@zakyyudha/node-authzkit 1.0.0

package/src/stores/MongoAuthzkitStore.ts

@@ -0,0 +1,171 @@
+import { Db, Collection } from 'mongodb';
+import { IAuthzkitStore } from './IAuthzkitStore';
+import { Permission } from '../interfaces/Permission';
+import { Role } from '../interfaces/Role';
+import { MongoConnection } from '../drivers/mongodb/mongo-connection';
+
+interface MongoPermission extends Permission {}
+
+interface MongoRole extends Role {}
+
+interface MongoUserRole {
+  userId: string | number;
+  roleName: string;
+}
+
+interface MongoUserPermission {
+  userId: string | number;
+  permissionName: string;
+}
+
+export class MongoAuthzkitStore implements IAuthzkitStore {
+  private db: Db;
+  private permissionsCollection: Collection<MongoPermission>;
+  private rolesCollection: Collection<MongoRole>;
+  private userRolesCollection: Collection<MongoUserRole>;
+  private userPermissionsCollection: Collection<MongoUserPermission>;
+
+  constructor(mongoConnection: MongoConnection) {
+    this.db = mongoConnection.getDb();
+    this.permissionsCollection = this.db.collection(
+      mongoConnection.getCollectionName('permissions')
+    );
+    this.rolesCollection = this.db.collection(mongoConnection.getCollectionName('roles'));
+    this.userRolesCollection = this.db.collection(mongoConnection.getCollectionName('user_roles'));
+    this.userPermissionsCollection = this.db.collection(
+      mongoConnection.getCollectionName('user_permissions')
+    );
+
+    // Ensure unique indexes
+    void this.permissionsCollection.createIndex({ name: 1 }, { unique: true }).catch(console.error);
+    void this.rolesCollection.createIndex({ name: 1 }, { unique: true }).catch(console.error);
+    void this.userRolesCollection
+      .createIndex({ userId: 1, roleName: 1 }, { unique: true })
+      .catch(console.error);
+    void this.userPermissionsCollection
+      .createIndex({ userId: 1, permissionName: 1 }, { unique: true })
+      .catch(console.error);
+  }
+
+  async getPermission(name: string): Promise<Permission | undefined> {
+    const perm = await this.permissionsCollection.findOne({ name });
+    return perm ? { name: perm.name, guard_name: perm.guard_name } : undefined;
+  }
+
+  async getPermissions(): Promise<Permission[]> {
+    const perms = await this.permissionsCollection.find({}).toArray();
+    return perms.map((perm) => ({ name: perm.name, guard_name: perm.guard_name }));
+  }
+
+  async setPermission(permission: Permission): Promise<void> {
+    await this.permissionsCollection.updateOne(
+      { name: permission.name },
+      { $set: permission },
+      { upsert: true }
+    );
+  }
+
+  async hasPermission(name: string): Promise<boolean> {
+    const count = await this.permissionsCollection.countDocuments({ name });
+    return count > 0;
+  }
+
+  async deletePermission(name: string): Promise<void> {
+    await this.permissionsCollection.deleteOne({ name });
+  }
+
+  async getRole(name: string): Promise<Role | undefined> {
+    const role = await this.rolesCollection.findOne({ name });
+    return role
+      ? { name: role.name, guard_name: role.guard_name, permissions: role.permissions }
+      : undefined;
+  }
+
+  async getRoles(): Promise<Role[]> {
+    const roles = await this.rolesCollection.find({}).toArray();
+    return roles.map((role) => ({
+      name: role.name,
+      guard_name: role.guard_name,
+      permissions: role.permissions,
+    }));
+  }
+
+  async setRole(role: Role): Promise<void> {
+    await this.rolesCollection.updateOne(
+      { name: role.name },
+      { $set: { name: role.name, guard_name: role.guard_name, permissions: role.permissions } },
+      { upsert: true }
+    );
