feat: add authorization component

greenkeeper.json

@@ -14,6 +14,7 @@
         "examples/todo-list/package.json",
         "examples/todo/package.json",
         "packages/authentication/package.json",
+        "packages/authorization/package.json",
         "packages/boot/package.json",
         "packages/build/package.json",
         "packages/cli/package.json",

packages/authorization/.npmrc

@@ -0,0 +1 @@
+package-lock=true

packages/authorization/LICENSE

@@ -0,0 +1,25 @@
+Copyright (c) IBM Corp. 2018. All Rights Reserved.
+Node module: @loopback/authorization
+This project is licensed under the MIT License, full text below.
+
+--------
+
+MIT license
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

packages/authorization/README.md

@@ -0,0 +1,56 @@
+# @loopback/authorization
+
+A LoopBack 4 component for authorization support.
+
+**This is a reference implementation showing how to implement an authorization
+component, it is not production ready.**
+
+## Overview
+
+## Installation
+
+```shell
+npm install --save @loopback/authorization
+```
+
+## Basic use
+
+Start by decorating your controller methods with `@authorize` to require the
+request to be authorized.
+
+In this example, we make the user profile available via dependency injection
+using a key available from `@loopback/authorization` package.
+
+```ts
+import {inject} from '@loopback/context';
+import {authorize} from '@loopback/authorization';
+import {get} from '@loopback/rest';
+
+export class MyController {
+  @authorize({allow: ['ADMIN']})
+  @get('/number-of-views')
+  numOfViews(): number {
+    return 100;
+  }
+}
+```
+
+## Related resources
+
+## Contributions
+
+- [Guidelines](https://github.com/strongloop/loopback-next/blob/master/docs/CONTRIBUTING.md)
+- [Join the team](https://github.com/strongloop/loopback-next/issues/110)
+
+## Tests
+
+run `npm test` from the root folder.
+
+## Contributors
+
+See
+[all contributors](https://github.com/strongloop/loopback-next/graphs/contributors).
+
+## License
+
+MIT

packages/authorization/docs.json

@@ -0,0 +1,12 @@
+{
+  "content": [
+    "index.ts",
+    "src/index.ts",
+    "src/decorators/authorize.ts",
+    "src/providers/authorization-metadata.ts",
+    "src/providers/authorize.ts",
+    "src/authorization-component.ts",
+    "src/keys.ts"
+  ],
+  "codeSectionDepth": 4
+}

packages/authorization/index.d.ts

@@ -0,0 +1,6 @@
+// Copyright IBM Corp. 2017,2018. All Rights Reserved.
+// Node module: @loopback/authorization
+// This file is licensed under the MIT License.
+// License text available at https://opensource.org/licenses/MIT
+
+export * from './dist';

packages/authorization/index.js

@@ -0,0 +1,6 @@
+// Copyright IBM Corp. 2017,2018. All Rights Reserved.
+// Node module: @loopback/authorization
+// This file is licensed under the MIT License.
+// License text available at https://opensource.org/licenses/MIT
+
+module.exports = require('./dist');

packages/authorization/index.ts

@@ -0,0 +1,8 @@
+// Copyright IBM Corp. 2017,2018. All Rights Reserved.
+// Node module: @loopback/authorization
+// This file is licensed under the MIT License.
+// License text available at https://opensource.org/licenses/MIT
+
+// DO NOT EDIT THIS FILE
+// Add any additional (re)exports to src/index.ts instead.
+export * from './src';

packages/authorization/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@loopback/authorization",
+  "version": "0.1.0",
+  "description": "A LoopBack component for authorization support.",
+  "engines": {
+    "node": ">=8"
+  },
+  "scripts": {
+    "acceptance": "lb-mocha \"dist/__tests__/acceptance/**/*.js\"",
+    "build": "lb-tsc es2017 --outDir dist",
+    "build:apidocs": "lb-apidocs",
+    "clean": "lb-clean loopback-authorization*.tgz dist package api-docs",
+    "integration": "lb-mocha \"dist/__tests__/integration/**/*.js\"",
+    "prepublishOnly": "npm run build && npm run build:apidocs",
+    "pretest": "npm run build",
+    "test": "lb-mocha \"dist/__tests__/**/*.js\"",
+    "unit": "lb-mocha \"dist/__tests__/unit/**/*.js\"",
+    "verify": "npm pack && tar xf loopback-authorization*.tgz && tree package && npm run clean"
+  },
+  "author": "IBM",
+  "copyright.owner": "IBM Corp.",
+  "license": "MIT",
+  "dependencies": {
+    "@loopback/context": "^1.12.0",
+    "@loopback/core": "^1.5.0"
+  },
+  "devDependencies": {
+    "@loopback/build": "^1.5.0",
+    "@loopback/testlab": "^1.2.5"
+  },
+  "keywords": [
+    "LoopBack",
+    "Authorization"
+  ],
+  "files": [
+    "README.md",
+    "index.js",
+    "index.d.ts",
+    "dist",
+    "src",
+    "!*/__tests__"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/strongloop/loopback-next.git"
+  }
+}

