dominus-sdk-nodejs 1.16.1 → 1.16.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/page-rules.d.ts +57 -0
- package/dist/lib/page-rules.d.ts.map +1 -0
- package/dist/lib/page-rules.js +123 -0
- package/dist/lib/page-rules.js.map +1 -0
- package/dist/lib/user-session.d.ts +2 -0
- package/dist/lib/user-session.d.ts.map +1 -1
- package/dist/lib/user-session.js +1 -1
- package/dist/lib/user-session.js.map +1 -1
- package/dist/namespaces/portal.d.ts +3 -1
- package/dist/namespaces/portal.d.ts.map +1 -1
- package/dist/namespaces/portal.js +56 -3
- package/dist/namespaces/portal.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Page Rules Manager
|
|
3
|
+
*
|
|
4
|
+
* Manages a global (project-wide) cache of page access rules.
|
|
5
|
+
* Enables local evaluation of page access without per-page server calls.
|
|
6
|
+
*
|
|
7
|
+
* The rules are the same for all users in a project — only the evaluation
|
|
8
|
+
* differs (comparing rules against each user's JWT claims).
|
|
9
|
+
*
|
|
10
|
+
* Three-tier cache hierarchy:
|
|
11
|
+
* 1. Per-user result cache (in portal.ts) — exact match, instant
|
|
12
|
+
* 2. Global rules cache + local eval (this module) — one fetch serves all users
|
|
13
|
+
* 3. Server fallback (in portal.ts) — for unknown pages / auto-registration
|
|
14
|
+
*/
|
|
15
|
+
import type { DominusClient } from './client.js';
|
|
16
|
+
/** A single page's access rules */
|
|
17
|
+
export interface PageRule {
|
|
18
|
+
path: string;
|
|
19
|
+
is_public: boolean;
|
|
20
|
+
required_scopes: string[];
|
|
21
|
+
excluded_scopes: string[];
|
|
22
|
+
required_roles: string[];
|
|
23
|
+
excluded_roles: string[];
|
|
24
|
+
}
|
|
25
|
+
/** Result of local access evaluation */
|
|
26
|
+
export interface LocalAccessResult {
|
|
27
|
+
allowed: boolean;
|
|
28
|
+
reason?: string;
|
|
29
|
+
}
|
|
30
|
+
export declare class PageRulesManager {
|
|
31
|
+
/** Deduplicates concurrent fetch requests */
|
|
32
|
+
private loadingPromise;
|
|
33
|
+
/**
|
|
34
|
+
* Get cached page rules or fetch from server.
|
|
35
|
+
* Deduplicates concurrent requests (first call fetches, others wait).
|
|
36
|
+
*/
|
|
37
|
+
getRules(client: DominusClient, userToken: string): Promise<PageRule[] | null>;
|
|
38
|
+
/**
|
|
39
|
+
* Evaluate page access locally using cached rules + JWT claims.
|
|
40
|
+
* Returns null if page not found in rules (caller should fall through to server).
|
|
41
|
+
*/
|
|
42
|
+
evaluateAccess(path: string, userScopes: string[], userRoles: string[], rules: PageRule[]): LocalAccessResult | null;
|
|
43
|
+
/**
|
|
44
|
+
* Extract scopes and roles from a user JWT token (local decode, no network).
|
|
45
|
+
*/
|
|
46
|
+
extractClaims(userToken: string): {
|
|
47
|
+
scopes: string[];
|
|
48
|
+
roles: string[];
|
|
49
|
+
} | null;
|
|
50
|
+
/**
|
|
51
|
+
* Fetch page rules from portal-worker and cache globally.
|
|
52
|
+
*/
|
|
53
|
+
private fetchRules;
|
|
54
|
+
}
|
|
55
|
+
/** Singleton instance */
|
|
56
|
+
export declare const pageRulesManager: PageRulesManager;
|
|
57
|
+
//# sourceMappingURL=page-rules.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"page-rules.d.ts","sourceRoot":"","sources":["../../src/lib/page-rules.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAIjD,mCAAmC;AACnC,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wCAAwC;AACxC,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,gBAAgB;IAC3B,6CAA6C;IAC7C,OAAO,CAAC,cAAc,CAA2C;IAEjE;;;OAGG;IACG,QAAQ,CAAC,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC;IAgBpF;;;OAGG;IACH,cAAc,CACZ,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAAE,EACpB,SAAS,EAAE,MAAM,EAAE,EACnB,KAAK,EAAE,QAAQ,EAAE,GAChB,iBAAiB,GAAG,IAAI;IA0C3B;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG;QAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,GAAG,IAAI;IAiB9E;;OAEG;YACW,UAAU;CAkBzB;AAED,yBAAyB;AACzB,eAAO,MAAM,gBAAgB,kBAAyB,CAAC"}
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Page Rules Manager
|
|
3
|
+
*
|
|
4
|
+
* Manages a global (project-wide) cache of page access rules.