+  }
+
+  async hasRole(name: string): Promise<boolean> {
+    const count = await this.rolesCollection.countDocuments({ name });
+    return count > 0;
+  }
+
+  async deleteRole(name: string): Promise<void> {
+    await this.rolesCollection.deleteOne({ name });
+    await this.userRolesCollection.deleteMany({ roleName: name }); // Remove all assignments for this role
+  }
+
+  async getUserRoles(userId: string | number): Promise<Set<string>> {
+    const userRoles = await this.userRolesCollection.find({ userId }).toArray();
+    return new Set(userRoles.map((ur) => ur.roleName));
+  }
+
+  async addUserRole(userId: string | number, roleName: string): Promise<void> {
+    try {
+      await this.userRolesCollection.insertOne({ userId, roleName });
+    } catch (error: any) {
+      if (error.code === 11000) {
+        // Duplicate key error
+        // Role already assigned, ignore
+      } else {
+        throw error;
+      }
+    }
+  }
+
+  async removeUserRole(userId: string | number, roleName: string): Promise<void> {
+    await this.userRolesCollection.deleteOne({ userId, roleName });
+  }
+
+  async hasUserRole(userId: string | number, roleName: string): Promise<boolean> {
+    const count = await this.userRolesCollection.countDocuments({ userId, roleName });
+    return count > 0;
+  }
+
+  async getUserPermissions(userId: string | number): Promise<Set<string>> {
+    const userPermissions = await this.userPermissionsCollection.find({ userId }).toArray();
+    return new Set(userPermissions.map((up) => up.permissionName));
+  }
+
+  async addUserPermission(userId: string | number, permissionName: string): Promise<void> {
+    try {
+      await this.userPermissionsCollection.insertOne({ userId, permissionName });
+    } catch (error: any) {
+      if (error.code === 11000) {
+        // Duplicate key error
+        // Permission already assigned, ignore
+      } else {
+        throw error;
+      }
+    }
+  }
+
+  async removeUserPermission(userId: string | number, permissionName: string): Promise<void> {
+    await this.userPermissionsCollection.deleteOne({ userId, permissionName });
+  }
+
+  async hasUserPermission(userId: string | number, permissionName: string): Promise<boolean> {
+    const count = await this.userPermissionsCollection.countDocuments({ userId, permissionName });
+    return count > 0;
+  }
+
+  async reset(): Promise<void> {
+    await this.permissionsCollection.deleteMany({});
+    await this.rolesCollection.deleteMany({});
+    await this.userRolesCollection.deleteMany({});
+    await this.userPermissionsCollection.deleteMany({});
+  }
+}

package/src/stores/PgAuthzkitStore.ts

@@ -0,0 +1,191 @@
+import { IAuthzkitStore } from './IAuthzkitStore';
+import { Permission } from '../interfaces/Permission';
+import { Role } from '../interfaces/Role';
+import { PgConnection } from '../drivers/postgres/pg-connection';
+
+export class PgAuthzkitStore implements IAuthzkitStore {
+  private pgConnection: PgConnection;
+  private permissionsTable: string;
+  private rolesTable: string;
+  private userRolesTable: string;
+  private userPermissionsTable: string;
+
+  constructor(pgConnection: PgConnection) {
+    this.pgConnection = pgConnection;
+    this.permissionsTable = this.pgConnection.getTableName('permissions');
+    this.rolesTable = this.pgConnection.getTableName('roles');
+    this.userRolesTable = this.pgConnection.getTableName('user_roles');
+    this.userPermissionsTable = this.pgConnection.getTableName('user_permissions');
+  }
+
+  async getPermission(name: string): Promise<Permission | undefined> {
+    const res = await this.pgConnection.query(
+      `SELECT name, guard_name FROM ${this.permissionsTable} WHERE name = $1`,
