UNPKG

@httpc/kit

Version:

httpc toolbox for building function-based API with minimal code and end-to-end type safety

httpc.dev

giuseppelt/httpc

91 lines (90 loc) 4.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
"use strict"; var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; var __param = (this && this.__param) || function (paramIndex, decorator) { return function (target, key) { decorator(target, key, paramIndex); } }; Object.defineProperty(exports, "__esModule", { value: true }); exports.PermissionsAuthorizationService = void 0; const tsyringe_1 = require("tsyringe"); const di_1 = require("../di"); const logging_1 = require("../logging"); const permissions_1 = require("../permissions"); const services_1 = require("../services"); let PermissionsAuthorizationService = class PermissionsAuthorizationService extends (0, services_1.BaseService)() { constructor(logger, options) { //@ts-expect-error super(...arguments); this.options = options; this.permissions = new permissions_1.PermissionsChecker({ model: options.model }); } async authorize(user) { let authorization = await this.options.authorize(user); if (typeof authorization === "string") { authorization = this.createAuthorization(authorization); } this.logger.verbose("Authorized(%s) %o", authorization, user); return authorization; } createAuthorization(authorization) { try { if (typeof authorization === "string") { return this.permissions.parse("authorization", authorization); } else { return this.permissions.validate(authorization); } } catch (err) { if (err instanceof permissions_1.InvalidClaim) { this._raiseError("not_supported", err.message, { claim: err.claim }); } throw err; } } check(authorization, assertion) { assertion = this._getAssertion(assertion); const result = this.permissions.test(authorization, assertion); this.logger.verbose("Check(%s): %s", result.success ? "OK" : "KO", assertion); return result.success; } assert(authorization, assertion) { assertion = this._getAssertion(assertion); const result = this.permissions.test(authorization, assertion); if (!result.success) { this._raiseError("forbidden", { claim: permissions_1.PermissionSerializer.serializeAssertionClaim(result.failed) }); } this.logger.verbose("Assertion success: %s", assertion); } _getAssertion(assertion) { if (typeof assertion === "string") { assertion = permissions_1.Assertion.parse(assertion); } if (!(assertion instanceof permissions_1.Assertion)) { this._raiseError("invalid_param", "Invalid assertion"); } try { return this.permissions.validate(assertion); } catch (err) { if (err instanceof permissions_1.InvalidClaim) { this._raiseError("not_supported", err.message, { claim: err.claim }); } throw err; } } }; PermissionsAuthorizationService = __decorate([ (0, tsyringe_1.injectable)(), __param(0, (0, logging_1.logger)()), __param(1, (0, di_1.options)()), __metadata("design:paramtypes", [Object, Object]) ], PermissionsAuthorizationService); exports.PermissionsAuthorizationService = PermissionsAuthorizationService;