huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
5985ce73ea6f75fc0c29bc8f5cbf6fa8c56fc8df
speckle-server/packages/server/modules/workspaces/index.ts
T
Chuck Driesler cb8aa31b66 feat(authz): shared authz pipeline (#4151) 
* wip

* wip

* feat(authz): wip policy shape

* wip

* fix(authz): canReadProject with latest pattern

* wip

* feat(shared): simplify authz checks and policies

* feat(shared): port role weights into shared

* test(shared): some more tests for authz

* test(shared): more query project tests

* typo!

* feat(shared): ff loading refinements

* feat(shared): example authorization policy integration

* authz loaders init

* chore(authz): naming etc

* wip

* fix(authz): authz error objects

Co-authored-by: Kristaps Fabians Geikins <fabis94@users.noreply.github.com>
Co-authored-by: Gergő Jedlicska <gjedlicska@users.noreply.github.com>

* fix(authz): use correct role weights

* chore(authz): use codes from errors in tests

* chore(authz): wow

* chore(authz): fix more tests, add more tests

* chore(authz): fix some tests, add some tests (again)

* fix(authz): fix tests again

---------

Co-authored-by: Gergő Jedlicska <gergo@jedlicska.com>
Co-authored-by: Kristaps Fabians Geikins <fabis94@users.noreply.github.com>
Co-authored-by: Gergő Jedlicska <gjedlicska@users.noreply.github.com>
2025-03-21 14:45:36 +01:00

58 lines
2.1 KiB
TypeScript
Raw Blame History

import { moduleLogger } from '@/observability/logging'
import { getFeatureFlags } from '@/modules/shared/helpers/envHelper'
import { registerOrUpdateScopeFactory } from '@/modules/shared/repositories/scopes'
import db from '@/db/knex'
import { Optional, SpeckleModule } from '@/modules/shared/helpers/typeHelper'
import { workspaceRoles } from '@/modules/workspaces/roles'
import { workspaceScopes } from '@/modules/workspaces/scopes'
import { registerOrUpdateRole } from '@/modules/shared/repositories/roles'
import { initializeEventListenersFactory } from '@/modules/workspaces/events/eventListener'
import { validateModuleLicense } from '@/modules/gatekeeper/services/validateLicense'
import { getSsoRouter } from '@/modules/workspaces/rest/sso'
import { InvalidLicenseError } from '@/modules/gatekeeper/errors/license'
import { defineModuleLoaders } from '@/modules/workspaces/authz'
const { FF_WORKSPACES_MODULE_ENABLED, FF_WORKSPACES_SSO_ENABLED } = getFeatureFlags()
let quitListeners: Optional<() => void> = undefined
const initScopes = async () => {
const registerFunc = registerOrUpdateScopeFactory({ db })
await Promise.all(workspaceScopes.map((scope) => registerFunc({ scope })))
}
const initRoles = async () => {
const registerFunc = registerOrUpdateRole({ db })
await Promise.all(workspaceRoles.map((role) => registerFunc({ role })))
}
const workspacesModule: SpeckleModule = {
async init({ app, isInitial }) {
if (!FF_WORKSPACES_MODULE_ENABLED) return
const isWorkspaceLicenseValid = await validateModuleLicense({
requiredModules: ['workspaces']
})
if (!isWorkspaceLicenseValid)
throw new InvalidLicenseError(
'The workspaces module needs a valid license to run, contact Speckle to get one.'
)
moduleLogger.info('⚒️ Init workspaces module')
if (FF_WORKSPACES_SSO_ENABLED) app.use(getSsoRouter())
if (isInitial) {
quitListeners = initializeEventListenersFactory({ db })()
}
await Promise.all([initScopes(), initRoles()])
defineModuleLoaders()
},
shutdown() {
if (!FF_WORKSPACES_MODULE_ENABLED) return
quitListeners?.()
}
}
export = workspacesModule
Reference in New Issue View Git Blame Copy Permalink