sentinel-nestjs-core 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/permission/guard/permission.guard.d.ts +3 -1
- package/dist/permission/guard/permission.guard.js +22 -5
- package/dist/permission/guard/permission.guard.js.map +1 -1
- package/dist/permission/interfaces/sentinel-permission-options.interface.d.ts +1 -0
- package/dist/permission/services/key/key.service.js +0 -2
- package/dist/permission/services/key/key.service.js.map +1 -1
- package/dist/permission/strategy/jwt.strategy.js +3 -1
- package/dist/permission/strategy/jwt.strategy.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
2
|
import { Reflector } from '@nestjs/core';
|
|
3
3
|
import { LoggerAppService } from '../../logger/logger.service';
|
|
4
|
+
import { SentinelPermissionOptions } from "../interfaces/sentinel-permission-options.interface";
|
|
4
5
|
export declare class PermissionGuard implements CanActivate {
|
|
5
6
|
private readonly reflector;
|
|
6
7
|
private readonly logger;
|
|
7
|
-
|
|
8
|
+
private readonly options;
|
|
9
|
+
constructor(reflector: Reflector, logger: LoggerAppService, options: SentinelPermissionOptions);
|
|
8
10
|
canActivate(context: ExecutionContext): boolean;
|
|
9
11
|
}
|
|
@@ -8,6 +8,9 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
8
8
|
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
11
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
15
|
exports.PermissionGuard = void 0;
|
|
13
16
|
const common_1 = require("@nestjs/common");
|
|
@@ -16,11 +19,13 @@ const logger_service_1 = require("../../logger/logger.service");
|
|
|
16
19
|
const permission_decorator_1 = require("../decorator/permission.decorator");
|
|
17
20
|
const permission_map_1 = require("../permission.map");
|
|
18
21
|
let PermissionGuard = class PermissionGuard {
|
|
19
|
-
constructor(reflector, logger) {
|
|
22
|
+
constructor(reflector, logger, options) {
|
|
20
23
|
this.reflector = reflector;
|
|
21
24
|
this.logger = logger;
|
|
25
|
+
this.options = options;
|
|
22
26
|
}
|
|
23
27
|
canActivate(context) {
|
|
28
|
+
var _a, _b;
|
|
24
29
|
const { resource, action } = this.reflector.get(permission_decorator_1.PERMISSION_METADATA, context.getHandler()) || {};
|
|
25
30
|
if (!resource || !action)
|
|
26
31
|
return true;
|
|
@@ -30,24 +35,36 @@ let PermissionGuard = class PermissionGuard {
|
|
|
30
35
|
this.logger.warn(`Aucune permission trouvée pour l'utilisateur`);
|
|
31
36
|
return false;
|
|
32
37
|
}
|
|
38
|
+
const currentSite = this.options.siteSlug;
|
|
39
|
+
if (!currentSite) {
|
|
40
|
+
this.logger.warn(`Aucun site courant configuré dans le provider`);
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
const sitePermissions = (_b = (_a = user.permissions.permissions) === null || _a === void 0 ? void 0 : _a[currentSite]) !== null && _b !== void 0 ? _b : [];
|
|
44
|
+
if (!Array.isArray(sitePermissions)) {
|
|
45
|
+
this.logger.warn(`Aucune permission trouvée pour le site ${currentSite}`);
|
|
46
|
+
return false;
|
|
47
|
+
}
|
|
33
48
|
const perm = user.permissions.find((p) => p.slug === resource);
|
|
34
49
|
if (!perm) {
|
|
35
|
-
this.logger.warn(`Permission manquante : ${resource}`);
|
|
50
|
+
this.logger.warn(`Permission manquante : ${resource} sur ${currentSite}`);
|
|
36
51
|
return false;
|
|
37
52
|
}
|
|
38
53
|
const ownBit = permission_map_1.ACTION_BITS[`${action}:own`];
|
|
39
54
|
const allBit = permission_map_1.ACTION_BITS[`${action}:all`];
|
|
40
55
|
const authorized = (perm.bitmask & ownBit) === ownBit ||
|
|
41
56
|
(perm.bitmask & allBit) === allBit;
|
|
42
|
-
if (!authorized)
|
|
43
|
-
this.logger.warn(`Accès refusé à ${resource}:${action}`);
|
|
57
|
+
if (!authorized) {
|
|
58
|
+
this.logger.warn(`Accès refusé à ${resource}:${action} sur ${currentSite}`);
|
|
59
|
+
}
|
|
44
60
|
return authorized;
|
|
45
61
|
}
|
|
46
62
|
};
|
|
47
63
|
exports.PermissionGuard = PermissionGuard;
|
|
48
64
|
exports.PermissionGuard = PermissionGuard = __decorate([
|
|
49
65
|
(0, common_1.Injectable)(),
|
|
66
|
+
__param(2, (0, common_1.Inject)('SENTINEL_PERMISSION_OPTIONS')),
|
|
50
67
|
