UNPKG

@webda/hawk

Version:

Implements Hawk on webda

87 lines (86 loc) 2.2 kB
import { HttpContext, OperationContext, OwnerModel, WebContext } from "@webda/core"; import { HawkCredentials } from "./hawk.js"; /** * Api Key to use with hawk * * @WebdaModel */ export default class ApiKey extends OwnerModel { /** * Friendly user name of the key */ name: string; /** * Retriction on URL to apply to the key * * Split per method, each item of the array contains * a regexp to validate the url used */ permissions?: { GET: string[]; PUT: string[]; DELETE: string[]; POST: string[]; }; /** * Algorithm to use with hawk */ algorithm: string; /** * Secret that will stay within server */ __secret: string; /** * Subnet checker if needed */ __checker: (address: string) => boolean; /** * Authorize those origins only (regexp) */ origins?: string[]; /** * If defined the key is only usable from these ips * * Support of DNS is not yet ready */ whitelist?: string[]; /** * Formatting structure needed for Hawk credentials * @returns {id,key,algorithm} */ toHawkCredentials(): HawkCredentials; /** * Generate secret for key * @returns */ generateSecret(): string; /** * @override */ canAct(ctx: OperationContext<any, any>, action: string): Promise<string | boolean>; /** * Check origin masks, and returns TRUE when at least one pattern is matching to this context's origin * @param {HttpContext} ctx * @returns {boolean} TRUE if this origin is authorized with the current key */ checkOrigin(ctx: HttpContext): boolean; /** * Authorize access depending origin, method and permissions allowed * @param {HttpContext} ctx * @returns {boolean} TRUE if all key's contraints are authorized */ canRequest(context: WebContext): Promise<boolean>; /** * Update the origins in the registry */ updateOrigins(): Promise<void>; /** * @override */ _onSaved(): Promise<void>; /** * @override */ _onUpdated(): Promise<void>; } export { ApiKey };