corebasic 1.0.151 → 1.0.152
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/libs/session.js +4 -3
- package/package.json +1 -1
- package/libs/privileges.js +0 -104
package/libs/session.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import jwt from 'jsonwebtoken'
|
|
2
|
-
import * as Privilege from './privileges.js'
|
|
3
2
|
import * as Utils from './utils.js'
|
|
3
|
+
import * as Features from './features.js'
|
|
4
4
|
let app
|
|
5
5
|
|
|
6
6
|
|
|
@@ -17,7 +17,6 @@ export const start = (expressApp, allowedUrls) => {
|
|
|
17
17
|
urlsAllowed = ["/refreshToken", "/login"].concat(allowedUrls ?? [])
|
|
18
18
|
app = expressApp
|
|
19
19
|
|
|
20
|
-
Privilege.start()
|
|
21
20
|
|
|
22
21
|
app.use(async (req, res, next) => {
|
|
23
22
|
|
|
@@ -28,12 +27,14 @@ export const start = (expressApp, allowedUrls) => {
|
|
|
28
27
|
if (urlsAllowed.includes(req.path))
|
|
29
28
|
return next()
|
|
30
29
|
|
|
30
|
+
const checkPrivilege = async req => (await Features.send({company: req.body.company, outlet: req.body.outlet}, "privileges.query.check", {feature: req.body.feature }, {id: req.body.staff})).data.granted
|
|
31
|
+
|
|
31
32
|
try {
|
|
32
33
|
const token = req.header('JWT'); // 'Authorization' for Spring Boot, 'x-access-token' for Node.js Express back-end
|
|
33
34
|
const service = req.header('SERVICE'); // Case insensitive search
|
|
34
35
|
if (service && jwt.verify(token, DEPLOY_TOKEN_SECRET))
|
|
35
36
|
return next()
|
|
36
|
-
else if (jwt.verify(token, ACCESS_TOKEN_SECRET) && (process.env.GRANT_FULL_ACCESS || allowedDefaults || await
|
|
37
|
+
else if (jwt.verify(token, ACCESS_TOKEN_SECRET) && (process.env.GRANT_FULL_ACCESS || allowedDefaults || await checkPrivilege(req)))
|
|
37
38
|
return next()
|
|
38
39
|
throw null;
|
|
39
40
|
} catch (error) {
|
package/package.json
CHANGED
package/libs/privileges.js
DELETED
|
@@ -1,104 +0,0 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
import * as Dip from './dip.js'
|
|
4
|
-
|
|
5
|
-
let DIP_URL = process.env.PRIVELEGE_DIP_URL
|
|
6
|
-
let DIP_DB = process.env.PRIVELEGE_DIP_DB
|
|
7
|
-
|
|
8
|
-
let PRIVILEGES_CACHE = {
|
|
9
|
-
|
|
10
|
-
// "<company>": {
|
|
11
|
-
// "Sales Man": {
|
|
12
|
-
// "products.query.list": { type: "Feature" }
|
|
13
|
-
// },
|
|
14
|
-
// "Accountant": {
|
|
15
|
-
// "Sales Man": { type: "Role" },
|
|
16
|
-
// "accounts.query.list": { type: "Feature" },
|
|
17
|
-
// },
|
|
18
|
-
// "Cashier": {
|
|
19
|
-
// "Sales Man": { type: "Role" },
|
|
20
|
-
// "cash.query.list": { type: "Feature" },
|
|
21
|
-
// },
|
|
22
|
-
// }
|
|
23
|
-
}
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
const get = async (company) => {
|
|
27
|
-
PRIVILEGES_CACHE[company] = {}
|
|
28
|
-
let meta = {company, outlet: "GLOBAL", DIP_URL, DIP_DB}
|
|
29
|
-
let privileges = await Dip.query(meta, "privileges", { })
|
|
30
|
-
privileges.forEach(privilege => PRIVILEGES_CACHE[company][privilege.name] = privilege)
|
|
31
|
-
|
|
32
|
-
// Format
|
|
33
|
-
for (let role in PRIVILEGES_CACHE[company])
|
|
34
|
-
PRIVILEGES_CACHE[company][role] = PRIVILEGES_CACHE[company][role].items.reduce( (obj, item) => ({...obj, [item.name]: {type: item.type} }), {})
|
|
35
|
-
|
|
36
|
-
return PRIVILEGES_CACHE[company]
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
export const start = async () => {
|
|
40
|
-
let meta = {company: "GLOBAL", outlet: "GLOBAL", DIP_URL, DIP_DB}
|
|
41
|
-
let companies = await Dip.query(meta, "companies", { })
|
|
42
|
-
for (let company of companies)
|
|
43
|
-
await get(company._id)
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
function rolesToFeatures(company, roles) {
|
|
48
|
-
let features = []
|
|
49
|
-
|
|
50
|
-
let privileges = PRIVILEGES_CACHE[company]
|
|
51
|
-
|
|
52
|
-
roles.forEach(role => {
|
|
53
|
-
for (let key in privileges[role]) {
|
|
54
|
-
let isFeature = privileges[role][key].type === "Feature"
|
|
55
|
-
let isRole = privileges[role][key].type === "Role"
|
|
56
|
-
if (isFeature)
|
|
57
|
-
features.push(key)
|
|
58
|
-
else if (isRole)
|
|
59
|
-
features.push(...(rolesToFeatures(company, [key])))
|
|
60
|
-
}
|
|
61
|
-
})
|
|
62
|
-
return features
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
const getAllowedFeatures = (company, roles) => {
|
|
71
|
-
return [...new Set(rolesToFeatures(company, roles))]
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
const check = async (company, user, feature, req) => {
|
|
75
|
-
let roles = await getRoles(company, user, req)
|
|
76
|
-
return roles.includes(feature)
|
|
77
|
-
}
|
|
78
|
-
|
|
79
|
-
export const checkRequest = async (req) => {
|
|
80
|
-
let meta = {...req.body, data: undefined, DIP_URL, DIP_DB}
|
|
81
|
-
req.meta = meta
|
|
82
|
-
if (req.body.feature === 'outlets.query.list') // Starting point for atleast selecting an outlet. (This is a Special Case)
|
|
83
|
-
return true
|
|
84
|
-
if (req.body.app === "Slyp")
|
|
85
|
-
return true
|
|
86
|
-
|
|
87
|
-
return await check(req.body.company, req.body.user, req.body.feature, req)
|
|
88
|
-
}
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
const getRoles = async (company, user, req) => {
|
|
94
|
-
let staff = (await Dip.query(req.meta, "staff", { user: user }))[0]
|
|
95
|
-
if (staff?._id === `${company}_DEFAULT`) // Company Creator Admin Access
|
|
96
|
-
return [req.body.feature]
|
|
97
|
-
let roles = (await Dip.query(req.meta, "privileges.staff", { _id: staff._id }))[0].items.map(item => item._id)
|
|
98
|
-
return getAllowedFeatures(company, roles)
|
|
99
|
-
}
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|