UNPKG

@backstage/backend-defaults

Version:

Backend defaults used by Backstage backend apps

backstage.io

backstage/backstage

64 lines (60 loc) 1.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
'use strict'; var pathToRegexp = require('path-to-regexp'); function createPathPolicyPredicate(policyPath) { if (policyPath === "/" || policyPath === "*") { return () => true; } const { regexp: pathRegex } = pathToRegexp.pathToRegexp(policyPath, { end: false }); return (path) => { return pathRegex.test(path); }; } function createCredentialsBarrier(options) { const { httpAuth, config } = options; const disableDefaultAuthPolicy = config.getOptionalBoolean( "backend.auth.dangerouslyDisableDefaultAuthPolicy" ); if (disableDefaultAuthPolicy) { return { middleware: (_req, _res, next) => next(), addAuthPolicy: () => { } }; } const unauthenticatedPredicates = new Array(); const cookiePredicates = new Array(); const middleware = (req, _, next) => { const allowsUnauthenticated = unauthenticatedPredicates.some( (predicate) => predicate(req.path) ); if (allowsUnauthenticated) { next(); return; } const allowsCookie = cookiePredicates.some( (predicate) => predicate(req.path) ); httpAuth.credentials(req, { allow: ["user", "service"], allowLimitedAccess: allowsCookie }).then( () => next(), (err) => next(err) ); }; const addAuthPolicy = (policy) => { if (policy.allow === "unauthenticated") { unauthenticatedPredicates.push(createPathPolicyPredicate(policy.path)); } else if (policy.allow === "user-cookie") { cookiePredicates.push(createPathPolicyPredicate(policy.path)); } else { throw new Error("Invalid auth policy"); } }; return { middleware, addAuthPolicy }; } exports.createCredentialsBarrier = createCredentialsBarrier; exports.createPathPolicyPredicate = createPathPolicyPredicate; //# sourceMappingURL=createCredentialsBarrier.cjs.js.map