ian/directus-extension-external-jwt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial
Some checks failed
Release / Release (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Ian Kibet
2025-05-27 21:42:25 +03:00
parent fc08583c54
commit ead3eb030c
10 changed files with 60129 additions and 283 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.prettierrc Normal file
View File

@@ -0,0 +1,3 @@
{
}

11
compose.yml Normal file
View File

@@ -0,0 +1,11 @@
services:
directus:
image: directus/directus:latest
container_name: directus
env_file: .env
ports:
- "8055:8055"
volumes:
- ./.docker/data:/data
- ./dist:/directus/extensions/directus-extension-external-jwt/dist
- ./package.json:/directus/extensions/directus-extension-external-jwt/package.json

0
extensions/.gitkeep
View File

1
extensions/@zerosubnet/directus-extension-external-jwt
View File

@@ -1 +0,0 @@
../../dist

59603
index.js Normal file
View File

File diff suppressed because one or more lines are too long

9
package.json
View File

@@ -1,5 +1,5 @@
{
"name": "@zerosubnet/directus-extension-external-jwt",
"name": "directus-extension-external-jwt",
"description": "External JWT Directus Extension allow directus to trust tokens issued by an oauth2 or OIDC provider",
"icon": "extension",
"version": "1.0.0",
@@ -64,9 +64,10 @@
"node": ">=18.0.0"
},
"scripts": {
"build": "directus-extension build",
"build": "directus-extension build && npm run sync",
"dev": "directus-extension build -w --no-minify",
"link": "directus-extension link",
"sync": "rm -rf ./extensions/directus-extension-external-jwt && mkdir -p ./extensions/directus-extension-external-jwt/dist && ln ./package.json ./extensions/directus-extension-external-jwt/package.json && ln ./dist/index.js ./extensions/directus-extension-external-jwt/dist/index.js",
"directus": "pnpm dlx directus start",
"lint": "eslint . --ext .ts",
"test": "vitest",
@@ -138,11 +139,13 @@
"vitest": "^0.34.6"
},
"dependencies": {
"@directus/extensions": "^3.0.5",
"@keyv/redis": "^2.8.5",
"jsonwebtoken": "^9.0.2",
"jwks-rsa": "^3.1.0",
"keyv": "^4.5.4",
"openid-client": "^5.6.5"
"openid-client": "^5.6.5",
"uuid": "^11.1.0"
},
"pnpm": {
"overrides": {

