keycloak-lambda-authorizer
Version:
35 lines • 1.66 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.RealmRoleEnforcer = void 0;
class RealmRoleEnforcer {
constructor(options) {
this.options = options;
}
enforce(requestContent, enforcerFunc) {
return __awaiter(this, void 0, void 0, function* () {
const enforcer = yield enforcerFunc(this.options, requestContent);
if (!enforcer) {
throw new Error('enforcer does not provided');
}
if (!enforcer.realmRole) {
throw new Error('Realm Role is Empty');
}
const role = requestContent.token.payload.realm_access &&
requestContent.token.payload.realm_access.roles.find((r) => r === enforcer.realmRole);
if (!role) {
throw new Error('Access Denied');
}
});
}
}
exports.RealmRoleEnforcer = RealmRoleEnforcer;
//# sourceMappingURL=RealmRoleEnforcer.js.map