chyz 2.0.1-rc.36 → 2.0.1-rc.37

package/filters/AccessRule.ts

@@ -1,182 +0,0 @@
-/*
- * Copyright (c) 2021. Chy Bilgisayar Bilisim
- * Author: Cihan Ozturk
- * E-mail: cihan@chy.com.tr
- * Github:https://github.com/cihan53/
- */
-import {WebUser} from "../web/WebUser";
-import {Component} from "../base";
-import {InvalidConfigException} from "../base";
-import {Request} from "express";
-import {Utils} from "../requiments/Utils";
-
-
-export class AccessRule extends Component {
-
-    /**
-     * @var allow whether this is an 'allow' rule or 'deny' rule.
-     */
-    public allow: any;
-    /**
-     * @var array list of action IDs that this rule applies to. The comparison is case-sensitive.
-     * If not set or empty, it means this rule applies to all actions.
-     */
-    public actions: any;
-
-    /**
-     *  @var array list of the controller IDs that this rule applies to.
-     */
-    public controllers: any;
-
-    /**
-     * - `?`: matches a guest user (not authenticated yet)
-     * - `@`: matches an authenticated user
-     */
-
-    public roles: any;
-
-    /**
-     * @var array list of RBAC (Role-Based Access Control) permissions that this rules applies to.
-     */
-    public permissions: any;
-
-    /**
-     * @var array|Closure parameters to pass to the [[User::can()]] function for evaluating
-     * user permissions in [[$roles]].
-     *
-     * If this is an array, it will be passed directly to [[User::can()]]. For example for passing an
-     * ID from the current request, you may use the following:
-     *
-     * ```php
-     * ['postId' => Yii::$app->request->get('id')]
-     * ```
-     *
-     * You may also specify a closure that returns an array. This can be used to
-     * evaluate the array values only if they are needed, for example when a model needs to be
-     * loaded like in the following code:
-     *
-     * ```php
-     * 'rules' => [
-     *     [
-     *         'allow' => true,
-     *         'actions' => ['update'],
-     *         'roles' => ['updatePost'],
-     *         'roleParams' => function($rule) {
-     *             return ['post' => Post::findOne(Yii::$app->request->get('id'))];
-     *         },
-     *     ],
-     * ],
-     * ```
-     *
-     * A reference to the [[AccessRule]] instance will be passed to the closure as the first parameter.
-     *
-     * @see roles
-     * @since 2.0.12
-     */
-    public roleParams: any = [];
-
-
-    /**
-     * @var array list of user IP addresses that this rule applies to. An IP address
-     * can contain the wildcard `*` at the end so that it matches IP addresses with the same prefix.
-     * For example, '192.168.*' matches all IP addresses in the segment '192.168.'.
-     * It may also contain a pattern/mask like '172.16.0.0/12' which would match all IPs from the
-     * 20-bit private network block in RFC1918.
-     * If not set or empty, it means this rule applies to all IP addresses.
-     */
-    public ips: any;
-
-
-    public async allows(action: any, user: WebUser, request: Request) {
-        if (
-            this.matchAction(action)
-            && await this.matchRole(user)
-        ) {
-            return this.allow
-        }
-        //     if (this.matchAction($action)
-        //         && this.matchRole($user)
-        // && this.matchIP($request->getUserIP())
-        // && this.matchVerb($request->getMethod())
-        // && this.matchController($action->controller)
-        // && this.matchCustom($action)
-        // ) {
-        //     return $this->allow ? true : false;
-        // }
-
-        return null;
-    }
-
-    /**
-     * @param action $action the action
-     * @return bool whether the rule applies to the action
-     */
-    protected matchAction(action: any) {
-        return Utils.isEmpty(this.actions) || this.actions.includes(action.id);
-    }
-
-    /**
-     * @param controller $controller the controller
-     * @return bool whether the rule applies to the controller
-     */
-    protected matchController(controller: any) {
-        //     if (empty($this->controllers)) {
-        //         return true;
-        //     }
-        //
-        //     $id = $controller->getUniqueId();
-        //     foreach ($this->controllers as $pattern) {
-        //     if (StringHelper::matchWildcard($pattern, $id)) {
-        //         return true;
-        //     }
-        // }
-
-        return false;
-    }
-
-    protected async matchRole(user: WebUser) {
-        let items = Utils.isEmpty(this.roles) ? [] : this.roles;
-
-        if (!Utils.isEmpty(this.permissions)) {
-            items = Utils.merge(items, this.permissions);
-        }
-
-        if (Utils.isEmpty(items)) {
-            return true;
-        }
-
-
-        if (!user) {
-            throw new InvalidConfigException('The user application component must be available to specify roles in AccessRule.');
-        }
-
-        // @ts-ignore
-        let roleParams: any = [];
-        for (const itemsKey in items) {
-            let item = items[itemsKey];
-            if (item === '?') {
-                if (user.getIsGuest()) {
-                    return true;
-                }
-            } else if (item === '@') {
-                if (!user.getIsGuest()) {
-                    return true;
-                }
-            } else {
-                //role-params
-                if (!Utils.isEmpty(this.roleParams)) {
-                    roleParams = !Utils.isArray(this.roleParams) ? this.roleParams.apply(this) : this.roleParams;
-                }
-
-                if (await user.can(item, this.roleParams)) {
-                    return true;
-                }
-            }
-        }
-
-
-        return false;
-    }
-
-
-}

