plug opa in auth

2026-01-12 05:42:40 +00:00 · 2023-01-17 16:39:24 +01:00
parent 3d2bb613bd
commit 972d43ac30
27 changed files with 473 additions and 101 deletions
--- a/src/modules/authorization/domain/dtos/action.enum.ts
+++ b/src/modules/authorization/domain/dtos/action.enum.ts
@@ -0,0 +1,7 @@
+export enum Action {
+  create = 'create',
+  read = 'read',
+  update = 'update',
+  delete = 'delete',
+  list = 'list',
+}
--- a/src/modules/authorization/domain/dtos/decision.request.ts
+++ b/src/modules/authorization/domain/dtos/decision.request.ts
@@ -0,0 +1,20 @@
+import { IsArray, IsNotEmpty, IsString } from 'class-validator';
+import { Action } from './action.enum';
+import { Domain } from './domain.enum';
+
+export class DecisionRequest {
+  @IsString()
+  @IsNotEmpty()
+  uuid: string;
+
+  @IsString()
+  @IsNotEmpty()
+  domain: Domain;
+
+  @IsString()
+  @IsNotEmpty()
+  action: Action;
+
+  @IsArray()
+  context?: Array<{ name: string; value: string }>;
+}
--- a/src/modules/authorization/domain/dtos/domain.enum.ts
+++ b/src/modules/authorization/domain/dtos/domain.enum.ts
@@ -0,0 +1,3 @@
+export enum Domain {
+  user = 'user',
+}
--- a/src/modules/authorization/domain/dtos/validate-authorization.request.ts
+++ b/src/modules/authorization/domain/dtos/validate-authorization.request.ts
@@ -1,11 +0,0 @@
-import { IsNotEmpty, IsString } from 'class-validator';
-
-export class ValidateAuthorizationRequest {
-  @IsString()
-  @IsNotEmpty()
-  uuid: string;
-
-  @IsString()
-  @IsNotEmpty()
-  action: string;
-}
--- a/src/modules/authorization/domain/entities/authorization.ts
+++ b/src/modules/authorization/domain/entities/authorization.ts
@@ -1,4 +0,0 @@
-export class Authorization {
-  uuid: string;
-  action: string;
-}
--- a/src/modules/authorization/domain/interfaces/decision-maker.ts
+++ b/src/modules/authorization/domain/interfaces/decision-maker.ts
@@ -0,0 +1,13 @@
+import { Injectable } from '@nestjs/common';
+import { Action } from '../dtos/action.enum';
+import { Domain } from '../dtos/domain.enum';
+
+@Injectable()
+export abstract class IMakeDecision {
+  abstract decide(
+    uuid: string,
+    domain: Domain,
+    action: Action,
+    context: Array<{ name: string; value: string }>,
+  ): Promise<boolean>;
+}
--- a/src/modules/authorization/domain/usecases/decision.usecase.ts
+++ b/src/modules/authorization/domain/usecases/decision.usecase.ts
@@ -0,0 +1,17 @@
+import { QueryHandler } from '@nestjs/cqrs';
+import { OpaDecisionMaker } from '../../adapters/secondaries/opa.decision-maker';
+import { DecisionQuery } from '../../queries/decision.query';
+
+@QueryHandler(DecisionQuery)
+export class DecisionUseCase {
+  constructor(private readonly _decisionMaker: OpaDecisionMaker) {}
+
+  async execute(decisionQuery: DecisionQuery): Promise<boolean> {
+    return this._decisionMaker.decide(
+      decisionQuery.uuid,
+      decisionQuery.domain,
+      decisionQuery.action,
+      decisionQuery.context,
+    );
+  }
+}
--- a/src/modules/authorization/domain/usecases/validate-authorization.usecase.ts
+++ b/src/modules/authorization/domain/usecases/validate-authorization.usecase.ts
@@ -1,9 +0,0 @@
-import { QueryHandler } from '@nestjs/cqrs';
-import { ValidateAuthorizationQuery } from '../../queries/validate-authorization.query';
-
-@QueryHandler(ValidateAuthorizationQuery)
-export class ValidateAuthorizationUseCase {
-  async execute(validate: ValidateAuthorizationQuery): Promise<boolean> {
-    return Promise.resolve(validate.action == 'authorized');
-  }
-}