npm - @webiny/api-core - Versions diffs - 0.0.0-unstable.61c048f412 - Mend

@webiny/api-core 0.0.0-unstable.61c048f412

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1214) hide show

package/features/security/authentication/AuthenticationContext/SetIdTokenCookie.js ADDED Viewed

@@ -0,0 +1,52 @@
+import jwt from "jsonwebtoken";
+import { createImplementation } from "@webiny/feature/api";
+import { Reply } from "@webiny/handler";
+import { AfterAuthenticationHandler } from "./index.js";
+import { AuthenticationContext } from "./index.js";
+const get24HoursFromNow = () => {
+  const oneHour = 1000 * 60 * 60;
+  return new Date(new Date().getTime() + oneHour * 24);
+};
+const toDate = timestamp => {
+  return timestamp ? new Date(timestamp * 1000) : get24HoursFromNow();
+};
+class SetIdTokenCookieImpl {
+  constructor(authenticationContext, reply) {
+    this.authenticationContext = authenticationContext;
+    this.reply = reply;
+  }
+  async handle() {
+    const token = this.authenticationContext.getAuthToken();
+    if (!token) {
+      return;
+    }
+    // Attempt to acquire expiration from the token; fall back to "expire in 24 hours".
+    // In most cases the token will be a JWT token, but it can also be a custom token, or an API key.
+    const tokenData = jwt.decode(token, {
+      json: true
+    });
+    const expiresOn = tokenData ? toDate(tokenData.exp) : get24HoursFromNow();
+    // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
+    this.reply.setCookie("wby-id-token", token, {
+      path: "/",
+      expires: expiresOn,
+      // Allow this cookie to be sent with cross-origin requests.
+      sameSite: "none",
+      // Only send this cookie to the server when HTTPS is used.
+      // NOTE: `https` requirement is ignored for `localhost.
+      secure: true,
+      // Forbids JavaScript from accessing the cookie.
+      httpOnly: true
+    });
+    this.reply.header("cache-control", `no-cache="Set-Cookie"`);
+  }
+}
+export const SetIdTokenCookie = createImplementation({
+  abstraction: AfterAuthenticationHandler,
+  implementation: SetIdTokenCookieImpl,
+  dependencies: [AuthenticationContext, Reply]
+});
+//# sourceMappingURL=SetIdTokenCookie.js.map

package/features/security/authentication/AuthenticationContext/SetIdTokenCookie.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["jwt","createImplementation","Reply","AfterAuthenticationHandler","AuthenticationContext","get24HoursFromNow","oneHour","Date","getTime","toDate","timestamp","SetIdTokenCookieImpl","constructor","authenticationContext","reply","handle","token","getAuthToken","tokenData","decode","json","expiresOn","exp","setCookie","path","expires","sameSite","secure","httpOnly","header","SetIdTokenCookie","abstraction","implementation","dependencies"],"sources":["SetIdTokenCookie.ts"],"sourcesContent":["import jwt from \"jsonwebtoken\";\nimport { createImplementation } from \"@webiny/feature/api\";\nimport { Reply } from \"@webiny/handler\";\nimport { AfterAuthenticationHandler } from \"~/features/security/authentication/AuthenticationContext/index.js\";\nimport { AuthenticationContext } from \"~/features/security/authentication/AuthenticationContext/index.js\";\n\nconst get24HoursFromNow = () => {\n const oneHour = 1000 * 60 * 60;\n return new Date(new Date().getTime() + oneHour * 24);\n};\n\nconst toDate = (timestamp: number | undefined) => {\n return timestamp ? new Date(timestamp * 1000) : get24HoursFromNow();\n};\n\nclass SetIdTokenCookieImpl implements AfterAuthenticationHandler.Interface {\n constructor(\n private authenticationContext: AuthenticationContext.Interface,\n private reply: Reply.Interface\n ) {}\n\n async handle(): Promise<void> {\n const token = this.authenticationContext.getAuthToken();\n\n if (!token) {\n return;\n }\n\n // Attempt to acquire expiration from the token; fall back to \"expire in 24 hours\".\n // In most cases the token will be a JWT token, but it can also be a custom token, or an API key.\n const tokenData = jwt.decode(token, { json: true });\n const expiresOn = tokenData ? toDate(tokenData.exp) : get24HoursFromNow();\n\n // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie\n this.reply.setCookie(\"wby-id-token\", token, {\n path: \"/\",\n expires: expiresOn,\n // Allow this cookie to be sent with cross-origin requests.\n sameSite: \"none\",\n // Only send this cookie to the server when HTTPS is used.\n // NOTE: `https` requirement is ignored for `localhost.\n secure: true,\n // Forbids JavaScript from accessing the cookie.\n httpOnly: true\n });\n\n this.reply.header(\"cache-control\", `no-cache=\"Set-Cookie\"`);\n }\n}\n\nexport const SetIdTokenCookie = createImplementation({\n abstraction: AfterAuthenticationHandler,\n implementation: SetIdTokenCookieImpl,\n dependencies: [AuthenticationContext, Reply]\n});\n"],"mappings":"AAAA,OAAOA,GAAG,MAAM,cAAc;AAC9B,SAASC,oBAAoB,QAAQ,qBAAqB;AAC1D,SAASC,KAAK,QAAQ,iBAAiB;AACvC,SAASC,0BAA0B;AACnC,SAASC,qBAAqB;AAE9B,MAAMC,iBAAiB,GAAGA,CAAA,KAAM;EAC5B,MAAMC,OAAO,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE;EAC9B,OAAO,IAAIC,IAAI,CAAC,IAAIA,IAAI,CAAC,CAAC,CAACC,OAAO,CAAC,CAAC,GAAGF,OAAO,GAAG,EAAE,CAAC;AACxD,CAAC;AAED,MAAMG,MAAM,GAAIC,SAA6B,IAAK;EAC9C,OAAOA,SAAS,GAAG,IAAIH,IAAI,CAACG,SAAS,GAAG,IAAI,CAAC,GAAGL,iBAAiB,CAAC,CAAC;AACvE,CAAC;AAED,MAAMM,oBAAoB,CAAiD;EACvEC,WAAWA,CACCC,qBAAsD,EACtDC,KAAsB,EAChC;IAAA,KAFUD,qBAAsD,GAAtDA,qBAAsD;IAAA,KACtDC,KAAsB,GAAtBA,KAAsB;EAC/B;EAEH,MAAMC,MAAMA,CAAA,EAAkB;IAC1B,MAAMC,KAAK,GAAG,IAAI,CAACH,qBAAqB,CAACI,YAAY,CAAC,CAAC;IAEvD,IAAI,CAACD,KAAK,EAAE;MACR;IACJ;;IAEA;IACA;IACA,MAAME,SAAS,GAAGlB,GAAG,CAACmB,MAAM,CAACH,KAAK,EAAE;MAAEI,IAAI,EAAE;IAAK,CAAC,CAAC;IACnD,MAAMC,SAAS,GAAGH,SAAS,GAAGT,MAAM,CAACS,SAAS,CAACI,GAAG,CAAC,GAAGjB,iBAAiB,CAAC,CAAC;;IAEzE;IACA,IAAI,CAACS,KAAK,CAACS,SAAS,CAAC,cAAc,EAAEP,KAAK,EAAE;MACxCQ,IAAI,EAAE,GAAG;MACTC,OAAO,EAAEJ,SAAS;MAClB;MACAK,QAAQ,EAAE,MAAM;MAChB;MACA;MACAC,MAAM,EAAE,IAAI;MACZ;MACAC,QAAQ,EAAE;IACd,CAAC,CAAC;IAEF,IAAI,CAACd,KAAK,CAACe,MAAM,CAAC,eAAe,EAAE,uBAAuB,CAAC;EAC/D;AACJ;AAEA,OAAO,MAAMC,gBAAgB,GAAG7B,oBAAoB,CAAC;EACjD8B,WAAW,EAAE5B,0BAA0B;EACvC6B,cAAc,EAAErB,oBAAoB;EACpCsB,YAAY,EAAE,CAAC7B,qBAAqB,EAAEF,KAAK;AAC/C,CAAC,CAAC","ignoreList":[]}

