@autofleet/zehut 3.1.2-beta.9 → 3.2.0

package/README.md

@@ -1,77 +1,3 @@
-# AutoFleet Node Common
-This respostory is made in order have as much of common code as we can.
+# AutoFleet Zehut
 
-Each line of code used in wrriten in this repo will be used in the enetire AutoFleet system.
-
-Make sure you have:
-* Tests
-* Docs
-
-## Consts
-
-Currently we suppurt:
-```
-  {
-    'OK'
-    'ERROR'
-    'FAIL'
-  }
-```
-
-## Network
-Server 2 Servers communication.
-
-Implemented:
-* Retriving service urls from environment
-* Retry - Using https://github.com/softonic/axios-retry
-* Caching - TBD
-* Syntatic response for fail - TBD
-* Circuit Breaking - TBD
-
-The API is just like [axios](https://github.com/axios/axios) api but the creation of new instance **must** have either `serviceName` or `serviceUrl` in options.
-
-In case `serviceName` used the constractor will look for an environment varible with the the name `<SERVICE_NAME>_SERVICE_HOST`.
-
-For Example:
-```
-const { Network } = require('@autofleet/node-common');
-
-n = new Network({ serviceName: 'TEST' });
-
-n.get('/posts/1');
-```
-.env file:
-```
-RIDE_SERVICE_HOST=jsonplaceholder.typicode.com
-```
-
-To learn more [click here](https://blog.risingstack.com/designing-microservices-architecture-for-failure/).
-
-## Settings
-
-### Adding settings
-For adding new setting you need to add it to the map.js file, please specify 
-* name - descriptive name
-* description - few words about what it does + unit
-* type - supportable types: 'number', 'string', 'json'
-* defaultValue - default value
-* context - 'security' and 'operation' will not show in the simulator configuration
-
-See example.
-
-## DeLorean
-
-Use this model to mock time on server - more info TBD.
-
-## Publish package
-
-bump the version number in package.json
-and run
-```
-npm publish
-```
-
-# Environment Variables 
-
-when using this package locally or outside autofleet-prod project you must set INTEGRATION_MS_SERVICE_HOST in .env file 
-# zehut
+This package handles authorization and authentication for AutoFleet services.

package/lib/check-permission.d.ts

@@ -1,6 +1,6 @@
 import ApiUser from './user/ApiUser';
 export declare const getUser: () => ApiUser | undefined;
 export declare const isUserExist: () => string;
-export declare const checkFleetPermission: (fleetId: any) => boolean;
-export declare const checkBusinessModelPermission: (businessModelId: any) => boolean;
-export declare const checkDemandSourcePermission: (demandSourceId: any) => boolean;
+export declare const checkFleetPermission: (fleetId: string) => boolean;
+export declare const checkBusinessModelPermission: (businessModelId: string) => boolean;
+export declare const checkDemandSourcePermission: (demandSourceId: string) => boolean;

package/lib/check-permission.js

@@ -2,34 +2,15 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.checkDemandSourcePermission = exports.checkBusinessModelPermission = exports.checkFleetPermission = exports.isUserExist = exports.getUser = void 0;
 const tracer_1 = require("./tracer");
-const getUser = () => (0, tracer_1.getCurrentTrace)()?.context?.get('userObject');
+const user_1 = require("./user");
+const getUser = () => (0, tracer_1.getCurrentTrace)().context?.get(user_1.USER_OBJECT);
 exports.getUser = getUser;
-const isUserExist = () => {
-    const u = (0, exports.getUser)();
-    return u && u.id;
-};
+const isUserExist = () => (0, exports.getUser)()?.id;
 exports.isUserExist = isUserExist;
-const checkFleetPermission = (fleetId) => {
-    if ((0, exports.isUserExist)()) {
-        const user = (0, exports.getUser)();
-        return !user || Object.keys(user.permissions.fleets).includes(fleetId);
-    }
-    return true;
-};
+const checkUserPermissions = (entityId, entityType) => !(0, exports.isUserExist)() || Object.hasOwn((0, exports.getUser)().permissions[entityType], entityId);
+const checkFleetPermission = (fleetId) => checkUserPermissions(fleetId, 'fleets');
 exports.checkFleetPermission = checkFleetPermission;
-const checkBusinessModelPermission = (businessModelId) => {
-    if ((0, exports.isUserExist)()) {
-        const user = (0, exports.getUser)();
-        return !user || Object.keys(user.permissions.businessModels).includes(businessModelId);
-    }
-    return true;
-};
+const checkBusinessModelPermission = (businessModelId) => checkUserPermissions(businessModelId, 'businessModels');
 exports.checkBusinessModelPermission = checkBusinessModelPermission;
-const checkDemandSourcePermission = (demandSourceId) => {
-    if ((0, exports.isUserExist)()) {
-        const user = (0, exports.getUser)();
-        return !user || Object.keys(user.permissions.demandSources).includes(demandSourceId);
-    }
-    return true;
-};
+const checkDemandSourcePermission = (demandSourceId) => checkUserPermissions(demandSourceId, 'demandSources');
 exports.checkDemandSourcePermission = checkDemandSourcePermission;

package/lib/errors.d.ts

@@ -1,5 +1,5 @@
-import ApiUser from './user';
+import type ApiUser from './user';
 export declare class UnauthorizedAccessError extends Error {
-    user: ApiUser;
-    constructor(user?: any, message?: string);
+    user: ApiUser | null;
+    constructor(user?: ApiUser | null, message?: string);
 }

package/lib/errors.js

@@ -5,8 +5,8 @@ exports.UnauthorizedAccessError = void 0;
 class UnauthorizedAccessError extends Error {
     constructor(user = null, message = 'UnauthorizedAccessError') {
         super(message);
-        this.name = 'UnauthorizedAccessError';
         this.user = user;
+        this.name = 'UnauthorizedAccessError';
     }
 }
 exports.UnauthorizedAccessError = UnauthorizedAccessError;

package/lib/exceptions/appDoesNotExist.d.ts

@@ -1,3 +1,4 @@
 export default class AppDoesNotExist extends Error {
-    mesaage: 'app does not exist';
+    name: string;
+    message: string;
 }

package/lib/exceptions/appDoesNotExist.js

@@ -1,5 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 class AppDoesNotExist extends Error {
+    constructor() {
+        super(...arguments);
+        this.name = 'AppDoesNotExist';
+        this.message = 'app does not exist';
+    }
 }
 exports.default = AppDoesNotExist;

