When a 'client' gets created, mark the current user as 'owner'

src/a12n.ts

@@ -0,0 +1,27 @@
+import ketting from './ketting';
+import { LinkNotFound } from 'ketting';
+
+
+
+export async function addUserPrivilege(authenticatedAsHref: string, origin: string, resource: any): Promise<void> {
+  let userPrivilegesRes;
+
+  try {
+    userPrivilegesRes = await ketting.go(authenticatedAsHref).follow('privileges');
+  } catch (err) {
+    if (err instanceof LinkNotFound) {
+      throw new Error('Link with "privileges" is not found on the user resource. This could mean that the tt-api APP in a12n-server does not have the *admin" privilege');
+    }
+    throw err;
+  }
+
+  const userPrivilegesState = await userPrivilegesRes.get();
+  if (!userPrivilegesState.hasAction('add')) {
+    throw new Error('The privileges resource on a12nserver does not have an \'add\' action. You likely need to update your a12n-server for this to work');
+  }
+  await userPrivilegesState.action('add').submit({
+    action: 'add',
+    privilege: 'owner',
+    resource: new URL(resource.href, origin).toString()
+  });
+}

src/app.ts

@@ -1,3 +1,6 @@
+import * as dotenv from 'dotenv';
+dotenv.config();
+
 import accessLog from '@curveball/accesslog';
 import bodyParser from '@curveball/bodyparser';
 import browser from '@curveball/browser';
@@ -9,15 +12,11 @@ import cors from '@curveball/cors';
 import session from '@curveball/session';
 import browserToBearer from '@curveball/browser-to-bearer';
 import oauth2 from '@curveball/oauth2';
-import { OAuth2Client } from '@badgateway/oauth2-client';
+import oauth2Client from './oauth2';
 
 import * as path from 'path';
-import * as dotenv from 'dotenv';
-
 import routes from './routes';
 
-dotenv.config();
-
 const app = new Application();
 
 // The accesslog middleware shows all requests and responses on the cli.
@@ -57,20 +56,16 @@ app.use(validator({
   schemaPath: path.join(__dirname, '../node_modules/@badgateway/tt-types/schema')
 }));
 
-// a12n setup
-const client = new OAuth2Client({
-  server: process.env.AUTH_API_URI,
-  clientId: process.env.OAUTH2_CLIENT_ID || 'tt-api',
-  clientSecret: process.env.OAUTH2_CLIENT_SECRET,
-});
 
-app.use(browserToBearer({client}));
+app.use(browserToBearer({
+  client: oauth2Client,
+}));
 
 app.use(oauth2({
   publicPrefixes: [
     '/health',
   ],
-  client,
+  client: oauth2Client,
 }));
 
 

src/client/controller/collection.ts

@@ -5,6 +5,8 @@ import * as hal from '../formats/hal';
 import * as clientService from '../service';
 
 import { ClientNew as ClientNewSchema } from '@badgateway/tt-types';
+import { addUserPrivilege } from '../../a12n';
+
 
 class ClientCollection extends Controller {
 
@@ -25,6 +27,11 @@ class ClientCollection extends Controller {
       name: body.name,
     });
 
+    addUserPrivilege(
+      ctx.state.oauth2._links['authenticated-as'].href,
+      ctx.request.origin,
+      client);
+
     ctx.status = 201;
     ctx.response.headers.set('Location', client.href);
 

src/client/service.ts

@@ -3,6 +3,7 @@ import { NotFound } from '@curveball/http-errors';
 import knex from '../db';
 import { ClientsRecord } from 'knex/types/tables';
 
+
 export async function findAll(): Promise<Client[]> {
 
   return (
@@ -63,3 +64,4 @@ function mapRecord(input: ClientsRecord): Client {
   };
 
 }
+

src/ketting.ts

@@ -0,0 +1,17 @@
+import { Client } from 'ketting';
+import oauth2Client from './oauth2';
+import { OAuth2Fetch } from '@badgateway/oauth2-client';
+
+console.debug('🔗 Setting up Ketting client');
+const client = new Client(process.env.AUTH_API_URI!);
+
+const oauth2FetchWrapper = new OAuth2Fetch({
+  client: oauth2Client,
+  getNewToken: () => {
+    return oauth2Client.clientCredentials();
+  }
+});
+
+client.use(oauth2FetchWrapper.mw());
+
+export default client;

src/oauth2.ts

@@ -0,0 +1,8 @@
+import { OAuth2Client } from '@badgateway/oauth2-client';
+
+// a12n setup
+export default new OAuth2Client({
+  server: process.env.AUTH_API_URI,
+  clientId: process.env.OAUTH2_CLIENT_ID || 'tt-api',
+  clientSecret: process.env.OAUTH2_CLIENT_SECRET,
+});