UNPKG

ngx-keycloak-authz-lib

Version:

Bibliothèque d'authorisation Keycloak pour Angular

github.com/lukangakevin/ngx-keycloak-authz-lib

lukangakevin/ngx-keycloak-authz-lib

854 lines (837 loc) • 41.5 kB

JavaScript

(function (global, factory) { typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports, require('@angular/core'), require('keycloak-angular'), require('rxjs'), require('rxjs/operators'), require('@angular/common/http'), require('typy'), require('@angular/common')) : typeof define === 'function' && define.amd ? define('ngx-keycloak-authz-lib', ['exports', '@angular/core', 'keycloak-angular', 'rxjs', 'rxjs/operators', '@angular/common/http', 'typy', '@angular/common'], factory) : (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global["ngx-keycloak-authz-lib"] = {}, global.ng.core, global.i1$1, global.rxjs, global.rxjs.operators, global.ng.common.http, global.t, global.ng.common)); })(this, (function (exports, i0, i1$1, rxjs, operators, i1, t, common) { 'use strict'; function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; } function _interopNamespace(e) { if (e && e.__esModule) return e; var n = Object.create(null); if (e) { Object.keys(e).forEach(function (k) { if (k !== 'default') { var d = Object.getOwnPropertyDescriptor(e, k); Object.defineProperty(n, k, d.get ? d : { enumerable: true, get: function () { return e[k]; } }); } }); } n["default"] = e; return Object.freeze(n); } var i0__namespace = /*#__PURE__*/_interopNamespace(i0); var i1__namespace$1 = /*#__PURE__*/_interopNamespace(i1$1); var i1__namespace = /*#__PURE__*/_interopNamespace(i1); var t__default = /*#__PURE__*/_interopDefaultLegacy(t); /*! ***************************************************************************** Copyright (c) Microsoft Corporation. Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ***************************************************************************** */ /* global Reflect, Promise */ var extendStatics = function (d, b) { extendStatics = Object.setPrototypeOf || ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; return extendStatics(d, b); }; function __extends(d, b) { if (typeof b !== "function" && b !== null) throw new TypeError("Class extends value " + String(b) + " is not a constructor or null"); extendStatics(d, b); function __() { this.constructor = d; } d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); } var __assign = function () { __assign = Object.assign || function __assign(t) { for (var s, i = 1, n = arguments.length; i < n; i++) { s = arguments[i]; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p]; } return t; }; return __assign.apply(this, arguments); }; function __rest(s, e) { var t = {}; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) t[p] = s[p]; if (s != null && typeof Object.getOwnPropertySymbols === "function") for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) t[p[i]] = s[p[i]]; } return t; } function __decorate(decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; } function __param(paramIndex, decorator) { return function (target, key) { decorator(target, key, paramIndex); }; } function __metadata(metadataKey, metadataValue) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(metadataKey, metadataValue); } function __awaiter(thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); } function __generator(thisArg, body) { var _ = { label: 0, sent: function () { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function () { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); while (_) try { if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; if (y = 0, t) op = [op[0] & 2, t.value]; switch (op[0]) { case 0: case 1: t = op; break; case 4: _.label++; return { value: op[1], done: false }; case 5: _.label++; y = op[1]; op = [0]; continue; case 7: op = _.ops.pop(); _.trys.pop(); continue; default: if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } if (t[2]) _.ops.pop(); _.trys.pop(); continue; } op = body.call(thisArg, _); } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; } } var __createBinding = Object.create ? (function (o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function () { return m[k]; } }); }) : (function (o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; }); function __exportStar(m, o) { for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(o, p)) __createBinding(o, m, p); } function __values(o) { var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0; if (m) return m.call(o); if (o && typeof o.length === "number") return { next: function () { if (o && i >= o.length) o = void 0; return { value: o && o[i++], done: !o }; } }; throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined."); } function __read(o, n) { var m = typeof Symbol === "function" && o[Symbol.iterator]; if (!m) return o; var i = m.call(o), r, ar = [], e; try { while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value); } catch (error) { e = { error: error }; } finally { try { if (r && !r.done && (m = i["return"])) m.call(i); } finally { if (e) throw e.error; } } return ar; } /** @deprecated */ function __spread() { for (var ar = [], i = 0; i < arguments.length; i++) ar = ar.concat(__read(arguments[i])); return ar; } /** @deprecated */ function __spreadArrays() { for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length; for (var r = Array(s), k = 0, i = 0; i < il; i++) for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++) r[k] = a[j]; return r; } function __spreadArray(to, from, pack) { if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) { if (ar || !