@vsaas/loopback 10.0.0

package/dist/common/models/role.cjs

@@ -0,0 +1,396 @@
+"use strict";
+const require_runtime = require("../../_virtual/_rolldown/runtime.cjs");
+const require_lib_utils = require("../../lib/utils.cjs");
+const require_lib_access_context = require("../../lib/access-context.cjs");
+//#region src/common/models/role.ts
+var require_role = /* @__PURE__ */ require_runtime.__commonJSMin(((exports, module) => {
+	const debug = require("debug")("loopback:security:role");
+	const assert = require("assert");
+	const utils = require_lib_utils;
+	const ctx = (require_lib_access_context.init_access_context(), require_runtime.__toCommonJS(require_lib_access_context.access_context_exports));
+	const AccessContext = ctx.AccessContext;
+	const Principal = ctx.Principal;
+	module.exports = function(Role) {
+		const RoleMapping = Role.registry.getModelByType("RoleMapping");
+		assert(RoleMapping, "RoleMapping model must be defined before Role model");
+		Role.resolveRelatedModels = function() {
+			if (!this.userModel) {
+				const reg = this.registry;
+				this.roleMappingModel = reg.getModelByType("RoleMapping");
+				this.userModel = reg.getModelByType("User");
+				this.applicationModel = reg.getModelByType("Application");
+			}
+		};
+		Role.once("dataSourceAttached", function(roleModel) {
+			[
+				"users",
+				"applications",
+				"roles"
+			].forEach(function(rel) {
+				Role.prototype[rel] = function(query, callback) {
+					if (!callback) if (typeof query === "function") {
+						callback = query;
+						query = {};
+					} else callback = utils.createPromiseCallback();
+					query = query || {};
+					query.where = query.where || {};
+					roleModel.resolveRelatedModels();
+					const relsToModels = {
+						users: roleModel.userModel,
+						applications: roleModel.applicationModel,
+						roles: roleModel
+					};
+					const ACL = roleModel.registry.getModelByType("ACL");
+					const relsToTypes = {
+						users: ACL.USER,
+						applications: ACL.APP,
+						roles: ACL.ROLE
+					};
+					let principalModel = relsToModels[rel];
+					let principalType = relsToTypes[rel];
+					if (rel === "users" && query.where.principalType && query.where.principalType !== RoleMapping.USER) {
+						principalModel = this.constructor.registry.findModel(query.where.principalType);
+						principalType = query.where.principalType;
+					}
+					delete query.where.principalType;
+					if (principalModel) listByPrincipalType(this, principalModel, principalType, query, callback);
+					else process.nextTick(function() {
+						callback(null, []);
+					});
+					return callback.promise;
+				};
+			});
+			function listByPrincipalType(context, model, principalType, query, callback) {
+				if (callback === void 0 && typeof query === "function") {
+					callback = query;
+					query = {};
+				}
+				query = query || {};
+				roleModel.roleMappingModel.find({ where: {
+					roleId: context.id,
+					principalType
+				} }, function(err, mappings) {
+					if (err) return callback(err);
+					const ids = mappings.map(function(m) {
+						return m.principalId;
+					});
+					query.where = query.where || {};
+					query.where.id = { inq: ids };
+					model.find(query, function(error, models) {
+						callback(error, models);
+					});
+				});
+			}
+		});
+		Role.OWNER = "$owner";
+		Role.RELATED = "$related";
+		Role.AUTHENTICATED = "$authenticated";
+		Role.UNAUTHENTICATED = "$unauthenticated";
+		Role.EVERYONE = "$everyone";
+		Role.registerResolver = function(role, resolver) {
+			if (!Role.resolvers) Role.resolvers = {};
+			Role.resolvers[role] = resolver;
+		};
+		Role.registerResolver(Role.OWNER, function(role, context, callback) {
+			if (!context || !context.model || !context.modelId) {
+				process.nextTick(function() {
+					if (callback) callback(null, false);
+				});
+				return;
+			}
+			const modelClass = context.model;
+			const modelId = context.modelId;
+			const user = context.getUser();
+			const userId = user && user.id;
+			const principalType = user && user.principalType;
+			const opts = { accessToken: context.accessToken };
+			Role.isOwner(modelClass, modelId, userId, principalType, opts, callback);
+		});
+		function isUserClass(modelClass) {
+			if (!modelClass) return false;
+			const User = modelClass.modelBuilder.models.User;
+			if (!User) return false;
+			return modelClass == User || modelClass.prototype instanceof User;
+		}
+		function matches(id1, id2) {
+			if (id1 === void 0 || id1 === null || id1 === "" || id2 === void 0 || id2 === null || id2 === "") return false;
+			return id1 === id2 || id1.toString() === id2.toString();
+		}
+		Role.isOwner = function isOwner(modelClass, modelId, userId, principalType, options, callback) {
+			const registry = this.registry;
+			if (!callback && typeof options === "function") {
+				callback = options;
+				options = {};
+			} else if (!callback && typeof principalType === "function") {
+				callback = principalType;
+				principalType = void 0;
+				options = {};
+			}
+			principalType = principalType || Principal.USER;
+			assert(modelClass, "Model class is required");
+			if (!callback) callback = utils.createPromiseCallback();
+			debug("isOwner(): %s %s userId: %s principalType: %s", modelClass && modelClass.modelName, modelId, userId, principalType);
