@venizia/ignis 0.0.9-13 → 0.0.9-15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/base/models/enrichers/tz.enricher.d.ts.map +1 -1
- package/dist/base/models/enrichers/tz.enricher.js +5 -2
- package/dist/base/models/enrichers/tz.enricher.js.map +1 -1
- package/dist/base/repositories/core/readable.d.ts.map +1 -1
- package/dist/base/repositories/core/readable.js +16 -4
- package/dist/base/repositories/core/readable.js.map +1 -1
- package/dist/components/auth/authorize/adapters/base-filtered.d.ts +26 -56
- package/dist/components/auth/authorize/adapters/base-filtered.d.ts.map +1 -1
- package/dist/components/auth/authorize/adapters/base-filtered.js +23 -70
- package/dist/components/auth/authorize/adapters/base-filtered.js.map +1 -1
- package/dist/components/auth/authorize/adapters/index.d.ts +2 -1
- package/dist/components/auth/authorize/adapters/index.d.ts.map +1 -1
- package/dist/components/auth/authorize/adapters/index.js +2 -1
- package/dist/components/auth/authorize/adapters/index.js.map +1 -1
- package/dist/components/auth/authorize/adapters/scoped-casbin.adapter.d.ts +131 -0
- package/dist/components/auth/authorize/adapters/scoped-casbin.adapter.d.ts.map +1 -0
- package/dist/components/auth/authorize/adapters/scoped-casbin.adapter.js +293 -0
- package/dist/components/auth/authorize/adapters/scoped-casbin.adapter.js.map +1 -0
- package/dist/components/auth/authorize/adapters/types.d.ts +31 -0
- package/dist/components/auth/authorize/adapters/types.d.ts.map +1 -0
- package/dist/components/auth/authorize/adapters/types.js +3 -0
- package/dist/components/auth/authorize/adapters/types.js.map +1 -0
- package/dist/components/auth/authorize/common/constants.d.ts +127 -12
- package/dist/components/auth/authorize/common/constants.d.ts.map +1 -1
- package/dist/components/auth/authorize/common/constants.js +139 -16
- package/dist/components/auth/authorize/common/constants.js.map +1 -1
- package/dist/components/auth/authorize/common/index.d.ts +2 -0
- package/dist/components/auth/authorize/common/index.d.ts.map +1 -1
- package/dist/components/auth/authorize/common/index.js +2 -0
- package/dist/components/auth/authorize/common/index.js.map +1 -1
- package/dist/components/auth/authorize/common/object-match.d.ts +21 -0
- package/dist/components/auth/authorize/common/object-match.d.ts.map +1 -0
- package/dist/components/auth/authorize/common/object-match.js +33 -0
- package/dist/components/auth/authorize/common/object-match.js.map +1 -0
- package/dist/components/auth/authorize/common/resolve-request-domain.d.ts +20 -0
- package/dist/components/auth/authorize/common/resolve-request-domain.d.ts.map +1 -0
- package/dist/components/auth/authorize/common/resolve-request-domain.js +59 -0
- package/dist/components/auth/authorize/common/resolve-request-domain.js.map +1 -0
- package/dist/components/auth/authorize/common/types.d.ts +65 -22
- package/dist/components/auth/authorize/common/types.d.ts.map +1 -1
- package/dist/components/auth/authorize/enforcers/casbin.enforcer.d.ts +119 -30
- package/dist/components/auth/authorize/enforcers/casbin.enforcer.d.ts.map +1 -1
- package/dist/components/auth/authorize/enforcers/casbin.enforcer.js +302 -168
- package/dist/components/auth/authorize/enforcers/casbin.enforcer.js.map +1 -1
- package/dist/components/auth/authorize/enforcers/enforcer-registry.d.ts +19 -1
- package/dist/components/auth/authorize/enforcers/enforcer-registry.d.ts.map +1 -1
- package/dist/components/auth/authorize/enforcers/enforcer-registry.js +23 -0
- package/dist/components/auth/authorize/enforcers/enforcer-registry.js.map +1 -1
- package/dist/components/auth/authorize/enforcers/index.d.ts +1 -0
- package/dist/components/auth/authorize/enforcers/index.d.ts.map +1 -1
- package/dist/components/auth/authorize/enforcers/index.js +1 -0
- package/dist/components/auth/authorize/enforcers/index.js.map +1 -1
- package/dist/components/auth/authorize/enforcers/models/index.d.ts +2 -0
- package/dist/components/auth/authorize/enforcers/models/index.d.ts.map +1 -0
- package/dist/components/auth/authorize/{models/abilities → enforcers/models}/index.js +1 -2
- package/dist/components/auth/authorize/enforcers/models/index.js.map +1 -0
- package/dist/components/auth/authorize/enforcers/models/rbac-domain.model.d.ts +32 -0
- package/dist/components/auth/authorize/enforcers/models/rbac-domain.model.d.ts.map +1 -0
- package/dist/components/auth/authorize/enforcers/models/rbac-domain.model.js +54 -0
- package/dist/components/auth/authorize/enforcers/models/rbac-domain.model.js.map +1 -0
- package/dist/components/auth/authorize/models/index.d.ts +0 -1
- package/dist/components/auth/authorize/models/index.d.ts.map +1 -1
- package/dist/components/auth/authorize/models/index.js +0 -1
- package/dist/components/auth/authorize/models/index.js.map +1 -1
- package/dist/components/auth/authorize/providers/authorization.provider.d.ts.map +1 -1
- package/dist/components/auth/authorize/providers/authorization.provider.js +12 -0
- package/dist/components/auth/authorize/providers/authorization.provider.js.map +1 -1
- package/dist/components/mail/helpers/executors/internal-queue-executor.helper.d.ts.map +1 -1
- package/dist/components/mail/helpers/executors/internal-queue-executor.helper.js +1 -1
- package/dist/components/mail/helpers/executors/internal-queue-executor.helper.js.map +1 -1
- package/package.json +3 -3
- package/dist/components/auth/authorize/adapters/drizzle-casbin.d.ts +0 -46
- package/dist/components/auth/authorize/adapters/drizzle-casbin.d.ts.map +0 -1
- package/dist/components/auth/authorize/adapters/drizzle-casbin.js +0 -104
- package/dist/components/auth/authorize/adapters/drizzle-casbin.js.map +0 -1
- package/dist/components/auth/authorize/models/abilities/index.d.ts +0 -3