+      [name]
+    );
+    if (res.rows.length > 0) {
+      return res.rows[0];
+    }
+    return undefined;
+  }
+
+  async getPermissions(): Promise<Permission[]> {
+    const res = await this.pgConnection.query(
+      `SELECT name, guard_name FROM ${this.permissionsTable}`
+    );
+    return res.rows.map((row) => ({ name: row.name, guard_name: row.guard_name }));
+  }
+
+  async setPermission(permission: Permission): Promise<void> {
+    await this.pgConnection.query(
+      `INSERT INTO ${this.permissionsTable} (name, guard_name) VALUES ($1, $2) ON CONFLICT (name) DO UPDATE SET guard_name = $2`,
+      [permission.name, permission.guard_name]
+    );
+  }
+
+  async hasPermission(name: string): Promise<boolean> {
+    const res = await this.pgConnection.query(
+      `SELECT 1 FROM ${this.permissionsTable} WHERE name = $1`,
+      [name]
+    );
+    return res.rows.length > 0;
+  }
+
+  async deletePermission(name: string): Promise<void> {
+    await this.pgConnection.query(`DELETE FROM ${this.permissionsTable} WHERE name = $1`, [name]);
+  }
+
+  async getRole(name: string): Promise<Role | undefined> {
+    const res = await this.pgConnection.query(
+      `SELECT name, guard_name, permissions FROM ${this.rolesTable} WHERE name = $1`,
+      [name]
+    );
+    if (res.rows.length > 0) {
+      // Ensure permissions are correctly deserialized if stored as string array
+      const roleData = res.rows[0];
+      return {
+        name: roleData.name,
+        guard_name: roleData.guard_name,
+        permissions: Array.isArray(roleData.permissions) ? roleData.permissions : [],
+      };
+    }
+    return undefined;
+  }
+
+  async getRoles(): Promise<Role[]> {
+    const res = await this.pgConnection.query(
+      `SELECT name, guard_name, permissions FROM ${this.rolesTable}`
+    );
+    return res.rows.map((roleData) => ({
+      name: roleData.name,
+      guard_name: roleData.guard_name,
+      permissions: Array.isArray(roleData.permissions) ? roleData.permissions : [],
+    }));
+  }
+
+  async setRole(role: Role): Promise<void> {
+    await this.pgConnection.query(
+      `INSERT INTO ${this.rolesTable} (name, guard_name, permissions) VALUES ($1, $2, $3) ON CONFLICT (name) DO UPDATE SET guard_name = $2, permissions = $3`,
+      [role.name, role.guard_name, role.permissions]
+    );
+  }
+
+  async hasRole(name: string): Promise<boolean> {
+    const res = await this.pgConnection.query(`SELECT 1 FROM ${this.rolesTable} WHERE name = $1`, [
+      name,
+    ]);
+    return res.rows.length > 0;
+  }
+
+  async deleteRole(name: string): Promise<void> {
+    await this.pgConnection.query(`DELETE FROM ${this.rolesTable} WHERE name = $1`, [name]);
+    // CASCADE DELETE should handle user_roles table if set up correctly via foreign keys
+  }
+
+  async getUserRoles(userId: string | number): Promise<Set<string>> {
+    const res = await this.pgConnection.query(
+      `SELECT role_name FROM ${this.userRolesTable} WHERE user_id = $1`,
+      [userId.toString()]
+    );
+    return new Set(res.rows.map((row) => row.role_name));
+  }
+
+  async addUserRole(userId: string | number, roleName: string): Promise<void> {
+    try {
+      await this.pgConnection.query(
+        `INSERT INTO ${this.userRolesTable} (user_id, role_name) VALUES ($1, $2)`,
+        [userId.toString(), roleName]
+      );
+    } catch (error: any) {
+      if (error.code === '23505') {
+        // Unique violation error
+        // Role already assigned, ignore
+      } else {
+        throw error;
+      }
+    }
+  }
+
+  async removeUserRole(userId: string | number, roleName: string): Promise<void> {
