@axinom/mosaic-id-guard 0.24.0-rc.3 → 0.24.0-rc.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/message-bus/guarded-transactional-inbox-message-handler.d.ts +38 -0
  2. package/dist/message-bus/guarded-transactional-inbox-message-handler.d.ts.map +1 -0
  3. package/dist/message-bus/guarded-transactional-inbox-message-handler.js +39 -0
  4. package/dist/message-bus/guarded-transactional-inbox-message-handler.js.map +1 -0
  5. package/dist/message-bus/index.d.ts +1 -0
  6. package/dist/message-bus/index.d.ts.map +1 -1
  7. package/dist/message-bus/index.js +1 -0
  8. package/dist/message-bus/index.js.map +1 -1
  9. package/package.json +6 -5
  10. package/src/message-bus/guarded-transactional-inbox-message-handler.ts +89 -0
  11. package/src/message-bus/index.ts +1 -0
package/dist/message-bus/guarded-transactional-inbox-message-handler.d.ts ADDED
@@ -0,0 +1,38 @@
1
+ import { MessagingSettings } from '@axinom/mosaic-message-bus-abstractions';
2
+ import { Logger } from '@axinom/mosaic-service-common';
3
+ import { DbConfig, TransactionalInboxMessageHandler } from '@axinom/mosaic-transactional-inbox-outbox';
4
+ import { ClientBase } from 'pg';
5
+ import { AuthenticatedManagementSubject } from '../common';
6
+ export interface GuardedContext {
7
+ subject: AuthenticatedManagementSubject;
8
+ [key: string]: unknown;
9
+ }
10
+ export type GuardedConfig = DbConfig & {
11
+ idServiceAuthBaseUrl: string;
12
+ };
13
+ export declare abstract class GuardedTransactionalInboxMessageHandler<TMessage, TConfig extends GuardedConfig> extends TransactionalInboxMessageHandler<TMessage, GuardedContext, TConfig> {
14
+ protected permissions: string[];
15
+ /**
16
+ * Create a new Message handler that provides both the functionality to store
17
+ * an incoming RabbitMQ message in the inbox and provides the actual logic to
18
+ * execute the business logic that is based on that message.
19
+ * @param messagingSettings The definitions of the message that is handled.
20
+ * @param permissions The set of permissions that allow to execute the handler code
21
+ * @param config The configuration object
22
+ */
23
+ constructor(messagingSettings: MessagingSettings, permissions: string[], logger: Logger, config: TConfig);
24
+ private authenticateAndAuthorize;
25
+ /**
26
+ * Add the PostgreSQL settings for the environment owner connection and subject
27
+ * @param envOwnerClient The env owner based DB client
28
+ * @param subject The user or service account to use for setting the connection context
29
+ * @example
30
+ * ```ts
31
+ * const pgSettings = buildAuthPgSettings(subject, this.config.serviceId);
32
+ * await setPgSettingsConfig(pgSettings, envOwnerClient);
33
+ * ```
34
+ */
35
+ protected abstract setPgSettings(envOwnerClient: ClientBase, subject: AuthenticatedManagementSubject): Promise<void>;
36
+ mapError(error: Error): Error;
37
+ }
38
+ //# sourceMappingURL=guarded-transactional-inbox-message-handler.d.ts.map
package/dist/message-bus/guarded-transactional-inbox-message-handler.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"guarded-transactional-inbox-message-handler.d.ts","sourceRoot":"","sources":["../../src/message-bus/guarded-transactional-inbox-message-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,yCAAyC,CAAC;AAC5E,OAAO,EACL,MAAM,EAGP,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACL,QAAQ,EAER,gCAAgC,EACjC,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAChC,OAAO,EACL,8BAA8B,EAG/B,MAAM,WAAW,CAAC;AAGnB,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,8BAA8B,CAAC;IACxC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG;IAAE,oBAAoB,EAAE,MAAM,CAAA;CAAE,CAAC;AAExE,8BAAsB,uCAAuC,CAC3D,QAAQ,EACR,OAAO,SAAS,aAAa,CAC7B,SAAQ,gCAAgC,CAAC,QAAQ,EAAE,cAAc,EAAE,OAAO,CAAC;IAWzE,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE;IAVjC;;;;;;;OAOG;gBAED,iBAAiB,EAAE,iBAAiB,EAC1B,WAAW,EAAE,MAAM,EAAE,EAC/B,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,OAAO;IAWjB,OAAO,CAAC,wBAAwB,CAe9B;IAEF;;;;;;;;;OASG;IACH,SAAS,CAAC,QAAQ,CAAC,aAAa,CAC9B,cAAc,EAAE,UAAU,EAC1B,OAAO,EAAE,8BAA8B,GACtC,OAAO,CAAC,IAAI,CAAC;IAEP,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,KAAK;CAGvC"}
package/dist/message-bus/guarded-transactional-inbox-message-handler.js ADDED
@@ -0,0 +1,39 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.GuardedTransactionalInboxMessageHandler = void 0;
4
+ const mosaic_service_common_1 = require("@axinom/mosaic-service-common");
5
+ const mosaic_transactional_inbox_outbox_1 = require("@axinom/mosaic-transactional-inbox-outbox");
6
+ const common_1 = require("../common");
7
+ const message_handler_permissions_1 = require("./message-handler-permissions");
8
+ class GuardedTransactionalInboxMessageHandler extends mosaic_transactional_inbox_outbox_1.TransactionalInboxMessageHandler {
9
+ /**
10
+ * Create a new Message handler that provides both the functionality to store
11
+ * an incoming RabbitMQ message in the inbox and provides the actual logic to
12
+ * execute the business logic that is based on that message.
