@loopback/authorization
Advanced tools
@loopback/authorization - npm Package Compare versions
Comparing version 0.3.0 to 0.4.0
@@ -6,2 +6,18 @@ # Change Log | ||
| # [0.4.0](https://github.com/strongloop/loopback-next/compare/@loopback/authorization@0.3.0...@loopback/authorization@0.4.0) (2019-09-27) | ||
| ### Bug Fixes | ||
| * user profile to principal ([1c9709a](https://github.com/strongloop/loopback-next/commit/1c9709a)) | ||
| ### Features | ||
| * **authorization:** add `authorize.skip` to skip authorization ([757ee16](https://github.com/strongloop/loopback-next/commit/757ee16)) | ||
| # [0.3.0](https://github.com/strongloop/loopback-next/compare/@loopback/authorization@0.2.2...@loopback/authorization@0.3.0) (2019-09-17) | ||
@@ -8,0 +24,0 @@ |
@@ -25,2 +25,3 @@ "use strict"; | ||
| const types_1 = require("./types"); | ||
| const util_1 = require("./util"); | ||
| const debug = debugFactory('loopback:authorization:interceptor'); | ||
@@ -43,3 +44,3 @@ let AuthorizationInterceptor = class AuthorizationInterceptor { | ||
| metadata = metadata || this.options.defaultMetadata; | ||
| if (!metadata) { | ||
| if (!metadata || (metadata && metadata.skip)) { | ||
| debug('Authorization is skipped for %s', description); | ||
@@ -56,3 +57,3 @@ const result = await next(); | ||
| const authorizationCtx = { | ||
| principals: user ? [userToPrinciple(user)] : [], | ||
| principals: user ? [util_1.createPrincipalFromUserProfile(user)] : [], | ||
| roles: [], | ||
@@ -120,12 +121,2 @@ scopes: [], | ||
| } | ||
| // This is a workaround before we extract a common layer | ||
| // for authentication and authorization. | ||
| function userToPrinciple(user) { | ||
| return { | ||
| name: user.name || user[security_1.securityId], | ||
| [security_1.securityId]: user.id, | ||
| email: user.email, | ||
| type: 'USER', | ||
| }; | ||
| } | ||
| //# sourceMappingURL=authorize-interceptor.js.map |
@@ -62,2 +62,6 @@ import { MetadataAccessor, MetadataMap, MethodDecoratorFactory } from '@loopback/context'; | ||
| const denyUnauthenticated: () => (target: any, method?: string | undefined, methodDescriptor?: TypedPropertyDescriptor<any> | undefined) => any; | ||
| /** | ||
| * Skip authorization | ||
| */ | ||
| const skip: () => (target: any, method?: string | undefined, methodDescriptor?: TypedPropertyDescriptor<any> | undefined) => any; | ||
| } | ||
@@ -64,0 +68,0 @@ /** |
@@ -135,2 +135,6 @@ "use strict"; | ||
| authorize.denyUnauthenticated = () => authorize.deny(types_1.UNAUTHENTICATED); | ||
| /** | ||
| * Skip authorization | ||
| */ | ||
| authorize.skip = () => authorize({ skip: true }); | ||
| })(authorize = exports.authorize || (exports.authorize = {})); | ||
@@ -137,0 +141,0 @@ /** |
@@ -51,2 +51,6 @@ import { BindingAddress, InvocationContext } from '@loopback/context'; | ||
| scopes?: string[]; | ||
| /** | ||
| * A flag to skip authorization | ||
| */ | ||
| skip?: boolean; | ||
| } | ||
@@ -53,0 +57,0 @@ /** |
| { | ||
| "name": "@loopback/authorization", | ||
| "version": "0.3.0", | ||
| "version": "0.4.0", | ||
| "description": "A LoopBack component for authorization support.", | ||
@@ -25,12 +25,12 @@ "engines": { | ||
| "dependencies": { | ||
| "@loopback/context": "^1.23.0", | ||
| "@loopback/core": "^1.10.2", | ||
| "@loopback/security": "^0.1.2", | ||
| "@loopback/context": "^1.23.1", | ||
| "@loopback/core": "^1.10.3", | ||
| "@loopback/security": "^0.1.3", | ||
| "debug": "^4.1.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@loopback/build": "^2.0.11", | ||
