UNPKG

rpcchannel

Version:

Easy RPC with permission controls

91 lines (90 loc) 3.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import { MultistringAddress, AddressMap } from './addrmap'; import { SerializableData } from './serializer'; import { RpcChannel, RpcFunction } from './registry'; export declare type AccessPolicy = boolean; export declare const AccessPolicy: { ALLOW: boolean; DENY: boolean; }; export declare type OptAccessPolicy = AccessPolicy | undefined | null; export declare const OptAccessPolicy: { NONE: null; } & { ALLOW: boolean; DENY: boolean; }; export interface CanCallOpts { args: SerializableData[]; wc: string[]; channel: RpcChannel; func?: RpcFunction; } export declare type AccessCanFunction = (addr: MultistringAddress, opts: CanCallOpts) => OptAccessPolicy; /** * Controls access to RPC endpoints based on address AND arguments. */ export interface AccessController { can(addr: MultistringAddress, opts: CanCallOpts): OptAccessPolicy; } /** * Always allows access. */ export declare class AllowAccessController implements AccessController { can(): AccessPolicy; } /** * Always denies access. */ export declare class DenyAccessController implements AccessController { can(): AccessPolicy; } /** * Controls access based on a single function */ export declare class FunctionAccessController implements AccessController { readonly can: AccessCanFunction; constructor(can: AccessCanFunction); } /** * Gives higher `AccessController`s in the chain priority. */ export declare class ChainedAccessController implements AccessController { default_ap: OptAccessPolicy; readonly access_chain: AccessController[]; constructor(default_ap?: OptAccessPolicy); can(addr: MultistringAddress, opts: CanCallOpts): OptAccessPolicy; } /** * The old type of access control based on an address-to-policy map. */ export declare class LegacyAccessController implements AccessController { readonly map: AddressMap<boolean>; can(to: MultistringAddress): OptAccessPolicy; } /** * Lookup a function to determine access on a per-address basis */ export declare class FunctionLookupAccessController implements AccessController { readonly map: AddressMap<AccessCanFunction>; can(to: MultistringAddress, opts: CanCallOpts): OptAccessPolicy; } export declare const CanCallFunction: unique symbol; export declare const RequiresPermissions: unique symbol; export interface PermissionedCanCallOpts extends CanCallOpts { require: (perm: string) => void; perms: Set<string>; } export declare type PermissionedAccessCanFunction = (addr: MultistringAddress, opts: PermissionedCanCallOpts) => OptAccessPolicy; /** * First, this `AccessController` will check the `RequiresPermissions` property * on the target function. If any of these are missing from the member `perms` * set, then access is denied. Otherwise, if `CanCallFunction` is defined, then * its result is returned. The `CanCallFunction` may also require permissions. */ export declare class AutoFunctionAccessController implements AccessController { perms: Set<string>; constructor(perms?: Set<string>); can(to: MultistringAddress, opts: CanCallOpts): OptAccessPolicy; } export declare function RequirePermissions(perms: string[]): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => void; export declare function SetCanCallFunc(can: AccessCanFunction): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => void;