packages/authorization/src/__tests__/unit/authorize-decorator.test.ts

@@ -0,0 +1,126 @@
+// Copyright IBM Corp. 2018. All Rights Reserved.
+// Node module: @loopback/authorization
+// This file is licensed under the MIT License.
+// License text available at https://opensource.org/licenses/MIT
+
+import {expect} from '@loopback/testlab';
+import {
+  authorize,
+  getAuthorizeMetadata,
+  EVERYONE,
+  AUTHENTICATED,
+  UNAUTHENTICATED,
+} from '../..';
+
+describe('Authentication', () => {
+  describe('@authorize decorator', () => {
+    it('can add authorize metadata to target method', () => {
+      class TestClass {
+        @authorize({allowedRoles: ['ADMIN'], scopes: ['secret.read']})
+        getSecret() {}
+      }
+
+      const metaData = getAuthorizeMetadata(TestClass, 'getSecret');
+      expect(metaData).to.eql({
+        allowedRoles: ['ADMIN'],
+        scopes: ['secret.read'],
+      });
+    });
+
+    it('can add allowAll to target method', () => {
+      class TestClass {
+        @authorize.allowAll()
+        getSecret() {}
+      }
+
+      const metaData = getAuthorizeMetadata(TestClass, 'getSecret');
+      expect(metaData).to.eql({
+        allowedRoles: [EVERYONE],
+      });
+    });
+
+    it('can add allowAllExcept to target method', () => {
+      class TestClass {
+        @authorize.allowAllExcept('xyz')
+        getSecret() {}
+      }
+
+      const metaData = getAuthorizeMetadata(TestClass, 'getSecret');
+      expect(metaData).to.eql({
+        allowedRoles: [EVERYONE],
+        deniedRoles: ['xyz'],
+      });
+    });
+
+    it('can add denyAll to target method', () => {
+      class TestClass {
+        @authorize.denyAll()
+        getSecret() {}
+      }
+
+      const metaData = getAuthorizeMetadata(TestClass, 'getSecret');
+      expect(metaData).to.eql({
+        deniedRoles: [EVERYONE],
+      });
+    });
+
+    it('can add denyAllExcept to target method', () => {
+      class TestClass {
+        @authorize.denyAllExcept('xyz')
+        getSecret() {}
+      }
+
+      const metaData = getAuthorizeMetadata(TestClass, 'getSecret');
+      expect(metaData).to.eql({
+        allowedRoles: ['xyz'],
+        deniedRoles: [EVERYONE],
+      });
+    });
+
+    it('can add allowAuthenticated to target method', () => {
+      class TestClass {
+        @authorize.allowAuthenticated()
+        getSecret() {}
+      }
+
+      const metaData = getAuthorizeMetadata(TestClass, 'getSecret');
+      expect(metaData).to.eql({
+        allowedRoles: [AUTHENTICATED],
+      });
+    });
+
+    it('can add allowAuthenticated to target method', () => {
+      class TestClass {
+        @authorize.denyUnauthenticated()
+        getSecret() {}
+      }
+
+      const metaData = getAuthorizeMetadata(TestClass, 'getSecret');
+      expect(metaData).to.eql({
+        deniedRoles: [UNAUTHENTICATED],
+      });
+    });
+
+    it('can stack decorators to target method', () => {
+      class TestClass {
+        @authorize.allow('a1', 'a2')
+        @authorize.deny('d1', 'd2')
+        @authorize({
+          allowedRoles: ['a1', 'a3'],
+          deniedRoles: ['d3'],
+        })
+        @authorize.scope('s1', 's2')
+        @authorize.vote('v1', 'v2')
+        getSecret() {}
+      }
+
+      const metaData = getAuthorizeMetadata(TestClass, 'getSecret');
+      expect(metaData).to.deepEqual({
+        voters: ['v1', 'v2'],
+        allowedRoles: ['a1', 'a3', 'a2'],
+        deniedRoles: ['d3', 'd1', 'd2'],
+        scopes: ['s1', 's2'],
+      });
+    });
+  });
+});

packages/authorization/src/authorization-component.ts

@@ -0,0 +1,20 @@
+// Copyright IBM Corp. 2018. All Rights Reserved.
+// Node module: @loopback/authorization
+// This file is licensed under the MIT License.
+// License text available at https://opensource.org/licenses/MIT
+
+import {AuthorizationBindings} from './keys';
+import {Component, ProviderMap} from '@loopback/core';
+import {AuthorizationProvider} from './providers/authorize';
+import {AuthMetadataProvider} from './providers/authorization-metadata';
+
+export class AuthenticationComponent implements Component {
+  providers?: ProviderMap;
+
+  constructor() {
+    this.providers = {
+      [AuthorizationBindings.AUTHORIZE_ACTION]: AuthorizationProvider,
+      [AuthorizationBindings.METADATA]: AuthMetadataProvider,
+    };
+  }
+}