@autofleet/zehut 1.7.6-beta.1 → 1.8.0-beta1

package/lib/check-permission.d.ts

@@ -1,4 +1,5 @@
-export declare const getUser: () => any;
+import ApiUser from './user/ApiUser';
+export declare const getUser: () => ApiUser | undefined;
 export declare const isUserExist: () => boolean;
 export declare const checkFleetPermission: (fleetId: any) => boolean;
 export declare const checkBusinessModelPermission: (businessModelId: any) => boolean;

package/lib/check-permission.js

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.checkDemandSourcePermission = exports.checkBusinessModelPermission = exports.checkFleetPermission = exports.isUserExist = exports.getUser = void 0;
 const tracer_1 = require("./tracer");
-exports.getUser = () => { var _a, _b; return (_b = (_a = tracer_1.getCurrentTrace()) === null || _a === void 0 ? void 0 : _a.context) === null || _b === void 0 ? void 0 : _b.user; };
+exports.getUser = () => { var _a, _b; return (_b = (_a = tracer_1.getCurrentTrace()) === null || _a === void 0 ? void 0 : _a.context) === null || _b === void 0 ? void 0 : _b.get('userObject'); };
 exports.isUserExist = () => !!exports.getUser();
 exports.checkFleetPermission = (fleetId) => {
     if (exports.isUserExist()) {

package/lib/index.d.ts

@@ -3,7 +3,10 @@ import { checkFleetPermission, checkBusinessModelPermission, checkDemandSourcePe
 import { UnauthorizedAccessError } from './errors';
 import { getRefreshTokenSecret, getTokenSecret } from './secret-getter';
 declare const getCurrentPayload: () => any;
-export { User, middleware, middlewareWithDecode, eagerLoadPermissionsMiddleware, getCurrentPayload, getDecodedBearer, checkFleetPermission, checkBusinessModelPermission, checkDemandSourcePermission, isUserExist, getUser, getRefreshTokenSecret, getTokenSecret, UnauthorizedAccessError, appMiddleware, };
+declare const enableTracing: ({ outbreakOptions }?: {
+    outbreakOptions?: {};
+}) => void;
+export { enableTracing, User, middleware, middlewareWithDecode, eagerLoadPermissionsMiddleware, getCurrentPayload, getDecodedBearer, checkFleetPermission, checkBusinessModelPermission, checkDemandSourcePermission, isUserExist, getUser, getRefreshTokenSecret, getTokenSecret, UnauthorizedAccessError, appMiddleware, };
 declare const _default: {
     User: typeof User;
     middleware: (options?: {
@@ -23,10 +26,12 @@ declare const _default: {
     checkBusinessModelPermission: (businessModelId: any) => boolean;
     checkDemandSourcePermission: (demandSourceId: any) => boolean;
     isUserExist: () => boolean;
-    getUser: () => any;
+    getUser: () => User;
     UnauthorizedAccessError: typeof UnauthorizedAccessError;
     appMiddleware: (options: {
         appId: string;
+        clientSecret: string;
+        appSecret: string;
     }) => (req: any, res: any, next: any) => Promise<void>;
 };
 export default _default;

package/lib/index.js

@@ -19,7 +19,8 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.appMiddleware = exports.UnauthorizedAccessError = exports.getTokenSecret = exports.getRefreshTokenSecret = exports.getUser = exports.isUserExist = exports.checkDemandSourcePermission = exports.checkBusinessModelPermission = exports.checkFleetPermission = exports.getDecodedBearer = exports.getCurrentPayload = exports.eagerLoadPermissionsMiddleware = exports.middlewareWithDecode = exports.middleware = exports.User = void 0;
+exports.appMiddleware = exports.UnauthorizedAccessError = exports.getTokenSecret = exports.getRefreshTokenSecret = exports.getUser = exports.isUserExist = exports.checkDemandSourcePermission = exports.checkBusinessModelPermission = exports.checkFleetPermission = exports.getDecodedBearer = exports.getCurrentPayload = exports.eagerLoadPermissionsMiddleware = exports.middlewareWithDecode = exports.middleware = exports.User = exports.enableTracing = void 0;
+const outbreak_1 = require("@autofleet/outbreak");
 const user_1 = __importStar(require("./user"));
 exports.User = user_1.default;
 Object.defineProperty(exports, "middleware", { enumerable: true, get: function () { return user_1.middleware; } });
@@ -39,9 +40,13 @@ Object.defineProperty(exports, "UnauthorizedAccessError", { enumerable: true, ge
 const secret_getter_1 = require("./secret-getter");
 Object.defineProperty(exports, "getRefreshTokenSecret", { enumerable: true, get: function () { return secret_getter_1.getRefreshTokenSecret; } });
 Object.defineProperty(exports, "getTokenSecret", { enumerable: true, get: function () { return secret_getter_1.getTokenSecret; } });
-tracer_1.enable();
 const getCurrentPayload = tracer_1.getCurrentTrace;
 exports.getCurrentPayload = getCurrentPayload;
+const enableTracing = ({ outbreakOptions = {} } = {}) => {
+    outbreak_1.headersTracer(Object.assign({ headersPrefix: 'x-af' }, outbreakOptions));
+    tracer_1.enable();
+};
+exports.enableTracing = enableTracing;
 exports.default = {
     User: user_1.default,
     middleware: user_1.middleware,