package/lib/index.d.ts

@@ -1,5 +1,8 @@
+/// <reference types="express" />
+/// <reference types="qs" />
 import * as outbreak from '@autofleet/outbreak';
 import User, { middleware, eagerLoadPermissionsMiddleware, middlewareWithDecode, getDecodedBearer, appMiddleware, createOrSetRabbitTrace } from './user';
+import { type UserPayload, CONTEXTS_IDS_HEADER } from './user/ApiUser';
 import { newTrace, traceTypes } from './tracer';
 import { checkFleetPermission, checkBusinessModelPermission, checkDemandSourcePermission, isUserExist, getUser } from './check-permission';
 import { UnauthorizedAccessError } from './errors';
@@ -8,10 +11,11 @@ import { AUTHORIZATION_METHODS, getAuthorizationHeader } from './authorization';
 declare const getCurrentPayload: () => import("./tracer").Trace | {
     [x: string]: never;
 };
+type OutbreakOptions = Parameters<typeof outbreak.default>[0];
 declare const enableTracing: ({ outbreakOptions }?: {
-    outbreakOptions?: {};
+    outbreakOptions?: OutbreakOptions;
 }) => void;
-export { traceTypes, newTrace, enableTracing, User, middleware, middlewareWithDecode, eagerLoadPermissionsMiddleware, getCurrentPayload, getDecodedBearer, checkFleetPermission, checkBusinessModelPermission, checkDemandSourcePermission, isUserExist, getUser, getRefreshTokenSecret, getTokenSecret, UnauthorizedAccessError, appMiddleware, createOrSetRabbitTrace, outbreak, AUTHORIZATION_METHODS, getAuthorizationHeader, };
+export { traceTypes, newTrace, enableTracing, User, middleware, middlewareWithDecode, eagerLoadPermissionsMiddleware, getCurrentPayload, getDecodedBearer, checkFleetPermission, checkBusinessModelPermission, checkDemandSourcePermission, isUserExist, getUser, getRefreshTokenSecret, getTokenSecret, UnauthorizedAccessError, appMiddleware, createOrSetRabbitTrace, outbreak, AUTHORIZATION_METHODS, getAuthorizationHeader, type UserPayload, CONTEXTS_IDS_HEADER, };
 declare const _default: {
     traceTypes: {
         HTTP_REQUEST: string;
@@ -24,28 +28,28 @@ declare const _default: {
         eagerLoadUserPermissions?: boolean;
         eagerLoadUserPermissionsLegacy?: boolean;
         customPermissionLoader?: import("./user/ApiUser").CustomPermissionLoader;
-    }) => (req: any, res: any, next: any) => Promise<any>;
+    }) => import("express").Handler;
     middlewareWithDecode: (options?: {
         eagerLoadUserPermissions?: boolean;
         eagerLoadUserPermissionsLegacy?: boolean;
         returnErrorIfNoToken?: boolean;
-    }) => (req: any, res: any, next: any) => Promise<void>;
-    eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
+    }) => import("express").Handler;
+    eagerLoadPermissionsMiddleware: import("express").Handler;
     getCurrentPayload: () => import("./tracer").Trace | {
         [x: string]: never;
     };
-    getDecodedBearer: (req: any) => any;
-    checkFleetPermission: (fleetId: any) => boolean;
-    checkBusinessModelPermission: (businessModelId: any) => boolean;
-    checkDemandSourcePermission: (demandSourceId: any) => boolean;
+    getDecodedBearer: (req: import("express").Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>) => any;
+    checkFleetPermission: (fleetId: string) => boolean;
+    checkBusinessModelPermission: (businessModelId: string) => boolean;
+    checkDemandSourcePermission: (demandSourceId: string) => boolean;
     isUserExist: () => string;
     getUser: () => User;
     UnauthorizedAccessError: typeof UnauthorizedAccessError;
     appMiddleware: (options: {
         appId: string;
         clientSecret: string;
-    }) => (req: any, res: any, next: any) => Promise<void>;
-    createOrSetRabbitTrace: (trace: any, userId: any) => Promise<void>;
+    }) => import("express").Handler;
+    createOrSetRabbitTrace: (trace: import("./tracer").Trace, userId: string) => Promise<void>;
     outbreak: typeof outbreak;
     AUTHORIZATION_METHODS: {
         NONE: string;
@@ -55,5 +59,6 @@ declare const _default: {
     getAuthorizationHeader: (authorizationSettings: {
         method: string;
     }) => string;
+    CONTEXTS_IDS_HEADER: string;
 };
 export default _default;

package/lib/index.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAuthorizationHeader = exports.AUTHORIZATION_METHODS = exports.outbreak = exports.createOrSetRabbitTrace = exports.appMiddleware = exports.UnauthorizedAccessError = exports.getTokenSecret = exports.getRefreshTokenSecret = exports.getUser = exports.isUserExist = exports.checkDemandSourcePermission = exports.checkBusinessModelPermission = exports.checkFleetPermission = exports.getDecodedBearer = exports.getCurrentPayload = exports.eagerLoadPermissionsMiddleware = exports.middlewareWithDecode = exports.middleware = exports.User = exports.enableTracing = exports.newTrace = exports.traceTypes = void 0;
+exports.CONTEXTS_IDS_HEADER = exports.getAuthorizationHeader = exports.AUTHORIZATION_METHODS = exports.outbreak = exports.createOrSetRabbitTrace = exports.appMiddleware = exports.UnauthorizedAccessError = exports.getTokenSecret = exports.getRefreshTokenSecret = exports.getUser = exports.isUserExist = exports.checkDemandSourcePermission = exports.checkBusinessModelPermission = exports.checkFleetPermission = exports.getDecodedBearer = exports.getCurrentPayload = exports.eagerLoadPermissionsMiddleware = exports.middlewareWithDecode = exports.middleware = exports.User = exports.enableTracing = exports.newTrace = exports.traceTypes = void 0;
 const outbreak = __importStar(require("@autofleet/outbreak"));
 exports.outbreak = outbreak;
 const user_1 = __importStar(require("./user"));
@@ -34,6 +34,8 @@ Object.defineProperty(exports, "middlewareWithDecode", { enumerable: true, get:
 Object.defineProperty(exports, "getDecodedBearer", { enumerable: true, get: function () { return user_1.getDecodedBearer; } });
 Object.defineProperty(exports, "appMiddleware", { enumerable: true, get: function () { return user_1.appMiddleware; } });
 Object.defineProperty(exports, "createOrSetRabbitTrace", { enumerable: true, get: function () { return user_1.createOrSetRabbitTrace; } });
+const ApiUser_1 = require("./user/ApiUser");
+Object.defineProperty(exports, "CONTEXTS_IDS_HEADER", { enumerable: true, get: function () { return ApiUser_1.CONTEXTS_IDS_HEADER; } });
 const tracer_1 = require("./tracer");
 Object.defineProperty(exports, "newTrace", { enumerable: true, get: function () { return tracer_1.newTrace; } });
 Object.defineProperty(exports, "traceTypes", { enumerable: true, get: function () { return tracer_1.traceTypes; } });
@@ -51,11 +53,10 @@ Object.defineProperty(exports, "getTokenSecret", { enumerable: true, get: functi
 const authorization_1 = require("./authorization");
 Object.defineProperty(exports, "AUTHORIZATION_METHODS", { enumerable: true, get: function () { return authorization_1.AUTHORIZATION_METHODS; } });
 Object.defineProperty(exports, "getAuthorizationHeader", { enumerable: true, get: function () { return authorization_1.getAuthorizationHeader; } });
-const headersTracer = outbreak.default;
 const getCurrentPayload = tracer_1.getCurrentTrace;
 exports.getCurrentPayload = getCurrentPayload;
 const enableTracing = ({ outbreakOptions = {} } = {}) => {
-    headersTracer({
+    outbreak.default({
         headersPrefix: 'x-af',
         ...outbreakOptions,
     });
@@ -82,4 +83,5 @@ exports.default = {
     outbreak,
     AUTHORIZATION_METHODS: authorization_1.AUTHORIZATION_METHODS,
     getAuthorizationHeader: authorization_1.getAuthorizationHeader,
+    CONTEXTS_IDS_HEADER: ApiUser_1.CONTEXTS_IDS_HEADER,
 };

