cortex-auth 1.8.2 → 1.8.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/payload-jwt/authenticateRequest.d.ts +2 -2
- package/dist/payload-jwt/authenticateRequest.d.ts.map +1 -1
- package/dist/payload-jwt/authenticateRequest.js +82 -85
- package/dist/payload-jwt/authenticateRequest.js.map +1 -1
- package/dist/payload-jwt/configuration.d.ts +2 -0
- package/dist/payload-jwt/configuration.d.ts.map +1 -1
- package/dist/payload-jwt/configuration.js +33 -8
- package/dist/payload-jwt/configuration.js.map +1 -1
- package/package.json +1 -1
|
@@ -21,7 +21,7 @@ export declare function authenticateRequest({ req, payload }: AuthenticateReques
|
|
|
21
21
|
email?: undefined;
|
|
22
22
|
name?: undefined;
|
|
23
23
|
role?: undefined;
|
|
24
|
-
}
|
|
24
|
+
}>;
|
|
25
25
|
export declare function authenticateRequestHeaders({ headers, payload }: {
|
|
26
26
|
headers: Headers;
|
|
27
27
|
payload: Payload;
|
|
@@ -30,5 +30,5 @@ export declare function authenticateRequestHeaders({ headers, payload }: {
|
|
|
30
30
|
collection: "users";
|
|
31
31
|
id: number | string;
|
|
32
32
|
};
|
|
33
|
-
}>;
|
|
33
|
+
} | null>;
|
|
34
34
|
//# sourceMappingURL=authenticateRequest.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authenticateRequest.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,SAAS,CAAA;AAEtC,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,WAAW,CAAC;AAEjD,MAAM,MAAM,WAAW,GAAG,eAAe,CAAA;AAEzC,UAAU,SAAU,SAAQ,KAAK;IAC7B,UAAU,EAAE,MAAM,CAAC;CACtB;AAQD,YAAY,EAAE,SAAS,EAAE,CAAC;AA6C1B,MAAM,WAAW,0BAA0B;IACvC,GAAG,EAAE,WAAW,CAAA;IAChB,OAAO,EAAE,OAAO,CAAA;CACnB;AAGD,wBAAsB,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,0BAA0B;;;;;;;;;;;;GA6DrF;AAED,wBAAsB,0BAA0B,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE;;;;;UAqD5G"}
|
|
@@ -1,9 +1,20 @@
|
|
|
1
1
|
import { verifySession, verifyToken } from "./user";
|
|
2
|
+
import { VALID_ROLES } from "./configuration";
|
|
2
3
|
function createAuthError(message, statusCode) {
|
|
3
4
|
const error = new Error(message);
|
|
4
5
|
error.statusCode = statusCode;
|
|
5
6
|
return error;
|
|
6
7
|
}
|
|
8
|
+
function getValidRole(permissions) {
|
|
9
|
+
if (!permissions || permissions.length === 0)
|
|
10
|
+
return 'user';
|
|
11
|
+
for (const permission of permissions) {
|
|
12
|
+
if (VALID_ROLES[permission]) {
|
|
13
|
+
return VALID_ROLES[permission];
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
return 'user';
|
|
17
|
+
}
|
|
7
18
|
export async function authenticateRequest({ req, payload }) {
|
|
8
19
|
if (req.auth) {
|
|
9
20
|
const user = req.auth.user;
|
|
@@ -15,67 +26,58 @@ export async function authenticateRequest({ req, payload }) {
|
|
|
15
26
|
method: 'cookie',
|
|
16
27
|
};
|
|
17
28
|
}
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
draft: false,
|
|
62
|
-
overrideAccess: true,
|
|
63
|
-
});
|
|
64
|
-
console.log(`Updated Payload user role for ${payloadUser.email} to ${permissions}`);
|
|
65
|
-
}
|
|
66
|
-
return { method: 'bearer', ...payloadUser };
|
|
67
|
-
}
|
|
68
|
-
else {
|
|
69
|
-
return null;
|
|
70
|
-
}
|
|
29
|
+
const session = await verifySession(req);
|
|
30
|
+
if (!session?.sub || !session.extra)
|
|
31
|
+
throw createAuthError("No valid session found", 401);
|
|
32
|
+
const OAUTH_CLIENT_ID = process.env.OAUTH_CLIENT_ID;
|
|
33
|
+