- package/dist/components/auth/authorize/models/abilities/index.d.ts.map +0 -1
- package/dist/components/auth/authorize/models/abilities/index.js.map +0 -1
- package/dist/components/auth/authorize/models/abilities/string-action.model.d.ts +0 -14
- package/dist/components/auth/authorize/models/abilities/string-action.model.d.ts.map +0 -1
- package/dist/components/auth/authorize/models/abilities/string-action.model.js +0 -23
- package/dist/components/auth/authorize/models/abilities/string-action.model.js.map +0 -1
- package/dist/components/auth/authorize/models/abilities/string-resource.model.d.ts +0 -13
- package/dist/components/auth/authorize/models/abilities/string-resource.model.d.ts.map +0 -1
- package/dist/components/auth/authorize/models/abilities/string-resource.model.js +0 -19
- package/dist/components/auth/authorize/models/abilities/string-resource.model.js.map +0 -1
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { Container } from '../../../../helpers/inversion/container';
|
|
2
2
|
import { TClass } from '@venizia/ignis-helpers';
|
|
3
|
+
import { IAuthUser } from '../../authenticate';
|
|
3
4
|
import { AbstractAuthRegistry } from '../../base';
|
|
4
|
-
import { AuthorizationEnforcerTypes, IAuthorizationEnforcer, IAuthorizeOptions, ICasbinEnforcerOptions } from '../common';
|
|
5
|
+
import { AuthorizationEnforcerTypes, IAuthorizationEnforcer, IAuthorizationUser, IAuthorizeOptions, ICasbinEnforcerOptions } from '../common';
|
|
5
6
|
export declare class AuthorizationEnforcerRegistry extends AbstractAuthRegistry<IAuthorizationEnforcer> {
|
|
6
7
|
private static instance;
|
|
7
8
|
private configuredEnforcers;
|
|
@@ -28,6 +29,23 @@ export declare class AuthorizationEnforcerRegistry extends AbstractAuthRegistry<
|
|
|
28
29
|
resolveEnforcer(opts: {
|
|
29
30
|
name: string;
|
|
30
31
|
}): Promise<IAuthorizationEnforcer>;
|
|
32
|
+
/** Drop a user's cached policies on the resolved enforcer. Lazy — next request rebuilds. */
|
|
33
|
+
invalidateUserCache(opts: {
|
|
34
|
+
user: IAuthorizationUser;
|
|
35
|
+
enforcerName?: string;
|
|
36
|
+
}): Promise<{
|
|
37
|
+
invalidatedKeys: number;
|
|
38
|
+
}>;
|
|
39
|
+
/** Drop then immediately rebuild + re-cache a user's policies on the resolved enforcer. */
|
|
40
|
+
rebuildUserCache(opts: {
|
|
41
|
+
user: {
|
|
42
|
+
principalType: string;
|
|
43
|
+
} & IAuthUser;
|
|
44
|
+
enforcerName?: string;
|
|
45
|
+
}): Promise<{
|
|
46
|
+
cacheKey: string;
|
|
47
|
+
lineCount: number;
|
|
48
|
+
}>;
|
|
31
49
|
resolveOptions(): IAuthorizeOptions | undefined;
|
|
32
50
|
}
|
|
33
51
|
//# sourceMappingURL=enforcer-registry.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcer-registry.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/enforcer-registry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAC;AAC1D,OAAO,EAAY,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAEL,0BAA0B,EAE1B,sBAAsB,EACtB,iBAAiB,EACjB,sBAAsB,EACvB,MAAM,WAAW,CAAC;AAInB,qBAAa,6BAA8B,SAAQ,oBAAoB,CAAC,sBAAsB,CAAC;IAC7F,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAgC;IAEvD,OAAO,CAAC,mBAAmB,CAAc;;IAOzC,MAAM,CAAC,WAAW;IAQT,KAAK,IAAI,IAAI;IAKtB,SAAS,CAAC,gBAAgB,IAAI,MAAM;IAIpC,QAAQ,CAAC,IAAI,EAAE;QACb,SAAS,EAAE,SAAS,CAAC;QACrB,SAAS,EAAE,KAAK,CACZ;YACE,QAAQ,EAAE,MAAM,CAAC,sBAAsB,CAAC,CAAC;YACzC,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,EAAE,OAAO,0BAA0B,CAAC,MAAM,CAAC;YAC/C,OAAO,CAAC,EAAE,sBAAsB,CAAC;SAClC,GACD;YACE,QAAQ,EAAE,MAAM,CAAC,sBAAsB,CAAC,CAAC;YACzC,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,EAAE,OAAO,0BAA0B,CAAC,MAAM,CAAC;YAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;SACnB,CACJ,CAAC;KACH;IA8BD,YAAY,IAAI,OAAO;IAIvB,sBAAsB,IAAI,MAAM;IAI1B,eAAe,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAW9E,cAAc,IAAI,iBAAiB,GAAG,SAAS;CAahD"}
|
|
1
|
+
{"version":3,"file":"enforcer-registry.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/enforcer-registry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAC;AAC1D,OAAO,EAAY,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAEL,0BAA0B,EAE1B,sBAAsB,EACtB,kBAAkB,EAClB,iBAAiB,EACjB,sBAAsB,EACvB,MAAM,WAAW,CAAC;AAInB,qBAAa,6BAA8B,SAAQ,oBAAoB,CAAC,sBAAsB,CAAC;IAC7F,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAgC;IAEvD,OAAO,CAAC,mBAAmB,CAAc;;IAOzC,MAAM,CAAC,WAAW;IAQT,KAAK,IAAI,IAAI;IAKtB,SAAS,CAAC,gBAAgB,IAAI,MAAM;IAIpC,QAAQ,CAAC,IAAI,EAAE;QACb,SAAS,EAAE,SAAS,CAAC;QACrB,SAAS,EAAE,KAAK,CACZ;YACE,QAAQ,EAAE,MAAM,CAAC,sBAAsB,CAAC,CAAC;YACzC,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,EAAE,OAAO,0BAA0B,CAAC,MAAM,CAAC;YAC/C,OAAO,CAAC,EAAE,sBAAsB,CAAC;SAClC,GACD;YACE,QAAQ,EAAE,MAAM,CAAC,sBAAsB,CAAC,CAAC;YACzC,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,EAAE,OAAO,0BAA0B,CAAC,MAAM,CAAC;YAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;SACnB,CACJ,CAAC;KACH;IA8BD,YAAY,IAAI,OAAO;IAIvB,sBAAsB,IAAI,MAAM;IAI1B,eAAe,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAW9E,4FAA4F;IACtF,mBAAmB,CAAC,IAAI,EAAE;QAC9B,IAAI,EAAE,kBAAkB,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC;QAAE,eAAe,EAAE,MAAM,CAAA;KAAE,CAAC;IAcxC,2FAA2F;IACrF,gBAAgB,CAAC,IAAI,EAAE;QAC3B,IAAI,EAAE;YAAE,aAAa,EAAE,MAAM,CAAA;SAAE,GAAG,SAAS,CAAC;QAC5C,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAapD,cAAc,IAAI,iBAAiB,GAAG,SAAS;CAahD"}
|
|
@@ -61,6 +61,29 @@ class AuthorizationEnforcerRegistry extends base_1.AbstractAuthRegistry {
|
|
|
61
61
|
}
|
|
62
62
|
return enforcer;
|
|
63
63
|
}
|
|
64
|
+
/** Drop a user's cached policies on the resolved enforcer. Lazy — next request rebuilds. */
|
|
65
|
+
async invalidateUserCache(opts) {
|
|
66
|
+
const name = opts.enforcerName ?? this.getDefaultEnforcerName();
|
|
67
|
+
const enforcer = await this.resolveEnforcer({ name });
|
|
68
|
+
// Cache management is an optional IAuthorizationEnforcer capability — feature-detect it.
