@atomist/automation-client
Version:
Atomist API for software low-level client
200 lines • 7.33 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
const axios_1 = require("axios");
const _ = require("lodash");
const decorators_1 = require("./decorators");
const decoratorSupport_1 = require("./internal/metadata/decoratorSupport");
const constructionUtils_1 = require("./util/constructionUtils");
const UnAuthorizedResult = Promise.resolve({ code: 403, message: "Access denied" });
/**
* Protect the given HandleCommand by only allowing access for certain slack users
* @param {Maker<HandleCommand>} maker
* @param {string} users
* @returns {() => HandleCommand}
*/
function slackUser(maker, ...users) {
return () => {
const command = constructionUtils_1.toFactory(maker)();
decoratorSupport_1.declareMappedParameter(command, "__atomist_slack_user_name", decorators_1.MappedParameters.SlackUserName, true);
const handleMethod = command.handle;
command.handle = (ctx) => {
if (users.indexOf(command.__atomist_slack_user_name) < 0) {
return UnAuthorizedResult;
}
else {
return handleMethod.bind(command, ctx)(ctx);
}
};
return command;
};
}
exports.slackUser = slackUser;
/**
* Protect the given HandleCommand by only allowing members of a certain GitHub Organization
* @param {Maker<HandleCommand>} maker
* @param {string} team
* @returns {() => HandleCommand}
*/
function githubOrg(maker, org) {
return () => {
const command = constructionUtils_1.toFactory(maker)();
decoratorSupport_1.declareMappedParameter(command, "__atomist_github_login", decorators_1.MappedParameters.GitHubUserLogin, false);
decoratorSupport_1.declareSecret(command, "__atomist_user_token", decorators_1.Secrets.userToken("read:org"));
const handleMethod = command.handle;
command.handle = (ctx) => {
const login = command.__atomist_github_login;
const token = command.__atomist_user_token;
if (!login) {
return sendUnauthorized(ctx);
}
return isGitHubOrgMember(org, login, token)
.then(isOrgMember => {
if (isOrgMember === true) {
return handleMethod.bind(command, ctx)(ctx);
}
else {
return sendUnauthorized(ctx);
}
})
.catch(err => {
return sendUnauthorized(ctx);
});
};
return command;
};
}
exports.githubOrg = githubOrg;
function isGitHubOrgMember(org, login, token) {
if (login) {
const config = {
headers: {
Authorization: `token ${token}`,
Accept: "application/vnd.github.hellcat-preview+json",
},
};
return axios_1.default.get(`https://api.github.com/orgs/${org}/members/${login}`, config)
.then(result => {
return result.status === 204;
})
.catch(() => {
return false;
});
}
else {
return Promise.resolve(false);
}
}
const ProviderForOrgQuery = `query ProviderForOrg($owner: String!) {
Org(owner: $owner) {
provider {
apiUrl
providerType
}
}
}
`;
/**
* Protect the given HandleCommand by only allowing members of a certain GitHub team
* @param {Maker<HandleCommand>} maker
* @param {string} team
* @returns {() => HandleCommand}
*/
function githubTeam(maker, gTeam) {
return () => {
const command = constructionUtils_1.toFactory(maker)();
decoratorSupport_1.declareMappedParameter(command, "__atomist_github_owner", decorators_1.MappedParameters.GitHubOwner, false);
decoratorSupport_1.declareMappedParameter(command, "__atomist_github_login", decorators_1.MappedParameters.GitHubUserLogin, false);
decoratorSupport_1.declareSecret(command, "__atomist_user_token", decorators_1.Secrets.userToken("read:org"));
const handleMethod = command.handle;
command.handle = (ctx) => {
const owner = command.__atomist_github_owner;
const login = command.__atomist_github_login;
const token = command.__atomist_user_token;
if (!owner) {
return sendUnauthorized(ctx);
}
return ctx.graphClient.query({
query: ProviderForOrgQuery,
variables: {
owner,
},
})
.then(providerResult => {
const provider = _.get(providerResult, "Org[0].provider.providerType");
const apiUrl = _.get(providerResult, "Org[0].provider.apiUrl");
if (provider === "github_com" || provider === "ghe") {
if (!owner || !login) {
return sendUnauthorized(ctx);
}
return isGitHubTeamMember(owner, login, gTeam, token, apiUrl)
.then(isTeamMember => {
if (isTeamMember === true) {
return handleMethod.bind(command, ctx)(ctx);
}
else {
return sendUnauthorized(ctx);
}
})
.catch(err => {
return sendUnauthorized(ctx);
});
}
else {
return handleMethod.bind(command, ctx)(ctx);
}
});
};
return command;
};
}
exports.githubTeam = githubTeam;
function isGitHubTeamMember(owner, login, team, token, apiUrl = "https://api.github.com/") {
if (login) {
const config = {
headers: {
Authorization: `token ${token}`,
Accept: "application/vnd.github.hellcat-preview+json",
},
};
return axios_1.default.get(`${apiUrl}orgs/${owner}/teams`, config)
.then(gitHubTeams => {
return gitHubTeams.data.find(t => t.name === team);
})
.then(gitHubTeam => {
if (gitHubTeam) {
return axios_1.default.get(`${apiUrl}teams/${gitHubTeam.id}/memberships/${login}`, config)
.then(() => {
return true;
})
.catch(() => {
return false;
});
}
else {
return false;
}
})
.catch(() => {
return false;
});
}
else {
return Promise.resolve(false);
}
}
exports.isGitHubTeamMember = isGitHubTeamMember;
function sendUnauthorized(ctx) {
const msg = {
attachments: [{
author_icon: `https://images.atomist.com/rug/cross-circle.png`,
author_name: "Unauthorized to run command",
fallback: "Unauthorized",
color: "#D94649",
footer: `Correlation ID: ${ctx.invocationId}`,
}],
};
return ctx.messageClient.respond(msg)
.then(() => UnAuthorizedResult);
}
exports.sendUnauthorized = sendUnauthorized;
//# sourceMappingURL=secured.js.map