npm - @autofleet/zehut - Versions diffs - 2.0.1-alpha4 → 2.0.2 - Mend

@autofleet/zehut 2.0.1-alpha4 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +4 -0
package/lib/app-auth.d.ts +2 -0
package/lib/app-auth.js +21 -0
package/lib/exceptions/appDoesNotExist.d.ts +3 -0
package/lib/exceptions/appDoesNotExist.js +5 -0
package/lib/index.d.ts +0 -1
package/lib/user/ApiUser.d.ts +2 -3
package/lib/user/ApiUser.js +32 -13
package/lib/user/api-user-flows.test.js +57 -10
package/lib/user/index.d.ts +0 -1
package/lib/user/index.js +50 -27
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -70,4 +70,8 @@ and run
 ```
 npm publish
 ```
+# Environment Variables
+when using this package locally or outside autofleet-prod project you must set INTEGRATION_MS_SERVICE_HOST in .env file
 # zehut

package/lib/app-auth.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const decodeAppBearer: (bearer: string, appId: string) => Promise<any>;
2	+ export declare const getClientSecret: (appId: string) => Promise<any>;

package/lib/app-auth.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getClientSecret = exports.decodeAppBearer = void 0;
+const services_1 = require("./services");
+exports.decodeAppBearer = (bearer, appId) => __awaiter(void 0, void 0, void 0, function* () {
+    const { data: decoded } = yield services_1.AutofleetApiNetwork.post('/api/v1/auth', { bearer, appId });
+    return decoded;
+});
+exports.getClientSecret = (appId) => __awaiter(void 0, void 0, void 0, function* () {
+    const { data: secret } = yield services_1.AutofleetApiNetwork.get(`/api/v1/auth/client-secret/${appId}`);
+    return secret;
+});

package/lib/exceptions/appDoesNotExist.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export default class AppDoesNotExist extends Error {
+    mesaage: 'app does not exist';
+}

package/lib/exceptions/appDoesNotExist.js ADDED Viewed

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+class AppDoesNotExist extends Error {
+}
+exports.default = AppDoesNotExist;

package/lib/index.d.ts CHANGED Viewed

@@ -31,7 +31,6 @@ declare const _default: {
     appMiddleware: (options: {
         appId: string;
         clientSecret: string;
-        appSecret: string;
     }) => (req: any, res: any, next: any) => Promise<void>;
 };
 export default _default;

package/lib/user/ApiUser.d.ts CHANGED Viewed

@@ -21,15 +21,13 @@ export declare type CustomPermissionLoader = (string: any) => Promise<UserPayloa
 export default class ApiUser {
     id: string | undefined;
     privatePermissions: UserPayload | undefined;
-    privateElevatedPermissions: PartialUserPayload | undefined;
+    privateElevatedPermissionsHash: Map<string, PartialUserPayload | undefined>;
     privatePermissionsLegacy: any;
     appPermission: {
         [key: string]: any;
     };
     emptyUser: boolean;
     accountType: AccountType | undefined;
-    elevationCallsCounter: number;
-    elevationInitialState: PartialUserPayload | undefined;
     constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload);
     getUserPermissions(): Promise<UserPayload>;
     useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload>;
@@ -37,6 +35,7 @@ export default class ApiUser {
     get fleets(): string[] | undefined;
     get demandSources(): string[] | undefined;
     getUserProperty(key: any): string[] | undefined;
+    get elevatedPermissions(): UserPayload;
     get permissions(): UserPayload | undefined;
     elevatePermissions(addedPermissions: PartialUserPayload): () => void;
     getUserPermissionsLegacy(): Promise<any>;

