@autofleet/zehut 3.4.2 → 4.0.0

package/lib/user/ApiUser.js

@@ -1,187 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CONTEXTS_IDS_HEADER = exports.ELEVATED_PERMISSIONS_HEADER = void 0;
-const node_cache_1 = __importDefault(require("node-cache"));
-const object_hash_1 = __importDefault(require("object-hash"));
-const outbreak_1 = require("@autofleet/outbreak");
-const utils_1 = require("../utils");
-const services_1 = require("../services");
-exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
-exports.CONTEXTS_IDS_HEADER = 'x-af-context-ids';
-const userCache = new node_cache_1.default({ stdTTL: 10 });
-const mergePermissions = (target, sources) => {
-    const permissions = {
-        ...target,
-        fleets: { ...target?.fleets },
-        businessModels: { ...target?.businessModels },
-        demandSources: { ...target?.demandSources },
-        // Clone other nested objects as needed
-    };
-    // eslint-disable-next-line no-restricted-syntax
-    for (const source of sources) {
-        Object.keys(source).forEach((entityType) => {
-            // eslint-disable-next-line no-param-reassign
-            permissions[entityType] ?? (permissions[entityType] = {});
-            Object.entries(source[entityType]).forEach(([entityId, perms]) => {
-                // eslint-disable-next-line no-param-reassign
-                permissions[entityType][entityId] = (permissions[entityType][entityId] || []).concat(perms);
-            });
-        });
-    }
-    return permissions;
-};
-class ApiUser {
-    constructor(id, accountType, elevatedPermissions, contextIds) {
-        this.id = id;
-        this.accountType = accountType;
-        this.contextIds = contextIds;
-        this.privateElevatedPermissionsHash = new Map();
-        this.appPermission = {};
-        this.emptyUser = !!id;
-        if (elevatedPermissions) {
-            this.privateElevatedPermissionsHash.set(Symbol('initial'), elevatedPermissions);
-        }
-    }
-    async getUserPermissions() {
-        if (!this.id) {
-            return undefined;
-        }
-        if (this.privatePermissions) {
-            return this.privatePermissions;
-        }
-        const cacheKey = (0, object_hash_1.default)({
-            id: this.id,
-            contextIds: this.contextIds,
-        });
-        let data = userCache.get(cacheKey);
-        if (!data) {
-            ({ data } = await services_1.IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload`, { params: { contextIds: this.contextIds } }));
-            userCache.set(cacheKey, data);
-        }
-        this.accountType = data.accountType;
-        this.privatePermissions = data;
-        return this.privatePermissions;
-    }
-    async useCustomPermissionLoader(customPermissionLoader) {
-        if (!this.id) {
-            return undefined;
-        }
-        if (this.privatePermissions) {
-            return this.privatePermissions;
-        }
-        const cacheKey = this.id;
-        const cachedResult = userCache.get(cacheKey);
-        if (cachedResult) {
-            this.privatePermissions = cachedResult;
-            return cachedResult;
-        }
-        const data = await customPermissionLoader(this.id);
-        userCache.set(cacheKey, data);
-        this.privatePermissions = data;
-        return this.privatePermissions;
-    }
-    get businessModels() {
-        return this.getUserProperty('businessModels');
-    }
-    get fleets() {
-        return this.getUserProperty('fleets');
-    }
-    get demandSources() {
-        return this.getUserProperty('demandSources');
-    }
-    getUserProperty(key) {
-        if (!this.privatePermissions) {
-            throw new Error(`Cannot get ${key} without calling (async) getUserPermissions before`);
-        }
-        return Object.keys(this.privatePermissions[key] || {});
-    }
-    get elevatedPermissions() {
-        return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());
-    }
-    get permissions() {
-        if (!this.privatePermissions) {
-            throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
-        }
-        return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());
-    }
-    elevatePermissions(addedPermissions) {
-        // @itayankri is concerned about memory consumption, so create a symbol with no description, to avoid assigning memory for the description string
-        // eslint-disable-next-line symbol-description
-        const elevationId = Symbol();
-        // Validate that the added permissions are valid UUIDs
-        Object.values(addedPermissions).forEach((entityIds) => {
-            Object.keys(entityIds).forEach((entityId) => {
-                if (!(0, utils_1.validateUUID)(entityId)) {
-                    throw new Error(`Entity id on elevatePermissions is not a valid UUID, provided: ${entityId}`);
-                }
-            });
-        });
-        const currentUserTrace = (0, outbreak_1.getCurrentContext)();
-        if (!currentUserTrace) {
-            throw new Error('Cannot find current user cross services trace');
-        }
-        const currentElevation = JSON.parse(currentUserTrace.context[exports.ELEVATED_PERMISSIONS_HEADER] || '{}');
-        const newElevation = Object.assign(currentElevation, addedPermissions);
-        this.privateElevatedPermissionsHash.set(elevationId, newElevation);
-        currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
-        return () => {
-            this.privateElevatedPermissionsHash.delete(elevationId);
-            currentUserTrace.context.set(exports.ELEVATED_PERMISSIONS_HEADER, JSON.stringify(this.elevatedPermissions));
-        };
-    }
-    async getUserPermissionsLegacy() {
-        if (!this.id) {
-            return undefined;
-        }
-        if (this.privatePermissionsLegacy) {
-            return this.privatePermissionsLegacy;
-        }
-        const cacheKey = (0, object_hash_1.default)({
-            id: this.id,
-            contextIds: this.contextIds,
-            legacy: true,
-        });
-        let data = userCache.get(cacheKey);
-        if (!data) {
-            ({ data } = await services_1.IdentityNetwork.get(`/api/v1/users/${this.id}/authorization-payload-legacy`, { params: { contextIds: this.contextIds } }));
-            userCache.set(cacheKey, data);
-        }
-        this.privatePermissionsLegacy = data;
-        return this.privatePermissionsLegacy;
-    }
-    get permissionsLegacy() {
-        if (!this.privatePermissionsLegacy) {
-            throw new Error('Cannot get permissionsLegacy without calling (async) getUserPermissionsLegacy before');
-        }
-        return this.privatePermissionsLegacy;
-    }
-    async getUserAppPermissions(appId, clientSecret) {
-        if (!this.id || !appId || !clientSecret) {
-            return undefined;
-        }
-        const currentAppPermission = this.appPermission[appId];
-        if (currentAppPermission) {
-            return currentAppPermission;
-        }
-        const cacheKey = `${this.id}:${appId}`;
-        const cachedResult = userCache.get(cacheKey);
-        if (cachedResult) {
-            this.appPermission[appId] = cachedResult;
-            return cachedResult;
-        }
-        const { data } = await services_1.AutofleetApiNetwork.post(`/api/v1/apps/${appId}/get-user-payload`, {
-            userId: this.id,
-        }, {
-            headers: {
-                'x-autofleet-apps-secret': clientSecret,
-            },
-        });
-        userCache.set(cacheKey, data);
-        this.appPermission[appId] = data;
-        return this.appPermission[appId];
-    }
-}
-exports.default = ApiUser;