__metadata("design:paramtypes", [core_1.Reflector,
|
|
51
|
-
logger_service_1.LoggerAppService])
|
|
68
|
+
logger_service_1.LoggerAppService, Object])
|
|
52
69
|
], PermissionGuard);
|
|
53
70
|
//# sourceMappingURL=permission.guard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission.guard.js","sourceRoot":"","sources":["../../../src/permission/guard/permission.guard.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"permission.guard.js","sourceRoot":"","sources":["../../../src/permission/guard/permission.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAIwB;AACxB,uCAAuC;AACvC,gEAA6D;AAC7D,4EAAsE;AACtE,sDAA8C;AAKvC,IAAM,eAAe,GAArB,MAAM,eAAe;IAE1B,YACmB,SAAoB,EACpB,MAAwB,EAExB,OAAkC;QAHlC,cAAS,GAAT,SAAS,CAAW;QACpB,WAAM,GAAN,MAAM,CAAkB;QAExB,YAAO,GAAP,OAAO,CAA2B;IAErD,CAAC;IAED,WAAW,CAAC,OAAyB;;QACnC,MAAM,EAAC,QAAQ,EAAE,MAAM,EAAC,GACxB,IAAI,CAAC,SAAS,CAAC,GAAG,CAChB,0CAAmB,EACnB,OAAO,CAAC,UAAU,EAAE,CACrB,IAAI,EAAE,CAAC;QAER,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEtC,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAE1B,IAAI,CAAC,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW,CAAA,EAAE,CAAC;YACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YACjE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAC1C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YAClE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,eAAe,GACnB,MAAA,MAAA,IAAI,CAAC,WAAW,CAAC,WAAW,0CAAG,WAAW,CAAC,mCAAI,EAAE,CAAC;QAEpD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,WAAW,EAAE,CAAC,CAAC;YAC1E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAChC,CAAC,CAAoB,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAC9C,CAAC;QAEF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,QAAQ,QAAQ,WAAW,EAAE,CAAC,CAAC;YAC1E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,4BAAW,CAAC,GAAG,MAAM,MAAM,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,4BAAW,CAAC,GAAG,MAAM,MAAM,CAAC,CAAC;QAE5C,MAAM,UAAU,GACd,CAAC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,MAAM;YAClC,CAAC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,MAAM,CAAC;QAErC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,QAAQ,IAAI,MAAM,QAAQ,WAAW,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAA;AA/DY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAMR,WAAA,IAAA,eAAM,EAAC,6BAA6B,CAAC,CAAA;qCAFV,gBAAS;QACZ,iCAAgB;GAJhC,eAAe,CA+D3B"}
|
|
@@ -31,9 +31,7 @@ let KeyService = class KeyService {
|
|
|
31
31
|
}
|
|
32
32
|
async getLocalPublicKey() {
|
|
33
33
|
const jwksPath = path_1.default.join(this.publicDir, '.well-known', 'jwks.json');
|
|
34
|
-
this.logger.log(`jwksPath : ${jwksPath}`);
|
|
35
34
|
const jwksRaw = node_fs_1.default.readFileSync(jwksPath, 'utf8');
|
|
36
|
-
this.logger.log(`jwksRaw : ${jwksRaw}`);
|
|
37
35
|
return JSON.parse(jwksRaw);
|
|
38
36
|
}
|
|
39
37
|
async getPublicKey(kid) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"key.service.js","sourceRoot":"","sources":["../../../../src/permission/services/key/key.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,2CAAkF;AAClF,gDAAwB;
|
|
1
|
+
{"version":3,"file":"key.service.js","sourceRoot":"","sources":["../../../../src/permission/services/key/key.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,2CAAkF;AAClF,gDAAwB;AACxB,kDAA0B;AAC1B,4DAA2C;AAG3C,sDAAyB;AACzB,mEAAgE;AAGzD,IAAM,UAAU,GAAhB,MAAM,UAAU;IAIrB,YAEE,OAAmD,EAC3C,MAAwB;QADf,YAAO,GAAP,OAAO,CAA2B;QAC3C,WAAM,GAAN,MAAM,CAAkB;QAN1B,UAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;QACzB,cAAS,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;IAM7D,CAAC;IAEI,KAAK,CAAC,iBAAiB;QAE7B,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC;QAGvE,MAAM,OAAO,GAAG,iBAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAE7B,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAY;;QAO7B,IAAI,IAAwB,CAAC;QAC7B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAC9B,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACxC,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,wBAAwB,CAAC;YAChE,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,GAAG,CAAqB,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC7E,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