@aws-amplify/data-schema 0.11.0

package/LICENSE

@@ -0,0 +1,175 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.

package/NOTICE

@@ -0,0 +1 @@
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

package/lib-esm/index.d.ts

@@ -0,0 +1,4 @@
+import * as a from './src';
+import { ClientSchema } from './src/ClientSchema';
+export { a };
+export type { ClientSchema };

package/lib-esm/index.js

@@ -0,0 +1,28 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.a = void 0;
+const a = __importStar(require("./src"));
+exports.a = a;

package/lib-esm/src/Authorization.d.ts

@@ -0,0 +1,262 @@
+import type { UnionToIntersection } from '@aws-amplify/data-schema-types';
+declare const __data: unique symbol;
+/**
+ * All possible providers.
+ *
+ * This list should not be used if you need to restrict available providers
+ * according to an auth strategcy. E.g., `public` auth can only be facilitated
+ * by `apiKey` and `iam` providers.
+ */
+export declare const Providers: readonly ["apiKey", "iam", "userPools", "oidc", "function"];
+export type Provider = (typeof Providers)[number];
+/**
+ * The subset of auth providers that can facilitate `public` auth.
+ */
+export declare const PublicProviders: readonly ["apiKey", "iam"];
+export type PublicProvider = (typeof PublicProviders)[number];
+/**
+ * The subset of auth providers that can facilitate `private` auth.
+ */
+export declare const PrivateProviders: readonly ["userPools", "oidc", "iam"];
+export type PrivateProvider = (typeof PrivateProviders)[number];
+/**
+ * The subset of auth providers that can facilitate `owner` auth.
+ */
+export declare const OwnerProviders: readonly ["userPools", "oidc"];
+export type OwnerProviders = (typeof OwnerProviders)[number];
+/**
+ * The subset of auth providers that can facilitate `group` auth.
+ */
+export declare const GroupProviders: readonly ["userPools", "oidc"];
+export type GroupProvider = (typeof GroupProviders)[number];
+/**
+ * The subset of auth providers that can facilitate `custom` auth.
+ */
+export declare const CustomProviders: readonly ["function"];
+export type CustomProvider = (typeof CustomProviders)[number];
+export declare const Strategies: readonly ["public", "private", "owner", "groups", "custom"];
+export type Strategy = (typeof Strategies)[number];
+/**
+ * The operations that can be performed against an API.
+ */
+export declare const Operations: readonly ["create", "update", "delete", "read", "get", "list", "sync", "listen", "search"];
+export type Operation = (typeof Operations)[number];
+export type Authorization<AuthField extends string | undefined, AuthFieldPlurality extends boolean> = {
+    [__data]: {
+        strategy?: Strategy;
+        provider?: Provider;
+        operations?: Operation[];
+        groupOrOwnerField?: AuthField;
+        groups?: string[];
+        multiOwner: AuthFieldPlurality;
+        identityClaim?: string;
+        groupClaim?: string;
+    };
+};
+export type OwnerField = object;
+type BuilderMethods<T extends object> = {
+    [K in keyof T as T[K] extends (...args: any) => any ? K : never]: T[K];
+};
+declare function to<SELF extends Authorization<any, any>>(this: SELF, operations: Operation[]): Omit<SELF, "to">;
+declare function inField<SELF extends Authorization<any, any>, Field extends string>(this: SELF, field: Field): BuilderMethods<Omit<SELF, "inField">> & Authorization<Field, SELF[typeof __data]["multiOwner"]>;
+/**
+ * Specifies a property of the identity JWT to use in place of `sub::username`
+ * as the value to match against the owner field for authorization.
+ *
+ * @param this Authorization object to operate against.
+ * @param property A property of identity JWT.
+ * @returns A copy of the Authorization object with the claim attached.
+ */
+declare function identityClaim<SELF extends Authorization<any, any>>(this: SELF, property: string): Omit<SELF, "identityClaim">;
+declare function withClaimIn<SELF extends Authorization<any, any>>(this: SELF, property: string): Omit<SELF, "withClaimIn">;
+/**
+ * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,
+ * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `iam`, `userPools`, `oidc`, or `function`)
+ * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.
+ */
+export declare const allow: {
+    /**
+     * Authorize unauthenticated users. By default, `.public()` uses an API key based authorization. You can additionally