package/lib/user/index.d.ts

@@ -1,27 +0,0 @@
-import type { Handler, Request } from 'express';
-import ApiUser, { CustomPermissionLoader } from './ApiUser';
-import { newTrace } from '../tracer';
-export declare const USER_OBJECT = "userObject";
-declare module 'express-serve-static-core' {
-    interface Request {
-        user: ApiUser;
-    }
-}
-export declare const middleware: (options?: {
-    eagerLoadUserPermissions?: boolean;
-    eagerLoadUserPermissionsLegacy?: boolean;
-    customPermissionLoader?: CustomPermissionLoader;
-}) => Handler;
-export declare const middlewareWithDecode: (options?: {
-    eagerLoadUserPermissions?: boolean;
-    eagerLoadUserPermissionsLegacy?: boolean;
-    returnErrorIfNoToken?: boolean;
-}) => Handler;
-export declare const appMiddleware: (options: {
-    appId: string;
-    clientSecret: string;
-}) => Handler;
-export declare const eagerLoadPermissionsMiddleware: Handler;
-export declare const getDecodedBearer: (req: Request) => any;
-export declare const createOrSetRabbitTrace: (trace: ReturnType<typeof newTrace> | undefined, userId: string | undefined) => Promise<void>;
-export default ApiUser;