package/filters/auth/AuthMethod.ts

@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2021. Chy Bilgisayar Bilisim
- * Author: Cihan Ozturk
- * E-mail: cihan@chy.com.tr
- * Github:https://github.com/cihan53/
- */
-
-import {ActionFilter} from "../../base";
-import {AuthInterface} from "./AuthInterface";
-import {UnauthorizedHttpException} from "../../base";
-import {WebUser} from "../../web/WebUser";
-import {Request, Response} from "express";
-
-export abstract class AuthMethod extends ActionFilter implements AuthInterface {
-
-    /**
-     * @var user the user object representing the user authentication status. If not set, the `user` application component will be used.
-     */
-    public user: WebUser | undefined;
-
-    /**
-     * @var Request the current request. If not set, the `request` application component will be used.
-     */
-    public request: Request | undefined;
-
-    /**
-     * @var Response the response to be sent. If not set, the `response` application component will be used.
-     */
-    public response: Response | undefined;
-
-
-    public optional = [];
-
-    /**
-     *
-     * @param action
-     * @param request
-     * @param response
-     */
-    public async beforeAction(action: any, request: Request, response: Response) {
-        let identity =await this.authenticate(
-            this.user ?? new WebUser(),
-            request,
-            response
-        )
-
-        // @ts-ignore
-        request.identity = identity;
-
-        if (identity !== null) {
-            return true;
-        }
-
-        this.challenge(response);
-        this.handleFailure(response);
-        return false;
-    }
-
-    /**
-     *
-     * @param user
-     * @param request
-     * @param response
-     */
-    authenticate(user: WebUser, request: Request, response: Response) {
-
-    }
-
-    // @ts-ignore
-    challenge(response: Response): Response {
-
-    }
-
-    // @ts-ignore
-    handleFailure(response: Response): Response {
-        throw new UnauthorizedHttpException('Your request was made with invalid credentials.');
-    }
-
-    getHeaderByKey(headers: any, findKey: any) {
-        let key = Object.keys(headers).find(key => key.toLowerCase() === findKey.toLowerCase())
-        if (key) {
-            return headers[key];
-        }
-
-        return null
-    }
-
-    patternCheck(headerText: any, pattern: RegExp) {
-        if (pattern) {
-            let matches = headerText.match(pattern)
-            if (matches && matches.length > 0) {
-                return matches;
-            } else {
-                return null
-            }
-        }
-
-        return null
-    }
-}