package/features/security/authentication/AuthenticationContext/abstractions.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { Identity } from "../../../../features/security/IdentityContext/Identity.js";
+export interface IAuthenticationContext {
+    authenticate(token: string): Promise<Identity>;
+    getAuthToken(): string | undefined;
+}
+export declare const AuthenticationContext: import("@webiny/di").Abstraction<IAuthenticationContext>;
+export declare namespace AuthenticationContext {
+    type Interface = IAuthenticationContext;
+}

package/features/security/authentication/AuthenticationContext/abstractions.js ADDED Viewed

@@ -0,0 +1,4 @@
+import { createAbstraction } from "@webiny/feature/api";
+export const AuthenticationContext = createAbstraction("AuthenticationContext");
+//# sourceMappingURL=abstractions.js.map

package/features/security/authentication/AuthenticationContext/abstractions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createAbstraction","AuthenticationContext"],"sources":["abstractions.ts"],"sourcesContent":["import { createAbstraction } from \"@webiny/feature/api\";\nimport type { Identity } from \"~/features/security/IdentityContext/Identity.js\";\n\nexport interface IAuthenticationContext {\n authenticate(token: string): Promise<Identity>;\n getAuthToken(): string | undefined;\n}\n\nexport const AuthenticationContext =\n createAbstraction<IAuthenticationContext>(\"AuthenticationContext\");\n\nexport namespace AuthenticationContext {\n export type Interface = IAuthenticationContext;\n}\n"],"mappings":"AAAA,SAASA,iBAAiB,QAAQ,qBAAqB;AAQvD,OAAO,MAAMC,qBAAqB,GAC9BD,iBAAiB,CAAyB,uBAAuB,CAAC","ignoreList":[]}

package/features/security/authentication/AuthenticationContext/errors.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import { BaseError } from "@webiny/feature/api";
+/**
+ * Base class for all authentication-related errors
+ */
+export declare abstract class AuthenticationError extends BaseError {
+    protected constructor(message: string);
+    static from(error: any): AuthenticationError;
+}
+/**
+ * Thrown when a JWT token has expired
+ */
+export declare class TokenExpiredError extends AuthenticationError {
+    readonly code: "Authentication/TokenExpired";
+    constructor(message?: string);
+}
+/**
+ * Thrown when a JWT token is not yet valid (nbf claim)
+ */
+export declare class TokenNotYetValidError extends AuthenticationError {
+    readonly code: "Authentication/TokenNotYetValid";
+    constructor(message?: string);
+}
+/**
+ * Thrown when a JWT token has an invalid signature
+ */
+export declare class InvalidTokenSignatureError extends AuthenticationError {
+    readonly code: "Authentication/InvalidSignature";
+    constructor(message?: string);
+}
+/**
+ * Thrown when a JWT token is malformed or invalid
+ */
+export declare class InvalidTokenError extends AuthenticationError {
+    readonly code: "Authentication/InvalidToken";
+    constructor(message?: string);
+}
+/**
+ * Thrown when the JWT audience claim doesn't match expected value
+ */
+export declare class InvalidAudienceError extends AuthenticationError {
+    readonly code: "Authentication/InvalidAudience";
+    constructor(message?: string);
+}
+/**
+ * Thrown when the JWT issuer claim doesn't match expected value
+ */
+export declare class InvalidIssuerError extends AuthenticationError {
+    readonly code: "Authentication/InvalidIssuer";
+    constructor(message?: string);
+}
+/**
+ * Thrown when a required JWT claim is missing
+ */
+export declare class MissingClaimError extends AuthenticationError {
+    readonly code: "Authentication/MissingClaim";
+    constructor(claim: string);
+}
+/**
+ * Generic authentication failure error
+ */
+export declare class AuthenticationFailedError extends AuthenticationError {
+    readonly code: "Authentication/Failed";
+    constructor(message?: string);
+}

package/features/security/authentication/AuthenticationContext/errors.js ADDED Viewed

@@ -0,0 +1,130 @@
+import { BaseError } from "@webiny/feature/api";
+/**
+ * Base class for all authentication-related errors
+ */
+export class AuthenticationError extends BaseError {
+  constructor(message) {
+    super({
+      message
+    });
+  }
+  static from(error) {
+    // Check for specific jsonwebtoken error names
+    if (error.name === "TokenExpiredError") {
+      return new TokenExpiredError(error.message);
+    }
+    if (error.name === "NotBeforeError") {
+      return new TokenNotYetValidError(error.message);
+    }
+    if (error.name === "JsonWebTokenError") {
+      // Check message for specific error types
+      const message = error.message.toLowerCase();
+      if (message.includes("invalid signature")) {
+        return new InvalidTokenSignatureError(error.message);
+      }
+      if (message.includes("invalid audience") || message.includes("jwt audience")) {
+        return new InvalidAudienceError(error.message);
+      }
+      if (message.includes("invalid issuer") || message.includes("jwt issuer")) {
+        return new InvalidIssuerError(error.message);
+      }
+      if (message.includes("jwt malformed") || message.includes("invalid token")) {
+        return new InvalidTokenError(error.message);
+      }
+      // Generic JsonWebTokenError
+      return new InvalidTokenError(error.message);
+    }
+    // If it's already one of our errors, return as-is
+    if (error instanceof AuthenticationError) {
+      return error;
+    }
+    // For any other error, wrap in InvalidTokenError
+    return new InvalidTokenError(error.message || "Authentication failed");
+  }
+}
+/**
+ * Thrown when a JWT token has expired
+ */
+export class TokenExpiredError extends AuthenticationError {
+  code = "Authentication/TokenExpired";
+  constructor(message = "Token has expired") {
+    super(message);
+  }
+}
+/**
+ * Thrown when a JWT token is not yet valid (nbf claim)
+ */
+export class TokenNotYetValidError extends AuthenticationError {
+  code = "Authentication/TokenNotYetValid";
+  constructor(message = "Token is not yet valid") {
+    super(message);
+  }
+}
+/**
+ * Thrown when a JWT token has an invalid signature
+ */
+export class InvalidTokenSignatureError extends AuthenticationError {
+  code = "Authentication/InvalidSignature";
+  constructor(message = "Invalid token signature") {
+    super(message);
+  }
+}
+/**
+ * Thrown when a JWT token is malformed or invalid
+ */
+export class InvalidTokenError extends AuthenticationError {
+  code = "Authentication/InvalidToken";
+  constructor(message = "Invalid token") {
+    super(message);
+  }
+}
+/**
+ * Thrown when the JWT audience claim doesn't match expected value
+ */
+export class InvalidAudienceError extends AuthenticationError {
+  code = "Authentication/InvalidAudience";
+  constructor(message = "Invalid audience") {
+    super(message);
+  }
+}
+/**
+ * Thrown when the JWT issuer claim doesn't match expected value
+ */
+export class InvalidIssuerError extends AuthenticationError {
+  code = "Authentication/InvalidIssuer";
+  constructor(message = "Invalid issuer") {
+    super(message);
+  }
+}
+/**
+ * Thrown when a required JWT claim is missing
+ */
+export class MissingClaimError extends AuthenticationError {
+  code = "Authentication/MissingClaim";
+  constructor(claim) {
+    super(`Missing required claim: ${claim}`);
+  }
+}
+/**
+ * Generic authentication failure error
+ */
+export class AuthenticationFailedError extends AuthenticationError {
+  code = "Authentication/Failed";
+  constructor(message = "Authentication failed") {
+    super(message);
+  }
+}
+//# sourceMappingURL=errors.js.map

