UNPKG

cnpmcore

Version:

npm core

github.com/cnpm/npmcore

cnpm/cnpmcore

93 lines 7.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
"use strict"; var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.TokenService = void 0; const dayjs_1 = __importDefault(require("dayjs")); const tegg_1 = require("@eggjs/tegg"); const lodash_1 = require("lodash"); const AbstractService_1 = require("../../common/AbstractService"); const Token_1 = require("../entity/Token"); const ModelConvertor_1 = require("../../../app/repository/util/ModelConvertor"); const Package_1 = require("../entity/Package"); const egg_errors_1 = require("egg-errors"); const PackageUtil_1 = require("../../../app/common/PackageUtil"); const UserUtil_1 = require("../../../app/common/UserUtil"); const UserRepository_1 = require("../../../app/repository/UserRepository"); let TokenService = class TokenService extends AbstractService_1.AbstractService { async listTokenPackages(token) { if ((0, Token_1.isGranularToken)(token)) { const models = await this.TokenPackage.find({ tokenId: token.tokenId }); const packages = await this.Package.find({ packageId: models.map(m => m.packageId) }); return packages.map(pkg => ModelConvertor_1.ModelConvertor.convertModelToEntity(pkg, Package_1.Package)); } return null; } async checkTokenStatus(token) { // check for expires if ((0, Token_1.isGranularToken)(token) && (0, dayjs_1.default)(token.expiredAt).isBefore(new Date())) { throw new egg_errors_1.UnauthorizedError('Token expired'); } token.lastUsedAt = new Date(); this.userRepository.saveToken(token); } async checkGranularTokenAccess(token, fullname) { // check for scope whitelist const [scope, name] = (0, PackageUtil_1.getScopeAndName)(fullname); // check for packages whitelist const allowedPackages = await this.listTokenPackages(token); // check for scope & packages access if ((0, lodash_1.isEmpty)(allowedPackages) && (0, lodash_1.isEmpty)(token.allowedScopes)) { return true; } const existPkgConfig = allowedPackages?.find(pkg => pkg.scope === scope && pkg.name === name); if (existPkgConfig) { return true; } const existScopeConfig = token.allowedScopes?.find(s => s === scope); if (existScopeConfig) { return true; } throw new egg_errors_1.ForbiddenError(`can't access package "${fullname}"`); } async getUserAndToken(authorization) { if (!authorization) return null; const matchs = /^Bearer ([\w\.]+?)$/.exec(authorization); if (!matchs) return null; const tokenValue = matchs[1]; const tokenKey = (0, UserUtil_1.sha512)(tokenValue); const authorizedUserAndToken = await this.userRepository.findUserAndTokenByTokenKey(tokenKey); return authorizedUserAndToken; } }; exports.TokenService = TokenService; __decorate([ (0, tegg_1.Inject)(), __metadata("design:type", Object) ], TokenService.prototype, "TokenPackage", void 0); __decorate([ (0, tegg_1.Inject)(), __metadata("design:type", Object) ], TokenService.prototype, "Package", void 0); __decorate([ (0, tegg_1.Inject)(), __metadata("design:type", UserRepository_1.UserRepository) ], TokenService.prototype, "userRepository", void 0); exports.TokenService = TokenService = __decorate([ (0, tegg_1.SingletonProto)({ accessLevel: