Some checks failed
CI/CD Pipeline / Solidity Contracts (push) Failing after 1m18s
CI/CD Pipeline / Security Scanning (push) Successful in 2m34s
CI/CD Pipeline / Lint and Format (push) Failing after 54s
CI/CD Pipeline / Terraform Validation (push) Failing after 27s
CI/CD Pipeline / Kubernetes Validation (push) Successful in 28s
Deploy ChainID 138 / Deploy ChainID 138 (push) Failing after 39s
HYBX OMNL TypeScript & anchor / token-aggregation build + reconcile artifact (push) Failing after 31s
Validation / validate-genesis (push) Successful in 28s
Validation / validate-terraform (push) Failing after 31s
Validation / validate-kubernetes (push) Failing after 11s
Validation / validate-smart-contracts (push) Failing after 11s
Validation / validate-security (push) Failing after 1m27s
Validation / validate-documentation (push) Failing after 21s
Verify Deployment / Verify Deployment (push) Has been cancelled
Co-authored-by: Cursor <cursoragent@cursor.com>
41 lines
1.5 KiB
JavaScript
41 lines
1.5 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.apiKey = apiKey;
|
|
exports.requireScope = requireScope;
|
|
exports.requireSuperAdmin = requireSuperAdmin;
|
|
exports.requireRead = requireRead;
|
|
exports.requireTrade = requireTrade;
|
|
const integration_foundation_1 = require("@dbis/integration-foundation");
|
|
const config_1 = require("../config");
|
|
function apiKey(req) {
|
|
return (0, integration_foundation_1.extractApiKey)(req);
|
|
}
|
|
function requireScope(req, res, scope) {
|
|
const cfg = (0, config_1.loadExchangeConfig)();
|
|
if (!cfg.production.requireApiKey && !(0, integration_foundation_1.isProductionSecurityMode)())
|
|
return true;
|
|
const policy = (0, integration_foundation_1.loadCustomerSecurityPolicy)();
|
|
if (policy.requireApiKeyAllExchangeRoutes || cfg.production.requireApiKey) {
|
|
const principal = (0, integration_foundation_1.resolveOmnlPrincipal)(req);
|
|
if (!principal) {
|
|
res.status(401).json({ error: 'Unauthorized', hint: 'Valid customer or super-admin API key required' });
|
|
return false;
|
|
}
|
|
if (!(0, integration_foundation_1.principalHasScope)(principal, scope)) {
|
|
res.status(403).json({ error: 'Forbidden', scope, role: principal.role });
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
return true;
|
|
}
|
|
function requireSuperAdmin(req, res) {
|
|
return requireScope(req, res, 'admin');
|
|
}
|
|
function requireRead(req, res) {
|
|
return requireScope(req, res, 'read');
|
|
}
|
|
function requireTrade(req, res) {
|
|
return requireScope(req, res, 'trade');
|
|
}
|