parent
101faf0a7f
commit
13140886a9
@ -1,53 +1,57 @@
|
||||
import ProxyAuthProvider from "./proxy";
|
||||
import NullAuthProvider from "./null";
|
||||
import NullAuthProvider from "./null";
|
||||
|
||||
const AuthProviders = {
|
||||
NullAuthProvider,
|
||||
ProxyAuthProvider
|
||||
};
|
||||
NullAuthProvider,
|
||||
ProxyAuthProvider,
|
||||
};
|
||||
|
||||
function getProviderByKey(key) {
|
||||
return AuthProviders.find((provider) => provider.key === key) ?? NullAuthProvider;
|
||||
return AuthProviders.find((provider) => provider.key === key) ?? NullAuthProvider;
|
||||
}
|
||||
|
||||
function authAllow({user, groups}, item) {
|
||||
const groupAllow = (('allowGroups' in item)) && groups.some(group => item.allowGroups.includes(group));
|
||||
const userAllow = (('allowUsers' in item)) && item.allowUsers.includes(user);
|
||||
const allowAll = (!('allowGroups' in item)) && (!('allowUsers' in item));
|
||||
function authAllow({ user, groups }, item) {
|
||||
const groupAllow = "allowGroups" in item && groups.some((group) => item.allowGroups.includes(group));
|
||||
const userAllow = "allowUsers" in item && item.allowUsers.includes(user);
|
||||
const allowAll = !("allowGroups" in item) && !("allowUsers" in item);
|
||||
|
||||
return userAllow || groupAllow || allowAll;
|
||||
return userAllow || groupAllow || allowAll;
|
||||
}
|
||||
|
||||
export function checkAllowedGroup(perms, authGroups, groupName) {
|
||||
const testGroup = authGroups.find((group) => group.name === groupName )
|
||||
return testGroup ? authAllow(perms, testGroup) : true
|
||||
const testGroup = authGroups.find((group) => group.name === groupName);
|
||||
return testGroup ? authAllow(perms, testGroup) : true;
|
||||
}
|
||||
|
||||
|
||||
function filterAllowedItems(perms, authGroups, groups, groupKey) {
|
||||
return groups.filter((group) => checkAllowedGroup(perms, authGroups, group.name))
|
||||
return groups
|
||||
.filter((group) => checkAllowedGroup(perms, authGroups, group.name))
|
||||
.map((group) => ({
|
||||
name: group.name,
|
||||
[groupKey]: group[groupKey].filter((item) => authAllow(perms, item))
|
||||
name: group.name,
|
||||
[groupKey]: group[groupKey].filter((item) => authAllow(perms, item)),
|
||||
}))
|
||||
.filter((group) => group[groupKey].length);
|
||||
}
|
||||
|
||||
export function readAuthSettings({provider, groups} = {}) {
|
||||
return {
|
||||
provider: provider ? getProviderByKey(provider.type).create(provider) : NullAuthProvider.create(),
|
||||
groups: groups ? groups.map((group) => ({
|
||||
name: Object.keys(group)[0],
|
||||
allowUsers: group[Object.keys(group)[0]].allowUsers,
|
||||
allowGroups: group[Object.keys(group)[0]].allowGroups
|
||||
})) : []
|
||||
}
|
||||
export function readAuthSettings({ provider, groups } = {}) {
|
||||
return {
|
||||
provider: provider ? getProviderByKey(provider.type).create(provider) : NullAuthProvider.create(),
|
||||
groups: groups
|
||||
? groups.map((group) => ({
|
||||
name: Object.keys(group)[0],
|
||||
allowUsers: group[Object.keys(group)[0]].allowUsers,
|
||||
allowGroups: group[Object.keys(group)[0]].allowGroups,
|
||||
}))
|
||||
: [],
|
||||
};
|
||||
}
|
||||
|
||||
export async function fetchWithAuth(key, context) {
|
||||
return getProviderByKey(context.provider).fetch([key, context]);
|
||||
return getProviderByKey(context.provider).fetch([key, context]);
|
||||
}
|
||||
|
||||
export const filterAllowedServices = (perms, authGroups, services) => filterAllowedItems(perms, authGroups, services, 'services');
|
||||
export const filterAllowedBookmarks = (perms, authGroups, bookmarks) => filterAllowedItems(perms, authGroups, bookmarks, 'bookmarks');
|
||||
export const filterAllowedWidgets = (perms, widgets) => widgets.filter((widget) => authAllow(perms, widget.options))
|
||||
export const filterAllowedServices = (perms, authGroups, services) =>
|
||||
filterAllowedItems(perms, authGroups, services, "services");
