mirror of
https://github.com/shishantbiswas/bknd.git
synced 2026-03-16 04:27:21 +00:00
reworked html serving, added new permissions for api/auth, updated adapters
This commit is contained in:
dswbx
@@ -34,7 +34,7 @@ export class AuthApi extends ModuleApi<AuthApiOptions> {
|
||||
}
|
||||
|
||||
async strategies() {
|
||||
return this.get<{ strategies: AppAuthSchema["strategies"] }>(["strategies"]);
|
||||
return this.get<Pick<AppAuthSchema, "strategies" | "basepath">>(["strategies"]);
|
||||
}
|
||||
|
||||
async logout() {}
|
||||
|
||||
@@ -1,31 +1,29 @@
|
||||
import type { AppAuth } from "auth";
|
||||
import type { ClassController } from "core";
|
||||
import { Hono, type MiddlewareHandler } from "hono";
|
||||
import * as SystemPermissions from "modules/permissions";
|
||||
|
||||
export class AuthController implements ClassController {
|
||||
constructor(private auth: AppAuth) {}
|
||||
|
||||
getMiddleware: MiddlewareHandler = async (c, next) => {
|
||||
// @todo: consider adding app name to the payload, because user is not refetched
|
||||
get guard() {
|
||||
return this.auth.ctx.guard;
|
||||
}
|
||||
|
||||
//try {
|
||||
getMiddleware: MiddlewareHandler = async (c, next) => {
|
||||
let token: string | undefined;
|
||||
if (c.req.raw.headers.has("Authorization")) {
|
||||
const bearerHeader = String(c.req.header("Authorization"));
|
||||
const token = bearerHeader.replace("Bearer ", "");
|
||||
const verified = await this.auth.authenticator.verify(token);
|
||||
token = bearerHeader.replace("Bearer ", "");
|
||||
}
|
||||
|
||||
if (token) {
|
||||
// @todo: don't extract user from token, but from the database or cache
|
||||
await this.auth.authenticator.verify(token);
|
||||
this.auth.ctx.guard.setUserContext(this.auth.authenticator.getUser());
|
||||
/*console.log("jwt verified?", {
|
||||
verified,
|
||||
auth: this.auth.authenticator.isUserLoggedIn()
|
||||
});*/
|
||||
} else {
|
||||
this.auth.authenticator.__setUserNull();
|
||||
}
|
||||
/* } catch (e) {
|
||||
this.auth.authenticator.__setUserNull();
|
||||
}*/
|
||||
|
||||
await next();
|
||||
};
|
||||
@@ -49,7 +47,8 @@ export class AuthController implements ClassController {
|
||||
});
|
||||
|
||||
hono.get("/strategies", async (c) => {
|
||||
return c.json({ strategies: this.auth.toJSON(false).strategies });
|
||||
const { strategies, basepath } = this.auth.toJSON(false);
|
||||
return c.json({ strategies, basepath });
|
||||
});
|
||||
|
||||
return hono;
|
||||
|
||||
@@ -11,6 +11,8 @@ export type GuardConfig = {
|
||||
enabled?: boolean;
|
||||
};
|
||||
|
||||
const debug = false;
|
||||
|
||||
export class Guard {
|
||||
permissions: Permission[];
|
||||
user?: GuardUserContext;
|
||||
@@ -96,12 +98,12 @@ export class Guard {
|
||||
if (this.user && typeof this.user.role === "string") {
|
||||
const role = this.roles?.find((role) => role.name === this.user?.role);
|
||||
if (role) {
|
||||
console.log("guard: role found", this.user.role);
|
||||
debug && console.log("guard: role found", this.user.role);
|
||||
return role;
|
||||
}
|
||||
}
|
||||
|
||||
console.log("guard: role not found", this.user, this.user?.role);
|
||||
debug && console.log("guard: role not found", this.user, this.user?.role);
|
||||
return this.getDefaultRole();
|
||||
}
|
||||
|
||||
@@ -109,10 +111,14 @@ export class Guard {
|
||||
return this.roles?.find((role) => role.is_default);
|
||||
}
|
||||
|
||||
isEnabled() {
|
||||
return this.config?.enabled === true;
|
||||
}
|
||||
|
||||
hasPermission(permission: Permission): boolean;
|
||||
hasPermission(name: string): boolean;
|
||||
hasPermission(permissionOrName: Permission | string): boolean {
|
||||
if (this.config?.enabled !== true) {
|
||||
if (!this.isEnabled()) {
|
||||
//console.log("guard not enabled, allowing");
|
||||
return true;
|
||||
}
|
||||
@@ -126,10 +132,10 @@ export class Guard {
|
||||
const role = this.getUserRole();
|
||||
|
||||
if (!role) {
|
||||
console.log("guard: role not found, denying");
|
||||
debug && console.log("guard: role not found, denying");
|
||||
return false;
|
||||
} else if (role.implicit_allow === true) {
|
||||
console.log("guard: role implicit allow, allowing");
|
||||
debug && console.log("guard: role implicit allow, allowing");
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -137,11 +143,12 @@ export class Guard {
|
||||
(rolePermission) => rolePermission.permission.name === name
|
||||
);
|
||||
|
||||
console.log("guard: rolePermission, allowing?", {
|
||||
permission: name,
|
||||
role: role.name,
|
||||
allowing: !!rolePermission
|
||||
});
|
||||
debug &&
|
||||
console.log("guard: rolePermission, allowing?", {
|
||||
permission: name,
|
||||
role: role.name,
|
||||
allowing: !!rolePermission
|
||||
});
|
||||
return !!rolePermission;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user