|
|
5
|
+
* Enables local evaluation of page access without per-page server calls.
|
|
6
|
+
*
|
|
7
|
+
* The rules are the same for all users in a project — only the evaluation
|
|
8
|
+
* differs (comparing rules against each user's JWT claims).
|
|
9
|
+
*
|
|
10
|
+
* Three-tier cache hierarchy:
|
|
11
|
+
* 1. Per-user result cache (in portal.ts) — exact match, instant
|
|
12
|
+
* 2. Global rules cache + local eval (this module) — one fetch serves all users
|
|
13
|
+
* 3. Server fallback (in portal.ts) — for unknown pages / auto-registration
|
|
14
|
+
*/
|
|
15
|
+
import { dominusCache } from './cache.js';
|
|
16
|
+
import { decodePayload } from './user-session.js';
|
|
17
|
+
const CACHE_KEY = 'page:rules:global';
|
|
18
|
+
export class PageRulesManager {
|
|
19
|
+
/** Deduplicates concurrent fetch requests */
|
|
20
|
+
loadingPromise = null;
|
|
21
|
+
/**
|
|
22
|
+
* Get cached page rules or fetch from server.
|
|
23
|
+
* Deduplicates concurrent requests (first call fetches, others wait).
|
|
24
|
+
*/
|
|
25
|
+
async getRules(client, userToken) {
|
|
26
|
+
// Check cache first
|
|
27
|
+
const cached = dominusCache.get(CACHE_KEY);
|
|
28
|
+
if (cached)
|
|
29
|
+
return cached;
|
|
30
|
+
// Deduplicate concurrent fetches
|
|
31
|
+
if (this.loadingPromise)
|
|
32
|
+
return this.loadingPromise;
|
|
33
|
+
this.loadingPromise = this.fetchRules(client, userToken);
|
|
34
|
+
try {
|
|
35
|
+
return await this.loadingPromise;
|
|
36
|
+
}
|
|
37
|
+
finally {
|
|
38
|
+
this.loadingPromise = null;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Evaluate page access locally using cached rules + JWT claims.
|
|
43
|
+
* Returns null if page not found in rules (caller should fall through to server).
|
|
44
|
+
*/
|
|
45
|
+
evaluateAccess(path, userScopes, userRoles, rules) {
|
|
46
|
+
const page = rules.find(r => r.path === path);
|
|
47
|
+
if (!page)
|
|
48
|
+
return null; // Not in rules — fall through to server
|
|
49
|
+
if (page.is_public)
|
|
50
|
+
return { allowed: true };
|
|
51
|
+
const scopeSet = new Set(userScopes);
|
|
52
|
+
const roleSet = new Set(userRoles);
|
|
53
|
+
// Check excluded scopes (any match = deny)
|
|
54
|
+
for (const scope of page.excluded_scopes) {
|
|
55
|
+
if (scopeSet.has(scope)) {
|
|
56
|
+
return { allowed: false, reason: 'Excluded by scope' };
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
// Check excluded roles (any match = deny)
|
|
60
|
+
for (const role of page.excluded_roles) {
|
|
61
|
+
if (roleSet.has(role)) {
|
|
62
|
+
return { allowed: false, reason: 'Excluded by role' };
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
// Check required scopes (need at least one if any are defined)
|
|
66
|
+
if (page.required_scopes.length > 0) {
|
|
67
|
+
const hasScope = page.required_scopes.some(s => scopeSet.has(s));
|
|
68
|
+
if (!hasScope) {
|
|
69
|
+
return { allowed: false, reason: 'Missing required scope' };
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
// Check required roles (need at least one if any are defined)
|
|
73
|
+
if (page.required_roles.length > 0) {
|
|
74
|
+
const hasRole = page.required_roles.some(r => roleSet.has(r));
|
|
75
|
+
if (!hasRole) {
|
|
76
|
+
return { allowed: false, reason: 'Missing required role' };
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
return { allowed: true };
|
|
80
|
+
}
|
|
81
|
+
/**
|
|
82
|
+
* Extract scopes and roles from a user JWT token (local decode, no network).
