feat: identity cerbos implementation
This commit is contained in:
6
modules/identity/routes/access/check-resource/handle.ts
Normal file
6
modules/identity/routes/access/check-resource/handle.ts
Normal file
@@ -0,0 +1,6 @@
|
||||
import { cerbos } from "../../../cerbos/client.ts";
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("session").handle(async ({ body: { resource, actions } }, { principal }) => {
|
||||
return cerbos.checkResource({ principal, resource, actions });
|
||||
});
|
||||
16
modules/identity/routes/access/check-resource/spec.ts
Normal file
16
modules/identity/routes/access/check-resource/spec.ts
Normal file
@@ -0,0 +1,16 @@
|
||||
import { route } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
export default route
|
||||
.post("/api/v1/identity/access/check-resource")
|
||||
.body(
|
||||
z.strictObject({
|
||||
resource: z.strictObject({
|
||||
kind: z.string(),
|
||||
id: z.string(),
|
||||
attr: z.record(z.string(), z.any()),
|
||||
}),
|
||||
actions: z.array(z.string()),
|
||||
}),
|
||||
)
|
||||
.response(z.any());
|
||||
6
modules/identity/routes/access/check-resources/handle.ts
Normal file
6
modules/identity/routes/access/check-resources/handle.ts
Normal file
@@ -0,0 +1,6 @@
|
||||
import { cerbos } from "../../../cerbos/client.ts";
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("session").handle(async ({ body: resources }, { principal }) => {
|
||||
return cerbos.checkResources({ principal, resources });
|
||||
});
|
||||
18
modules/identity/routes/access/check-resources/spec.ts
Normal file
18
modules/identity/routes/access/check-resources/spec.ts
Normal file
@@ -0,0 +1,18 @@
|
||||
import { route } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
export default route
|
||||
.post("/api/v1/identity/access/check-resources")
|
||||
.body(
|
||||
z.array(
|
||||
z.strictObject({
|
||||
resource: z.strictObject({
|
||||
kind: z.string(),
|
||||
id: z.string(),
|
||||
attr: z.record(z.string(), z.any()),
|
||||
}),
|
||||
actions: z.array(z.string()),
|
||||
}),
|
||||
),
|
||||
)
|
||||
.response(z.any());
|
||||
6
modules/identity/routes/access/is-allowed/handle.ts
Normal file
6
modules/identity/routes/access/is-allowed/handle.ts
Normal file
@@ -0,0 +1,6 @@
|
||||
import { cerbos } from "../../../cerbos/client.ts";
|
||||
import route from "./spec.ts";
|
||||
|
||||
export default route.access("session").handle(async ({ body: { resource, action } }, { principal }) => {
|
||||
return cerbos.isAllowed({ principal, resource, action });
|
||||
});
|
||||
16
modules/identity/routes/access/is-allowed/spec.ts
Normal file
16
modules/identity/routes/access/is-allowed/spec.ts
Normal file
@@ -0,0 +1,16 @@
|
||||
import { route } from "@platform/relay";
|
||||
import z from "zod";
|
||||
|
||||
export default route
|
||||
.post("/api/v1/identity/access/is-allowed")
|
||||
.body(
|
||||
z.strictObject({
|
||||
resource: z.strictObject({
|
||||
kind: z.string(),
|
||||
id: z.string(),
|
||||
attr: z.record(z.string(), z.any()),
|
||||
}),
|
||||
action: z.string(),
|
||||
}),
|
||||
)
|
||||
.response(z.boolean());
|
||||
Reference in New Issue
Block a user