+    await this.pgConnection.query(
+      `DELETE FROM ${this.userRolesTable} WHERE user_id = $1 AND role_name = $2`,
+      [userId.toString(), roleName]
+    );
+  }
+
+  async hasUserRole(userId: string | number, roleName: string): Promise<boolean> {
+    const res = await this.pgConnection.query(
+      `SELECT 1 FROM ${this.userRolesTable} WHERE user_id = $1 AND role_name = $2`,
+      [userId.toString(), roleName]
+    );
+    return res.rows.length > 0;
+  }
+
+  async getUserPermissions(userId: string | number): Promise<Set<string>> {
+    const res = await this.pgConnection.query(
+      `SELECT permission_name FROM ${this.userPermissionsTable} WHERE user_id = $1`,
+      [userId.toString()]
+    );
+    return new Set(res.rows.map((row) => row.permission_name));
+  }
+
+  async addUserPermission(userId: string | number, permissionName: string): Promise<void> {
+    try {
+      await this.pgConnection.query(
+        `INSERT INTO ${this.userPermissionsTable} (user_id, permission_name) VALUES ($1, $2)`,
+        [userId.toString(), permissionName]
+      );
+    } catch (error: any) {
+      if (error.code === '23505') {
+        // Unique violation error
+        // Permission already assigned, ignore
+      } else {
+        throw error;
+      }
+    }
+  }
+
+  async removeUserPermission(userId: string | number, permissionName: string): Promise<void> {
+    await this.pgConnection.query(
+      `DELETE FROM ${this.userPermissionsTable} WHERE user_id = $1 AND permission_name = $2`,
+      [userId.toString(), permissionName]
+    );
+  }
+
+  async hasUserPermission(userId: string | number, permissionName: string): Promise<boolean> {
+    const count = await this.pgConnection.query(
+      `SELECT 1 FROM ${this.userPermissionsTable} WHERE user_id = $1 AND permission_name = $2`,
+      [userId.toString(), permissionName]
+    );
+    return count.rows.length > 0;
+  }
+
+  async reset(): Promise<void> {
+    try {
+      await this.pgConnection.truncateTables();
+    } catch (error) {
+      // If truncation fails (e.g., tables don't exist), try initializing the schema
+      await this.pgConnection.initSchema();
+    }
+  }
+}

package/src/utils/envConfig.ts

@@ -0,0 +1,70 @@
+import { IAuthzkitConfig } from '../interfaces/IAuthzkitConfig';
+
+export function loadConfigFromEnv(): IAuthzkitConfig | null {
+  const type = process.env.AUTHZKIT_CONNECTION_TYPE;
+  const uri = process.env.AUTHZKIT_CONNECTION_URI;
+  const dbName = process.env.AUTHZKIT_DB_NAME;
+
+  if (!type && !uri) {
+    return null; // No config found in env
+  }
+
+  const models = {
+    users: process.env.AUTHZKIT_MODEL_USERS,
+    roles: process.env.AUTHZKIT_MODEL_ROLES,
+    permissions: process.env.AUTHZKIT_MODEL_PERMISSIONS,
+    user_roles: process.env.AUTHZKIT_MODEL_USER_ROLES,
+    user_permissions: process.env.AUTHZKIT_MODEL_USER_PERMISSIONS,
+  };
+
+  // Filter undefined models
+  const cleanModels: any = {};
+  for (const [key, value] of Object.entries(models)) {
+    if (value) cleanModels[key] = value;
+  }
+
+  if (type === 'mongodb') {
+    return {
+      connection: {
+        type: 'mongodb',
+        uri: uri || '',
+        database: dbName,
+      },
+      models: Object.keys(cleanModels).length > 0 ? cleanModels : undefined,
+    };
+  } else if (type === 'postgres') {
+    return {
+      connection: {
+        type: 'postgres',
+        uri: uri || '',
+        database: dbName, // Optional for PG connection string usually includes it
+      },
+      models: Object.keys(cleanModels).length > 0 ? cleanModels : undefined,
+    };
+  }
+
+  // Default fallback if type isn't explicit but URI is present, could try to guess, but stricter is better.
