UNPKG

keycloak-lambda-authorizer

Version:
43 lines 2.01 kB
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.ClientRoleEnforcer = void 0; class ClientRoleEnforcer { constructor(options) { this.options = options; } enforce(requestContent, enforcerFunc) { return __awaiter(this, void 0, void 0, function* () { const enforcer = yield enforcerFunc(this.options, requestContent); if (!enforcer) { throw new Error('enforcer does not provided'); } if (!enforcer.clientRole) { throw new Error('Client Role is Empty'); } const resourceAccess = requestContent.token.payload.resource_access && requestContent.token.payload.resource_access[enforcer.clientRole.clientId]; if (!resourceAccess) { throw new Error('Access Denied'); } const { roles } = resourceAccess; const role = roles.find( // eslint-disable-next-line @typescript-eslint/ban-ts-comment // @ts-ignore (r) => r === enforcer.clientRole.clientRole); if (!role) { throw new Error('Access Denied'); } }); } } exports.ClientRoleEnforcer = ClientRoleEnforcer; //# sourceMappingURL=ClientRoleEnforcer.js.map