@autofleet/zehut 2.0.0 → 2.0.1-alpha

package/README.md

@@ -70,8 +70,4 @@ and run
 ```
 npm publish
 ```
-
-# Environment Variables 
-
-when using this package locally or outside autofleet-prod project you must set INTEGRATION_MS_SERVICE_HOST in .env file 
 # zehut

package/lib/index.d.ts

@@ -31,6 +31,7 @@ declare const _default: {
     appMiddleware: (options: {
         appId: string;
         clientSecret: string;
+        appSecret: string;
     }) => (req: any, res: any, next: any) => Promise<void>;
 };
 export default _default;

package/lib/user/ApiUser.d.ts

@@ -21,13 +21,15 @@ export declare type CustomPermissionLoader = (string: any) => Promise<UserPayloa
 export default class ApiUser {
     id: string | undefined;
     privatePermissions: UserPayload | undefined;
-    privateElevatedPermissionsHash: Map<string, PartialUserPayload | undefined>;
+    privateElevatedPermissions: PartialUserPayload | undefined;
     privatePermissionsLegacy: any;
     appPermission: {
         [key: string]: any;
     };
     emptyUser: boolean;
     accountType: AccountType | undefined;
+    elevationCallsCounter: number;
+    elevationInitialState: PartialUserPayload | undefined;
     constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload);
     getUserPermissions(): Promise<UserPayload>;
     useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload>;
@@ -35,7 +37,6 @@ export default class ApiUser {
     get fleets(): string[] | undefined;
     get demandSources(): string[] | undefined;
     getUserProperty(key: any): string[] | undefined;
-    get elevatedPermissions(): UserPayload;
     get permissions(): UserPayload | undefined;
     elevatePermissions(addedPermissions: PartialUserPayload): () => void;
     getUserPermissionsLegacy(): Promise<any>;

package/lib/user/ApiUser.js

@@ -15,8 +15,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ELEVATED_PERMISSIONS_HEADER = void 0;
 /* eslint-disable consistent-return */
 const node_cache_1 = __importDefault(require("node-cache"));
-const merge_deep_1 = __importDefault(require("merge-deep"));
-const uuid_1 = require("uuid");
 const outbreak_1 = require("@autofleet/outbreak");
 const services_1 = require("../services");
 exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
@@ -26,10 +24,9 @@ class ApiUser {
         this.id = id;
         this.emptyUser = !!id;
         this.appPermission = {};
-        this.privateElevatedPermissionsHash = new Map();
-        if (elevatedPermissions) {
-            this.privateElevatedPermissionsHash.set('initial', elevatedPermissions);
-        }
+        this.elevationCallsCounter = 0;
+        this.privateElevatedPermissions = elevatedPermissions;
+        this.elevationInitialState = elevatedPermissions;
         if (accountType) {
             this.accountType = accountType;
         }
@@ -82,37 +79,29 @@ class ApiUser {
         }
         return Object.keys(this.privatePermissions[key] || {});
     }
-    get elevatedPermissions() {
-        let permissions = {
-            fleets: {},
-            businessModels: {},
-            demandSources: {},
-        };
-        [...this.privateElevatedPermissionsHash.values()].forEach((p) => {
-            permissions = merge_deep_1.default(permissions, p);
-        });
-        return permissions;
-    }
     get permissions() {
         if (!this.privatePermissions) {
             throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
         }
-        const permissions = merge_deep_1.default(this.privatePermissions, this.elevatedPermissions);
-        return permissions;
+        return Object.assign(Object.assign({}, this.privatePermissions), this.privateElevatedPermissions);
     }
     elevatePermissions(addedPermissions) {
-        const elevationId = uuid_1.v4();
+        if (this.elevationCallsCounter > 1) {
+            throw new Error('Maximum one elvation call in parallel is allowed');
+        }
         const currentUserTrace = outbreak_1.getCurrentContext();
         if (!currentUserTrace) {
             throw new Error('Cannot find current user cross services trace');
         }
         const currentElevation = JSON.parse(currentUserTrace.context[exports.ELEVATED_PERMISSIONS_HEADER] || '{}');
+        this.elevationInitialState = currentElevation;
         const newElevation = Object.assign(currentElevation, addedPermissions);
-        this.privateElevatedPermissionsHash.set(elevationId, newElevation);
-        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
+        this.privateElevatedPermissions = newElevation;
+        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(newElevation));
+        this.elevationCallsCounter += 1;
         return () => {
-            this.privateElevatedPermissionsHash.delete(elevationId);
-            currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
+            this.elevationCallsCounter -= 1;
+            this.privateElevatedPermissions = this.elevationInitialState;
         };
     }
     getUserPermissionsLegacy() {