|
|
69
|
+
if (typeof enforcer.invalidateUserCache !== 'function') {
|
|
70
|
+
throw (0, ignis_helpers_1.getError)({
|
|
71
|
+
message: `[AuthorizationEnforcerRegistry] Enforcer "${name}" does not support cache invalidation`,
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
return enforcer.invalidateUserCache({ user: opts.user });
|
|
75
|
+
}
|
|
76
|
+
/** Drop then immediately rebuild + re-cache a user's policies on the resolved enforcer. */
|
|
77
|
+
async rebuildUserCache(opts) {
|
|
78
|
+
const name = opts.enforcerName ?? this.getDefaultEnforcerName();
|
|
79
|
+
const enforcer = await this.resolveEnforcer({ name });
|
|
80
|
+
if (typeof enforcer.rebuildUserCache !== 'function') {
|
|
81
|
+
throw (0, ignis_helpers_1.getError)({
|
|
82
|
+
message: `[AuthorizationEnforcerRegistry] Enforcer "${name}" does not support cache invalidation`,
|
|
83
|
+
});
|
|
84
|
+
}
|
|
85
|
+
return enforcer.rebuildUserCache({ user: opts.user });
|
|
86
|
+
}
|
|
64
87
|
resolveOptions() {
|
|
65
88
|
for (const [, metadata] of this.descriptors) {
|
|
66
89
|
const { container } = metadata;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcer-registry.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/enforcer-registry.ts"],"names":[],"mappings":";;;AACA,0DAA0D;
|
|
1
|
+
{"version":3,"file":"enforcer-registry.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/enforcer-registry.ts"],"names":[],"mappings":";;;AACA,0DAA0D;AAE1D,qCAAkD;AAClD,sCAQmB;AAEnB,iFAAiF;AAEjF,MAAa,6BAA8B,SAAQ,2BAA4C;IAK7F;QACE,KAAK,CAAC,EAAE,KAAK,EAAE,6BAA6B,CAAC,IAAI,EAAE,CAAC,CAAC;QACrD,IAAI,CAAC,mBAAmB,GAAG,IAAI,GAAG,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,CAAC;YAC5C,6BAA6B,CAAC,QAAQ,GAAG,IAAI,6BAA6B,EAAE,CAAC;QAC/E,CAAC;QAED,OAAO,6BAA6B,CAAC,QAAQ,CAAC;IAChD,CAAC;IAEQ,KAAK;QACZ,KAAK,CAAC,KAAK,EAAE,CAAC;QACd,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;IACnC,CAAC;IAES,gBAAgB;QACxB,OAAO,sBAAa,CAAC,QAAQ,CAAC;IAChC,CAAC;IAED,QAAQ,CAAC,IAgBR;QACC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;QAEtC,4CAA4C;QAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,cAAc,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC;YAC1B,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,+DAA+D,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aAClH,CAAC,CAAC;QACL,CAAC;QAED,KAAK,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,SAAS,EAAE,CAAC;YACpD,uCAAuC;YACvC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAA,wBAAQ,EAAC;oBACb,OAAO,EAAE,gEAAgE,IAAI,EAAE;iBAChF,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,kBAAkB,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;YAE/D,IAAI,OAAO,EAAE,CAAC;gBACZ,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,6BAAoB,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACvF,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,CAAC;IACnC,CAAC;IAED,sBAAsB;QACpB,OAAO,IAAI,CAAC,cAAc,EAAE,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAsB;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAE9C,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7C,MAAM,QAAQ,CAAC,SAAS,EAAE,CAAC;YAC3B,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,4FAA4F;IAC5F,KAAK,CAAC,mBAAmB,CAAC,IAGzB;QACC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAChE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtD,yFAAyF;QACzF,IAAI,OAAO,QAAQ,CAAC,mBAAmB,KAAK,UAAU,EAAE,CAAC;YACvD,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,6CAA6C,IAAI,uCAAuC;aAClG,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,2FAA2F;IAC3F,KAAK,CAAC,gBAAgB,CAAC,IAGtB;QACC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAChE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtD,IAAI,OAAO,QAAQ,CAAC,gBAAgB,KAAK,UAAU,EAAE,CAAC;YACpD,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,6CAA6C,IAAI,uCAAuC;aAClG,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,cAAc;QACZ,KAAK,MAAM,CAAC,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC5C,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAC;YAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAoB;gBAC/C,GAAG,EAAE,6BAAoB,CAAC,OAAO;gBACjC,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;YACH,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,OAAO,CAAC;YACjB,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AA5ID,sEA4IC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,UAAU,CAAC"}
|
|
@@ -16,4 +16,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
__exportStar(require("./casbin.enforcer"), exports);
|
|
18
18
|
__exportStar(require("./enforcer-registry"), exports);
|
|
19
|
+
__exportStar(require("./models"), exports);
|
|
19
20
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,sDAAoC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,sDAAoC;AACpC,2CAAyB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/components/auth/authorize/enforcers/models/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC"}
|
|
@@ -14,6 +14,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./
|
|
18
|
-
__exportStar(require("./string-resource.model"), exports);
|
|
17
|
+
__exportStar(require("./rbac-domain.model"), exports);
|
|
19
18
|
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../src/components/auth/authorize/enforcers/models/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sDAAoC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Scoped RBAC model (v2) — resource/action/domain hierarchies + membership + allow-and-deny.
|
|
3
|
+
*
|
|
4
|
+
* Effect = casbin's predefined `allow-and-deny` effector
|
|
5
|
+
* (`some(where (p.eft == allow)) && !some(where (p.eft == deny))`): default-DENY — a request needs a
|
|
6
|
+
* matching `allow` AND no matching `deny`, so an explicit deny overrides any allow. NOTE this is NOT
|
|
7
|
+
* casbin's `deny-override` effector (`!some(where (p.eft == deny))`), which would be default-ALLOW.
|
|
8
|
+
*
|
|
9
|
+
* Grouping relations (casbin name → meaning). Numbered in request-tuple order (sub → dom → obj → act)
|
|
10
|
+
* so the matcher reads left-to-right:
|
|
11
|
+
* g = assign_role (user→role) + role_inherits (role→role), domain-aware. The `sub` axis.
|
|
12
|
+
* Registered with a KEY_MATCH domain function so a `*` domain on a link matches any request domain.
|
|
13
|
+
* g2 = join_domain (user→domain membership). The `dom` axis (membership). Plain edges.
|
|
14
|
+
* g3 = domain_inherits (e.g. Branch ⊂ Company). The `dom` axis (nesting). Plain edges + self-link;
|
|
15
|
+
* self-link also serves domain-specific grants (g3(Merchant_7, Merchant_7) = true).
|
|
16
|
+
* g4 = resource_inherits. The `obj` axis. Used for explicit non-standard nesting edges (e.g. OrderItem ⊂ Order).
|
|
17
|
+
* Registered with `objectMatch` as matching func for proper edge traversal.
|
|
18
|
+
* Free prefix/wildcard matching (endpoint ⊂ subject ⊂ *) is handled by `objectMatch` called
|
|
19
|
+
* directly in the matcher expression — casbin's role-manager hasLink only traverses stored nodes,
|
|
20
|
+
* so the function must also appear directly for "graph-free" cases.
|
|
21
|
+
* g5 = action_inherits (e.g. read ⊂ manage). The `act` axis. Plain edges + self-link.
|
|
22
|
+
*
|
|
23
|
+
* Domain clause: a grant's domain is one of
|
|
24
|
+
* - SYSTEM_WIDE → matches every domain, bypassing membership (super-admin)
|
|
25
|
+
* - ANY_MEMBER → matches every domain the subject joined (g2)
|
|
26
|
+
* - <Type_id> → that domain (or a nested child via g3)
|
|
27
|
+
*
|
|
28
|
+
* NOTE: relies on DefaultRoleManager self-link (hasLink(name, name) === true) for g3/g4/g5.
|
|
29
|
+
* Keep the default role manager, or any custom one must preserve self-links.
|
|
30
|
+
*/
|
|
31
|
+
export declare const CASBIN_RBAC_DOMAIN_SCOPED_MODEL = "\n[request_definition]\nr = sub, dom, obj, act\n\n[policy_definition]\np = sub, dom, obj, act, eft\n\n[role_definition]\ng = _, _, _\ng2 = _, _\ng3 = _, _\ng4 = _, _\ng5 = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow)) && !some(where (p.eft == deny))\n\n[matchers]\nm = g(r.sub, p.sub, r.dom) && (p.dom == \"SYSTEM_WIDE\" || (p.dom == \"ANY_MEMBER\" && g2(r.sub, r.dom)) || g3(r.dom, p.dom)) && (objectMatch(r.obj, p.obj) || g4(r.obj, p.obj)) && g5(r.act, p.act)\n";
|
|
32
|
+
//# sourceMappingURL=rbac-domain.model.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rbac-domain.model.d.ts","sourceRoot":"","sources":["../../../../../../src/components/auth/authorize/enforcers/models/rbac-domain.model.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,eAAO,MAAM,+BAA+B,geAmB3C,CAAC"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CASBIN_RBAC_DOMAIN_SCOPED_MODEL = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Scoped RBAC model (v2) — resource/action/domain hierarchies + membership + allow-and-deny.
