UNPKG

@atproto/oauth-scopes

Version:

A library for manipulating and validating ATproto OAuth scopes in TypeScript.

atproto.com

bluesky-social/atproto

86 lines (73 loc) 2.46 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import { AtprotoAudience, isAtprotoAudience } from '@atproto/did' import { Nsid, isNsid } from '../lib/nsid.js' import { Parser } from '../lib/parser.js' import { ResourcePermission } from '../lib/resource-permission.js' import { ScopeStringSyntax } from '../lib/syntax-string.js' import { NeRoArray, ScopeSyntax, isScopeStringFor } from '../lib/syntax.js' export { type AtprotoAudience, type Nsid, isAtprotoAudience, isNsid } export type LxmParam = '*' | Nsid export const isLxmParam = (value: unknown): value is LxmParam => value === '*' || isNsid(value) export type AudParam = '*' | AtprotoAudience export const isAudParam = (value: unknown): value is AudParam => value === '*' || isAtprotoAudience(value) export type RpcPermissionMatch = { lxm: string aud: string } export class RpcPermission implements ResourcePermission<'rpc', RpcPermissionMatch> { constructor( public readonly aud: '*' | AtprotoAudience, public readonly lxm: NeRoArray<'*' | Nsid>, ) {} matches(options: RpcPermissionMatch) { const { aud, lxm } = this return ( (aud === '*' || aud === options.aud) && (lxm.includes('*') || (lxm as readonly string[]).includes(options.lxm)) ) } toString() { return RpcPermission.parser.format(this) } protected static readonly parser = new Parser( 'rpc', { lxm: { multiple: true, required: true, validate: isLxmParam, normalize: (value) => value.length > 1 && value.includes('*') ? (['*'] as const) : ([...new Set(value)].sort() as [Nsid, ...Nsid[]]), }, aud: { multiple: false, required: true, validate: isAudParam, }, }, 'lxm', ) static fromString(scope: string): RpcPermission | null { if (!isScopeStringFor(scope, 'rpc')) return null const syntax = ScopeStringSyntax.fromString(scope) return RpcPermission.fromSyntax(syntax) } static fromSyntax(syntax: ScopeSyntax<'rpc'>): RpcPermission | null { const result = RpcPermission.parser.parse(syntax) if (!result) return null // rpc:*?aud=* is forbidden if (result.aud === '*' && result.lxm.includes('*')) return null return new RpcPermission(result.aud, result.lxm) } static scopeNeededFor(options: RpcPermissionMatch): string { return RpcPermission.parser.format({ aud: options.aud as AtprotoAudience, lxm: [options.lxm as Nsid], }) } }