package/filters/auth/HttpBasicAuth.ts

@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 2021. Chy Bilgisayar Bilisim
- * Author: Cihan Ozturk
- * E-mail: cihan@chy.com.tr
- * Github:https://github.com/cihan53/
- */
-
-import {Request, Response} from "express";
-import {WebUser} from "../../web/WebUser";
-import {AuthMethod} from "./AuthMethod";
-import {InvalidConfigException} from "../../base";
-import BaseChyz from "../../BaseChyz";
-
-export class HttpBasicAuth extends AuthMethod {
-
-    /**
-     * @var string the HTTP header name
-     */
-    public header = 'Authorization';
-
-
-    /**
-     * @var string a pattern to use to extract the HTTP authentication value
-     */
-
-    public pattern = /^Basic\s+(.*?)$/;
-
-
-    public auth: any = null;
-
-    /**
-     * @throws InvalidConfigException
-     */
-    public init(): void {
-        super.init();
-
-        if (!this.pattern) {
-            throw new InvalidConfigException('You must provide pattern to use to extract the HTTP authentication value!');
-        }
-
-        this.user = BaseChyz.getComponent("user") ?? null;
-    }
-
-
-    async authenticate(user: WebUser, request: Request, response: Response) {
-
-
-        let autHeader = this.getHeaderByKey(request.headers, this.header)
-        if (autHeader == null || (autHeader = this.patternCheck(autHeader, this.pattern)) == null) {
-            return  this.fail(response);
-        }
-
-        let identity = null;
-        let token = null;
-
-        let buff = new Buffer(autHeader[1], "base64");
-        let basicauth = buff.toString().split(":");
-
-        if (this.auth != null) {
-            identity = await this.auth(autHeader[1], ...arguments, basicauth)
-        } else {
-            identity = await user.loginByAccessToken(basicauth, "HttpBasicAuth");
-        }
-
-
-        if (identity == null) this.fail(response)
-        return identity;
-
-    }
-
-
-    /**
-     * @throws UnauthorizedHttpException
-     */
-    public fail(response: Response): void {
-        this.challenge(response)
-        this.handleFailure(response);
-    }
-}

package/filters/auth/HttpBearerAuth.ts

@@ -1,34 +0,0 @@
-/*
- * Copyright (c) 2021. Chy Bilgisayar Bilisim
- * Author: Cihan Ozturk
- * E-mail: cihan@chy.com.tr
- * Github:https://github.com/cihan53/
- */
-
-import {HttpHeaderAuth} from "./HttpHeaderAuth";
-import {Response} from "express";
-
-export class HttpBearerAuth extends HttpHeaderAuth {
-
-    /**
-     * {@inheritdoc}
-     */
-    public header = 'Authorization';
-    // @ts-ignore
-    public pattern = /^Bearer\s+(.*?)$/;
-    /**
-     * @var string the HTTP authentication realm
-     */
-    public realm = 'api';
-
-
-    /**
-     * {@inheritdoc}
-     */
-    public challenge(response: Response):Response {
-        response.set('WWW-Authenticate', `Bearer realm="${this.realm}"`);
-        return response;
-    }
-
-
-}