const permissions = session.resource_access?.[OAUTH_CLIENT_ID]?.roles;
|
|
34
|
+
if (!permissions)
|
|
35
|
+
throw createAuthError("User does not have permission to access this application.", 403);
|
|
36
|
+
if (!payload)
|
|
37
|
+
throw createAuthError("Payload instance is required for Keycloak user normalisation", 500);
|
|
38
|
+
const payloadUser = (await payload.find({
|
|
39
|
+
collection: 'users',
|
|
40
|
+
depth: 1,
|
|
41
|
+
limit: 1,
|
|
42
|
+
draft: false,
|
|
43
|
+
overrideAccess: true,
|
|
44
|
+
where: { email: { equals: session.extra.email } }
|
|
45
|
+
})).docs[0];
|
|
46
|
+
const role = getValidRole(permissions);
|
|
47
|
+
if (!payloadUser) {
|
|
48
|
+
const newUser = await payload.create({
|
|
49
|
+
collection: 'users',
|
|
50
|
+
data: {
|
|
51
|
+
email: session.extra.email,
|
|
52
|
+
name: session.extra.name,
|
|
53
|
+
role,
|
|
54
|
+
enabled: true,
|
|
55
|
+
accounts: [{ provider: 'keycloak', providerAccountId: session.sub, type: 'oidc' }],
|
|
56
|
+
},
|
|
57
|
+
draft: false,
|
|
58
|
+
overrideAccess: true,
|
|
59
|
+
});
|
|
60
|
+
console.log("Created new Payload user for Keycloak user:", newUser.id, newUser.email);
|
|
61
|
+
return { method: 'bearer', ...newUser };
|
|
62
|
+
}
|
|
63
|
+
if (payloadUser.role !== role) {
|
|
64
|
+
await payload.update({
|
|
65
|
+
collection: 'users',
|
|
66
|
+
id: payloadUser.id,
|
|
67
|
+
data: { role },
|
|
68
|
+
draft: false,
|
|
69
|
+
overrideAccess: true,
|
|
70
|
+
});
|
|
71
|
+
console.log(`Updated Payload user role for ${payloadUser.email} to ${role}`);
|
|
71
72
|
}
|
|
73
|
+
return { method: 'bearer', ...payloadUser };
|
|
72
74
|
}
|
|
73
75
|
export async function authenticateRequestHeaders({ headers, payload }) {
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
const session = await verifyToken(
|
|
78
|
-
if (!session
|
|
76
|
+
const authHeader = headers.get('authorization');
|
|
77
|
+
if (!authHeader)
|
|
78
|
+
return null;
|
|
79
|
+
const session = await verifyToken(authHeader.replace('Bearer ', ''));
|
|
80
|
+
if (!session?.sub || !session.extra)
|
|
79
81
|
throw createAuthError("No valid session found", 401);
|
|
80
82
|
const OAUTH_CLIENT_ID = process.env.OAUTH_CLIENT_ID;
|
|
81
83
|
const permissions = session.resource_access?.[OAUTH_CLIENT_ID]?.roles;
|
|
@@ -83,21 +85,24 @@ export async function authenticateRequestHeaders({ headers, payload }) {
|
|
|
83
85
|
throw createAuthError("User does not have permission to access this application.", 403);
|
|
84
86
|
if (!payload)
|
|
85
87
|
throw createAuthError("Payload instance is required for Keycloak user normalisation", 500);
|
|
86
|
-
const payloadUser = (await payload.find({
|
|
87
|
-
|
|
88
|
-
|
|
88
|
+
const payloadUser = (await payload.find({
|
|
89
|
+
collection: 'users',
|
|
90
|
+
depth: 1,
|
|
91
|
+
limit: 1,
|
|
92
|
+
draft: false,
|
|
93
|
+
overrideAccess: true,
|
|
94
|
+
where: { email: { equals: session.extra.email } }
|
|
95
|
+
})).docs[0];
|
|
96
|
+
const role = getValidRole(permissions);
|
|
97
|
+
if (!payloadUser) {
|
|
89
98
|
const newUser = await payload.create({
|
|
90
99
|
collection: 'users',
|
|
91
100
|
data: {
|
|
92
101
|
email: session.extra.email,
|
|
93
102
|
name: session.extra.name,
|
|
94
|
-
role
|
|
103
|
+
role,
|
|
95
104
|
enabled: true,
|
|
96