package/lib/user/ApiUser.js CHANGED Viewed

@@ -15,6 +15,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ELEVATED_PERMISSIONS_HEADER = void 0;
 /* eslint-disable consistent-return */
 const node_cache_1 = __importDefault(require("node-cache"));
+const merge_deep_1 = __importDefault(require("merge-deep"));
+const uuid_1 = require("uuid");
 const outbreak_1 = require("@autofleet/outbreak");
 const services_1 = require("../services");
 exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
@@ -24,9 +26,10 @@ class ApiUser {
         this.id = id;
         this.emptyUser = !!id;
         this.appPermission = {};
-        this.elevationCallsCounter = 0;
-        this.privateElevatedPermissions = elevatedPermissions;
-        this.elevationInitialState = elevatedPermissions;
+        this.privateElevatedPermissionsHash = new Map();
+        if (elevatedPermissions) {
+            this.privateElevatedPermissionsHash.set('initial', elevatedPermissions);
+        }
         if (accountType) {
             this.accountType = accountType;
         }
@@ -79,29 +82,45 @@ class ApiUser {
         }
         return Object.keys(this.privatePermissions[key] || {});
     }
+    get elevatedPermissions() {
+        let permissions = {
+            fleets: {},
+            businessModels: {},
+            demandSources: {},
+        };
+        [...this.privateElevatedPermissionsHash.values()].forEach((p) => {
+            permissions = merge_deep_1.default(permissions, p);
+        });
+        return permissions;
+    }
     get permissions() {
         if (!this.privatePermissions) {
             throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
         }
-        return Object.assign(Object.assign({}, this.privatePermissions), this.privateElevatedPermissions);
+        const permissions = merge_deep_1.default(this.privatePermissions, this.elevatedPermissions);
+        return permissions;
     }
     elevatePermissions(addedPermissions) {
-        if (this.elevationCallsCounter > 1) {
-            throw new Error('Maximum one elvation call in parallel is allowed');
-        }
+        const elevationId = uuid_1.v4();
+        // Validate that the added permissions are valid UUIDs
+        Object.keys(addedPermissions).forEach((entityType) => {
+            Object.keys(addedPermissions[entityType]).forEach((entityId) => {
+                if (!uuid_1.validate(entityId)) {
+                    throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);
+                }
+            });
+        });
         const currentUserTrace = outbreak_1.getCurrentContext();
         if (!currentUserTrace) {
             throw new Error('Cannot find current user cross services trace');
         }
         const currentElevation = JSON.parse(currentUserTrace.context[exports.ELEVATED_PERMISSIONS_HEADER] || '{}');
-        this.elevationInitialState = currentElevation;
         const newElevation = Object.assign(currentElevation, addedPermissions);
-        this.privateElevatedPermissions = newElevation;
-        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(newElevation));
-        this.elevationCallsCounter += 1;
+        this.privateElevatedPermissionsHash.set(elevationId, newElevation);
+        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
         return () => {
-            this.elevationCallsCounter -= 1;
-            this.privateElevatedPermissions = this.elevationInitialState;
+            this.privateElevatedPermissionsHash.delete(elevationId);
+            currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
         };
     }
     getUserPermissionsLegacy() {