package/filters/auth/HttpHeaderAuth.ts

@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2021. Chy Bilgisayar Bilisim
- * Author: Cihan Ozturk
- * E-mail: cihan@chy.com.tr
- * Github:https://github.com/cihan53/
- */
-
-import {AuthMethod} from "./AuthMethod";
-import {WebUser} from "../../web/WebUser";
-import {Utils} from "../../requiments/Utils";
-import {Request, Response} from "express";
-
-export class HttpHeaderAuth extends AuthMethod {
-    /**
-     * @var string the HTTP header name
-     */
-    public header = 'X-Api-Key';
-
-
-    /**
-     * @var string a pattern to use to extract the HTTP authentication value
-     */
-
-    public pattern!: string;
-
-
-    async authenticate(user: WebUser, request:Request, response:Response) {
-        let key = Object.keys(request.headers).find(key => key.toLowerCase() === this.header.toLowerCase())
-        if (key) {
-            let authHeader:any = request.headers[key];
-            if (!Utils.isEmpty(authHeader)) {
-                if (this.pattern) {
-                    //preg_match
-                    let matches = authHeader.match(this.pattern)
-                    if (matches && matches.length > 0) {
-                        authHeader = matches[1];
-                    } else {
-                        return this.fail(response);
-                    }
-                }
-
-                let identity = await user.loginByAccessToken(authHeader, "HttpHeaderAuth");
-                if (identity === null) {
-                    this.challenge(response);
-                    this.handleFailure(response);
-                }
-
-                return identity;
-            }
-        }
-        return this.fail(response);
-    }
-
-    /**
-     * @throws UnauthorizedHttpException
-     */
-    public fail(response: Response): void {
-        this.challenge(response)
-        this.handleFailure(response);
-    }
-}

package/filters/auth/JwtHttpBearerAuth.ts

@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 2021. Chy Bilgisayar Bilisim
- * Author: Cihan Ozturk
- * E-mail: cihan@chy.com.tr
- * Github:https://github.com/cihan53/
- */
-import BaseChyz from "../../BaseChyz";
-import {HttpBearerAuth} from "./HttpBearerAuth";
-import {InvalidConfigException} from "../../base";
-import {Response, Request} from "express";
-import {WebUser} from "../../web/WebUser";
-
-const JsonWebToken = require("jsonwebtoken");
-
-export class JwtHttpBearerAuth extends HttpBearerAuth {
-    /**
-     * @var string|array<string, mixed>|Jwt application component ID of the JWT handler, configuration array, or JWT handler object
-     * itself. By default it's assumes that component of ID "jwt" has been configured.
-     */
-    public jwt = 'jwt'
-    public auth: any = null;
-
-
-    /**
-     * @throws InvalidConfigException
-     */
-    public init(): void {
-        super.init();
-
-        if (!this.pattern) {
-            throw new InvalidConfigException('You must provide pattern to use to extract the HTTP authentication value!');
-        }
-
-        this.user = BaseChyz.getComponent("user") ?? null;
-    }
-
-
-    public async authenticate(user: WebUser, request: Request, response: Response) // BC signature
-    {
-        let autHeader = this.getHeaderByKey(request.headers, this.header)
-        if (autHeader == null || (autHeader = this.patternCheck(autHeader, this.pattern)) == null) {
-            return  null ;
-        }
-
-        let identity = null;
-        let token = null;
-
-        try {
-            token = JsonWebToken.decode(autHeader[1], {complete: true})
-            if (!token) {
-                BaseChyz.warning("Your request was made with invalid or expired JSON Web Token.");
-                this.fail(response);
-            }
-        } catch (e) {
-            BaseChyz.warning("Your request was made with invalid or expired JSON Web Token.",autHeader,request.path);
-            this.fail(response);
-        }
-
-
-        if (token !== null) {
-            if (this.auth != null) {
-                identity = await this.auth(autHeader[1], ...arguments)
-            } else {
-                identity = await user.loginByAccessToken(autHeader[1], "JwtHttpBearerAuth")
-            }
-        }
-
-        if (identity == null) this.fail(response)
-
-
-        return identity;
-    }
-
-
-    /**
-     * @throws UnauthorizedHttpException
-     */
-    public fail(response: Response): void {
-        this.challenge(response)
-        this.handleFailure(response);
-    }
-
-}