package/lib/user/ApiUser.d.ts

@@ -2,6 +2,7 @@ declare type AccountType = 'client' | 'user' | 'service';
 interface EntityPermissions {
     [key: string]: string[];
 }
+export declare const ELEVATED_PERMISSIONS_HEADER = "x-af-elevated-permissions";
 export interface UserPayload {
     businessModels: EntityPermissions;
     fleets: EntityPermissions;
@@ -9,17 +10,27 @@ export interface UserPayload {
     contexts?: EntityPermissions;
     createdAt?: string;
 }
+export interface PartialUserPayload {
+    businessModels?: EntityPermissions;
+    fleets?: EntityPermissions;
+    demandSources?: EntityPermissions;
+    vehicles?: EntityPermissions;
+    drivers?: EntityPermissions;
+}
 export declare type CustomPermissionLoader = (string: any) => Promise<UserPayload>;
 export default class ApiUser {
     id: string | undefined;
     privatePermissions: UserPayload | undefined;
+    privateElevatedPermissions: PartialUserPayload | undefined;
     privatePermissionsLegacy: any;
     appPermission: {
         [key: string]: any;
     };
     emptyUser: boolean;
     accountType: AccountType | undefined;
-    constructor(id?: string, accountType?: AccountType);
+    elevationCallsCounter: number;
+    elevationInitialState: PartialUserPayload | undefined;
+    constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload);
     getUserPermissions(): Promise<UserPayload>;
     useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload>;
     get businessModels(): string[] | undefined;
@@ -27,6 +38,7 @@ export default class ApiUser {
     get demandSources(): string[] | undefined;
     getUserProperty(key: any): string[] | undefined;
     get permissions(): UserPayload | undefined;
+    elevatePermissions(addedPermissions: PartialUserPayload): () => void;
     getUserPermissionsLegacy(): Promise<any>;
     get permissionsLegacy(): any;
     getUserAppPermissions(appId: any, clientSecret: any): Promise<any>;

package/lib/user/ApiUser.js

@@ -12,15 +12,21 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.ELEVATED_PERMISSIONS_HEADER = void 0;
 /* eslint-disable consistent-return */
 const node_cache_1 = __importDefault(require("node-cache"));
+const outbreak_1 = require("@autofleet/outbreak");
 const services_1 = require("../services");
+exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
 const userCache = new node_cache_1.default({ stdTTL: 10 });
 class ApiUser {
-    constructor(id, accountType) {
+    constructor(id, accountType, elevatedPermissions) {
         this.id = id;
         this.emptyUser = !!id;
         this.appPermission = {};
+        this.elevationCallsCounter = 0;
+        this.privateElevatedPermissions = elevatedPermissions;
+        this.elevationInitialState = elevatedPermissions;
         if (accountType) {
             this.accountType = accountType;
         }
@@ -77,7 +83,26 @@ class ApiUser {
         if (!this.privatePermissions) {
             throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
         }
-        return this.privatePermissions;
+        return Object.assign(Object.assign({}, this.privatePermissions), this.privateElevatedPermissions);
+    }
+    elevatePermissions(addedPermissions) {
+        if (this.elevationCallsCounter > 1) {
+            throw new Error('Maximum one elvation call in parallel is allowed');
+        }
+        const currentUserTrace = outbreak_1.getCurrentTrace();
+        if (!currentUserTrace) {
+            throw new Error('Cannot find current user cross services trace');
+        }
+        const currentElevation = JSON.parse(currentUserTrace.context[exports.ELEVATED_PERMISSIONS_HEADER] || '{}');
+        this.elevationInitialState = currentElevation;
+        const newElevation = Object.assign(currentElevation, addedPermissions);
+        this.privateElevatedPermissions = newElevation;
+        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(newElevation));
+        this.elevationCallsCounter += 1;
+        return () => {
+            this.elevationCallsCounter -= 1;
+            this.privateElevatedPermissions = this.elevationInitialState;
+        };
     }
     getUserPermissionsLegacy() {
         return __awaiter(this, void 0, void 0, function* () {

package/lib/user/api-user-flows.test.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/user/api-user-flows.test.js