|
|
83
|
+
*/
|
|
84
|
+
extractClaims(userToken) {
|
|
85
|
+
const claims = decodePayload(userToken);
|
|
86
|
+
if (!claims)
|
|
87
|
+
return null;
|
|
88
|
+
// Check expiry
|
|
89
|
+
const exp = claims.exp;
|
|
90
|
+
if (exp) {
|
|
91
|
+
const now = Math.floor(Date.now() / 1000);
|
|
92
|
+
if (exp < now - 60)
|
|
93
|
+
return null;
|
|
94
|
+
}
|
|
95
|
+
return {
|
|
96
|
+
scopes: claims.scopes || [],
|
|
97
|
+
roles: claims.roles || [],
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Fetch page rules from portal-worker and cache globally.
|
|
102
|
+
*/
|
|
103
|
+
async fetchRules(client, userToken) {
|
|
104
|
+
try {
|
|
105
|
+
const result = await client.request({
|
|
106
|
+
endpoint: '/api/portal/nav/page-rules',
|
|
107
|
+
method: 'GET',
|
|
108
|
+
userToken,
|
|
109
|
+
});
|
|
110
|
+
if (result?.page_rules) {
|
|
111
|
+
dominusCache.set(CACHE_KEY, result.page_rules); // 5-minute default TTL
|
|
112
|
+
return result.page_rules;
|
|
113
|
+
}
|
|
114
|
+
return null;
|
|
115
|
+
}
|
|
116
|
+
catch {
|
|
117
|
+
return null; // Fetch failure is non-fatal — fall through to server
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
/** Singleton instance */
|
|
122
|
+
export const pageRulesManager = new PageRulesManager();
|
|
123
|
+
//# sourceMappingURL=page-rules.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"page-rules.js","sourceRoot":"","sources":["../../src/lib/page-rules.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGlD,MAAM,SAAS,GAAG,mBAAmB,CAAC;AAkBtC,MAAM,OAAO,gBAAgB;IAC3B,6CAA6C;IACrC,cAAc,GAAsC,IAAI,CAAC;IAEjE;;;OAGG;IACH,KAAK,CAAC,QAAQ,CAAC,MAAqB,EAAE,SAAiB;QACrD,oBAAoB;QACpB,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAa,SAAS,CAAC,CAAC;QACvD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,iCAAiC;QACjC,IAAI,IAAI,CAAC,cAAc;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC;QAEpD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACzD,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC;QACnC,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC7B,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,cAAc,CACZ,IAAY,EACZ,UAAoB,EACpB,SAAmB,EACnB,KAAiB;QAEjB,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC,CAAC,wCAAwC;QAEhE,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAE7C,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;QAEnC,2CAA2C;QAC3C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzC,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBACxB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;YACzD,CAAC;QACH,CAAC;QAED,0CAA0C;QAC1C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;YACxD,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjE,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,8DAA8D;QAC9D,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,SAAiB;QAC7B,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,eAAe;QACf,MAAM,GAAG,GAAG,MAAM,CAAC,GAAa,CAAC;QACjC,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,IAAI,GAAG,GAAG,GAAG,GAAG,EAAE;gBAAE,OAAO,IAAI,CAAC;QAClC,CAAC;QAED,OAAO;YACL,MAAM,EAAG,MAAM,CAAC,MAAmB,IAAI,EAAE;YACzC,KAAK,EAAG,MAAM,CAAC,KAAkB,IAAI,EAAE;SACxC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,MAAqB,EAAE,SAAiB;QAC/D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAA6B;gBAC9D,QAAQ,EAAE,4BAA4B;gBACtC,MAAM,EAAE,KAAK;gBACb,SAAS;aACV,CAAC,CAAC;YAEH,IAAI,MAAM,EAAE,UAAU,EAAE,CAAC;gBACvB,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,uBAAuB;gBACvE,OAAO,MAAM,CAAC,UAAU,CAAC;YAC3B,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC,CAAC,sDAAsD;QACrE,CAAC;IACH,CAAC;CACF;AAED,yBAAyB;AACzB,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,EAAE,CAAC"}
|
|
@@ -35,6 +35,8 @@ export interface CachedUserSession {
|
|
|
35
35
|
subtypes: string[];
|
|
36
36
|
session_id: string;
|
|
37
37
|
}
|
|
38
|
+
/** Decode JWT payload without signature verification */
|
|
39
|
+
export declare function decodePayload(jwt: string): Record<string, unknown> | null;
|
|
38
40
|
export declare class UserSessionManager {
|
|
39
41
|
/**
|
|
40
42
|
* Try to get cached session data for a user token.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-session.d.ts","sourceRoot":"","sources":["../../src/lib/user-session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,6CAA6C;AAC7C,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,4DAA4D;AAC5D,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,GAAG,QAAQ,CAAC;IAChC,IAAI,CAAC,EAAE;QACL,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,cAAc,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;
|
|
1
|
+