package/lib/secret-getter.d.ts

@@ -1,2 +1,2 @@
-export declare const getRefreshTokenSecret: (token?: any) => string;
-export declare const getTokenSecret: (token?: any) => string;
+export declare const getRefreshTokenSecret: (token?: string) => string;
+export declare const getTokenSecret: (token?: string) => string;

package/lib/services.d.ts

@@ -1,2 +1,3 @@
-export declare const IdentityNetwork: any;
-export declare const AutofleetApiNetwork: any;
+import Network from '@autofleet/network';
+export declare const IdentityNetwork: Network;
+export declare const AutofleetApiNetwork: Network;

package/lib/tracer.js

@@ -5,7 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getCurrentTrace = exports.traceTypes = exports.newTrace = exports.enable = exports.Trace = void 0;
 const async_hooks_1 = __importDefault(require("async_hooks"));
-const uuid_1 = require("uuid");
+const node_crypto_1 = require("node:crypto");
 const prevStates = {};
 const tracer = {
     currentTrace: null,
@@ -40,7 +40,7 @@ const hook = async_hooks_1.default.createHook({
 });
 class Trace {
     constructor(type) {
-        this.id = (0, uuid_1.v1)();
+        this.id = (0, node_crypto_1.randomUUID)();
         this.type = type;
         this.context = new Map();
     }

package/lib/user/ApiUser.d.ts

@@ -23,23 +23,21 @@ export interface PartialUserPayload {
 }
 export type CustomPermissionLoader = (string: any) => Promise<UserPayload>;
 export default class ApiUser {
-    id: string | undefined;
-    privatePermissions: UserPayload | undefined;
-    privateElevatedPermissionsHash: Map<string, PartialUserPayload | undefined>;
-    privatePermissionsLegacy: any;
-    appPermission: {
-        [key: string]: any;
-    };
-    emptyUser: boolean;
-    accountType: AccountType | undefined;
+    id?: string;
+    accountType?: AccountType;
     contextIds?: string[];
+    private privatePermissions;
+    private readonly privateElevatedPermissionsHash;
+    private privatePermissionsLegacy;
+    private readonly appPermission;
+    readonly emptyUser: boolean;
     constructor(id?: string, accountType?: AccountType, elevatedPermissions?: PartialUserPayload, contextIds?: string[]);
     getUserPermissions(): Promise<UserPayload>;
-    useCustomPermissionLoader(customPermissionLoader: any): Promise<UserPayload>;
+    useCustomPermissionLoader(customPermissionLoader: (userId: string) => UserPayload | PromiseLike<UserPayload>): Promise<UserPayload>;
     get businessModels(): string[] | undefined;
     get fleets(): string[] | undefined;
     get demandSources(): string[] | undefined;
-    getUserProperty(key: any): string[] | undefined;
+    private getUserProperty;
     get elevatedPermissions(): UserPayload;
     get permissions(): UserPayload | undefined;
     elevatePermissions(addedPermissions: PartialUserPayload): () => void;