|
-
accounts: [
|
|
97
|
-
{
|
|
98
|
-
provider: 'keycloak', providerAccountId: session.sub, type: 'oidc',
|
|
99
|
-
}
|
|
100
|
-
],
|
|
105
|
+
accounts: [{ provider: 'keycloak', providerAccountId: session.sub, type: 'oidc' }],
|
|
101
106
|
},
|
|
102
107
|
draft: false,
|
|
103
108
|
overrideAccess: true,
|
|
@@ -105,24 +110,16 @@ export async function authenticateRequestHeaders({ headers, payload }) {
|
|
|
105
110
|
console.log("Created new Payload user for Keycloak user:", newUser.id, newUser.email);
|
|
106
111
|
return { user: { ...newUser, collection: 'users' } };
|
|
107
112
|
}
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
draft: false,
|
|
118
|
-
overrideAccess: true,
|
|
119
|
-
});
|
|
120
|
-
console.log(`Updated Payload user role for ${payloadUser.email} to ${permissions}`);
|
|
121
|
-
}
|
|
122
|
-
return { user: { ...payloadUser, collection: 'users' } };
|
|
123
|
-
}
|
|
124
|
-
else {
|
|
125
|
-
throw createAuthError("No user found for the given session", 401);
|
|
113
|
+
if (payloadUser.role !== role) {
|
|
114
|
+
await payload.update({
|
|
115
|
+
collection: 'users',
|
|
116
|
+
id: payloadUser.id,
|
|
117
|
+
data: { role },
|
|
118
|
+
draft: false,
|
|
119
|
+
overrideAccess: true,
|
|
120
|
+
});
|
|
121
|
+
console.log(`Updated Payload user role for ${payloadUser.email} to ${role}`);
|
|
126
122
|
}
|
|
123
|
+
return { user: { ...payloadUser, collection: 'users' } };
|
|
127
124
|
}
|
|
128
125
|
//# sourceMappingURL=authenticateRequest.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticateRequest.js","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"authenticateRequest.js","sourceRoot":"","sources":["../../src/payload-jwt/authenticateRequest.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACpD,OAAO,EAAkB,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAY9D,SAAS,eAAe,CAAC,OAAe,EAAE,UAAkB;IACxD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAc,CAAC;IAC9C,KAAK,CAAC,UAAU,GAAG,UAAU,CAAC;IAC9B,OAAO,KAAK,CAAC;AACjB,CAAC;AAID,SAAS,YAAY,CAAC,WAAsB;IAC1C,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAC5D,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,IAAI,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,OAAO,WAAW,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAyCD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,EAAE,GAAG,EAAE,OAAO,EAA8B;IAClF,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACX,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAY,CAAA;QAClC,OAAO;YACH,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,QAAQ;SACnB,CAAA;IACL,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK;QAAE,MAAM,eAAe,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;IAE1F,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC;IACrD,MAAM,WAAW,GAAK,OAAO,CAAC,eAAwD,EAAE,CAAC,eAAe,CAAC,EAAE,KAA8B,CAAC;IAC1I,IAAI,CAAC,WAAW;QAAE,MAAM,eAAe,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;IAE1G,IAAI,CAAC,OAAO;QAAE,MAAM,eAAe,CAAC,8DAA8D,EAAE,GAAG,CAAC,CAAC;IAEzG,MAAM,WAAW,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC;QACtC,UAAU,EAAE,OAAO;QACnB,KAAK,EAAE,CAAC;QACR,KAAK,EAAE,CAAC;QACR,KAAK,EAAE,KAAK;QACZ,cAAc,EAAE,IAAI;QACpB,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE;KAClD,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEZ,MAAM,IAAI,