+  if (uri) {
+    if (uri.startsWith('mongodb')) {
+      return {
+        connection: {
+          type: 'mongodb',
+          uri: uri,
+          database: dbName,
+        },
+        models: Object.keys(cleanModels).length > 0 ? cleanModels : undefined,
+      };
+    }
+    if (uri.startsWith('postgres')) {
+      return {
+        connection: {
+          type: 'postgres',
+          uri: uri,
+        },
+        models: Object.keys(cleanModels).length > 0 ? cleanModels : undefined,
+      };
+    }
+  }
+
+  return null;
+}

package/tests/Authzkit.test.ts

@@ -0,0 +1,157 @@
+import { Authzkit } from '../src/classes/Authzkit';
+import { Authorizable } from '../src/interfaces/Authorizable';
+import { InMemoryAuthzkitStore } from '../src/stores/InMemoryAuthzkitStore';
+
+describe('Authzkit', () => {
+  let authzkit: Authzkit;
+  let user: Authorizable;
+
+  beforeEach(async () => {
+    // Made beforeEach async
+    // Each test gets a fresh Authzkit instance with a new InMemory store
+    const inMemoryStore = new InMemoryAuthzkitStore();
+    Authzkit.getInstance(inMemoryStore); // Initialize with new store
+    authzkit = Authzkit.getInstance(); // Get the instance, ensure it's the one we just set
+    await authzkit.reset(); // Ensure a clean state for each test
+
+    // Define some permissions and roles
+    await authzkit.definePermission('create_post');
+    await authzkit.definePermission('edit_post');
+    await authzkit.definePermission('delete_post');
+    await authzkit.definePermission('view_dashboard');
+
+    await authzkit.defineRole('admin', [
+      'create_post',
+      'edit_post',
+      'delete_post',
+      'view_dashboard',
+    ]);
+    await authzkit.defineRole('editor', ['create_post', 'edit_post']);
+    await authzkit.defineRole('viewer', ['view_dashboard']);
+
+    user = { id: 1, roles: [], permissions: [] };
+  });
+
+  // --- Permission Definition Tests ---
+  test('should define a permission', async () => {
+    const perm = await authzkit.definePermission('new_permission');
+    expect(perm).toEqual({ name: 'new_permission', guard_name: undefined });
+    await expect(authzkit.definePermission('new_permission')).rejects.toThrow(
+      "Permission 'new_permission' already exists."
+    );
+  });
+
+  // --- Role Definition Tests ---
+  test('should define a role with permissions', async () => {
+    // Made test async
+    const role = await authzkit.defineRole('moderator', ['edit_post']);
+    expect(role).toEqual({ name: 'moderator', permissions: ['edit_post'], guard_name: undefined });
+    await expect(authzkit.defineRole('admin')).rejects.toThrow("Role 'admin' already exists.");
+  });
+
+  test('should throw error if role is defined with non-existent permission', async () => {
+    await expect(authzkit.defineRole('bad_role', ['non_existent_permission'])).rejects.toThrow(
+      "Permission 'non_existent_permission' not found when defining role 'bad_role'."
+    );
+  });
+
+  // --- Assignment Tests ---
+  test('should assign a role to a user', async () => {
+    await authzkit.assignRole(user, 'editor');
+    expect(await authzkit.hasRole(user, 'editor')).toBe(true);
+    expect(await authzkit.hasRole(user, 'admin')).toBe(false);
+  });
+
+  test('should assign a direct permission to a user', async () => {
+    await authzkit.assignPermission(user, 'create_post');
+    expect(await authzkit.hasPermission(user, 'create_post')).toBe(true);
+    expect(await authzkit.hasPermission(user, 'edit_post')).toBe(false);
+  });
+
+  test('should throw error if assigning non-existent role', async () => {
+    await expect(authzkit.assignRole(user, 'non_existent_role')).rejects.toThrow(
+      "Role 'non_existent_role' not found."