package/lib/user/ApiUser.js

@@ -4,33 +4,50 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CONTEXTS_IDS_HEADER = exports.ELEVATED_PERMISSIONS_HEADER = void 0;
-/* eslint-disable consistent-return */
 const node_cache_1 = __importDefault(require("node-cache"));
 const object_hash_1 = __importDefault(require("object-hash"));
-const uuid_1 = require("uuid");
 const outbreak_1 = require("@autofleet/outbreak");
-const services_1 = require("../services");
 const utils_1 = require("../utils");
+const services_1 = require("../services");
 exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
 exports.CONTEXTS_IDS_HEADER = 'x-af-context-ids';
 const userCache = new node_cache_1.default({ stdTTL: 10 });
+const mergePermissions = (target, sources) => {
+    const permissions = {
+        ...target,
+        fleets: { ...target?.fleets },
+        businessModels: { ...target?.businessModels },
+        demandSources: { ...target?.demandSources },
+        // Clone other nested objects as needed
+    };
+    // eslint-disable-next-line no-restricted-syntax
+    for (const source of sources) {
+        Object.keys(source).forEach((entityType) => {
+            // eslint-disable-next-line no-param-reassign
+            permissions[entityType] ?? (permissions[entityType] = {});
+            Object.entries(source[entityType]).forEach(([entityId, perms]) => {
+                // eslint-disable-next-line no-param-reassign
+                permissions[entityType][entityId] = (permissions[entityType][entityId] || []).concat(perms);
+            });
+        });
+    }
+    return permissions;
+};
 class ApiUser {
     constructor(id, accountType, elevatedPermissions, contextIds) {
         this.id = id;
-        this.emptyUser = !!id;
-        this.appPermission = {};
-        this.privateElevatedPermissionsHash = new Map();
+        this.accountType = accountType;
         this.contextIds = contextIds;
+        this.privateElevatedPermissionsHash = new Map();
+        this.appPermission = {};
+        this.emptyUser = !!id;
         if (elevatedPermissions) {
-            this.privateElevatedPermissionsHash.set('initial', elevatedPermissions);
-        }
-        if (accountType) {
-            this.accountType = accountType;
+            this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);
         }
     }
     async getUserPermissions() {
         if (!this.id) {
-            return;
+            return undefined;
         }
         if (this.privatePermissions) {
             return this.privatePermissions;
@@ -50,7 +67,7 @@ class ApiUser {
     }
     async useCustomPermissionLoader(customPermissionLoader) {
         if (!this.id) {
-            return;
+            return undefined;
         }
         if (this.privatePermissions) {
             return this.privatePermissions;
@@ -82,29 +99,22 @@ class ApiUser {
         return Object.keys(this.privatePermissions[key] || {});
     }
     get elevatedPermissions() {
-        let permissions = {
-            fleets: {},
-            businessModels: {},
-            demandSources: {},
-        };
-        [...this.privateElevatedPermissionsHash.values()].forEach((p) => {
-            permissions = (0, utils_1.mergeDeep)(permissions, p);
-        });
-        return permissions;
+        return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());
     }
     get permissions() {
         if (!this.privatePermissions) {
             throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
         }
-        const permissions = (0, utils_1.mergeDeep)(this.privatePermissions, this.elevatedPermissions);
-        return permissions;
+        return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());
     }
     elevatePermissions(addedPermissions) {
-        const elevationId = (0, uuid_1.v4)();
+        // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string
+        // eslint-disable-next-line symbol-description
+        const elevationId = Symbol();
         // Validate that the added permissions are valid UUIDs
-        Object.keys(addedPermissions).forEach((entityType) => {
-            Object.keys(addedPermissions[entityType]).forEach((entityId) => {
-                if (!(0, uuid_1.validate)(entityId)) {
+        Object.values(addedPermissions).forEach((entityIds) => {
+            Object.keys(entityIds).forEach((entityId) => {
+                if (!(0, utils_1.validateUUID)(entityId)) {
                     throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);
                 }
             });
@@ -124,7 +134,7 @@ class ApiUser {
     }
     async getUserPermissionsLegacy() {
         if (!this.id) {
-            return;
+            return undefined;
         }
         if (this.privatePermissionsLegacy) {
             return this.privatePermissionsLegacy;
@@ -141,7 +151,7 @@ class ApiUser {
     }
     async getUserAppPermissions(appId, clientSecret) {
         if (!this.id || !appId || !clientSecret) {
-            return;
+            return undefined;
         }
         const currentAppPermission = this.appPermission[appId];
         if (currentAppPermission) {

package/lib/user/index.d.ts

@@ -1,19 +1,27 @@
+import type { Handler, Request } from 'express';
 import ApiUser, { CustomPermissionLoader } from './ApiUser';
+import { newTrace } from '../tracer';
+export declare const USER_OBJECT = "userObject";
+declare module 'express-serve-static-core' {
+    interface Request {
+        user: ApiUser;
+    }
+}
 export declare const middleware: (options?: {
     eagerLoadUserPermissions?: boolean;
     eagerLoadUserPermissionsLegacy?: boolean;
     customPermissionLoader?: CustomPermissionLoader;
-}) => (req: any, res: any, next: any) => Promise<any>;
+}) => Handler;
 export declare const middlewareWithDecode: (options?: {
     eagerLoadUserPermissions?: boolean;
     eagerLoadUserPermissionsLegacy?: boolean;
     returnErrorIfNoToken?: boolean;
-}) => (req: any, res: any, next: any) => Promise<void>;
+}) => Handler;
 export declare const appMiddleware: (options: {
     appId: string;
     clientSecret: string;
-}) => (req: any, res: any, next: any) => Promise<void>;
-export declare const eagerLoadPermissionsMiddleware: (req: any, res: any, next: any) => Promise<any>;
-export declare const getDecodedBearer: (req: any) => any;
-export declare const createOrSetRabbitTrace: (trace: any, userId: any) => Promise<void>;
+}) => Handler;
+export declare const eagerLoadPermissionsMiddleware: Handler;
+export declare const getDecodedBearer: (req: Request) => any;
+export declare const createOrSetRabbitTrace: (trace: ReturnType<typeof newTrace> | undefined, userId: string | undefined) => Promise<void>;
 export default ApiUser;

