sebse/node-pkg-express-utils
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed unknown roles

Browse Source
This commit is contained in:
Sebastian Seedorf
2020-11-16 16:04:54 +01:00
parent 99527fdb49
commit f98b1b7326
5 changed files with 33 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
out/auth-proxy.js
View File

@@ -14,18 +14,25 @@ const _1 = require(".");
const node_fetch_1 = require("node-fetch"); const node_fetch_1 = require("node-fetch");
const router = (req, res, next) => { const router = (req, res, next) => {
const resolvable = new _1.Resolvable(() => __awaiter(void 0, void 0, void 0, function* () { const resolvable = new _1.Resolvable(() => __awaiter(void 0, void 0, void 0, function* () {
console.log("header", _1.DefaultConfig.USERINFO_HEADER);
if (!_1.DefaultConfig.USERINFO_HEADER) { if (!_1.DefaultConfig.USERINFO_HEADER) {
return undefined; return undefined;
} }
const token = req.header(_1.DefaultConfig.USERINFO_HEADER); const token = req.header(_1.DefaultConfig.USERINFO_HEADER);
console.log("token", token);
const url = _1.DefaultConfig.AUTH_PROXY_USERINFO_URL || const url = _1.DefaultConfig.AUTH_PROXY_USERINFO_URL ||
_1.DefaultConfig.AUTH_PROXY_URL && _1.urlJoin(_1.DefaultConfig.AUTH_PROXY_URL, "userinfo"); _1.DefaultConfig.AUTH_PROXY_URL && _1.urlJoin(_1.DefaultConfig.AUTH_PROXY_URL, "userinfo");
console.log("url", url);
if (token === undefined || url === undefined) { if (token === undefined || url === undefined) {
return undefined; return undefined;
} }
console.log("fetch");
try { try {
const res = yield node_fetch_1.default(url, { headers: [[_1.DefaultConfig.USERINFO_HEADER, token]] }); const res = yield node_fetch_1.default(url, { headers: [[_1.DefaultConfig.USERINFO_HEADER, token]] });
return yield res.json(); console.log("res");
const json = yield res.json();
console.log("json", json);
return json;
} }
catch (e) { catch (e) {
_1.Logger.warn(e); _1.Logger.warn(e);

2
out/permissions.d.ts vendored
View File

@@ -3,7 +3,7 @@ import { Query } from 'role-acl/lib/src/core/Query';
import { Request, RequestHandler } from 'express'; import { Request, RequestHandler } from 'express';
declare class PermissionManager extends AccessControl { declare class PermissionManager extends AccessControl {
can(roleOrRequest: Request | string | string[] | IQueryInfo): PermQuery; can(roleOrRequest: Request | string | string[] | IQueryInfo): PermQuery;
getRouter(resource: string, opts: Partial<RermRouterOpts>): RequestHandler; getRouter(resource: string, opts?: Partial<RermRouterOpts>): RequestHandler;
} }
export declare type RermRouterOpts = { export declare type RermRouterOpts = {
context: unknown; context: unknown;

20
out/permissions.js
View File

@@ -20,12 +20,12 @@ class PermissionManager extends role_acl_1.AccessControl {
getRouter(resource, opts) { getRouter(resource, opts) {
return (req, res, next) => __awaiter(this, void 0, void 0, function* () { return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
let query = this.can(req); let query = this.can(req);
if (opts.context) if (opts === null || opts === void 0 ? void 0 : opts.context)
query = query.context(opts.context); query = query.context(opts === null || opts === void 0 ? void 0 : opts.context);
if (opts.action) if (opts === null || opts === void 0 ? void 0 : opts.action)
query = query.execute(opts.action); query = query.execute(opts === null || opts === void 0 ? void 0 : opts.action);
if (opts.skipConditions) if (opts === null || opts === void 0 ? void 0 : opts.skipConditions)
query = query.skipConditions(opts.skipConditions); query = query.skipConditions(opts === null || opts === void 0 ? void 0 : opts.skipConditions);
const permission = yield query.on(resource); const permission = yield query.on(resource);
if (permission.granted) { if (permission.granted) {
req.permissionDetails = permission; req.permissionDetails = permission;
@@ -41,7 +41,7 @@ class PermQuery extends Query_1.Query {
constructor(grants, roleOrRequest) { constructor(grants, roleOrRequest) {
function isRequest(obj) { function isRequest(obj) {
// eslint-disable-next-line no-prototype-builtins // eslint-disable-next-line no-prototype-builtins
return typeof obj === 'object' && obj && obj.hasOwnProperty('path') || false; return typeof obj === 'object' && obj && obj.hasOwnProperty('res') || false;
} }
if (isRequest(roleOrRequest)) { if (isRequest(roleOrRequest)) {
super(grants, []); super(grants, []);
@@ -57,9 +57,13 @@ class PermQuery extends Query_1.Query {
}); });
var _a; var _a;
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
console.log("heee");
if (this.resolveRequest) { if (this.resolveRequest) {
const userInfo = yield this.resolveRequest.getUserInfo(); const userInfo = yield this.resolveRequest.getUserInfo();
this.role((_a = userInfo === null || userInfo === void 0 ? void 0 : userInfo.groups) !== null && _a !== void 0 ? _a : []); console.log("huuu", userInfo, typeof userInfo);
const availableRoles = Object.keys(this._grants);
const roles = ((_a = userInfo === null || userInfo === void 0 ? void 0 : userInfo.groups) !== null && _a !== void 0 ? _a : []).filter(x => availableRoles.includes(x));
this.role(roles);
} }
if (typeof this._.role === 'object' && this._.role.includes('noaccess') || if (typeof this._.role === 'object' && this._.role.includes('noaccess') ||
typeof this._.role === 'string' && this._.role === 'noaccess') { typeof this._.role === 'string' && this._.role === 'noaccess') {

