@webda/hawk
Version:
Implements Hawk on webda
87 lines (86 loc) • 2.2 kB
TypeScript
import { HttpContext, OperationContext, OwnerModel, WebContext } from "@webda/core";
import { HawkCredentials } from "./hawk.js";
/**
* Api Key to use with hawk
*
* @WebdaModel
*/
export default class ApiKey extends OwnerModel {
/**
* Friendly user name of the key
*/
name: string;
/**
* Retriction on URL to apply to the key
*
* Split per method, each item of the array contains
* a regexp to validate the url used
*/
permissions?: {
GET: string[];
PUT: string[];
DELETE: string[];
POST: string[];
};
/**
* Algorithm to use with hawk
*/
algorithm: string;
/**
* Secret that will stay within server
*/
__secret: string;
/**
* Subnet checker if needed
*/
__checker: (address: string) => boolean;
/**
* Authorize those origins only (regexp)
*/
origins?: string[];
/**
* If defined the key is only usable from these ips
*
* Support of DNS is not yet ready
*/
whitelist?: string[];
/**
* Formatting structure needed for Hawk credentials
* @returns {id,key,algorithm}
*/
toHawkCredentials(): HawkCredentials;
/**
* Generate secret for key
* @returns
*/
generateSecret(): string;
/**
* @override
*/
canAct(ctx: OperationContext<any, any>, action: string): Promise<string | boolean>;
/**
* Check origin masks, and returns TRUE when at least one pattern is matching to this context's origin
* @param {HttpContext} ctx
* @returns {boolean} TRUE if this origin is authorized with the current key
*/
checkOrigin(ctx: HttpContext): boolean;
/**
* Authorize access depending origin, method and permissions allowed
* @param {HttpContext} ctx
* @returns {boolean} TRUE if all key's contraints are authorized
*/
canRequest(context: WebContext): Promise<boolean>;
/**
* Update the origins in the registry
*/
updateOrigins(): Promise<void>;
/**
* @override
*/
_onSaved(): Promise<void>;
/**
* @override
*/
_onUpdated(): Promise<void>;
}
export { ApiKey };