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IAEvC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC;YACnC,UAAU,EAAE,OAAO;YACnB,IAAI,EAAE;gBACJ,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;gBAC1B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;gBACxB,IAAI;gBACJ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;aACnF;YACD,KAAK,EAAE,KAAK;YACZ,cAAc,EAAE,IAAI;SACrB,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACtF,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAE,CAAC;IAC1C,CAAC;IAED,IAAI,WAAW,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,OAAO,CAAC,MAAM,CAAC;YACnB,UAAU,EAAE,OAAO;YACnB,EAAE,EAAE,WAAW,CAAC,EAAE;YAClB,IAAI,EAAE,EAAE,IAAI,EAAE;YACd,KAAK,EAAE,KAAK;YACZ,cAAc,EAAE,IAAI;SACrB,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,iCAAiC,WAAW,CAAC,KAAK,OAAO,IAAI,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,WAAW,EAAE,CAAC;AAChD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,EAAE,OAAO,EAAE,OAAO,EAA0C;IACzG,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAChD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAE7B,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;IACrE,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK;QAAE,MAAM,eAAe,CAAC,wBAAwB,EAAE,GAAG,CAAC,CAAC;IAE1F,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC;IACrD,MAAM,WAAW,GAAK,OAAO,CAAC,eAAwD,EAAE,CAAC,eAAe,CAAC,EAAE,KAA8B,CAAC;IAC1I,IAAI,CAAC,WAAW;QAAE,MAAM,eAAe,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;IAE1G,IAAI,CAAC,OAAO;QAAE,MAAM,eAAe,CAAC,8DAA8D,EAAE,GAAG,CAAC,CAAC;IAEzG,MAAM,WAAW,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC;QACtC,UAAU,EAAE,OAAO;QACnB,KAAK,EAAE,CAAC;QACR,KAAK,EAAE,CAAC;QACR,KAAK,EAAE,KAAK;QACZ,cAAc,EAAE,IAAI;QACpB,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE;KAClD,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEZ,MAAM,IAAI,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IAEvC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC;YACnC,UAAU,EAAE,OAAO;YACnB,IAAI,EAAE;gBACJ,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK;gBAC1B,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;gBACxB,IAAI;gBACJ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,iBAAiB,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;aACnF;YACD,KAAK,EAAE,KAAK;YACZ,cAAc,EAAE,IAAI;SACrB,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACtF,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,OAAO,EAAE,UAAU,EAAE,OAAgB,EAAE,EAAE,CAAC;IAChE,CAAC;IAED,IAAI,WAAW,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;QAC9B,MAAM,OAAO,CAAC,MAAM,CAAC;YACnB,UAAU,EAAE,OAAO;YACnB,EAAE,EAAE,WAAW,CAAC,EAAE;YAClB,IAAI,EAAE,EAAE,IAAI,EAAE;YACd,KAAK,EAAE,KAAK;YACZ,cAAc,EAAE,IAAI;SACrB,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,iCAAiC,WAAW,CAAC,KAAK,OAAO,IAAI,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,WAAW,EAAE,UAAU,EAAE,OAAgB,EAAE,EAAE,CAAC;AACtE,CAAC"}
|
|
@@ -13,6 +13,8 @@ type IncomingAccount = {
|
|
|
13
13
|
session_state?: string | null;
|
|
14
14
|
[key: string]: unknown;
|
|
15
15
|
};
|
|
16
|
+
export type ValidRole = 'user' | 'admin' | 'digital-colleague';
|
|
17
|
+
export declare const VALID_ROLES: Record<string, ValidRole>;
|
|
16
18
|
declare function profileRoles(profile: {
|
|
17
19
|
sub: string;
|
|
18
20
|