package/features/security/authentication/AuthenticationContext/errors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["BaseError","AuthenticationError","constructor","message","from","error","name","TokenExpiredError","TokenNotYetValidError","toLowerCase","includes","InvalidTokenSignatureError","InvalidAudienceError","InvalidIssuerError","InvalidTokenError","code","MissingClaimError","claim","AuthenticationFailedError"],"sources":["errors.ts"],"sourcesContent":["import { BaseError } from \"@webiny/feature/api\";\n\n/**\n * Base class for all authentication-related errors\n */\nexport abstract class AuthenticationError extends BaseError {\n protected constructor(message: string) {\n super({ message });\n }\n\n static from(error: any): AuthenticationError {\n // Check for specific jsonwebtoken error names\n if (error.name === \"TokenExpiredError\") {\n return new TokenExpiredError(error.message);\n }\n\n if (error.name === \"NotBeforeError\") {\n return new TokenNotYetValidError(error.message);\n }\n\n if (error.name === \"JsonWebTokenError\") {\n // Check message for specific error types\n const message = error.message.toLowerCase();\n\n if (message.includes(\"invalid signature\")) {\n return new InvalidTokenSignatureError(error.message);\n }\n\n if (message.includes(\"invalid audience\") || message.includes(\"jwt audience\")) {\n return new InvalidAudienceError(error.message);\n }\n\n if (message.includes(\"invalid issuer\") || message.includes(\"jwt issuer\")) {\n return new InvalidIssuerError(error.message);\n }\n\n if (message.includes(\"jwt malformed\") || message.includes(\"invalid token\")) {\n return new InvalidTokenError(error.message);\n }\n\n // Generic JsonWebTokenError\n return new InvalidTokenError(error.message);\n }\n\n // If it's already one of our errors, return as-is\n if (error instanceof AuthenticationError) {\n return error;\n }\n\n // For any other error, wrap in InvalidTokenError\n return new InvalidTokenError(error.message || \"Authentication failed\");\n }\n}\n\n/**\n * Thrown when a JWT token has expired\n */\nexport class TokenExpiredError extends AuthenticationError {\n override readonly code = \"Authentication/TokenExpired\" as const;\n\n constructor(message: string = \"Token has expired\") {\n super(message);\n }\n}\n\n/**\n * Thrown when a JWT token is not yet valid (nbf claim)\n */\nexport class TokenNotYetValidError extends AuthenticationError {\n override readonly code = \"Authentication/TokenNotYetValid\" as const;\n\n constructor(message: string = \"Token is not yet valid\") {\n super(message);\n }\n}\n\n/**\n * Thrown when a JWT token has an invalid signature\n */\nexport class InvalidTokenSignatureError extends AuthenticationError {\n override readonly code = \"Authentication/InvalidSignature\" as const;\n\n constructor(message: string = \"Invalid token signature\") {\n super(message);\n }\n}\n\n/**\n * Thrown when a JWT token is malformed or invalid\n */\nexport class InvalidTokenError extends AuthenticationError {\n override readonly code = \"Authentication/InvalidToken\" as const;\n\n constructor(message: string = \"Invalid token\") {\n super(message);\n }\n}\n\n/**\n * Thrown when the JWT audience claim doesn't match expected value\n */\nexport class InvalidAudienceError extends AuthenticationError {\n override readonly code = \"Authentication/InvalidAudience\" as const;\n\n constructor(message: string = \"Invalid audience\") {\n super(message);\n }\n}\n\n/**\n * Thrown when the JWT issuer claim doesn't match expected value\n */\nexport class InvalidIssuerError extends AuthenticationError {\n override readonly code = \"Authentication/InvalidIssuer\" as const;\n\n constructor(message: string = \"Invalid issuer\") {\n super(message);\n }\n}\n\n/**\n * Thrown when a required JWT claim is missing\n */\nexport class MissingClaimError extends AuthenticationError {\n override readonly code = \"Authentication/MissingClaim\" as const;\n\n constructor(claim: string) {\n super(`Missing required claim: ${claim}`);\n }\n}\n\n/**\n * Generic authentication failure error\n */\nexport class AuthenticationFailedError extends AuthenticationError {\n override readonly code = \"Authentication/Failed\" as const;\n\n constructor(message: string = \"Authentication failed\") {\n super(message);\n }\n}\n"],"mappings":"AAAA,SAASA,SAAS,QAAQ,qBAAqB;;AAE/C;AACA;AACA;AACA,OAAO,MAAeC,mBAAmB,SAASD,SAAS,CAAC;EAC9CE,WAAWA,CAACC,OAAe,EAAE;IACnC,KAAK,CAAC;MAAEA;IAAQ,CAAC,CAAC;EACtB;EAEA,OAAOC,IAAIA,CAACC,KAAU,EAAuB;IACzC;IACA,IAAIA,KAAK,CAACC,IAAI,KAAK,mBAAmB,EAAE;MACpC,OAAO,IAAIC,iBAAiB,CAACF,KAAK,CAACF,OAAO,CAAC;IAC/C;IAEA,IAAIE,KAAK,CAACC,IAAI,KAAK,gBAAgB,EAAE;MACjC,OAAO,IAAIE,qBAAqB,CAACH,KAAK,CAACF,OAAO,CAAC;IACnD;IAEA,IAAIE,KAAK,CAACC,IAAI,KAAK,mBAAmB,EAAE;MACpC;MACA,MAAMH,OAAO,GAAGE,KAAK,CAACF,OAAO,CAACM,WAAW,CAAC,CAAC;MAE3C,IAAIN,OAAO,CAACO,QAAQ,CAAC,mBAAmB,CAAC,EAAE;QACvC,OAAO,IAAIC,0BAA0B,CAACN,KAAK,CAACF,OAAO,CAAC;MACxD;MAEA,IAAIA,OAAO,CAACO,QAAQ,CAAC,kBAAkB,CAAC,IAAIP,OAAO,CAACO,QAAQ,CAAC,cAAc,CAAC,EAAE;QAC1E,OAAO,IAAIE,oBAAoB,CAACP,KAAK,CAACF,OAAO,CAAC;MAClD;MAEA,IAAIA,OAAO,CAACO,QAAQ,CAAC,gBAAgB,CAAC,IAAIP,OAAO,CAACO,QAAQ,CAAC,YAAY,CAAC,EAAE;QACtE,OAAO,IAAIG,kBAAkB,CAACR,KAAK,CAACF,OAAO,CAAC;MAChD;MAEA,IAAIA,OAAO,CAACO,QAAQ,CAAC,eAAe,CAAC,IAAIP,OAAO,CAACO,QAAQ,CAAC,eAAe,CAAC,EAAE;QACxE,OAAO,IAAII,iBAAiB,CAACT,KAAK,CAACF,OAAO,CAAC;MAC/C;;MAEA;MACA,OAAO,IAAIW,iBAAiB,CAACT,KAAK,CAACF,OAAO,CAAC;IAC/C;;IAEA;IACA,IAAIE,KAAK,YAAYJ,mBAAmB,EAAE;MACtC,OAAOI,KAAK;IAChB;;IAEA;IACA,OAAO,IAAIS,iBAAiB,CAACT,KAAK,CAACF,OAAO,IAAI,uBAAuB,CAAC;EAC1E;AACJ;;AAEA;AACA;AACA;AACA,OAAO,MAAMI,iBAAiB,SAASN,mBAAmB,CAAC;EACrCc,IAAI,GAAG,6BAA6B;EAEtDb,WAAWA,CAACC,OAAe,GAAG,mBAAmB,EAAE;IAC/C,KAAK,CAACA,OAAO,CAAC;EAClB;AACJ;;AAEA;AACA;AACA;AACA,OAAO,MAAMK,qBAAqB,SAASP,mBAAmB,CAAC;EACzCc,IAAI,GAAG,iCAAiC;EAE1Db,WAAWA,CAACC,OAAe,GAAG,wBAAwB,EAAE;IACpD,KAAK,CAACA,OAAO,CAAC;EAClB;AACJ;;AAEA;AACA;AACA;AACA,OAAO,MAAMQ,0BAA0B,SAASV,mBAAmB,CAAC;EAC9Cc,IAAI,GAAG,iCAAiC;EAE1Db,WAAWA,CAACC,OAAe,GAAG,yBAAyB,EAAE;IACrD,KAAK,CAACA,OAAO,CAAC;EAClB;AACJ;;AAEA;AACA;AACA;AACA,OAAO,MAAMW,iBAAiB,SAASb,mBAAmB,CAAC;EACrCc,IAAI,GAAG,6BAA6B;EAEtDb,WAAWA,CAACC,OAAe,GAAG,eAAe,EAAE;IAC3C,KAAK,CAACA,OAAO,CAAC;EAClB;AACJ;;AAEA;AACA;AACA;AACA,OAAO,MAAMS,oBAAoB,SAASX,mBAAmB,CAAC;EACxCc,IAAI,GAAG,gCAAgC;EAEzDb,WAAWA,CAACC,OAAe,GAAG,kBAAkB,EAAE;IAC9C,KAAK,CAACA,OAAO,CAAC;EAClB;AACJ;;AAEA;AACA;AACA;AACA,OAAO,MAAMU,kBAAkB,SAASZ,mBAAmB,CAAC;EACtCc,IAAI,GAAG,8BAA8B;EAEvDb,WAAWA,CAACC,OAAe,GAAG,gBAAgB,EAAE;IAC5C,KAAK,CAACA,OAAO,CAAC;EAClB;AACJ;;AAEA;AACA;AACA;AACA,OAAO,MAAMa,iBAAiB,SAASf,mBAAmB,CAAC;EACrCc,IAAI,GAAG,6BAA6B;EAEtDb,WAAWA,CAACe,KAAa,EAAE;IACvB,KAAK,CAAC,2BAA2BA,KAAK,EAAE,CAAC;EAC7C;AACJ;;AAEA;AACA;AACA;AACA,OAAO,MAAMC,yBAAyB,SAASjB,mBAAmB,CAAC;EAC7Cc,IAAI,GAAG,uBAAuB;EAEhDb,WAAWA,CAACC,OAAe,GAAG,uBAAuB,EAAE;IACnD,KAAK,CAACA,OAAO,CAAC;EAClB;AACJ","ignoreList":[]}

