aulasoftwarelibre
diff --git a/‎.gitignore
Lines changed: 130 additions & 0 deletions b/‎.gitignore
Lines changed: 130 additions & 0 deletions
diff --git a/‎.husky/commit-msg
Lines changed: 4 additions & 0 deletions b/‎.husky/commit-msg
Lines changed: 4 additions & 0 deletions
diff --git a/‎.husky/pre-commit
Lines changed: 4 additions & 0 deletions b/‎.husky/pre-commit
Lines changed: 4 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 89 additions & 0 deletions b/‎README.md
Lines changed: 89 additions & 0 deletions
diff --git a/‎next-env.d.ts
Lines changed: 4 additions & 0 deletions b/‎next-env.d.ts
Lines changed: 4 additions & 0 deletions
diff --git a/‎package.json
Lines changed: 112 additions & 0 deletions b/‎package.json
Lines changed: 112 additions & 0 deletions
diff --git a/‎src/auth/access-map.ts
Lines changed: 37 additions & 0 deletions b/‎src/auth/access-map.ts
Lines changed: 37 additions & 0 deletions
@@ -0,0 +1,130 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npx --no -- commitlint --edit ${1}
@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npx lint-staged
@@ -0,0 +1,89 @@
+# RBAC NextAuth.js firewall
+
+This package is a plugin for [NextAuth](https://next-auth.js.org/) version 5 that adds a
+Role-Based Access Control (RBAC) authorization layer to your authentication setup. 
+The RBAC implementation is inspired by [Symfony](https://symfony.com).
+
+## Installation
+
+To install the `@aulasoftwarelibre/next-auth-firewall` package, run:
+
+```bash yarn2npm
+npm install @aulasoftwarelibre/next-auth-firewall
+```
+
+## Setup
+
+### Change auth.ts
+
+Replace the content of your auth.ts file with the following code:
+
+```typescript
+import NextAuthFirewall from '@aulasoftwarelibre/next-auth-firewall'
+import authConfig from '@/lib/auth/auth.config'
+
+export const {
+  auth,
+  firewallHandler,
+  handlers: { GET, POST },
+  signIn,
+  signOut,
+  update,
+} = NextAuthFirewall(authConfig)
+```
+
+### Change middleware.ts
+
+Update your middleware.ts file with the following code:
+
+```typescript
+import NextAuthFirewall from '@aulasoftwarelibre/next-auth-firewall'
+import authConfig from '@/lib/auth/auth.config'
+
+export default NextAuthFirewall(authConfig).auth
+
+export const config = {
+  matcher: [
+    '/((?!api|_next/static|_next/image|favicon.ico).*)',
+  ],
+}
+```
+
+### Add Firewall Router
+
+Create a new file src/app/api/auth/firewall/route.ts and add the following code:
+
+```typescript
+import { firewallHandler } from '@/lib/auth/auth'
+
+const { POST } = firewallHandler
+
+export { POST }
+```
+
+### Update auth.config.ts
+
+Modify your auth.config.ts file to replace the authorize callback with access control rules. Here's an example:
+
+```typescript
+import type { NextAuthFirewallConfig } from '@aulasoftwarelibre/next-auth-firewall'
+
+const authConfig = {
+    accessControl: [
+        {
+            path: '^/(signout|settings)',
+            roles: 'IS_AUTHENTICATED',
+        },
+        {
+            path: '^/',
+            roles: 'PUBLIC_ACCESS',
+        },
+    ],
+    // ...
+} as NextAuthFirewallConfig
+
+export default authConfig
+```
+
+Make sure to configure the adapter as per your requirements.
+
@@ -0,0 +1,4 @@
+/// <reference types="next" />
+
+// NOTE: This file should not be edited
+// see https://nextjs.org/docs/basic-features/typescript for more information.