+			if (!userId) {
+				debug("isOwner(): no user id was set, returning false");
+				process.nextTick(function() {
+					callback(null, false);
+				});
+				return callback.promise;
+			}
+			const isMultipleUsers = _isMultipleUsers();
+			const isPrincipalTypeValid = !isMultipleUsers && principalType === Principal.USER || isMultipleUsers && principalType !== Principal.USER;
+			debug("isOwner(): isMultipleUsers?", isMultipleUsers, "isPrincipalTypeValid?", isPrincipalTypeValid);
+			if (!isPrincipalTypeValid) {
+				process.nextTick(function() {
+					callback(null, false);
+				});
+				return callback.promise;
+			}
+			if (isUserClass(modelClass)) {
+				const userModelName = modelClass.modelName;
+				if (principalType === Principal.USER || principalType === userModelName) {
+					process.nextTick(function() {
+						callback(null, matches(modelId, userId));
+					});
+					return callback.promise;
+				}
+			}
+			modelClass.findById(modelId, options, function(err, inst) {
+				if (err || !inst) {
+					debug("Model not found for id %j", modelId);
+					return callback(err, false);
+				}
+				debug("Model found: %j", inst);
+				if (!modelClass.settings.ownerRelations) return legacyOwnershipCheck(inst);
+				else return checkOwnership(inst);
+			});
+			return callback.promise;
+			function legacyOwnershipCheck(inst) {
+				const ownerId = inst.userId || inst.owner;
+				if (principalType === Principal.USER && ownerId && "function" !== typeof ownerId) return callback(null, matches(ownerId, userId));
+				for (const r in modelClass.relations) {
+					const rel = modelClass.relations[r];
+					if (!(rel.type === "belongsTo" && isUserClass(rel.modelTo))) continue;
+					const relatedUser = rel.modelTo;
+					const userModelName = relatedUser.modelName;
+					const multipleUsers = _isMultipleUsers(relatedUser);
+					if (!multipleUsers && principalType === Principal.USER || multipleUsers && principalType === userModelName) {
+						debug("Checking relation %s to %s: %j", r, userModelName, rel);
+						inst[r](processRelatedUser);
+						return;
+					}
+				}
+				debug("No matching belongsTo relation found for model %j - user %j principalType %j", modelId, userId, principalType);
+				callback(null, false);
+				function processRelatedUser(err, user) {
+					if (err || !user) return callback(err, false);
+					debug("User found: %j", user.id);
+					callback(null, matches(user.id, userId));
+				}
+			}
+			function checkOwnership(inst) {
+				const ownerRelations = inst.constructor.settings.ownerRelations;
+				const relWithUsers = [];
+				for (const r in modelClass.relations) {
+					const rel = modelClass.relations[r];
+					if (rel.type !== "belongsTo" || !isUserClass(rel.modelTo)) continue;
+					const relatedUser = rel.modelTo;
+					const userModelName = relatedUser.modelName;
+					const multipleUsers = _isMultipleUsers(relatedUser);
+					if (!multipleUsers && principalType === Principal.USER || multipleUsers && principalType === userModelName) {
+						debug("Checking relation %s to %s: %j", r, userModelName, rel);
+						if (ownerRelations === true) relWithUsers.push(r);
+						else if (Array.isArray(ownerRelations) && ownerRelations.indexOf(r) !== -1) relWithUsers.push(r);
+					}
+				}
+				if (relWithUsers.length === 0) {
+					debug("No matching belongsTo relation found for model %j and user: %j principalType: %j", modelId, userId, principalType);
+					return callback(null, false);
+				}
+				(async function() {
+					for (const r of relWithUsers) {
+						const user = await utils.invokeWithCallback(inst[r], inst, []);
+						if (!user) continue;
+						debug("User found: %j (through %j)", user.id, r);
+						if (matches(user.id, userId)) return true;
+					}
+					return false;
+				})().then(function(isOwner) {
+					callback(null, isOwner);
+				}, function(err) {
+					callback(err, false);
+				});
+			}
+			function _isMultipleUsers(userModel) {
+				const accessTokensRel = (userModel || registry.getModelByType("User")).relations.accessTokens;
+				return !!(accessTokensRel && accessTokensRel.polymorphic);
+			}
+		};
+		Role.registerResolver(Role.AUTHENTICATED, function(role, context, callback) {
+			if (!context) {
+				process.nextTick(function() {
+					if (callback) callback(null, false);
+				});
+				return;
+			}
+			Role.isAuthenticated(context, callback);
+		});
+		Role.isAuthenticated = function isAuthenticated(context, callback) {
+			if (!callback) callback = utils.createPromiseCallback();
+			process.nextTick(function() {
+				if (callback) callback(null, context.isAuthenticated());
+			});
+			return callback.promise;
+		};
+		Role.registerResolver(Role.UNAUTHENTICATED, function(role, context, callback) {
+			process.nextTick(function() {
+				if (callback) callback(null, !context || !context.isAuthenticated());
+			});
+		});
+		Role.registerResolver(Role.EVERYONE, function(role, context, callback) {
+			process.nextTick(function() {
+				if (callback) callback(null, true);
+			});
+		});
+		Role.isInRole = function(role, context, callback) {
+			context.registry = this.registry;
+			if (!(context instanceof AccessContext)) context = new AccessContext(context);
+			if (!callback) {
+				callback = utils.createPromiseCallback();