package/lib/user/index.js

@@ -1,196 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createOrSetRabbitTrace = exports.getDecodedBearer = exports.eagerLoadPermissionsMiddleware = exports.appMiddleware = exports.middlewareWithDecode = exports.middleware = exports.USER_OBJECT = void 0;
-const jsonwebtoken_1 = require("jsonwebtoken");
-const ApiUser_1 = __importStar(require("./ApiUser"));
-const tracer_1 = require("../tracer");
-const app_auth_1 = require("../app-auth");
-const appDoesNotExist_1 = __importDefault(require("../exceptions/appDoesNotExist"));
-const utils_1 = require("../utils");
-const IDENTITY_MS = 'identity-ms';
-const ACCESS_TOKEN = 'accessToken';
-exports.USER_OBJECT = 'userObject';
-const USER_TRACING_HEADER = 'x-af-user-id';
-const ORIGIN_HEADER = 'X-IAF-ORIGIN-SERVICE';
-const USER_PERMISSIONS_HEADER = 'x-af-user-permissions';
-const LOWER_CASE_ORIGIN_HEADER = ORIGIN_HEADER.toLowerCase();
-const AUTOFLEET_APPS_SECRET_HEADER = 'x-autofleet-apps-secret';
-const middleware = (options = {}) => async (req, res, next) => {
-    try {
-        const originHeader = (req.headers[ORIGIN_HEADER] || req.headers[LOWER_CASE_ORIGIN_HEADER] || '');
-        if (originHeader.toLowerCase() === IDENTITY_MS) {
-            next();
-            return;
-        }
-        const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, customPermissionLoader, } = options;
-        const userId = req.headers[USER_TRACING_HEADER];
-        const trace = (0, tracer_1.newTrace)('userPayload');
-        if (!userId) {
-            next();
-            return;
-        }
-        const elevatedPermissionsFromHeader = req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER] && req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER].length > 0
-            ? JSON.parse(req.headers[ApiUser_1.ELEVATED_PERMISSIONS_HEADER])
-            : {};
-        const contextIds = req.headers?.[ApiUser_1.CONTEXTS_IDS_HEADER]?.split(',');
-        const userObject = new ApiUser_1.default(userId, 'user', elevatedPermissionsFromHeader, contextIds);
-        if (eagerLoadUserPermissions) {
-            if (customPermissionLoader) {
-                await userObject.useCustomPermissionLoader(customPermissionLoader);
-            }
-            else {
-                await userObject.getUserPermissions();
-            }
-        }
-        if (eagerLoadUserPermissionsLegacy) {
-            await userObject.getUserPermissionsLegacy();
-        }
-        req.user = userObject;
-        trace.context.set(exports.USER_OBJECT, userObject);
-        // Added in order to support outbreak.
-        // @ts-expect-error we are setting an object onto the request headers.
-        req.headers[USER_PERMISSIONS_HEADER] = userObject;
-        next();
-    }
-    catch (e) {
-        res.status(401).json({ error: 'cannot authenticate user' });
-    }
-};
-exports.middleware = middleware;
-const middlewareWithDecode = (options = {}) => async (req, res, next) => {
-    const { eagerLoadUserPermissions, eagerLoadUserPermissionsLegacy, returnErrorIfNoToken, } = options;
-    const trace = (0, tracer_1.newTrace)('userPayload');
-    let decoded;
-    if (req.headers.authorization) {
-        try {
-            decoded = await (0, utils_1.decodeBearer)(req.headers.authorization);
-        }
-        catch (e) {
-            if (e instanceof jsonwebtoken_1.TokenExpiredError) {
-                res.status(401).json({ errors: ['Access token expired'] });
-            }
-            else if (e instanceof jsonwebtoken_1.JsonWebTokenError) {
-                res.status(400).json({ errors: [e.message] });
-            }
-            else {
-                res.status(500).json({ errors: ['Server error while parsing token'] });
-            }
-            return;
-        }