| "@loopback/testlab": "^1.8.1", | ||
| "@loopback/build": "^2.0.12", | ||
| "@loopback/testlab": "^1.9.0", | ||
| "@types/debug": "^4.1.4", | ||
| "@types/node": "10.14.18", | ||
| "@types/node": "10.14.19", | ||
| "casbin": "^3.0.4" | ||
@@ -55,3 +55,3 @@ }, | ||
| }, | ||
| "gitHead": "8c05b57d6d7eb03530f7be8b4e392e73694c7013" | ||
| "gitHead": "2908a4e6c6ed970185d9b0cf4bc7c842c8228b95" | ||
| } |
@@ -121,2 +121,23 @@ # @loopback/authorization | ||
| Please note that `@authorize` can also be applied at class level for all methods | ||
| within the class. In the code below, `numOfViews` is protected with | ||
| `BasicStrategy` (inherited from the class level) while `hello` does not require | ||
| authorization (skipped by `@authorize.skip`). | ||
| ```ts | ||
| @authorize({allow: ['ADMIN']}) | ||
| export class MyController { | ||
| @get('/number-of-views') | ||
| numOfViews(): number { | ||
| return 100; | ||
| } | ||
| @authorize.skip() | ||
| @get('/hello') | ||
| hello(): string { | ||
| return 'Hello'; | ||
| } | ||
| } | ||
| ``` | ||
| ## Extract common layer(TBD) | ||
@@ -123,0 +144,0 @@ |
@@ -20,8 +20,3 @@ // Copyright IBM Corp. 2019. All Rights Reserved. | ||
| } from '@loopback/context'; | ||
| import { | ||
| Principal, | ||
| SecurityBindings, | ||
| securityId, | ||
| UserProfile, | ||
| } from '@loopback/security'; | ||
| import {SecurityBindings, UserProfile} from '@loopback/security'; | ||
| import * as debugFactory from 'debug'; | ||
@@ -37,2 +32,3 @@ import {getAuthorizationMetadata} from './decorators/authorize'; | ||
| } from './types'; | ||
| import {createPrincipalFromUserProfile} from './util'; | ||
@@ -73,3 +69,3 @@ const debug = debugFactory('loopback:authorization:interceptor'); | ||
| metadata = metadata || this.options.defaultMetadata; | ||
| if (!metadata) { | ||
| if (!metadata || (metadata && metadata.skip)) { | ||
| debug('Authorization is skipped for %s', description); | ||
@@ -89,3 +85,3 @@ const result = await next(); | ||
| const authorizationCtx: AuthorizationContext = { | ||
| principals: user ? [userToPrinciple(user)] : [], | ||
| principals: user ? [createPrincipalFromUserProfile(user)] : [], | ||
| roles: [], | ||
@@ -158,12 +154,1 @@ scopes: [], | ||
| } | ||
| // This is a workaround before we extract a common layer | ||
| // for authentication and authorization. | ||
| function userToPrinciple(user: UserProfile): Principal { | ||
| return { | ||
| name: user.name || user[securityId], | ||
| [securityId]: user.id, | ||
| email: user.email, | ||
| type: 'USER', | ||
| }; | ||
| } |
@@ -91,2 +91,3 @@ // Copyright IBM Corp. 2019. All Rights Reserved. | ||
| } | ||
| /** | ||
@@ -195,2 +196,7 @@ * Decorator `@authorize` to mark methods that require authorization | ||
| export const denyUnauthenticated = () => deny(UNAUTHENTICATED); | ||
| /** | ||
| * Skip authorization | ||
| */ | ||
| export const skip = () => authorize({skip: true}); | ||
| } | ||
@@ -197,0 +203,0 @@ |
@@ -61,2 +61,6 @@ // Copyright IBM Corp. 2018. All Rights Reserved. | ||
| scopes?: string[]; | ||
| /** | ||
| * A flag to skip authorization | ||
| */ | ||
| skip?: boolean; | ||
| } | ||
@@ -63,0 +67,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by5.84%
65941
- Number of package files
- increased by13.33%
34
- Lines of code
- increased by4.33%
1300
- Number of lines in readme file
- increased by12.57%
188
Dependency changes
Updated@loopback/context@^1.23.1
Updated@loopback/core@^1.10.3
Updated@loopback/security@^0.1.3