node-opcua-address-space-base 2.164.0 → 2.165.0

package/dist/address_space.d.ts

@@ -1,8 +1,9 @@
 import { ExtensionObject } from "node-opcua-extension-object";
 import { NodeId, NodeIdLike } from "node-opcua-nodeid";
 import { AnyConstructorFunc } from "node-opcua-schemas";
+import { StatusCode } from "node-opcua-status-code";
 import { BrowseDescription, BrowsePath, BrowsePathResult, BrowseResult } from "node-opcua-types";
-import { DataType, VariantByteString } from "node-opcua-variant";
+import { DataType, Variant, VariantByteString } from "node-opcua-variant";
 import { AddReferenceOpts, BaseNode } from "./base_node";
 import { INamespace } from "./namespace";
 import { ISessionContext } from "./session_context";
@@ -18,6 +19,12 @@ import { IHistoricalDataNodeOptions, UAVariable } from "./ua_variable";
 import { UAVariableType } from "./ua_variable_type";
 import { UAView } from "./ua_view";
 export type ShutdownTask = ((this: IAddressSpace) => void) | ((this: IAddressSpace) => Promise<void>);
+/**
+ * A method call interceptor is invoked before every UAMethod.execute() call.
+ * Return `StatusCodes.Good` to allow the call, or any other StatusCode to reject it.
+ * The interceptor may be synchronous or asynchronous.
+ */
+export type MethodCallInterceptor = (context: ISessionContext, object: UAObject | UAObjectType | null, method: UAMethod, inputArguments: Variant[]) => StatusCode | Promise<StatusCode>;
 interface UARootFolder_Objects extends UAObject {
     server: UAObject;
 }
@@ -170,5 +177,16 @@ export interface IAddressSpace {
      * EventId is generated by the Server to uniquely identify a particular Event Notification.
      */
     generateEventId(): VariantByteString;
+    /**
+     * Register a method call interceptor.
+     * Interceptors are called sequentially before each UAMethod.execute().
+     * If any interceptor returns a non-Good StatusCode, the method call
+     * is rejected and subsequent interceptors are skipped.
+     */
+    addMethodCallInterceptor(interceptor: MethodCallInterceptor): void;
+    /**
+     * Remove a previously registered method call interceptor.
+     */
+    removeMethodCallInterceptor(interceptor: MethodCallInterceptor): void;
 }
 export {};

package/dist/session_context.d.ts

@@ -44,13 +44,33 @@ export interface ContinuationPointData {
     dataValues: DataValue[];
 }
 export interface ISessionContext {
-    session?: ISessionBase;
+    /** The underlying OPC UA session, if available. */
+    readonly session?: ISessionBase;
+    /** Returns the NodeIds of all roles assigned to the current user. */
     getCurrentUserRoles(): NodeId[];
+    /** Check whether the current user has the given permission on a node. */
     checkPermission(node: BaseNode, action: PermissionType): boolean;
+    /** Returns `true` if browsing the given node is restricted for the current user. */
     isBrowseAccessRestricted(node: BaseNode): boolean;
+    /** Returns `true` if the current user has the given role. */
     currentUserHasRole(role: NodeIdLike): boolean;
+    /** Returns `true` if access to the node is restricted by security settings. */
     isAccessRestricted(node: BaseNode): boolean;
+    /** The object on which the current operation is being performed. */
     object?: UAObject | UAObjectType;
+    /** Server timestamp at the time the request was received. */
     currentTime?: PreciseClock;
-    userIdentity?: string;
+    /** Display name of the authenticated user (e.g. "anonymous"). */
+    readonly userIdentity?: string;
+    /**
+     * The client's application-instance certificate,
+     * or `null` if no secure channel is available.
+     */
+    readonly clientCertificate: Certificate | null;
+    /**
+     * The application URI extracted from the client
+     * certificate's SubjectAltName, or `null` if
+     * unavailable.
+     */
+    readonly clientApplicationUri: string | null;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "node-opcua-address-space-base",
-    "version": "2.164.0",
+    "version": "2.165.0",
     "description": "pure nodejs OPCUA SDK - module address-space-base",
     "main": "./dist/index.js",
     "types": "./dist/index.d.ts",
@@ -18,20 +18,20 @@
     },
     "dependencies": {
         "node-opcua-assert": "2.164.0",
-        "node-opcua-basic-types": "2.164.0",
+        "node-opcua-basic-types": "2.165.0",
         "node-opcua-constants": "2.157.0",
         "node-opcua-crypto": "5.3.0",
-        "node-opcua-data-model": "2.164.0",
-        "node-opcua-data-value": "2.164.0",
-        "node-opcua-date-time": "2.164.0",
-        "node-opcua-debug": "2.164.0",
-        "node-opcua-extension-object": "2.164.0",
-        "node-opcua-nodeid": "2.164.0",
-        "node-opcua-numeric-range": "2.164.0",
-        "node-opcua-schemas": "2.164.0",
-        "node-opcua-status-code": "2.164.0",
-        "node-opcua-types": "2.164.0",
-        "node-opcua-variant": "2.164.0"
+        "node-opcua-data-model": "2.165.0",
+        "node-opcua-data-value": "2.165.0",
+        "node-opcua-date-time": "2.165.0",
+        "node-opcua-debug": "2.165.0",
+        "node-opcua-extension-object": "2.165.0",
+        "node-opcua-nodeid": "2.165.0",
+        "node-opcua-numeric-range": "2.165.0",
+        "node-opcua-schemas": "2.165.0",
+        "node-opcua-status-code": "2.165.0",
+        "node-opcua-types": "2.165.0",
+        "node-opcua-variant": "2.165.0"
     },
     "author": "Etienne Rossignon",
     "license": "MIT",
@@ -48,7 +48,7 @@
         "internet of things"
     ],
     "homepage": "http://node-opcua.github.io/",
-    "gitHead": "eb76d34b885c7584785d8eff69ada66f95b55c2e",
+    "gitHead": "fe53ac03427fcb223996446c991f7496635ba193",
     "files": [
         "dist",
         "source"

