UNPKG

@atproto/oauth-scopes

Version:

A library for manipulating and validating ATproto OAuth scopes in TypeScript.

atproto.com

bluesky-social/atproto

123 lines (109 loc) 3.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
import { ScopePermissionsTransition } from './scope-permissions-transition.js' describe('ScopePermissionsTransition', () => { describe('allowsAccount', () => { it('should allow account:email with transition:email', () => { const set = new ScopePermissionsTransition( 'transition:email account:repo', ) expect(set.allowsAccount({ attr: 'email', action: 'read' })).toBe(true) expect(set.allowsAccount({ attr: 'email', action: 'manage' })).toBe(false) expect(set.allowsAccount({ attr: 'repo', action: 'read' })).toBe(true) expect(set.allowsAccount({ attr: 'repo', action: 'manage' })).toBe(false) expect(set.allowsAccount({ attr: 'status', action: 'read' })).toBe(false) expect(set.allowsAccount({ attr: 'status', action: 'manage' })).toBe( false, ) }) }) describe('allowsBlob', () => { it('should allow blob with transition:generic', () => { const set = new ScopePermissionsTransition('transition:generic') expect(set.allowsBlob({ mime: 'foo/bar' })).toBe(true) }) }) describe('allowsRepo', () => { it('should allow repo with transition:generic', () => { const set = new ScopePermissionsTransition('transition:generic') expect( set.allowsRepo({ collection: 'app.bsky.feed.post', action: 'create' }), ).toBe(true) expect( set.allowsRepo({ collection: 'app.bsky.feed.post', action: 'delete' }), ).toBe(true) expect( set.allowsRepo({ collection: 'com.example.foo', action: 'create' }), ).toBe(true) expect( set.allowsRepo({ collection: 'com.example.foo', action: 'update' }), ).toBe(true) }) }) describe('allowsRpc', () => { it('should allow rpc with transition:generic', () => { const set = new ScopePermissionsTransition('transition:generic') expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'app.bsky.feed.post', }), ).toBe(true) expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'com.example.foo' }), ).toBe(true) expect(set.allowsRpc({ aud: 'did:web:example.com', lxm: '*' })).toBe(true) }) it('should allow chat.bsky.* methods with "transition:chat.bsky"', () => { const set = new ScopePermissionsTransition('transition:chat.bsky') expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'chat.bsky.message.send', }), ).toBe(true) expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'chat.bsky.conversation.get', }), ).toBe(true) // Control expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'app.bsky.feed.post', }), ).toBe(false) expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'com.example.foo' }), ).toBe(false) expect(set.allowsRpc({ aud: 'did:web:example.com', lxm: '*' })).toBe( false, ) }) it('should reject chat methods with "transition:generic"', () => { const set = new ScopePermissionsTransition('transition:generic') expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'chat.bsky.message.send', }), ).toBe(false) expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'chat.bsky.conversation.get', }), ).toBe(false) // Control expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'app.bsky.feed.post', }), ).toBe(true) expect( set.allowsRpc({ aud: 'did:web:example.com', lxm: 'com.example.foo' }), ).toBe(true) }) }) })