+     * use `.public('iam')` to use IAM based authorization for unauthenticated users.
+     * @param provider the authentication provider - supports "apiKey" or "iam" as valid providers
+     * @returns an authorization rule for unauthenticated users
+     */
+    readonly public: (provider?: PublicProvider) => Authorization<"owner", false> & {
+        to: typeof to;
+    };
+    /**
+     * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally
+     * use `.private("iam")` or `.private("oidc")` to use IAM or OIDC based authorization for authenticated users.
+     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * @returns an authorization rule for authenticated users
+     */
+    readonly private: (provider?: PrivateProvider) => Authorization<"owner", false> & {
+        to: typeof to;
+    };
+    /**
+     * Authorize access on a per-user (owner) basis. By setting owner-based authorization, a new `owner: a.string()`
+     * field will be added to the model to store which user "owns" the item. Upon item creation, the "owner field" is
+     * auto-populated with the authenticated user's information. You can which field should be used as the owner field
+     * by chaining the * `.inField(...)` method.
+     *
+     * By default, `.owner()` uses an Amazon Cognito user pool based authorization. You can additionally
+     * use `.owner("oidc")` to use OIDC based authentication to designate the owner.
+     *
+     * To change the specific claim that should be used as the user identifier within the owner field, chain the
+     * `.identityClaim(...)` method.
+     *
+     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * @returns an authorization rule for authenticated users
+     */
+    readonly owner: (provider?: OwnerProviders) => Authorization<"owner", false> & {
+        to: typeof to;
+        inField: typeof inField;
+        identityClaim: typeof identityClaim;
+    };
+    /**
+     * Authorize access for multi-user / multi-owner access. By setting multi-owner-based authorization, a new `owners: a.string().array()`
+     * field will be added to the model to store which users "own" the item. Upon item creation, the "owners field" is
+     * auto-populated with the authenticated user's information. To grant other users access to the item, append their user identifier into the `owners` array.
+     * You can which field should be used as the owners field by chaining the * `.inField(...)` method.
+     *
+     * By default, `.multipleOwners()` uses an Amazon Cognito user pool based authorization. You can additionally
+     * use `.multipleOwners("oidc")` to use OIDC based authentication to designate the owner.
+     *
+     * To change the specific claim that should be used as the user identifier within the owners field, chain the
+     * `.identityClaim(...)` method.
+     *
+     * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+     * @returns an authorization rule for authenticated users
+     */
+    readonly multipleOwners: (provider?: OwnerProviders) => Authorization<"owner", true> & {
+        to: typeof to;
+        inField: typeof inField;
+        identityClaim: typeof identityClaim;
+    };
+    /**
+     * Authorize a specific user group. Provide the name of the specific user group to have access.
+     *
+     * By default, `.specificGroup()` uses an Amazon Cognito user pool based authorization. You can additionally
+     * use `.specificGroup("oidc")` to use OIDC based authentication to designate the user group.
+     *
+     * To change the specific claim that should be used as the user group identifier, chain the
+     * `.groupClaim(...)` method.
+     * @param group the name of the group to authorize
+     * @param provider the authentication provider - supports "userPools" or "oidc"
+     * @returns an authorization rule to grant access by a specific group
+     */
+    readonly specificGroup: (group: string, provider?: GroupProvider) => Authorization<"owner", false> & {
+        to: typeof to;
+        withClaimIn: typeof withClaimIn;
+    };
+    /**
+     * Authorize multiple specific user groups. Provide the names of the specific user groups to have access.
+     *
+     * By default, `.specificGroups()` uses an Amazon Cognito user pool based authorization. You can additionally