|
|
6
|
+
*
|
|
7
|
+
* Effect = casbin's predefined `allow-and-deny` effector
|
|
8
|
+
* (`some(where (p.eft == allow)) && !some(where (p.eft == deny))`): default-DENY — a request needs a
|
|
9
|
+
* matching `allow` AND no matching `deny`, so an explicit deny overrides any allow. NOTE this is NOT
|
|
10
|
+
* casbin's `deny-override` effector (`!some(where (p.eft == deny))`), which would be default-ALLOW.
|
|
11
|
+
*
|
|
12
|
+
* Grouping relations (casbin name → meaning). Numbered in request-tuple order (sub → dom → obj → act)
|
|
13
|
+
* so the matcher reads left-to-right:
|
|
14
|
+
* g = assign_role (user→role) + role_inherits (role→role), domain-aware. The `sub` axis.
|
|
15
|
+
* Registered with a KEY_MATCH domain function so a `*` domain on a link matches any request domain.
|
|
16
|
+
* g2 = join_domain (user→domain membership). The `dom` axis (membership). Plain edges.
|
|
17
|
+
* g3 = domain_inherits (e.g. Branch ⊂ Company). The `dom` axis (nesting). Plain edges + self-link;
|
|
18
|
+
* self-link also serves domain-specific grants (g3(Merchant_7, Merchant_7) = true).
|
|
19
|
+
* g4 = resource_inherits. The `obj` axis. Used for explicit non-standard nesting edges (e.g. OrderItem ⊂ Order).
|
|
20
|
+
* Registered with `objectMatch` as matching func for proper edge traversal.
|
|
21
|
+
* Free prefix/wildcard matching (endpoint ⊂ subject ⊂ *) is handled by `objectMatch` called
|
|
22
|
+
* directly in the matcher expression — casbin's role-manager hasLink only traverses stored nodes,
|
|
23
|
+
* so the function must also appear directly for "graph-free" cases.
|
|
24
|
+
* g5 = action_inherits (e.g. read ⊂ manage). The `act` axis. Plain edges + self-link.
|
|
25
|
+
*
|
|
26
|
+
* Domain clause: a grant's domain is one of
|
|
27
|
+
* - SYSTEM_WIDE → matches every domain, bypassing membership (super-admin)
|
|
28
|
+
* - ANY_MEMBER → matches every domain the subject joined (g2)
|
|
29
|
+
* - <Type_id> → that domain (or a nested child via g3)
|
|
30
|
+
*
|
|
31
|
+
* NOTE: relies on DefaultRoleManager self-link (hasLink(name, name) === true) for g3/g4/g5.
|
|
32
|
+
* Keep the default role manager, or any custom one must preserve self-links.
|
|
33
|
+
*/
|
|
34
|
+
exports.CASBIN_RBAC_DOMAIN_SCOPED_MODEL = `
|
|
35
|
+
[request_definition]
|
|
36
|
+
r = sub, dom, obj, act
|
|
37
|
+
|
|
38
|
+
[policy_definition]
|
|
39
|
+
p = sub, dom, obj, act, eft
|
|
40
|
+
|
|
41
|
+
[role_definition]
|
|
42
|
+
g = _, _, _
|
|
43
|
+
g2 = _, _
|
|
44
|
+
g3 = _, _
|
|
45
|
+
g4 = _, _
|
|
46
|
+
g5 = _, _
|
|
47
|
+
|
|
48
|
+
[policy_effect]
|
|
49
|
+
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
|
|
50
|
+
|
|
51
|
+
[matchers]
|
|
52
|
+
m = g(r.sub, p.sub, r.dom) && (p.dom == "SYSTEM_WIDE" || (p.dom == "ANY_MEMBER" && g2(r.sub, r.dom)) || g3(r.dom, p.dom)) && (objectMatch(r.obj, p.obj) || g4(r.obj, p.obj)) && g5(r.act, p.act)
|
|
53
|
+
`;
|
|
54
|
+
//# sourceMappingURL=rbac-domain.model.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rbac-domain.model.js","sourceRoot":"","sources":["../../../../../../src/components/auth/authorize/enforcers/models/rbac-domain.model.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACU,QAAA,+BAA+B,GAAG;;;;;;;;;;;;;;;;;;;CAmB9C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/models/index.ts"],"names":[],"mappings":"AAAA,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/models/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAC"}
|
|
@@ -14,6 +14,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./abilities"), exports);
|
|
18
17
|
__exportStar(require("./authorization-role.model"), exports);
|
|
19
18
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/models/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/models/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6DAA2C"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization.provider.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/providers/authorization.provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAkB,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAGrD,OAAO,
|
|
1
|
+
{"version":3,"file":"authorization.provider.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/providers/authorization.provider.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAkB,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAGrD,OAAO,EAIL,YAAY,EAEb,MAAM,WAAW,CAAC;AAKnB,qBAAa,qBAAsB,SAAQ,UAAW,YAAW,SAAS,CAAC,YAAY,CAAC;;IAKtF,KAAK,IAAI,YAAY;IAMrB,OAAO,CAAC,yBAAyB;IA6IjC,OAAO,CAAC,gBAAgB;CAezB"}
|
|
@@ -80,6 +80,17 @@ class AuthorizationProvider extends ignis_helpers_1.BaseHelper {
|
|
|
80
80
|
}
|
|
81
81
|
const resolvedName = enforcerName ?? registry.getDefaultEnforcerName();
|
|
82
82
|
const enforcer = await registry.resolveEnforcer({ name: resolvedName });
|
|
83
|
+
// 5b. Resolve request domain scope and stash it for the enforcer — only when domain scoping is
|
|
84
|
+
// actually in play (a per-route domain OR a configured global resolver). This keeps the legacy,
|
|
85
|
+
// non-domain enforcers untouched and avoids running a resolver (possible DB hit) for no reason.
