context-forge
Version:
AI orchestration platform with autonomous teams, enhancement planning, migration tools, 25+ slash commands, checkpoints & hooks. Multi-IDE: Claude, Cursor, Windsurf, Cline, Copilot
191 lines • 6.98 kB
JavaScript
;
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.APIPermissionChecker = void 0;
const events_1 = require("events");
const chalk_1 = __importDefault(require("chalk"));
class APIPermissionChecker extends events_1.EventEmitter {
constructor() {
super();
this.endpoints = new Map();
this.userPermissions = new Set();
this.loadCommonEndpoints();
}
/**
* Register API endpoint with permission requirements
*/
registerEndpoint(endpoint) {
const key = `${endpoint.method}:${endpoint.path}`;
this.endpoints.set(key, endpoint);
console.log(chalk_1.default.gray(`Registered API endpoint: ${key}`));
}
/**
* Set user permissions
*/
setUserPermissions(permissions) {
this.userPermissions.clear();
permissions.forEach((perm) => this.userPermissions.add(perm));
console.log(chalk_1.default.blue(`Set user permissions: ${permissions.join(', ')}`));
}
/**
* Check if user has permission for API call
*/
checkPermission(method, path) {
const key = `${method.toUpperCase()}:${path}`;
const endpoint = this.endpoints.get(key);
if (!endpoint) {
// Unknown endpoint - allow by default but warn
console.log(chalk_1.default.yellow(`Unknown API endpoint: ${key}`));
return {
endpoint: key,
hasPermission: true,
missingPermissions: [],
};
}
const missingPermissions = endpoint.requiredPermissions.filter((perm) => !this.userPermissions.has(perm));
const hasPermission = missingPermissions.length === 0;
if (!hasPermission) {
const errorMessage = `Access denied to ${key}. Missing permissions: ${missingPermissions.join(', ')}`;
console.error(chalk_1.default.red(errorMessage));
this.emit('permission-denied', {
endpoint: key,
missingPermissions,
userPermissions: Array.from(this.userPermissions),
});
}
return {
endpoint: key,
hasPermission,
missingPermissions,
errorMessage: hasPermission
? undefined
: `Missing permissions: ${missingPermissions.join(', ')}`,
};
}
/**
* Validate multiple API calls
*/
validateAPIAccess(calls) {
return calls.map((call) => this.checkPermission(call.method, call.path));
}
/**
* Generate permission report
*/
generatePermissionReport() {
const report = [
`API Permission Report`,
`User Permissions: ${Array.from(this.userPermissions).join(', ')}`,
'',
];
for (const [key, endpoint] of this.endpoints) {
const result = this.checkPermission(endpoint.method, endpoint.path);
const status = result.hasPermission ? '✅' : '❌';
report.push(`${status} ${key} - ${endpoint.description}`);
if (!result.hasPermission) {
report.push(` Missing: ${result.missingPermissions.join(', ')}`);
}
}
return report.join('\n');
}
/**
* Create permission middleware for express-like APIs
*/
createMiddleware() {
return (req, res, next) => {
const result = this.checkPermission(req.method, req.path);
if (!result.hasPermission) {
return res.status(403).json({
error: 'Insufficient permissions',
required: result.missingPermissions,
endpoint: result.endpoint,
});
}
next();
};
}
/**
* Load common API endpoints and their permission requirements
*/
loadCommonEndpoints() {
const commonEndpoints = [
{
path: '/api/v2/clients/:id/firewall',
method: 'GET',
requiredPermissions: ['firewall:read'],
description: 'Read firewall configuration',
},
{
path: '/api/v2/clients/:id/firewall',
method: 'POST',
requiredPermissions: ['firewall:write'],
description: 'Update firewall configuration',
},
{
path: '/api/v2/clients/:id/database',
method: 'GET',
requiredPermissions: ['database:read'],
description: 'Read database configuration',
},
{
path: '/api/v2/clients/:id/database',
method: 'POST',
requiredPermissions: ['database:write'],
description: 'Update database configuration',
},
{
path: '/api/v2/clients',
method: 'GET',
requiredPermissions: ['clients:list'],
description: 'List all clients',
},
{
path: '/api/v2/clients/:id',
method: 'GET',
requiredPermissions: ['clients:read'],
description: 'Read client details',
},
{
path: '/api/v2/clients/:id',
method: 'PUT',
requiredPermissions: ['clients:write'],
description: 'Update client',
},
{
path: '/api/v2/clients/:id',
method: 'DELETE',
requiredPermissions: ['clients:delete'],
description: 'Delete client',
},
];
commonEndpoints.forEach((endpoint) => this.registerEndpoint(endpoint));
}
/**
* Create permission checker for orchestration agents
*/
static createForOrchestration(userRole) {
const checker = new APIPermissionChecker();
// Define role-based permissions
const rolePermissions = {
admin: [
'firewall:read',
'firewall:write',
'database:read',
'database:write',
'clients:list',
'clients:read',
'clients:write',
'clients:delete',
],
developer: ['firewall:read', 'database:read', 'clients:list', 'clients:read'],
readonly: ['firewall:read', 'database:read', 'clients:list', 'clients:read'],
guest: ['clients:list'],
};
const permissions = rolePermissions[userRole] || rolePermissions['guest'];
checker.setUserPermissions(permissions);
return checker;
}
}
exports.APIPermissionChecker = APIPermissionChecker;
//# sourceMappingURL=apiPermissionChecker.js.map