Merge pull request #5 from tswistak/feature/support-resource-roles

feat(): add support for resource roles

Author: hirsch88

README.md

@@ -151,29 +151,33 @@ const {
   decodedToken,
   username,
   roles,
+  resourceRoles,
   keycloak,
 
   // Functions
   hasRoles,
+  hasResourceRoles,
 } = useKeycloak()
 ```
 
-| State           | Type                        | Description                                            |
-| --------------- | --------------------------- | ------------------------------------------------------ |
-| isAuthenticated | `Ref<boolean>`              | If `true` the user is authenticated.                   |
-| isPending       | `Ref<boolean>`              | If `true` the authentication request is still pending. |
-| hasFailed       | `Ref<boolean>`              | If `true` authentication request has failed.           |
-| token           | `Ref<string>`               | `token` is the raw value of the JWT token.             |
-| decodedToken    | `Ref<T>`                    | `decodedToken` is the decoded value of the JWT token.  |
-| username        | `Ref<string>`               | `username` the name of our user.                       |
-| roles           | `Ref<string[]>`             | `roles` is a list of the users roles.                  |
-| keycloak        | `Keycloak.KeycloakInstance` | `keycloak` is the instance of the keycloak-js adapter. |
+| State           | Type                           | Description                                                         |
+| --------------- | ------------------------------ | ------------------------------------------------------------------- |
+| isAuthenticated | `Ref<boolean>`                 | If `true` the user is authenticated.                                |
+| isPending       | `Ref<boolean>`                 | If `true` the authentication request is still pending.              |
+| hasFailed       | `Ref<boolean>`                 | If `true` authentication request has failed.                        |
+| token           | `Ref<string>`                  | `token` is the raw value of the JWT token.                          |
+| decodedToken    | `Ref<T>`                       | `decodedToken` is the decoded value of the JWT token.               |
+| username        | `Ref<string>`                  | `username` the name of our user.                                    |
+| roles           | `Ref<string[]>`                | `roles` is a list of the users roles.                               |
+| resourceRoles   | `Ref<Record<string, string[]>` | `resourceRoles` is a list of the users roles in specific resources. |
+| keycloak        | `Keycloak.KeycloakInstance`    | `keycloak` is the instance of the keycloak-js adapter.              |
 
 #### Functions
 
-| Function | Type                           | Description                                                  |
-| -------- | ------------------------------ | ------------------------------------------------------------ |
-| hasRoles | `(roles: string[]) => boolean` | `hasRoles` returns true if the user has all the given roles. |
+| Function         | Type                                             | Description                                                                        |
+| ---------------- | ------------------------------------------------ | ---------------------------------------------------------------------------------- |
+| hasRoles         | `(roles: string[]) => boolean`                   | `hasRoles` returns true if the user has all the given roles.                       |
+| hasResourceRoles | `(roles: string[], resource: string) => boolean` | `hasResourceRoles` returns true if the user has all the given roles in a resource. |
 
 # License
 

src/composable.test.ts

@@ -26,4 +26,20 @@ describe('useKeycloak', () => {
       expect(hasRoles(null)).toBe(false)
     })
   })
+  describe('hasResourceRoles', () => {
+    test('should tell if the user has the role in a resource or not and is authenticated', () => {
+      state.isAuthenticated = true
+      state.resourceRoles = { myApp: ['my-role', 'my-other-role'] }
+      const { hasResourceRoles } = useKeycloak()
+
+      expect(hasResourceRoles(['my-role', 'my-other-role'], 'myApp')).toBe(true)
+      expect(hasResourceRoles(['my-role', 'not-my-role'], 'myApp')).toBe(false)
+      expect(hasResourceRoles(['my-role', 'my-other-role'], undefined)).toBe(false)
+      expect(hasResourceRoles(['my-role', 'my-other-role'], null)).toBe(false)
+      expect(hasResourceRoles(undefined, undefined)).toBe(false)
+      expect(hasResourceRoles(undefined, 'myApp')).toBe(false)
+      expect(hasResourceRoles(null, null)).toBe(false)
+      expect(hasResourceRoles(null, 'myApp')).toBe(false)
+    })
+  })
 })

src/composable.ts

@@ -11,8 +11,10 @@ export interface KeycloakComposable {
   token: Ref<string>
   username: Ref<string>
   roles: Ref<string[]>
+  resourceRoles: Ref<Record<string, string[]>>
   keycloak: KeycloakInstance
   hasRoles: (roles: string[]) => boolean
+  hasResourceRoles: (roles: string[], resource: string) => boolean
 }
 
 export const useKeycloak = (): KeycloakComposable => {
@@ -21,5 +23,10 @@ export const useKeycloak = (): KeycloakComposable => {
     keycloak: getKeycloak(),
     hasRoles: (roles: string[]) =>
       !isNil(roles) && state.isAuthenticated && roles.every(role => state.roles.includes(role)),
+    hasResourceRoles: (roles: string[], resource: string) =>
+      !isNil(roles) &&
+      !isNil(resource) &&
+      state.isAuthenticated &&
+      roles.every(role => state.resourceRoles[resource].includes(role)),
   }
 }

src/state.test.ts

@@ -2,7 +2,7 @@ import { state, setToken } from './state'
 
 describe('state', () => {
   const token =
-    'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJteS1uYW1lIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm15LXJvbGUiXX19.caCXjtPtGJ84gjyWZRZwOPJE0hfMYpbD34KJhA_aASU'
+    'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJteS1uYW1lIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm15LXJvbGUiXX0sInJlc291cmNlX2FjY2VzcyI6eyJteS1hcHAiOnsicm9sZXMiOlsibXktcm9sZSJdfX19.oAnF7H8DndIWOb2KeHntbzwf6h7VjZlxt5AR2KPZTBU'
 
   test('should have the correct inital values', () => {
     expect(state.isAuthenticated).toBe(false)
@@ -11,6 +11,7 @@ describe('state', () => {
     expect(state.token).toBe('')
     expect(state.username).toBe('')
     expect(state.roles).toStrictEqual([])
+    expect(state.resourceRoles).toStrictEqual({});
   })
 
   test('should update the state', () => {
@@ -19,5 +20,6 @@ describe('state', () => {
     expect(state.token).toBe(token)
     expect(state.username).toBe('my-name')
     expect(state.roles).toStrictEqual(['my-role'])
+    expect(state.resourceRoles).toStrictEqual({ 'my-app': ['my-role'] })
   })
 })

src/state.ts

@@ -9,6 +9,7 @@ export interface KeycloakState<T = unknown> {
   decodedToken: T
   username: string
   roles: string[]
+  resourceRoles: Record<string, string[]>
 }
 
 export const state = reactive<KeycloakState>({
@@ -19,13 +20,15 @@ export const state = reactive<KeycloakState>({
   decodedToken: {},
   username: '',
   roles: [] as string[],
+  resourceRoles: {},
 })
 
 interface TokenContent {
   preferred_username: string
   realm_access: {
     roles: string[]
   }
+  resource_access: Record<string, { roles: string[] }>
 }
 
 export const setToken = (token: string): void => {
@@ -34,6 +37,9 @@ export const setToken = (token: string): void => {
   state.decodedToken = content
   state.roles = content.realm_access.roles
   state.username = content.preferred_username
+  state.resourceRoles = content.resource_access ? Object.fromEntries(
+    Object.entries(content.resource_access).map(([key, value]) => [key, value.roles]),
+  ) : {};
 }
 
 export const hasFailed = (value: boolean): void => {