chyz 1.0.13-rc.9 → 1.1.0-rc.2

package/filters/auth/HttpBasicAuth.ts

@@ -5,3 +5,71 @@
  * Github:https://github.com/cihan53/
  */
 
+import {HttpHeaderAuth} from "./HttpHeaderAuth";
+import {Request, Response} from "express";
+import {WebUser} from "../../web/WebUser";
+import Utils from "../../requiments/Utils";
+import {AuthMethod} from "./AuthMethod";
+import {InvalidConfigException} from "../../base";
+import BaseChyz from "../../BaseChyz";
+
+export class HttpBasicAuth extends AuthMethod {
+
+    /**
+     * @var string the HTTP header name
+     */
+    public header = 'Authorization';
+
+
+    /**
+     * @var string a pattern to use to extract the HTTP authentication value
+     */
+
+    public pattern = /^Basic\s+(.*?)$/;
+
+
+    /**
+     * @throws InvalidConfigException
+     */
+    public init(): void {
+        super.init();
+
+        if (!this.pattern) {
+            throw new InvalidConfigException('You must provide pattern to use to extract the HTTP authentication value!');
+        }
+
+        this.user = BaseChyz.getComponent("user") ?? null;
+    }
+
+
+    async authenticate(user: WebUser, request:Request, response:Response) {
+
+
+        let autHeader = this.getHeaderByKey(request.headers, this.header)
+        if (autHeader == null || (autHeader = this.patternCheck(autHeader, this.pattern)) == null) {
+            return null;
+        }
+
+        let basicauth = autHeader[1].split(":")
+
+        let identity = await user.loginByAccessToken(basicauth, "HttpBasicAuth");
+        if (identity === null) {
+            this.challenge(response);
+            this.handleFailure(response);
+        }
+
+        return identity;
+
+
+        return null;
+    }
+
+
+    /**
+     * @throws UnauthorizedHttpException
+     */
+    public fail(response:Response): void {
+        this.challenge(response)
+        this.handleFailure(response);
+    }
+}

package/filters/auth/index.ts

@@ -1,3 +1,4 @@
 export * from "./JwtHttpBearerAuth"
 export * from "./HttpBearerAuth"
 export * from "./HttpHeaderAuth"
+export * from "./HttpBasicAuth"

package/package.json

@@ -1,13 +1,11 @@
 {
   "name": "chyz",
-  "version": " 1.0.13-rc.9",
+  "version": "1.1.0-rc.2",
   "description": "Nodejs Micro service Framework",
-  "main": "dist/index.js",
   "scripts": {
     "dev": "nodemon -t --trace-warnings index.ts",
     "debug": "ts-node index.ts",
     "build": "rmdir /S /Q .\\dist && npx tsc && xcopy .\\log .\\dist\\log /e /i /h /Y && copy .\\package.json .\\dist\\package.json",
-    "publish": "cd dist && npm publish",
     "test": "echo \"Error: no test specified\" && exit 1",
     "postversion": "git push && git push --tags"
   },
@@ -39,6 +37,7 @@
     "pg-hstore": "^2.3.4",
     "reflect-metadata": "^0.1.13",
     "sequelize": "^6.6.5",
+    "sequelize-transparent-cache": "^2.3.0",
     "validate.js": "^0.13.1"
   },
   "devDependencies": {
@@ -52,6 +51,9 @@
   "keywords": [
     "Framework",
     "RespAPI",
-    "microservice"
+    "microservice",
+    "micro service",
+    "easy configuration",
+    "Rbac support"
   ]
 }

package/rbac/AuthAssignment.ts

@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+
+import {DataTypes, Model, ModelManager, Relation} from "../base";
+
+export class AuthAssignmentClass extends Model {
+    [x: string]: any;
+
+    tableName() {
+        return 'auth_assignment';
+    }
+    attributes() {
+        return {
+
+            // Model attributes are defined here
+            item_name: {
+                type: DataTypes.STRING,
+                primaryKey:true,
+                allowNull: false
+            },
+            user_id : {
+                type: DataTypes.STRING,
+                allowNull: false
+            }
+
+        }
+    }
+
+    init(){
+        super.init();
+        this.model().removeAttribute('id')
+    }
+
+    relations(): Relation[] {
+        return [
+            {
+                type: "hasMany",
+                foreignKey: "name",
+                sourceKey:'item_name',
+                model: ModelManager.AuthItem.model()
+            }
+        ]
+    }
+
+}
+