|
|
86
|
+
if (spec.domain || options?.domainResolver) {
|
|
87
|
+
const domainScope = await (0, common_1.resolveRequestDomain)({
|
|
88
|
+
spec,
|
|
89
|
+
context: (0, types_1.asTypedContext)(context),
|
|
90
|
+
options,
|
|
91
|
+
});
|
|
92
|
+
context.set(common_1.Authorization.DOMAIN, domainScope);
|
|
93
|
+
}
|
|
83
94
|
// 6. Build or retrieve cached rules
|
|
84
95
|
let rules = context.get(common_1.Authorization.RULES);
|
|
85
96
|
if (!rules) {
|
|
@@ -102,6 +113,7 @@ class AuthorizationProvider extends ignis_helpers_1.BaseHelper {
|
|
|
102
113
|
action: spec.action,
|
|
103
114
|
resource: spec.resource,
|
|
104
115
|
conditions: spec.conditions,
|
|
116
|
+
domain: context.get(common_1.Authorization.DOMAIN),
|
|
105
117
|
},
|
|
106
118
|
context: (0, types_1.asTypedContext)(context),
|
|
107
119
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization.provider.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/providers/authorization.provider.ts"],"names":[],"mappings":";;;AAAA,2DAAiE;AACjE,0DAAoE;AAEpE,0CAAgD;AAChD,qDAA+D;AAC/D,
|
|
1
|
+
{"version":3,"file":"authorization.provider.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/providers/authorization.provider.ts"],"names":[],"mappings":";;;AAAA,2DAAiE;AACjE,0DAAoE;AAEpE,0CAAgD;AAChD,qDAA+D;AAC/D,sCAMmB;AACnB,4CAA6D;AAE7D,6EAA6E;AAE7E,MAAa,qBAAsB,SAAQ,0BAAU;IACnD;QACE,KAAK,CAAC,EAAE,KAAK,EAAE,qBAAqB,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,EAAE;YACZ,OAAO,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC;IACJ,CAAC;IAEO,yBAAyB,CAAC,IAAyD;QACzF,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;QACpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAEpE,OAAO,IAAA,0BAAgB,EAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;YAC9C,MAAM,QAAQ,GAAG,yCAA6B,CAAC,WAAW,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,QAAQ,CAAC,cAAc,EAAE,CAAC;YAE1C,qBAAqB;YACrB,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAa,CAAC,kBAAkB,CAAC,CAAC;YACtE,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACxE,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YAED,4BAA4B;YAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,6BAAc,CAAC,YAAY,CAA0B,CAAC;YAC/E,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAA,wBAAQ,EAAC;oBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY;oBAC9C,OAAO,EAAE,mDAAmD;iBAC7D,CAAC,CAAC;YACL,CAAC;YAED,4EAA4E;YAC5E,MAAM,cAAc,GAAG,OAAO,EAAE,gBAAgB,EAAE,MAAM,IAAI,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC;YACtF,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;gBAElD,IACE,OAAO,EAAE,gBAAgB,EAAE,MAAM;oBACjC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,gBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAC1D,CAAC;oBACD,MAAM,CAAC,IAAI,CACT,0EAA0E,EAC1E,SAAS,CACV,CAAC;oBACF,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;gBAED,IAAI,IAAI,CAAC,YAAY,EAAE,MAAM,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,YAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACrF,MAAM,CAAC,IAAI,CAAC,gEAAgE,EAAE,SAAS,CAAC,CAAC;oBACzF,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;YACH,CAAC;YAED,oBAAoB;YACpB,IAAI,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;gBACxB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;oBAChC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC;wBAC3B,IAAI;wBACJ,MAAM,EAAE,IAAI,CAAC,MAAM;wBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,OAAO,EAAE,IAAA,sBAAc,EAAC,OAAO,CAAC;qBACjC,CAAC,CAAC;oBAEH,IAAI,QAAQ,KAAK,+BAAsB,CAAC,IAAI,EAAE,CAAC;wBAC7C,MAAM,IAAA,wBAAQ,EAAC;4BACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS;4BAC3C,OAAO,EAAE,2CAA2C,IAAI,CAAC,MAAM,gBAAgB,IAAI,CAAC,QAAQ,EAAE;yBAC/F,CAAC,CAAC;oBACL,CAAC;oBAED,IAAI,QAAQ,KAAK,+BAAsB,CAAC,KAAK,EAAE,CAAC;wBAC9C,MAAM,IAAI,EAAE,CAAC;wBACb,OAAO;oBACT,CAAC;oBAED,iCAAiC;gBACnC,CAAC;YACH,CAAC;YAED,+DAA+D;YAC/D,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC;gBAC7B,MAAM,CAAC,KAAK,CACV,kEAAkE,EAClE,OAAO,CAAC,GAAG,CAAC,IAAI,CACjB,CAAC;gBACF,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YAED,MAAM,YAAY,GAAG,YAAY,IAAI,QAAQ,CAAC,sBAAsB,EAAE,CAAC;YACvE,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;YAExE,+FAA+F;YAC/F,gGAAgG;YAChG,gGAAgG;YAChG,IAAI,IAAI,CAAC,MAAM,IAAI,OAAO,EAAE,cAAc,EAAE,CAAC;gBAC3C,MAAM,WAAW,GAAG,MAAM,IAAA,6BAAoB,EAAC;oBAC7C,IAAI;oBACJ,OAAO,EAAE,IAAA,sBAAc,EAAC,OAAO,CAAC;oBAChC,OAAO;iBACR,CAAC,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,sBAAa,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YACjD,CAAC;YAED,oCAAoC;YACpC,IAAI,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAa,CAAC,KAAK,CAAC,CAAC;YAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;oBACxB,MAAM,IAAA,wBAAQ,EAAC;wBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU;wBAC5C,OAAO,EACL,uFAAuF;qBAC1F,CAAC,CAAC;gBACL,CAAC;gBAED,KAAK,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC;oBAChC,IAAI,EAAE,IAA6C;oBACnD,OAAO,EAAE,IAAA,sBAAc,EAAC,OAAO,CAAC;iBACjC,CAAC,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,sBAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YAC1C,CAAC;YAED,sCAAsC;YACtC,IAAI,QAAQ,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC;gBACrC,KAAK;gBACL,OAAO,EAAE;oBACP,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAa,CAAC,MAAM,CAAC;iBAC1C;gBACD,OAAO,EAAE,IAAA,sBAAc,EAAC,OAAO,CAAC;aACjC,CAAC,CAAC;YAEH,IAAI,QAAQ,KAAK,+BAAsB,CAAC,OAAO,EAAE,CAAC;gBAChD,QAAQ,GAAG,OAAO,EAAE,eAAe,IAAI,+BAAsB,CAAC,IAAI,CAAC;YACrE,CAAC;YAED,IAAI,QAAQ,KAAK,+BAAsB,CAAC,KAAK,EAAE,CAAC;gBAC9C,MAAM,IAAA,wBAAQ,EAAC;oBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS;oBAC3C,OAAO,EAAE,kCAAkC,IAAI,CAAC,MAAM,gBAAgB,IAAI,CAAC,QAAQ,EAAE;iBACtF,CAAC,CAAC;YACL,CAAC;YAED,MAAM,IAAI,EAAE,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,gBAAgB,CAAC,IAAyB;QAChD,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QAEzB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAgE,EAAE,EAAE;YACpF,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,OAAO,CAAC,CAAC;YACX,CAAC;YACD,OAAO,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAvKD,sDAuKC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal-queue-executor.helper.d.ts","sourceRoot":"","sources":["../../../../../src/components/mail/helpers/executors/internal-queue-executor.helper.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,
|
|
1
|
+
{"version":3,"file":"internal-queue-executor.helper.d.ts","sourceRoot":"","sources":["../../../../../src/components/mail/helpers/executors/internal-queue-executor.helper.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAmC,MAAM,wBAAwB,CAAC;AACrF,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAElB,8BAA8B,EAC9B,gBAAgB,EACjB,MAAM,cAAc,CAAC;AAUtB,qBAAa,+BAAgC,SAAQ,UAAW,YAAW,kBAAkB;IAC3F,OAAO,CAAC,KAAK,CAA0C;IACvD,OAAO,CAAC,YAAY,CAAK;IACzB,OAAO,CAAC,WAAW,CAA0C;IAE7D,OAAO,CAAC,SAAS,CAAC,CAAmD;gBAEzD,IAAI,EAAE,8BAA8B;IA0BhD,YAAY,CACV,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;QACpC,OAAO,EAAE,OAAO,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC;QAChB,gBAAgB,EAAE,MAAM,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC,GACD,IAAI;IAKD,wBAAwB,CAC5B,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,iBAAiB,GAC1B,OAAO,CAAC,gBAAgB,CAAC;YAwCd,UAAU;IA2DxB,OAAO,CAAC,gBAAgB;CAczB"}
|
|
@@ -7,7 +7,7 @@ class InternalQueueMailExecutorHelper extends ignis_helpers_1.BaseHelper {
|
|
|
7
7
|
super({ scope: InternalQueueMailExecutorHelper.name });
|
|
8
8
|
this.jobIdCounter = 0;
|
|
9
9
|
this.delayedJobs = new Map();
|
|
10
|
-
this.queue = new ignis_helpers_1.