@@ -0,0 +1,87 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const uuid_1 = require("uuid");
+const express_1 = __importDefault(require("express"));
+const axios_1 = __importDefault(require("axios"));
+const index_1 = require("../index");
+const index_2 = require("./index");
+const generateApp = (addEndpoints, port) => __awaiter(void 0, void 0, void 0, function* () {
+    const app = express_1.default();
+    addEndpoints(app);
+    const server = yield new Promise((resolve) => {
+        const s = app.listen(port, () => {
+            console.log('Listen on port', port);
+            resolve(s);
+        });
+    });
+    return () => server.close();
+});
+describe('E2E', () => {
+    it('Basic functionality', () => __awaiter(void 0, void 0, void 0, function* () {
+        let server2TraceId = null;
+        index_1.enableTracing({
+            outbreakOptions: {
+                headersPrefix: 'x-af-',
+            },
+        });
+        const closeServer1 = yield generateApp((app) => {
+            app.use(index_2.middleware());
+            app.get('/', (req, res) => __awaiter(void 0, void 0, void 0, function* () {
+                const user = index_1.getUser();
+                const closeElevation = user.elevatePermissions({
+                    businessModels: {
+                        [uuid_1.v4()]: ['vehicle:write'],
+                    },
+                });
+                const { data: res1 } = yield axios_1.default.post('http://localhost:8082');
+                closeElevation();
+                res.json(res1);
+            }));
+        }, 8081);
+        let server2NumberOfPermissions = 0;
+        const closeServer2 = yield generateApp((app) => {
+            app.use(index_2.middleware());
+            app.post('/', (req, res) => {
+                const user = index_1.getUser();
+                user.privatePermissions = {
+                    businessModels: {},
+                    fleets: {},
+                    demandSources: {},
+                };
+                server2NumberOfPermissions = Object.keys(user.permissions.businessModels).length;
+                server2TraceId = req.headers['x-trace-id'];
+                res.json({
+                    value: req.headers['x-af-header'],
+                    wkanda: req.headers['x-af-id'],
+                    addedPermissions: req.headers['x-af-elevated-permissions'],
+                });
+            });
+        }, 8082);
+        const { data: res1, headers } = yield axios_1.default.get('http://localhost:8081', {
+            headers: {
+                'x-af-header': 'testHeader',
+                'x-af-id': 'my-wakanda-id',
+                'x-af-user-id': uuid_1.v4(),
+            },
+        });
+        closeServer1();
+        closeServer2();
+        expect(server2NumberOfPermissions).toEqual(1);
+        expect(headers['x-trace-id']).toEqual(server2TraceId);
+        expect(res1.value).toEqual('testHeader');
+        expect(res1.wkanda).toEqual('my-wakanda-id');
+        expect(JSON.parse(res1.addedPermissions).businessModels).toBeDefined();
+    }));
+});

package/lib/user/index.d.ts

@@ -11,6 +11,8 @@ export declare const middlewareWithDecode: (options?: {
 }) => (req: any, res: any, next: any) => Promise<void>;
 export declare const appMiddleware: (options: {
     appId: string;
+    clientSecret: string;
+    appSecret: string;
 }) => (req: any, res: any, next: any) => Promise<void>;
 export declare const eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
 export declare const getDecodedBearer: (req: any) => any;