tegg_1.AccessLevel.PUBLIC, }) ], TokenService); //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVG9rZW5TZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vYXBwL2NvcmUvc2VydmljZS9Ub2tlblNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsa0RBQTBCO0FBQzFCLHNDQUlxQjtBQUNyQixtQ0FBaUM7QUFDakMsa0VBQStEO0FBQy9ELDJDQUF5RDtBQUd6RCxnRkFBNkU7QUFDN0UsK0NBQTZEO0FBQzdELDJDQUErRDtBQUMvRCxpRUFBa0U7QUFDbEUsMkRBQXNEO0FBQ3RELDJFQUF3RTtBQUtqRSxJQUFNLFlBQVksR0FBbEIsTUFBTSxZQUFhLFNBQVEsaUNBQWU7SUFReEMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEtBQVk7UUFDekMsSUFBSSxJQUFBLHVCQUFlLEVBQUMsS0FBSyxDQUFDLEVBQUU7WUFDMUIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUN4RSxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLEVBQUUsU0FBUyxFQUFFLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3RGLE9BQU8sUUFBUSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLCtCQUFjLENBQUMsb0JBQW9CLENBQUMsR0FBRyxFQUFFLGlCQUFhLENBQUMsQ0FBQyxDQUFDO1NBQ3JGO1FBQ0QsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRU0sS0FBSyxDQUFDLGdCQUFnQixDQUFDLEtBQVk7UUFDeEMsb0JBQW9CO1FBQ3BCLElBQUksSUFBQSx1QkFBZSxFQUFDLEtBQUssQ0FBQyxJQUFJLElBQUEsZUFBSyxFQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxJQUFJLEVBQUUsQ0FBQyxFQUFFO1lBQ3pFLE1BQU0sSUFBSSw4QkFBaUIsQ0FBQyxlQUFlLENBQUMsQ0FBQztTQUM5QztRQUVELEtBQUssQ0FBQyxVQUFVLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUM5QixJQUFJLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRU0sS0FBSyxDQUFDLHdCQUF3QixDQUFDLEtBQVksRUFBRSxRQUFnQjtRQUNsRSw0QkFBNEI7UUFDNUIsTUFBTSxDQUFFLEtBQUssRUFBRSxJQUFJLENBQUUsR0FBRyxJQUFBLDZCQUFlLEVBQUMsUUFBUSxDQUFDLENBQUM7UUFDbEQsK0JBQStCO1FBQy9CLE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTVELG9DQUFvQztRQUNwQyxJQUFJLElBQUEsZ0JBQU8sRUFBQyxlQUFlLENBQUMsSUFBSSxJQUFBLGdCQUFPLEVBQUMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxFQUFFO1lBQzVELE9BQU8sSUFBSSxDQUFDO1NBQ2I7UUFFRCxNQUFNLGNBQWMsR0FBRyxlQUFlLEVBQUUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxDQUFDLEtBQUssS0FBSyxLQUFLLElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsQ0FBQztRQUM5RixJQUFJLGNBQWMsRUFBRTtZQUNsQixPQUFPLElBQUksQ0FBQztTQUNiO1FBRUQsTUFBTSxnQkFBZ0IsR0FBRyxLQUFLLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsS0FBSyxLQUFLLENBQUMsQ0FBQztRQUNyRSxJQUFJLGdCQUFnQixFQUFFO1lBQ3BCLE9BQU8sSUFBSSxDQUFDO1NBQ2I7UUFFRCxNQUFNLElBQUksMkJBQWMsQ0FBQyx5QkFBeUIsUUFBUSxHQUFHLENBQUMsQ0FBQztJQUVqRSxDQUFDO0lBRUQsS0FBSyxDQUFDLGVBQWUsQ0FBQyxhQUFxQjtRQUN6QyxJQUFJLENBQUMsYUFBYTtZQUFFLE9BQU8sSUFBSSxDQUFDO1FBQ2hDLE1BQU0sTUFBTSxHQUFHLHFCQUFxQixDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUN6RCxJQUFJLENBQUMsTUFBTTtZQUFFLE9BQU8sSUFBSSxDQUFDO1FBQ3pCLE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM3QixNQUFNLFFBQVEsR0FBRyxJQUFBLGlCQUFNLEVBQUMsVUFBVSxDQUFDLENBQUM7UUFDcEMsTUFBTSxzQkFBc0IsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsMEJBQTBCLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDOUYsT0FBTyxzQkFBc0IsQ0FBQztJQUNoQyxDQUFDO0NBRUYsQ0FBQTtBQTlEWSxvQ0FBWTtBQUVOO0lBRGhCLElBQUEsYUFBTSxHQUFFOztrREFDK0M7QUFFdkM7SUFEaEIsSUFBQSxhQUFNLEdBQUU7OzZDQUNxQztBQUU3QjtJQURoQixJQUFBLGFBQU0sR0FBRTs4QkFDd0IsK0JBQWM7b0RBQUM7dUJBTnJDLFlBQVk7SUFIeEIsSUFBQSxxQkFBYyxFQUFDO1FBQ2QsV0FBVyxFQUFFLGtCQUFXLENBQUMsTUFBTTtLQUNoQyxDQUFDO0dBQ1csWUFBWSxDQThEeEIifQ==