|
limit: 1024
|
|
23
23
|
};
|
|
24
|
-
|
|
24
|
+
return await this.remote.invoke('list', { query });
|
|
25
25
|
}
|
|
26
26
|
async authorize(identity, _, parameters) {
|
|
27
27
|
if (identity === null)
|
|
28
28
|
return false;
|
|
29
|
-
await Role.
|
|
30
|
-
if (identity.roles === undefined)
|
|
31
|
-
return false;
|
|
29
|
+
identity.roles ??= await Role.get(identity, this.discovery);
|
|
32
30
|
return this.match(identity.roles, parameters);
|
|
33
31
|
}
|
|
34
32
|
match(roles, parameters) {
|
|
35
33
|
const required = this.dynamic ? this.substitute(parameters) : this.roles;
|
|
36
34
|
for (const role of roles) {
|
|
37
|
-
const ok = required.some((expected) =>
|
|
35
|
+
const ok = required.some((expected) => expected === role || expected.startsWith(role + ':'));
|
|
38
36
|
if (ok)
|
|
39
37
|
return true;
|
|
40
38
|
}
|
|
@@ -43,18 +41,10 @@ class Role {
|
|
|
43
41
|
substitute(parameters) {
|
|
44
42
|
return this.roles.map((role) => role.replaceAll(/{(\w+)}/g, (_, key) => {
|
|
45
43
|
const value = parameters.find((parameter) => parameter.name === key)?.value;
|
|
46
|
-
node_assert_1.default.ok(value !== undefined, `Role '${role}' requires '${key}' route parameter
|
|
44
|
+
node_assert_1.default.ok(value !== undefined, `Role '${role}' requires '${key}' route parameter`);
|
|
47
45
|
return value;
|
|
48
46
|
}));
|
|
49
47
|
}
|
|
50
48
|
}
|
|
51
49
|
exports.Role = Role;
|
|
52
|
-
function compare(expected, actual) {
|
|
53
|
-
const exp = expected.split(':');
|
|
54
|
-
const act = actual.split(':');
|
|
55
|
-
for (let i = 0; i < act.length; i++)
|
|
56
|
-
if (exp[i] !== act[i])
|
|
57
|
-
return false;
|
|
58
|
-
return true;
|
|
59
|
-
}
|
|
60
50
|
//# sourceMappingURL=Role.js.map
|