173
pnpm-lock.yaml generated
View File

@@ -28,6 +28,9 @@ importers:
.:
dependencies:
'@directus/extensions':
specifier: ^3.0.5
version: 3.0.5(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(knex@3.1.0(sqlite3@5.1.7))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))
'@keyv/redis':
specifier: ^2.8.5
version: 2.8.5
@@ -43,6 +46,9 @@ importers:
openid-client:
specifier: ^5.6.5
version: 5.6.5
uuid:
specifier: ^11.1.0
version: 11.1.0
devDependencies:
'@directus/errors':
specifier: ^0.3.2
@@ -300,6 +306,9 @@ packages:
'@directus/constants@13.0.0':
resolution: {integrity: sha512-R2uuMEJarlq29IPH9Pqe11U74mDqQWBHWhVy77R7ZrnJeZiiayLFoQTlZS4FN8M+ROVrCkIcsg39meNpxEyvpA==}
'@directus/constants@13.0.1':
resolution: {integrity: sha512-7Ls9uiOPiUIRx4qsMud097AqgSytjTc9lygSK+Qiv5aPQbNx3iCiqTcpC99eoHUTWS4bD5cUuzSWIXRoQezCUg==}
'@directus/errors@0.3.2':
resolution: {integrity: sha512-9ovCeuvnUN3UdT8/mGRIh3bRZO/YWLjc3nGAS3LjBQ3ww/qyMjy5eol/Snz0TV+9AdWryZFxVK+c4T2i05+DaQ==}
@@ -325,12 +334,32 @@ packages:
vue-router:
optional: true
'@directus/extensions@3.0.5':
resolution: {integrity: sha512-w9btk7zEVdeD9cKjzUFPjF9dpnkKngy2GyV3ZmYhJo0Niz/LtAlgJzm8adH0HAbOlf4tCUf3eTAX5Y480d9KSw==}
peerDependencies:
knex: '3'
pino: '9'
vue: ^3.4
vue-router: '4'
peerDependenciesMeta:
knex:
optional: true
pino:
optional: true
vue:
optional: true
vue-router:
optional: true
'@directus/schema@11.0.2':
resolution: {integrity: sha512-iEaS5cKc7Mf236NbCKBvyeRVXSKXYdwU0BAo0NMkQxqS1lpN5okPjjJIoMqJJ8c6aHvkQYOC54KPSQO17n/csg==}
'@directus/schema@13.0.0':
resolution: {integrity: sha512-QrL+HQ6BWyoyQSXNoPNhaFE7OrK/9jcT10TP86qKxWwLt1BQ+yxgWqar53Hh3i4r/dA25qCIXhm9I/SLWqe9SA==}
'@directus/schema@13.0.1':
resolution: {integrity: sha512-kRQ8KER70RUDQL5Caao4OWlw7YQFYXM1TNS7OlwZfvPyEGqAdEIC4z3jTh5ANJpBv2b6XZk+5BMcu+ddFwJ11w==}
'@directus/storage@10.0.13':
resolution: {integrity: sha512-LcViLLABpegq9okHWxAHFyVu190bRhCES77S/1lJIGxhpiOOcVMRR546JZnVtwUxoipllkT1xF60uh8yi7wEQQ==}
@@ -340,6 +369,9 @@ packages:
'@directus/system-data@3.0.0':
resolution: {integrity: sha512-CwhZ/eRWqgmikxNgJONsYzdxGSr1us/35o+fTcTjh9YsLYBzV3d/jNzeU7JjAR1+i9AfFOwrnwQyraPmmS2nrw==}
'@directus/system-data@3.1.0':
resolution: {integrity: sha512-0s7YWuS7DbDRlwcLhKeCDQfLEJAjjy7S4JmV0oMzZO6FMJuN2ah7Sm/oqV/LV0o9H+ftXobq0MlEN6eqazUONA==}
'@directus/themes@1.0.7':
resolution: {integrity: sha512-RBsl+vCKvbuvc0eJVXN8hDsXJwPGPl4yLOnnQiV7L0wW/h27W4jTB0Zf5mdyg+OBVSAxLhGStH5hUDmqWZJLIw==}
peerDependencies:
@@ -347,6 +379,13 @@ packages:
pinia: '2'
vue: ^3.4
'@directus/themes@1.1.0':
resolution: {integrity: sha512-rKKeKY4ivTwVfAysxPGL2GgxD0YHBooVPXN/trBmO+DPokMLhQcbgseeaVmzMFbFlPfmN7Mk4VQYp+s7fDPuqw==}
peerDependencies:
'@unhead/vue': '1'
pinia: '2'
vue: ^3.4
'@directus/tsconfig@1.0.1':
resolution: {integrity: sha512-1LJ8qBWfVFJA4cGK4TnmDVbtPAYVAW8ceZpj93DSOTuPIhfuLWCtSgKNalEZV1JvNUAUYwCktY97+FoQJjYT/A==}
@@ -372,6 +411,17 @@ packages:
vue:
optional: true
'@directus/types@13.1.1':
resolution: {integrity: sha512-q+flW7Xbs9Ka8ruVZybjqTsNPsdKnhQHvxf3lj2PIb32xQJTht+mxxSApYeUO2mADchMLs4Jjdi8IQPMmuQu5A==}
peerDependencies:
knex: '3'
vue: ^3.4
peerDependenciesMeta:
knex:
optional: true
vue:
optional: true
'@directus/utils@11.0.9':
resolution: {integrity: sha512-1yKl3KJON93MKtlHEqQBOyJ/oWpINOOF6DAoi9FBFY6TGVAehk9MSMwKu0MKlL7NeWqqXxfEM6ZtXZLkJjb5ag==}
