Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: pass requestedModes metadata on 401

Browse Source 
* feat: pass requestedModes metadata on 401

* fix: bundle modes per target bnode

* fix: use custom instance check for HttpError
This commit is contained in:
Wouter Termont
2023-10-27 09:23:36 +02:00
committed by GitHub
parent 04711b112b
commit 58daeb684f
3 changed files with 49 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/server/AuthorizingHttpHandler.ts
View File

@@ -1,13 +1,19 @@
import { DataFactory } from 'n3';
import type { Credentials } from '../authentication/Credentials';
import type { CredentialsExtractor } from '../authentication/CredentialsExtractor';
import type { Authorizer } from '../authorization/Authorizer';
import type { PermissionReader } from '../authorization/PermissionReader';
import type { ModesExtractor } from '../authorization/permissions/ModesExtractor';
import type { AccessMap } from '../authorization/permissions/Permissions';
import type { ResponseDescription } from '../http/output/response/ResponseDescription';
import { getLoggerFor } from '../logging/LogUtil';
import { HttpError } from '../util/errors/HttpError';
import { SOLID_META } from '../util/Vocabularies';
import type { OperationHttpHandlerInput } from './OperationHttpHandler';
import { OperationHttpHandler } from './OperationHttpHandler';
const { blankNode, namedNode, literal } = DataFactory;
export interface AuthorizingHttpHandlerArgs {
/**
* Extracts the credentials from the incoming request.
@@ -77,6 +83,9 @@ export class AuthorizingHttpHandler extends OperationHttpHandler {
await this.authorizer.handleSafe({ credentials, requestedModes, availablePermissions });
} catch (error: unknown) {
this.logger.verbose(`Authorization failed: ${(error as any).message}`);
if (HttpError.isInstance(error)) {
this.addAccessModesToError(error, requestedModes);
}
throw error;
}
@@ -84,4 +93,15 @@ export class AuthorizingHttpHandler extends OperationHttpHandler {
return this.operationHandler.handleSafe(input);
}
private addAccessModesToError(error: HttpError, requestedModes: AccessMap): void {
for (const [ identifier, modes ] of requestedModes.entrySets()) {
const bnode = blankNode();
error.metadata.add(SOLID_META.terms.requestedAccess, bnode);
error.metadata.addQuad(bnode, SOLID_META.terms.accessTarget, namedNode(identifier.path));
for (const mode of modes.values()) {
error.metadata.addQuad(bnode, SOLID_META.terms.accessMode, literal(mode));
}
}
}
}

4
src/util/Vocabularies.ts
View File

@@ -287,6 +287,10 @@ export const SOLID_META = createVocabulary('urn:npm:solid:community-server:meta:
'value',
// This is used to indicate whether metadata should be preserved or not during a PUT operation
'preserve',
// These predicates are used to describe the requested access in case of an unauthorized request
'requestedAccess',
'accessTarget',
'accessMode',
);
export const VANN = createVocabulary('http://purl.org/vocab/vann/',