64 lines
1.7 KiB
JavaScript
64 lines
1.7 KiB
JavaScript
import { getConfig } from "../../common/config.js";
|
|
import axios from 'axios';
|
|
import { v4 as uuidv4 } from 'uuid';
|
|
|
|
export async function init() {
|
|
const config = getConfig();
|
|
// No initialization required
|
|
}
|
|
|
|
export async function check(req) {
|
|
// Ref:
|
|
// ----
|
|
// curl -X POST http://localhost:3592/api/check/resources \
|
|
// -H "Content-Type: application/json" \
|
|
// -d '{
|
|
// "requestId": "test-check-1",
|
|
// "principal": {
|
|
// "id": "user123",
|
|
// "roles": ["user"]
|
|
// },
|
|
// "resources": [
|
|
// {
|
|
// "resource": {
|
|
// "kind": "privateData",
|
|
// "id": "record001",
|
|
// "attr": {}
|
|
// },
|
|
// "actions": ["read"]
|
|
// }
|
|
// ]
|
|
// }'
|
|
|
|
const r = {
|
|
requestId: uuidv4(),
|
|
principal: {
|
|
id: req.subject.id,
|
|
roles: [req.subject.type]
|
|
},
|
|
resources: [
|
|
{
|
|
resource: {
|
|
kind: req.resource.type,
|
|
id: req.resource.id,
|
|
attr: {}
|
|
},
|
|
actions: [req.action.name]
|
|
}
|
|
]
|
|
}
|
|
if (req.resource.properties.ownerID) {
|
|
r.resources[0].resource.attr = { owner: req.resource.properties.ownerID }
|
|
}
|
|
const config = getConfig();
|
|
const result = await axios.post(
|
|
`${config.pdpUrl}/api/check/resources`,
|
|
r,
|
|
)
|
|
console.log(`Auth check: ${JSON.stringify(result.data)}`);
|
|
if (result.data?.results[0]?.actions[req.action.name] === 'EFFECT_ALLOW') {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|