package/lib/user/api-user-flows.test.js CHANGED Viewed

@@ -31,6 +31,7 @@ const generateApp = (addEndpoints, port) => __awaiter(void 0, void 0, void 0, fu
 describe('E2E', () => {
     it('Basic functionality', () => __awaiter(void 0, void 0, void 0, function* () {
         let server2TraceId = null;
+        const [uuid1, uuid2] = [uuid_1.v4(), uuid_1.v4()];
         index_1.enableTracing({
             outbreakOptions: {
                 headersPrefix: 'x-af-',
@@ -40,17 +41,24 @@ describe('E2E', () => {
             app.use(index_2.middleware());
             app.get('/', (req, res) => __awaiter(void 0, void 0, void 0, function* () {
                 const user = index_1.getUser();
-                const closeElevation = user.elevatePermissions({
+                const closeElevation1 = user.elevatePermissions({
                     businessModels: {
-                        [uuid_1.v4()]: ['vehicle:write'],
+                        [uuid1]: ['vehicle:write'],
+                    },
+                });
+                const closeElevation2 = user.elevatePermissions({
+                    businessModels: {
+                        [uuid2]: ['vehicle:write'],
                     },
                 });
                 const { data: res1 } = yield axios_1.default.post('http://localhost:8082');
-                closeElevation();
-                res.json(res1);
+                closeElevation1();
+                const { data: res2 } = yield axios_1.default.post('http://localhost:8082');
+                closeElevation2();
+                res.json([res1, res2]);
             }));
-        }, 8081);
-        let server2NumberOfPermissions = 0;
+        }, 8089);
+        const server2NumberOfPermissions = [];
         const closeServer2 = yield generateApp((app) => {
             app.use(index_2.middleware());
             app.post('/', (req, res) => {
@@ -60,7 +68,7 @@ describe('E2E', () => {
                     fleets: {},
                     demandSources: {},
                 };
-                server2NumberOfPermissions = Object.keys(user.permissions.businessModels).length;
+                server2NumberOfPermissions.push(Object.keys(user.permissions.businessModels).length);
                 server2TraceId = req.headers['x-trace-id'];
                 res.json({
                     value: req.headers['x-af-header'],
@@ -69,7 +77,7 @@ describe('E2E', () => {
                 });
             });
         }, 8082);
-        const { data: res1, headers } = yield axios_1.default.get('http://localhost:8081', {
+        const { data: [res1, res2], headers } = yield axios_1.default.get('http://localhost:8089', {
             headers: {
                 'x-af-header': 'testHeader',
                 'x-af-id': 'my-wakanda-id',
@@ -78,10 +86,49 @@ describe('E2E', () => {
         });
         closeServer1();
         closeServer2();
-        expect(server2NumberOfPermissions).toEqual(1);
+        expect(server2NumberOfPermissions).toEqual([2, 1]);
         expect(headers['x-trace-id']).toEqual(server2TraceId);
         expect(res1.value).toEqual('testHeader');
         expect(res1.wkanda).toEqual('my-wakanda-id');
-        expect(JSON.parse(res1.addedPermissions).businessModels).toBeDefined();
+        expect(JSON.parse(res1.addedPermissions).businessModels[uuid1]).toBeDefined();
+        expect(JSON.parse(res1.addedPermissions).businessModels[uuid2]).toBeDefined();
+        expect(JSON.parse(res2.addedPermissions).businessModels[uuid1]).not.toBeDefined();
+        expect(JSON.parse(res2.addedPermissions).businessModels[uuid2]).toBeDefined();
+    }));
+    it('Should throw in case of invalid UUID', () => __awaiter(void 0, void 0, void 0, function* () {
+        let error = null;
+        index_1.enableTracing({
+            outbreakOptions: {
+                headersPrefix: 'x-af-',
+            },
+        });
+        const closeServer1 = yield generateApp((app) => {
+            app.use(index_2.middleware());
+            app.get('/', (req, res) => __awaiter(void 0, void 0, void 0, function* () {
+                const user = index_1.getUser();
+                try {
+                    const closeElevation1 = user.elevatePermissions({
+                        businessModels: {
+                            nnn: ['vehicle:write'],
+                        },
+                    });
+                    yield axios_1.default.post('http://localhost:8082');
+                    closeElevation1();
+                }
+                catch (e) {
+                    error = e;
+                }
+                res.json({ status: 'ok' });
+            }));
+        }, 8089);
+        yield axios_1.default.get('http://localhost:8089', {
+            headers: {
+                'x-af-header': 'testHeader',
+                'x-af-id': 'my-wakanda-id',
+                'x-af-user-id': uuid_1.v4(),
+            },
+        });
+        closeServer1();
+        expect(error.message).toEqual('Entity id on elevatePermissions is not a valid UUID, provided: nnn');
     }));
 });

package/lib/user/index.d.ts CHANGED Viewed

@@ -12,7 +12,6 @@ export declare const middlewareWithDecode: (options?: {
 export declare const appMiddleware: (options: {
     appId: string;
     clientSecret: string;
-    appSecret: string;
 }) => (req: any, res: any, next: any) => Promise<void>;
 export declare const eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
 export declare const getDecodedBearer: (req: any) => any;

