dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-04-28 21:05:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ce895f92cd6c6a539ee8dc05d6f23257c62052fd
dbgate/packages/api/src/utility/hasPermission.js

94 lines
2.5 KiB
JavaScript
Raw Blame History

const { compilePermissions, testPermission } = require('dbgate-tools');
const _ = require('lodash');
const userPermissions = {};
function hasPermission(tested, req) {
if (!req) {
// request object not available, allow all
return true;
}
const { user } = (req && req.auth) || {};
const { login } = (process.env.OAUTH_PERMISSIONS && req && req.user) || {};
const key = user || login || '';
const logins = getLogins();
if (!userPermissions[key]) {
if (logins) {
const login = logins.find(x => x.login == user);
userPermissions[key] = compilePermissions(login ? login.permissions : null);
} else {
userPermissions[key] = compilePermissions(process.env.PERMISSIONS);
}
}
return testPermission(tested, userPermissions[key]);
}
let loginsCache = null;
let loginsLoaded = false;
function getLogins() {
if (loginsLoaded) {
return loginsCache;
}
const res = [];
if (process.env.LOGIN && process.env.PASSWORD) {
res.push({
login: process.env.LOGIN,
password: process.env.PASSWORD,
permissions: process.env.PERMISSIONS,
});
}
if (process.env.LOGINS) {
const logins = _.compact(process.env.LOGINS.split(',').map(x => x.trim()));
for (const login of logins) {
const password = process.env[`LOGIN_PASSWORD_${login}`];
const permissions = process.env[`LOGIN_PERMISSIONS_${login}`];
if (password) {
res.push({
login,
password,
permissions,
});
}
}
}
else if (process.env.OAUTH_PERMISSIONS) {
const login_permission_keys = Object.keys(process.env).filter((key) => _.startsWith(key, 'LOGIN_PERMISSIONS_'))
for (const permissions_key of login_permission_keys) {
const login = permissions_key.replace('LOGIN_PERMISSIONS_', '');
const permissions = process.env[permissions_key];
userPermissions[login] = compilePermissions(permissions);
}
}
loginsCache = res.length > 0 ? res : null;
loginsLoaded = true;
return loginsCache;
}
function connectionHasPermission(connection, req) {
if (!connection) {
return true;
}
if (_.isString(connection)) {
return hasPermission(`connections/${connection}`, req);
} else {
return hasPermission(`connections/${connection._id}`, req);
}
}
function testConnectionPermission(connection, req) {
if (!connectionHasPermission(connection, req)) {
throw new Error('Connection permission not granted');
}
}
module.exports = {
hasPermission,
getLogins,
connectionHasPermission,
testConnectionPermission,
};
Reference in New Issue View Git Blame Copy Permalink