+    );
+  });
+
+  test('should throw error if assigning non-existent permission', async () => {
+    await expect(authzkit.assignPermission(user, 'non_existent_permission')).rejects.toThrow(
+      "Permission 'non_existent_permission' not found."
+    );
+  });
+
+  // --- Revocation Tests ---
+  test('should revoke a role from a user', async () => {
+    await authzkit.assignRole(user, 'editor');
+    expect(await authzkit.hasRole(user, 'editor')).toBe(true);
+    await authzkit.revokeRole(user, 'editor');
+    expect(await authzkit.hasRole(user, 'editor')).toBe(false);
+  });
+
+  test('should revoke a direct permission from a user', async () => {
+    await authzkit.assignPermission(user, 'create_post');
+    expect(await authzkit.hasPermission(user, 'create_post')).toBe(true);
+    await authzkit.revokePermission(user, 'create_post');
+    expect(await authzkit.hasPermission(user, 'create_post')).toBe(false);
+  });
+
+  // --- Has Role/Permission Tests ---
+  test('user with role should have role', async () => {
+    await authzkit.assignRole(user, 'admin');
+    expect(await authzkit.hasRole(user, 'admin')).toBe(true);
+  });
+
+  test('user without role should not have role', async () => {
+    expect(await authzkit.hasRole(user, 'admin')).toBe(false);
+  });
+
+  test('user with direct permission should have permission', async () => {
+    await authzkit.assignPermission(user, 'edit_post');
+    expect(await authzkit.hasPermission(user, 'edit_post')).toBe(true);
+  });
+
+  test('user with role having permission should have permission', async () => {
+    await authzkit.assignRole(user, 'editor'); // editor has create_post, edit_post
+    expect(await authzkit.hasPermission(user, 'create_post')).toBe(true);
+    expect(await authzkit.hasPermission(user, 'edit_post')).toBe(true);
+    expect(await authzkit.hasPermission(user, 'delete_post')).toBe(false);
+  });
+
+  test('user with admin role should have all admin permissions', async () => {
+    await authzkit.assignRole(user, 'admin');
+    expect(await authzkit.hasPermission(user, 'create_post')).toBe(true);
+    expect(await authzkit.hasPermission(user, 'edit_post')).toBe(true);
+    expect(await authzkit.hasPermission(user, 'delete_post')).toBe(true);
+    expect(await authzkit.hasPermission(user, 'view_dashboard')).toBe(true);
+  });
+
+  test('user with no permissions/roles should not have any permissions', async () => {
+    expect(await authzkit.hasPermission(user, 'create_post')).toBe(false);
+    expect(await authzkit.hasRole(user, 'admin')).toBe(false);
+  });
+
+  test('roleHasPermission should work correctly', async () => {
+    expect(await authzkit.roleHasPermission('admin', 'create_post')).toBe(true);
+    expect(await authzkit.roleHasPermission('editor', 'delete_post')).toBe(false);
+    expect(await authzkit.roleHasPermission('viewer', 'view_dashboard')).toBe(true);
+    expect(await authzkit.roleHasPermission('non_existent_role', 'some_permission')).toBe(false);
+  });
+
+  // --- Reset Tests ---
+  test('reset should clear all permissions, roles, and assignments', async () => {
+    await authzkit.definePermission('test_perm');
+    await authzkit.defineRole('test_role', ['test_perm']);
+    await authzkit.assignRole(user, 'test_role');
+    await authzkit.assignPermission(user, 'test_perm');
+
+    await authzkit.reset();
+
+    // After reset, defining again should not throw an error (as they were cleared)
+    await expect(authzkit.definePermission('test_perm')).resolves.not.toThrow();
+    await expect(authzkit.defineRole('test_role', ['test_perm'])).resolves.not.toThrow();
+
+    // User should no longer have the role/permission
+    expect(await authzkit.hasRole(user, 'test_role')).toBe(false);
+    expect(await authzkit.hasPermission(user, 'test_perm')).toBe(false);
+  });
+});