(i in from)) { if (!ar) ar = Array.prototype.slice.call(from, 0, i); ar[i] = from[i]; } } return to.concat(ar || Array.prototype.slice.call(from)); } function __await(v) { return this instanceof __await ? (this.v = v, this) : new __await(v); } function __asyncGenerator(thisArg, _arguments, generator) { if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); var g = generator.apply(thisArg, _arguments || []), i, q = []; return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i; function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; } function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } } function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); } function fulfill(value) { resume("next", value); } function reject(value) { resume("throw", value); } function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); } } function __asyncDelegator(o) { var i, p; return i = {}, verb("next"), verb("throw", function (e) { throw e; }), verb("return"), i[Symbol.iterator] = function () { return this; }, i; function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === "return" } : f ? f(v) : v; } : f; } } function __asyncValues(o) { if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined."); var m = o[Symbol.asyncIterator], i; return m ? m.call(o) : (o = typeof __values === "function" ? __values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i); function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; } function settle(resolve, reject, d, v) { Promise.resolve(v).then(function (v) { resolve({ value: v, done: d }); }, reject); } } function __makeTemplateObject(cooked, raw) { if (Object.defineProperty) { Object.defineProperty(cooked, "raw", { value: raw }); } else { cooked.raw = raw; } return cooked; } ; var __setModuleDefault = Object.create ? (function (o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function (o, v) { o["default"] = v; }; function __importStar(mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; } function __importDefault(mod) { return (mod && mod.__esModule) ? mod : { default: mod }; } function __classPrivateFieldGet(receiver, state, kind, f) { if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter"); if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it"); return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver); } function __classPrivateFieldSet(receiver, state, value, kind, f) { if (kind === "m") throw new TypeError("Private method is not writable"); if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter"); if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it"); return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value; } /** * Custom parameter codec to correctly handle the plus sign in parameter * values. See https://github.com/angular/angular/issues/18261 */ var ParameterCodec = /** @class */ (function () { function ParameterCodec() { } ParameterCodec.prototype.encodeKey = function (key) { return encodeURIComponent(key); }; ParameterCodec.prototype.encodeValue = function (value) { return encodeURIComponent(value); }; ParameterCodec.prototype.decodeKey = function (key) { return decodeURIComponent(key); }; ParameterCodec.prototype.decodeValue = function (value) { return decodeURIComponent(value); }; return ParameterCodec; }()); var PARAMETER_CODEC = new ParameterCodec(); var KeycloakAuthorizationService = /** @class */ (function () { function KeycloakAuthorizationService(http) { this.http = http; this.authConfig = null; this.keycloakConfig = null; /** * Contains the RPT-Token after successfull Get-Entitlement-Call */ this._rpt = null; /** * Contains all permissions decoded from the RPT-Token after successful Get-Entitlement-Call */ this._permissions = []; } KeycloakAuthorizationService.prototype.newParams = function () { return new i1.HttpParams({ encoder: PARAMETER_CODEC }); }; /** * Handles the class values initialization. * * @param options */ KeycloakAuthorizationService.prototype.initServiceValues = function (_a) { var _b = _a.loadPermissionsInStartup, loadPermissionsInStartup = _b === void 0 ? true : _b, _c = _a.defaultResourceServerId, defaultResourceServerId = _c === void 0 ? null : _c; this._loadPermissionsInStartup = loadPermissionsInStartup; this._defaultResourceServerId = defaultResourceServerId; }; /** * KeycloakAuthorization initialization. It should be called to initialize the adapter. * Options is a object with 2 main parameters: config and initOptions. The first one * will be used to connect to Keycloak. The second one are options to initialize the * keycloak authorization instance. * * @param options * config: an object with the following content: * - url: Keycloak json URL * - realm: realm name * - clientId: client id * * initOptions: * - defaultResourceServerId: specifies the default resource-server * - loadPermissionsInStartup: if set to true, load all permissions for default resource-server at initializiation of adapter * * */ KeycloakAuthorizationService.prototype.init = function (options) { var _this = this; var config = options.config, initOptions = options.initOptions; this.initServiceValues(initOptions); this.keycloakConfig = config; //console.log(this._defaultResourceServerId) return new Promise(function (resolve, reject) { _this.http.get(_this.keycloakConfig.url + '/realms/' + _this.keycloakConfig.realm + '/.well-known/uma2-configuration').subscribe(function (res) { return __awaiter(_this, void 0, void 0, function () { var err_1; return __generator(this, function (_a) { switch (_a.label) { case 0: this.authConfig = res; if (!((this._defaultResourceServerId) && (this._loadPermissionsInStartup))) return [3 /*break*/, 4]; _a.label = 1; case 1: _a.trys.push([1, 3, , 4]); return [4 /*yield*/, this.getAuthorizations(this._defaultResourceServerId, {})]; case 2: _a.sent(); return [3 /*break*/, 4]; case 3: err_1 = _a.sent(); reject("Error getting authorizations for resource-server-id " + this._defaultResourceServerId); return [3 /*break*/, 4]; case 4: resolve(res); return [2 /*return*/]; } }); }); }, function (err) { var msg = "Fehler bei der Initialisierung des Keycloak-Authorization-Services"; reject(msg); }); }); }; /** * Checks if user has the required access to a resource and/or scope. * * @param authorization-check object * - rsname : Name of the resource * - scope : name of the scope * * * @returns boolean true if user has access, false if not */ KeycloakAuthorizationService.prototype.checkAuthorization = function (authorization) { return this.hasAuthorization(authorization); }; /** * Internal method to check if user has the required access to a resource and/or scope * * @param authorization * * @returns boolean true if user has access, false if not */ KeycloakAuthorizationService.prototype.hasAuthorization = function (authorization) { var checkForResource = t__default["default"](authorization, 'rsname').safeObject; var checkForScope = t__default["default"](authorization, 'scope').safeObject; if (!t__default["default"](this._permissions).isEmptyArray) { var filteredResource = this._permissions.find(function (t) { if (t.rsname == checkForResource) return t; }); //No access to resource if (!t__default["default"](filteredResource).isObject) { //console.log("no access to resource granted"); return false; } //access to resource granted and no scope checking required if (checkForScope == undefined) { //console.log("no scope checking required.required auth is present - hooray"); return true; } //scope checking required, but resource has no scope defined if (t__default["default"](filteredResource.scopes).isEmptyArray) { //console.log("scope checking required, but no scopes defined for resource"); return false; } var filteredScope = filteredResource.scopes.find(function (t) { if (t == checkForScope) return t; }); //no access to scope if (t__default["default"](filteredScope).isUndefined) { //console.log("required scope not found"); return false; } //console.log("required auth is present - hooray"); return true; } //console.log("no permissions loaded (yet)"); return false; }; /** * Return an array of all permissions present for the logged-in user * * @returns Array of permissions */ KeycloakAuthorizationService.prototype.getPermissions = function () { return this._permissions; }; /** * Gets authorizations for resource-server from keycloak. Also stores the permissions for future use * * @param resourceServerId * The resource server for which the entitlements of the current user are checked * * @param authorizationRequest * * @returns Authorizations-Object */ KeycloakAuthorizationService.prototype.getAuthorizations = function (resourceServerId, authorizationRequest) { var _this = this; var perm = new Promise(function (resolve, reject) { _this.getEntitlement(resourceServerId, authorizationRequest) .subscribe(function (res) { try { var permissions = []; if (res.access_token) { _this._rpt = res.access_token; var decoded = _this.decodeToken(res.access_token); if (decoded.authorization) { if (decoded.authorization.permissions) { permissions = decoded.authorization.permissions; } } } _this._permissions = permissions; resolve(permissions); } catch (error) { reject(error); } }, function (error) { var msg = "Unable to get entitlements"; reject(msg); }); }); return perm; }; /** * Gets entitlement fron resource-server from keycloak * * @param resourceServerId * The resource server for which the entitlements of the current user are checked * * @param authorizationRequest * * @returns Object with RPT-Token containing the authorizations/entitlement */ KeycloakAuthorizationService.prototype.getEntitlement = function (resourceServerId, authorizationRequest) { var __params = this.newParams(); var __headers = new i1.HttpHeaders(); var __body = null; __headers = __headers.set("Content-type", "application/x-www-form-urlencoded"); if (!authorizationRequest) { authorizationRequest = {}; } __params = __params.set('grant_type', 'urn:ietf:params:oauth:grant-type:uma-ticket'); __params = __params.set('client_id', this.keycloakConfig.clientId); __params = __params.set('audience', resourceServerId); if (authorizationRequest.claimToken) { __params = __params.set('claim_token', authorizationRequest.claimToken); if (authorizationRequest.claimTokenFormat) { __params = __params.set('claim_token_format', authorizationRequest.claimTokenFormat); } } var permissions = authorizationRequest.permissions; if (!permissions) { permissions = []; } for (var i = 0; i < permissions.length; i++) { var resource = permissions[i]; var permission = resource.id; if (resource.scopes && resource.scopes.length > 0) { permission += "#"; for (var j = 0; j < resource.scopes.length; j++) { var scope = resource.scopes[j]; if (permission.indexOf('#') != permission.length - 1) { permission += ","; } permission += scope; } } __params = __params.append('permission', permission); } var metadata = authorizationRequest.metadata; if (metadata) { if (metadata.responseIncludeResourceName) { __params = __params.set('response_include_resource_name', metadata.responseIncludeResourceName); } if (metadata.responsePermissionsLimit) { __params = __params.set('response_permissions_limit', metadata.responsePermissionsLimit.toString()); } } if (this._rpt) { __params = __params.set('rpt', this._rpt); } return this.http.post(this.authConfig.token_endpoint, __params.toString(), { headers: __headers, responseType: 'json' }) .pipe(operators.catchError(this.handleError), operators.map(function (_r) { //console.log(_r); return _r; })); }; /** * Decodes RPT-Token * * @param str - enoded token string * * @returns Decoded jwt-token object * */ KeycloakAuthorizationService.prototype.decodeToken = function (str) { str = str.split('.')[1]; str = str.replace('/-/g', '+'); str = str.replace('/_/g', '/'); switch (str.length % 4) { case 0: break; case 2: str += '=='; break; case 3: str += '='; break; default: throw 'Invalid token'; } str = (str + '===').slice(0, str.length + (str.length % 4)); str = str.replace(/-/g, '+').replace(/_/g, '/'); str = decodeURIComponent(escape(atob(str))); str = JSON.parse(str); return str; }; KeycloakAuthorizationService.prototype.handleError = function (error) { if (error.error instanceof ErrorEvent) { // A client-side or network error occurred. Handle it accordingly. console.error('An error occurred:', error.error.message); } else { // The backend returned an unsuccessful response code. // The response body may contain clues as to what went wrong, console.error("Backend returned code " + error.status + ", " + ("body was: " + error.error)); } // return an observable with a user-facing error message return rxjs.throwError('Something bad happened; please try again later.'); }; ; return KeycloakAuthorizationService; }()); KeycloakAuthorizationService.ɵfac = i0__namespace.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: KeycloakAuthorizationService, deps: [{ token: i1__namespace.HttpClient }], target: i0__namespace.ɵɵFactoryTarget.Injectable }); KeycloakAuthorizationService.ɵprov = i0__namespace.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: KeycloakAuthorizationService, providedIn: 'root' }); i0__namespace.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: KeycloakAuthorizationService, decorators: [{ type: i0.Injectable, args: [{ providedIn: 'root' }] }], ctorParameters: function () { return [{ type: i1__namespace.HttpClient }]; } }); var EnableForKeycloakAuthorizationDirective = /** @class */ (function () { function EnableForKeycloakAuthorizationDirective(element, keycloakAngular, authService) { this.element = element; this.keycloakAngular = keycloakAngular; this.authService = authService; } EnableForKeycloakAuthorizationDirective.prototype.ngOnInit = function () { var _this = this; this.noAuthPresentAction(); var authCheck = {}; var requiredScope = null; if (this.requiredAuthorization.includes("#")) { var authArr = this.requiredAuthorization.split("#"); authCheck = { rsname: authArr[0], scope: authArr[1] }; } else { authCheck = { rsname: this.requiredAuthorization }; } this.keycloakAngular.isLoggedIn().then(function (res) { if (_this.authService.checkAuthorization(authCheck)) { _this.authPresentAction(); } }); }; EnableForKeycloakAuthorizationDirective.prototype.authPresentAction = function () { this.element.nativeElement.disabled = false; }; EnableForKeycloakAuthorizationDirective.prototype.noAuthPresentAction = function () { this.element.nativeElement.disabled = true; }; return EnableForKeycloakAuthorizationDirective; }()); EnableForKeycloakAuthorizationDirective.ɵfac = i0__namespace.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: EnableForKeycloakAuthorizationDirective, deps: [{ token: i0__namespace.ElementRef }, { token: i1__namespace$1.KeycloakService }, { token: KeycloakAuthorizationService }], target: i0__namespace.ɵɵFactoryTarget.Directive }); EnableForKeycloakAuthorizationDirective.ɵdir = i0__namespace.