UNPKG

@scefira/dfw-nodejs

Version:

gitlab.com/scefira/dfw-nodejs

102 lines (77 loc) 4.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
import { DFWScheme } from "../.."; import DFWModule from "./DFWModule"; import dfw_credential from "../../model/dfw_credential.model"; import dfw_access from "../../model/dfw_access.model"; const Password = require("node-php-password"); export default class SecurityManager extends DFWModule{ static readonly RULE_LOGGED_SESSION = 0; static readonly RULE_ACCESS = 1; static readonly RULE_CREDENTIAL = 2; static readonly RULE_BODY_PARAMS_SETTED = 3; static readonly RULE_QUERY_PARAMS_SETTED = 4; static readonly LABEL_RULE_GENERIC = "access denied"; static readonly LABEL_RULE_LOGGED_SESSION = "access denied (you need to be logged)"; static readonly LABEL_RULE_ACCESS = "access denied (you dond have the access to this)"; static readonly LABEL_RULE_CREDENTIAL = "access denied (you dond have the credentials to this)"; static readonly LABEL_RULE_BODY_PARAMS_SETTED = "missing post arguments setted"; static readonly LABEL_RULE_QUERY_PARAMS_SETTED = "missing query arguments setted"; public async touchAsync(dfw:DFWScheme){ dfw.security.checkRuleAsync = async (type:number,value:any|any[])=>{ return await this.checkBindingsAsync(dfw,type,value); } } public async checkBindingsAsync(dfw:DFWScheme,type:number,value:any|any[]):Promise<boolean>{ switch(type){ case SecurityManager.RULE_LOGGED_SESSION:{ return dfw.session.isLogged === value; } case SecurityManager.RULE_CREDENTIAL:{ return await this.checkUserCredentialAsync(dfw,value); // checks credentials array } case SecurityManager.RULE_ACCESS:{ return await this.checkUserAccessAsync(dfw,value); // checks access array } case SecurityManager.RULE_BODY_PARAMS_SETTED:{ return this.checkBodyParams(dfw,value); // Check params array on body } case SecurityManager.RULE_QUERY_PARAMS_SETTED:{ return this.checkQueryParams(dfw,value); // Check params array on body } default:{ return false; // UNKNOWN RULE always return false } } } ///////////////////////////////////////////////////////// ////////////////// STATIC METHODS /////////////////////// ///////////////////////////////////////////////////////// public async checkUserCredentialAsync(dfw:DFWScheme,credential:dfw_credential|dfw_credential[]|string|string[]){ if(dfw.session.isLogged === false || dfw.session.model.user === null) return false; return await dfw.session.model.user.checkCredentialAsync(credential); } public async checkUserAccessAsync(dfw:DFWScheme,access:dfw_access|dfw_access[]|string|string[]){ if(dfw.session.isLogged === false || dfw.session.model.user === null) return false; return await dfw.session.model.user.checkAccessAsync(access); } public checkBodyParams(dfw:DFWScheme,params:string[]):boolean{ let keys = Object.keys(dfw.request.body); return keys.length >= params.length && params.every(v => keys.includes(v)) } public checkQueryParams(dfw:DFWScheme,params:string[]):boolean{ let keys = Object.keys(dfw.request.query); return keys.length >= params.length && params.every(v => keys.includes(v)); } public static verifyPassword(encoded:string,test:string):boolean{ return Password.verify(test,encoded); } public static encryptPassword(password:string):string{ return Password.hash(password); } } export interface AccessBinding{ type:number; value:any[]|any; } export interface DFWSecuritySchema{ checkRuleAsync:(type:number,rule:any|any[])=>Promise<boolean>; }