keycloak-lambda-authorizer
Version:
43 lines • 2.01 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.ClientRoleEnforcer = void 0;
class ClientRoleEnforcer {
constructor(options) {
this.options = options;
}
enforce(requestContent, enforcerFunc) {
return __awaiter(this, void 0, void 0, function* () {
const enforcer = yield enforcerFunc(this.options, requestContent);
if (!enforcer) {
throw new Error('enforcer does not provided');
}
if (!enforcer.clientRole) {
throw new Error('Client Role is Empty');
}
const resourceAccess = requestContent.token.payload.resource_access &&
requestContent.token.payload.resource_access[enforcer.clientRole.clientId];
if (!resourceAccess) {
throw new Error('Access Denied');
}
const { roles } = resourceAccess;
const role = roles.find(
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
(r) => r === enforcer.clientRole.clientRole);
if (!role) {
throw new Error('Access Denied');
}
});
}
}
exports.ClientRoleEnforcer = ClientRoleEnforcer;
//# sourceMappingURL=ClientRoleEnforcer.js.map