peerDependencies:
@@ -388,6 +438,14 @@ packages:
vue:
optional: true
'@directus/utils@13.0.4':
resolution: {integrity: sha512-pg8LyrJ2mg+t7voMDL5KvlMCDNMMgE0GQu7kqXfzFThPYbkexyZ/nXUHkSyAcL9ppIo/A5YHuIbPyxMCz0X9xA==}
peerDependencies:
vue: ^3.4
peerDependenciesMeta:
vue:
optional: true
'@esbuild/aix-ppc64@0.25.0':
resolution: {integrity: sha512-O7vun9Sf8DFjH2UtqK8Ku3LkquL9SZL8OLY1T5NZkA34+wG3OQF7cl4Ql8vdNzM6fzBbYfLaiRLIOZ+2FOCgBQ==}
engines: {node: '>=18'}
@@ -1062,6 +1120,9 @@ packages:
'@sinclair/typebox@0.34.13':
resolution: {integrity: sha512-ceVKqyCEgC355Kw0s/0tyfY9MzMQINSykJ/pG2w6YnaZyrcjV48svZpr8lVZrYgWjzOmrIPBhQRAtr/7eJpA5g==}
'@sinclair/typebox@0.34.28':
resolution: {integrity: sha512-e2B9vmvaa5ym5hWgCHw5CstP54au6AOLXrhZErLsOyyRzuWJtXl/8TszKtc5x8rw/b+oY7HKS9m9iRI53RK0WQ==}
'@sindresorhus/merge-streams@2.3.0':
resolution: {integrity: sha512-LtoMMhxAlorcGhmFYI+LhPgbPZCkgP6ra1YL604EeF6U98pLlQ3iWIGMdWSC+vWmPBWBNgmDBAhnAobLROJmwg==}
engines: {node: '>=18'}
@@ -1129,6 +1190,9 @@ packages:
'@types/geojson@7946.0.15':
resolution: {integrity: sha512-9oSxFzDCT2Rj6DfcHF8G++jxBKS7mBqXl5xrRW+Kbvjry6Uduya2iiwqHPhVXpasAVMBYKkEPGgKhd3+/HZ6xA==}
'@types/geojson@7946.0.16':
resolution: {integrity: sha512-6C8nqWur3j98U6+lXDfTUWIfgvZU+EumvpHKcYjujKH7woYyLj2sUmff0tRhrqM7BohUw7Pz3ZB1jj2gW9Fvmg==}
'@types/http-errors@2.0.4':
resolution: {integrity: sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==}
@@ -2373,6 +2437,10 @@ packages:
resolution: {integrity: sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==}
engines: {node: '>=14.14'}
fs-extra@11.3.0:
resolution: {integrity: sha512-Z4XaCL6dUDHfP/jT25jJKMmtxvuwbkrD1vNSMFlo9lNLY2c5FHYSQgHPRZUjAB26TpDEoW9HCOgplrdbaPV/ew==}
engines: {node: '>=14.14'}
fs-minipass@2.1.0:
resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==}
engines: {node: '>= 8'}
@@ -4653,6 +4721,10 @@ packages:
util-deprecate@1.0.2:
resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
uuid@11.1.0:
resolution: {integrity: sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==}
hasBin: true
uuid@8.3.2:
resolution: {integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==}
hasBin: true
@@ -4887,6 +4959,9 @@ packages:
zod@3.24.1:
resolution: {integrity: sha512-muH7gBL9sI1nciMZV67X5fTKKBLtwpZ5VBp1vsOQzj1MhrBZ4wlVCm3gedKZWLp0Oyel8sIGfeiz54Su+OVT+A==}
zod@3.24.2:
resolution: {integrity: sha512-lY7CDW43ECgW9u1TcT3IoXHflywfVqDYze4waEz812jR/bZ8FHDsl7pFQoSZTz5N+2NqRXs8GBwnAwo3ZNxqhQ==}
snapshots:
'@ampproject/remapping@2.3.0':
@@ -5052,6 +5127,8 @@ snapshots:
'@directus/constants@13.0.0': {}
'@directus/constants@13.0.1': {}
'@directus/errors@0.3.2':
dependencies:
'@directus/storage': 10.0.13
@@ -5138,6 +5215,31 @@ snapshots:
- supports-color
- tedious
'@directus/extensions@3.0.5(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(knex@3.1.0(sqlite3@5.1.7))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))':
dependencies:
'@directus/constants': 13.0.1
'@directus/themes': 1.1.0(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(vue@3.5.13(typescript@5.4.5))
'@directus/types': 13.1.1(knex@3.1.0(sqlite3@5.1.7))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))
'@directus/utils': 13.0.4(vue@3.5.13(typescript@5.4.5))
'@types/express': 4.17.21
fs-extra: 11.3.0
lodash-es: 4.17.21