package/features/security/authentication/AuthenticationContext/events.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import { DomainEvent } from "../../../../features/eventPublisher/index.js";
+import type { IEventHandler } from "../../../../features/eventPublisher/index.js";
+import type { Identity } from "../../../../features/security/IdentityContext/Identity.js";
+export interface BeforeAuthenticationPayload {
+    token: string;
+}
+export declare class BeforeAuthenticationEvent extends DomainEvent<BeforeAuthenticationPayload> {
+    eventType: "authentication.beforeAuthentication";
+    getHandlerAbstraction(): import("@webiny/di").Abstraction<IEventHandler<BeforeAuthenticationEvent>>;
+}
+export declare const BeforeAuthenticationHandler: import("@webiny/di").Abstraction<IEventHandler<BeforeAuthenticationEvent>>;
+export declare namespace BeforeAuthenticationHandler {
+    type Interface = IEventHandler<BeforeAuthenticationEvent>;
+    type Event = BeforeAuthenticationEvent;
+}
+export interface AfterAuthenticationPayload {
+    identity: Identity;
+    token: string;
+}
+export declare class AfterAuthenticationEvent extends DomainEvent<AfterAuthenticationPayload> {
+    eventType: "authentication.afterAuthentication";
+    getHandlerAbstraction(): import("@webiny/di").Abstraction<IEventHandler<AfterAuthenticationEvent>>;
+}
+export declare const AfterAuthenticationHandler: import("@webiny/di").Abstraction<IEventHandler<AfterAuthenticationEvent>>;
+export declare namespace AfterAuthenticationHandler {
+    type Interface = IEventHandler<AfterAuthenticationEvent>;
+    type Event = AfterAuthenticationEvent;
+}

package/features/security/authentication/AuthenticationContext/events.js ADDED Viewed