package/lib/user/index.js

@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createOrSetRabbitTrace = exports.getDecodedBearer = exports.eagerLoadPermissionsMiddleware = exports.appMiddleware = exports.middlewareWithDecode = exports.middleware = void 0;
+exports.createOrSetRabbitTrace = exports.getDecodedBearer = exports.eagerLoadPermissionsMiddleware = exports.appMiddleware = exports.middlewareWithDecode = exports.middleware = exports.USER_OBJECT = void 0;
 const jsonwebtoken_1 = require("jsonwebtoken");
 const ApiUser_1 = __importStar(require("./ApiUser"));
 const tracer_1 = require("../tracer");
@@ -34,22 +34,31 @@ const app_auth_1 = require("../app-auth");
 const appDoesNotExist_1 = __importDefault(require("../exceptions/appDoesNotExist"));
 const utils_1 = require("../utils");
 const IDENTITY_MS = 'identity-ms';
+const ACCESS_TOKEN = 'accessToken';
+exports.USER_OBJECT = 'userObject';
+const USER_TRACING_HEADER = 'x-af-user-id';
+const ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';
+const USER_PERMISSIONS_HEADER = 'x-af-user-permissions';
+const LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();
+const AUTOFLEET_APPS_SECRET_HEADER = 'x-autofleet-apps-secret';
 const middleware = (options = {}) => async (req, res, next) => {
     try {
-        const originHeader = req.headers['X-IAF-ORIGIN-SERVICE'] || req.headers['x-iaf-origin-service'] || '';
+        const originHeader = (req.headers[ORIGIN_HEADER] || req.headers[LOWER_CASE_ORIGIN_HEADER] || '');
         if (originHeader.toLowerCase() === IDENTITY_MS) {
-            return next();
+            next();
+            return;
         }
         const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
-        const userId = req.headers['x-af-user-id'];
-        const contextIds = req.headers?.[ApiUser_1.CONTEXTS_IDS_HEADER]?.split(',');
+        const userId = req.headers[USER_TRACING_HEADER];
         const trace = (0, tracer_1.newTrace)('userPayload');
         if (!userId) {
-            return next();
+            next();
+            return;
         }
         const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
             ? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
             : {};
+        const contextIds = req.headers?.[ApiUser_1.CONTEXTS_IDS_HEADER]?.split(',');
         const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader, contextIds);
         if (eagerLoadUserPermissions) {
             if (customPermissionLoader) {
@@ -63,16 +72,14 @@ const middleware = (options = {}) => async (req, res, next) => {
             await userObject.getUserPermissionsLegacy();
         }
         req.user = userObject;
-        trace.context.set('userObject', userObject);
+        trace.context.set(exports.USER_OBJECT, userObject);
         // Added in order to support outbreak.
-        req.headers['x-af-user-permissions'] = userObject;
-        return next();
+        // @ts-expect-error we are setting an object onto the request headers.
+        req.headers[USER_PERMISSIONS_HEADER] = userObject;
+        next();
     }
     catch (e) {
-        res.status(401);
-        return res.json({
-            error: 'cannot authenticate user',
-        });
+        res.status(401).json({ error: 'cannot authenticate user' });
     }
 };
 exports.middleware = middleware;
@@ -86,51 +93,39 @@ const middlewareWithDecode = (options = {}) => async (req, res, next) => {
         }
         catch (e) {
             if (e instanceof jsonwebtoken_1.TokenExpiredError) {
-                res.status(401);
-                res.json({
-                    errors: ['Access token expired'],
-                });
+                res.status(401).json({ errors: ['Access token expired'] });
             }
             else if (e instanceof jsonwebtoken_1.JsonWebTokenError) {
-                res.status(400);
-                res.json({
-                    errors: [e.message],
-                });
+                res.status(400).json({ errors: [e.message] });
             }
             else {
-                res.status(500);
-                res.json({
-                    errors: ['Server error while parsing token'],
-                });
+                res.status(500).json({ errors: ['Server error while parsing token'] });
             }
             return;
         }
         const userId = decoded?.user?.id;
         if (userId) {
-            req.headers['X-AF-USER-ID'] = userId;
+            req.headers[USER_TRACING_HEADER] = userId;
         }
         const contextIds = req.headers?.[ApiUser_1.CONTEXTS_IDS_HEADER]?.split(',');
         const userObject = new ApiUser_1.default(userId, decoded?.user?.accountType, undefined, contextIds);
-        if (eagerLoadUserPermissions) {
-            await userObject.getUserPermissions();
-        }
-        if (eagerLoadUserPermissionsLegacy) {
-            await userObject.getUserPermissionsLegacy();
+        if (eagerLoadUserPermissions || eagerLoadUserPermissionsLegacy) {
+            await Promise.all([
+                eagerLoadUserPermissions && userObject.getUserPermissions(),
+                eagerLoadUserPermissionsLegacy && userObject.getUserPermissionsLegacy(),
+            ]);
         }
         req.user = userObject;
-        trace.context.set('userObject', userObject);
+        trace.context.set(exports.USER_OBJECT, userObject);
         // Added in order to support outbreak.
-        req.headers['x-af-user-permissions'] = userObject;
+        // @ts-expect-error we are setting an object onto the request headers.
+        req.headers[USER_PERMISSIONS_HEADER] = userObject;
     }
     else if (returnErrorIfNoToken) {
-        res.status(401);
-        // eslint-disable-next-line consistent-return
-        return res.json({
-            errors: ['No token provided'],
-        });
+        res.status(401).json({ errors: ['No token provided'] });
+        return;
     }
-    // eslint-disable-next-line consistent-return
-    return next();
+    next();
 };
 exports.middlewareWithDecode = middlewareWithDecode;
 const appMiddleware = (options) => async (req, res, next) => {
@@ -138,10 +133,8 @@ const appMiddleware = (options) => async (req, res, next) => {
     const trace = (0, tracer_1.newTrace)('userPayload');
     let decoded;
     if (!req.headers.authorization) {
-        res.status(401);
-        return res.json({
-            errors: ['No token provided'],
-        });
+        res.status(401).json({ errors: ['No token provided'] });
+        return;
     }
     try {
         decoded = await (0, app_auth_1.decodeAppBearer)(req.headers.authorization, appId);
@@ -151,66 +144,53 @@ const appMiddleware = (options) => async (req, res, next) => {
     }
     catch (e) {
         if (e instanceof jsonwebtoken_1.TokenExpiredError) {
-            res.status(401);
-            return res.json({
-                errors: ['Access token expired'],
-            });
-        }
-        if (e instanceof jsonwebtoken_1.JsonWebTokenError) {
-            res.status(400);
-            return res.json({
-                errors: [e.message],
-            });
+            res.status(401).json({ errors: ['Access token expired'] });
+            return;
         }
-        if (e instanceof appDoesNotExist_1.default) {
-            res.status(400);
-            return res.json({
-                errors: [e.message],
-            });
+        if ([jsonwebtoken_1.JsonWebTokenError, appDoesNotExist_1.default].some((Err) => e instanceof Err)) {
+            res.status(400).json({ errors: [e.message] });
+            return;
         }
-        res.status(500);
-        return res.json({
-            errors: ['Server error while parsing token'],
-        });
+        res.status(500).json({ errors: ['Server error while parsing token'] });
+        return;
     }
     const userId = decoded?.userId;
     if (userId) {
-        req.headers['X-AF-USER-ID'] = userId;
+        req.headers[USER_TRACING_HEADER] = userId;
     }
     const userObject = new ApiUser_1.default(userId);
     if (appId) {
-        req.headers['x-autofleet-apps-secret'] = clientSecret;
+        req.headers[AUTOFLEET_APPS_SECRET_HEADER] = clientSecret;
         // Won't work until we find a better solution for identity ms
         await userObject.getUserAppPermissions(appId, clientSecret);
     }
     req.user = userObject;
-    trace.context.set('userObject', userObject);
-    trace.context.set('accessToken', (0, utils_1.getAuthFromBearer)(req.headers.authorization));
+    trace.context.set(exports.USER_OBJECT, userObject);
+    trace.context.set(ACCESS_TOKEN, (0, utils_1.getAuthFromBearer)(req.headers.authorization));
     // Added in order to support outbreak.
-    req.headers['x-af-user-permissions'] = userObject;
-    return next();
+    // @ts-expect-error we are setting an object onto the request headers.
+    req.headers[USER_PERMISSIONS_HEADER] = userObject;
+    next();
 };
 exports.appMiddleware = appMiddleware;
 const eagerLoadPermissionsMiddleware = async (req, res, next) => {
     await req.user.getUserPermissions();
-    return next();
+    next();
 };
 exports.eagerLoadPermissionsMiddleware = eagerLoadPermissionsMiddleware;
 const getDecodedBearer = (req) => {
-    if (req.headers.authorization) {
-        return (0, utils_1.decodeBearer)(req.headers.authorization);
+    if (!req.headers.authorization) {
+        return null;
     }
-    return null;
+    return (0, utils_1.decodeBearer)(req.headers.authorization);
 };
 exports.getDecodedBearer = getDecodedBearer;
 const createOrSetRabbitTrace = async (trace, userId) => {
     const userObject = new ApiUser_1.default(userId);
     await userObject.getUserPermissions();
-    if (!trace) {
-        // eslint-disable-next-line no-param-reassign
-        trace = (0, tracer_1.newTrace)(tracer_1.traceTypes.RABBIT);
-    }
-    trace.context.set('userObject', userObject);
+    // eslint-disable-next-line no-param-reassign
+    trace ?? (trace = (0, tracer_1.newTrace)(tracer_1.traceTypes.RABBIT));
+    trace.context.set(exports.USER_OBJECT, userObject);
 };
 exports.createOrSetRabbitTrace = createOrSetRabbitTrace;
 exports.default = ApiUser_1.default;

