@loopback/authorization - npm Package Compare versions

Comparing version 0.5.8 to 0.5.9

CHANGELOG.md

@@ -6,2 +6,10 @@ # Change Log
 
+## [0.5.9](https://github.com/strongloop/loopback-next/compare/@loopback/authorization@0.5.8...@loopback/authorization@0.5.9) (2020-05-19)
+
+**Note:** Version bump only for package @loopback/authorization
+
+
+
+
+
 ## [0.5.8](https://github.com/strongloop/loopback-next/compare/@loopback/authorization@0.5.7...@loopback/authorization@0.5.8) (2020-05-07)
@@ -8,0 +16,0 @@

dist/authorization-component.js

@@ -7,2 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationComponent = void 0;
 const tslib_1 = require("tslib");
@@ -12,11 +13,14 @@ const core_1 = require("@loopback/core");
 const keys_1 = require("./keys");
-let AuthorizationComponent = class AuthorizationComponent {
-    constructor() {
-        this.bindings = [core_1.createBindingFromClass(authorize_interceptor_1.AuthorizationInterceptor)];
-    }
-};
-AuthorizationComponent = tslib_1.__decorate([
-    core_1.bind({ tags: { [core_1.ContextTags.KEY]: keys_1.AuthorizationBindings.COMPONENT.key } })
-], AuthorizationComponent);
+let AuthorizationComponent = /** @class */ (() => {
+    let AuthorizationComponent = class AuthorizationComponent {
+        constructor() {
+            this.bindings = [core_1.createBindingFromClass(authorize_interceptor_1.AuthorizationInterceptor)];
+        }
+    };
+    AuthorizationComponent = tslib_1.__decorate([
+        core_1.bind({ tags: { [core_1.ContextTags.KEY]: keys_1.AuthorizationBindings.COMPONENT.key } })
+    ], AuthorizationComponent);
+    return AuthorizationComponent;
+})();
 exports.AuthorizationComponent = AuthorizationComponent;
 //# sourceMappingURL=authorization-component.js.map

