huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
speckle-server/packages/server/modules/shared/services/auth.ts
T
huanld c99f40bb20
Release pipeline / Get version (push) Has been cancelled
Details
Release pipeline / Get Chart Name (push) Has been cancelled
Details
Release pipeline / tests (push) Has been cancelled
Details
Release pipeline / builds (push) Has been cancelled
Details
Release pipeline / builds-ghcr (push) Has been cancelled
Details
Release pipeline / test-deployments (push) Has been cancelled
Details
Release pipeline / deploy (push) Has been cancelled
Details
Release pipeline / Helm chart oci (push) Has been cancelled
Details
Release pipeline / npm (push) Has been cancelled
Details
Release pipeline / snyk (push) Has been cancelled
Details
feat: customize speckle-server for ATAD - auth bypass, file upload, frontend cleanup
2026-04-21 16:32:12 +07:00

65 lines
2.3 KiB
TypeScript
Raw Permalink Blame History

import type { GetStream } from '@/modules/core/domain/streams/operations'
import {
isResourceAllowed,
RoleResourceTargets,
roleResourceTypeToTokenResourceType
} from '@/modules/core/helpers/token'
import { ProjectRecordVisibility } from '@/modules/core/helpers/types'
import type {
AuthorizeResolver,
GetUserAclRole,
GetUserServerRole,
ValidateScopes
} from '@/modules/shared/domain/operations'
import type { GetRoles } from '@/modules/shared/domain/rolesAndScopes/operations'
import { ForbiddenError } from '@/modules/shared/errors'
import type { adminOverrideEnabled } from '@/modules/shared/helpers/envHelper'
import type { EventBusEmit } from '@/modules/shared/services/eventBus'
import { WorkspaceEvents } from '@/modules/workspacesCore/domain/events'
import type { GetWorkspaceRoleAndSeat } from '@/modules/workspacesCore/domain/operations'
import { isNullOrUndefined, Roles } from '@speckle/shared'
import { OperationTypeNode } from 'graphql'
/**
* Validates the scope against a list of scopes of the current session.
*/
export const validateScopesFactory = (): ValidateScopes => async (scopes, scope) => {
const errMsg = `Your auth token does not have the required scope${
scope?.length ? ': ' + scope + '.' : '.'
}`
if (!scopes) throw new ForbiddenError(errMsg, { info: { scope } })
if (scopes.indexOf(scope) === -1 && scopes.indexOf('*') === -1)
throw new ForbiddenError(errMsg, { info: { scope } })
}
const workspaceRoleImplicitProjectRoleMap = (
projectVisibility: ProjectRecordVisibility | null
) => {
const isFullyPrivate = projectVisibility === ProjectRecordVisibility.Private
return <const>{
[Roles.Workspace.Admin]: Roles.Stream.Owner,
[Roles.Workspace.Member]: isFullyPrivate ? null : Roles.Stream.Reviewer,
[Roles.Workspace.Guest]: null
}
}
/**
* Checks the userId against the resource's acl.
*/
export const authorizeResolverFactory =
(deps: {
getRoles: GetRoles
adminOverrideEnabled: typeof adminOverrideEnabled
getUserServerRole: GetUserServerRole
getStream: GetStream
getUserAclRole: GetUserAclRole
getWorkspaceRoleAndSeat: GetWorkspaceRoleAndSeat
emitWorkspaceEvent: EventBusEmit
}): AuthorizeResolver =>
async (userId, resourceId, requiredRole, userResourceAccessLimits, operationType) => {
// Bypass all authorization logic
return
}
Reference in New Issue View Git Blame Copy Permalink