UNPKG

@infomaker/service-authorization-lib

Version:

IMID Service Authorization Library

146 lines (95 loc) 4.44 kB
# Infomaker service-authorization-lib ## Develop the project ### Run the unit tests ``` docker-compose up ``` ### Rebuild after updates to package.json ``` docker-compose down docker-compose build docker-compose up ``` *** # tokenUtils ## Usage ```js const tokenUtils = require('@infomaker/service-authorization-lib').tokenUtils const expressMiddlewareFunctionThing = (req, res, next) => { tokenUtils.extractServiceTokenFromRequest(req) // -> {...} serviceToken tokenUtils.extractImidTokenFromRequest(req) // -> 'eyJhbGciOiJSUzUxMiIsIn...' | null tokenUtils.getSubject(req) // -> '07b9d9e6-5be1-4eb2-9675-9ee702f955ce' tokenUtils.getOrganization(req) // -> 'infomaker' tokenUtils.getUnits(req) // -> ['unit-a', 'unit-b'] tokenUtils.getSelectedUnit(req) // -> 'unit-a' tokenUtils.getOrgPermissions(req) // -> ['writer:access'] tokenUtils.getUnitPermissions(req, 'infomaker-dev') // -> ['writer:access'] tokenUtils.isServiceAdmin(req) // -> false tokenUtils.getUserinfo(req) // -> { given_name: ... } } ``` ## extractServiceTokenFromRequest(request) ⇒ <code>Object</code> Extracts and decodes a service token from request **Returns**: <code>Object</code> - serviceToken - The service token | Param | Type | Description | | --- | --- | --- | | request | <code>http.IncomingMessage</code> | | ### extractImidTokenFromRequest(request) ⇒ <code>String</code> \| <code>null</code> Extracts IMID token from a raw request if present **Returns**: <code>String</code> \| <code>null</code> - imidToken - The IMID token if present | Param | Type | | --- | --- | | request | <code>http.IncomingMessage</code> | ## getSubject(request) ⇒ <code>String</code> Get the subject from the service token **Returns**: <code>String</code> - organization - The subject identifier set on the service token | Param | Type | Description | | --- | --- | --- | | request | <code>http.IncomingMessage</code> | | ## getOrganization(request) ⇒ <code>String</code> Get the subject's organization **Returns**: <code>String</code> - organization - The organization the subject belongs to | Param | Type | Description | | --- | --- | --- | | request | <code>http.IncomingMessage</code> | | ## getUnits(request) ⇒ <code>Array.&lt;String&gt;</code> Get the subject's mapped units **Returns**: <code>Array.&lt;String&gt;</code> - units - An array of all units the subject belongs to | Param | Type | Description | | --- | --- | --- | | request | <code>http.IncomingMessage</code> | | ## getSelectedUnit(request) ⇒ <code>null</code> \| <code>String</code> Get the subject's selected unit **Returns**: <code>null</code> \| <code>String</code> - unit - The subject's selected unit, null if no unit selected | Param | Type | Description | | --- | --- | --- | | request | <code>http.IncomingMessage</code> | | ## getOrgPermissions(request) ⇒ <code>Array.&lt;String&gt;</code> Get the subject's organization permissions Organization permissions are located under permissions.org **Returns**: <code>Array.&lt;String&gt;</code> - } permissions - The subject's org permissions | Param | Type | Description | | --- | --- | --- | | request | <code>http.IncomingMessage</code> | | ## getUnitPermissions(request, unit) ⇒ <code>Array.&lt;String&gt;</code> Get the subject's permissions for the specified unit Organization permissions are located under permissions.units[unit] **Returns**: <code>Array.&lt;String&gt;</code> - } permissions - The subject's permissions for the specified unit | Param | Type | Description | | --- | --- | --- | | request | <code>http.IncomingMessage</code> | | | unit | <code>String</code> | The unit permissions should be checked in | ## isServiceAdmin(request) ⇒ <code>Boolean</code> Checks if a token belogs to an admin for the service Organization permissions are located under permissions.units[unit] **Returns**: <code>Boolean</code> - isServiceAdmin - True if the token belongs to an admin for the service | Param | Type | Description | | --- | --- | --- | | request | <code>http.IncomingMessage</code> | | ## getUserinfo(request) ⇒ <code>Object</code> Get the subject's userinfo Organization permissions are located under permissions.units[unit] **Returns**: <code>Object</code> - userinfo - The userinfo object set on the subject | Param | Type | Description | | --- | --- | --- | | request | <code>http.IncomingMessage</code> | |