UNPKG

better-auth

Version:

The most comprehensive authentication library for TypeScript.

github.com/better-auth/better-auth

better-auth/better-auth

88 lines (82 loc) 3.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
'use strict'; const plugins_organization_access_index = require('../plugins/organization/access/index.cjs'); const z = require('zod/v4'); const betterCall = require('better-call'); require('./better-auth.DSI5WTAg.cjs'); require('./better-auth.CLv80Pwz.cjs'); require('./better-auth.B6fIklBU.cjs'); require('@better-auth/utils/base64'); require('@better-auth/utils/hmac'); require('./better-auth.B3274wGK.cjs'); require('@better-auth/utils/binary'); require('./better-auth.gN3g-znU.cjs'); function _interopNamespaceCompat(e) { if (e && typeof e === 'object' && 'default' in e) return e; const n = Object.create(null); if (e) { for (const k in e) { n[k] = e[k]; } } n.default = e; return n; } const z__namespace = /*#__PURE__*/_interopNamespaceCompat(z); let cacheAllRoles = /* @__PURE__ */ new Map(); const hasPermission = async (input, ctx) => { let acRoles = { ...input.options.roles || plugins_organization_access_index.defaultRoles }; if (ctx && input.organizationId && input.options.dynamicAccessControl?.enabled && input.options.ac && !input.useMemoryCache) { const roles = await ctx.context.adapter.findMany({ model: "organizationRole", where: [ { field: "organizationId", value: input.organizationId } ] }); for (const { role, permission: permissionsString } of roles) { if (role in acRoles) continue; const result = z__namespace.record(z__namespace.string(), z__namespace.array(z__namespace.string())).safeParse(JSON.parse(permissionsString)); if (!result.success) { ctx.context.logger.error( "[hasPermission] Invalid permissions for role " + role, { permissions: JSON.parse(permissionsString) } ); throw new betterCall.APIError("INTERNAL_SERVER_ERROR", { message: "Invalid permissions for role " + role }); } acRoles[role] = input.options.ac.newRole(result.data); } } if (input.useMemoryCache) { acRoles = cacheAllRoles.get(input.organizationId) || acRoles; } cacheAllRoles.set(input.organizationId, acRoles); return hasPermissionFn(input, acRoles); }; const clientSideHasPermission = async (input) => { const acRoles = input.options.roles || plugins_organization_access_index.defaultRoles; return hasPermissionFn(input, acRoles); }; const hasPermissionFn = (input, acRoles) => { if (!input.permissions && !input.permission) return false; const roles = input.role.split(","); const creatorRole = input.options.creatorRole || "owner"; const isCreator = roles.includes(creatorRole); const allowCreatorsAllPermissions = input.allowCreatorAllPermissions || false; if (isCreator && allowCreatorsAllPermissions) return true; for (const role of roles) { const _role = acRoles[role]; const result = _role?.authorize(input.permissions ?? input.permission); if (result?.success) { return true; } } return false; }; exports.clientSideHasPermission = clientSideHasPermission; exports.hasPermission = hasPermission;