package/lib/utils.d.ts

@@ -1,13 +1,8 @@
+/// <reference types="node" />
+import type { UUID } from 'node:crypto';
 export declare const getAuthFromBearer: (bearer: string) => string;
 export declare const decodeBearer: (bearer: string, appSecret?: string) => any;
 export declare const parsePermissions: (contextId: any, decodedToken: any) => any;
 export declare const getEntitiesFromContext: (contextId: string, decodedToken: any) => any;
 export declare const getContextAttributes: (contextId: string, decodedToken: any) => any;
-/**
- * Custom deep merge function that merges `source` into `target`.
- *
- * @param target - The object to receive merged properties.
- * @param source - The object whose properties are merged into the target.
- * @returns The modified `target` object.
- */
-export declare const mergeDeep: <T extends object>(target: T, source: Partial<T>) => T;
+export declare function validateUUID(uuid: unknown): uuid is UUID;

package/lib/utils.js

@@ -23,8 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.mergeDeep = exports.getContextAttributes = exports.getEntitiesFromContext = exports.parsePermissions = exports.decodeBearer = exports.getAuthFromBearer = void 0;
-/* eslint-disable prefer-destructuring */
+exports.validateUUID = exports.getContextAttributes = exports.getEntitiesFromContext = exports.parsePermissions = exports.decodeBearer = exports.getAuthFromBearer = void 0;
 const jwt = __importStar(require("jsonwebtoken"));
 const secret_getter_1 = require("./secret-getter");
 const CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'];
@@ -45,7 +44,7 @@ const parsePermissions = (contextId, decodedToken) => {
     if (!decodedToken) {
         return [];
     }
-    const contexts = decodedToken.contexts;
+    const { contexts } = decodedToken;
     const activeContext = contexts.find((context) => context.id === contextId);
     const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;
     return {
@@ -58,7 +57,7 @@ const getEntitiesFromContext = (contextId, decodedToken) => {
     if (!decodedToken) {
         return [];
     }
-    let contexts = decodedToken.contexts;
+    let { contexts } = decodedToken;
     if (contextId) {
         contexts = contexts.filter((context) => context.id === contextId);
     }
@@ -66,10 +65,8 @@ const getEntitiesFromContext = (contextId, decodedToken) => {
     contexts.forEach((context) => {
         const prop = CONTEXT_MAP_PROPS[context.subSystem || 'business'];
         const permissions = (0, exports.parsePermissions)(context.id, decodedToken);
-        // eslint-disable-next-line no-unused-expressions
-        attributes[prop]
-            ? attributes[prop][permissions.key] = permissions.value
-            : attributes[prop] = { [permissions.key]: permissions.value };
+        attributes[prop] || (attributes[prop] = {});
+        attributes[prop][permissions.key] = permissions.value;
     });
     return attributes;
 };
@@ -78,7 +75,7 @@ const getContextAttributes = (contextId, decodedToken) => {
     if (!decodedToken) {
         return [];
     }
-    let contexts = decodedToken.contexts;
+    let { contexts } = decodedToken;
     if (contextId) {
         contexts = contexts.filter((context) => context.id === contextId);
     }
@@ -87,44 +84,20 @@ const getContextAttributes = (contextId, decodedToken) => {
         CONTEXT_PROPS.forEach((prop) => {
             if (context[prop]) {
                 const contextPropWrapped = [context[prop]];
-                // eslint-disable-next-line no-unused-expressions
-                attributes[prop]
-                    ? attributes[prop] = attributes[prop].concat(contextPropWrapped)
-                    : attributes[prop] = contextPropWrapped;
+                attributes[prop] || (attributes[prop] = []);
+                attributes[prop] = attributes[prop].concat(contextPropWrapped);
             }
         });
     });
     return attributes;
 };
 exports.getContextAttributes = getContextAttributes;
-/**
- * A simple helper to check if a value is a plain object.
- */
-const isObject = (value) => (typeof value === 'object'
-    && value !== null
-    && !Array.isArray(value));
-/**
- * Custom deep merge function that merges `source` into `target`.
- *
- * @param target - The object to receive merged properties.
- * @param source - The object whose properties are merged into the target.
- * @returns The modified `target` object.
- */
-const mergeDeep = (target, source) => {
-    if (!isObject(target) || !isObject(source)) {
-        throw new Error('Both arguments must be objects to merge');
-    }
-    Object.keys(source).forEach((key) => {
-        const sourceValue = source[key];
-        const targetValue = target[key];
-        if (isObject(sourceValue) && isObject(targetValue)) {
-            (0, exports.mergeDeep)(targetValue, sourceValue);
-        }
-        else {
-            // eslint-disable-next-line no-param-reassign
-            target[key] = sourceValue;
-        }
-    });
-    return target;
-};
-exports.mergeDeep = mergeDeep;
+const EMPTY_UUID = '00000000-0000-0000-0000-000000000000';
+const FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';
+const VALID_CHARS_REGEX = '[0-9a-f]';
+const UUID_VERSION_REGEX = '[1-8]';
+const UUID_REGEX = new RegExp(`^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}|${EMPTY_UUID}|${FULL_UUID})$`, 'i');
+function validateUUID(uuid) {
+    return typeof uuid === 'string' && UUID_REGEX.test(uuid);
+}
+exports.validateUUID = validateUUID;