2
out/polyfill.js
View File

@@ -13,8 +13,8 @@ exports.Polyfill = void 0;
const polyfillLibrary = require("polyfill-library"); const polyfillLibrary = require("polyfill-library");
const _1 = require("."); const _1 = require(".");
const threads_1 = require("threads"); const threads_1 = require("threads");
const features = new _1.WaitForSync();
function getRouter(fileToWatch, opts) { function getRouter(fileToWatch, opts) {
const features = new _1.WaitForSync();
(() => __awaiter(this, void 0, void 0, function* () { (() => __awaiter(this, void 0, void 0, function* () {
const worker = yield threads_1.spawn(new threads_1.Worker("./polyfill-worker")); const worker = yield threads_1.spawn(new threads_1.Worker("./polyfill-worker"));
const feats = yield worker(fileToWatch); const feats = yield worker(fileToWatch);

20
src/permissions.ts
View File

@@ -8,15 +8,15 @@ class PermissionManager extends AccessControl {
return new PermQuery(this.getGrants(), roleOrRequest); return new PermQuery(this.getGrants(), roleOrRequest);
} }
public getRouter(resource: string, opts: Partial<RermRouterOpts>): RequestHandler { public getRouter(resource: string, opts?: Partial<RermRouterOpts>): RequestHandler {
return async (req: Request, res, next) => { return async (req: Request, res, next) => {
let query = this.can(req); let query = this.can(req);
if (opts.context) if (opts?.context)
query = query.context(opts.context); query = query.context(opts?.context);
if (opts.action) if (opts?.action)
query = query.execute(opts.action); query = query.execute(opts?.action);
if (opts.skipConditions) if (opts?.skipConditions)
query = query.skipConditions(opts.skipConditions); query = query.skipConditions(opts?.skipConditions);
const permission = await query.on(resource); const permission = await query.on(resource);
if (permission.granted) { if (permission.granted) {
req.permissionDetails = permission; req.permissionDetails = permission;
@@ -40,7 +40,7 @@ export class PermQuery extends Query {
constructor(grants: unknown, roleOrRequest: Request|string|string[]|IQueryInfo) { constructor(grants: unknown, roleOrRequest: Request|string|string[]|IQueryInfo) {
function isRequest(obj: unknown): obj is Request { function isRequest(obj: unknown): obj is Request {
// eslint-disable-next-line no-prototype-builtins // eslint-disable-next-line no-prototype-builtins
return typeof obj === 'object' && obj && obj.hasOwnProperty('path') || false; return typeof obj === 'object' && obj && obj.hasOwnProperty('res') || false;
} }
if (isRequest(roleOrRequest)) { if (isRequest(roleOrRequest)) {
super(grants, []); super(grants, []);
@@ -53,7 +53,9 @@ export class PermQuery extends Query {
public async on(resource: string, skipConditions?: boolean): Promise<Permission> { public async on(resource: string, skipConditions?: boolean): Promise<Permission> {
if (this.resolveRequest) { if (this.resolveRequest) {
const userInfo = await this.resolveRequest.getUserInfo(); const userInfo = await this.resolveRequest.getUserInfo();
this.role(userInfo?.groups ?? []); const availableRoles = Object.keys(this._grants);
const roles = (userInfo?.groups ?? []).filter(x => availableRoles.includes(x));
this.role(roles);
} }
if ( if (
typeof this._.role === 'object' && this._.role.includes('noaccess') || typeof this._.role === 'object' && this._.role.includes('noaccess') ||