package/filters/auth/KeyCloakHttpBearerAuth.ts

@@ -1,114 +0,0 @@
-/*
- * Copyright (c) 2021. Chy Bilgisayar Bilisim
- * Author: Cihan Ozturk
- * E-mail: cihan@chy.com.tr
- * Github:https://github.com/cihan53/
- */
-import BaseChyz from "../../BaseChyz";
-import {HttpBearerAuth} from "./HttpBearerAuth";
-import {InvalidConfigException} from "../../base/InvalidConfigException";
-import {Request, Response} from "express";
-import {WebUser} from "../../web/WebUser";
-
-const JsonWebToken = require("jsonwebtoken");
-
-export class KeyCloakHttpBearerAuth extends HttpBearerAuth {
-    /**
-     * @var string|array<string, mixed>|Jwt application component ID of the JWT handler, configuration array, or JWT handler object
-     * itself. By default it's assumes that component of ID "jwt" has been configured.
-     */
-    public jwt = 'jwt'
-    public auth: any = null;
-    public keycloak: any = null;
-
-
-    /**
-     * @throws InvalidConfigException
-     */
-    public init(): void {
-        super.init();
-
-        if (!this.pattern) {
-            throw new InvalidConfigException('You must provide pattern to use to extract the HTTP authentication value!');
-        }
-
-        this.keycloak = BaseChyz.getMiddlewares("keycloak").keycloak ?? null;
-        this.user = BaseChyz.getComponent("user") ?? null;
-        this.auth = this.KeyCloakCheck;
-
-
-    }
-
-    public async KeyCloakCheck(token: string, request: Request, response: Response,) {
-        if (this.keycloak == null) return false;
-        // return await this.keycloak.protect('realm:user')(request, response, () => true /*next*/)
-        return await this.keycloak.protect()(request, response, () => true /*next*/);
-    }
-
-
-    public async authenticate(user: WebUser, request: Request, response: Response) // BC signature
-    {
-
-        let identity = null;
-        let token = null;
-
-        let autHeader = this.getHeaderByKey(request.headers, this.header)
-        if (autHeader == null || (autHeader = this.patternCheck(autHeader, this.pattern)) == null) {
-            return this.fail(response);
-        }
-
-        token = JsonWebToken.decode(autHeader[1], {complete: true})
-        if (!token) {
-            BaseChyz.warning("Your request was made with invalid or expired JSON Web Token.");
-            this.fail(response);
-        }
-
-        if (token !== null) {
-            identity = await this.KeyCloakCheck(autHeader[1], request, response)
-            BaseChyz.debug("KeyCloakCheck Result:", identity)
-        }
-
-        if (identity == null || identity == false) this.fail(response)
-
-        return identity;
-
-        /* let autHeader = this.getHeaderByKey(request.headers, this.header)
-         if (autHeader == null || (autHeader = this.patternCheck(autHeader, this.pattern)) == null) {
-             return null;
-         }
-
-         BaseChyz.debug("JSON Web Token.",autHeader);
-         let identity = null;
-         let token = null;
-
-         token = JsonWebToken.decode(autHeader[1], {complete: true})
-         if (!token) {
-             BaseChyz.warning("Your request was made with invalid or expired JSON Web Token.");
-             this.fail(response);
-         }
-
-         if (token !== null) {
-             if (this.auth != null) {
-                 identity = await this.auth(autHeader[1])
-             } else {
-                 identity = await user.loginByAccessToken(autHeader[1], "JwtHttpBearerAuth")
-             }
-         }
-
-         if (identity == null) this.fail(response)
-
-
-
-         return identity;*/
-    }
-
-
-    /**
-     * @throws UnauthorizedHttpException
-     */
-    public fail(response: Response): void {
-        // this.challenge(response)
-        this.handleFailure(response);
-    }
-
-}

package/filters/auth/index.ts

@@ -1,4 +0,0 @@
-export {JwtHttpBearerAuth} from "./JwtHttpBearerAuth"
-export {HttpBearerAuth} from "./HttpBearerAuth"
-export {HttpHeaderAuth} from "./HttpHeaderAuth"
-export {HttpBasicAuth} from "./HttpBasicAuth"

package/filters/index.ts

@@ -1,2 +0,0 @@
-export {AccessControl} from "./AccessControl"
-export {AccessRule} from "./AccessRule"