{"version":3,"file":"user-session.d.ts","sourceRoot":"","sources":["../../src/lib/user-session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,6CAA6C;AAC7C,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,4DAA4D;AAC5D,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,GAAG,QAAQ,CAAC;IAChC,IAAI,CAAC,EAAE;QACL,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,cAAc,EAAE,OAAO,CAAC;KACzB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wDAAwD;AACxD,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAczE;AA8DD,qBAAa,kBAAkB;IAC7B;;;OAGG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI;IAK7D;;OAEG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,GAAG,IAAI;IAe9D;;;OAGG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,iBAAiB,GAAG,IAAI;IAc3D;;OAEG;IACH,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;CAIpC;AAED,yBAAyB;AACzB,eAAO,MAAM,kBAAkB,oBAA2B,CAAC"}
|
package/dist/lib/user-session.js
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
import crypto from 'crypto';
|
|
12
12
|
import { dominusCache } from './cache.js';
|
|
13
13
|
/** Decode JWT payload without signature verification */
|
|
14
|
-
function decodePayload(jwt) {
|
|
14
|
+
export function decodePayload(jwt) {
|
|
15
15
|
try {
|
|
16
16
|
const parts = jwt.split('.');
|
|
17
17
|
if (parts.length !== 3)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-session.js","sourceRoot":"","sources":["../../src/lib/user-session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA+B1C,wDAAwD;AACxD,
|
|
1
|
+
{"version":3,"file":"user-session.js","sourceRoot":"","sources":["../../src/lib/user-session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA+B1C,wDAAwD;AACxD,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEpC,IAAI,OAAO,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACxB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACzC,IAAI,OAAO,KAAK,CAAC;YAAE,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAElD,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,yCAAyC;AACzC,SAAS,QAAQ,CAAC,KAAa;IAC7B,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClF,OAAO,gBAAgB,IAAI,EAAE,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,MAA+B;IAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,YAAsB,CAAC;IAClD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAa,CAAC;IAEjC,IAAI,CAAC,WAAW,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtC,4BAA4B;IAC5B,IAAI,WAAW,KAAK,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC,CAAC,oDAAoD;IACnE,CAAC;IAED,kDAAkD;IAClD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAoB,CAAC;IAC5C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,gEAAgE;QAChE,kDAAkD;IACpD,CAAC;SAAM,IAAI,OAAO,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC,CAAC,yCAAyC;IACxD,CAAC;IAED,MAAM,OAAO,GAAsB;QACjC,YAAY,EAAE,WAAgC;QAC9C,OAAO,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC;YACvF,CAAC,CAAC,OAAsB;YACxB,CAAC,CAAC,EAAE;QACN,aAAa,EAAE,MAAM,CAAC,aAAuB;QAC7C,MAAM,EAAG,MAAM,CAAC,MAAmB,IAAI,EAAE;QACzC,KAAK,EAAG,MAAM,CAAC,KAAkB,IAAI,EAAE;QACvC,QAAQ,EAAG,MAAM,CAAC,QAAqB,IAAI,EAAE;QAC7C,UAAU,EAAE,MAAM,CAAC,GAAa;KACjC,CAAC;IAEF,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,IAAI,GAAG;YACb,EAAE,EAAE,GAAG;YACP,QAAQ,EAAE,MAAM,CAAC,QAAkB;YACnC,KAAK,EAAE,MAAM,CAAC,KAAe;YAC7B,cAAc,EAAG,MAAM,CAAC,cAA0B,IAAI,KAAK;SAC5D,CAAC;IACJ,CAAC;SAAM,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;QACpC,IAAI,CAAC,MAAM,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAC/B,OAAO,CAAC,MAAM,GAAG;YACf,EAAE,EAAE,GAAG;YACP,KAAK,EAAE,MAAM,CAAC,KAAe;SAC9B,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,OAAO,kBAAkB;IAC7B;;;OAGG;IACH,gBAAgB,CAAC,SAAiB;QAChC,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAChC,OAAO,YAAY,CAAC,GAAG,CAAoB,GAAG,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,SAAiB,EAAE,IAAuB;QACrD,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,MAAM,GAAG,GAAG,MAAM,CAAC,GAAa,CAAC;QACjC,IAAI,CAAC,GAAG;YAAE,OAAO;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;QAC9C,IAAI,KAAK,IAAI,CAAC;YAAE,OAAO;QAEvB,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAChC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,SAAiB;QAC9B,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,oDAAoD;QACpD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAa,CAAC;QACjC,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,IAAI,GAAG,GAAG,GAAG,GAAG,EAAE;gBAAE,OAAO,IAAI,CAAC;QAClC,CAAC;QAED,OAAO,sBAAsB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,SAAiB;QAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAChC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;CACF;AAED,yBAAyB;AACzB,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,kBAAkB,EAAE,CAAC"}
|
|
@@ -191,7 +191,9 @@ export declare class PortalNamespace {
|
|
|
191
191
|
* @param userToken - User's JWT token
|
|
192
192
|
* @returns Navigation response with tenant_id and items array
|
|
193
193
|
*/
|
|
194
|
-
getNavigation(userToken?: string
|
|
194
|
+
getNavigation(userToken?: string, options?: {
|
|
195
|
+
forceRefresh?: boolean;
|
|
196
|
+
}): Promise<NavigationResponse>;
|
|
195
197
|
/**
|
|
196
198
|
* Check if current user can access a page.
