doraig
10/22/2022, 7:06 PMrp
10/23/2022, 4:32 AMdoraig
10/23/2022, 8:30 AMrp
10/23/2022, 3:22 PMdoraig
10/23/2022, 9:44 PMrp
10/24/2022, 5:28 AMts
import { SessionClaimValidator } from "supertokens-node/recipe/session"
import UserRoles from "supertokens-node/recipe/userroles";
let MyCustomClaimValidator: (runOPARule: (roles: string[]) => Promise<boolean>, maxAgeInSeconds?: number) => SessionClaimValidator = (runOPARule, maxAgeInSeconds) => {
return {
...UserRoles.UserRoleClaim.validators.excludes("", maxAgeInSeconds),
validate: async (payload: any, userContext: any): Promise<ClaimValidationResult> => {
let roles = UserRoles.UserRoleClaim.getValueFromPayload(payload);
if (roles === undefined) {
return {
isValid: false,
reason: {
"message": "No roles in the session claim"
}
}
}
let isValid = await runOPARule(roles)
if (!isValid) {
return {
isValid: false,
reason: {
"message": "Failed OPA check"
}
}
}
return {
isValid: true
}
}
}
}
verifySession({
overrideGlobalClaimValidators: (globalClaimValidators) => {
return [...globalClaimValidators,
MyCustomClaimValidator(async (roles) => {
// TODO: define OPA check
return true;
})]
}
})