security-context [RnD]

Install

 npm i -S @qiwi/security-context 

Contracts

Usage concept

 import {Role, AbstractToken, PermissionEvaluator} from '@qiwi/security-context'
 // Create role as basic Authority
 const admin = new Role('admin')
 const operator = new Role('operator')
 
 // Specify custom token logic
 class CustomToken extends AbstractToken {
 //...
 }
 
 // Configure your evaluator
 class CustomEvaluator extends PermissionEvaluator {
 constructor() {
 super()
 }
 hasPermission(token, target, permission) {
 const roles = token.authorities
 
 if (roles.contains(admin)) {
 return true
 }
 
 if (roles.contains(operator)) {
 if (permission === 'owner') {
 if (target.owner_id === token.principal.id) {
 return true
 }
 }
 }
 
 return false
 }
 }
 const evaluator = new PermissionEvaluator()
 
 // Handle auth event, build Auth instance
 const user = {
 login: 'foo'
 }
 fetch({/*...*/})
 .then(res => {
 const data = res.json()
 const token = new CustomToken(
 user,
 data.roles.map(v => new Role(v)),
 data.details
 )
 token.authenticated = true
 })
 .catch(e => {
 return new Authentication(user)
 })
 
 // Then pass auth to context and resolve permission where it's needed
 const doSomething = (target, ...args) => {
 if (evaluator.hasPermission(token, target, 'owner')) {
 // ...
 }
 }