UNPKG

@citrineos/util

Version:

The OCPP util module which supplies helpful utilities like cache and queue connectors, etc.

105 lines 3.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
// SPDX-FileCopyrightText: 2025 Contributors to the CitrineOS Project // // SPDX-License-Identifier: Apache-2.0 import * as fs from 'fs'; import { Logger } from 'tslog'; import { RbacRulesSchema } from '@citrineos/base'; import { UrlMatcher } from './UrlMatcher.js'; import path from 'path'; /** * Class to load and validate RBAC rules */ export class RbacRulesLoader { _rules = {}; _logger; /** * Creates a new RBAC rules loader * * @param rulesFilePath Path to the JSON rules file * @param logger Logger instance */ constructor(rulesFilePath, logger) { this._logger = logger.getSubLogger({ name: 'RbacRulesLoader' }); this.loadRules(rulesFilePath); } /** * Load and validate rules from a JSON file * * @param filePath Path to the JSON rules file */ loadRules(filePath) { const absoluteFilePath = path.join(process.cwd(), filePath); try { if (!fs.existsSync(absoluteFilePath)) { this._logger.warn(`Rules file not found at ${absoluteFilePath}, using empty rules`); return; } const rulesContent = fs.readFileSync(absoluteFilePath, 'utf8'); const parsedRules = JSON.parse(rulesContent); // Validate rules against the schema const validationResult = RbacRulesSchema.safeParse(parsedRules); if (!validationResult.success) { this._logger.error('Invalid RBAC rules format:', validationResult.error); throw new Error('Invalid RBAC rules format'); } // Store the validated rules this._rules = validationResult.data; this._logger.info(`Successfully loaded RBAC rules from ${filePath}`); this._logger.debug(`Loaded ${Object.keys(this._rules).length} tenants with rules`); } catch (error) { if (error instanceof Error && error.message === 'Invalid RBAC rules format') { throw error; // Re-throw validation errors } this._logger.error('Failed to load RBAC rules:', error); throw new Error(`Failed to load RBAC rules: ${error instanceof Error ? error.message : String(error)}`); } } /** * Get the required roles for a specific tenant, URL, and HTTP method * * @param tenantId Tenant identifier * @param url URL path * @param method HTTP method * @returns Array of required roles or null if no matching rule */ getRequiredRoles(tenantId, url, method) { // Normalize method to uppercase method = method.toUpperCase(); const cleanUrl = this.normalizeUrl(url); const tenantRules = this._rules[tenantId]; if (!tenantRules) { return null; } // Try exact URL match first const exactUrlRules = tenantRules[cleanUrl]; if (exactUrlRules) { return exactUrlRules[method] || exactUrlRules['*'] || null; } // Pattern matching for (const pattern in tenantRules) { if (UrlMatcher.match(cleanUrl, pattern)) { const methodRules = tenantRules[pattern]; const roles = methodRules[method] || methodRules['*']; if (roles) { return roles; } } } return null; } normalizeUrl(url) { // Remove query parameters and fragments let cleanUrl = url.split('?')[0].split('#')[0]; // Remove trailing slash (optional, depends on your URL patterns) if (cleanUrl.length > 1 && cleanUrl.endsWith('/')) { cleanUrl = cleanUrl.slice(0, -1); } // Ensure it starts with / if (!cleanUrl.startsWith('/')) { cleanUrl = '/' + cleanUrl; } return cleanUrl; } } //# sourceMappingURL=RbacRulesLoader.js.map