-        const userId = decoded?.user?.id;
-        if (userId) {
-            req.headers[USER_TRACING_HEADER] = userId;
-        }
-        const contextIds = req.headers?.[ApiUser_1.CONTEXTS_IDS_HEADER]?.split(',');
-        const userObject = new ApiUser_1.default(userId, decoded?.user?.accountType, undefined, contextIds);
-        if (eagerLoadUserPermissions || eagerLoadUserPermissionsLegacy) {
-            await Promise.all([
-                eagerLoadUserPermissions && userObject.getUserPermissions(),
-                eagerLoadUserPermissionsLegacy && userObject.getUserPermissionsLegacy(),
-            ]);
-        }
-        req.user = userObject;
-        trace.context.set(exports.USER_OBJECT, userObject);
-        // Added in order to support outbreak.
-        // @ts-expect-error we are setting an object onto the request headers.
-        req.headers[USER_PERMISSIONS_HEADER] = userObject;
-    }
-    else if (returnErrorIfNoToken) {
-        res.status(401).json({ errors: ['No token provided'] });
-        return;
-    }
-    next();
-};
-exports.middlewareWithDecode = middlewareWithDecode;
-const appMiddleware = (options) => async (req, res, next) => {
-    const { appId, clientSecret, } = options;
-    const trace = (0, tracer_1.newTrace)('userPayload');
-    let decoded;
-    if (!req.headers.authorization) {
-        res.status(401).json({ errors: ['No token provided'] });
-        return;
-    }
-    try {
-        decoded = await (0, app_auth_1.decodeAppBearer)(req.headers.authorization, appId);
-        if (!decoded) {
-            throw new appDoesNotExist_1.default();
-        }
-    }
-    catch (e) {
-        if (e instanceof jsonwebtoken_1.TokenExpiredError) {
-            res.status(401).json({ errors: ['Access token expired'] });
-            return;
-        }
-        if ([jsonwebtoken_1.JsonWebTokenError, appDoesNotExist_1.default].some((Err) => e instanceof Err)) {
-            res.status(400).json({ errors: [e.message] });
-            return;
-        }
-        res.status(500).json({ errors: ['Server error while parsing token'] });
-        return;
-    }
-    const userId = decoded?.userId;
-    if (userId) {
-        req.headers[USER_TRACING_HEADER] = userId;
-    }
-    const userObject = new ApiUser_1.default(userId);
-    if (appId) {
-        req.headers[AUTOFLEET_APPS_SECRET_HEADER] = clientSecret;
-        // Won't work until we find a better solution for identity ms
-        await userObject.getUserAppPermissions(appId, clientSecret);
-    }
-    req.user = userObject;
-    trace.context.set(exports.USER_OBJECT, userObject);
-    trace.context.set(ACCESS_TOKEN, (0, utils_1.getAuthFromBearer)(req.headers.authorization));
-    // Added in order to support outbreak.
-    // @ts-expect-error we are setting an object onto the request headers.
-    req.headers[USER_PERMISSIONS_HEADER] = userObject;
-    next();
-};
-exports.appMiddleware = appMiddleware;
-const eagerLoadPermissionsMiddleware = async (req, res, next) => {
-    await req.user.getUserPermissions();
-    next();
-};
-exports.eagerLoadPermissionsMiddleware = eagerLoadPermissionsMiddleware;
-const getDecodedBearer = (req) => {
-    if (!req.headers.authorization) {
-        return null;
-    }
-    return (0, utils_1.decodeBearer)(req.headers.authorization);
-};
-exports.getDecodedBearer = getDecodedBearer;
-const createOrSetRabbitTrace = async (trace, userId) => {
-    const userObject = new ApiUser_1.default(userId);
-    await userObject.getUserPermissions();
-    // eslint-disable-next-line no-param-reassign
-    trace ?? (trace = (0, tracer_1.newTrace)(tracer_1.traceTypes.RABBIT));
-    trace.context.set(exports.USER_OBJECT, userObject);
-};
-exports.createOrSetRabbitTrace = createOrSetRabbitTrace;
-exports.default = ApiUser_1.default;