package/lib/user/api-user-flows.test.js

@@ -31,7 +31,6 @@ const generateApp = (addEndpoints, port) => __awaiter(void 0, void 0, void 0, fu
 describe('E2E', () => {
     it('Basic functionality', () => __awaiter(void 0, void 0, void 0, function* () {
         let server2TraceId = null;
-        const [uuid1, uuid2] = [uuid_1.v4(), uuid_1.v4()];
         index_1.enableTracing({
             outbreakOptions: {
                 headersPrefix: 'x-af-',
@@ -41,24 +40,17 @@ describe('E2E', () => {
             app.use(index_2.middleware());
             app.get('/', (req, res) => __awaiter(void 0, void 0, void 0, function* () {
                 const user = index_1.getUser();
-                const closeElevation1 = user.elevatePermissions({
+                const closeElevation = user.elevatePermissions({
                     businessModels: {
-                        [uuid1]: ['vehicle:write'],
-                    },
-                });
-                const closeElevation2 = user.elevatePermissions({
-                    businessModels: {
-                        [uuid2]: ['vehicle:write'],
+                        [uuid_1.v4()]: ['vehicle:write'],
                     },
                 });
                 const { data: res1 } = yield axios_1.default.post('http://localhost:8082');
-                closeElevation1();
-                const { data: res2 } = yield axios_1.default.post('http://localhost:8082');
-                closeElevation2();
-                res.json([res1, res2]);
+                closeElevation();
+                res.json(res1);
             }));
-        }, 8089);
-        const server2NumberOfPermissions = [];
+        }, 8081);
+        let server2NumberOfPermissions = 0;
         const closeServer2 = yield generateApp((app) => {
             app.use(index_2.middleware());
             app.post('/', (req, res) => {
@@ -68,7 +60,7 @@ describe('E2E', () => {
                     fleets: {},
                     demandSources: {},
                 };
-                server2NumberOfPermissions.push(Object.keys(user.permissions.businessModels).length);
+                server2NumberOfPermissions = Object.keys(user.permissions.businessModels).length;
                 server2TraceId = req.headers['x-trace-id'];
                 res.json({
                     value: req.headers['x-af-header'],
@@ -77,7 +69,7 @@ describe('E2E', () => {
                 });
             });
         }, 8082);
-        const { data: [res1, res2], headers } = yield axios_1.default.get('http://localhost:8089', {
+        const { data: res1, headers } = yield axios_1.default.get('http://localhost:8081', {
             headers: {
                 'x-af-header': 'testHeader',
                 'x-af-id': 'my-wakanda-id',
@@ -86,13 +78,10 @@ describe('E2E', () => {
         });
         closeServer1();
         closeServer2();
-        expect(server2NumberOfPermissions).toEqual([2, 1]);
+        expect(server2NumberOfPermissions).toEqual(1);
         expect(headers['x-trace-id']).toEqual(server2TraceId);
         expect(res1.value).toEqual('testHeader');
         expect(res1.wkanda).toEqual('my-wakanda-id');
-        expect(JSON.parse(res1.addedPermissions).businessModels[uuid1]).toBeDefined();
-        expect(JSON.parse(res1.addedPermissions).businessModels[uuid2]).toBeDefined();
-        expect(JSON.parse(res2.addedPermissions).businessModels[uuid1]).not.toBeDefined();
-        expect(JSON.parse(res2.addedPermissions).businessModels[uuid2]).toBeDefined();
+        expect(JSON.parse(res1.addedPermissions).businessModels).toBeDefined();
     }));
 });

package/lib/user/index.d.ts

@@ -12,6 +12,7 @@ export declare const middlewareWithDecode: (options?: {
 export declare const appMiddleware: (options: {
     appId: string;
     clientSecret: string;
+    appSecret: string;
 }) => (req: any, res: any, next: any) => Promise<void>;
 export declare const eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
 export declare const getDecodedBearer: (req: any) => any;