@@ -0,0 +1,18 @@
+import { DomainEvent } from "../../../eventPublisher/index.js";
+import { createAbstraction } from "@webiny/feature/api";
+export class BeforeAuthenticationEvent extends DomainEvent {
+  eventType = "authentication.beforeAuthentication";
+  getHandlerAbstraction() {
+    return BeforeAuthenticationHandler;
+  }
+}
+export const BeforeAuthenticationHandler = createAbstraction("BeforeAuthenticationHandler");
+export class AfterAuthenticationEvent extends DomainEvent {
+  eventType = "authentication.afterAuthentication";
+  getHandlerAbstraction() {
+    return AfterAuthenticationHandler;
+  }
+}
+export const AfterAuthenticationHandler = createAbstraction("AfterAuthenticationHandler");
+//# sourceMappingURL=events.js.map

package/features/security/authentication/AuthenticationContext/events.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["DomainEvent","createAbstraction","BeforeAuthenticationEvent","eventType","getHandlerAbstraction","BeforeAuthenticationHandler","AfterAuthenticationEvent","AfterAuthenticationHandler"],"sources":["events.ts"],"sourcesContent":["import { DomainEvent } from \"~/features/eventPublisher/index.js\";\nimport { createAbstraction } from \"@webiny/feature/api\";\nimport type { IEventHandler } from \"~/features/eventPublisher/index.js\";\nimport type { Identity } from \"~/features/security/IdentityContext/Identity.js\";\n\nexport interface BeforeAuthenticationPayload {\n token: string;\n}\n\nexport class BeforeAuthenticationEvent extends DomainEvent<BeforeAuthenticationPayload> {\n eventType = \"authentication.beforeAuthentication\" as const;\n\n getHandlerAbstraction() {\n return BeforeAuthenticationHandler;\n }\n}\n\nexport const BeforeAuthenticationHandler = createAbstraction<\n IEventHandler<BeforeAuthenticationEvent>\n>(\"BeforeAuthenticationHandler\");\n\nexport namespace BeforeAuthenticationHandler {\n export type Interface = IEventHandler<BeforeAuthenticationEvent>;\n export type Event = BeforeAuthenticationEvent;\n}\n\nexport interface AfterAuthenticationPayload {\n identity: Identity;\n token: string;\n}\n\nexport class AfterAuthenticationEvent extends DomainEvent<AfterAuthenticationPayload> {\n eventType = \"authentication.afterAuthentication\" as const;\n\n getHandlerAbstraction() {\n return AfterAuthenticationHandler;\n }\n}\n\nexport const AfterAuthenticationHandler = createAbstraction<\n IEventHandler<AfterAuthenticationEvent>\n>(\"AfterAuthenticationHandler\");\n\nexport namespace AfterAuthenticationHandler {\n export type Interface = IEventHandler<AfterAuthenticationEvent>;\n export type Event = AfterAuthenticationEvent;\n}\n"],"mappings":"AAAA,SAASA,WAAW;AACpB,SAASC,iBAAiB,QAAQ,qBAAqB;AAQvD,OAAO,MAAMC,yBAAyB,SAASF,WAAW,CAA8B;EACpFG,SAAS,GAAG,qCAAqC;EAEjDC,qBAAqBA,CAAA,EAAG;IACpB,OAAOC,2BAA2B;EACtC;AACJ;AAEA,OAAO,MAAMA,2BAA2B,GAAGJ,iBAAiB,CAE1D,6BAA6B,CAAC;AAYhC,OAAO,MAAMK,wBAAwB,SAASN,WAAW,CAA6B;EAClFG,SAAS,GAAG,oCAAoC;EAEhDC,qBAAqBA,CAAA,EAAG;IACpB,OAAOG,0BAA0B;EACrC;AACJ;AAEA,OAAO,MAAMA,0BAA0B,GAAGN,iBAAiB,CAEzD,4BAA4B,CAAC","ignoreList":[]}

package/features/security/authentication/AuthenticationContext/feature.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare const AuthenticationContextFeature: import("@webiny/feature/api/createFeature.js").FeatureDefinition<unknown>;

package/features/security/authentication/AuthenticationContext/feature.js ADDED Viewed

@@ -0,0 +1,10 @@
+import { createFeature } from "@webiny/feature/api";
+import { AuthenticationContext } from "./AuthenticationContext.js";
+export const AuthenticationContextFeature = createFeature({
+  name: "AuthenticationContext",
+  register(container) {
+    container.register(AuthenticationContext).inSingletonScope();
+  }
+});
+//# sourceMappingURL=feature.js.map

package/features/security/authentication/AuthenticationContext/feature.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createFeature","AuthenticationContext","AuthenticationContextFeature","name","register","container","inSingletonScope"],"sources":["feature.ts"],"sourcesContent":["import { createFeature } from \"@webiny/feature/api\";\nimport { AuthenticationContext } from \"./AuthenticationContext.js\";\n\nexport const AuthenticationContextFeature = createFeature({\n name: \"AuthenticationContext\",\n register(container) {\n container.register(AuthenticationContext).inSingletonScope();\n }\n});\n"],"mappings":"AAAA,SAASA,aAAa,QAAQ,qBAAqB;AACnD,SAASC,qBAAqB;AAE9B,OAAO,MAAMC,4BAA4B,GAAGF,aAAa,CAAC;EACtDG,IAAI,EAAE,uBAAuB;EAC7BC,QAAQA,CAACC,SAAS,EAAE;IAChBA,SAAS,CAACD,QAAQ,CAACH,qBAAqB,CAAC,CAACK,gBAAgB,CAAC,CAAC;EAChE;AACJ,CAAC,CAAC","ignoreList":[]}

package/features/security/authentication/AuthenticationContext/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { AuthenticationContextFeature } from "./feature.js";
+export { AuthenticationContext } from "./abstractions.js";
+export type { IAuthenticationContext } from "./abstractions.js";
+export * from "./events.js";
+export * from "./errors.js";

package/features/security/authentication/AuthenticationContext/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+export { AuthenticationContextFeature } from "./feature.js";
+export { AuthenticationContext } from "./abstractions.js";
+export * from "./events.js";
+export * from "./errors.js";
+//# sourceMappingURL=index.js.map

package/features/security/authentication/AuthenticationContext/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["AuthenticationContextFeature","AuthenticationContext"],"sources":["index.ts"],"sourcesContent":["export { AuthenticationContextFeature } from \"./feature.js\";\nexport { AuthenticationContext } from \"./abstractions.js\";\nexport type { IAuthenticationContext } from \"./abstractions.js\";\nexport * from \"./events.js\";\nexport * from \"./errors.js\";\n"],"mappings":"AAAA,SAASA,4BAA4B;AACrC,SAASC,qBAAqB;AAE9B;AACA","ignoreList":[]}

package/features/security/authentication/Authenticator/abstractions.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { IdentityData } from "../../../../features/security/IdentityContext/Identity.js";
+export interface IAuthenticator {
+    authenticate(token: string): Promise<IdentityData | null>;
+}
+export declare const Authenticator: import("@webiny/di").Abstraction<IAuthenticator>;
+export declare namespace Authenticator {
+    type Interface = IAuthenticator;
+}

package/features/security/authentication/Authenticator/abstractions.js ADDED Viewed

