mirror of
https://github.com/shishantbiswas/bknd.git
synced 2026-03-16 04:27:21 +00:00
a298b65abf
* initial refactor * fixes * test secrets extraction * updated lock * fix secret schema * updated schemas, fixed tests, skipping flow tests for now * added validator for rjsf, hook form via standard schema * removed @sinclair/typebox * remove unneeded vite dep * fix jsonv literal on Field.tsx * fix schema import path * fix schema modals * fix schema modals * fix json field form, replaced auth form * initial waku * finalize waku example * fix jsonv-ts version * fix schema updates with falsy values * fix media api to respect options' init, improve types * checking media controller test * checking media controller test * checking media controller test * clean up mediacontroller test * added cookie option `partitioned`, as well as cors `origin` to be array, option to enable `credentials` (#214) * added cookie option `partitioned`, as well as cors `origin` to be array, option to enable `credentials` * fix server test * fix data api (updated jsonv-ts) * enhance cloudflare image optimization plugin with new options and explain endpoint (#215) * feat: add ability to serve static by using dynamic imports (#197) * feat: add ability to serve static by using dynamic imports * serveStaticViaImport: make manifest optional * serveStaticViaImport: add error log * refactor/imports (#217) * refactored core and core/utils imports * refactored core and core/utils imports * refactored media imports * refactored auth imports * refactored data imports * updated package json exports, fixed mm config * fix tests * feat/deno (#219) * update bun version * fix module manager's em reference * add basic deno example * finalize * docs: fumadocs migration (#185) * feat(docs): initialize documentation structure with Fumadocs * feat(docs): remove home route and move /docs route to /route * feat(docs): add redirect to /start page * feat(docs): migrate Getting Started chapters * feat(docs): migrate Usage and Extending chapters * feat(callout): add CalloutCaution, CalloutDanger, CalloutInfo, and CalloutPositive * feat(layout): add Discord and GitHub links to documentation layout * feat(docs): add integration chapters draft * feat(docs): add modules chapters draft * refactor(mdx-components): remove unused Icon import * refactor(StackBlitz): enhance type safety by using unknown instead of any * refactor(layout): update navigation mode to 'top' in layout configuration * feat(docs): add @iconify/react package * docs(mdx-components): add Icon component to MDX components list * feat(docs): update Next.js integration guide * feat(docs): update React Router integration guide * feat(docs): update Astro integration guide * feat(docs): update Vite integration guide * fix(docs): update package manager initialization commands * feat(docs): migrate Modules chapters * chore(docs): update package.json with new devDependencies * feat(docs): migrate Integration Runtimes chapters * feat(docs): update Database usage chapter * feat(docs): restructure documentation paths * chore(docs): clean up unused imports and files in documentation * style(layout): revert navigation mode to previous state * fix(docs): routing for documentation structure * feat(openapi): add API documentation generation from OpenAPI schema * feat(docs): add icons to documentation pages * chore(dependencies): remove unused content-collections packages * fix(types): fix type error for attachFile in source.ts * feat(redirects): update root redirect destination to '/start' * feat(search): add static search functionality * chore(dependencies): update fumadocs-core and fumadocs-ui to latest versions * feat(search): add Powered by Orama link * feat(generate-openapi): add error handling for missing OpenAPI schema * feat(scripts): add OpenAPI generation to build process * feat(config): enable dynamic redirects and rewrites in development mode * feat(layout): add GitHub token support for improved API rate limits * feat(redirects): add 301 redirects for cloudflare pages * feat(docs): add Vercel redirects configuration * feat(config): enable standalone output for development environment * chore(layout): adjust layout settings * refactor(package): clean up ajv dependency versions * feat(docs): add twoslash support * refactor(layout): update DocsLayout import and navigation configuration * chore(layout): clean up layout.tsx by commenting out GithubInfo * fix(Search): add locale to search initialization * chore(package): update fumadocs and orama to latest versions * docs: add menu items descriptions * feat(layout): add GitHub URL to the layout component * feat(docs): add AutoTypeTable component to MDX components * feat(app): implement AutoTypeTable rendering for AppEvents type * docs(layout): switch callouts back to default components * fix(config): use __filename and __dirname for module paths * docs: add note about node.js 22 requirement * feat(styles): add custom color variables for light and dark themes * docs: add S3 setup instructions for media module * docs: fix typos and indentation in media module docs * docs: add local media adapter example for Node.js * docs(media): add S3/R2 URL format examples and fix typo * docs: add cross-links to initial config and seeding sections * indent numbered lists content, clarified media serve locations * fix mediacontroller tests * feat(layout): add AnimatedGridPattern component for dynamic background * style(layout): configure fancy ToC style ('clerk') * fix(AnimatedGridPattern): correct strokeDasharray type * docs: actualize docs * feat: add favicon * style(cloudflare): format code examples * feat(layout): add Github and Discord footer icons * feat(footer): add SVG social media icons for GitHub and Discord * docs: adjusted auto type table, added llm functions * added static deployment to cloudflare workers * docs: change cf redirects to proxy *.mdx instead of redirecting --------- Co-authored-by: dswbx <dennis.senn@gmx.ch> Co-authored-by: cameronapak <cameronandrewpak@gmail.com> * build: improve build script * add missing exports, fix EntityTypescript imports * media: Dropzone: add programmatic upload, additional events, loading state * schema object: disable extended defaults to allow empty config values * Feat/new docs deploy (#224) * test * try fixing pm * try fixing pm * fix docs on imports, export events correctly --------- Co-authored-by: Tim Seriakov <59409712+timseriakov@users.noreply.github.com> Co-authored-by: cameronapak <cameronandrewpak@gmail.com>
173 lines
5.0 KiB
TypeScript
173 lines
5.0 KiB
TypeScript
import { Exception } from "core/errors";
|
|
import { $console, objectTransform } from "core/utils";
|
|
import { Permission } from "core/security/Permission";
|
|
import type { Context } from "hono";
|
|
import type { ServerEnv } from "modules/Controller";
|
|
import { Role } from "./Role";
|
|
|
|
export type GuardUserContext = {
|
|
role?: string | null;
|
|
[key: string]: any;
|
|
};
|
|
|
|
export type GuardConfig = {
|
|
enabled?: boolean;
|
|
};
|
|
export type GuardContext = Context<ServerEnv> | GuardUserContext;
|
|
|
|
export class Guard {
|
|
permissions: Permission[];
|
|
roles?: Role[];
|
|
config?: GuardConfig;
|
|
|
|
constructor(permissions: Permission[] = [], roles: Role[] = [], config?: GuardConfig) {
|
|
this.permissions = permissions;
|
|
this.roles = roles;
|
|
this.config = config;
|
|
}
|
|
|
|
static create(
|
|
permissionNames: string[],
|
|
roles?: Record<
|
|
string,
|
|
{
|
|
permissions?: string[];
|
|
is_default?: boolean;
|
|
implicit_allow?: boolean;
|
|
}
|
|
>,
|
|
config?: GuardConfig,
|
|
) {
|
|
const _roles = roles
|
|
