@clerk/shared
Version:
Internal package utils used by the Clerk SDKs
122 lines (121 loc) • 4.34 kB
JavaScript
;
var __defProp = Object.defineProperty;
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
var __getOwnPropNames = Object.getOwnPropertyNames;
var __hasOwnProp = Object.prototype.hasOwnProperty;
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
var __copyProps = (to, from, except, desc) => {
if (from && typeof from === "object" || typeof from === "function") {
for (let key of __getOwnPropNames(from))
if (!__hasOwnProp.call(to, key) && key !== except)
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
}
return to;
};
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
// src/authorization.ts
var authorization_exports = {};
__export(authorization_exports, {
createCheckAuthorization: () => createCheckAuthorization,
validateReverificationConfig: () => validateReverificationConfig
});
module.exports = __toCommonJS(authorization_exports);
var TYPES_TO_OBJECTS = {
strict_mfa: {
afterMinutes: 10,
level: "multi_factor"
},
strict: {
afterMinutes: 10,
level: "second_factor"
},
moderate: {
afterMinutes: 60,
level: "second_factor"
},
lax: {
afterMinutes: 1440,
level: "second_factor"
}
};
var ALLOWED_LEVELS = /* @__PURE__ */ new Set(["first_factor", "second_factor", "multi_factor"]);
var ALLOWED_TYPES = /* @__PURE__ */ new Set(["strict_mfa", "strict", "moderate", "lax"]);
var isValidMaxAge = (maxAge) => typeof maxAge === "number" && maxAge > 0;
var isValidLevel = (level) => ALLOWED_LEVELS.has(level);
var isValidVerificationType = (type) => ALLOWED_TYPES.has(type);
var checkOrgAuthorization = (params, options) => {
const { orgId, orgRole, orgPermissions } = options;
if (!params.role && !params.permission) {
return null;
}
if (!orgId || !orgRole || !orgPermissions) {
return null;
}
if (params.permission) {
return orgPermissions.includes(params.permission);
}
if (params.role) {
return orgRole === params.role;
}
return null;
};
var validateReverificationConfig = (config) => {
if (!config) {
return false;
}
const convertConfigToObject = (config2) => {
if (typeof config2 === "string") {
return TYPES_TO_OBJECTS[config2];
}
return config2;
};
const isValidStringValue = typeof config === "string" && isValidVerificationType(config);
const isValidObjectValue = typeof config === "object" && isValidLevel(config.level) && isValidMaxAge(config.afterMinutes);
if (isValidStringValue || isValidObjectValue) {
return convertConfigToObject.bind(null, config);
}
return false;
};
var checkReverificationAuthorization = (params, { factorVerificationAge }) => {
if (!params.reverification || !factorVerificationAge) {
return null;
}
const isValidReverification = validateReverificationConfig(params.reverification);
if (!isValidReverification) {
return null;
}
const { level, afterMinutes } = isValidReverification();
const [factor1Age, factor2Age] = factorVerificationAge;
const isValidFactor1 = factor1Age !== -1 ? afterMinutes > factor1Age : null;
const isValidFactor2 = factor2Age !== -1 ? afterMinutes > factor2Age : null;
switch (level) {
case "first_factor":
return isValidFactor1;
case "second_factor":
return factor2Age !== -1 ? isValidFactor2 : isValidFactor1;
case "multi_factor":
return factor2Age === -1 ? isValidFactor1 : isValidFactor1 && isValidFactor2;
}
};
var createCheckAuthorization = (options) => {
return (params) => {
if (!options.userId) {
return false;
}
const orgAuthorization = checkOrgAuthorization(params, options);
const reverificationAuthorization = checkReverificationAuthorization(params, options);
if ([orgAuthorization, reverificationAuthorization].some((a) => a === null)) {
return [orgAuthorization, reverificationAuthorization].some((a) => a === true);
}
return [orgAuthorization, reverificationAuthorization].every((a) => a === true);
};
};
// Annotate the CommonJS export names for ESM import in node:
0 && (module.exports = {
createCheckAuthorization,
validateReverificationConfig
});
//# sourceMappingURL=authorization.js.map