UNPKG

@topgroup/diginext

Version:

A BUILD SERVER & CLI to deploy apps to any Kubernetes clusters.

166 lines (165 loc) 7.25 kB
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; var __param = (this && this.__param) || function (paramIndex, decorator) { return function (target, key) { decorator(target, key, paramIndex); } }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const dist_1 = require("tsoa/dist"); const interfaces = __importStar(require("../interfaces")); const mongodb_1 = require("../plugins/mongodb"); const RouteService_1 = require("../services/RouteService"); const BaseController_1 = __importDefault(require("./BaseController")); let RouteController = class RouteController extends BaseController_1.default { constructor() { super(new RouteService_1.RouteService()); } /** * Get all routes */ async read(queryParams) { const res = await super.read(); // console.log("res :>> ", res); return res; } /** * Check access permissions */ async checkPermissions(body) { const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB"))); if (!body.route) return interfaces.respondFailure(`Param "route" is required.`); if (!body.action) return interfaces.respondFailure(`Param "action" is required.`); let { route, action, itemId } = body; if (route !== "*" && route.indexOf("/api/v1") < 0) return interfaces.respondFailure(`Param "route" is invalid.`); let item; if (itemId && route.indexOf("/api/v1/") > -1) { const collection = route.replace("/api/v1/", ""); item = await DB.findOne(collection, { _id: itemId }, { ignorable: true }); } // console.log("item :>> ", item); let allowScope = "none"; let isAllowed = false; const activeRole = this.user.activeRole; // check wildcard route first... let routeRole = activeRole.routes.find((_route) => _route.path === "*"); if (routeRole) { if (routeRole.permissions.includes(action)) { allowScope = "full"; isAllowed = true; } else { // if permisions have "own" -> only have access to items which "owner" is "userID": if (routeRole.permissions.includes("full")) { allowScope = "full"; isAllowed = true; } else if (routeRole.permissions.includes("own")) { allowScope = "own"; if (item) { isAllowed = mongodb_1.MongoDB.toString(item.owner) === mongodb_1.MongoDB.toString(this.user._id); } else { isAllowed = true; } } } } // ...then check the exact route routeRole = activeRole.routes.find((_route) => _route.path === route); if (routeRole) { if (routeRole.permissions.includes(action)) { allowScope = "full"; isAllowed = true; } else { // if permisions have "own" -> only have access to items which "owner" is "userID": if (routeRole.permissions.includes("full")) { allowScope = "full"; isAllowed = true; } else if (routeRole.permissions.includes("own")) { allowScope = "own"; if (item) { isAllowed = mongodb_1.MongoDB.toString(item.owner) === mongodb_1.MongoDB.toString(this.user._id); } else { isAllowed = true; } } } } let explain = allowScope === "full" ? "You have the full permissions in this route." : allowScope === "own" ? "You only have full permissions to items which you created." : "You don't have any permissions in this route"; if (item && allowScope === "own" && !isAllowed) explain = `You don't have permissions to ${action} this item.`; if (allowScope !== "none") { return interfaces.respondSuccess({ data: { allowed: isAllowed, scope: allowScope, explain } }); } else { return interfaces.respondFailure({ data: { allowed: isAllowed, scope: allowScope, explain } }); } } }; __decorate([ (0, dist_1.Security)("api_key"), (0, dist_1.Security)("jwt"), (0, dist_1.Get)("/"), __param(0, (0, dist_1.Queries)()), __metadata("design:type", Function), __metadata("design:paramtypes", [Object]), __metadata("design:returntype", Promise) ], RouteController.prototype, "read", null); __decorate([ (0, dist_1.Security)("api_key"), (0, dist_1.Security)("jwt"), (0, dist_1.Post)("/permission"), __param(0, (0, dist_1.Body)()), __metadata("design:type", Function), __metadata("design:paramtypes", [Object]), __metadata("design:returntype", Promise) ], RouteController.prototype, "checkPermissions", null); RouteController = __decorate([ (0, dist_1.Tags)("Route"), (0, dist_1.Route)("route"), __metadata("design:paramtypes", []) ], RouteController); exports.default = RouteController;