Skip to content

Commit

Permalink
minor updates.
Browse files Browse the repository at this point in the history
  • Loading branch information
tjholm committed Feb 20, 2024
1 parent fd8950d commit cf44a18
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 8 deletions.
21 changes: 14 additions & 7 deletions src/resources/oidc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,15 @@ import { fromGrpcError } from '../api/errors';
export class OidcSecurityDefinition extends Resource {
private apiName: string;
private issuer: string;
private ruleName: string;
private audiences: string[];

constructor(name: string, apiName: string, issuer: string, audiences: string[] = []) {
constructor(name: string, apiName: string, options: UnscopedOicdOptions) {
super(name);
this.apiName = apiName;
this.issuer = issuer;
this.audiences = audiences;
this.issuer = options.issuer;
this.audiences = options.audiences;
this.ruleName = options.name;
}

protected resourceType(): ResourceTypeMap[keyof ResourceTypeMap] {
Expand All @@ -56,12 +58,12 @@ export class OidcSecurityDefinition extends Resource {
protected async register(): Promise<ResourceIdentifier> {
const req = new ResourceDeclareRequest();
const resource = new ResourceIdentifier();
resource.setName(this.name);
resource.setName(this.ruleName);
resource.setType(ResourceType.APISECURITYDEFINITION);

const securityDefinition = new ApiSecurityDefinitionResource();
const oidcDefinition = new ApiOpenIdConnectionDefinition();

oidcDefinition.setAudiencesList(this.audiences);
oidcDefinition.setIssuer(this.issuer);

Expand Down Expand Up @@ -92,10 +94,15 @@ export interface OidcOptions {

export type UnscopedOicdOptions = Omit<OidcOptions, "scopes">

export type SecurityOption = (scopes: string[]) => OidcOptions;
export type SecurityOption = (...scopes: string[]) => OidcOptions;

/**
* Constructs a new OpenID Connect (OIDC) security definition, which can be applied to APIs and their routes.
*
* This rule can be applied with various scopes, which are used to restrict access to the API.
*/
export const oidcRule = ({name, issuer, audiences}: UnscopedOicdOptions): SecurityOption => {
return (scopes: string[] = []): OidcOptions => {
return (...scopes: string[]): OidcOptions => {
return {
name,
issuer,
Expand Down
5 changes: 4 additions & 1 deletion src/resources/queue.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ import { ActionsList, make, SecureResource } from './common';

export type QueuePermission = 'enqueue' | 'dequeue';

const everything: QueuePermission[] = ['enqueue', 'dequeue'];

/**
* Queue resource for async messaging
*/
Expand Down Expand Up @@ -66,7 +68,8 @@ export class QueueResource<
return [...actions, Action.QUEUEDEQUEUE];
default:
throw new Error(
`unknown permission ${p}, supported permissions is publishing.}
`unknown permission ${p}, supported permissions are ${everything.join(
', '
)}`
);
}
Expand Down

0 comments on commit cf44a18

Please sign in to comment.