|
|
10
|
+
this.queue = new ignis_helpers_1.SequentialQueueHelper({
|
|
11
11
|
identifier: opts.identifier,
|
|
12
12
|
autoDispatch: true,
|
|
13
13
|
onMessage: async ({ queueElement }) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal-queue-executor.helper.js","sourceRoot":"","sources":["../../../../../src/components/mail/helpers/executors/internal-queue-executor.helper.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"internal-queue-executor.helper.js","sourceRoot":"","sources":["../../../../../src/components/mail/helpers/executors/internal-queue-executor.helper.ts"],"names":[],"mappings":";;;AAAA,0DAAqF;AAiBrF,MAAa,+BAAgC,SAAQ,0BAAU;IAO7D,YAAY,IAAoC;QAC9C,KAAK,CAAC,EAAE,KAAK,EAAE,+BAA+B,CAAC,IAAI,EAAE,CAAC,CAAC;QANjD,iBAAY,GAAG,CAAC,CAAC;QACjB,gBAAW,GAAgC,IAAI,GAAG,EAAE,CAAC;QAO3D,IAAI,CAAC,KAAK,GAAG,IAAI,qCAAqB,CAAmB;YACvD,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,YAAY,EAAE,IAAI;YAClB,SAAS,EAAE,KAAK,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE;gBACpC,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YAC9C,CAAC;YACD,aAAa,EAAE,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE;gBAClC,IAAI,CAAC,MAAM;qBACR,GAAG,CAAC,eAAe,CAAC;qBACpB,IAAI,CACH,sCAAsC,EACtC,YAAY,CAAC,OAAO,CAAC,EAAE,EACvB,YAAY,CAAC,OAAO,CAAC,KAAK,CAC3B,CAAC;YACN,CAAC;YACD,aAAa,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;gBAC9B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,yCAAyC,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;YAC9F,CAAC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrF,CAAC;IAED,YAAY,CACV,SAKE;QAEF,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,KAAa,EACb,OAA2B;QAE3B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAA,wBAAQ,EAAC,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACzD,MAAM,GAAG,GAAqB;YAC5B,EAAE,EAAE,KAAK;YACT,KAAK;YACL,OAAO;YACP,QAAQ,EAAE,CAAC;YACX,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,CAAC;SAChD,CAAC;QAEF,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC;aACvC,IAAI,CAAC,uCAAuC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAE/D,IAAI,OAAO,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;YACxC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACxB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACjC,CAAC,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YAElB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAErC,IAAI,CAAC,MAAM;iBACR,GAAG,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC;iBACvC,IAAI,CAAC,oDAAoD,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACtF,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,OAAO;YACL,KAAK;YACL,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,4CAA4C;SACtD,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,GAAqB;QAC5C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,+BAA+B,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACrF,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,QAAQ,IAAI,CAAC,CAAC;QAE/C,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;aACzB,IAAI,CACH,yDAAyD,EACzD,GAAG,CAAC,EAAE,EACN,GAAG,CAAC,KAAK,EACT,GAAG,CAAC,QAAQ,GAAG,CAAC,EAChB,WAAW,CACZ,CAAC;QAEJ,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,wCAAwC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/F,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;YAChE,GAAG,CAAC,QAAQ,EAAE,CAAC;YAEf,IAAI,GAAG,CAAC,QAAQ,GAAG,WAAW,EAAE,CAAC;gBAC/B,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBAEhD,IAAI,CAAC,MAAM;qBACR,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;qBACzB,IAAI,CACH,+EAA+E,EAC/E,GAAG,CAAC,EAAE,EACN,GAAG,CAAC,QAAQ,EACZ,WAAW,EACX,YAAY,EACZ,QAAQ,CACT,CAAC;gBAEJ,wBAAwB;gBACxB,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;oBAC9B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;oBACxB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAClC,CAAC,EAAE,YAAY,CAAC,CAAC;gBAEjB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM;qBACR,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;qBACzB,KAAK,CACJ,kEAAkE,EAClE,WAAW,EACX,GAAG,CAAC,EAAE,EACN,QAAQ,CACT,CAAC;YACN,CAAC;QACH,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,GAAqB;QAC5C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC;QAErC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACnC,OAAO,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QACvD,CAAC;QAED,cAAc;QACd,OAAO,OAAO,CAAC,KAAK,CAAC;IACvB,CAAC;CACF;AAjKD,0EAiKC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@venizia/ignis",
|
|
3
|
-
"version": "0.0.9-
|
|
3
|
+
"version": "0.0.9-15",
|
|
4
4
|
"description": "High-performance TypeScript server infrastructure combining LoopBack 4 enterprise architecture (decorator-based DI, repository pattern, component system) with Hono speed (~140k req/s). Features auto-generated OpenAPI docs, Drizzle ORM type-safe SQL, JWT/Basic authentication, Casbin authorization, convention-based bootstrapping, and pluggable components for health checks, Swagger UI, mail, Socket.IO, and static assets. Built for Bun and Node.js.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"access-control",
|
|
@@ -145,8 +145,8 @@
|
|
|
145
145
|
"prepublishOnly": "bun run rebuild"
|
|
146
146
|
},
|
|
147
147
|
"dependencies": {
|
|
148
|
-
"@venizia/ignis-boot": "^0.0.5-
|
|
149
|
-
"@venizia/ignis-helpers": "^0.0.8-
|
|
148
|
+
"@venizia/ignis-boot": "^0.0.5-9",
|
|
149
|
+
"@venizia/ignis-helpers": "^0.0.8-13",
|
|
150
150
|
"@venizia/ignis-inversion": "^0.0.6-2",
|
|
151
151
|
"lodash": "^4.18.1",
|
|
152
152
|
"reflect-metadata": "^0.2.2"
|
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
import { IDataSource } from '../../../../base/datasources';
|
|
2
|
-
import { BaseFilteredAdapter, type IBaseFilteredAdapterEntities, type ICasbinPolicyFilter } from './base-filtered';
|
|
3
|
-
export interface IDrizzleCasbinEntities extends IBaseFilteredAdapterEntities {
|
|
4
|
-
permission: {
|
|
5
|
-
schemaName?: string;
|
|
6
|
-
tableName: string;
|
|
7
|
-
principalType: string;
|
|
8
|
-
};
|
|
9
|
-
role: {
|
|
10
|
-
schemaName?: string;
|
|
11
|
-
tableName: string;
|
|
12
|
-
principalType: string;
|
|
13
|
-
};
|
|
14
|
-
policyDefinition: {
|
|
15
|
-
schemaName?: string;
|
|
16
|
-
tableName: string;
|
|
17
|
-
principalType: string;
|
|
18
|
-
};
|
|
19
|
-
}
|
|
20
|
-
export interface IDrizzleCasbinAdapterOptions {
|
|
21
|
-
dataSource: IDataSource;
|
|
22
|
-
entities: IDrizzleCasbinEntities;
|
|
23
|
-
}
|
|
24
|
-
export declare class DrizzleCasbinAdapter extends BaseFilteredAdapter<IDrizzleCasbinEntities> {
|
|
25
|
-
private dataSource;
|
|
26
|
-