;YACvB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAElB,MAAM,IAAI,qCAA4B,CAAC,yCAAyC,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAGD,IAAI,CAAC,CAAA,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,0CAAE,MAAM,CAAA,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAA;YACnD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oCAAoC,GAAG,GAAG,CAAC,CAAA;YAC5D,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,GAAG,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAGD,MAAM,GAAG,GAAG,IAAA,oBAAQ,EAAC;YACnB,GAAG,EAAE,KAAK;YACV,CAAC,EAAE,GAAG,CAAC,CAAC;YACR,CAAC,EAAE,GAAG,CAAC,CAAC;SACF,CAAC,CAAC;QAGV,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;YACZ,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC7B,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC/D,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;CACF,CAAA;AAzEY,gCAAU;qBAAV,UAAU;IADtB,IAAA,mBAAU,GAAE;IAMR,WAAA,IAAA,eAAM,EAAC,6BAA6B,CAAC,CAAA;6CAEtB,iCAAgB;GAPvB,UAAU,CAyEtB"}
|
|
@@ -65,16 +65,18 @@ let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(pas
|
|
|
65
65
|
return done(new common_1.UnauthorizedException('Token sans identifiant de clé'));
|
|
66
66
|
}
|
|
67
67
|
const kid = decoded.header.kid;
|
|
68
|
-
this.logger.
|
|
68
|
+
this.logger.log(`Vérification du token avec kid=${kid}`);
|
|
69
69
|
const publicKey = await this.keyService.getPublicKey(kid);
|
|
70
70
|
if (!publicKey) {
|
|
71
71
|
this.logger.log(`Aucune clé publique trouvée pour kid=${kid}`);
|
|
72
72
|
return done(new common_1.UnauthorizedException('Clé publique introuvable'));
|
|
73
73
|
}
|
|
74
74
|
this.logger.log(`Clé publique trouvée pour kid=${kid}`);
|
|
75
|
+
this.logger.log('test');
|
|
75
76
|
done(null, publicKey);
|
|
76
77
|
}
|
|
77
78
|
catch (e) {
|
|
79
|
+
this.logger.log('test2');
|
|
78
80
|
this.logger.error(`Erreur interne lors du chargement de la clé : ${e.message}`, e.stack);
|
|
79
81
|
done(new common_1.UnauthorizedException('Erreur lors de la récupération de la clé'));
|
|
80
82
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../../src/permission/strategy/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../../src/permission/strategy/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkEA,2CAGwB;AACxB,+CAAoD;AACpD,+CAAoD;AACpD,kDAAoC;AAEpC,6DAAyD;AAEzD,gEAA+D;AAGxD,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,CAAC;IACzD,YACmB,UAAsB,EACtB,MAAwB;QAEzC,MAAM,SAAS,GAAc,OAAO,CAAC;QAErC,KAAK,CAAC;YACJ,cAAc,EAAE,yBAAU,CAAC,2BAA2B,EAAE;YACxD,gBAAgB,EAAE,KAAK;YACvB,UAAU,EAAE,CAAC,SAAS,CAAC;YACvB,mBAAmB,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE;;gBACxD,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;oBAC5D,IAAI,CAAC,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,0CAAE,GAAG,CAAA,EAAE,CAAC;wBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;wBACjD,OAAO,IAAI,CAAC,IAAI,8BAAqB,CAAC,+BAA+B,CAAC,CAAC,CAAC;oBAC1E,CAAC;oBAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC;oBAC/B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,kCAAkC,GAAG,EAAE,CAAC,CAAC;oBAEzD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;oBAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,wCAAwC,GAAG,EAAE,CAAC,CAAC;wBAC/D,OAAO,IAAI,CAAC,IAAI,8BAAqB,CAAC,0BAA0B,CAAC,CAAC,CAAC;oBACrE,CAAC;oBAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;oBACxD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;oBACvB,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBACxB,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;oBACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAE,CAAC;oBAC1F,IAAI,CAAC,IAAI,8BAAqB,CAAC,0CAA0C,CAAC,CAAC,CAAC;gBAC9E,CAAC;YACH,CAAC;SACF,CAAC,CAAC;QAnCc,eAAU,GAAV,UAAU,CAAY;QACtB,WAAM,GAAN,MAAM,CAAkB;QAoCzC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAgB;QAC7B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,0BAA0B,OAAO,CAAC,QAAQ,SAAS,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAEnF,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC;IACJ,CAAC;CACF,CAAA;AApDY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;qCAGoB,wBAAU;QACd,iCAAgB;GAHhC,WAAW,CAoDvB"}
|