@storybooker/azure
Version:
StoryBooker Adapter for interacting with Azure services.
55 lines (53 loc) • 1.91 kB
JavaScript
//#region src/easy-auth.ts
const DEFAULT_AUTHORISE = ({ permission, user }) => {
if (!user) return false;
if (user.type === "application") return true;
if (permission.action === "read") return true;
return Boolean(user.roles && user.roles.length > 0);
};
var AzureEasyAuthService = class {
constructor(authorise = DEFAULT_AUTHORISE) {
this.getUserDetails = async (request) => {
const principalHeader = request.headers.get("x-ms-client-principal");
if (!principalHeader) throw new Response(`Unauthorized access. Please provide a valid EasyAuth principal header.`, { status: 401 });
const decodedPrincipal = Buffer.from(principalHeader, "base64").toString("utf8");
const clientPrincipal = JSON.parse(decodedPrincipal);
const claims = clientPrincipal?.claims || [];
const azpToken = claims.find((claim) => claim.typ === "azp")?.val;
if (azpToken) return {
displayName: "App",
id: azpToken,
roles: null,
type: "application"
};
const name = claims.find((claim) => claim.typ === "name")?.val;
const email = claims.find((claim) => claim.typ === clientPrincipal.name_typ)?.val;
const roles = claims.filter((claim) => claim.typ === clientPrincipal.role_typ || claim.typ === "roles").map((claim) => claim.val);
return {
displayName: name || "",
id: email || "",
roles,
title: roles.join(", "),
type: "user"
};
};
this.login = async (request) => {
const url = new URL("/.auth/login", request.url);
return new Response(null, {
headers: { Location: url.toString() },
status: 302
});
};
this.logout = async (request) => {
const url = new URL("/.auth/logout", request.url);
return new Response(null, {
headers: { Location: url.toString() },
status: 302
});
};
this.authorise = authorise;
}
};
//#endregion
exports.AzureEasyAuthService = AzureEasyAuthService;
//# sourceMappingURL=easy-auth.cjs.map