[key: string]: unknown;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AACnC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAQ9C,KAAK,eAAe,GAAG;IACrB,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB,CAAA;
|
|
1
|
+
{"version":3,"file":"configuration.d.ts","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,SAAS,CAAA;AACnC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAQ9C,KAAK,eAAe,GAAG;IACrB,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB,CAAA;AAwCD,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,OAAO,GAAG,mBAAmB,CAAA;AAC9D,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAIjD,CAAA;AAED,iBAAS,YAAY,CAAC,OAAO,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAA,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,EAAE,MAAM,EAAE;IAAE,YAAY,CAAC,EAAE,MAAM,CAAC;IAAA,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE;SAAzF,MAAM;;;EAe3C;AAGD,iBAAe,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,OAAO,CAAC,eAAe,CAAC,iBA8B7G;AA0ED,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAM7B,CAAC"}
|
|
@@ -31,12 +31,24 @@ function upsertAccount(existing = [], account, userId) {
|
|
|
31
31
|
}
|
|
32
32
|
return [...existing, nextRow];
|
|
33
33
|
}
|
|
34
|
+
export const VALID_ROLES = {
|
|
35
|
+
'admin': 'admin',
|
|
36
|
+
'digital-colleague': 'digital-colleague',
|
|
37
|
+
'user': 'user',
|
|
38
|
+
};
|
|
34
39
|
function profileRoles(profile, tokens) {
|
|
35
40
|
let role = 'user'; // default role
|
|
36
41
|
if (tokens && tokens.access_token) {
|
|
37
42
|
const decodedJWT = decodeJwt(tokens.access_token);
|
|
38
43
|
const permissions = decodedJWT.resource_access?.[process.env.OAUTH_CLIENT_ID]?.roles;
|
|
39
|
-
|
|
44
|
+
if (permissions && Array.isArray(permissions)) {
|
|
45
|
+
for (const permission of permissions) {
|
|
46
|
+
if (VALID_ROLES[permission]) {
|
|
47
|
+
role = VALID_ROLES[permission];
|
|
48
|
+
break;
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
40
52
|
}
|
|
41
53
|
return { id: profile.sub, role, ...profile };
|
|
42
54
|
}
|
|
@@ -54,7 +66,14 @@ async function persistTokens(userId, account, payloadConfig) {
|
|
|
54
66
|
if (account && account.access_token) {
|
|
55
67
|
const decodedJWT = decodeJwt(account.access_token);
|
|
56
68
|
const permissions = decodedJWT.resource_access?.[process.env.OAUTH_CLIENT_ID]?.roles;
|
|
57
|
-
|
|
69
|
+
if (permissions && Array.isArray(permissions)) {
|
|
70
|
+
for (const permission of permissions) {
|
|
71
|
+
if (VALID_ROLES[permission]) {
|
|
72
|
+
role = VALID_ROLES[permission];
|
|
73
|
+
break;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
}
|
|
58
77
|
}
|
|
59
78
|
await payload.update({
|
|
60
79
|
collection: "users",
|
|
@@ -101,27 +120,33 @@ const userCollectionDatabaseFields = [{
|
|
|
101
120
|
read: payloadAcl.ownOnly
|
|
102
121
|
},
|
|
103
122
|
},
|
|
104
|
-
{
|
|
123
|
+
{
|
|
124
|
+
name: "refresh_token", type: "text", admin: { disabled: true }, access: {
|
|
105
125
|
read: payloadAcl.ownOnly
|
|
106
126
|
},
|
|
107
127
|
},
|
|
108
|
-
{
|
|
128
|
+
{
|
|
129
|
+
name: "expires_at", type: "number", admin: { disabled: true }, access: {
|
|
109
130
|
read: payloadAcl.ownOnly
|
|
110
131
|
},
|
|
111
132
|
},
|
|
112
|
-
{
|
|
133
|
+
{
|
|
134
|
+
name: "id_token", type: "text", admin: { disabled: true }, access: {
|
|
113
135
|
read: payloadAcl.ownOnly
|
|
