-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
83441de
commit 3046254
Showing
17 changed files
with
630 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
package-lock=false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
Copyright (c) IBM Corp. 2018. All Rights Reserved. | ||
Node module: @loopback/authorization | ||
This project is licensed under the MIT License, full text below. | ||
|
||
-------- | ||
|
||
MIT license | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in | ||
all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
# @loopback/authorization | ||
|
||
A LoopBack 4 component for authorization support. | ||
|
||
**This is a reference implementation showing how to implement an authorization | ||
component, it is not production ready.** | ||
|
||
## Overview | ||
|
||
## Installation | ||
|
||
```shell | ||
npm install --save @loopback/authorization | ||
``` | ||
|
||
## Basic use | ||
|
||
Start by decorating your controller methods with `@authorize` to require the | ||
request to be authorized. | ||
|
||
In this example, we make the user profile available via dependency injection | ||
using a key available from `@loopback/authorization` package. | ||
|
||
```ts | ||
import {inject} from '@loopback/context'; | ||
import {authorize} from '@loopback/authorization'; | ||
import {get} from '@loopback/rest'; | ||
|
||
export class MyController { | ||
@authorize({allow: ['ADMIN']}) | ||
@get('/number-of-views') | ||
numOfViews(): number { | ||
return 100; | ||
} | ||
} | ||
``` | ||
|
||
## Related resources | ||
|
||
## Contributions | ||
|
||
- [Guidelines](https://github.com/strongloop/loopback-next/blob/master/docs/CONTRIBUTING.md) | ||
- [Join the team](https://github.com/strongloop/loopback-next/issues/110) | ||
|
||
## Tests | ||
|
||
run `npm test` from the root folder. | ||
|
||
## Contributors | ||
|
||
See | ||
[all contributors](https://github.com/strongloop/loopback-next/graphs/contributors). | ||
|
||
## License | ||
|
||
MIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
{ | ||
"content": [ | ||
"index.ts", | ||
"src/index.ts", | ||
"src/decorators/authorize.ts", | ||
"src/providers/authorization-metadata.ts", | ||
"src/providers/authorize.ts", | ||
"src/authorization-component.ts", | ||
"src/keys.ts" | ||
], | ||
"codeSectionDepth": 4 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
// Copyright IBM Corp. 2017,2018. All Rights Reserved. | ||
// Node module: @loopback/authorization | ||
// This file is licensed under the MIT License. | ||
// License text available at https://opensource.org/licenses/MIT | ||
|
||
export * from './dist'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
// Copyright IBM Corp. 2017,2018. All Rights Reserved. | ||
// Node module: @loopback/authorization | ||
// This file is licensed under the MIT License. | ||
// License text available at https://opensource.org/licenses/MIT | ||
|
||
module.exports = require('./dist'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
// Copyright IBM Corp. 2017,2018. All Rights Reserved. | ||
// Node module: @loopback/authorization | ||
// This file is licensed under the MIT License. | ||
// License text available at https://opensource.org/licenses/MIT | ||
|
||
// DO NOT EDIT THIS FILE | ||
// Add any additional (re)exports to src/index.ts instead. | ||
export * from './src'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
{ | ||
"name": "@loopback/authorization", | ||
"version": "0.1.0", | ||
"description": "A LoopBack component for authorization support.", | ||
"engines": { | ||
"node": ">=8" | ||
}, | ||
"scripts": { | ||
