Fork: 0
jason / express-blog
Transfer to URL with SHA Find file
Newer
Older
express-blog / src / utils / evaluateRules.js
@Jason Poage Jason Poage on 30 Mar 1 KB modified: content
Raw Blame History 
// src/utils/evaluateRules.js

/**
 * Validates a single rule string against identity and groups.
 */
function checkRule(rule, identity, groups) {
  const [type, value] = rule.split(":");
  if (type === "group") return groups.includes(value);
  if (type === "user") return identity === value;
  return false;
}

/**
 * Evaluates access rules against the current identity context.
 * * Rules:
 * - Outer array: Logical OR (Success if any requirement block passes)
 * - Inner array: Logical AND (Success if all rules in the block pass)
 * * @param {Array<Array<string>>} rules - Nested rule set
 * @param {Object} auth - { isAuthenticated, user, groups }
 */
function evaluateRules(rules, session) {
  if (!rules || !rules.length) return true;

  // Map identity from standard OIDC claims (preferred_username/name)
  const identity = session.user || session.preferred_username || session.name;
  const groups = session.groups || [];

  return rules.some((requirement) =>
    requirement.every((rule) => checkRule(rule, identity, groups)),
  );
}
module.exports = { evaluateRules };