114
136
|
},
|
|
115
137
|
},
|
|
116
|
-
{
|
|
138
|
+
{
|
|
139
|
+
name: "token_type", type: "text", admin: { disabled: true }, access: {
|
|
117
140
|
read: payloadAcl.ownOnly
|
|
118
141
|
},
|
|
119
142
|
},
|
|
120
|
-
{
|
|
143
|
+
{
|
|
144
|
+
name: "scope", type: "text", admin: { disabled: true }, access: {
|
|
121
145
|
read: payloadAcl.ownOnly
|
|
122
146
|
},
|
|
123
147
|
},
|
|
124
|
-
{
|
|
148
|
+
{
|
|
149
|
+
name: "session_state", type: "text", admin: { disabled: true }, access: {
|
|
125
150
|
read: payloadAcl.ownOnly
|
|
126
151
|
},
|
|
127
152
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AAkBxC,SAAS,aAAa,CAAC,WAA0B,EAAE,EAAE,OAAwB,EAAE,MAAc;IAC3F,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;IACjC,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;IAEnD,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAC5B,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,iBAAiB,KAAK,iBAAiB,CACzF,CAAA;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IAED,MAAM,OAAO,GAAgB;QAC3B,QAAQ;QACR,iBAAiB;QACjB,IAAI,EAAE,OAAO,CAAC,IAA+C,EAAG,4BAA4B;QAE5F,0EAA0E;QAC1E,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC;QAChE,aAAa,EAAE,YAAY,CAAC,OAAO,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,CAAC;QAClE,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;QACxD,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;QAC5B,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;KAC9B,CAAA;IAEhB,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAA;QAC1B,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,CAAC,GAAG,QAAQ,EAAE,OAAO,CAAC,CAAA;AAC/B,CAAC;AAED,SAAS,YAAY,CAAC,OAA+C,EAAE,MAAwD;IAC7H,IAAI,IAAI,GAAG,MAAM,CAAC,CAAC,eAAe;IAClC,IAAI,MAAM,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAClD,MAAM,WAAW,GAAK,UAAU,CAAC,eAAwD,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,EAAE,KAA8B,CAAC;QAC1J,IAAI,
|
|
1
|
+
{"version":3,"file":"configuration.js","sourceRoot":"","sources":["../../src/payload-jwt/configuration.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAChC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AAkBxC,SAAS,aAAa,CAAC,WAA0B,EAAE,EAAE,OAAwB,EAAE,MAAc;IAC3F,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;IACjC,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;IAEnD,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAC5B,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,iBAAiB,KAAK,iBAAiB,CACzF,CAAA;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IAED,MAAM,OAAO,GAAgB;QAC3B,QAAQ;QACR,iBAAiB;QACjB,IAAI,EAAE,OAAO,CAAC,IAA+C,EAAG,4BAA4B;QAE5F,0EAA0E;QAC1E,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC;QAChE,aAAa,EAAE,YAAY,CAAC,OAAO,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,CAAC;QAClE,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,QAAQ,EAAE,YAAY,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;QACxD,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;QACtC,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;QAC5B,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,IAAI;KAC9B,CAAA;IAEhB,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAA;QAC1B,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAA;QACnB,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,CAAC,GAAG,QAAQ,EAAE,OAAO,CAAC,CAAA;AAC/B,CAAC;AAID,MAAM,CAAC,MAAM,WAAW,GAA8B;IACpD,