@@ -0,0 +1,4 @@
+import { createAbstraction } from "@webiny/feature/api";
+export const Authenticator = createAbstraction("Authenticator");
+//# sourceMappingURL=abstractions.js.map

package/features/security/authentication/Authenticator/abstractions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createAbstraction","Authenticator"],"sources":["abstractions.ts"],"sourcesContent":["import { createAbstraction } from \"@webiny/feature/api\";\nimport type { IdentityData } from \"~/features/security/IdentityContext/Identity.js\";\n\nexport interface IAuthenticator {\n authenticate(token: string): Promise<IdentityData | null>;\n}\n\nexport const Authenticator = createAbstraction<IAuthenticator>(\"Authenticator\");\n\nexport namespace Authenticator {\n export type Interface = IAuthenticator;\n}\n"],"mappings":"AAAA,SAASA,iBAAiB,QAAQ,qBAAqB;AAOvD,OAAO,MAAMC,aAAa,GAAGD,iBAAiB,CAAiB,eAAe,CAAC","ignoreList":[]}

package/features/security/authentication/Authenticator/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./abstractions.js";

package/features/security/authentication/Authenticator/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export * from "./abstractions.js";
+//# sourceMappingURL=index.js.map

package/features/security/authentication/Authenticator/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sources":["index.ts"],"sourcesContent":["export * from \"./abstractions.js\";\n"],"mappings":"AAAA","ignoreList":[]}

package/features/security/authorization/AuthorizationContext/AuthorizationContext.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { AuthorizationContext as Abstraction, PermissionTransformer } from "./abstractions.js";
+import { Authorizer } from "../Authorizer/index.js";
+import type { SecurityPermission } from "../../../../types/security.js";
+import { Identity } from "../../../../features/security/IdentityContext/index.js";
+export declare class AuthorizationContext implements Abstraction.Interface {
+    private getAuthorizers;
+    private getTransformers;
+    private permissions?;
+    private permissionsLoader?;
+    constructor(getAuthorizers: () => Authorizer.Interface[], getTransformers: () => PermissionTransformer.Interface[]);
+    loadPermissions(identity: Identity): Promise<SecurityPermission[]>;
+    isAuthorizationEnabled(): boolean;
+    withoutAuthorization<T>(cb: () => Promise<T>): Promise<T>;
+    clearPermissionsCache(): void;
+    private transformPermissions;
+}

package/features/security/authorization/AuthorizationContext/AuthorizationContext.js ADDED Viewed

@@ -0,0 +1,55 @@
+import { AsyncLocalStorage } from "async_hooks";
+const authorizationEnabledStorage = new AsyncLocalStorage();
+export class AuthorizationContext {
+  constructor(getAuthorizers, getTransformers) {
+    this.getAuthorizers = getAuthorizers;
+    this.getTransformers = getTransformers;
+  }
+  async loadPermissions(identity) {
+    if (this.permissions) {
+      return this.permissions;
+    }
+    if (this.permissionsLoader) {
+      return this.permissionsLoader;
+    }
+    this.permissionsLoader = new Promise(async resolve => {
+      // Execute authorizers in sequence until one returns permissions
+      const authorizers = this.getAuthorizers();
+      for (const authorizer of authorizers) {
+        const permissions = await authorizer.authorize(identity);
+        if (Array.isArray(permissions)) {
+          this.permissions = this.transformPermissions(permissions);
+          return resolve(this.permissions);
+        }
+      }
+      // No authorizer returned permissions
+      this.permissions = [];
+      resolve(this.permissions);
+    });
+    return this.permissionsLoader;
+  }
+  isAuthorizationEnabled() {
+    const override = authorizationEnabledStorage.getStore();
+    return override ?? true;
+  }
+  withoutAuthorization(cb) {
+    return authorizationEnabledStorage.run(false, cb);
+  }
+  clearPermissionsCache() {
+    this.permissions = undefined;
+    this.permissionsLoader = undefined;
+  }
+  transformPermissions(permissions) {
+    const transformers = this.getTransformers();
+    if (transformers.length === 0) {
+      return permissions;
+    }
+    return permissions.map(permission => {
+      // A transformer can return one or multiple permissions, so we flatten the result.
+      return transformers.map(t => t.execute(permission)).flat();
+    }).flat();
+  }
+}
+//# sourceMappingURL=AuthorizationContext.js.map