+				callback.promise = callback.promise.then(function(isInRole) {
+					return !!isInRole;
+				});
+			}
+			this.resolveRelatedModels();
+			debug("isInRole(): %s", role);
+			context.debug();
+			const resolver = Role.resolvers[role];
+			if (resolver) {
+				debug("Custom resolver found for role %s", role);
+				const promise = resolver(role, context, callback);
+				if (promise && typeof promise.then === "function") promise.then(function(result) {
+					callback(null, result);
+				}, callback);
+				return callback.promise;
+			}
+			if (context.principals.length === 0) {
+				debug("isInRole() returns: false");
+				process.nextTick(function() {
+					if (callback) callback(null, false);
+				});
+				return callback.promise;
+			}
+			const inRole = context.principals.some(function(p) {
+				const principalType = p.type || void 0;
+				const principalId = p.id || void 0;
+				return principalType === RoleMapping.ROLE && principalId === role;
+			});
+			if (inRole) {
+				debug("isInRole() returns: %j", inRole);
+				process.nextTick(function() {
+					if (callback) callback(null, true);
+				});
+				return callback.promise;
+			}
+			const roleMappingModel = this.roleMappingModel;
+			utils.invokeWithCallback(this.findOne, this, [{ where: { name: role } }]).then(function(result) {
+				if (!result) return false;
+				debug("Role found: %j", result);
+				const roleId = result.id.toString();
+				const principalConditions = [];
+				for (let i = 0; i < context.principals.length; i++) {
+					const principal = context.principals[i];
+					const principalType = principal.type || void 0;
+					let principalId = principal.id;
+					if (principalId !== null && principalId !== void 0 && typeof principalId !== "string") principalId = principalId.toString();
+					if (!principalType || principalId === null || principalId === void 0) continue;
+					principalConditions.push({
+						principalType,
+						principalId
+					});
+				}
+				if (principalConditions.length === 0) return false;
+				let mappingQuery;
+				if (principalConditions.length === 1) mappingQuery = { where: {
+					roleId,
+					principalType: principalConditions[0].principalType,
+					principalId: principalConditions[0].principalId
+				} };
+				else mappingQuery = { where: { and: [{ roleId }, { or: principalConditions }] } };
+				return utils.invokeWithCallback(roleMappingModel.findOne, roleMappingModel, [mappingQuery]).then(function(mapping) {
+					debug("Role mapping found: %j", mapping);
+					return !!mapping;
+				});
+			}).then(function(result) {
+				debug("isInRole() returns: %j", result);
+				if (callback) callback(null, result);
+			}, function(err) {
+				if (callback) callback(err);
+			});
+			return callback.promise;
+		};
+		Role.getRoles = function(context, options, callback) {
+			if (!callback) if (typeof options === "function") {
+				callback = options;
+				options = {};
+			} else callback = utils.createPromiseCallback();
+			if (!options) options = {};
+			context.registry = this.registry;
+			if (!(context instanceof AccessContext)) context = new AccessContext(context);
+			const roles = [];
+			this.resolveRelatedModels();
+			const addRole = function(role) {
+				if (role && roles.indexOf(role) === -1) roles.push(role);
+			};
+			const self = this;
+			const resolverNames = Object.keys(Role.resolvers);
+			const smartRoleChecks = new Array(resolverNames.length);
+			for (let i = 0; i < resolverNames.length; i++) {
+				const role = resolverNames[i];
+				smartRoleChecks[i] = utils.invokeWithCallback(self.isInRole, self, [role, context]).then(function(inRole) {
+					if (debug.enabled) debug("In role %j: %j", role, inRole);
+					if (inRole) addRole(role);
+				});
+			}
+			const mappingChecks = [];
+			const roleMappingModel = this.roleMappingModel;
+			for (let i = 0; i < context.principals.length; i++) {
+				const p = context.principals[i];
+				const principalType = p.type || void 0;
+				let principalId = p.id == null ? void 0 : p.id;
+				if (typeof principalId !== "string" && principalId != null) principalId = principalId.toString();
+				if (principalType === RoleMapping.ROLE && principalId) addRole(principalId);
+				if (principalType && principalId) {
+					const filter = { where: {
+						principalType,
+						principalId
+					} };
+					if (options.returnOnlyRoleNames === true) filter.include = ["role"];
+					mappingChecks.push(utils.invokeWithCallback(roleMappingModel.find, roleMappingModel, [filter]).then(function(mappings) {
+						debug("Role mappings found: %j", mappings);
+						for (let j = 0; j < mappings.length; j++) {
+							const m = mappings[j];
+							let role;
+							if (options.returnOnlyRoleNames === true) role = m.toJSON().role.name;
+							else role = m.roleId;
+							addRole(role);
+						}
+					}));
+				}
+			}
+			Promise.all(smartRoleChecks).then(function() {
+				return Promise.all(mappingChecks);
+			}).then(function() {
+				debug("getRoles() returns: %j %j", null, roles);
+				if (callback) callback(null, roles);
+			}, function(err) {
+				debug("getRoles() returns: %j %j", err, roles);
+				if (callback) callback(err, roles);
+			});
+			return callback.promise;
+		};
+		Role.validatesUniquenessOf("name", { message: "already exists" });
+	};
+}));
+//#endregion
+module.exports = require_role();