package/lib/user/index.js

@@ -27,52 +27,39 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getDecodedBearer = exports.eagerLoadPermissionsMiddleware = exports.appMiddleware = exports.middlewareWithDecode = exports.middleware = void 0;
 const jsonwebtoken_1 = require("jsonwebtoken");
 const ApiUser_1 = __importStar(require("./ApiUser"));
-const tracer_1 = require("../tracer");
-const app_auth_1 = require("../app-auth");
-const appDoesNotExist_1 = __importDefault(require("../exceptions/appDoesNotExist"));
 const utils_1 = require("../utils");
+const tracer_1 = require("../tracer");
 exports.middleware = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
-    try {
-        const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
-        const userId = req.headers['x-af-user-id'];
-        const trace = tracer_1.newTrace('userPayload');
-        if (!userId) {
-            return next();
-        }
-        const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
-            ? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
-            : {};
-        const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader);
-        if (eagerLoadUserPermissions) {
-            if (customPermissionLoader) {
-                yield userObject.useCustomPermissionLoader(customPermissionLoader);
-            }
-            else {
-                yield userObject.getUserPermissions();
-            }
+    const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
+    const userId = req.headers['x-af-user-id'];
+    const trace = tracer_1.newTrace('userPayload');
+    if (!userId) {
+        return next();
+    }
+    const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
+        ? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
+        : {};
+    const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader);
+    if (eagerLoadUserPermissions) {
+        if (customPermissionLoader) {
+            yield userObject.useCustomPermissionLoader(customPermissionLoader);
         }
-        if (eagerLoadUserPermissionsLegacy) {
-            yield userObject.getUserPermissionsLegacy();
+        else {
+            yield userObject.getUserPermissions();
         }
-        req.user = userObject;
-        trace.context.set('userObject', userObject);
-        // Added in order to support outbreak.
-        req.headers['x-af-user-permissions'] = userObject;
-        return next();
     }
-    catch (e) {
-        res.status(401);
-        return res.json({
-            error: 'cannot authenticate user',
-        });
+    if (eagerLoadUserPermissionsLegacy) {
+        yield userObject.getUserPermissionsLegacy();
     }
+    req.user = userObject;
+    trace.context.set('userObject', userObject);
+    // Added in order to support outbreak.
+    req.headers['x-af-user-permissions'] = userObject;
+    return next();
 });
 exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
@@ -81,7 +68,7 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
     let decoded;
     if (req.headers.authorization) {
         try {
-            decoded = yield utils_1.decodeBearer(req.headers.authorization);
+            decoded = utils_1.decodeBearer(req.headers.authorization);
         }
         catch (e) {
             if (e instanceof jsonwebtoken_1.TokenExpiredError) {
@@ -131,7 +118,7 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
     return next();
 });
 exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
-    const { appId, clientSecret, } = options;
+    const { appId, clientSecret, appSecret, } = options;
     const trace = tracer_1.newTrace('userPayload');
     let decoded;
     if (!req.headers.authorization) {
@@ -141,10 +128,7 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
         });
     }
     try {
-        decoded = yield app_auth_1.decodeAppBearer(req.headers.authorization, appId);
-        if (!decoded) {
-            throw new appDoesNotExist_1.default();
-        }
+        decoded = utils_1.decodeBearer(req.headers.authorization, appSecret);
     }
     catch (e) {
         if (e instanceof jsonwebtoken_1.TokenExpiredError) {
@@ -159,12 +143,6 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
                 errors: [e.message],
             });
         }
-        if (e instanceof appDoesNotExist_1.default) {
-            res.status(400);
-            return res.json({
-                errors: [e.message],
-            });
-        }
         res.status(500);
         return res.json({
             errors: ['Server error while parsing token'],
@@ -175,14 +153,13 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
         req.headers['X-AF-USER-ID'] = userId;
     }
     const userObject = new ApiUser_1.default(userId);
-    if (appId) {
+    if (appId && clientSecret) {
         req.headers['x-autofleet-apps-secret'] = clientSecret;
         // Won't work until we find a better solution for identity ms
         yield userObject.getUserAppPermissions(appId, clientSecret);
     }
     req.user = userObject;
     trace.context.set('userObject', userObject);
-    trace.context.set('accessToken', utils_1.getAuthFromBearer(req.headers.authorization));
     // Added in order to support outbreak.
     req.headers['x-af-user-permissions'] = userObject;
     return next();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@autofleet/zehut",
-  "version": "2.0.0",
+  "version": "2.0.1-alpha",
   "description": "manage user's identity",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",

package/lib/app-auth.d.ts

@@ -1,2 +0,0 @@
-export declare const decodeAppBearer: (bearer: string, appId: string) => Promise<any>;
-export declare const getClientSecret: (appId: string) => Promise<any>;

package/lib/app-auth.js

@@ -1,21 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getClientSecret = exports.decodeAppBearer = void 0;
-const services_1 = require("./services");
-exports.decodeAppBearer = (bearer, appId) => __awaiter(void 0, void 0, void 0, function* () {
-    const { data: decoded } = yield services_1.AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });
-    return decoded;
-});
-exports.getClientSecret = (appId) => __awaiter(void 0, void 0, void 0, function* () {
-    const { data: secret } = yield services_1.AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);
-    return secret;
-});

package/lib/exceptions/appDoesNotExist.d.ts

@@ -1,3 +0,0 @@
-export default class AppDoesNotExist extends Error {
-    mesaage: 'app does not exist';
-}

package/lib/exceptions/appDoesNotExist.js

@@ -1,5 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-class AppDoesNotExist extends Error {
-}
-exports.default = AppDoesNotExist;