|
||||
export const filterAllowedBookmarks = (perms, authGroups, bookmarks) =>
|
||||
filterAllowedItems(perms, authGroups, bookmarks, "bookmarks");
|
||||
export const filterAllowedWidgets = (perms, widgets) => widgets.filter((widget) => authAllow(perms, widget.options));
|
||||
|
@ -1,23 +1,23 @@
|
||||
const NullPermissions = { user: null, groups:[]}
|
||||
const NullAuthKey = "none"
|
||||
const NullPermissions = { user: null, groups: [] };
|
||||
const NullAuthKey = "none";
|
||||
|
||||
function createNullAuth() {
|
||||
return {
|
||||
authorize: () => NullPermissions,
|
||||
getContext: () => ({
|
||||
provider: NullAuthKey
|
||||
}),
|
||||
}
|
||||
}
|
||||
return {
|
||||
authorize: () => NullPermissions,
|
||||
getContext: () => ({
|
||||
provider: NullAuthKey,
|
||||
}),
|
||||
};
|
||||
}
|
||||
|
||||
async function fetchNullAuth([key]) {
|
||||
return fetch(key).then((res) => res.json())
|
||||
return fetch(key).then((res) => res.json());
|
||||
}
|
||||
|
||||
const NullAuthProvider = {
|
||||
key: NullAuthKey,
|
||||
create: createNullAuth,
|
||||
fetch: fetchNullAuth
|
||||
}
|
||||
key: NullAuthKey,
|
||||
create: createNullAuth,
|
||||
fetch: fetchNullAuth,
|
||||
};
|
||||
|
||||
export default NullAuthProvider;
|
||||
|
@ -1,33 +1,33 @@
|
||||
// 'proxy' auth provider is meant to be used by a reverse proxy that injects permission headers into the origin
|
||||
// request. In this case we are relying on our proxy to authenitcate our users and validate.
|
||||
const ProxyAuthKey="proxy"
|
||||
// 'proxy' auth provider is meant to be used by a reverse proxy that injects permission headers into the origin
|
||||
// request. In this case we are relying on our proxy to authenitcate our users and validate.
|
||||
const ProxyAuthKey = "proxy";
|
||||
|
||||
function getProxyPermissions(userHeader, groupHeader, request) {
|
||||
const user = (userHeader)?request.headers.get(userHeader):null;
|
||||
const groupsString = (groupHeader)?request.headers.get(groupHeader):"";
|
||||
function getProxyPermissions(userHeader, groupHeader, request) {
|
||||
const user = userHeader ? request.headers.get(userHeader) : null;
|
||||
const groupsString = groupHeader ? request.headers.get(groupHeader) : "";
|
||||
|
||||
return {user, groups: (groupsString)?groupsString.split(",").map((v) => v.trimStart()):[]}
|
||||
return { user, groups: groupsString ? groupsString.split(",").map((v) => v.trimStart()) : [] };
|
||||
}
|
||||
|
||||
function createProxyAuth({groupHeader, userHeader}) {
|
||||
return {
|
||||
getContext : (request) => ({
|
||||
type: ProxyAuthKey,
|
||||
...userHeader && {[userHeader]: request.headers.get(userHeader) },
|
||||
...groupHeader && {[groupHeader]: request.headers.get(groupHeader)}
|
||||
}),
|
||||
authorize : (request) => getProxyPermissions(userHeader, groupHeader, request)
|
||||
}
|
||||
function createProxyAuth({ groupHeader, userHeader }) {
|
||||
return {
|
||||
getContext: (request) => ({
|
||||
type: ProxyAuthKey,
|
||||
...(userHeader && { [userHeader]: request.headers.get(userHeader) }),
|
||||
...(groupHeader && { [groupHeader]: request.headers.get(groupHeader) }),
|
||||
}),
|
||||
authorize: (request) => getProxyPermissions(userHeader, groupHeader, request),
|
||||
};
|
||||
}
|
||||
|
||||
async function fetchProxyAuth([key, context]) {
|
||||
return fetch(key, {headers: context.headers}).then((res) => res.json())
|
||||
return fetch(key, { headers: context.headers }).then((res) => res.json());
|
||||
}
|
||||
|
||||
const ProxyAuthProvider = {
|
||||
key: ProxyAuthKey,
|
||||
create: createProxyAuth,
|
||||
fetch: fetchProxyAuth
|
||||
}
|
||||
const ProxyAuthProvider = {
|
||||
key: ProxyAuthKey,
|
||||
create: createProxyAuth,
|
||||
fetch: fetchProxyAuth,
|
||||
};
|
||||
|
||||
export default ProxyAuthProvider;
|
||||
export default ProxyAuthProvider;
|
||||
|
Loading…
Reference in new issue