+     * use `.specificGroups("oidc")` to use OIDC based authentication to designate the user group.
+     *
+     * To change the specific claim that should be used as the user group identifier, chain the
+     * `.groupClaim(...)` method.
+     * @param groups the names of the group to authorize defined as an array
+     * @param provider the authentication provider - supports "userPools" or "oidc"
+     * @returns an authorization rule to grant access by a specific group
+     */
+    readonly specificGroups: (groups: string[], provider?: GroupProvider) => Authorization<"owner", false> & {
+        to: typeof to;
+        withClaimIn: typeof withClaimIn;
+    };
+    /**
+     * Authorize if a user is part of a group defined in a data model field.
+     *
+     * By default, `.groupDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally
+     * use `.groupDefinedIn("oidc")` to use OIDC based authentication to designate the user group.
+     *
+     * To change the specific claim that should be used as the user group identifier within the groups field, chain the
+     * `.groupClaim(...)` method.
+     * @param groupsField the field that should store the authorized user group information
+     * @param provider the authentication provider - supports "userPools" or "oidc"
+     * @returns an authorization rule to grant access by a specific group
+     */
+    readonly groupDefinedIn: <T extends string>(groupsField: T, provider?: GroupProvider) => Authorization<T, false> & {
+        to: typeof to;
+    };
+    /**
+     * Authorize if a user is part of a one of the groups defined in a data model field.
+     *
+     * By default, `.groupsDefinedIn()` uses an Amazon Cognito user pool based authorization. You can additionally
+     * use `.groupsDefinedIn("oidc")` to use OIDC based authentication to designate the user group.
+     *
+     * To change the specific claim that should be used as the user group identifier within the groups field, chain the
+     * `.groupClaim(...)` method.
+     * @param groupsField the field that should store the list of authorized user groups
+     * @param provider the authentication provider - supports "userPools" or "oidc"
+     * @returns an authorization rule to grant access by a specific group
+     */
+    readonly groupsDefinedIn: <T_1 extends string>(groupsField: T_1, provider?: GroupProvider) => Authorization<T_1, true> & {
+        to: typeof to;
+    };
+    readonly custom: (provider?: CustomProvider) => Authorization<"owner", false> & {
+        to: typeof to;
+    };
+};
+/**
+ * Turns the type from a list of `Authorization` rules like this:
+ *
+ * ```typescript
+ * [
+ *  allow.public(),
+ *  allow.owner().inField('otherfield'),
+ *  allow.multipleOwners().inField('editors')
+ * ]
+ * ```
+ *
+ * Into a union of the possible `fieldname: type` auth objects like this:
+ *
+ * ```typescript
+ * {
+ *  owner?: string | undefined;
+ * } | {
+ *  otherfield?: string | undefined;
+ * } | {
+ *  editors?: string[] | undefined;
+ * }
+ * ```
+ */
+export type ImpliedAuthField<T extends Authorization<any, any>> = T extends Authorization<infer Field, infer isMulti> ? Field extends string ? isMulti extends true ? {
+    [K in Field]?: string[];
+} : {
+    [K in Field]?: string;
+} : object : object;
+/**
+ * Turns the type from a list of `Authorization` rules like this:
+ *
+ * ```typescript
+ * [
+ *  allow.public(),
+ *  allow.owner().inField('otherfield'),
+ *  allow.multipleOwners().inField('editors')
+ * ]
+ * ```
+ *
+ * Into an object type that includes all auth fields like this:
+ *
+ * ```typescript
+ * {
+ *  owner?: string | undefined;
+ *  otherfield?: string | undefined;
+ *  editors?: string[] | undefined;
+ * }
+ * ```
+ */
+export type ImpliedAuthFields<T extends Authorization<any, any>> = UnionToIntersection<ImpliedAuthField<T>>;
+export declare const accessData: <T extends Authorization<any, any>>(authorization: T) => {
+    strategy?: "public" | "private" | "owner" | "groups" | "custom" | undefined;
+    provider?: "function" | "apiKey" | "iam" | "userPools" | "oidc" | undefined;
+    operations?: ("create" | "update" | "delete" | "read" | "get" | "list" | "sync" | "listen" | "search")[] | undefined;
+    groupOrOwnerField?: any;
+    groups?: string[] | undefined;
+    multiOwner: any;
+    identityClaim?: string | undefined;
+    groupClaim?: string | undefined;
+};
+export {};