dist/authorize-interceptor.js

@@ -7,2 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationInterceptor = void 0;
 const tslib_1 = require("tslib");
@@ -17,54 +18,68 @@ const context_1 = require("@loopback/context");
 const debug = debug_1.default('loopback:authorization:interceptor');
-let AuthorizationInterceptor = class AuthorizationInterceptor {
-    constructor(options = {}) {
-        this.options = {
-            defaultDecision: types_1.AuthorizationDecision.DENY,
-            precedence: types_1.AuthorizationDecision.DENY,
-            ...options,
-        };
-        debug('Authorization options', this.options);
-    }
-    value() {
-        return this.intercept.bind(this);
-    }
-    async intercept(invocationCtx, next) {
-        var _a;
-        const description = debug.enabled ? invocationCtx.description : '';
-        let metadata = authorize_1.getAuthorizationMetadata(invocationCtx.target, invocationCtx.methodName);
-        if (!metadata) {
-            debug('No authorization metadata is found for %s', description);
+let AuthorizationInterceptor = /** @class */ (() => {
+    let AuthorizationInterceptor = class AuthorizationInterceptor {
+        constructor(options = {}) {
+            this.options = {
+                defaultDecision: types_1.AuthorizationDecision.DENY,
+                precedence: types_1.AuthorizationDecision.DENY,
+                ...options,
+            };
+            debug('Authorization options', this.options);
         }
-        metadata = metadata !== null && metadata !== void 0 ? metadata : this.options.defaultMetadata;
-        if (!metadata || (metadata === null || metadata === void 0 ? void 0 : metadata.skip)) {
-            debug('Authorization is skipped for %s', description);
-            const result = await next();
-            return result;
+        value() {
+            return this.intercept.bind(this);
         }
-        debug('Authorization metadata for %s', description, metadata);
-        // retrieve it from authentication module
-        const user = await invocationCtx.get(security_1.SecurityBindings.USER, {
-            optional: true,
-        });
-        debug('Current user', user);
-        const authorizationCtx = {
-            principals: user ? [util_1.createPrincipalFromUserProfile(user)] : [],
-            roles: [],
-            scopes: [],
-            resource: invocationCtx.targetName,
-            invocationContext: invocationCtx,
-        };
-        debug('Security context for %s', description, authorizationCtx);
-        const authorizers = await loadAuthorizers(invocationCtx, (_a = metadata.voters) !== null && _a !== void 0 ? _a : []);
-        let finalDecision = this.options.defaultDecision;
-        for (const fn of authorizers) {
-            const decision = await fn(authorizationCtx, metadata);
-            debug('Decision', decision);
-            // Reset the final decision if an explicit Deny or Allow is voted
-            if (decision && decision !== types_1.AuthorizationDecision.ABSTAIN) {
-                finalDecision = decision;
+        async intercept(invocationCtx, next) {
+            var _a;
+            const description = debug.enabled ? invocationCtx.description : '';
+            let metadata = authorize_1.getAuthorizationMetadata(invocationCtx.target, invocationCtx.methodName);
+            if (!metadata) {
+                debug('No authorization metadata is found for %s', description);
             }
-            // we can add another interceptor to process the error
-            if (decision === types_1.AuthorizationDecision.DENY &&
-                this.options.precedence === types_1.AuthorizationDecision.DENY) {
-                debug('Access denied');
+            metadata = metadata !== null && metadata !== void 0 ? metadata : this.options.defaultMetadata;
+            if (!metadata || (metadata === null || metadata === void 0 ? void 0 : metadata.skip)) {
+                debug('Authorization is skipped for %s', description);
+                const result = await next();
+                return result;
+            }
+            debug('Authorization metadata for %s', description, metadata);
+            // retrieve it from authentication module
+            const user = await invocationCtx.get(security_1.SecurityBindings.USER, {
+                optional: true,
+            });
+            debug('Current user', user);
+            const authorizationCtx = {
+                principals: user ? [util_1.createPrincipalFromUserProfile(user)] : [],
+                roles: [],
+                scopes: [],
+                resource: invocationCtx.targetName,
+                invocationContext: invocationCtx,
+            };
+            debug('Security context for %s', description, authorizationCtx);
+            const authorizers = await loadAuthorizers(invocationCtx, (_a = metadata.voters) !== null && _a !== void 0 ? _a : []);
+            let finalDecision = this.options.defaultDecision;
+            for (const fn of authorizers) {
+                const decision = await fn(authorizationCtx, metadata);
+                debug('Decision', decision);
+                // Reset the final decision if an explicit Deny or Allow is voted
+                if (decision && decision !== types_1.AuthorizationDecision.ABSTAIN) {
+                    finalDecision = decision;
+                }
+                // we can add another interceptor to process the error
+                if (decision === types_1.AuthorizationDecision.DENY &&
+                    this.options.precedence === types_1.AuthorizationDecision.DENY) {
+                    debug('Access denied');
+                    const error = new types_1.AuthorizationError('Access denied');
+                    error.statusCode = 401;
+                    throw error;
+                }
+                if (decision === types_1.AuthorizationDecision.ALLOW &&
+                    this.options.precedence === types_1.AuthorizationDecision.ALLOW) {
+                    debug('Access allowed');
+                    break;
+                }
+            }
+            debug('Final decision', finalDecision);
+            // Handle the final decision
+            if (finalDecision === types_1.AuthorizationDecision.DENY) {
                 const error = new types_1.AuthorizationError('Access denied');
@@ -74,23 +89,12 @@ error.statusCode = 401;
             }
-            if (decision === types_1.AuthorizationDecision.ALLOW &&
-                this.options.precedence === types_1.AuthorizationDecision.ALLOW) {
-                debug('Access allowed');
-                break;
-            }
+            return next();
         }
-        debug('Final decision', finalDecision);
-        // Handle the final decision
-        if (finalDecision === types_1.AuthorizationDecision.DENY) {
-            const error = new types_1.AuthorizationError('Access denied');
-            error.statusCode = 401;
-            throw error;
-        }
-        return next();
-    }
-};
-AuthorizationInterceptor = tslib_1.__decorate([
-    context_1.bind(context_1.asGlobalInterceptor('authorization')),
-    tslib_1.__param(0, context_1.config({ fromBinding: keys_1.AuthorizationBindings.COMPONENT })),
-    tslib_1.__metadata("design:paramtypes", [Object])
-], AuthorizationInterceptor);
+    };
+    AuthorizationInterceptor = tslib_1.__decorate([
+        context_1.bind(context_1.asGlobalInterceptor('authorization')),
+        tslib_1.__param(0, context_1.config({ fromBinding: keys_1.AuthorizationBindings.COMPONENT })),
+        tslib_1.__metadata("design:paramtypes", [Object])
+    ], AuthorizationInterceptor);
+    return AuthorizationInterceptor;
+})();
 exports.AuthorizationInterceptor = AuthorizationInterceptor;
@@ -97,0 +101,0 @@ async function loadAuthorizers(ctx, authorizers) {

