Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
@entur-partner/permission-client-node
Advanced tools
Javascript modul som tilbyr en cache av bruker rettigheter fra Permission Store.
npm install @entur-partner/permission-client-node
# eller hvis du bruker Yarn:
yarn add @entur-partner/permission-client-node
Benyttes for å hente ut access tokens from Auth0 ved bruk av klient id og klient hemmelighet (Auth0 Clients)
import {TokenOptions, TokenFactory} from '@entur-private/permission-client-node'
const clientTokenOptions : TokenOptions = {
domain: 'internal.dev.entur.org',
clientId: '<clientId>',
clientSecret: '<secret>',
audience: 'https://api.dev.entur.io',
refreshAt: 600 // Forny token når den utgår om 10 minutter.
}
const accessTokenFactory = new TokenFactory(clientTokenOptions);
// Eksempel bruk av TokenFactory
const accessToken = await accessTokenFactory.getAccessToken();
Ønsker en å sjekke hvilke rettigheter en bruker har i Permission Store benyttes PermissionClient.
import {AuthorizeCacheType, Application, ApplicationPermission, PermissionDeliverRepository} from '@entur-private/permission-client-node'
import PermissionClient from '@entur-private/permission-client-node'
const application : Application = {
name : 'TestApplication',
refreshRate : 300 // Hver 5 minutt sjekkes Permission Store for endringer
}
const permissionStoreUrl = 'https://api.dev.entur.io/permission-store/v1';
const repository = new PermissionDeliverRepository(application, accessTokenFactory, permissionStoreUrl);
// Definerer rettigheter som benyttes av tjenesten
const applicationpermissions : ApplicationPermission[] = [];
applicationpermissions.push({operation: 'produkt', access: 'les', responsibilityType: null});
applicationpermissions.push({operation: 'produkt', access: 'les', responsibilityType: 'produkt.organisation'});
applicationpermissions.push({operation: 'produkt', access: 'les', responsibilityType: 'produkt.id'});
const autorizeCache = await PermissionClient(AuthorizeCacheType.IN_MEMORY, applicationpermissions, repository);
/* autorizeCache are ready to be used like:
const hasAccess = autorizeCache.checkBusinessCapabilityPermission(authoritySubject, businessCapability);
const hasAccess = autorizeCache.checkResponsibilitySetPermission(authoritySubject, responsibilitySet);
const userPermissions = getPermissions(authoritySubject);
*/
Clone modulen fra Bitbucket med:
git clone https://<username>@bitbucket.org/enturas/permission-client-node.git
Innstaller avhengigeter fra konsoll på roten av prosjektet:
npm install
Enhetstester utviklet i Jest kjøres ned:
npm test
Opprett en NPM user account på https://www.npmjs.com/signup. Send brukeren din til tech-lead i Entur Partner og be om å bli lagt til i Entur Partner organisation.
Publisering utføres ved å skrive:
npm publish
FAQs
Node client library for Permission Store
The npm package @entur-partner/permission-client-node receives a total of 271 weekly downloads. As such, @entur-partner/permission-client-node popularity was classified as not popular.
We found that @entur-partner/permission-client-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.