UNPKG

@getanthill/datastore

Version:

Event-Sourced Datastore

gitlab.com/getanthill/datastore

119 lines (110 loc) 2.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
import { ErrorObject } from 'ajv'; import type { JSONSchema4 } from 'json-schema'; export interface JSONSchema extends JSONSchema4 {} /** * Authorizations */ type AnyObject = { [key: string]: any }; export const AUTHORIZATION_VERB_ALLOW = 'allow'; export const AUTHORIZATION_VERB_DENY = 'deny'; export const AUTHORIZATION_SCOPE_ACTION = 'action'; export const AUTHORIZATION_SCOPE_CONTEXT = 'context'; export const AUTHORIZATION_SCOPE_OBJECT = 'object'; export const AUTHORIZATION_SCOPE_SUBJECT = 'subject'; export declare enum AuthorizationScopes { Subject = 'subject', Action = 'action', Object = 'object', Context = 'context', } export type AuthorizationScope = | AuthorizationScopes.Subject | AuthorizationScopes.Action | AuthorizationScopes.Object | AuthorizationScopes.Context; export type Scope = Array<string>; export interface Action { scope: Scope; [key: string]: any; } export interface Subject { scope: Scope; [key: string]: any; } export interface Object { scope: Scope; [key: string]: any; } export interface Context { scope: Scope; [key: string]: any; } export interface AuthorizationRequest { action: Action; subject: Subject; object: Object; context: Context; } export interface ScopeValidation { is_valid: boolean; errors: Array<ErrorObject<string, Record<string, any>, unknown>>; } export interface RuleValidation { [AuthorizationScopes.Action]: ScopeValidation; [AuthorizationScopes.Subject]: ScopeValidation; [AuthorizationScopes.Object]: ScopeValidation; [AuthorizationScopes.Context]: ScopeValidation; } export interface Decision { verb: PolicyVerb; obligations: Array<Obligation>; validations: Array<RuleValidation>; } export interface Attribute { attribute_id?: string; is_enabled: boolean; attribute: string; description: string; value: string; scope: Scope; } export interface Rule { rule_id?: string; is_enabled: boolean; name: string; description: string; subject: JSONSchema; action: JSONSchema; object: JSONSchema; context: JSONSchema; } export interface Obligation { obligation_id?: string; is_enabled: boolean; name: string; description: string; type: 'patch' | 'pick'; source: 'payload' | 'query' | 'headers' | 'body'; value: any; } export declare enum PolicyVerbs { Allow = AUTHORIZATION_VERB_ALLOW, Deny = AUTHORIZATION_VERB_DENY, } export type PolicyVerb = PolicyVerbs.Allow | PolicyVerbs.Deny; export interface Policy { policy_id?: string; is_enabled: boolean; name: string; description: string; scope: Scope; verb: PolicyVerb; rules: Array<Rule>; obligations: Array<Obligation>; } export interface RequestAttributes { [AuthorizationScopes.Action]: Array<Attribute>; [AuthorizationScopes.Subject]: Array<Attribute>; [AuthorizationScopes.Object]: Array<Attribute>; [AuthorizationScopes.Context]: Array<Attribute>; }