zod: 3.24.2
optionalDependencies:
knex: 3.1.0(sqlite3@5.1.7)
vue: 3.5.13(typescript@5.4.5)
transitivePeerDependencies:
- '@unhead/vue'
- better-sqlite3
- mysql
- mysql2
- pg
- pg-native
- pinia
- sqlite3
- supports-color
- tedious
'@directus/schema@11.0.2(sqlite3@5.1.7)':
dependencies:
knex: 3.1.0(sqlite3@5.1.7)
@@ -5164,12 +5266,27 @@ snapshots:
- supports-color
- tedious
'@directus/schema@13.0.1(sqlite3@5.1.7)':
dependencies:
knex: 3.1.0(sqlite3@5.1.7)
transitivePeerDependencies:
- better-sqlite3
- mysql
- mysql2
- pg
- pg-native
- sqlite3
- supports-color
- tedious
'@directus/storage@10.0.13': {}
'@directus/system-data@1.0.4': {}
'@directus/system-data@3.0.0': {}
'@directus/system-data@3.1.0': {}
'@directus/themes@1.0.7(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(vue@3.5.13(typescript@5.4.5))':
dependencies:
'@directus/utils': 13.0.0(vue@3.5.13(typescript@5.4.5))
@@ -5181,6 +5298,17 @@ snapshots:
pinia: 2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5))
vue: 3.5.13(typescript@5.4.5)
'@directus/themes@1.1.0(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(vue@3.5.13(typescript@5.4.5))':
dependencies:
'@directus/utils': 13.0.4(vue@3.5.13(typescript@5.4.5))
'@sinclair/typebox': 0.34.28
'@unhead/vue': 1.9.12(vue@3.5.13(typescript@5.4.5))
decamelize: 6.0.0
flat: 6.0.1
lodash-es: 4.17.21
pinia: 2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5))
vue: 3.5.13(typescript@5.4.5)
'@directus/tsconfig@1.0.1': {}
'@directus/types@11.1.2(knex@3.1.0(sqlite3@5.1.7))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))':
@@ -5219,6 +5347,24 @@ snapshots:
- supports-color
- tedious
'@directus/types@13.1.1(knex@3.1.0(sqlite3@5.1.7))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))':
dependencies:
'@directus/constants': 13.0.1
'@directus/schema': 13.0.1(sqlite3@5.1.7)
'@types/geojson': 7946.0.16
optionalDependencies:
knex: 3.1.0(sqlite3@5.1.7)
vue: 3.5.13(typescript@5.4.5)
transitivePeerDependencies:
- better-sqlite3
- mysql
- mysql2
- pg
- pg-native
- sqlite3
- supports-color
- tedious
'@directus/utils@11.0.9(vue@3.5.13(typescript@5.4.5))':
dependencies:
'@directus/constants': 11.0.4
@@ -5245,6 +5391,19 @@ snapshots:
optionalDependencies:
vue: 3.5.13(typescript@5.4.5)
'@directus/utils@13.0.4(vue@3.5.13(typescript@5.4.5))':
dependencies:
'@directus/constants': 13.0.1
'@directus/system-data': 3.1.0
date-fns: 4.1.0
fs-extra: 11.3.0
joi: 17.13.3
js-yaml: 4.1.0
lodash-es: 4.17.21
micromustache: 8.0.3
optionalDependencies:
vue: 3.5.13(typescript@5.4.5)
'@esbuild/aix-ppc64@0.25.0':
optional: true
@@ -5863,6 +6022,8 @@ snapshots:
'@sinclair/typebox@0.34.13': {}
'@sinclair/typebox@0.34.28': {}
'@sindresorhus/merge-streams@2.3.0': {}
'@tootallnate/once@1.1.2':
@@ -5932,6 +6093,8 @@ snapshots:
'@types/geojson@7946.0.15': {}
'@types/geojson@7946.0.16': {}
'@types/http-errors@2.0.4': {}
'@types/js-yaml@4.0.9': {}
@@ -7426,6 +7589,12 @@ snapshots:
jsonfile: 6.1.0
universalify: 2.0.1
fs-extra@11.3.0:
dependencies:
graceful-fs: 4.2.11
jsonfile: 6.1.0
universalify: 2.0.1
fs-minipass@2.1.0:
dependencies:
minipass: 3.3.6
@@ -9788,6 +9957,8 @@ snapshots:
util-deprecate@1.0.2: {}
uuid@11.1.0: {}
uuid@8.3.2: {}
v8-compile-cache-lib@3.0.1: {}
@@ -10022,3 +10193,5 @@ snapshots:
zhead@2.2.4: {}
zod@3.24.1: {}
zod@3.24.2: {}