package/features/security/authorization/AuthorizationContext/AuthorizationContext.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["AsyncLocalStorage","authorizationEnabledStorage","AuthorizationContext","constructor","getAuthorizers","getTransformers","loadPermissions","identity","permissions","permissionsLoader","Promise","resolve","authorizers","authorizer","authorize","Array","isArray","transformPermissions","isAuthorizationEnabled","override","getStore","withoutAuthorization","cb","run","clearPermissionsCache","undefined","transformers","length","map","permission","t","execute","flat"],"sources":["AuthorizationContext.ts"],"sourcesContent":["import { AsyncLocalStorage } from \"async_hooks\";\nimport { AuthorizationContext as Abstraction, PermissionTransformer } from \"./abstractions.js\";\nimport { Authorizer } from \"../Authorizer/index.js\";\nimport type { SecurityPermission } from \"~/types/security.js\";\nimport { Identity } from \"~/features/security/IdentityContext/index.js\";\n\nconst authorizationEnabledStorage = new AsyncLocalStorage<boolean>();\n\nexport class AuthorizationContext implements Abstraction.Interface {\n private permissions?: SecurityPermission[];\n private permissionsLoader?: Promise<SecurityPermission[]>;\n\n constructor(\n private getAuthorizers: () => Authorizer.Interface[],\n private getTransformers: () => PermissionTransformer.Interface[]\n ) {}\n\n async loadPermissions(identity: Identity): Promise<SecurityPermission[]> {\n if (this.permissions) {\n return this.permissions;\n }\n\n if (this.permissionsLoader) {\n return this.permissionsLoader;\n }\n\n this.permissionsLoader = new Promise<SecurityPermission[]>(async resolve => {\n // Execute authorizers in sequence until one returns permissions\n const authorizers = this.getAuthorizers();\n for (const authorizer of authorizers) {\n const permissions = await authorizer.authorize(identity);\n if (Array.isArray(permissions)) {\n this.permissions = this.transformPermissions(permissions);\n return resolve(this.permissions);\n }\n }\n\n // No authorizer returned permissions\n this.permissions = [];\n resolve(this.permissions);\n });\n\n return this.permissionsLoader;\n }\n\n isAuthorizationEnabled(): boolean {\n const override = authorizationEnabledStorage.getStore();\n return override ?? true;\n }\n\n withoutAuthorization<T>(cb: () => Promise<T>): Promise<T> {\n return authorizationEnabledStorage.run(false, cb);\n }\n\n clearPermissionsCache(): void {\n this.permissions = undefined;\n this.permissionsLoader = undefined;\n }\n\n private transformPermissions(permissions: SecurityPermission[]) {\n const transformers = this.getTransformers();\n if (transformers.length === 0) {\n return permissions;\n }\n\n return permissions\n .map(permission => {\n // A transformer can return one or multiple permissions, so we flatten the result.\n return transformers.map(t => t.execute(permission)).flat();\n })\n .flat();\n }\n}\n"],"mappings":"AAAA,SAASA,iBAAiB,QAAQ,aAAa;AAM/C,MAAMC,2BAA2B,GAAG,IAAID,iBAAiB,CAAU,CAAC;AAEpE,OAAO,MAAME,oBAAoB,CAAkC;EAI/DC,WAAWA,CACCC,cAA4C,EAC5CC,eAAwD,EAClE;IAAA,KAFUD,cAA4C,GAA5CA,cAA4C;IAAA,KAC5CC,eAAwD,GAAxDA,eAAwD;EACjE;EAEH,MAAMC,eAAeA,CAACC,QAAkB,EAAiC;IACrE,IAAI,IAAI,CAACC,WAAW,EAAE;MAClB,OAAO,IAAI,CAACA,WAAW;IAC3B;IAEA,IAAI,IAAI,CAACC,iBAAiB,EAAE;MACxB,OAAO,IAAI,CAACA,iBAAiB;IACjC;IAEA,IAAI,CAACA,iBAAiB,GAAG,IAAIC,OAAO,CAAuB,MAAMC,OAAO,IAAI;MACxE;MACA,MAAMC,WAAW,GAAG,IAAI,CAACR,cAAc,CAAC,CAAC;MACzC,KAAK,MAAMS,UAAU,IAAID,WAAW,EAAE;QAClC,MAAMJ,WAAW,GAAG,MAAMK,UAAU,CAACC,SAAS,CAACP,QAAQ,CAAC;QACxD,IAAIQ,KAAK,CAACC,OAAO,CAACR,WAAW,CAAC,EAAE;UAC5B,IAAI,CAACA,WAAW,GAAG,IAAI,CAACS,oBAAoB,CAACT,WAAW,CAAC;UACzD,OAAOG,OAAO,CAAC,IAAI,CAACH,WAAW,CAAC;QACpC;MACJ;;MAEA;MACA,IAAI,CAACA,WAAW,GAAG,EAAE;MACrBG,OAAO,CAAC,IAAI,CAACH,WAAW,CAAC;IAC7B,CAAC,CAAC;IAEF,OAAO,IAAI,CAACC,iBAAiB;EACjC;EAEAS,sBAAsBA,CAAA,EAAY;IAC9B,MAAMC,QAAQ,GAAGlB,2BAA2B,CAACmB,QAAQ,CAAC,CAAC;IACvD,OAAOD,QAAQ,IAAI,IAAI;EAC3B;EAEAE,oBAAoBA,CAAIC,EAAoB,EAAc;IACtD,OAAOrB,2BAA2B,CAACsB,GAAG,CAAC,KAAK,EAAED,EAAE,CAAC;EACrD;EAEAE,qBAAqBA,CAAA,EAAS;IAC1B,IAAI,CAAChB,WAAW,GAAGiB,SAAS;IAC5B,IAAI,CAAChB,iBAAiB,GAAGgB,SAAS;EACtC;EAEQR,oBAAoBA,CAACT,WAAiC,EAAE;IAC5D,MAAMkB,YAAY,GAAG,IAAI,CAACrB,eAAe,CAAC,CAAC;IAC3C,IAAIqB,YAAY,CAACC,MAAM,KAAK,CAAC,EAAE;MAC3B,OAAOnB,WAAW;IACtB;IAEA,OAAOA,WAAW,CACboB,GAAG,CAACC,UAAU,IAAI;MACf;MACA,OAAOH,YAAY,CAACE,GAAG,CAACE,CAAC,IAAIA,CAAC,CAACC,OAAO,CAACF,UAAU,CAAC,CAAC,CAACG,IAAI,CAAC,CAAC;IAC9D,CAAC,CAAC,CACDA,IAAI,CAAC,CAAC;EACf;AACJ","ignoreList":[]}

package/features/security/authorization/AuthorizationContext/abstractions.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { SecurityPermission } from "../../../../types/security.js";
+import { Identity } from "../../../../features/security/IdentityContext/index.js";
+export interface IAuthorizationContext {
+    loadPermissions(identity: Identity): Promise<SecurityPermission[]>;
+    isAuthorizationEnabled(): boolean;
+    withoutAuthorization<T>(cb: () => Promise<T>): Promise<T>;
+    clearPermissionsCache(): void;
+}
+export declare const AuthorizationContext: import("@webiny/di").Abstraction<IAuthorizationContext>;
+export declare namespace AuthorizationContext {
+    type Interface = IAuthorizationContext;
+}
+export interface IPermissionTransformer {
+    execute(permission: SecurityPermission): SecurityPermission | SecurityPermission[];
+}
+export declare const PermissionTransformer: import("@webiny/di").Abstraction<IPermissionTransformer>;
+export declare namespace PermissionTransformer {
+    type Interface = IPermissionTransformer;
+    type Permission = SecurityPermission;
+    type Return = SecurityPermission | SecurityPermission[];
+}

package/features/security/authorization/AuthorizationContext/abstractions.js ADDED Viewed

@@ -0,0 +1,5 @@
+import { createAbstraction } from "@webiny/feature/api";
+export const AuthorizationContext = createAbstraction("AuthorizationContext");
+export const PermissionTransformer = createAbstraction("PermissionTransformer");
+//# sourceMappingURL=abstractions.js.map

package/features/security/authorization/AuthorizationContext/abstractions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createAbstraction","AuthorizationContext","PermissionTransformer"],"sources":["abstractions.ts"],"sourcesContent":["import { createAbstraction } from \"@webiny/feature/api\";\nimport type { SecurityPermission } from \"~/types/security.js\";\nimport { Identity } from \"~/features/security/IdentityContext/index.js\";\n\nexport interface IAuthorizationContext {\n loadPermissions(identity: Identity): Promise<SecurityPermission[]>;\n isAuthorizationEnabled(): boolean;\n withoutAuthorization<T>(cb: () => Promise<T>): Promise<T>;\n clearPermissionsCache(): void;\n}\n\nexport const AuthorizationContext =\n createAbstraction<IAuthorizationContext>(\"AuthorizationContext\");\n\nexport namespace AuthorizationContext {\n export type Interface = IAuthorizationContext;\n}\n\nexport interface IPermissionTransformer {\n execute(permission: SecurityPermission): SecurityPermission | SecurityPermission[];\n}\n\nexport const PermissionTransformer =\n createAbstraction<IPermissionTransformer>(\"PermissionTransformer\");\n\nexport namespace PermissionTransformer {\n export type Interface = IPermissionTransformer;\n export type Permission = SecurityPermission;\n export type Return = SecurityPermission | SecurityPermission[];\n}\n"],"mappings":"AAAA,SAASA,iBAAiB,QAAQ,qBAAqB;AAWvD,OAAO,MAAMC,oBAAoB,GAC7BD,iBAAiB,CAAwB,sBAAsB,CAAC;AAUpE,OAAO,MAAME,qBAAqB,GAC9BF,iBAAiB,CAAyB,uBAAuB,CAAC","ignoreList":[]}

package/features/security/authorization/AuthorizationContext/feature.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare const AuthorizationContextFeature: import("@webiny/feature/api/createFeature.js").FeatureDefinition<unknown>;

package/features/security/authorization/AuthorizationContext/feature.js ADDED Viewed