package/rbac/AuthItem.ts

@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+
+import {DataTypes, Model, ModelManager, Relation} from "../base";
+
+export class AuthItemClass extends Model {
+    [x: string]: any;
+
+    tableName() {
+        return 'auth_item';
+    }
+
+    attributes() {
+        return {
+            // Model attributes are defined here
+            name: {
+                type: DataTypes.STRING,
+                primaryKey:true,
+                allowNull: false
+            },
+            type: {
+                type: DataTypes.INTEGER,
+                allowNull: false
+            },
+            description: {
+                type: DataTypes.STRING,
+                allowNull: false
+            },
+            rule_name: {
+                type: DataTypes.STRING,
+                allowNull: false
+            }
+
+        }
+    }
+
+    init() {
+        super.init();
+        this.model().removeAttribute('id')
+    }
+
+    relations(): Relation[] {
+        return [
+            {
+                type: "hasOne",
+                foreignKey: "item_name",
+                model: ModelManager.AuthAssignment.model()
+            }
+        ]
+    }
+
+}
+

package/rbac/AuthItemChild.ts

@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2021. Chy Bilgisayar Bilisim
+ * Author: Cihan Ozturk
+ * E-mail: cihan@chy.com.tr
+ * Github:https://github.com/cihan53/
+ */
+
+
+
+import {DataTypes, Model, ModelManager, Relation} from "../base";
+
+export class AuthItemChildClass extends Model {
+    [x: string]: any;
+
+    tableName() {
+        return 'auth_item_child';
+    }
+
+    attributes() {
+        return {
+            // Model attributes are defined here
+            parent: {
+                type: DataTypes.STRING,
+                primaryKey:true,
+                allowNull: false
+            },
+            child: {
+                type: DataTypes.STRING,
+                allowNull: false
+            }
+        }
+    }
+
+    init() {
+        super.init();
+        this.model().removeAttribute('id')
+    }
+
+    relations(): Relation[] {
+        return [
+            {
+                type: "hasOne",
+                foreignKey: "item_name",
+                model: ModelManager.AuthAssignment.model()
+            }
+        ]
+    }
+
+}
+

package/rbac/AuthManager.ts

@@ -1,4 +1,4 @@
-import {Component, ModelManager} from "../base";
+import {Component, DataErrorDbException, InvalidConfigException, ModelManager, UnauthorizedHttpException} from "../base";
 import {BaseChyz, InvalidArgumentException} from "../index";
 import Utils from "../requiments/Utils";
 
@@ -9,6 +9,7 @@ interface Role {
     description: string;
     ruleName: string;
     data: string;
+    params: string;
 }
 
 interface Permission {
@@ -17,6 +18,7 @@ interface Permission {
     description: string;
     ruleName: string;
     data: string;
+    params: string;
 }
 
 
@@ -40,7 +42,7 @@ export class AuthManager extends Component {
      *
      */
 
-    public async checkAccess(userId: number, permissionName: string, params: any[] = []) {
+    public async checkAccess(userId: number, permissionName: string, params: any[] = []): Promise<boolean> {
         let assignments: any;
         if (!this.checkAccessAssignments[userId.toString()]) {
             assignments = await this.getAssignments(userId);
@@ -64,7 +66,7 @@ export class AuthManager extends Component {
 
     }
 
-    public async checkAccessRecursive(user: string | number, itemname: string, params: any[], assignments: any[]) {
+    public async checkAccessRecursive(user: string | number, itemname: string, params: any[], assignments: any): Promise<boolean> {
         let item: any = await this.getItem(itemname);
         if (!item) return false;
 
@@ -73,12 +75,16 @@ export class AuthManager extends Component {
          * Rule test edilmeli
          */
 
+        if (assignments[itemname] || Utils.find(this.defaultRoles, itemname)) {
+            return true;
+        }
+
         /**
          * item child
          */
-        let parents = await ModelManager.AuthItemChild.findAll({where: {child: itemname}});
+        let parents = await ModelManager.AuthItemChild.findAll({attributes:["parent"], where: {child: itemname}});
         for (const parent of parents) {
-            let r = await this.checkAccessRecursive(user, parent, params, assignments);
+            let r = await this.checkAccessRecursive(user, parent.parent, params, assignments);
             if (r) {
                 return true;
             }
@@ -342,11 +348,15 @@ export class AuthManager extends Component {
         }
 
         let assignments: any = {};
-        let as = await ModelManager.AuthAssignment.findAll({where: {user_id: userId.toString()}});
-        for (const a of as) {
-            assignments[a["item_name"]] = a;
-        }
+        try {
 