7
src/external-jwt/authProvider/get-auth-providers.ts
View File

@@ -28,12 +28,14 @@ export interface AuthProvider {
role_key?: string;
JWKSClient?: JwksClient;
use_database?: boolean;
initial_role?: string;
}
export async function getAuthProviders(): Promise<AuthProvider[]> {
console.log("calling auth providers")
console.log("calling auth providers _")
return new Promise((resolve, reject) => {
const authProviders: AuthProvider[] = toArray(env['AUTH_PROVIDERS'])
.filter((provider) => provider && env[`AUTH_${provider.toUpperCase()}_DRIVER`] === ('openid' || 'oauth2'))
@@ -52,6 +54,8 @@ export async function getAuthProviders(): Promise<AuthProvider[]> {
client_id: env[`AUTH_${provider.toUpperCase()}_CLIENT_ID`],
client_secret: env[`AUTH_${provider.toUpperCase()}_CLIENT_SECRET`],
use_database: env[`AUTH_${provider.toUpperCase()}_JWT_USEDB`],
initial_role: env[`AUTH_${provider.toUpperCase()}_INITIAL_ROLE`]
}));
@@ -78,6 +82,7 @@ export async function getAuthProviders(): Promise<AuthProvider[]> {
}
Promise.all(promises).then((values) => {
console.log("resolved auth providers", values)
resolve(values);
}).catch((error) => {
reject(error);

