Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
nest-keycloak-connect
Advanced tools
nest-keycloak-connect - npm Package Compare versions
Comparing version 1.0.10 to 1.1.0
@@ -0,1 +1,2 @@ | ||
| export declare const META_RESOURCE = "resource"; | ||
| export declare const Resource: (resource: string) => import("@nestjs/common").CustomDecorator<string>; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| const common_1 = require("@nestjs/common"); | ||
| exports.Resource = (resource) => common_1.SetMetadata('resource', resource); | ||
| exports.META_RESOURCE = 'resource'; | ||
| exports.Resource = (resource) => common_1.SetMetadata(exports.META_RESOURCE, resource); |
@@ -0,1 +1,2 @@ | ||
| export declare const META_SCOPES = "scopes"; | ||
| export declare const Scopes: (...scopes: string[]) => import("@nestjs/common").CustomDecorator<string>; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| const common_1 = require("@nestjs/common"); | ||
| exports.Scopes = (...scopes) => common_1.SetMetadata('scopes', scopes); | ||
| exports.META_SCOPES = 'scopes'; | ||
| exports.Scopes = (...scopes) => common_1.SetMetadata(exports.META_SCOPES, scopes); |
@@ -47,2 +47,3 @@ "use strict"; | ||
| request.user = yield this.keycloak.grantManager.userInfo(jwt); | ||
| request.accessTokenJWT = jwt; | ||
| return true; | ||
@@ -49,0 +50,0 @@ } |
@@ -15,3 +15,2 @@ import { CanActivate, ExecutionContext, Logger } from '@nestjs/common'; | ||
| canActivate(context: ExecutionContext): Promise<boolean>; | ||
| getRequest<T = any>(context: ExecutionContext): T; | ||
| } |
@@ -36,2 +36,4 @@ "use strict"; | ||
| const constants_1 = require("../constants"); | ||
| const resource_decorator_1 = require("../decorators/resource.decorator"); | ||
| const scopes_decorator_1 = require("../decorators/scopes.decorator"); | ||
| let ResourceGuard = ResourceGuard_1 = class ResourceGuard { | ||
@@ -44,5 +46,6 @@ constructor(keycloak, reflector) { | ||
| canActivate(context) { | ||
| var _a, _b; | ||
| return __awaiter(this, void 0, void 0, function* () { | ||
| const resource = this.reflector.get('resource', context.getClass()); | ||
| const scopes = this.reflector.get('scopes', context.getHandler()); | ||
| const resource = this.reflector.get(resource_decorator_1.META_RESOURCE, context.getClass()); | ||
| const scopes = this.reflector.get(scopes_decorator_1.META_SCOPES, context.getHandler()); | ||
| if (!resource) { | ||
@@ -57,19 +60,17 @@ return true; | ||
| const [request, response] = [ | ||
| this.getRequest(context), | ||
| context.switchToHttp().getRequest(), | ||
| context.switchToHttp().getResponse(), | ||
| ]; | ||
| const user = request.user.preferred_username; | ||
| const user = (_b = (_a = request.user) === null || _a === void 0 ? void 0 : _a.preferred_username) !== null && _b !== void 0 ? _b : 'user'; | ||
| const enforcerFn = createEnforcerContext(request, response); | ||
| const isAllowed = yield enforcerFn(this.keycloak, permissions); | ||
| if (!isAllowed) { | ||
| this.logger.verbose(`Resource '${resource}' denied to '${user}'.`); | ||
| throw new common_1.ForbiddenException(); | ||
| this.logger.verbose(`Resource '${resource}' denied to ${user}.`); | ||
| } | ||
| this.logger.verbose(`Resource '${resource}' granted to '${user}'.`); | ||
| return true; | ||
| else { | ||
| this.logger.verbose(`Resource '${resource}' granted to ${user}.`); | ||
| } | ||
| return isAllowed; | ||
| }); | ||
| } | ||
| getRequest(context) { | ||
| return context.switchToHttp().getRequest(); | ||
| } | ||
| }; | ||
