@topgroup/diginext
Version:
A BUILD SERVER & CLI to deploy apps to any Kubernetes clusters.
166 lines (165 loc) • 7.25 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); }
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const dist_1 = require("tsoa/dist");
const interfaces = __importStar(require("../interfaces"));
const mongodb_1 = require("../plugins/mongodb");
const RouteService_1 = require("../services/RouteService");
const BaseController_1 = __importDefault(require("./BaseController"));
let RouteController = class RouteController extends BaseController_1.default {
constructor() {
super(new RouteService_1.RouteService());
}
/**
* Get all routes
*/
async read(queryParams) {
const res = await super.read();
// console.log("res :>> ", res);
return res;
}
/**
* Check access permissions
*/
async checkPermissions(body) {
const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB")));
if (!body.route)
return interfaces.respondFailure(`Param "route" is required.`);
if (!body.action)
return interfaces.respondFailure(`Param "action" is required.`);
let { route, action, itemId } = body;
if (route !== "*" && route.indexOf("/api/v1") < 0)
return interfaces.respondFailure(`Param "route" is invalid.`);
let item;
if (itemId && route.indexOf("/api/v1/") > -1) {
const collection = route.replace("/api/v1/", "");
item = await DB.findOne(collection, { _id: itemId }, { ignorable: true });
}
// console.log("item :>> ", item);
let allowScope = "none";
let isAllowed = false;
const activeRole = this.user.activeRole;
// check wildcard route first...
let routeRole = activeRole.routes.find((_route) => _route.path === "*");
if (routeRole) {
if (routeRole.permissions.includes(action)) {
allowScope = "full";
isAllowed = true;
}
else {
// if permisions have "own" -> only have access to items which "owner" is "userID":
if (routeRole.permissions.includes("full")) {
allowScope = "full";
isAllowed = true;
}
else if (routeRole.permissions.includes("own")) {
allowScope = "own";
if (item) {
isAllowed = mongodb_1.MongoDB.toString(item.owner) === mongodb_1.MongoDB.toString(this.user._id);
}
else {
isAllowed = true;
}
}
}
}
// ...then check the exact route
routeRole = activeRole.routes.find((_route) => _route.path === route);
if (routeRole) {
if (routeRole.permissions.includes(action)) {
allowScope = "full";
isAllowed = true;
}
else {
// if permisions have "own" -> only have access to items which "owner" is "userID":
if (routeRole.permissions.includes("full")) {
allowScope = "full";
isAllowed = true;
}
else if (routeRole.permissions.includes("own")) {
allowScope = "own";
if (item) {
isAllowed = mongodb_1.MongoDB.toString(item.owner) === mongodb_1.MongoDB.toString(this.user._id);
}
else {
isAllowed = true;
}
}
}
}
let explain = allowScope === "full"
? "You have the full permissions in this route."
: allowScope === "own"
? "You only have full permissions to items which you created."
: "You don't have any permissions in this route";
if (item && allowScope === "own" && !isAllowed)
explain = `You don't have permissions to ${action} this item.`;
if (allowScope !== "none") {
return interfaces.respondSuccess({ data: { allowed: isAllowed, scope: allowScope, explain } });
}
else {
return interfaces.respondFailure({ data: { allowed: isAllowed, scope: allowScope, explain } });
}
}
};
__decorate([
(0, dist_1.Security)("api_key"),
(0, dist_1.Security)("jwt"),
(0, dist_1.Get)("/"),
__param(0, (0, dist_1.Queries)()),
__metadata("design:type", Function),
__metadata("design:paramtypes", [Object]),
__metadata("design:returntype", Promise)
], RouteController.prototype, "read", null);
__decorate([
(0, dist_1.Security)("api_key"),
(0, dist_1.Security)("jwt"),
(0, dist_1.Post)("/permission"),
__param(0, (0, dist_1.Body)()),
__metadata("design:type", Function),
__metadata("design:paramtypes", [Object]),
__metadata("design:returntype", Promise)
], RouteController.prototype, "checkPermissions", null);
RouteController = __decorate([
(0, dist_1.Tags)("Route"),
(0, dist_1.Route)("route"),
__metadata("design:paramtypes", [])
], RouteController);
exports.default = RouteController;