package/package.json

@@ -1,20 +1,20 @@
 {
   "name": "@autofleet/zehut",
-  "version": "3.1.2-beta.9",
+  "version": "3.2.0",
   "description": "manage user's identity",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
   "scripts": {
-    "build": "rm -rf lib && tsc",
+    "build": "rm -rf lib && tsc -p tsconfig.build.json",
     "prepublish": "npm run build",
-    "coverage": "jest --coverage --forceExit --runInBand && rm -rf ./coverage",
-    "test": "jest --forceExit --runInBand",
-    "test-auto": "jest --watch --runInBand",
-    "linter": "./node_modules/.bin/eslint ."
+    "coverage": "vitest --coverage",
+    "test": "vitest",
+    "test-auto": "vitest --watch",
+    "linter": "eslint ."
   },
   "repository": {
     "type": "git",
-    "url": "git+ssh://git@gitlab.com/AutoFleet/zehut.git"
+    "url": "https://github.com/Autofleet/zehut.git"
   },
   "author": "",
   "license": "ISC",
@@ -23,30 +23,38 @@
   },
   "homepage": "https://github.com/Autofleet/zehut",
   "dependencies": {
-    "@autofleet/network": "^1.5.0",
+    "@autofleet/network": "^1.7.4",
     "@autofleet/outbreak": "^1.0.4",
-    "axios": "^0.27.2",
-    "express": "^4.18.1",
     "jsonwebtoken": "^8.5.1",
-    "methods": "^1.1.2",
-    "moment": "^2.29.1",
-    "nock": "^13.2.9",
+    "moment": "^2.30.1",
     "node-cache": "^5.1.2",
-    "object-hash": "^3.0.0",
-    "supertest": "^6.2.4",
-    "uuid": "^8.3.2"
+    "object-hash": "^3.0.0"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.4",
-    "@types/node": "^16.14.2",
+    "@autofleet/logger": "^4.2.0",
+    "@types/express": "^4.17.21",
+    "@types/jsonwebtoken": "^8.5.9",
+    "@types/node": "^18.19.75",
     "@typescript-eslint/eslint-plugin": "^6.5.0",
     "@typescript-eslint/parser": "^6.5.0",
+    "@vitest/coverage-v8": "^3.0.6",
+    "axios": "^0.29.0",
     "eslint": "^8.48.0",
     "eslint-config-airbnb-typescript": "^17.1.0",
     "eslint-plugin-import": "^2.28.1",
-    "jest": "^29.6.4",
-    "ts-jest": "^29.1.1",
-    "typescript": "^4.9.5"
+    "express": "^4.21.2",
+    "nock": "^14.0.0",
+    "supertest": "^7.0.0",
+    "typescript": "^4.9.5",
+    "vitest": "^3.0.6"
+  },
+  "peerDependencies": {
+    "@autofleet/shtinker": "^1.2.0"
+  },
+  "peerDependenciesMeta": {
+    "@autofleet/shtinker": {
+      "optional": true
+    }
   },
   "files": [
     "lib/**/*"

package/lib/secret-getter.test.d.ts

@@ -1 +0,0 @@
-export {};

package/lib/secret-getter.test.js

@@ -1,90 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const moment_1 = __importDefault(require("moment"));
-const sleep = async (ms) => new Promise((resolve) => {
-    setTimeout(resolve, ms);
-});
-process.env.NODE_ENV = 'node-common-test';
-describe('secret getter tests', () => {
-    const testSecrets = {
-        DEPRECATED_JWT_SECRET: 'test_deprecated_secret',
-        JWT_NEW_SECRET: 'test_secret',
-        DEPRECATED_REFRESH_JWT_SECRET: 'test_deprecated_refresh_secret',
-        REFRESH_JWT_SECRET: 'test_refresh_secret',
-    };
-    beforeEach(() => {
-        jest.resetModules();
-        process.env = {
-            ...(process.env || {}),
-            ...testSecrets,
-        }; // Make a copy
-    });
-    it('test get new refresh token secret when after deprecation timestamp', async () => {
-        process.env.DEPRECATION_UNIX_TIMESTAMP = (0, moment_1.default)().subtract(1, 'days').unix().toString();
-        const { getTokenSecret } = await Promise.resolve().then(() => __importStar(require('./secret-getter')));
-        const token = jsonwebtoken_1.default.sign({
-            exp: (0, moment_1.default)().unix() + (60 * 60 * 24 * 365),
-        }, testSecrets.JWT_NEW_SECRET);
-        const result = getTokenSecret(token);
-        expect(result).toBe(testSecrets.JWT_NEW_SECRET);
-    });
-    it('test get old refresh token secret when before deprecation timestamp', async () => {
-        process.env.DEPRECATION_UNIX_TIMESTAMP = (0, moment_1.default)().add(1, 'days').unix().toString();
-        const { getTokenSecret } = await Promise.resolve().then(() => __importStar(require('./secret-getter')));
-        const token = jsonwebtoken_1.default.sign({
-            exp: (0, moment_1.default)().unix() + (60 * 60 * 24 * 365),
-        }, testSecrets.DEPRECATED_JWT_SECRET);
-        const result = getTokenSecret(token);
-        expect(result).toBe(testSecrets.DEPRECATED_JWT_SECRET);
-    });
-    it('test get old refresh token secret when after deprecation timestamp, but token is from before', async () => {
-        const token = jsonwebtoken_1.default.sign({
-            exp: (0, moment_1.default)().unix() + (60 * 60 * 24 * 365),
-        }, testSecrets.DEPRECATED_JWT_SECRET);
-        process.env.DEPRECATION_UNIX_TIMESTAMP = (0, moment_1.default)().add(10, 'seconds').unix().toString();
-        const { getTokenSecret } = await Promise.resolve().then(() => __importStar(require('./secret-getter')));
-        await sleep(1000);
-        const result = getTokenSecret(token);
-        expect(result).toBe(testSecrets.DEPRECATED_JWT_SECRET);
-    });
-    it('test malformed token returns new secret', async () => {
-        const { getTokenSecret } = await Promise.resolve().then(() => __importStar(require('./secret-getter')));
-        const token = 'shit';
-        const result = getTokenSecret(token);
-        expect(result).toBe(testSecrets.JWT_NEW_SECRET);
-    });
-    it('test malformed token returns new secret even before deprecation time', async () => {
-        process.env.DEPRECATION_UNIX_TIMESTAMP = (0, moment_1.default)().add(10, 'day').unix().toString();
-        const { getTokenSecret } = await Promise.resolve().then(() => __importStar(require('./secret-getter')));
-        const token = 'shit';
-        const result = getTokenSecret(token);
-        expect(result).toBe(testSecrets.JWT_NEW_SECRET);
-    });
-});