|
|
197
199
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/namespaces/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/namespaces/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAW/C,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;GAKG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,QAAQ,GAAG,aAAa,CAAC;AAE5D;;;GAGG;AACH,MAAM,WAAW,OAAO;IACtB,+BAA+B;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,6DAA6D;IAC7D,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,+CAA+C;IAC/C,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,SAAS,EAAE,WAAW,CAAC;IACvB,8EAA8E;IAC9E,mBAAmB,EAAE,OAAO,CAAC;IAC7B,2BAA2B;IAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,+CAA+C;IAC/C,QAAQ,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,uBAAuB;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,4BAA4B;IAC5B,KAAK,EAAE,OAAO,EAAE,CAAC;CAClB;AAED,qBAAa,eAAe;IAId,OAAO,CAAC,MAAM;IAH1B,sEAAsE;IACtE,KAAK,CAAC,EAAE,aAAa,CAAC;gBAEF,MAAM,EAAE,aAAa;IAMzC;;;;;;;;OAQG;IACG,KAAK,CACT,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAYnC;;;;;;;OAOG;IACG,WAAW,CACf,GAAG,EAAE,MAAM,EACX,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAWnC;;;;OAIG;IACG,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAQlE;;;;;OAKG;IACG,OAAO,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAQnE;;;;;;;OAOG;IACG,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAqD9D;;;;;OAKG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAY1F;;;;;;OAMG;IACG,cAAc,CAClB,eAAe,EAAE,MAAM,EACvB,WAAW,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAWnC;;;OAGG;IACG,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAO3E;;;OAGG;IACG,oBAAoB,CACxB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAOnC;;;;OAIG;IACG,YAAY,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;IAS1D;;;;;OAKG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAQ5F;;;;OAIG;IACG,iBAAiB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAY7E;;;;OAIG;IACG,UAAU,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAQtE;;;;;OAKG;IACG,aAAa,CAAC,MAAM,EAAE;QAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACjC,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAiBxD;;;;OAIG;IACG,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAQ1E;;;;;OAKG;IACG,iBAAiB,CAAC,MAAM,EAAE;QAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAC7B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACjC,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAuBxD;;;;;OAKG;IACG,aAAa,CACjB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;QAAE,YAAY,CAAC,EAAE,OAAO,CAAA;KAAE,GACnC,OAAO,CAAC,kBAAkB,CAAC;IA0B9B;;;;;OAKG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAiD3G;;OAEG;IACG,QAAQ,CACZ,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAYnC;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAOlE;;OAEG;IACG,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAOzE;;OAEG;IACG,gBAAgB,CACpB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAMpC"}
|
|
@@ -3,7 +3,14 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Provides login, logout, session management, profile, and navigation access.
