keycloak-express-middleware 4.4.1 → 4.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -1
- package/index.js +24 -9
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -486,7 +486,11 @@ Middleware to protect Express routes based on authentication and, optionally, au
|
|
|
486
486
|
Allows restricting access to a resource only to authenticated users or to those possessing specific roles in the realm or in a Keycloak client.
|
|
487
487
|
|
|
488
488
|
**` -- @parameters -- `**
|
|
489
|
-
- **conditions**: `[optional]`
|
|
489
|
+
- **conditions**: `[optional]` A String specifing one role, or an array of strings each specifying one or more required roles; or a function executing custom code performing an access role verification
|
|
490
|
+
- As a string: specifies one required role, using the syntax:
|
|
491
|
+
- 'role' → client role in the configured client (e.g., 'admin')
|
|
492
|
+
- 'clientid:role' → client role of a specific client (e.g., 'myclient:editor')
|
|
493
|
+
- 'realm:role' → realm role (e.g., 'realm:superuser')
|
|
490
494
|
- As array of strings: specifies one or more required roles, using the syntax:
|
|
491
495
|
- 'role' → client role in the configured client (e.g., 'admin')
|
|
492
496
|
- 'clientid:role' → client role of a specific client (e.g., 'myclient:editor')
|
|
@@ -494,6 +498,7 @@ Allows restricting access to a resource only to authenticated users or to those
|
|
|
494
498
|
- As a function: receives (token, req) and must return true or false synchronously. This function enables custom authorization logic. The `token` object passed to the authorization function exposes methods such as:
|
|
495
499
|
- token.hasRole('admin') // client role in configured client
|
|
496
500
|
- token.hasRole('realm:superuser') // realm role
|
|
501
|
+
- token.hasRealmRole('superuser) // realm role like token.hasRole('realm:superuser')
|
|
497
502
|
- token.hasRole('my-client:editor') // client role of a specific client
|
|
498
503
|
- token.hasResourceRole('editor', 'my-client-id') // equivalent to hasRole('my-client:editor')
|
|
499
504
|
The authorization function must be synchronous and return true (allow access) or false (deny access).
|
|
@@ -715,6 +720,7 @@ for example showing different content based on role.
|
|
|
715
720
|
Represents the decoded Keycloak token and exposes several useful methods such as:
|
|
716
721
|
- token.hasRole('admin') // true/false if it has client role "admin"
|
|
717
722
|
- token.hasRole('realm:superuser') // true/false if it has realm role "superuser"
|
|
723
|
+
- token.hasRealmRole('superuser) // realm role like token.hasRole('realm:superuser')
|
|
718
724
|
- token.hasRole('my-client:editor') // true/false if it has client role "editor" for client "my-client"
|
|
719
725
|
- token.hasResourceRole('editor', 'my-client-id') // identical to hasRole('my-client:editor')
|
|
720
726
|
|
package/index.js
CHANGED
|
@@ -322,19 +322,34 @@ class keycloakExpressMiddleware {
|
|
|
322
322
|
* or false (deny access).
|
|
323
323
|
*/
|
|
324
324
|
|
|
325
|
-
protectMiddleware(conditions){
|
|
326
|
-
|
|
325
|
+
// protectMiddleware(conditions){
|
|
326
|
+
// //return(this.keycloak.protect(conditions));
|
|
327
|
+
//
|
|
328
|
+
// const self = this;
|
|
329
|
+
// return function(req, res, next){
|
|
330
|
+
// conditions = Array.isArray(conditions) ? conditions : [conditions];
|
|
331
|
+
// self.keycloak.protect((token) => {
|
|
332
|
+
// return conditions.some((role) => typeof role === 'string' && token.hasRole(role));
|
|
333
|
+
// })(req, res, next);
|
|
334
|
+
// }
|
|
335
|
+
// }
|
|
336
|
+
protectMiddleware(conditions) {
|
|
337
|
+
// Se conditions è una funzione, delega direttamente a keycloak.protect()
|
|
338
|
+
if (typeof conditions === 'function') {
|
|
339
|
+
return this.keycloak.protect(conditions);
|
|
340
|
+
}
|
|
327
341
|
|
|
328
|
-
|
|
329
|
-
return
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
return
|
|
342
|
+
// Altrimenti, gestisci ruoli singoli o multipli
|
|
343
|
+
return (req, res, next) => {
|
|
344
|
+
const roles = Array.isArray(conditions) ? conditions : [conditions];
|
|
345
|
+
this.keycloak.protect((token) => {
|
|
346
|
+
return roles.some(
|
|
347
|
+
(role) => typeof role === 'string' && token.hasRole(role)
|
|
348
|
+
);
|
|
333
349
|
})(req, res, next);
|
|
334
|
-
}
|
|
350
|
+
};
|
|
335
351
|
}
|
|
336
352
|
|
|
337
|
-
|
|
338
353
|
/**
|
|
339
354
|
* *************************** - ITALIANO - *****************************
|
|
340
355
|
* Middleware simile a `protectMiddleware` ma con controllo dinamico dei ruoli tramite funzione.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "keycloak-express-middleware",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.5.0",
|
|
4
4
|
"description": "Adapter API to integrate Node.js (Express) applications with Keycloak. Provides middleware for authentication, authorization, token validation, and route protection via OpenID Connect.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|