update docs

.vscode/settings.json

@@ -1,5 +1,6 @@
 {
   "cSpell.words": [
+    "keyof",
     "morty",
     "njwt",
     "rebac",

README.md

@@ -62,6 +62,17 @@ const authClient = new Authorizer({
 - `tenantId`: Aserto tenant ID (_required_ if using hosted authorizer)
 - `channelCredentials`: [gRPC channelCredentials](https://github.com/grpc/grpc-node/blob/master/packages/grpc-js/src/channel-credentials.ts)
 
+### Topaz
+```ts
+import { getSSLCredentials } from "@aserto/aserto-node";
+
+const ssLcredentials = getSSLCredentials()
+
+const authClient = new Authorizer({
+  authorizerServiceUrl: "localhost:8282",
+}, ssLcredentials);
+
+```
 
 ### Methods
 ```ts
@@ -156,10 +167,10 @@ type CheckOptions = {
 
 type ResourceMapper =
   | ResourceContext
-  | ((req: Request) => Promise<ResourceContext>);
+  | ((req?: Request) => Promise<ResourceContext>);
 
-type IdentityMapper = (req: Request) => Promise<IdentityContext>;
-type PolicyMapper = (req: Request) => Promise<PolicyContext>;
+type IdentityMapper = (req?: Request) => Promise<IdentityContext>;
+type PolicyMapper = (req?: Request) => Promise<PolicyContext>;
 ```
 
 #### Methods
@@ -250,6 +261,27 @@ const restMw = new Middleware({
 })
 ```
 
+### Policy
+
+The authorization policy's ID and the decision to be evaluated are specified when creating authorization Middleware, but the policy path is often derived from the URL or method being called.
+
+By default, the policy path is derived from the URL path
+
+To provide custom logic, use a PolicyMapper. For example:
+
+```ts
+// needs to return an IdentityContext
+import { identityContext } from "@aserto/aserto-node";
+
+const restMw = new Middleware({
+  client: authClient,
+  policy: policy,
+  policyMapper: async () => {
+    return policyContext('path', ['decission'])
+  }
+})
+```
+
 #### Resource
 A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, the request params are included in the ResourceContext
 
@@ -259,12 +291,60 @@ This behavior can be overwritten by providing a custom function:
 const restMw = new Middleware({
   client: authClient,
   policy: policy,
-  resourceMapper: async (req: express.Request) => {
+  resourceMapper: async () => {
     return { customKey: "customValue" };
   },
 })
 ```
 
+#### Mappers
+
+##### Resource
+
+```ts
+// provies a custom resource context,
+type ResourceMapper =
+  | ResourceContext
+  | ((req?: Request) => Promise<ResourceContext>);
+
+// examples
+async (req: Request) => { return { customKey: req.params.id } };
+// or just a plain resource context
+{ customKey: "customValue" }
+```
+
+##### Identity
+
+```ts
+type IdentityMapper = (req?: Request) => Promise<IdentityContext>;
+
+// You can also use the built-in policyContext function to create a identity context and pass it as the mapper response
+identityContext = (value: string, type: keyof IdentityTypeMap)
+
+IdentityTypeMap {
+  IDENTITY_TYPE_UNKNOWN: 0;
+  IDENTITY_TYPE_NONE: 1;
+  IDENTITY_TYPE_SUB: 2;
+  IDENTITY_TYPE_JWT: 3;
+}
+
+// example
+identityContext("[email protected]", "IDENTITY_TYPE_SUB")
+```
+
+##### Policy
+
+```ts
+type PolicyMapper = (req?: Request) => Promise<PolicyContext>;
+
+
+// You can also use the built-in policyContext function to create a policy context and pass it as the mapper response
+policyContext = (policyPath: string, decisionsList: Array<string> = ["allowed"])
+
+// Example
+policyContext("todoApp.POST.todos", ["allowed"])
+```
+
 ## Directory
 
 The Directory APIs can be used to get or set object instances and relation instances. They can also be used to check whether a user has a permission or relation on an object instance.

lib/index.ts

@@ -11,6 +11,7 @@ import { displayStateMap } from "./displayStateMap";
 import { Directory, DirectoryConfig, ds } from "./ds";
 import { is } from "./is";
 import { AuthzOptions, jwtAuthz } from "./jwtAuthz";
+import getSSLCredentials from "./ssl";
 export {
   is,
   jwtAuthz,
@@ -30,4 +31,5 @@ export {
   identityContext,
   policyContext,
   policyInstance,
+  getSSLCredentials,
 };

lib/processOptions.ts

@@ -6,7 +6,7 @@ import { ChannelCredentials } from "@grpc/grpc-js";
 import { IdentityContextOptions } from "./identityContext";
 import { AuthzOptions } from "./jwtAuthz";
 import { log } from "./log";
-import { getSSLCredentials } from "./ssl";
+import getSSLCredentials from "./ssl";
 
 export default (
   options: AuthzOptions,

lib/ssl.ts

@@ -2,8 +2,8 @@ import { readFileSync } from "fs";
 import { ChannelCredentials, credentials } from "@grpc/grpc-js";
 
 const getSSLCredentials: (ca: string) => ChannelCredentials = (ca) => {
-  const root_cert = readFileSync(ca); // new
-  return credentials.createSsl(root_cert); // new
+  const root_cert = readFileSync(ca);
+  return credentials.createSsl(root_cert);
 };
 
-export { getSSLCredentials };
+export default getSSLCredentials;