UNPKG

@atproto/oauth-scopes

Version:

A library for manipulating and validating ATproto OAuth scopes in TypeScript.

atproto.com

bluesky-social/atproto

92 lines (83 loc) 2.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import { ScopeMissingError } from './scope-missing-error.js' import { AccountPermission, AccountPermissionMatch, } from './scopes/account-permission.js' import { BlobPermission, BlobPermissionMatch, } from './scopes/blob-permission.js' import { IdentityPermission, IdentityPermissionMatch, } from './scopes/identity-permission.js' import { RepoPermission, RepoPermissionMatch, } from './scopes/repo-permission.js' import { RpcPermission, RpcPermissionMatch } from './scopes/rpc-permission.js' import { ScopesSet } from './scopes-set.js' export type { AccountPermissionMatch, BlobPermissionMatch, IdentityPermissionMatch, RepoPermissionMatch, RpcPermissionMatch, } export class ScopePermissions { public readonly scopes: ScopesSet constructor(scope?: null | string | Iterable<string>) { this.scopes = new ScopesSet( !scope // "" | null | undefined ? undefined : typeof scope === 'string' ? scope.split(' ') : scope, ) } public allowsAccount(options: AccountPermissionMatch): boolean { return this.scopes.matches('account', options) } public assertAccount(options: AccountPermissionMatch): void { if (!this.allowsAccount(options)) { const scope = AccountPermission.scopeNeededFor(options) throw new ScopeMissingError(scope) } } public allowsIdentity(options: IdentityPermissionMatch): boolean { return this.scopes.matches('identity', options) } public assertIdentity(options: IdentityPermissionMatch): void { if (!this.allowsIdentity(options)) { const scope = IdentityPermission.scopeNeededFor(options) throw new ScopeMissingError(scope) } } public allowsBlob(options: BlobPermissionMatch): boolean { return this.scopes.matches('blob', options) } public assertBlob(options: BlobPermissionMatch): void { if (!this.allowsBlob(options)) { const scope = BlobPermission.scopeNeededFor(options) throw new ScopeMissingError(scope) } } public allowsRepo(options: RepoPermissionMatch): boolean { return this.scopes.matches('repo', options) } public assertRepo(options: RepoPermissionMatch): void { if (!this.allowsRepo(options)) { const scope = RepoPermission.scopeNeededFor(options) throw new ScopeMissingError(scope) } } public allowsRpc(options: RpcPermissionMatch): boolean { return this.scopes.matches('rpc', options) } public assertRpc(options: RpcPermissionMatch): void { if (!this.allowsRpc(options)) { const scope = RpcPermission.scopeNeededFor(options) throw new ScopeMissingError(scope) } } }