dist/decorators/authorize.d.ts

@@ -1,2 +0,2 @@
-import { MetadataAccessor, MetadataMap, MethodDecoratorFactory } from '@loopback/context';
+import { BindingAddress, MetadataAccessor, MetadataMap, MethodDecoratorFactory } from '@loopback/context';
 import { AuthorizationMetadata, Authorizer } from '../types';
@@ -35,3 +35,3 @@ export declare const AUTHORIZATION_METHOD_KEY: MetadataAccessor<AuthorizationMetadata, MethodDecorator>;
      */
-    const vote: (...voters: (string | Authorizer<AuthorizationMetadata> | import("@loopback/context").BindingKey<Authorizer<AuthorizationMetadata>>)[]) => (target: any, method?: string | undefined, methodDescriptor?: TypedPropertyDescriptor<any> | undefined) => any;
+    const vote: (...voters: (Authorizer | BindingAddress<Authorizer>)[]) => (target: any, method?: string | undefined, methodDescriptor?: TypedPropertyDescriptor<any> | undefined) => any;
     /**
@@ -38,0 +38,0 @@ * Allows all

dist/decorators/authorize.js

@@ -7,2 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAuthorizationMetadata = exports.authorize = exports.AuthorizeMethodDecoratorFactory = exports.AUTHORIZATION_CLASS_KEY = exports.AUTHORIZATION_METHOD_KEY = void 0;
 const context_1 = require("@loopback/context");
@@ -9,0 +10,0 @@ const types_1 = require("../types");

dist/keys.js

@@ -7,2 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationTags = exports.AuthorizationBindings = void 0;
 const core_1 = require("@loopback/core");
@@ -9,0 +10,0 @@ /**

dist/types.js

@@ -7,2 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationError = exports.AuthorizationDecision = exports.ANONYMOUS = exports.UNAUTHENTICATED = exports.AUTHENTICATED = exports.EVERYONE = void 0;
 /**
@@ -9,0 +10,0 @@ * Built-in roles

dist/util.js

@@ -7,2 +7,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.createPrincipalFromUserProfile = void 0;
 const security_1 = require("@loopback/security");
@@ -9,0 +10,0 @@ // This is a workaround before we specify `TypedPrincipal` instead of

package.json

 {
   "name": "@loopback/authorization",
-  "version": "0.5.8",
+  "version": "0.5.9",
   "description": "A LoopBack component for authorization support.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "engines": {
@@ -25,14 +27,14 @@ "node": ">=10"
   "dependencies": {
-    "@loopback/context": "^3.7.0",
-    "@loopback/core": "^2.5.0",
-    "@loopback/security": "^0.2.8",
+    "@loopback/context": "^3.8.0",
+    "@loopback/core": "^2.6.0",
+    "@loopback/security": "^0.2.9",
     "debug": "^4.1.1",
-    "tslib": "^1.11.2"
+    "tslib": "^2.0.0"
   },
   "devDependencies": {
-    "@loopback/build": "^5.3.1",
-    "@loopback/testlab": "^3.1.3",
+    "@loopback/build": "^5.4.0",
+    "@loopback/testlab": "^3.1.4",
     "@types/debug": "^4.1.5",
     "@types/node": "10.17.21",
-    "casbin": "^4.7.0"
+    "casbin": "^5.0.0"
   },
@@ -45,4 +47,2 @@ "keywords": [
     "README.md",
-    "index.js",
-    "index.d.ts",
     "dist",
@@ -57,3 +57,3 @@ "src",
   },
-  "gitHead": "50c3f06d942f8bae8f0c32a3775ff98a7498e4fd"
+  "gitHead": "c8681026187471f0ceeee7c101d66feae295116b"
 }

No alert changes

Improved metrics

Total package byte prevSize

69843

increased by1.2%

Lines of code

1323

increased by0.15%

Worsened metrics

Number of package files

32

decreased by-5.88%

Dependency changes

• - Removedtslib@1.14.1(transitive)

• Updated@loopback/context@^3.8.0

• Updated@loopback/core@^2.6.0

• Updated@loopback/security@^0.2.9

• Updatedtslib@^2.0.0