mirror of
https://github.com/shishantbiswas/bknd.git
synced 2026-03-16 12:37:20 +00:00
Enhance authentication and authorization components
- Refactored `AppAuth` to introduce `getGuardContextSchema` for improved user context handling. - Updated `Authenticator` to utilize `pickKeys` for user data extraction in JWT generation. - Enhanced `Guard` class to improve permission checks and error handling. - Modified `SystemController` to return context schema alongside permissions in API responses. - Added new `permissions` method in `SystemApi` for fetching permissions. - Improved UI components with additional props and tooltip support for better user experience.
This commit is contained in:
dswbx
@@ -2,7 +2,7 @@ import type { DB, PrimaryFieldType } from "bknd";
|
||||
import * as AuthPermissions from "auth/auth-permissions";
|
||||
import type { AuthStrategy } from "auth/authenticate/strategies/Strategy";
|
||||
import type { PasswordStrategy } from "auth/authenticate/strategies/PasswordStrategy";
|
||||
import { $console, secureRandomString, transformObject, pick } from "bknd/utils";
|
||||
import { $console, secureRandomString, transformObject, pickKeys } from "bknd/utils";
|
||||
import type { Entity, EntityManager } from "data/entities";
|
||||
import { em, entity, enumm, type FieldSchema } from "data/prototype";
|
||||
import { Module } from "modules/Module";
|
||||
@@ -113,6 +113,19 @@ export class AppAuth extends Module<AppAuthSchema> {
|
||||
return authConfigSchema;
|
||||
}
|
||||
|
||||
getGuardContextSchema() {
|
||||
const userschema = this.getUsersEntity().toSchema() as any;
|
||||
return {
|
||||
type: "object",
|
||||
properties: {
|
||||
user: {
|
||||
type: "object",
|
||||
properties: pickKeys(userschema.properties, this.config.jwt.fields as any),
|
||||
},
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
get authenticator(): Authenticator {
|
||||
this.throwIfNotBuilt();
|
||||
return this._authenticator!;
|
||||
|
||||
@@ -6,10 +6,8 @@ import { deleteCookie, getSignedCookie, setSignedCookie } from "hono/cookie";
|
||||
import { sign, verify } from "hono/jwt";
|
||||
import { type CookieOptions, serializeSigned } from "hono/utils/cookie";
|
||||
import type { ServerEnv } from "modules/Controller";
|
||||
import { pick } from "lodash-es";
|
||||
import { InvalidConditionsException } from "auth/errors";
|
||||
import { s, parse, secret, runtimeSupports, truncate, $console } from "bknd/utils";
|
||||
import { $object } from "modules/mcp";
|
||||
import { s, parse, secret, runtimeSupports, truncate, $console, pickKeys } from "bknd/utils";
|
||||
import type { AuthStrategy } from "./strategies/Strategy";
|
||||
|
||||
type Input = any; // workaround
|
||||
@@ -229,7 +227,7 @@ export class Authenticator<
|
||||
|
||||
// @todo: add jwt tests
|
||||
async jwt(_user: SafeUser | ProfileExchange): Promise<string> {
|
||||
const user = pick(_user, this.config.jwt.fields);
|
||||
const user = pickKeys(_user, this.config.jwt.fields as any);
|
||||
|
||||
const payload: JWTPayload = {
|
||||
...user,
|
||||
@@ -255,7 +253,7 @@ export class Authenticator<
|
||||
}
|
||||
|
||||
async safeAuthResponse(_user: User): Promise<AuthResponse> {
|
||||
const user = pick(_user, this.config.jwt.fields) as SafeUser;
|
||||
const user = pickKeys(_user, this.config.jwt.fields as any) as SafeUser;
|
||||
return {
|
||||
user,
|
||||
token: await this.jwt(user),
|
||||
|
||||
@@ -125,7 +125,7 @@ export class Guard {
|
||||
return this.config?.enabled === true;
|
||||
}
|
||||
|
||||
private collect(permission: Permission, c: GuardContext, context: any) {
|
||||
private collect(permission: Permission, c: GuardContext | undefined, context: any) {
|
||||
const user = c && "get" in c ? c.get("auth")?.user : c;
|
||||
const ctx = {
|
||||
...((context ?? {}) as any),
|
||||
@@ -181,15 +181,15 @@ export class Guard {
|
||||
}
|
||||
|
||||
if (!role) {
|
||||
$console.debug("guard: user has no role, denying");
|
||||
throw new GuardPermissionsException(permission, undefined, "User has no role");
|
||||
} else if (role.implicit_allow === true) {
|
||||
$console.debug(`guard: role "${role.name}" has implicit allow, allowing`);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!rolePermission) {
|
||||
$console.debug("guard: rolePermission not found, denying");
|
||||
if (role.implicit_allow === true) {
|
||||
$console.debug(`guard: role "${role.name}" has implicit allow, allowing`);
|
||||
return;
|
||||
}
|
||||
|
||||
throw new GuardPermissionsException(
|
||||
permission,
|
||||
undefined,
|
||||
|
||||
Reference in New Issue
Block a user