@bitblit/epsilon/built-in/http/built-in-authorizers.js

Tiny adapter to simplify building API gateway Lambda APIS

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.BuiltInAuthorizers = void 0;
const logger_1 = require("@bitblit/ratchet/common/logger");
class BuiltInAuthorizers {
    static simpleNoAuthenticationLogAccess(authorizationContext, evt) {
        return __awaiter(this, void 0, void 0, function* () {
            // Just logs the request but does nothing else
            logger_1.Logger.debug('Auth requested for %s : %j', evt.path, authorizationContext === null || authorizationContext === void 0 ? void 0 : authorizationContext.auth);
            return true;
        });
    }
    static simpleLoggedInAuth(authorizationContext, evt) {
        return __awaiter(this, void 0, void 0, function* () {
            // Just verifies that there is a valid token in the request
            const rval = !!(authorizationContext === null || authorizationContext === void 0 ? void 0 : authorizationContext.auth);
            logger_1.Logger.silly('SimpleLoggedInAuth returning %s for %s', rval, evt.path);
            return rval;
        });
    }
    static simpleRoleRouteAuth(authorizationContext, event, route, requiredRoleOneOf = null, requiredRoleAllOf = null) {
        return __awaiter(this, void 0, void 0, function* () {
            let rval = true;
            const token = authorizationContext === null || authorizationContext === void 0 ? void 0 : authorizationContext.auth;
            if (token) {
                if (requiredRoleOneOf) {
                    requiredRoleOneOf.forEach((r) => {
                        rval = rval || token.roles.indexOf(r) > -1;
                    });
                    if (!rval) {
                        logger_1.Logger.warn('Request to %s failed to find at least one of %j', route.path, requiredRoleOneOf);
                    }
                }
                if (rval && requiredRoleAllOf) {
                    requiredRoleAllOf.forEach((r) => {
                        rval = rval && token.roles.indexOf(r) > -1;
                    });
                    if (!rval) {
                        logger_1.Logger.warn('Request to %s failed to find all of %j', route.path, requiredRoleAllOf);
                    }
                }
            }
            else {
                logger_1.Logger.warn('Cannot authenticate - no parsed auth found');
                rval = false;
            }
            return rval;
        });
    }
}
exports.BuiltInAuthorizers = BuiltInAuthorizers;
//# sourceMappingURL=built-in-authorizers.js.map