+            let as = await ModelManager.AuthAssignment.findAll({where: {user_id: userId.toString()}});
+            for (const a of as) {
+                assignments[a["item_name"]] = a;
+            }
+        } catch (e) {
+            throw new InvalidConfigException('The user application component must be available to specify roles in AccessRule.');
+        }
         return assignments;
     }
 

package/requiments/Utils.ts

@@ -48,7 +48,13 @@ function wildTest(wildcard: string, str: string) {
 const matchWildcard = (pattern: string, string: string, options: any = {}) => {
     return wildTest(pattern, string)
 }
+
+const t = function (text: string) {
+    return text;
+}
+
 export default {
+    t,
     createObject,
     findKeyValue,
     sleep,

package/web/IdentityInterface.ts

@@ -59,4 +59,10 @@ export interface IdentityInterface {
      */
     validateAuthKey(authKey: string): (boolean | null);
 
-}
+
+    /**
+     *
+     */
+    can(permissionName:string, params: any[]  , allowCaching: boolean  ): (boolean | null);
+
+}

package/web/WebUser.ts

@@ -9,6 +9,8 @@ import {Component} from "../base/Component";
 import {ForbiddenHttpException} from "../base/ForbiddenHttpException";
 import {InvalidConfigException} from "../base/InvalidConfigException";
 import {IdentityInterface} from "./IdentityInterface";
+import Utils from "../requiments/Utils";
+import {AuthManager} from "../rbac/AuthManager";
 
 export class WebUser extends Component {
 
@@ -17,6 +19,13 @@ export class WebUser extends Component {
      */
     public identityClass: any;
     private _identity: any;
+    /**
+     * @var CheckAccessInterface|string|array The access checker object to use for checking access or the application
+     * component ID of the access checker.
+     * If not set the application auth manager will be used.
+     * @since 2.0.9
+     */
+    public accessChecker: any = null;
 
 
     get identity() {
@@ -75,7 +84,7 @@ export class WebUser extends Component {
             if (this.identity && this.login(this.identity)) {
                 return this.identity;
             }
-        }else{
+        } else {
             BaseChyz.error("WebUser::findIdentityByAccessToken undefined")
         }
         return null;
@@ -97,4 +106,82 @@ export class WebUser extends Component {
     public afterLogin() {
 
     }
+
+    public getId() {
+        let identity = this.getIdentity();
+        return identity !== null ? identity.id : null;
+    }
+
+    /**
+     * Checks if the user can perform the operation as specified by the given permission.
+     *
+     * Note that you must configure "authManager" application component in order to use this method.
+     * Otherwise it will always return false.
+     *
+     * @param string $permissionName the name of the permission (e.g. "edit post") that needs access check.
+     * @param array $params name-value pairs that would be passed to the rules associated
+     * with the roles and permissions assigned to the user.
+     * @param bool $allowCaching whether to allow caching the result of access check.
+     * When this parameter is true (default), if the access check of an operation was performed
+     * before, its result will be directly returned when calling this method to check the same
+     * operation. If this parameter is false, this method will always call
+     * [[\yii\rbac\CheckAccessInterface::checkAccess()]] to obtain the up-to-date access result. Note that this
+     * caching is effective only within the same request and only works when `$params = []`.
+     * @return bool whether the user can perform the operation as specified by the given permission.
+     */
+    // public function can($permissionName, $params = [], $allowCaching = true)
+    // {
+    //     if ($allowCaching && empty($params) && isset($this->_access[$permissionName])) {
+    //         return $this->_access[$permissionName];
+    //     }
+    //     if (($accessChecker = $this->getAccessChecker()) === null) {
+    //         return false;
+    //     }
+    //     $access = $accessChecker->checkAccess($this->getId(), $permissionName, $params);
+    //     if ($allowCaching && empty($params)) {
+    //         $this->_access[$permissionName] = $access;
+    //     }
+    //
+    //     return $access;
+    // }
+
+    public async can(permissionName: string, params = [], allowCaching = true) {
+
+        let access;
+        let accessChecker: AuthManager;
+        if ((accessChecker = this.getAccessChecker()) == null)
+            return false;
+
+
+        access = await accessChecker.checkAccess(this.getId(), permissionName, params);
+
+        if (allowCaching && Utils.isEmpty(params)) {
+            // this._access[$permissionName] = $access;
+        }
+
+        return access;
+
+    }
+
+    /**
+     * Returns auth manager associated with the user component.
+     *
+     * By default this is the `authManager` application component.
+     * You may override this method to return a different auth manager instance if needed.
+     * @return \yii\rbac\ManagerInterface
+     * @since 2.0.6
+     */
+    protected getAuthManager(): AuthManager {
+        return BaseChyz.getComponent('authManager');
+    }
+
+    /**
+     * Returns the access checker used for checking access.
+     * @return CheckAccessInterface
+     */
+    protected getAccessChecker():AuthManager {
+        return this.accessChecker !== null ? this.accessChecker : this.getAuthManager();
+    }
+
+
 }