package/lib/utils.d.ts

@@ -1,8 +0,0 @@
-/// <reference types="node" />
-import type { UUID } from 'node:crypto';
-export declare const getAuthFromBearer: (bearer: string) => string;
-export declare const decodeBearer: (bearer: string, appSecret?: string) => any;
-export declare const parsePermissions: (contextId: any, decodedToken: any) => any;
-export declare const getEntitiesFromContext: (contextId: string, decodedToken: any) => any;
-export declare const getContextAttributes: (contextId: string, decodedToken: any) => any;
-export declare function validateUUID(uuid: unknown): uuid is UUID;

package/lib/utils.js

@@ -1,103 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateUUID = exports.getContextAttributes = exports.getEntitiesFromContext = exports.parsePermissions = exports.decodeBearer = exports.getAuthFromBearer = void 0;
-const jwt = __importStar(require("jsonwebtoken"));
-const secret_getter_1 = require("./secret-getter");
-const CONTEXT_PROPS = ['fleetId', 'businessModelId', 'demandSourceId'];
-const CONTEXT_MAP_PROPS = {
-    fleet: 'fleets',
-    business: 'businessModels',
-    demand: 'demandSources',
-};
-const getAuthFromBearer = (bearer) => bearer.replace('Bearer ', '');
-exports.getAuthFromBearer = getAuthFromBearer;
-const decodeBearer = (bearer, appSecret) => {
-    const token = (0, exports.getAuthFromBearer)(bearer);
-    const decoded = jwt.verify(token, appSecret || (0, secret_getter_1.getTokenSecret)(token));
-    return decoded;
-};
-exports.decodeBearer = decodeBearer;
-const parsePermissions = (contextId, decodedToken) => {
-    if (!decodedToken) {
-        return [];
-    }
-    const { contexts } = decodedToken;
-    const activeContext = contexts.find((context) => context.id === contextId);
-    const permissionsValue = `${activeContext.permissions?.map((cp) => `${cp},`)}`;
-    return {
-        key: activeContext.entityId,
-        value: permissionsValue,
-    };
-};
-exports.parsePermissions = parsePermissions;
-const getEntitiesFromContext = (contextId, decodedToken) => {
-    if (!decodedToken) {
-        return [];
-    }
-    let { contexts } = decodedToken;
-    if (contextId) {
-        contexts = contexts.filter((context) => context.id === contextId);
-    }
-    const attributes = {};
-    contexts.forEach((context) => {
-        const prop = CONTEXT_MAP_PROPS[context.subSystem || 'business'];
-        const permissions = (0, exports.parsePermissions)(context.id, decodedToken);
-        attributes[prop] || (attributes[prop] = {});
-        attributes[prop][permissions.key] = permissions.value;
-    });
-    return attributes;
-};
-exports.getEntitiesFromContext = getEntitiesFromContext;
-const getContextAttributes = (contextId, decodedToken) => {
-    if (!decodedToken) {
-        return [];
-    }
-    let { contexts } = decodedToken;
-    if (contextId) {
-        contexts = contexts.filter((context) => context.id === contextId);
-    }
-    const attributes = {};
-    contexts.forEach((context) => {
-        CONTEXT_PROPS.forEach((prop) => {
-            if (context[prop]) {
-                const contextPropWrapped = [context[prop]];
-                attributes[prop] || (attributes[prop] = []);
-                attributes[prop] = attributes[prop].concat(contextPropWrapped);
-            }
-        });
-    });
-    return attributes;
-};
-exports.getContextAttributes = getContextAttributes;
-const EMPTY_UUID = '00000000-0000-0000-0000-000000000000';
-const FULL_UUID = 'ffffffff-ffff-ffff-ffff-ffffffffffff';
-const VALID_CHARS_REGEX = '[0-9a-f]';
-const UUID_VERSION_REGEX = '[1-8]';
-const UUID_REGEX = new RegExp(`^(?:${VALID_CHARS_REGEX}{8}-${VALID_CHARS_REGEX}{4}-${UUID_VERSION_REGEX}${VALID_CHARS_REGEX}{3}-[89ab]${VALID_CHARS_REGEX}{3}-${VALID_CHARS_REGEX}{12}|${EMPTY_UUID}|${FULL_UUID})$`, 'i');
-function validateUUID(uuid) {
-    return typeof uuid === 'string' && UUID_REGEX.test(uuid);
-}
-exports.validateUUID = validateUUID;