13
+ * @param messagingSettings The definitions of the message that is handled.
14
+ * @param permissions The set of permissions that allow to execute the handler code
15
+ * @param config The configuration object
16
+ */
17
+ constructor(messagingSettings, permissions, logger, config) {
18
+ const wrapper = async (message, envOwnerClient) => {
19
+ return this.authenticateAndAuthorize(message, envOwnerClient);
20
+ };
21
+ super(messagingSettings, logger, config, wrapper);
22
+ this.permissions = permissions;
23
+ this.authenticateAndAuthorize = async (message, envOwnerClient) => {
24
+ const token = message.metadata.authToken;
25
+ if (token === undefined) {
26
+ throw new mosaic_service_common_1.MosaicError(common_1.IdGuardErrors.AccessTokenRequired);
27
+ }
28
+ const subject = await (0, common_1.getAuthenticatedManagementSubject)(token, this.config.idServiceAuthBaseUrl);
29
+ await (0, message_handler_permissions_1.permissionsCheck)(subject, this.permissions, this.config.serviceId);
30
+ this.setPgSettings(envOwnerClient, subject);
31
+ return { subject };
32
+ };
33
+ }
34
+ mapError(error) {
35
+ return (0, mosaic_service_common_1.getMappedError)(error);
36
+ }
37
+ }
38
+ exports.GuardedTransactionalInboxMessageHandler = GuardedTransactionalInboxMessageHandler;
39
+ //# sourceMappingURL=guarded-transactional-inbox-message-handler.js.map
package/dist/message-bus/guarded-transactional-inbox-message-handler.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"guarded-transactional-inbox-message-handler.js","sourceRoot":"","sources":["../../src/message-bus/guarded-transactional-inbox-message-handler.ts"],"names":[],"mappings":";;;AACA,yEAIuC;AACvC,iGAImD;AAEnD,sCAImB;AACnB,+EAAiE;AASjE,MAAsB,uCAGpB,SAAQ,oEAAmE;IAC3E;;;;;;;OAOG;IACH,YACE,iBAAoC,EAC1B,WAAqB,EAC/B,MAAc,EACd,MAAe;QAEf,MAAM,OAAO,GAAG,KAAK,EACnB,OAA4C,EAC5C,cAA0B,EACD,EAAE;YAC3B,OAAO,IAAI,CAAC,wBAAwB,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAChE,CAAC,CAAC;QACF,KAAK,CAAC,iBAAiB,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAVxC,gBAAW,GAAX,WAAW,CAAU;QAazB,6BAAwB,GAAG,KAAK,EACtC,OAA4C,EAC5C,cAA0B,EACD,EAAE;YAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;YACzC,IAAI,KAAK,KAAK,SAAS,EAAE;gBACvB,MAAM,IAAI,mCAAW,CAAC,sBAAa,CAAC,mBAAmB,CAAC,CAAC;aAC1D;YACD,MAAM,OAAO,GAAG,MAAM,IAAA,0CAAiC,EACrD,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,oBAAoB,CACjC,CAAC;YACF,MAAM,IAAA,8CAAgB,EAAC,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACzE,IAAI,CAAC,aAAa,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YAC5C,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC,CAAC;IAjBF,CAAC;IAkCQ,QAAQ,CAAC,KAAY;QAC5B,OAAO,IAAA,sCAAc,EAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;CACF;AA9DD,0FA8DC"}
package/dist/message-bus/index.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  export * from './guard-message-handler';
2
+ export * from './guarded-transactional-inbox-message-handler';
2
3
  export * from './message-handler-authentication';
3
4
  export * from './message-handler-permissions';
4
5
  //# sourceMappingURL=index.d.ts.map
package/dist/message-bus/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/message-bus/index.ts"],"names":[],"mappings":"AAAA,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC;AACjD,cAAc,+BAA+B,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/message-bus/index.ts"],"names":[],"mappings":"AAAA,cAAc,yBAAyB,CAAC;AACxC,cAAc,+CAA+C,CAAC;AAC9D,cAAc,kCAAkC,CAAC;AACjD,cAAc,+BAA+B,CAAC"}
package/dist/message-bus/index.js CHANGED
@@ -15,6 +15,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
17
  __exportStar(require("./guard-message-handler"), exports);
18