OAAO,EAAE,OAAO;IAChB,mBAAmB,EAAE,mBAAmB;IACxC,MAAM,EAAE,MAAM;CACf,CAAA;AAED,SAAS,YAAY,CAAC,OAA+C,EAAE,MAAwD;IAC7H,IAAI,IAAI,GAAG,MAAM,CAAC,CAAC,eAAe;IAClC,IAAI,MAAM,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAClD,MAAM,WAAW,GAAK,UAAU,CAAC,eAAwD,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,EAAE,KAA8B,CAAC;QAC1J,IAAI,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9C,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;gBACrC,IAAI,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC5B,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;oBAC/B,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAA;AAC9C,CAAC;AAED,uDAAuD;AACvD,KAAK,UAAU,aAAa,CAAC,MAAc,EAAE,OAAwB,EAAE,aAAuC;IAC5G,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,EAAE,MAAM,EAAE,MAAM,aAAa,EAAE,CAAC,CAAA;IAEjE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC;QACtC,UAAU,EAAE,OAAO;QACnB,EAAE,EAAE,MAAM;QACV,KAAK,EAAE,CAAC;KACT,CAAC,CAAA;IAEF,MAAM,QAAQ,GAAI,QAAiB,CAAC,QAAQ,IAAI,EAAE,CAAA;IAClD,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAA;IACzD,IAAI,IAAI,GAAG,MAAM,CAAC,CAAC,eAAe;IAClC,IAAI,OAAO,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,WAAW,GAAK,UAAU,CAAC,eAAwD,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,eAAgB,CAAC,EAAE,KAA8B,CAAC;QAC1J,IAAI,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9C,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;gBACrC,IAAI,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC5B,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;oBAC/B,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,MAAM,OAAO,CAAC,MAAM,CAAC;QACnB,UAAU,EAAE,OAAO;QACnB,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;QACxB,cAAc,EAAE,IAAI;KACrB,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,4BAA4B,GAAG,CAAC;QACpC,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE;YACP;gBACE,KAAK,EAAE,MAAM;gBACb,KAAK,EAAE,MAAM;aACd;YACD;gBACE,KAAK,EAAE,OAAO;gBACd,KAAK,EAAE,OAAO;aACf;YACD;gBACE,KAAK,EAAE,mBAAmB;gBAC1B,KAAK,EAAE,mBAAmB;aAC3B;SACF;QACD,YAAY,EAAE,MAAM;QACpB,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE;YACL,WAAW,EAAE,sBAAsB;SACpC;KACF;IACD,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,EAAE;IAC3E;QACE,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,WAAW;QACvC,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;YAClD,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC3D,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE;YAE9B,aAAa;YACb;gBACE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE;oBACrE,IAAI,EAAE,UAAU,CAAC,OAAO;iBACzB;aACF;YACD;gBACE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE;oBACtE,IAAI,EAAE,UAAU,CAAC,OAAO;iBACzB;aACF;YACD;gBACE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE;oBACrE,IAAI,EAAE,UAAU,CAAC,OAAO;iBACzB;aACF;YACD;gBACE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE;oBACjE,IAAI,EAAE,UAAU,CAAC,OAAO;iBACzB;aACF;YACD;gBACE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE;oBACnE,IAAI,EAAE,UAAU,CAAC,OAAO;iBACzB;aACF;YACD;gBACE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE;oBAC9D,IAAI,EAAE,UAAU,CAAC,OAAO;iBACzB;aACF;YACD;gBACE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE;oBACtE,IAAI,EAAE,UAAU,CAAC,OAAO;iBACzB;aACF;SACF;KACF,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAE/B,4BAA4B;IAC5B,aAAa;IAEb,YAAY;CACb,CAAC"}
|