? objectTransform(roles, ({ permissions = [], is_default, implicit_allow }, name) => {
|
|
return Role.createWithPermissionNames(name, permissions, is_default, implicit_allow);
|
|
})
|
|
: {};
|
|
const _permissions = permissionNames.map((name) => new Permission(name));
|
|
return new Guard(_permissions, Object.values(_roles), config);
|
|
}
|
|
|
|
getPermissionNames(): string[] {
|
|
return this.permissions.map((permission) => permission.name);
|
|
}
|
|
|
|
getPermissions(): Permission[] {
|
|
return this.permissions;
|
|
}
|
|
|
|
permissionExists(permissionName: string): boolean {
|
|
return !!this.permissions.find((p) => p.name === permissionName);
|
|
}
|
|
|
|
setRoles(roles: Role[]) {
|
|
this.roles = roles;
|
|
return this;
|
|
}
|
|
|
|
getRoles() {
|
|
return this.roles;
|
|
}
|
|
|
|
setConfig(config: Partial<GuardConfig>) {
|
|
this.config = { ...this.config, ...config };
|
|
return this;
|
|
}
|
|
|
|
registerPermission(permission: Permission) {
|
|
if (this.permissions.find((p) => p.name === permission.name)) {
|
|
throw new Error(`Permission ${permission.name} already exists`);
|
|
}
|
|
|
|
this.permissions.push(permission);
|
|
return this;
|
|
}
|
|
|
|
registerPermissions(permissions: Record<string, Permission>);
|
|
registerPermissions(permissions: Permission[]);
|
|
registerPermissions(permissions: Permission[] | Record<string, Permission>) {
|
|
const p = Array.isArray(permissions) ? permissions : Object.values(permissions);
|
|
|
|
for (const permission of p) {
|
|
this.registerPermission(permission);
|
|
}
|
|
|
|
return this;
|
|
}
|
|
|
|
getUserRole(user?: GuardUserContext): Role | undefined {
|
|
if (user && typeof user.role === "string") {
|
|
const role = this.roles?.find((role) => role.name === user?.role);
|
|
if (role) {
|
|
$console.debug(`guard: role "${user.role}" found`);
|
|
return role;
|
|
}
|
|
}
|
|
|
|
$console.debug("guard: role not found", {
|
|
user,
|
|
});
|
|
return this.getDefaultRole();
|
|
}
|
|
|
|
getDefaultRole(): Role | undefined {
|
|
return this.roles?.find((role) => role.is_default);
|
|
}
|
|
|
|
isEnabled() {
|
|
return this.config?.enabled === true;
|
|
}
|
|
|
|
hasPermission(permission: Permission, user?: GuardUserContext): boolean;
|
|
hasPermission(name: string, user?: GuardUserContext): boolean;
|
|
hasPermission(permissionOrName: Permission | string, user?: GuardUserContext): boolean {
|
|
if (!this.isEnabled()) {
|
|
return true;
|
|
}
|
|
|
|
const name = typeof permissionOrName === "string" ? permissionOrName : permissionOrName.name;
|
|
$console.debug("guard: checking permission", {
|
|
name,
|
|
user: { id: user?.id, role: user?.role },
|
|
});
|
|
const exists = this.permissionExists(name);
|
|
if (!exists) {
|
|
throw new Error(`Permission ${name} does not exist`);
|
|
}
|
|
|
|
const role = this.getUserRole(user);
|
|
|
|
if (!role) {
|
|
$console.debug("guard: user has no role, denying");
|
|
return false;
|
|
} else if (role.implicit_allow === true) {
|
|
$console.debug(`guard: role "${role.name}" has implicit allow, allowing`);
|
|
return true;
|
|
}
|
|
|
|
const rolePermission = role.permissions.find(
|
|
(rolePermission) => rolePermission.permission.name === name,
|
|
);
|
|
|
|
$console.debug("guard: rolePermission, allowing?", {
|
|
permission: name,
|
|
role: role.name,
|
|
allowing: !!rolePermission,
|
|
});
|
|
return !!rolePermission;
|
|
}
|
|
|
|
granted(permission: Permission | string, c?: GuardContext): boolean {
|
|
const user = c && "get" in c ? c.get("auth")?.user : c;
|
|
return this.hasPermission(permission as any, user);
|
|
}
|
|
|
|
throwUnlessGranted(permission: Permission | string, c: GuardContext) {
|
|
if (!this.granted(permission, c)) {
|
|
throw new Exception(
|
|
`Permission "${typeof permission === "string" ? permission : permission.name}" not granted`,
|
|
403,
|
|
);
|
|
}
|
|
}
|
|
}
|