UNPKG

ibird-auth

Version:

The permission module of ibird.

github.com/yinfxs/ibird

yinfxs/ibird

124 lines (113 loc) 3.24 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
'use strict'; /** * 主模块 * Created by yinfxs on 2017/4/7. */ const path = require('path'); const utility = require('ibird-utils'); const app = { auth: {} }; module.exports = app; /** * 配置权限环境 * * @param data 配置对象 * */ app.config = (data = {}) => { if (typeof data !== 'object') return; for (const uid in data) { if (!uid || !Array.isArray(data[uid])) continue; app.auth[uid] = app.merge(data[uid]); } return app.auth; }; /** * 合并指定的多个范围 * @param range */ app.merge = (range) => { const result = { range: {}, permissions: [] }; if (!Array.isArray(range) || range.length === 0) return result; for (const role of range) { if (typeof role.api !== 'object') continue; if (!Array.isArray(role.permissions) || role.permissions.length === 0) continue; //合并操作函数 result.permissions = result.permissions.concat(role.permissions); //合并数据范围 for (const code in role.api) { if (!code) continue; const _api = role.api[code]; //合并所有条件 if (!result.range[code]) { result.range[code] = _api; } else { const _range = result.range[code].$or ? result.range[code] : { $or: [result.range[code]] }; _range.$or.push(_api); result.range[code] = _range; } } } result.permissions = utility.uniq(result.permissions); return result; }; /** * 鉴权 * @param unionid * @param permission */ app.authentication = (unionid, permission) => { if (Array.isArray(permission)) return batchAuth(unionid, permission); if (typeof unionid !== 'string' || typeof permission !== 'string') return { [permission]: false }; const object = app.auth[unionid].permissions; if (Array.isArray(object) && object.indexOf(permission) < 0) return { [permission]: false }; return { [permission]: true }; }; /** * 获取指定用户合并后的授权范围 * @param unionid * @param [api] */ app.range = (unionid, api) => { if (!unionid || !app.auth[unionid]) return {}; const result = app.auth[unionid]; const range = result.range || {}; return api ? range[api] : range; }; /** * 获取指定用户合并后的权限列表 * @param unionid */ app.permissions = (unionid) => { if (!unionid || !app.auth[unionid]) return []; const result = app.auth[unionid] || {}; return result.permissions || []; }; /** * 批量鉴权 * @param unionid * @param permissions */ function batchAuth(unionid, permissions) { if (!Array.isArray(permissions)) return { [permission]: false }; const result = {}; for (const permission of permissions) { if (permission == null || typeof permission !== 'string') continue; Object.assign(result, app.authentication(unionid, permission)); } return result; } /** * 导出中间件 * @param app */ app.middleware = (app) => { require('./middleware/auth')(app); }; /** * 导出内置路由 * @param app */ app.route = (router) => { require('./route/authentication')(router); require('./route/permissions')(router); };