|
|
5
5
|
*/
|
|
6
|
+
import crypto from 'crypto';
|
|
7
|
+
import { dominusCache } from '../lib/cache.js';
|
|
8
|
+
import { pageRulesManager } from '../lib/page-rules.js';
|
|
6
9
|
import { userSessionManager } from '../lib/user-session.js';
|
|
10
|
+
/** Generate a short hash for cache keys */
|
|
11
|
+
function shortHash(input) {
|
|
12
|
+
return crypto.createHash('sha256').update(input).digest('hex').slice(0, 16);
|
|
13
|
+
}
|
|
7
14
|
export class PortalNamespace {
|
|
8
15
|
client;
|
|
9
16
|
/** @internal Injected by Dominus constructor for cache-hit logging */
|
|
@@ -315,12 +322,27 @@ export class PortalNamespace {
|
|
|
315
322
|
* @param userToken - User's JWT token
|
|
316
323
|
* @returns Navigation response with tenant_id and items array
|
|
317
324
|
*/
|
|
318
|
-
async getNavigation(userToken) {
|
|
319
|
-
|
|
325
|
+
async getNavigation(userToken, options) {
|
|
326
|
+
// Try cache first (unless forceRefresh)
|
|
327
|
+
if (userToken && !options?.forceRefresh) {
|
|
328
|
+
const cacheKey = `nav:tree:${shortHash(userToken)}`;
|
|
329
|
+
const cached = dominusCache.get(cacheKey);
|
|
330
|
+
if (cached) {
|
|
331
|
+
void this._logs?.debug('Navigation served from local cache', {}, 'auth');
|
|
332
|
+
return cached;
|
|
333
|
+
}
|
|
334
|
+
}
|
|
335
|
+
const result = await this.client.request({
|
|
320
336
|
endpoint: '/api/portal/nav',
|
|
321
337
|
method: 'GET',
|
|
322
338
|
userToken,
|
|
323
339
|
});
|
|
340
|
+
// Cache the result
|
|
341
|
+
if (userToken && result) {
|
|
342
|
+
const cacheKey = `nav:tree:${shortHash(userToken)}`;
|
|
343
|
+
dominusCache.set(cacheKey, result); // 5-minute default TTL
|
|
344
|
+
}
|
|
345
|
+
return result;
|
|
324
346
|
}
|
|
325
347
|
/**
|
|
326
348
|
* Check if current user can access a page.
|
|
@@ -329,11 +351,42 @@ export class PortalNamespace {
|
|
|
329
351
|
* @param userToken - User's JWT token
|
|
330
352
|
*/
|
|
331
353
|
async checkPageAccess(pagePath, userToken) {
|
|
332
|
-
|
|
354
|
+
if (userToken) {
|
|
355
|
+
// Tier 1: Per-user result cache (exact match, instant)
|
|
356
|
+
const userCacheKey = `page:access:${shortHash(userToken)}:${shortHash(pagePath)}`;
|
|
357
|
+
const cached = dominusCache.get(userCacheKey);
|
|
358
|
+
if (cached) {
|
|
359
|
+
void this._logs?.debug('Page access served from local cache', { path: pagePath }, 'auth');
|
|
360
|
+
return cached;
|
|
361
|
+
}
|
|
362
|
+
// Tier 2: Global rules cache + local evaluation
|
|
363
|
+
const rules = await pageRulesManager.getRules(this.client, userToken);
|
|
364
|
+
if (rules) {
|
|
365
|
+
const claims = pageRulesManager.extractClaims(userToken);
|
|
366
|
+
if (claims) {
|
|
367
|
+
const localResult = pageRulesManager.evaluateAccess(pagePath, claims.scopes, claims.roles, rules);
|
|
368
|
+
if (localResult) {
|
|
369
|
+
// Cache the per-user result for Tier 1
|
|
370
|
+
dominusCache.set(userCacheKey, localResult);
|
|
371
|
+
void this._logs?.debug('Page access evaluated locally', { path: pagePath }, 'auth');
|
|
372
|
+
return localResult;
|
|
373
|
+
}
|
|
374
|
+
// localResult is null = page not in rules, fall through to server
|
|
375
|
+
}
|
|
376
|
+
}
|
|
377
|
+
}
|
|
378
|
+
// Tier 3: Server fallback (unknown pages, auto-registration, no token)
|
|
379
|
+
const result = await this.client.request({
|
|
333
380
|
endpoint: '/api/portal/nav/check-access',
|
|
334
381
|
body: { page_path: pagePath },
|
|
335
382
|
userToken,
|
|
336
383
|
});
|
|
384
|
+
// Cache per-user result UNLESS it's "Page not found" (needs auto-registration flow)
|
|
385
|
+
if (userToken && result && (!result.reason || !result.reason.includes('not found'))) {
|
|
386
|
+
const userCacheKey = `page:access:${shortHash(userToken)}:${shortHash(pagePath)}`;
|
|
387
|
+
dominusCache.set(userCacheKey, result);
|
|
388
|
+
}
|
|
389
|
+
return result;
|
|
337
390
|
}
|
|
338
391
|
// ========================================
|
|
339
392
|
// REGISTRATION
