mirror of
https://codeberg.org/MarkusThielker/next-ory.git
synced 2025-04-16 13:49:28 +00:00
NORY-59: add authentication and authorisation actions
This commit is contained in:
Markus Thielker
parent
007098ca91
commit
7d7782a92c
1 changed files with 106 additions and 0 deletions
106
dashboard/src/lib/action/authentication.ts
Normal file
106
dashboard/src/lib/action/authentication.ts
Normal file
|
|
@ -0,0 +1,106 @@
|
||||||
|
'use server';
|
||||||
|
|
||||||
|
import { getFrontendApi, getPermissionApi } from '@/ory/sdk/server';
|
||||||
|
import { cookies } from 'next/headers';
|
||||||
|
import { redirect } from 'next/navigation';
|
||||||
|
|
||||||
|
export async function getSession() {
|
||||||
|
|
||||||
|
const cookie = await cookies();
|
||||||
|
|
||||||
|
const frontendApi = await getFrontendApi();
|
||||||
|
|
||||||
|
return frontendApi
|
||||||
|
.toSession({ cookie: 'ory_kratos_session=' + cookie.get('ory_kratos_session')?.value })
|
||||||
|
.then((response) => response.data)
|
||||||
|
.catch(() => null);
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function requireSession() {
|
||||||
|
|
||||||
|
const session = await getSession();
|
||||||
|
|
||||||
|
if (!session) {
|
||||||
|
|
||||||
|
// TODO: set return_to dynamically
|
||||||
|
const url = process.env.NEXT_PUBLIC_AUTHENTICATION_NODE_URL +
|
||||||
|
'/flow/login?return_to=' + process.env.NEXT_PUBLIC_DASHBOARD_NODE_URL;
|
||||||
|
|
||||||
|
console.log('Intercepted request with missing session');
|
||||||
|
console.log('Redirecting client to: ', url);
|
||||||
|
|
||||||
|
redirect(url);
|
||||||
|
}
|
||||||
|
|
||||||
|
return session;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
export async function checkRole(
|
||||||
|
object: string,
|
||||||
|
subjectId: string,
|
||||||
|
) {
|
||||||
|
|
||||||
|
const permissionApi = await getPermissionApi();
|
||||||
|
return permissionApi.checkPermission({
|
||||||
|
namespace: 'roles',
|
||||||
|
object,
|
||||||
|
relation: 'member',
|
||||||
|
subjectId,
|
||||||
|
})
|
||||||
|
.then(({ data: { allowed } }) => allowed)
|
||||||
|
.catch(_ => false);
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function requireRole(
|
||||||
|
object: string,
|
||||||
|
subjectId: string,
|
||||||
|
) {
|
||||||
|
|
||||||
|
const hasRole = await checkRole(object, subjectId);
|
||||||
|
|
||||||
|
if (!hasRole) {
|
||||||
|
console.log(`Intercepted request with missing role ${object} for identity ${subjectId}`);
|
||||||
|
redirect('/unauthorised');
|
||||||
|
}
|
||||||
|
|
||||||
|
return hasRole;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
export async function checkPermission(
|
||||||
|
object: string,
|
||||||
|
relation: string,
|
||||||
|
subjectId: string,
|
||||||
|
) {
|
||||||
|
|
||||||
|
const permissionApi = await getPermissionApi();
|
||||||
|
return permissionApi.checkPermission({
|
||||||
|
namespace: 'permissions',
|
||||||
|
object,
|
||||||
|
relation,
|
||||||
|
subjectId,
|
||||||
|
})
|
||||||
|
.then(({ data: { allowed } }) => allowed)
|
||||||
|
.catch(_ => false);
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function requirePermission(
|
||||||
|
object: string,
|
||||||
|
relation: string,
|
||||||
|
subjectId: string,
|
||||||
|
) {
|
||||||
|
|
||||||
|
const allowed = await checkPermission(
|
||||||
|
object,
|
||||||
|
relation,
|
||||||
|
subjectId,
|
||||||
|
);
|
||||||
|
|
||||||
|
if (!allowed) {
|
||||||
|
console.log(`Intercepted request with insufficient permission (${object}#${relation}@${subjectId})`);
|
||||||
|
redirect('/unauthorised');
|
||||||
|
}
|
||||||
|
|
||||||
|
return allowed;
|
||||||
|
}
|
||||||
Loading…
Add table
Reference in a new issue