ɵɵngDeclareDirective({ minVersion: "12.0.0", version: "12.2.16", type: EnableForKeycloakAuthorizationDirective, selector: "[enableForKeycloakAuthorization]", inputs: { requiredAuthorization: ["enableForKeycloakAuthorization", "requiredAuthorization"] }, ngImport: i0__namespace }); i0__namespace.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: EnableForKeycloakAuthorizationDirective, decorators: [{ type: i0.Directive, args: [{ selector: '[enableForKeycloakAuthorization]' }] }], ctorParameters: function () { return [{ type: i0__namespace.ElementRef }, { type: i1__namespace$1.KeycloakService }, { type: KeycloakAuthorizationService }]; }, propDecorators: { requiredAuthorization: [{ type: i0.Input, args: ['enableForKeycloakAuthorization'] }] } }); /** * A simple guard implementation out of the box. This class should be inherited and * implemented by the application. The only method that should be implemented is #isAccessAllowed. * The reason for this is that the authorization flow is usually not unique, so in this way you will * have more freedom to customize your authorization flow. */ var KeycloakAuthzAuthGuard = /** @class */ (function () { function KeycloakAuthzAuthGuard(router, keycloakAngular, keycloakAuth) { this.router = router; this.keycloakAngular = keycloakAngular; this.keycloakAuth = keycloakAuth; /** * Indicates if the user is authenticated or not. */ /** * Indicates if the user is authenticated or not. */ this.authenticated = false; /** * Roles of the logged user. It contains the clientId and realm user roles. */ /** * Roles of the logged user. It contains the clientId and realm user roles. */ this.permissions = []; } /** * CanActivate checks if the user is logged in and get the full list of authorizations * that ave been retrieved so far of the logged user. This values are set to * authenticated and permissions properties. * * @param route * @param state */ KeycloakAuthzAuthGuard.prototype.canActivate = function (route, state) { var _this = this; return new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () { var _a, result, error_1; return __generator(this, function (_b) { switch (_b.label) { case 0: _b.trys.push([0, 3, , 4]); _a = this; return [4 /*yield*/, this.keycloakAngular.isLoggedIn()]; case 1: _a.authenticated = _b.sent(); this.permissions = this.keycloakAuth.getPermissions(); return [4 /*yield*/, this.isAccessAllowed(route, state)]; case 2: result = _b.sent(); resolve(result); return [3 /*break*/, 4]; case 3: error_1 = _b.sent(); reject('An error happened during access validation. Details:' + error_1); return [3 /*break*/, 4]; case 4: return [2 /*return*/]; } }); }); }); }; return KeycloakAuthzAuthGuard; }()); var CoreModule = /** @class */ (function () { function CoreModule() { } return CoreModule; }()); CoreModule.ɵfac = i0__namespace.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: CoreModule, deps: [], target: i0__namespace.ɵɵFactoryTarget.NgModule }); CoreModule.ɵmod = i0__namespace.ɵɵngDeclareNgModule({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: CoreModule, declarations: [EnableForKeycloakAuthorizationDirective], imports: [common.CommonModule], exports: [EnableForKeycloakAuthorizationDirective] }); CoreModule.ɵinj = i0__namespace.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: CoreModule, imports: [[ common.CommonModule ]] }); i0__namespace.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: CoreModule, decorators: [{ type: i0.NgModule, args: [{ declarations: [EnableForKeycloakAuthorizationDirective], imports: [ common.CommonModule ], exports: [ EnableForKeycloakAuthorizationDirective ] }] }] }); var NgxKeycloakAuthzLibModule = /** @class */ (function () { function NgxKeycloakAuthzLibModule() { } return NgxKeycloakAuthzLibModule; }()); NgxKeycloakAuthzLibModule.ɵfac = i0__namespace.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: NgxKeycloakAuthzLibModule, deps: [], target: i0__namespace.ɵɵFactoryTarget.NgModule }); NgxKeycloakAuthzLibModule.ɵmod = i0__namespace.ɵɵngDeclareNgModule({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: NgxKeycloakAuthzLibModule, imports: [CoreModule], exports: [CoreModule] }); NgxKeycloakAuthzLibModule.ɵinj = i0__namespace.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: NgxKeycloakAuthzLibModule, imports: [[CoreModule], CoreModule] }); i0__namespace.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "12.2.16", ngImport: i0__namespace, type: NgxKeycloakAuthzLibModule, decorators: [{ type: i0.NgModule, args: [{ declarations: [], imports: [CoreModule], exports: [CoreModule] }] }] }); /* * Public API Surface of ngx-keycloak-authz-lib */ /** * Generated bundle index. Do not edit. */ exports.CoreModule = CoreModule; exports.EnableForKeycloakAuthorizationDirective = EnableForKeycloakAuthorizationDirective; exports.KeycloakAuthorizationService = KeycloakAuthorizationService; exports.KeycloakAuthzAuthGuard = KeycloakAuthzAuthGuard; exports.NgxKeycloakAuthzLibModule = NgxKeycloakAuthzLibModule; Object.defineProperty(exports, '__esModule', { value: true }); })); //# sourceMappingURL=ngx-keycloak-authz-lib.umd.js.map