@@ -76,0 +77,0 @@ ResourceGuard = ResourceGuard_1 = __decorate([ |
@@ -6,4 +6,7 @@ import { DynamicModule } from '@nestjs/common'; | ||
| export * from './decorators/scopes.decorator'; | ||
| export * from './decorators/roles.decorator'; | ||
| export * from './decorators/allow-any-role.decorator'; | ||
| export * from './guards/auth.guard'; | ||
| export * from './guards/resource.guard'; | ||
| export * from './guards/role.guard'; | ||
| export declare class KeycloakConnectModule { | ||
@@ -10,0 +13,0 @@ static register(opts: KeycloakConnectOptions): DynamicModule; |
@@ -34,4 +34,7 @@ "use strict"; | ||
| __export(require("./decorators/scopes.decorator")); | ||
| __export(require("./decorators/roles.decorator")); | ||
| __export(require("./decorators/allow-any-role.decorator")); | ||
| __export(require("./guards/auth.guard")); | ||
| __export(require("./guards/resource.guard")); | ||
| __export(require("./guards/role.guard")); | ||
| let KeycloakConnectModule = KeycloakConnectModule_1 = class KeycloakConnectModule { | ||
@@ -45,6 +48,3 @@ static register(opts) { | ||
| module: KeycloakConnectModule_1, | ||
| providers: [ | ||
| optsProvider, | ||
| this.keycloakProvider, | ||
| ], | ||
| providers: [optsProvider, this.keycloakProvider], | ||
| exports: [optsProvider, this.keycloakProvider], | ||
@@ -51,0 +51,0 @@ }; |
| { | ||
| "name": "nest-keycloak-connect", | ||
| "version": "1.0.10", | ||
| "version": "1.1.0", | ||
| "description": "keycloak-nodejs-connect module for Nest", | ||
@@ -5,0 +5,0 @@ "author": "John Joshua Ferrer <johnjoshuaferrer@disroot.org>", |
@@ -10,3 +10,3 @@ # Nest Keycloak Connect | ||
| - Protect your resources using [Keycloak's Authorization Services](https://www.keycloak.org/docs/latest/authorization_services/). | ||
| - Simply add `@Resource` and `@Scopes` in your controllers and you're good to go. | ||
| - Simply add `@Resource`, `@Scopes`, or `@Roles` in your controllers and you're good to go. | ||
| - Compatible with [Fastify](https://github.com/fastify/fastify) platform. | ||
@@ -37,2 +37,3 @@ | ||
| ResourceGuard, | ||
| RoleGuard, | ||
| AuthGuard, | ||
@@ -49,3 +50,3 @@ } from 'nest-keycloak-connect'; | ||
| // optional if you want to retrieve JWT from cookie | ||
| cookieKey: 'KEYCLOAK_JWT' | ||
| cookieKey: 'KEYCLOAK_JWT', | ||
| }), | ||
@@ -73,2 +74,10 @@ ], | ||
| }, | ||
| // New in 1.1.0 | ||
| // This adds a global level role guard, which is permissive. | ||
| // Used by `@Roles` decorator with the optional `@AllowAnyRole` decorator for allowing any | ||
| // specified role passed. | ||
| { | ||
| provide: APP_GUARD, | ||
| useClass: RoleGuard, | ||
| }, | ||
| ], | ||
@@ -82,3 +91,3 @@ }) | ||
| ```typescript | ||
| import { Resource, Scopes } from 'nest-keycloak-connect'; | ||
| import { Resource, Roles, Scopes, AllowAnyRole } from 'nest-keycloak-connect'; | ||
| import { Controller, Get, Delete, Put, Post, Param } from '@nestjs/common'; | ||
@@ -99,2 +108,11 @@ import { Product } from './product'; | ||
| // New in 1.1.0, allows you to set roles | ||
| @Get() | ||
| @Roles('master:admin', 'myrealm:admin', 'admin') | ||
| // Optional, allows any role passed in `@Roles` to be permitted | ||
| @AllowAnyRole() | ||
| async findAllBarcodes() { | ||
| return await this.service.findAllBarcodes(); | ||
| } | ||
| @Get(':code') | ||
@@ -101,0 +119,0 @@ @Scopes('View') |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by27.25%
29042
- Number of package files
- increased by26.09%
29
- Lines of code
- increased by28.69%
453
- Number of lines in readme file
- increased by15.13%
137
No dependency changes