136
src/external-jwt/get-accountability-for-token.ts
View File

@@ -1,10 +1,10 @@
import type { Accountability } from '@directus/types';
import { getAuthProviders } from './authProvider/get-auth-providers.js';
import { verify_token } from './verify-token.js';
import { CacheEnabled, CacheGet, CacheSet } from './cache.js';
import type { Knex } from 'knex';
import type { Accountability } from "@directus/types";
import { getAuthProviders } from "./authProvider/get-auth-providers.js";
import { verify_token } from "./verify-token.js";
import { CacheEnabled, CacheGet, CacheSet } from "./cache.js";
import type { Knex } from "knex";
import * as uuid from "uuid";
const authProviders = await getAuthProviders();
@@ -14,15 +14,51 @@ const NoValidKeysError = createError('INVALID_JWKS_ISSUER_ERROR', 'could not ret
const NoAuthProvidersError = createError('INVALID_JWKS_ISSUER_ERROR', 'No auth providers in the list', 500);
*/
const getUser = async (
database: Knex,
externalIdentifier: string | undefined,
provider: string
) => {
return database
.select(
"directus_users.id",
"directus_users.role",
"directus_policies.admin_access"
)
.from("directus_users")
.leftJoin("directus_roles", "directus_users.role", "directus_roles.id")
.leftJoin("directus_access", "directus_users.role", "directus_access.role")
.leftJoin(
"directus_policies",
"directus_access.policy",
"directus_policies.id"
)
.where({
"directus_users.external_identifier": externalIdentifier,
"directus_users.provider": provider,
})
.first();
};
const insertUser = async (database: Knex, user: Record<string, any>) => {
return database("directus_users").insert(user).returning("*");
};
// TODO: optimize this function, reduce the amount of loops
export async function getAccountabilityForToken(
token: string | null,
iss: string[] | string | undefined,
accountability: Accountability | null,
database: Knex
): Promise<Accountability> {
console.log(
"getAccountabilityForToken called with token",
token,
"and iss",
iss,
"and accountability",
accountability
);
if (accountability == null) {
accountability = {
user: null,
@@ -33,92 +69,102 @@ export async function getAccountabilityForToken(
}
if (token == null || iss == null) {
return accountability
return accountability;
}
const providers = authProviders.filter((provider) => provider.issuer_url && iss.includes(provider.issuer_url));
const providers = authProviders.filter(
(provider) =>
provider.issuer_url && provider.issuer_url.includes(iss.toString())
);
if (providers.length === 0) return accountability;
if (providers.length > 1) {
return accountability;
}
const provider = providers[0];
try {
const result = await verify_token(provider, token);
const result = await verify_token(provider, token)
if(provider.use_database) { // use database to get user
if (provider.use_database) {
// use database to get user
// TODO: Add caching to this function
if (CacheEnabled() && result.sub) {
const cachedAccountability = await CacheGet(result.sub);
if (cachedAccountability) {
return cachedAccountability;
}
}
const user = await database
.select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')
.from('directus_users')
.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
.where({
'directus_users.external_identifier': result.sub,
'directus_users.provider': provider.name,
})
.first();
try {
let user = await getUser(database, result.sub, provider.name);
console.debug("User found in database:", user);
if (!user) {
return accountability;
const role = provider.initial_role
user = await insertUser(database, {
id: uuid.v4(),
role: role,
provider: provider.name,
external_identifier: result.sub,
});
console.debug("Inserted new user:", user);
}
if (user) {
// return accountability;
accountability.user = user.id;
accountability.role = user.role;
accountability.admin = user.admin_access === true || user.admin_access == 1;
accountability.admin =
user.admin_access === true || user.admin_access == 1;
accountability.app = user.app_access === true || user.app_access == 1;
if (CacheEnabled() && result.sub) {
CacheSet(result.sub, accountability);
}
console.log(
"Returning accountability from database:",
accountability
);
return accountability;
}
} catch (error) {
console.error("Error getting user from database:", error);
return accountability;
}
}
// check if role key is set else try role key
if (provider.role_key != null) {
if(typeof result[provider.role_key] === 'string') {
if (typeof result[provider.role_key] === "string") {
accountability.role = result[provider.role_key];
}
if(typeof result[provider.role_key] === 'object') {
accountability.role = ''
if (typeof result[provider.role_key] === "object") {
accountability.role = "";
}
if (result[provider.role_key].instanceOf(Array)) {
accountability.role = result[provider.role_key][0];
}
}
if(provider.admin_key != null) {
accountability.admin = result[provider.admin_key];
}
if(provider.app_key != null) {
accountability.app = result[provider.app_key];
}
accountability.user = result.sub;
// if (provider.admin_key != null) {
// accountability.admin = result[provider.admin_key];
// }
// if (provider.app_key != null) {
// accountability.app = result[provider.app_key];
// }
// accountability.user = result.sub;
// accountability.role = "d737d4bd-ae35-4a68-a907-e913bcdfcc53";
// accountability.admin = true;
// accountability.app = true;
} catch (error) {
return accountability;
}
return accountability;
}

3
src/index.ts
View File

@@ -10,6 +10,7 @@ export default defineHook<HookConfig>(({ filter }) => {
// get all configuration
filter('authenticate', (defaultAccountability: Accountability, event, context: EventContext) => {
console.log("authenticate hook called");
const req = <Request>event['req'];
if(!req.token) return defaultAccountability;
@@ -20,6 +21,7 @@ export default defineHook<HookConfig>(({ filter }) => {
const decodedToken = jwt.decode(req.token);
console.log("decoded token", decodedToken);
if(typeof decodedToken === 'string' || decodedToken == null) return defaultAccountability; // if token is not a jwt, let directus handle it
if(decodedToken?.iss == 'directus') return defaultAccountability; // if token issued by directus, let directus handle it
@@ -30,6 +32,7 @@ export default defineHook<HookConfig>(({ filter }) => {
return getAccountabilityForToken(req.token, decodedToken?.iss, context.accountability, context.database)
});
/*filter('auth.jwt', (status, user, provider) => {
})*/