package/lib/test-helpers/index.d.ts

@@ -1,9 +0,0 @@
-import { AccountType, PartialUserPayload } from '../user/ApiUser';
-export type UserCustomAttributes = {
-    id?: string;
-    accountType?: AccountType;
-    elevatedPermissions?: PartialUserPayload;
-    permissions?: PartialUserPayload;
-};
-export declare const setIdentityNock: (userAttributes: any) => void;
-export declare const mockRequestAndUser: (app: any, userCustomAttributes: any) => {};

package/lib/test-helpers/index.js

@@ -1,35 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.mockRequestAndUser = exports.setIdentityNock = void 0;
-const supertest_1 = __importDefault(require("supertest"));
-const nock_1 = __importDefault(require("nock"));
-const http_1 = __importDefault(require("http"));
-const uuid_1 = require("uuid");
-const setIdentityNock = (userAttributes) => {
-    (0, nock_1.default)(`http://${process.env.IDENTITY_MS_SERVICE_HOST}`)
-        .get(`/api/v1/users/${userAttributes.id}/authorization-payload`)
-        .reply(200, userAttributes.permissions);
-};
-exports.setIdentityNock = setIdentityNock;
-const mockRequestAndUser = (app, userCustomAttributes) => {
-    const agent = supertest_1.default.agent(app);
-    const userAttributes = {
-        id: userCustomAttributes.id || (0, uuid_1.v4)(),
-        permissions: {
-            businessModels: userCustomAttributes?.permissions?.businessModels || {},
-            fleets: userCustomAttributes?.permissions?.fleets || {},
-            demandSources: userCustomAttributes?.permissions?.demandSources || {},
-        },
-    };
-    agent.set('x-af-user-id', userAttributes.id);
-    (0, exports.setIdentityNock)(userAttributes);
-    const agentObject = {};
-    http_1.default.METHODS.forEach((method) => {
-        agentObject[method.toLowerCase()] = (path) => agent[method.toLowerCase()](path).set('x-af-user-id', userAttributes.id);
-    });
-    return agentObject;
-};
-exports.mockRequestAndUser = mockRequestAndUser;

package/lib/user/api-user-flows.test.d.ts

@@ -1 +0,0 @@
-export {};

package/lib/user/api-user-flows.test.js

@@ -1,125 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const uuid_1 = require("uuid");
-const express_1 = __importDefault(require("express"));
-const axios_1 = __importDefault(require("axios"));
-const index_1 = require("../index");
-const index_2 = require("./index");
-const generateApp = async (addEndpoints, port) => {
-    const app = (0, express_1.default)();
-    addEndpoints(app);
-    const server = await new Promise((resolve) => {
-        const s = app.listen(port, () => {
-            console.log('Listen on port', port);
-            resolve(s);
-        });
-    });
-    return () => server.close();
-};
-describe('E2E', () => {
-    it('Basic functionality', async () => {
-        let server2TraceId = null;
-        const [uuid1, uuid2] = [(0, uuid_1.v4)(), (0, uuid_1.v4)()];
-        (0, index_1.enableTracing)({
-            outbreakOptions: {
-                headersPrefix: 'x-af-',
-            },
-        });
-        const closeServer1 = await generateApp((app) => {
-            app.use((0, index_2.middleware)());
-            app.get('/', async (req, res) => {
-                const user = (0, index_1.getUser)();
-                const closeElevation1 = user.elevatePermissions({
-                    businessModels: {
-                        [uuid1]: ['vehicle:write'],
-                    },
-                });
-                const closeElevation2 = user.elevatePermissions({
-                    businessModels: {
-                        [uuid2]: ['vehicle:write'],
-                    },
-                });
-                const { data: res1 } = await axios_1.default.post('http://localhost:8082');
-                closeElevation1();
-                const { data: res2 } = await axios_1.default.post('http://localhost:8082');
-                closeElevation2();
-                res.json([res1, res2]);
-            });
-        }, 8089);
-        const server2NumberOfPermissions = [];
-        const closeServer2 = await generateApp((app) => {
-            app.use((0, index_2.middleware)());
-            app.post('/', (req, res) => {
-                const user = (0, index_1.getUser)();
-                user.privatePermissions = {
-                    businessModels: {},
-                    fleets: {},
-                    demandSources: {},
-                };
-                server2NumberOfPermissions.push(Object.keys(user.permissions.businessModels).length);
-                server2TraceId = req.headers['x-trace-id'];
-                res.json({
-                    value: req.headers['x-af-header'],
-                    wkanda: req.headers['x-af-id'],
-                    addedPermissions: req.headers['x-af-elevated-permissions'],
-                });
-            });
-        }, 8082);
-        const { data: [res1, res2], headers } = await axios_1.default.get('http://localhost:8089', {
-            headers: {
-                'x-af-header': 'testHeader',
-                'x-af-id': 'my-wakanda-id',
-                'x-af-user-id': (0, uuid_1.v4)(),
-            },
-        });
-        closeServer1();
-        closeServer2();
-        expect(server2NumberOfPermissions).toEqual([2, 1]);
-        expect(headers['x-trace-id']).toEqual(server2TraceId);
-        expect(res1.value).toEqual('testHeader');
-        expect(res1.wkanda).toEqual('my-wakanda-id');
-        expect(JSON.parse(res1.addedPermissions).businessModels[uuid1]).toBeDefined();
-        expect(JSON.parse(res1.addedPermissions).businessModels[uuid2]).toBeDefined();
-        expect(JSON.parse(res2.addedPermissions).businessModels[uuid1]).not.toBeDefined();
-        expect(JSON.parse(res2.addedPermissions).businessModels[uuid2]).toBeDefined();
-    });
-    it('Should throw in case of invalid UUID', async () => {
-        let error = null;
-        (0, index_1.enableTracing)({
-            outbreakOptions: {
-                headersPrefix: 'x-af-',
-            },
-        });
-        const closeServer1 = await generateApp((app) => {
-            app.use((0, index_2.middleware)());
-            app.get('/', async (req, res) => {
-                const user = (0, index_1.getUser)();
-                try {
-                    const closeElevation1 = user.elevatePermissions({
-                        businessModels: {
-                            nnn: ['vehicle:write'],
-                        },
-                    });
-                    await axios_1.default.post('http://localhost:8082');
-                    closeElevation1();
-                }
-                catch (e) {
-                    error = e;
-                }
-                res.json({ status: 'ok' });
-            });
-        }, 8089);
-        await axios_1.default.get('http://localhost:8089', {
-            headers: {
-                'x-af-header': 'testHeader',
-                'x-af-id': 'my-wakanda-id',
-                'x-af-user-id': (0, uuid_1.v4)(),
-            },
-        });
-        closeServer1();
-        expect(error.message).toEqual('Entity id on elevatePermissions is not a valid UUID, provided: nnn');
-    });
-});