package/lib/user/index.js CHANGED Viewed

@@ -27,39 +27,52 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getDecodedBearer = exports.eagerLoadPermissionsMiddleware = exports.appMiddleware = exports.middlewareWithDecode = exports.middleware = void 0;
 const jsonwebtoken_1 = require("jsonwebtoken");
 const ApiUser_1 = __importStar(require("./ApiUser"));
-const utils_1 = require("../utils");
 const tracer_1 = require("../tracer");
+const app_auth_1 = require("../app-auth");
+const appDoesNotExist_1 = __importDefault(require("../exceptions/appDoesNotExist"));
+const utils_1 = require("../utils");
 exports.middleware = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
-    const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
-    const userId = req.headers['x-af-user-id'];
-    const trace = tracer_1.newTrace('userPayload');
-    if (!userId) {
-        return next();
-    }
-    const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
-        ? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
-        : {};
-    const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader);
-    if (eagerLoadUserPermissions) {
-        if (customPermissionLoader) {
-            yield userObject.useCustomPermissionLoader(customPermissionLoader);
+    try {
+        const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
+        const userId = req.headers['x-af-user-id'];
+        const trace = tracer_1.newTrace('userPayload');
+        if (!userId) {
+            return next();
         }
-        else {
-            yield userObject.getUserPermissions();
+        const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
+            ? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
+            : {};
+        const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader);
+        if (eagerLoadUserPermissions) {
+            if (customPermissionLoader) {
+                yield userObject.useCustomPermissionLoader(customPermissionLoader);
+            }
+            else {
+                yield userObject.getUserPermissions();
+            }
         }
+        if (eagerLoadUserPermissionsLegacy) {
+            yield userObject.getUserPermissionsLegacy();
+        }
+        req.user = userObject;
+        trace.context.set('userObject', userObject);
+        // Added in order to support outbreak.
+        req.headers['x-af-user-permissions'] = userObject;
+        return next();
     }
-    if (eagerLoadUserPermissionsLegacy) {
-        yield userObject.getUserPermissionsLegacy();
+    catch (e) {
+        res.status(401);
+        return res.json({
+            error: 'cannot authenticate user',
+        });
     }
-    req.user = userObject;
-    trace.context.set('userObject', userObject);
-    // Added in order to support outbreak.
-    req.headers['x-af-user-permissions'] = userObject;
-    return next();
 });
 exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
@@ -68,7 +81,7 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
     let decoded;
     if (req.headers.authorization) {
         try {
-            decoded = utils_1.decodeBearer(req.headers.authorization);
+            decoded = yield utils_1.decodeBearer(req.headers.authorization);
         }
         catch (e) {
             if (e instanceof jsonwebtoken_1.TokenExpiredError) {
@@ -118,7 +131,7 @@ exports.middlewareWithDecode = (options = {}) => (req, res, next) => __awaiter(v
     return next();
 });
 exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
-    const { appId, clientSecret, appSecret, } = options;
+    const { appId, clientSecret, } = options;
     const trace = tracer_1.newTrace('userPayload');
     let decoded;
     if (!req.headers.authorization) {
@@ -128,7 +141,10 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
         });
     }
     try {
-        decoded = utils_1.decodeBearer(req.headers.authorization, appSecret);
+        decoded = yield app_auth_1.decodeAppBearer(req.headers.authorization, appId);
+        if (!decoded) {
+            throw new appDoesNotExist_1.default();
+        }
     }
     catch (e) {
         if (e instanceof jsonwebtoken_1.TokenExpiredError) {
@@ -143,6 +159,12 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
                 errors: [e.message],
             });
         }
+        if (e instanceof appDoesNotExist_1.default) {
+            res.status(400);
+            return res.json({
+                errors: [e.message],
+            });
+        }
         res.status(500);
         return res.json({
             errors: ['Server error while parsing token'],
@@ -153,13 +175,14 @@ exports.appMiddleware = (options) => (req, res, next) => __awaiter(void 0, void
         req.headers['X-AF-USER-ID'] = userId;
     }
     const userObject = new ApiUser_1.default(userId);
-    if (appId && clientSecret) {
+    if (appId) {
         req.headers['x-autofleet-apps-secret'] = clientSecret;
         // Won't work until we find a better solution for identity ms
         yield userObject.getUserAppPermissions(appId, clientSecret);
     }
     req.user = userObject;
     trace.context.set('userObject', userObject);
+    trace.context.set('accessToken', utils_1.getAuthFromBearer(req.headers.authorization));
     // Added in order to support outbreak.
     req.headers['x-af-user-permissions'] = userObject;
     return next();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@autofleet/zehut",
-  "version": "2.0.1-alpha4",
+  "version": "2.0.2",
   "description": "manage user's identity",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",