add auth functionality

src/modules/pep/cerbos.js

@@ -0,0 +1,63 @@
+import { getConfig } from "../../common/config.js";
+import axios from 'axios';
+import { v4 as uuidv4 } from 'uuid';
+
+export async function init() {
+    const config = getConfig();
+    // No initialization required
+}
+
+export async function check(req) {
+    // Ref:
+    // ----
+    // curl -X POST http://localhost:3592/api/check/resources \
+    //     -H "Content-Type: application/json" \
+    //     -d '{
+    //         "requestId": "test-check-1",
+    //         "principal": {
+    //             "id": "user123",
+    //             "roles": ["user"]
+    //         },
+    //         "resources": [
+    //             {
+    //                 "resource": {
+    //                     "kind": "privateData",
+    //                     "id": "record001",
+    //                     "attr": {}
+    //                 },
+    //                 "actions": ["read"]
+    //             }
+    //         ]
+    //     }'
+
+    const r = {
+        requestId: uuidv4(),
+        principal: {
+            id: req.subject.id,
+            roles: [req.subject.type]
+        },
+        resources: [
+            {
+                resource: {
+                    kind: req.resource.type,
+                    id: req.resource.id,
+                    attr: {}
+                },
+                actions: [req.action.name]
+            }
+        ]
+    }
+    if (req.resource.properties.ownerID) {
+        r.resources[0].resource.attr = { owner: req.resource.properties.ownerID }
+    }
+    const config = getConfig();
+    const result = await axios.post(
+        `${config.pdpUrl}/api/check/resources`,
+        r,
+    )
+    console.log(`Auth check: ${JSON.stringify(result.data)}`);
+    if (result.data?.results[0]?.actions[req.action.name] === 'EFFECT_ALLOW') {
+        return true;
+    }
+    return false;
+}