feat: add cerbos access control
This commit is contained in:
@@ -166,7 +166,7 @@ export class Api {
|
||||
);
|
||||
}
|
||||
|
||||
if (route.state.access === "session" && req.isAuthenticated === false) {
|
||||
if (route.state.access === "authenticated" && req.isAuthenticated === false) {
|
||||
return toResponse(new UnauthorizedError(), request);
|
||||
}
|
||||
|
||||
|
||||
@@ -2,7 +2,9 @@ import { ServerContext } from "@spec/relay";
|
||||
|
||||
import type { Sockets } from "~libraries/socket/sockets.ts";
|
||||
|
||||
import { Access } from "../auth/access.ts";
|
||||
import { Session } from "../auth/auth.ts";
|
||||
import { Principal } from "../auth/principal.ts";
|
||||
import { req } from "./request.ts";
|
||||
|
||||
declare module "@spec/relay" {
|
||||
@@ -17,17 +19,21 @@ declare module "@spec/relay" {
|
||||
*/
|
||||
isAuthenticated: boolean;
|
||||
|
||||
/**
|
||||
* Get account id from session, throws an error if the request
|
||||
* does not have a valid session.
|
||||
*/
|
||||
accountId: string;
|
||||
|
||||
/**
|
||||
* Get request session instance.
|
||||
*/
|
||||
session: Session;
|
||||
|
||||
/**
|
||||
* Get request principal.
|
||||
*/
|
||||
principal: Principal;
|
||||
|
||||
/**
|
||||
* Get access control session.
|
||||
*/
|
||||
access: Access;
|
||||
|
||||
/**
|
||||
* Sockets instance attached to the server.
|
||||
*/
|
||||
@@ -43,14 +49,18 @@ export function getRequestContext(request: Request): ServerContext {
|
||||
return req.isAuthenticated;
|
||||
},
|
||||
|
||||
get accountId() {
|
||||
return this.session.accountId;
|
||||
},
|
||||
|
||||
get session(): Session {
|
||||
return req.session;
|
||||
},
|
||||
|
||||
get principal(): Principal {
|
||||
return req.session.principal;
|
||||
},
|
||||
|
||||
get access(): Access {
|
||||
return req.session.access;
|
||||
},
|
||||
|
||||
get sockets(): Sockets {
|
||||
return req.sockets;
|
||||
},
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
import { InternalServerError, UnauthorizedError } from "@spec/relay";
|
||||
|
||||
import { Session } from "../auth/auth.ts";
|
||||
import { asyncLocalStorage } from "./storage.ts";
|
||||
import { storage } from "./storage.ts";
|
||||
|
||||
export const req = {
|
||||
get store() {
|
||||
const store = asyncLocalStorage.getStore();
|
||||
const store = storage.getStore();
|
||||
if (store === undefined) {
|
||||
throw new InternalServerError("AsyncLocalStorage not defined.");
|
||||
}
|
||||
@@ -55,7 +55,7 @@ export const req = {
|
||||
* Typically used when utility functions might run in and out of request scope.
|
||||
*/
|
||||
getStore() {
|
||||
return asyncLocalStorage.getStore();
|
||||
return storage.getStore();
|
||||
},
|
||||
} as const;
|
||||
|
||||
|
||||
@@ -3,7 +3,9 @@ import { AsyncLocalStorage } from "node:async_hooks";
|
||||
import type { Session } from "~libraries/auth/mod.ts";
|
||||
import type { Sockets } from "~libraries/socket/sockets.ts";
|
||||
|
||||
export const asyncLocalStorage = new AsyncLocalStorage<{
|
||||
export const storage = new AsyncLocalStorage<Storage>();
|
||||
|
||||
export type Storage = {
|
||||
session?: Session;
|
||||
info: {
|
||||
method: string;
|
||||
@@ -14,4 +16,4 @@ export const asyncLocalStorage = new AsyncLocalStorage<{
|
||||
response: {
|
||||
headers: Headers;
|
||||
};
|
||||
}>();
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user