UNPKG

loopback4-authorization

Version:

ARC authorization extension for loopback-next applications.

github.com/sourcefuse/loopback4-authorization

sourcefuse/loopback4-authorization

56 lines 2.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.AuthorizeActionProvider = void 0; const tslib_1 = require("tslib"); const context_1 = require("@loopback/context"); const keys_1 = require("../keys"); const lodash_1 = require("lodash"); const rest_1 = require("@loopback/rest"); const core_1 = require("@loopback/core"); let AuthorizeActionProvider = class AuthorizeActionProvider { constructor(getMetadata, allowAlwaysPath, requestContext) { this.getMetadata = getMetadata; this.allowAlwaysPath = allowAlwaysPath; this.requestContext = requestContext; } value() { return (response, req) => this.action(response, req); } async action(userPermissions, request) { const metadata = await this.getMetadata(); if (request && this.checkIfAllowedAlways(request)) { return true; } if (metadata) { if (metadata.permissions.indexOf('*') === 0) { // Return immediately with true, if allowed to all // This is for publicly open routes only return true; } } else { try { await this.requestContext.get(core_1.CoreBindings.CONTROLLER_METHOD_NAME); return false; } catch (error) { throw new rest_1.HttpErrors.NotFound('API not found !'); } } const permissionsToCheck = metadata.permissions; return (0, lodash_1.intersection)(userPermissions, permissionsToCheck).length > 0; } checkIfAllowedAlways(req) { let allowed = false; allowed = !!this.allowAlwaysPath.find(path => req.path.indexOf(path) === 0); return allowed; } }; exports.AuthorizeActionProvider = AuthorizeActionProvider; exports.AuthorizeActionProvider = AuthorizeActionProvider = tslib_1.__decorate([ tslib_1.__param(0, context_1.inject.getter(keys_1.AuthorizationBindings.METADATA)), tslib_1.__param(1, (0, context_1.inject)(keys_1.AuthorizationBindings.PATHS_TO_ALLOW_ALWAYS)), tslib_1.__param(2, (0, context_1.inject)(rest_1.RestBindings.Http.CONTEXT)), tslib_1.__metadata("design:paramtypes", [Function, Array, core_1.Context]) ], AuthorizeActionProvider); //# sourceMappingURL=authorization-action.provider.js.map