private static readonly DEFAULT_SCHEMA;
|
|
27
|
-
private get connector();
|
|
28
|
-
constructor(opts: IDrizzleCasbinAdapterOptions);
|
|
29
|
-
/** Resolve an entity's schema, defaulting to `public`. */
|
|
30
|
-
private schemaOf;
|
|
31
|
-
protected buildDirectPolicies(opts: {
|
|
32
|
-
filter: ICasbinPolicyFilter;
|
|
33
|
-
rolePrincipal: string;
|
|
34
|
-
}): Promise<string[]>;
|
|
35
|
-
protected buildGroupPolicies(opts: {
|
|
36
|
-
filter: ICasbinPolicyFilter;
|
|
37
|
-
}): Promise<{
|
|
38
|
-
lines: string[];
|
|
39
|
-
roleIds: (string | number)[];
|
|
40
|
-
}>;
|
|
41
|
-
protected buildRolePolicies(opts: {
|
|
42
|
-
roleIds: (string | number)[];
|
|
43
|
-
rolePrincipal: string;
|
|
44
|
-
}): Promise<string[]>;
|
|
45
|
-
}
|
|
46
|
-
//# sourceMappingURL=drizzle-casbin.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"drizzle-casbin.d.ts","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/adapters/drizzle-casbin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAiB,MAAM,oBAAoB,CAAC;AAGhE,OAAO,EACL,mBAAmB,EACnB,KAAK,4BAA4B,EACjC,KAAK,mBAAmB,EAEzB,MAAM,iBAAiB,CAAC;AACzB,MAAM,WAAW,sBAAuB,SAAQ,4BAA4B;IAC1E,UAAU,EAAE;QACV,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,IAAI,EAAE;QACJ,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,gBAAgB,EAAE;QAChB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;CACH;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,EAAE,WAAW,CAAC;IACxB,QAAQ,EAAE,sBAAsB,CAAC;CAClC;AAID,qBAAa,oBAAqB,SAAQ,mBAAmB,CAAC,sBAAsB,CAAC;IACnF,OAAO,CAAC,UAAU,CAAc;IAEhC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAY;IAElD,OAAO,KAAK,SAAS,GAEpB;gBAEW,IAAI,EAAE,4BAA4B;IAK9C,0DAA0D;IAC1D,OAAO,CAAC,QAAQ;cAKA,mBAAmB,CAAC,IAAI,EAAE;QACxC,MAAM,EAAE,mBAAmB,CAAC;QAC5B,aAAa,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;cAiCL,kBAAkB,CAAC,IAAI,EAAE;QACvC,MAAM,EAAE,mBAAmB,CAAC;KAC7B,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAA;KAAE,CAAC;cAqC9C,iBAAiB,CAAC,IAAI,EAAE;QACtC,OAAO,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;QAC7B,aAAa,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;CAoCtB"}
|
|
@@ -1,104 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.DrizzleCasbinAdapter = void 0;
|
|
4
|
-
const drizzle_orm_1 = require("drizzle-orm");
|
|
5
|
-
const common_1 = require("../common");
|
|
6
|
-
const base_filtered_1 = require("./base-filtered");
|
|
7
|
-
// Drizzle Casbin Adapter — read-only FilteredAdapter using raw SQL queries
|
|
8
|
-
class DrizzleCasbinAdapter extends base_filtered_1.BaseFilteredAdapter {
|
|
9
|
-
static { this.DEFAULT_SCHEMA = 'public'; }
|
|
10
|
-
get connector() {
|
|
11
|
-
return this.dataSource.connector;
|
|
12
|
-
}
|
|
13
|
-
constructor(opts) {
|
|
14
|
-
super({ scope: DrizzleCasbinAdapter.name, entities: opts.entities });
|
|
15
|
-
this.dataSource = opts.dataSource;
|
|
16
|
-
}
|
|
17
|
-
/** Resolve an entity's schema, defaulting to `public`. */
|
|
18
|
-
schemaOf(opts) {
|
|
19
|
-
return opts.entity.schemaName ?? DrizzleCasbinAdapter.DEFAULT_SCHEMA;
|
|
20
|
-
}
|
|
21
|
-
// Query builders
|
|
22
|
-
async buildDirectPolicies(opts) {
|
|
23
|
-
const { permission: perm, policyDefinition: pd } = this.entities;
|
|
24
|
-
const { principalType, principalValue } = opts.filter;
|
|
25
|
-
const result = await this.connector.execute((0, drizzle_orm_1.sql) `
|
|
26
|
-
SELECT pd.variant, p.code, pd.action,
|
|
27
|
-
pd.subject_type AS "subjectType", pd.subject_id AS "subjectId",
|
|
28
|
-
pd.effect, pd.domain
|
|
29
|
-
FROM ${drizzle_orm_1.sql.identifier(this.schemaOf({ entity: pd }))}.${drizzle_orm_1.sql.identifier(pd.tableName)} pd
|
|
30
|
-
INNER JOIN ${drizzle_orm_1.sql.identifier(this.schemaOf({ entity: perm }))}.${drizzle_orm_1.sql.identifier(perm.tableName)} p ON pd.target_id = p.id
|
|
31
|
-
WHERE pd.variant = ${common_1.CasbinRuleVariants.POLICY}
|
|
32
|
-
AND pd.subject_type = ${principalType}
|
|
33
|
-
AND pd.subject_id = ${principalValue}
|
|
34
|
-
AND pd.target_type = ${perm.principalType}
|
|
35
|
-
`);
|
|
36
|
-
const policyLines = [];
|
|
37
|
-
if (!result.rows.length) {
|
|
38
|
-
return policyLines;
|
|
39
|
-
}
|
|
40
|
-
for (const row of result.rows) {
|
|
41
|
-
const line = this.toPolicyLine({ row });
|
|
42
|
-
if (!line) {
|
|
43
|
-
continue;
|
|
44
|
-
}
|
|
45
|
-
policyLines.push(line);
|
|
46
|
-
}
|
|
47
|
-
return policyLines;
|
|
48
|
-
}
|
|
49
|
-
async buildGroupPolicies(opts) {
|
|
50
|
-
const { role: rol, policyDefinition: pd } = this.entities;
|
|
51
|
-
const { principalType, principalValue } = opts.filter;
|
|
52
|
-
const result = await this.connector.execute((0, drizzle_orm_1.sql) `
|
|
53
|
-
SELECT pd.target_id AS "targetId", pd.domain
|
|
54
|
-
FROM ${drizzle_orm_1.sql.identifier(this.schemaOf({ entity: pd }))}.${drizzle_orm_1.sql.identifier(pd.tableName)} pd
|
|
55
|
-
WHERE pd.variant = ${common_1.CasbinRuleVariants.GROUP}
|
|
56
|
-
AND pd.subject_type = ${principalType}
|
|
57
|
-
AND pd.subject_id = ${principalValue}
|
|
58
|
-
AND pd.target_type = ${rol.principalType}
|
|
59
|
-
`);
|
|
60
|
-
const policyLines = [];
|
|
61
|
-
const roleIds = [];
|
|
62
|
-
if (!result.rows.length) {
|
|
63
|
-
return { lines: policyLines, roleIds };
|
|
64
|
-
}
|
|
65
|
-
for (const row of result.rows) {
|
|
66
|
-
roleIds.push(row.targetId);
|
|
67
|
-
policyLines.push(this.toGroupLine({
|
|
68
|
-
subject: `${principalType}_${principalValue}`,
|
|
69
|
-
role: `${rol.principalType}_${row.targetId}`,
|
|
70
|
-
domain: this.formatDomain(row.domain),
|
|
71
|
-
}));
|
|
72
|
-
}
|
|
73
|
-
return { lines: policyLines, roleIds };
|
|
74
|
-
}
|
|
75
|
-
async buildRolePolicies(opts) {
|
|
76
|
-
const { permission: perm, role: rol, policyDefinition: pd } = this.entities;
|
|
77
|
-
const { roleIds } = opts;
|
|
78
|
-
const result = await this.connector.execute((0, drizzle_orm_1.sql) `
|
|
79
|
-
SELECT pd.variant, p.code, pd.action,
|
|
80
|
-
pd.subject_type AS "subjectType", pd.subject_id AS "subjectId",
|
|
81
|
-
pd.effect, pd.domain
|
|
82
|
-
FROM ${drizzle_orm_1.sql.identifier(this.schemaOf({ entity: pd }))}.${drizzle_orm_1.sql.identifier(pd.tableName)} pd
|
|
83
|
-
INNER JOIN ${drizzle_orm_1.sql.identifier(this.schemaOf({ entity: perm }))}.${drizzle_orm_1.sql.identifier(perm.tableName)} p ON pd.target_id = p.id
|
|
84
|
-
WHERE pd.variant = ${common_1.CasbinRuleVariants.POLICY}
|
|
85
|
-
AND pd.subject_type = ${rol.principalType}
|
|
86
|
-
AND pd.subject_id IN (${drizzle_orm_1.sql.join(roleIds.map(id => (0, drizzle_orm_1.sql) `${id}`), (0, drizzle_orm_1.sql) `, `)})