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/namespaces/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/namespaces/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAG5B,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAG5D,2CAA2C;AAC3C,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC9E,CAAC;AAwDD,MAAM,OAAO,eAAe;IAIN;IAHpB,sEAAsE;IACtE,KAAK,CAAiB;IAEtB,YAAoB,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAE7C,2CAA2C;IAC3C,iBAAiB;IACjB,2CAA2C;IAE3C;;;;;;;;OAQG;IACH,KAAK,CAAC,KAAK,CACT,QAAgB,EAChB,QAAgB,EAChB,QAAiB;QAEjB,MAAM,IAAI,GAA2B,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;QAC5D,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC5B,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,wBAAwB;YAClC,IAAI;YACJ,OAAO,EAAE,KAAK,EAAE,sCAAsC;SACvD,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,WAAW,CACf,GAAW,EACX,QAAiB;QAEjB,MAAM,IAAI,GAA2B,EAAE,GAAG,EAAE,CAAC;QAC7C,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC5B,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,+BAA+B;YACzC,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,SAAkB;QAC7B,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,yBAAyB;YACnC,IAAI,EAAE,EAAE;YACR,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAC,SAAkB;QAC9B,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,0BAA0B;YACpC,IAAI,EAAE,EAAE;YACR,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,CAAC,SAAkB;QACzB,IAAI,SAAS,EAAE,CAAC;YACd,2CAA2C;YAC3C,MAAM,MAAM,GAAG,kBAAkB,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC9D,IAAI,MAAM,EAAE,CAAC;gBACX,KAAK,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,kCAAkC,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;gBACvE,OAAO,MAA4C,CAAC;YACtD,CAAC;YAED,+DAA+D;YAC/D,MAAM,SAAS,GAAG,kBAAkB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;YAC/D,IAAI,SAAS,EAAE,CAAC;gBACd,kBAAkB,CAAC,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;gBACtD,KAAK,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,uCAAuC,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;gBAC5E,OAAO,SAA+C,CAAC;YACzD,CAAC;QACH,CAAC;QAED,8DAA8D;QAC9D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAA0B;YAChE,QAAQ,EAAE,qBAAqB;YAC/B,MAAM,EAAE,KAAK;YACb,SAAS;SACV,CAAC,CAAC;QAEH,iDAAiD;QACjD,IAAI,SAAS,IAAI,MAAM,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,CAAC,GAAG,MAAiC,CAAC;gBAC5C,MAAM,OAAO,GAAsB;oBACjC,YAAY,EAAG,CAAC,CAAC,YAAkC,IAAI,MAAM;oBAC7D,OAAO,EAAG,CAAC,CAAC,OAAuB,IAAI,EAAE;oBACzC,aAAa,EAAG,CAAC,CAAC,aAAwB,IAAI,EAAE;oBAChD,MAAM,EAAG,CAAC,CAAC,MAAmB,IAAI,EAAE;oBACpC,KAAK,EAAG,CAAC,CAAC,KAAkB,IAAI,EAAE;oBAClC,QAAQ,EAAG,CAAC,CAAC,QAAqB,IAAI,EAAE;oBACxC,UAAU,EAAG,CAAC,CAAC,UAAqB,IAAI,EAAE;iBAC3C,CAAC;gBACF,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;oBACX,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,IAAiC,CAAC;gBACrD,CAAC;gBACD,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;oBACb,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,MAAqC,CAAC;gBAC3D,CAAC;gBACD,kBAAkB,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;YAAC,MAAM,CAAC;gBACP,6BAA6B;YAC/B,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,SAAkB;QACrD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,gCAAgC;YAC1C,IAAI,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE;YAC7B,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,WAAW;IACX,2CAA2C;IAE3C;;;;;;OAMG;IACH,KAAK,CAAC,cAAc,CAClB,eAAuB,EACvB,WAAmB,EACnB,SAAkB;QAElB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,sCAAsC;YAChD,IAAI,EAAE;gBACJ,gBAAgB,EAAE,eAAe;gBACjC,YAAY,EAAE,WAAW;aAC1B;YACD,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,oBAAoB,CAAC,KAAa;QACtC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,oCAAoC;YAC9C,IAAI,EAAE,EAAE,KAAK,EAAE;SAChB,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,oBAAoB,CACxB,KAAa,EACb,WAAmB;QAEnB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,oCAAoC;YAC9C,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE;SAC3C,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY,CAAC,SAAkB;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsC;YAC5E,QAAQ,EAAE,+BAA+B;YACzC,MAAM,EAAE,KAAK;YACb,SAAS;SACV,CAAC,CAAC;QACH,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;IAChE,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,SAAkB;QACvD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,iCAAiC,SAAS,EAAE;YACtD,MAAM,EAAE,QAAQ;YAChB,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CAAC,SAAkB;QACxC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,0CAA0C;YACpD,IAAI,EAAE,EAAE;YACR,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,UAAU;IACV,2CAA2C;IAE3C;;;;OAIG;IACH,KAAK,CAAC,UAAU,CAAC,SAAkB;QACjC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,MAAM,EAAE,KAAK;YACb,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,MAMnB,EAAE,SAAkB;QACnB,MAAM,IAAI,GAA4B,EAAE,CAAC;QAEzC,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS;YAAE,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC;QAC7E,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS;YAAE