package/lib/user/index.js

@@ -1,4 +1,23 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -8,16 +27,12 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getDecodedBearer = exports.eagerLoadPermissionsMiddleware = exports.appMiddleware = exports.middlewareWithDecode = exports.middleware = void 0;
 const jsonwebtoken_1 = require("jsonwebtoken");
-const ApiUser_1 = __importDefault(require("./ApiUser"));
+const ApiUser_1 = __importStar(require("./ApiUser"));
 const utils_1 = require("../utils");
 const tracer_1 = require("../tracer");
-const app_auth_1 = require("../app-auth");
 exports.middleware = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
     const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
     const userId = req.headers['x-af-user-id'];
@@ -26,7 +41,10 @@ exports.middleware = (options = {}) => (req, res, next) => __awaiter(void 0, voi
         trace.context.set('userObject', {});
         return next();
     }
-    const userObject = new ApiUser_1.default(userId);
+    const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
+        ? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
+        : {};
+    const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader);
     if (eagerLoadUserPermissions) {
         if (customPermissionLoader) {
             yield userObject.useCustomPermissionLoader(customPermissionLoader);
@@ -51,7 +69,7 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
     let decoded;
     if (req.headers.authorization) {
         try {
-            decoded = yield utils_1.decodeBearer(req.headers.authorization);
+            decoded = utils_1.decodeBearer(req.headers.authorization);
         }
         catch (e) {
             if (e instanceof jsonwebtoken_1.TokenExpiredError) {
@@ -102,7 +120,7 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
     return next();
 });
 exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
-    const { appId, } = options;
+    const { appId, clientSecret, appSecret, } = options;
     const trace = tracer_1.newTrace('userPayload');
     let decoded;
     if (!req.headers.authorization) {
@@ -112,10 +130,7 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
         });
     }
     try {
-        decoded = yield app_auth_1.decodeAppBearer(req.headers.authorization, appId);
-        if (!decoded) {
-            throw new Error('app does not exists');
-        }
+        decoded = utils_1.decodeBearer(req.headers.authorization, appSecret);
     }
     catch (e) {
         if (e instanceof jsonwebtoken_1.TokenExpiredError) {
@@ -140,8 +155,7 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
         req.headers['X-AF-USER-ID'] = userId;
     }
     const userObject = new ApiUser_1.default(userId);
-    if (appId) {
-        const clientSecret = yield app_auth_1.getClientSecret(appId);
+    if (appId && clientSecret) {
         req.headers['x-autofleet-apps-secret'] = clientSecret;
         // Won't work until we find a better solution for identity ms
         yield userObject.getUserAppPermissions(appId, clientSecret);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@autofleet/zehut",
-  "version": "1.7.6-beta.1",
+  "version": "1.8.0-beta1",
   "description": "manage user's identity",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
@@ -28,21 +28,23 @@
   "homepage": "https://github.com/Autofleet/zehut",
   "dependencies": {
     "@autofleet/network": "^1.2.5",
-    "@autofleet/outbreak": "0.0.7",
+    "@autofleet/outbreak": "^0.1.0-beta-2",
     "@types/jest": "^22.0.0",
+    "axios": "^0.27.2",
+    "express": "^4.18.1",
     "jsonwebtoken": "^8.5.1",
     "moment": "^2.29.1",
     "node-cache": "^5.1.2",
     "uuid": "^8.3.2"
   },
   "devDependencies": {
-    "typescript": "^3.9.5",
-    "jest": "^22.4.4",
-    "ts-jest": "^25.4.0",
     "@typescript-eslint/eslint-plugin": "^4.8.1",
     "eslint": "^7.13.0",
     "eslint-config-airbnb-typescript": "^12.0.0",
-    "eslint-plugin-import": "^2.22.1"
+    "eslint-plugin-import": "^2.22.1",
+    "jest": "^22.4.4",
+    "ts-jest": "^25.4.0",
+    "typescript": "^3.9.5"
   },
   "files": [
     "lib/**/*"

package/lib/app-auth.d.ts

@@ -1,2 +0,0 @@
-export declare const decodeAppBearer: (bearer: string, appId: string) => Promise<any>;
-export declare const getClientSecret: (appId: string) => Promise<any>;

package/lib/app-auth.js

@@ -1,27 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getClientSecret = exports.decodeAppBearer = void 0;
-const network_1 = __importDefault(require("@autofleet/network"));
-const integrationMsNetwork = new network_1.default({
-    serviceName: 'INTEGRATION_MS',
-});
-exports.decodeAppBearer = (bearer, appId) => __awaiter(void 0, void 0, void 0, function* () {
-    const { data: decoded } = yield integrationMsNetwork.post('/api/v1/auth', { bearer, appId });
-    return decoded;
-});
-exports.getClientSecret = (appId) => __awaiter(void 0, void 0, void 0, function* () {
-    const { data: secret } = yield integrationMsNetwork.get(`/api/v1/auth/client-secret/${appId}`);
-    return secret;
-});