package/source/address_space.ts

@@ -1,8 +1,9 @@
 import { ExtensionObject } from "node-opcua-extension-object";
 import { NodeId, NodeIdLike } from "node-opcua-nodeid";
 import { AnyConstructorFunc } from "node-opcua-schemas";
+import { StatusCode } from "node-opcua-status-code";
 import { BrowseDescription, BrowsePath, BrowsePathResult, BrowseResult } from "node-opcua-types";
-import { DataType, VariantByteString } from "node-opcua-variant";
+import { DataType, Variant, VariantByteString } from "node-opcua-variant";
 //
 import { AddReferenceOpts, BaseNode } from "./base_node";
 import { INamespace } from "./namespace";
@@ -21,6 +22,18 @@ import { UAView } from "./ua_view";
 
 export type ShutdownTask = ((this: IAddressSpace) => void) | ((this: IAddressSpace) => Promise<void>);
 
+/**
+ * A method call interceptor is invoked before every UAMethod.execute() call.
+ * Return `StatusCodes.Good` to allow the call, or any other StatusCode to reject it.
+ * The interceptor may be synchronous or asynchronous.
+ */
+export type MethodCallInterceptor = (
+    context: ISessionContext,
+    object: UAObject | UAObjectType | null,
+    method: UAMethod,
+    inputArguments: Variant[]
+) => StatusCode | Promise<StatusCode>;
+
 interface UARootFolder_Objects extends UAObject {
     server: UAObject;
 }
@@ -208,4 +221,18 @@ export interface IAddressSpace {
      * EventId is generated by the Server to uniquely identify a particular Event Notification.
      */
     generateEventId(): VariantByteString;
+
+    // -------------- Method call interceptors
+    /**
+     * Register a method call interceptor.
+     * Interceptors are called sequentially before each UAMethod.execute().
+     * If any interceptor returns a non-Good StatusCode, the method call
+     * is rejected and subsequent interceptors are skipped.
+     */
+    addMethodCallInterceptor(interceptor: MethodCallInterceptor): void;
+
+    /**
+     * Remove a previously registered method call interceptor.
+     */
+    removeMethodCallInterceptor(interceptor: MethodCallInterceptor): void;
 }

package/source/session_context.ts

@@ -64,13 +64,43 @@ export interface ContinuationPointData {
     dataValues: DataValue[];
 }
 export interface ISessionContext {
-    session?: ISessionBase;
+    /** The underlying OPC UA session, if available. */
+    readonly session?: ISessionBase;
+
+    /** Returns the NodeIds of all roles assigned to the current user. */
     getCurrentUserRoles(): NodeId[];
+
+    /** Check whether the current user has the given permission on a node. */
     checkPermission(node: BaseNode, action: PermissionType): boolean;
+
+    /** Returns `true` if browsing the given node is restricted for the current user. */
     isBrowseAccessRestricted(node: BaseNode): boolean;
+
+    /** Returns `true` if the current user has the given role. */
     currentUserHasRole(role: NodeIdLike): boolean;
+
+    /** Returns `true` if access to the node is restricted by security settings. */
     isAccessRestricted(node: BaseNode): boolean;
+
+    /** The object on which the current operation is being performed. */
     object?: UAObject | UAObjectType;
+
+    /** Server timestamp at the time the request was received. */
     currentTime?: PreciseClock;
-    userIdentity?: string;
+
+    /** Display name of the authenticated user (e.g. "anonymous"). */
+    readonly userIdentity?: string;
+
+    /**
+     * The client's application-instance certificate,
+     * or `null` if no secure channel is available.
+     */
+    readonly clientCertificate: Certificate | null;
+
+    /**
+     * The application URI extracted from the client
+     * certificate's SubjectAltName, or `null` if
+     * unavailable.
+     */
+    readonly clientApplicationUri: string | null;
 }