"acceptance": "lb-mocha \"dist/test/acceptance/**/*.js\"", | ||
"build": "lb-tsc es2017 --outDir dist", | ||
"build:apidocs": "lb-apidocs", | ||
"clean": "lb-clean loopback-authorization*.tgz dist package api-docs", | ||
"integration": "lb-mocha \"dist/test/integration/**/*.js\"", | ||
"prepublishOnly": "npm run build && npm run build:apidocs", | ||
"pretest": "npm run build", | ||
"test": "lb-mocha \"dist/test/unit/**/*.js\" \"dist/test/integration/**/*.js\" \"dist/test/acceptance/**/*.js\"", | ||
"unit": "lb-mocha \"dist/test/unit/**/*.js\"", | ||
"verify": "npm pack && tar xf loopback-authorization*.tgz && tree package && npm run clean" | ||
}, | ||
"author": "IBM", | ||
"copyright.owner": "IBM Corp.", | ||
"license": "MIT", | ||
"dependencies": { | ||
"@loopback/context": "^1.0.0", | ||
"@loopback/core": "^1.0.0" | ||
}, | ||
"devDependencies": { | ||
"@loopback/build": "^1.0.0", | ||
"@loopback/testlab": "^1.0.0" | ||
}, | ||
"keywords": [ | ||
"LoopBack", | ||
"Authorization" | ||
], | ||
"files": [ | ||
"README.md", | ||
"index.js", | ||
"index.d.ts", | ||
"dist/src", | ||
"dist/index*", | ||
"src" | ||
], | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com/strongloop/loopback-next.git" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
// Copyright IBM Corp. 2018. All Rights Reserved. | ||
// Node module: @loopback/authorization | ||
// This file is licensed under the MIT License. | ||
// License text available at https://opensource.org/licenses/MIT | ||
|
||
import {AuthorizationBindings} from './keys'; | ||
import {Component, ProviderMap} from '@loopback/core'; | ||
import {AuthorizationProvider} from './providers/authorize'; | ||
import {AuthMetadataProvider} from './providers/authorization-metadata'; | ||
|
||
export class AuthenticationComponent implements Component { | ||
providers?: ProviderMap; | ||
|
||
constructor() { | ||
this.providers = { | ||
[AuthorizationBindings.AUTHORIZE_ACTION]: AuthorizationProvider, | ||
[AuthorizationBindings.METADATA]: AuthMetadataProvider, | ||
}; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
// Copyright IBM Corp. 2017,2018. All Rights Reserved. | ||
// Node module: @loopback/authorization | ||
// This file is licensed under the MIT License. | ||
// License text available at https://opensource.org/licenses/MIT | ||
|
||
import { | ||
MetadataInspector, | ||
Constructor, | ||
MethodDecoratorFactory, | ||
MetadataMap, | ||
BindingAddress, | ||
} from '@loopback/context'; | ||
import {AuthorizationBindings} from '../keys'; | ||
import { | ||
AuthorizationMetadata, | ||
Voter, | ||
EVERYONE, | ||
ANONYMOUS, | ||
AUTHENTICATED, | ||
UNAUTHENTICATED, | ||
} from '../types'; | ||
|
||
export class AuthorizeMethodDecoratorFactory extends MethodDecoratorFactory< | ||
AuthorizationMetadata | ||
> { | ||
protected mergeWithOwn( | ||
ownMetadata: MetadataMap<AuthorizationMetadata>, | ||
target: Object, | ||
methodName?: string, | ||
// tslint:disable-next-line:no-any | ||
methodDescriptor?: TypedPropertyDescriptor<any> | number, | ||
) { | ||
ownMetadata = ownMetadata || {}; | ||
const methodMeta = ownMetadata[methodName!]; | ||
methodMeta.allowedRoles = this.merge( | ||
methodMeta.allowedRoles, | ||
this.spec.allowedRoles, | ||
); | ||
methodMeta.deniedRoles = this.merge( | ||
methodMeta.deniedRoles, | ||
this.spec.deniedRoles, | ||
); | ||
methodMeta.scopes = this.merge(methodMeta.scopes, this.spec.scopes); | ||
methodMeta.voters = this.merge(methodMeta.voters, this.spec.voters); | ||
|
||
return ownMetadata; | ||
} | ||
|
||
private merge<T>(src?: T[], target?: T[]): T[] { | ||
const list: T[] = []; | ||
const set = new Set<T>(src || []); | ||