,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC;QACvE,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS;YAAE,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACpD,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1D,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAE1D,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,MAAM,EAAE,KAAK;YACb,IAAI;YACJ,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,SAAkB;QACrC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,iCAAiC;YAC3C,MAAM,EAAE,KAAK;YACb,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CAAC,MAQvB,EAAE,SAAkB;QACnB,MAAM,IAAI,GAA4B,EAAE,CAAC;QAEzC,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC1D,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS;YAAE,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACnE,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS;YAAE,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACnE,IAAI,MAAM,CAAC,gBAAgB,KAAK,SAAS;YAAE,IAAI,CAAC,iBAAiB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAC5F,IAAI,MAAM,CAAC,oBAAoB,KAAK,SAAS;YAAE,IAAI,CAAC,qBAAqB,GAAG,MAAM,CAAC,oBAAoB,CAAC;QACxG,IAAI,MAAM,CAAC,kBAAkB,KAAK,SAAS;YAAE,IAAI,CAAC,mBAAmB,GAAG,MAAM,CAAC,kBAAkB,CAAC;QAClG,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAE1D,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,iCAAiC;YAC3C,MAAM,EAAE,KAAK;YACb,IAAI;YACJ,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,aAAa;IACb,2CAA2C;IAE3C;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CACjB,SAAkB,EAClB,OAAoC;QAEpC,wCAAwC;QACxC,IAAI,SAAS,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,YAAY,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;YACpD,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAqB,QAAQ,CAAC,CAAC;YAC9D,IAAI,MAAM,EAAE,CAAC;gBACX,KAAK,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,oCAAoC,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;gBACzE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAqB;YAC3D,QAAQ,EAAE,iBAAiB;YAC3B,MAAM,EAAE,KAAK;YACb,SAAS;SACV,CAAC,CAAC;QAEH,mBAAmB;QACnB,IAAI,SAAS,IAAI,MAAM,EAAE,CAAC;YACxB,MAAM,QAAQ,GAAG,YAAY,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;YACpD,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB;QAC7D,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,SAAkB;QACxD,IAAI,SAAS,EAAE,CAAC;YACd,uDAAuD;YACvD,MAAM,YAAY,GAAG,eAAe,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClF,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAwC,YAAY,CAAC,CAAC;YACrF,IAAI,MAAM,EAAE,CAAC;gBACX,KAAK,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,qCAAqC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;gBAC1F,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,gDAAgD;YAChD,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACtE,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,MAAM,GAAG,gBAAgB,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACzD,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,WAAW,GAAG,gBAAgB,CAAC,cAAc,CACjD,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,CAC7C,CAAC;oBACF,IAAI,WAAW,EAAE,CAAC;wBAChB,uCAAuC;wBACvC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;wBAC5C,KAAK,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,+BAA+B,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,MAAM,CAAC,CAAC;wBACpF,OAAO,WAAW,CAAC;oBACrB,CAAC;oBACD,kEAAkE;gBACpE,CAAC;YACH,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAwC;YAC9E,QAAQ,EAAE,8BAA8B;YACxC,IAAI,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE;YAC7B,SAAS;SACV,CAAC,CAAC;QAEH,oFAAoF;QACpF,IAAI,SAAS,IAAI,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACpF,MAAM,YAAY,GAAG,eAAe,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClF,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACzC,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,2CAA2C;IAC3C,eAAe;IACf,2CAA2C;IAE3C;;OAEG;IACH,KAAK,CAAC,QAAQ,CACZ,QAAgB,EAChB,KAAa,EACb,QAAgB,EAChB,QAAgB;QAEhB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,sBAAsB;YAChC,IAAI,EAAE;gBACJ,QAAQ;gBACR,KAAK;gBACL,QAAQ;gBACR,SAAS,EAAE,QAAQ;aACpB;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,6BAA6B;YACvC,IAAI,EAAE,EAAE,KAAK,EAAE;SAChB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,0CAA0C;YACpD,IAAI,EAAE,EAAE,KAAK,EAAE;SAChB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CACpB,KAAa,EACb,QAAgB;QAEhB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,wCAAwC;YAClD,IAAI,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE;SAC1B,CAAC,CAAC;IACL,CAAC;CACF"}
|