@infomaker/service-authorization-lib
Version:
IMID Service Authorization Library
146 lines (95 loc) • 4.44 kB
Markdown
# Infomaker service-authorization-lib
## Develop the project
### Run the unit tests
```
docker-compose up
```
### Rebuild after updates to package.json
```
docker-compose down
docker-compose build
docker-compose up
```
***
# tokenUtils
## Usage
```js
const tokenUtils = require('@infomaker/service-authorization-lib').tokenUtils
const expressMiddlewareFunctionThing = (req, res, next) => {
tokenUtils.extractServiceTokenFromRequest(req) // -> {...} serviceToken
tokenUtils.extractImidTokenFromRequest(req) // -> 'eyJhbGciOiJSUzUxMiIsIn...' | null
tokenUtils.getSubject(req) // -> '07b9d9e6-5be1-4eb2-9675-9ee702f955ce'
tokenUtils.getOrganization(req) // -> 'infomaker'
tokenUtils.getUnits(req) // -> ['unit-a', 'unit-b']
tokenUtils.getSelectedUnit(req) // -> 'unit-a'
tokenUtils.getOrgPermissions(req) // -> ['writer:access']
tokenUtils.getUnitPermissions(req, 'infomaker-dev') // -> ['writer:access']
tokenUtils.isServiceAdmin(req) // -> false
tokenUtils.getUserinfo(req) // -> { given_name: ... }
}
```
## extractServiceTokenFromRequest(request) ⇒ <code>Object</code>
Extracts and decodes a service token from request
**Returns**: <code>Object</code> - serviceToken - The service token
| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> | |
### extractImidTokenFromRequest(request) ⇒ <code>String</code> \| <code>null</code>
Extracts IMID token from a raw request if present
**Returns**: <code>String</code> \| <code>null</code> - imidToken - The IMID token if present
| Param | Type |
| --- | --- |
| request | <code>http.IncomingMessage</code> |
## getSubject(request) ⇒ <code>String</code>
Get the subject from the service token
**Returns**: <code>String</code> - organization - The subject identifier set on the service token
| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> | |
## getOrganization(request) ⇒ <code>String</code>
Get the subject's organization
**Returns**: <code>String</code> - organization - The organization the subject belongs to
| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> | |
## getUnits(request) ⇒ <code>Array.<String></code>
Get the subject's mapped units
**Returns**: <code>Array.<String></code> - units - An array of all units the subject belongs to
| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> | |
## getSelectedUnit(request) ⇒ <code>null</code> \| <code>String</code>
Get the subject's selected unit
**Returns**: <code>null</code> \| <code>String</code> - unit - The subject's selected unit, null if no unit selected
| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> | |
## getOrgPermissions(request) ⇒ <code>Array.<String></code>
Get the subject's organization permissions
Organization permissions are located under permissions.org
**Returns**: <code>Array.<String></code> - } permissions - The subject's org permissions
| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> | |
## getUnitPermissions(request, unit) ⇒ <code>Array.<String></code>
Get the subject's permissions for the specified unit
Organization permissions are located under permissions.units[unit]
**Returns**: <code>Array.<String></code> - } permissions - The subject's permissions for the specified unit
| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> | |
| unit | <code>String</code> | The unit permissions should be checked in |
## isServiceAdmin(request) ⇒ <code>Boolean</code>
Checks if a token belogs to an admin for the service
Organization permissions are located under permissions.units[unit]
**Returns**: <code>Boolean</code> - isServiceAdmin - True if the token belongs to an admin for the service
| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> | |
## getUserinfo(request) ⇒ <code>Object</code>
Get the subject's userinfo
Organization permissions are located under permissions.units[unit]
**Returns**: <code>Object</code> - userinfo - The userinfo object set on the subject
| Param | Type | Description |
| --- | --- | --- |
| request | <code>http.IncomingMessage</code> | |