package/dist/common/models/role2.cjs

@@ -0,0 +1,38 @@
+//#region common/models/role.json
+var require_role = /* @__PURE__ */ require("../../_virtual/_rolldown/runtime.cjs").__commonJSMin(((exports, module) => {
+	module.exports = {
+		"name": "Role",
+		"properties": {
+			"id": {
+				"type": "string",
+				"id": true,
+				"generated": true
+			},
+			"name": {
+				"type": "string",
+				"required": true
+			},
+			"description": "string",
+			"created": {
+				"type": "date",
+				"defaultFn": "now"
+			},
+			"modified": {
+				"type": "date",
+				"defaultFn": "now"
+			}
+		},
+		"relations": { "principals": {
+			"type": "hasMany",
+			"model": "RoleMapping",
+			"foreignKey": "roleId"
+		} }
+	};
+}));
+//#endregion
+Object.defineProperty(exports, "default", {
+	enumerable: true,
+	get: function() {
+		return require_role();
+	}
+});

package/dist/common/models/scope.cjs

@@ -0,0 +1,30 @@
+"use strict";
+const require_runtime$1 = require("../../_virtual/_rolldown/runtime.cjs");
+const require_lib_runtime = require("../../lib/runtime.cjs");
+//#region src/common/models/scope.ts
+var require_scope = /* @__PURE__ */ require_runtime$1.__commonJSMin(((exports, module) => {
+	const assert = require("assert");
+	const runtime = require_lib_runtime;
+	function configureScope(Scope) {
+		Scope.resolveRelatedModels = function() {
+			if (!this.aclModel) {
+				const reg = this.registry;
+				const loopback = runtime.loopback;
+				this.aclModel = reg.getModelByType(loopback.ACL);
+			}
+		};
+		Scope.checkPermission = function(scope, model, property, accessType, callback) {
+			this.resolveRelatedModels();
+			const aclModel = this.aclModel;
+			assert(aclModel, "ACL model must be defined before Scope.checkPermission is called");
+			this.findOne({ where: { name: scope } }, function(err, scope) {
+				if (err) {
+					if (callback) callback(err);
+				} else aclModel.checkPermission(aclModel.SCOPE, scope.id, model, property, accessType, callback);
+			});
+		};
+	}
+	module.exports = configureScope;
+}));
+//#endregion
+module.exports = require_scope();

package/dist/common/models/scope2.cjs

@@ -0,0 +1,21 @@
+//#region common/models/scope.json
+var require_scope = /* @__PURE__ */ require("../../_virtual/_rolldown/runtime.cjs").__commonJSMin(((exports, module) => {
+	module.exports = {
+		"name": "Scope",
+		"description": ["Schema for Scope which represents the permissions that are granted", "to client applications by the resource owner"],
+		"properties": {
+			"name": {
+				"type": "string",
+				"required": true
+			},
+			"description": "string"
+		}
+	};
+}));
+//#endregion
+Object.defineProperty(exports, "default", {
+	enumerable: true,
+	get: function() {
+		return require_scope();
+	}
+});