UNPKG

permix

Version:

Permix is a lightweight, framework-agnostic, type-safe permissions management library for JavaScript applications on the client and server sides.

permix.letstri.dev

letstri/permix

144 lines (143 loc) 4.17 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import { PermixForbiddenError, PermixNotFoundError, createCheckContext, createHooks, createPermix as createPermix$1, createTemplate } from "../core/index.mjs"; import { createMiddleware } from "@tanstack/react-start"; //#region src/tanstack-start/permix.ts function buildPermix(resolveKey, options = {}) { const onForbidden = options.onForbidden ?? (() => { throw new PermixForbiddenError(); }); const hooks = createHooks(); /** * Returns the request-scoped Permix instance from a TanStack Start context * object, or `null` when not set up yet. */ function get(context) { return context?.[resolveKey()] ?? null; } /** * Like {@link get}, but throws {@link PermixNotFoundError} when the instance * is missing. */ function getOrThrow(context) { const instance = get(context); if (!instance) throw new PermixNotFoundError(resolveKey()); return instance; } /** * TanStack Start middleware that creates a request-scoped Permix instance, * calls `setup()` with the resolved rules, and stores it in the server context. * * Register it globally via `createStart({ requestMiddleware: [...] })` so it * runs for every request, or attach it to specific server routes. */ function setupMiddleware(callbackOrRules) { return createMiddleware().server(async ({ next, request }) => { const instance = createPermix$1(typeof callbackOrRules === "function" ? await callbackOrRules({ request }) : callbackOrRules); instance.hook("check", (context) => hooks.callHook("check", context)); return next({ context: { [resolveKey()]: instance } }); }); } /** * TanStack Start middleware that enforces a permission check before the * server function handler runs. * * @example * ```ts * export const createPost = createServerFn({ method: 'POST' }) * .middleware([permix.checkMiddleware('post.create')]) * .handler(() => { ... }) * ``` */ const checkMiddleware = (...args) => { return createMiddleware({ type: "function" }).server(async ({ next, context }) => { if (getOrThrow(context).check(...args)) return next(); else return await onForbidden({ next, ...createCheckContext(...args) }); }); }; /** * Serialize the request's permission state for client hydration. */ function dehydrate(context) { return getOrThrow(context).dehydrate(); } function getRules(context) { return get(context)?.getRules() ?? null; } function template(rules) { return createTemplate(rules); } return { setupMiddleware, checkMiddleware, get, getOrThrow, dehydrate, getRules, template, hook: hooks.hook, hookOnce: hooks.hookOnce, get key() { return resolveKey(); }, $inferDefinition: void 0, $inferPath: void 0 }; } /** * Create a per-request Permix helper for TanStack Start. * * Uses TanStack Start's per-request server context to share a single Permix * instance across global middleware, server routes, server functions, and the * router for the lifetime of each request. * * Use `.contextKey('name')` to set a custom context key (defaults to * `'__permix'`). * * @example * ```ts * // lib/permix.ts * import { createPermix } from 'permix/tanstack-start' * * export const permix = createPermix<{ * post: ['create', 'read', 'update', 'delete'] * }>() * ``` * * ```ts * // src/start.ts * import { createStart } from '@tanstack/react-start' * import { getSession } from './lib/auth' * import { permix } from './lib/permix' * * export const startInstance = createStart(() => ({ * requestMiddleware: [ * permix.setupMiddleware(async ({ request }) => { * const session = await getSession(request) * return { * post: { * create: !!session, * read: true, * update: session?.role === 'admin', * delete: session?.role === 'admin', * }, * } * }), * ], * })) * ``` * * @link https://permix.letstri.dev/docs/integrations/tanstack-start */ function createPermix(options = {}) { let key = "__permix"; const permix = buildPermix(() => key, options); const instance = Object.assign(permix, { contextKey(newKey) { key = newKey; return instance; } }); return instance; } //#endregion export { createPermix };