@@ -0,0 +1,112 @@
+{
+  "name": "@aulasoftwarelibre/next-auth-firewall",
+  "version": "0.1.0",
+  "description": "Firewall for NextAuth",
+  "type": "module",
+  "repository": "https://github.com/aulasoftwarelibre/next-auth-firewall",
+  "author": "Sergio Gómez <sergio@uco.es>",
+  "license": "EUPL-1.2",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "/dist"
+  ],
+  "scripts": {
+    "prebuild": "rimraf dist/",
+    "build": "tsc",
+    "build:watch": "tsc --watch",
+    "lint": "eslint --fix src/ tests/",
+    "prepare": "husky install",
+    "test": "jest --watchAll",
+    "test:ci": "jest"
+  },
+  "dependencies": {
+    "@auth/core": "experimental",
+    "next": "^14.0.0",
+    "next-auth": "^5.0.0-beta.3"
+  },
+  "devDependencies": {
+    "@commitlint/cli": "^18.4.2",
+    "@commitlint/config-conventional": "^18.4.2",
+    "@types/jest": "^29.5.8",
+    "@typescript-eslint/eslint-plugin": "^6.11.0",
+    "@typescript-eslint/parser": "^6.11.0",
+    "eslint": "^8.54.0",
+    "eslint-config-prettier": "^9.0.0",
+    "eslint-plugin-import": "^2.29.0",
+    "eslint-plugin-jest": "^27.6.0",
+    "eslint-plugin-prettier": "^5.0.1",
+    "eslint-plugin-simple-import-sort": "^10.0.0",
+    "eslint-plugin-sort": "^2.11.0",
+    "eslint-plugin-unused-imports": "^3.0.0",
+    "husky": "^8.0.3",
+    "jest": "^29.7.0",
+    "lint-staged": "^15.1.0",
+    "prettier": "^3.1.0",
+    "rimraf": "^5.0.5",
+    "ts-jest": "^29.1.1",
+    "typescript": "^5.2.2"
+  },
+  "eslintConfig": {
+    "env": {
+      "node": true,
+      "jest": true
+    },
+    "extends": [
+      "plugin:@typescript-eslint/recommended",
+      "plugin:prettier/recommended",
+      "plugin:jest/recommended"
+    ],
+    "parser": "@typescript-eslint/parser",
+    "plugins": [
+      "@typescript-eslint",
+      "import",
+      "simple-import-sort",
+      "sort",
+      "unused-imports",
+      "prettier"
+    ],
+    "root": true,
+    "rules": {
+      "@typescript-eslint/no-shadow": "error",
+      "@typescript-eslint/no-unused-vars": [
+        "error",
+        {
+          "ignoreRestSiblings": true
+        }
+      ],
+      "camelcase": "error",
+      "default-case-last": "error",
+      "default-param-last": "error",
+      "dot-notation": "error",
+      "eqeqeq": "error",
+      "import/first": "error",
+      "import/newline-after-import": "error",
+      "import/no-duplicates": "error",
+      "no-shadow": "off",
+      "simple-import-sort/exports": "error",
+      "simple-import-sort/imports": "error",
+      "sort/destructuring-properties": "error",
+      "sort/object-properties": "error",
+      "sort/type-properties": "error",
+      "unused-imports/no-unused-imports": "error",
+      "prettier/prettier": "error"
+    }
+  },
+  "prettier": {
+    "semi": false,
+    "singleQuote": true,
+    "trailingComma": "all"
+  },
+  "lint-staged": {
+    "*.{js,jsx,ts,tsx}": "eslint --fix"
+  },
+  "commitlint": {
+    "extends": [
+      "@commitlint/config-conventional"
+    ]
+  },
+  "jest": {
+    "preset": "ts-jest"
+  }
+}
@@ -0,0 +1,37 @@
+import { NextRequest } from 'next/server'
+
+import RequestMatcherInterface from '../request/request-matcher/request-matcher-interface'
+import { AccessControlRole, InternalRole } from '../types'
+
+interface AccessMapEntry {
+  matcher: RequestMatcherInterface
+  roles: string[]
+}
+
+interface AccessMapPattern {
+  roles: string[] | InternalRole[] | null
+}
+
+export default class AccessMap {
+  private readonly map: AccessMapEntry[]
+
+  constructor() {
+    this.map = []
+  }
+
+  add(matcher: RequestMatcherInterface, roles: AccessControlRole) {
+    this.map.push({ matcher, roles: Array.isArray(roles) ? roles : [roles] })
+  }
+
+  pattern(request: Request | NextRequest): AccessMapPattern {
+    for (const accessMap of this.map) {
+      if (accessMap.matcher === null || accessMap.matcher.matches(request)) {
+        const { roles } = accessMap
+
+        return { roles }
+      }
+    }
+
+    return { roles: null }
+  }
+}