@@ -0,0 +1,15 @@
+import { createFeature } from "@webiny/feature/api";
+import { AuthorizationContext } from "./AuthorizationContext.js";
+import { AuthorizationContext as Abstraction, PermissionTransformer } from "./abstractions.js";
+import { Authorizer } from "../Authorizer/index.js";
+export const AuthorizationContextFeature = createFeature({
+  name: "AuthorizationContext",
+  register(container) {
+    const getAuthorizers = () => container.resolveAll(Authorizer);
+    const getTransformers = () => container.resolveAll(PermissionTransformer);
+    const authorizationContext = new AuthorizationContext(getAuthorizers, getTransformers);
+    container.registerInstance(Abstraction, authorizationContext);
+  }
+});
+//# sourceMappingURL=feature.js.map

package/features/security/authorization/AuthorizationContext/feature.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createFeature","AuthorizationContext","Abstraction","PermissionTransformer","Authorizer","AuthorizationContextFeature","name","register","container","getAuthorizers","resolveAll","getTransformers","authorizationContext","registerInstance"],"sources":["feature.ts"],"sourcesContent":["import { createFeature } from \"@webiny/feature/api\";\nimport { AuthorizationContext } from \"./AuthorizationContext.js\";\nimport { AuthorizationContext as Abstraction, PermissionTransformer } from \"./abstractions.js\";\nimport { Authorizer } from \"~/features/security/authorization/Authorizer/index.js\";\n\nexport const AuthorizationContextFeature = createFeature({\n name: \"AuthorizationContext\",\n register(container) {\n const getAuthorizers = () => container.resolveAll(Authorizer);\n const getTransformers = () => container.resolveAll(PermissionTransformer);\n\n const authorizationContext = new AuthorizationContext(getAuthorizers, getTransformers);\n\n container.registerInstance(Abstraction, authorizationContext);\n }\n});\n"],"mappings":"AAAA,SAASA,aAAa,QAAQ,qBAAqB;AACnD,SAASC,oBAAoB;AAC7B,SAASA,oBAAoB,IAAIC,WAAW,EAAEC,qBAAqB;AACnE,SAASC,UAAU;AAEnB,OAAO,MAAMC,2BAA2B,GAAGL,aAAa,CAAC;EACrDM,IAAI,EAAE,sBAAsB;EAC5BC,QAAQA,CAACC,SAAS,EAAE;IAChB,MAAMC,cAAc,GAAGA,CAAA,KAAMD,SAAS,CAACE,UAAU,CAACN,UAAU,CAAC;IAC7D,MAAMO,eAAe,GAAGA,CAAA,KAAMH,SAAS,CAACE,UAAU,CAACP,qBAAqB,CAAC;IAEzE,MAAMS,oBAAoB,GAAG,IAAIX,oBAAoB,CAACQ,cAAc,EAAEE,eAAe,CAAC;IAEtFH,SAAS,CAACK,gBAAgB,CAACX,WAAW,EAAEU,oBAAoB,CAAC;EACjE;AACJ,CAAC,CAAC","ignoreList":[]}

package/features/security/authorization/AuthorizationContext/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export { AuthorizationContextFeature } from "./feature.js";
+export { AuthorizationContext } from "./abstractions.js";
+export { PermissionTransformer } from "./abstractions.js";
+export type { IAuthorizationContext } from "./abstractions.js";

package/features/security/authorization/AuthorizationContext/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+export { AuthorizationContextFeature } from "./feature.js";
+export { AuthorizationContext } from "./abstractions.js";
+export { PermissionTransformer } from "./abstractions.js";
+//# sourceMappingURL=index.js.map

package/features/security/authorization/AuthorizationContext/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["AuthorizationContextFeature","AuthorizationContext","PermissionTransformer"],"sources":["index.ts"],"sourcesContent":["export { AuthorizationContextFeature } from \"./feature.js\";\nexport { AuthorizationContext } from \"./abstractions.js\";\nexport { PermissionTransformer } from \"./abstractions.js\";\nexport type { IAuthorizationContext } from \"./abstractions.js\";\n"],"mappings":"AAAA,SAASA,2BAA2B;AACpC,SAASC,oBAAoB;AAC7B,SAASC,qBAAqB","ignoreList":[]}

package/features/security/authorization/Authorizer/abstractions.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { SecurityPermission } from "../../../../types/security.js";
+import { Identity } from "../../../../features/security/IdentityContext/index.js";
+export interface IAuthorizer {
+    authorize(identity: Identity): Promise<SecurityPermission[] | null>;
+}
+export declare const Authorizer: import("@webiny/di").Abstraction<IAuthorizer>;
+export declare namespace Authorizer {
+    type Interface = IAuthorizer;
+}

package/features/security/authorization/Authorizer/abstractions.js ADDED Viewed

@@ -0,0 +1,4 @@
+import { createAbstraction } from "@webiny/feature/api";
+export const Authorizer = createAbstraction("Authorizer");
+//# sourceMappingURL=abstractions.js.map

package/features/security/authorization/Authorizer/abstractions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createAbstraction","Authorizer"],"sources":["abstractions.ts"],"sourcesContent":["import { createAbstraction } from \"@webiny/feature/api\";\nimport type { SecurityPermission } from \"~/types/security.js\";\nimport { Identity } from \"~/features/security/IdentityContext/index.js\";\n\nexport interface IAuthorizer {\n authorize(identity: Identity): Promise<SecurityPermission[] | null>;\n}\n\nexport const Authorizer = createAbstraction<IAuthorizer>(\"Authorizer\");\n\nexport namespace Authorizer {\n export type Interface = IAuthorizer;\n}\n"],"mappings":"AAAA,SAASA,iBAAiB,QAAQ,qBAAqB;AAQvD,OAAO,MAAMC,UAAU,GAAGD,iBAAiB,CAAc,YAAY,CAAC","ignoreList":[]}

package/features/security/authorization/Authorizer/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./abstractions.js";

package/features/security/authorization/Authorizer/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export * from "./abstractions.js";
+//# sourceMappingURL=index.js.map

package/features/security/authorization/Authorizer/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sources":["index.ts"],"sourcesContent":["export * from \"./abstractions.js\";\n"],"mappings":"AAAA","ignoreList":[]}