if (target) { | ||
for (const i of target) { | ||
set.add(i); | ||
} | ||
} | ||
for (const i of set.values()) list.push(i); | ||
return list; | ||
} | ||
} | ||
/** | ||
* Mark a controller method as requiring authorized user. | ||
* | ||
* @param spec Authorization metadata | ||
*/ | ||
export function authorize(spec: AuthorizationMetadata) { | ||
return AuthorizeMethodDecoratorFactory.createDecorator( | ||
AuthorizationBindings.METADATA, | ||
spec, | ||
); | ||
} | ||
|
||
export namespace authorize { | ||
/** | ||
* Shortcut to configure allowed roles | ||
* @param roles | ||
*/ | ||
export const allow = (...roles: string[]) => authorize({allowedRoles: roles}); | ||
/** | ||
* Shortcut to configure denied roles | ||
* @param roles | ||
*/ | ||
export const deny = (...roles: string[]) => authorize({deniedRoles: roles}); | ||
/** | ||
* Shortcut to specify access scopes | ||
* @param scopes | ||
*/ | ||
export const scope = (...scopes: string[]) => authorize({scopes}); | ||
|
||
/** | ||
* Shortcut to configure voters | ||
* @param voters | ||
*/ | ||
export const vote = (...voters: (Voter | BindingAddress<Voter>)[]) => | ||
authorize({voters}); | ||
|
||
/** | ||
* Allows all | ||
*/ | ||
export const allowAll = () => allow(EVERYONE); | ||
|
||
/** | ||
* Allow all but the given roles | ||
* @param roles | ||
*/ | ||
export const allowAllExcept = (...roles: string[]) => | ||
authorize({ | ||
deniedRoles: roles, | ||
allowedRoles: [EVERYONE], | ||
}); | ||
|
||
/** | ||
* Deny all | ||
*/ | ||
export const denyAll = () => deny(EVERYONE); | ||
|
||
/** | ||
* Deny all but the given roles | ||
* @param roles | ||
*/ | ||
export const denyAllExcept = (...roles: string[]) => | ||
authorize({ | ||
allowedRoles: roles, | ||
deniedRoles: [EVERYONE], | ||
}); | ||
|
||
/** | ||
* Allow authenticated users | ||
*/ | ||
export const allowAuthenticated = () => allow(AUTHENTICATED); | ||
/** | ||
* Deny unauthenticated users | ||
*/ | ||
export const denyUnauthenticated = () => deny(UNAUTHENTICATED); | ||
} | ||
|
||
/** | ||
* Fetch authorization metadata stored by `@authorize` decorator. | ||
* | ||
* @param controllerClass Target controller | ||
* @param methodName Target method | ||
*/ | ||
export function getAuthorizeMetadata( | ||
controllerClass: Constructor<{}>, | ||
methodName: string, | ||
): AuthorizationMetadata | undefined { | ||
return MetadataInspector.getMethodMetadata<AuthorizationMetadata>( | ||
AuthorizationBindings.METADATA, | ||
controllerClass.prototype, | ||
methodName, | ||
); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
// Copyright IBM Corp. 2018. All Rights Reserved. | ||
// Node module: @loopback/authorization | ||
// This file is licensed under the MIT License. | ||
// License text available at https://opensource.org/licenses/MIT | ||
|
||
export * from './types'; | ||
export * from './authorization-component'; | ||
export * from './decorators/authorize'; | ||
export * from './keys'; | ||
|
||
// internals for tests | ||
export * from './providers/authorization-metadata'; | ||
export * from './providers/authorize'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
// Copyright IBM Corp. 2018. All Rights Reserved. | ||
// Node module: @loopback/authorization | ||
// This file is licensed under the MIT License. | ||
// License text available at https://opensource.org/licenses/MIT | ||
|
||
/** | ||
* Binding keys used by this component. | ||
*/ | ||
export namespace AuthorizationBindings { | ||
export const AUTHORIZE_ACTION = 'authorization.actions.authorize'; | ||
export const METADATA = 'authorization.operationMetadata'; | ||
} |
Oops, something went wrong.