djkato/saleor-app-sdk-REDIS_APL
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix Permission / AppPermission (#220)

Browse source
This commit is contained in:
Lukasz Ostrowski 2023-03-16 15:03:35 +01:00 committed by GitHub
parent 7c790e44a2
commit 96ffb925bd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 23 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.changeset/fast-tigers-mate.md Normal file
View file

@ -0,0 +1,5 @@
---
"@saleor/app-sdk": patch
---
Restores MANAGE_APPS to Permissions, but remove it from AppPermissions

4
src/handlers/next/create-protected-handler.ts
View file

@ -2,7 +2,7 @@ import { NextApiHandler, NextApiRequest, NextApiResponse } from "next";
import { APL } from "../../APL";
import { createDebug } from "../../debug";
import { AppPermission } from "../../types";
import { Permission } from "../../types";
import {
processSaleorProtectedHandler,
ProtectedHandlerError,
@ -37,7 +37,7 @@ export const createProtectedHandler =
(
handlerFn: NextProtectedApiHandler,
apl: APL,
requiredPermissions?: AppPermission[]
requiredPermissions?: Permission[]
): NextApiHandler =>
(req, res) => {
debug("Protected handler called");

4
src/handlers/next/process-protected-handler.ts
View file

@ -4,7 +4,7 @@ import { APL } from "../../APL";
import { AuthData } from "../../APL/apl";
import { createDebug } from "../../debug";
import { getBaseUrl, getSaleorHeaders } from "../../headers";
import { AppPermission } from "../../types";
import { Permission } from "../../types";
import { verifyJWT } from "../../verify-jwt";
const debug = createDebug("processProtectedHandler");
@ -39,7 +39,7 @@ export type ProtectedHandlerContext = {
interface ProcessSaleorProtectedHandlerArgs {
req: NextApiRequest;
apl: APL;
requiredPermissions?: AppPermission[];
requiredPermissions?: Permission[];
}
type ProcessAsyncSaleorProtectedHandler = (

4
src/has-permissions-in-jwt-token.ts
View file

@ -1,12 +1,12 @@
import { createDebug } from "./debug";
import { AppPermission } from "./types";
import { Permission } from "./types";
import { DashboardTokenPayload } from "./verify-jwt";
const debug = createDebug("checkJwtPermissions");
export const hasPermissionsInJwtToken = (
tokenData?: Pick<DashboardTokenPayload, "user_permissions">,
permissionsToCheckAgainst?: AppPermission[]
permissionsToCheckAgainst?: Permission[]
) => {
debug(`Permissions required ${permissionsToCheckAgainst}`);

10
src/types.ts
View file

@ -15,7 +15,7 @@ export type AppExtensionMount =
| "ORDER_OVERVIEW_MORE_ACTIONS";
/**
* TODO: Extract from Saleor graphQL schema
* All permissions that users can have
* Reference https://docs.saleor.io/docs/3.x/api-reference/enums/permission-enum
*/
export type Permission =
@ -40,9 +40,13 @@ export type Permission =
| "MANAGE_PRODUCT_TYPES_AND_ATTRIBUTES"
| "MANAGE_SHIPPING"
| "MANAGE_SETTINGS"
| "MANAGE_TRANSLATIONS";
| "MANAGE_TRANSLATIONS"
| "MANAGE_APPS";
export type AppPermission = Permission;
/**
* All permissions that App can have.
*/
export type AppPermission = Exclude<Permission, "MANAGE_APPS">;
/**
* @see https://github.com/saleor/saleor/blob/main/saleor/graphql/schema.graphql#L1505

4
src/util/extract-user-from-jwt.ts
View file

@ -1,10 +1,10 @@
import * as jose from "jose";
import { AppPermission } from "../types";
import { Permission } from "../types";
type TokenUserPayload = {
email: string;
userPermissions: AppPermission[];
userPermissions: Permission[];
};
export const extractUserFromJwt = (jwtToken: string): TokenUserPayload => {

6
src/verify-jwt.ts
View file

@ -2,21 +2,21 @@ import * as jose from "jose";
import { createDebug } from "./debug";
import { hasPermissionsInJwtToken } from "./has-permissions-in-jwt-token";
import { AppPermission } from "./types";
import { Permission } from "./types";
import { getJwksUrlFromSaleorApiUrl } from "./urls";
const debug = createDebug("verify-jwt");
export interface DashboardTokenPayload extends jose.JWTPayload {
app: string;
user_permissions: AppPermission[];
user_permissions: Permission[];
}
export interface verifyJWTArguments {
appId: string;
saleorApiUrl: string;
token: string;
requiredPermissions?: AppPermission[];
requiredPermissions?: Permission[];
}
export const verifyJWT = async ({