|
|
87
|
-
AND pd.target_type = ${perm.principalType}
|
|
88
|
-
`);
|
|
89
|
-
const policyLines = [];
|
|
90
|
-
if (!result.rows.length) {
|
|
91
|
-
return policyLines;
|
|
92
|
-
}
|
|
93
|
-
for (const row of result.rows) {
|
|
94
|
-
const line = this.toPolicyLine({ row });
|
|
95
|
-
if (!line) {
|
|
96
|
-
continue;
|
|
97
|
-
}
|
|
98
|
-
policyLines.push(line);
|
|
99
|
-
}
|
|
100
|
-
return policyLines;
|
|
101
|
-
}
|
|
102
|
-
}
|
|
103
|
-
exports.DrizzleCasbinAdapter = DrizzleCasbinAdapter;
|
|
104
|
-
//# sourceMappingURL=drizzle-casbin.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"drizzle-casbin.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/adapters/drizzle-casbin.ts"],"names":[],"mappings":";;;AACA,6CAAkC;AAClC,sCAA+C;AAC/C,mDAKyB;AAwBzB,2EAA2E;AAE3E,MAAa,oBAAqB,SAAQ,mCAA2C;aAG3D,mBAAc,GAAG,QAAQ,CAAC;IAElD,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;IACnC,CAAC;IAED,YAAY,IAAkC;QAC5C,KAAK,CAAC,EAAE,KAAK,EAAE,oBAAoB,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACpC,CAAC;IAED,0DAA0D;IAClD,QAAQ,CAAC,IAAyC;QACxD,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,oBAAoB,CAAC,cAAc,CAAC;IACvE,CAAC;IAED,iBAAiB;IACP,KAAK,CAAC,mBAAmB,CAAC,IAGnC;QACC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAiB,IAAA,iBAAG,EAAA;;;;aAItD,iBAAG,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,iBAAG,CAAC,UAAU,CAAC,EAAE,CAAC,SAAS,CAAC;mBACvE,iBAAG,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,iBAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;2BACzE,2BAAkB,CAAC,MAAM;gCACpB,aAAa;8BACf,cAAc;+BACb,IAAI,CAAC,aAAa;KAC5C,CAAC,CAAC;QAEH,MAAM,WAAW,GAAkB,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YACxC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAES,KAAK,CAAC,kBAAkB,CAAC,IAElC;QACC,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC1D,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAItD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAO,IAAA,iBAAG,EAAA;;aAE5C,iBAAG,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,iBAAG,CAAC,UAAU,CAAC,EAAE,CAAC,SAAS,CAAC;2BAC/D,2BAAkB,CAAC,KAAK;gCACnB,aAAa;8BACf,cAAc;+BACb,GAAG,CAAC,aAAa;KAC3C,CAAC,CAAC;QAEH,MAAM,WAAW,GAAkB,EAAE,CAAC;QACtC,MAAM,OAAO,GAAwB,EAAE,CAAC;QAExC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;QACzC,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE3B,WAAW,CAAC,IAAI,CACd,IAAI,CAAC,WAAW,CAAC;gBACf,OAAO,EAAE,GAAG,aAAa,IAAI,cAAc,EAAE;gBAC7C,IAAI,EAAE,GAAG,GAAG,CAAC,aAAa,IAAI,GAAG,CAAC,QAAQ,EAAE;gBAC5C,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;aACtC,CAAC,CACH,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;IACzC,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,IAGjC;QACC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC5E,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QAEzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAiB,IAAA,iBAAG,EAAA;;;;aAItD,iBAAG,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,IAAI,iBAAG,CAAC,UAAU,CAAC,EAAE,CAAC,SAAS,CAAC;mBACvE,iBAAG,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,iBAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;2BACzE,2BAAkB,CAAC,MAAM;gCACpB,GAAG,CAAC,aAAa;gCACjB,iBAAG,CAAC,IAAI,CAC9B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,IAAA,iBAAG,EAAA,GAAG,EAAE,EAAE,CAAC,EAC7B,IAAA,iBAAG,EAAA,IAAI,CACR;+BACsB,IAAI,CAAC,aAAa;KAC5C,CAAC,CAAC;QAEH,MAAM,WAAW,GAAkB,EAAE,CAAC;QAEtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YACxC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;;AArIH,oDAsIC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/components/auth/authorize/models/abilities/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,yBAAyB,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../src/components/auth/authorize/models/abilities/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,wDAAsC;AACtC,0DAAwC"}
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
import type { IAuthorizationComparable } from '../../common';
|
|
2
|
-
export declare class StringAuthorizationAction implements IAuthorizationComparable<string> {
|
|
3
|
-
static readonly WILDCARD = "*";
|
|
4
|
-
readonly value: string;
|
|
5
|
-
static build(opts: {
|
|
6
|
-
value: string;
|
|
7
|
-
}): StringAuthorizationAction;
|
|
8
|
-
constructor(opts: {
|
|
9
|
-
value: string;
|
|
10
|
-
});
|
|
11
|
-
compare(other: string): number;
|
|
12
|
-
isEqual(other: string): boolean;
|
|
13
|
-
}
|
|
14
|
-
//# sourceMappingURL=string-action.model.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"string-action.model.d.ts","sourceRoot":"","sources":["../../../../../../src/components/auth/authorize/models/abilities/string-action.model.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAE7D,qBAAa,yBAA0B,YAAW,wBAAwB,CAAC,MAAM,CAAC;IAChF,MAAM,CAAC,QAAQ,CAAC,QAAQ,OAAO;IAE/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IAEvB,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,yBAAyB;gBAIpD,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE;IAInC,OAAO,CAAC,KAAK,EAAE,MAAM;IAOrB,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;CAGhC"}
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.StringAuthorizationAction = void 0;
|
|
4
|
-
class StringAuthorizationAction {
|
|
5
|
-
static { this.WILDCARD = '*'; }
|
|
6
|
-
static build(opts) {
|
|
7
|
-
return new StringAuthorizationAction(opts);
|
|
8
|
-
}
|
|
9
|
-
constructor(opts) {
|
|
10
|
-
this.value = opts.value;
|
|
11
|
-
}
|
|
12
|
-
compare(other) {
|
|
13
|
-
if (this.value === StringAuthorizationAction.WILDCARD) {
|
|
14
|
-
return 0;
|
|
15
|
-
}
|
|
16
|
-
return this.value.localeCompare(other);
|
|
17
|
-
}
|
|
18
|
-
isEqual(other) {
|
|
19
|
-
return this.compare(other) === 0;
|
|
20
|
-
}
|
|
21
|
-
}
|
|
22
|
-
exports.StringAuthorizationAction = StringAuthorizationAction;
|
|
23
|
-
//# sourceMappingURL=string-action.model.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"string-action.model.js","sourceRoot":"","sources":["../../../../../../src/components/auth/authorize/models/abilities/string-action.model.ts"],"names":[],"mappings":";;;AAEA,MAAa,yBAAyB;aACpB,aAAQ,GAAG,GAAG,CAAC;IAI/B,MAAM,CAAC,KAAK,CAAC,IAAuB;QAClC,OAAO,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED,YAAY,IAAuB;QACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,OAAO,CAAC,KAAa;QACnB,IAAI,IAAI,CAAC,KAAK,KAAK,yBAAyB,CAAC,QAAQ,EAAE,CAAC;YACtD,OAAO,CAAC,CAAC;QACX,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,CAAC,KAAa;QACnB,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;;AAtBH,8DAuBC"}
|