+ __exportStar(require("./guarded-transactional-inbox-message-handler"), exports);
18
19
  __exportStar(require("./message-handler-authentication"), exports);
19
20
  __exportStar(require("./message-handler-permissions"), exports);
20
21
  //# sourceMappingURL=index.js.map
package/dist/message-bus/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/message-bus/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0DAAwC;AACxC,mEAAiD;AACjD,gEAA8C"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/message-bus/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0DAAwC;AACxC,gFAA8D;AAC9D,mEAAiD;AACjD,gEAA8C"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@axinom/mosaic-id-guard",
3
- "version": "0.24.0-rc.3",
3
+ "version": "0.24.0-rc.5",
4
4
  "description": "Authentication and authorization helpers for Axinom Mosaic services",
5
5
  "author": "Axinom",
6
6
  "license": "PROPRIETARY",
@@ -28,9 +28,10 @@
28
28
  "lint": "eslint . --ext .ts,.tsx,.js --color --cache"
29
29
  },
30
30
  "dependencies": {
31
- "@axinom/mosaic-id-utils": "^0.15.9-rc.3",
32
- "@axinom/mosaic-message-bus": "^0.19.0-rc.3",
33
- "@axinom/mosaic-service-common": "^0.41.0-rc.3",
31
+ "@axinom/mosaic-id-utils": "^0.15.9-rc.5",
32
+ "@axinom/mosaic-message-bus": "^0.19.0-rc.5",
33
+ "@axinom/mosaic-service-common": "^0.41.0-rc.5",
34
+ "@axinom/mosaic-transactional-inbox-outbox": "^0.1.0-rc.4",
34
35
  "amqplib": "^0.10.3",
35
36
  "express": "^4.17.1",
36
37
  "express-bearer-token": "^2.4.0",
@@ -62,5 +63,5 @@
62
63
  "publishConfig": {
63
64
  "access": "public"
64
65
  },
65
- "gitHead": "1684458c348c8a75ff16d74ddc9650679413bba7"
66
+ "gitHead": "c111e4f8ef6144efb5aed6de8a7e6c628158307d"
66
67
  }
package/src/message-bus/guarded-transactional-inbox-message-handler.ts ADDED
@@ -0,0 +1,89 @@
1
+ import { MessagingSettings } from '@axinom/mosaic-message-bus-abstractions';
2
+ import {
3
+ Logger,
4
+ MosaicError,
5
+ getMappedError,
6
+ } from '@axinom/mosaic-service-common';
7
+ import {
8
+ DbConfig,
9
+ TransactionalInboxMessage,
10
+ TransactionalInboxMessageHandler,
11
+ } from '@axinom/mosaic-transactional-inbox-outbox';
12
+ import { ClientBase } from 'pg';
13
+ import {
14
+ AuthenticatedManagementSubject,
15
+ IdGuardErrors,
16
+ getAuthenticatedManagementSubject,
17
+ } from '../common';
18
+ import { permissionsCheck } from './message-handler-permissions';
19
+
20
+ export interface GuardedContext {
21
+ subject: AuthenticatedManagementSubject;
22
+ [key: string]: unknown;
23
+ }
24
+
25
+ export type GuardedConfig = DbConfig & { idServiceAuthBaseUrl: string };
26
+
27
+ export abstract class GuardedTransactionalInboxMessageHandler<
28
+ TMessage,
29
+ TConfig extends GuardedConfig,
30
+ > extends TransactionalInboxMessageHandler<TMessage, GuardedContext, TConfig> {
31
+ /**
32
+ * Create a new Message handler that provides both the functionality to store
33
+ * an incoming RabbitMQ message in the inbox and provides the actual logic to
34
+ * execute the business logic that is based on that message.
35
+ * @param messagingSettings The definitions of the message that is handled.
36
+ * @param permissions The set of permissions that allow to execute the handler code
37
+ * @param config The configuration object
38
+ */
39
+ constructor(
40
+ messagingSettings: MessagingSettings,
41
+ protected permissions: string[],
42
+ logger: Logger,
43
+ config: TConfig,
44
+ ) {
45
+ const wrapper = async <TMessage>(
46
+ message: TransactionalInboxMessage<TMessage>,
47
+ envOwnerClient: ClientBase,
48
+ ): Promise<GuardedContext> => {
49
+ return this.authenticateAndAuthorize(message, envOwnerClient);
50
+ };
51
+ super(messagingSettings, logger, config, wrapper);
52
+ }
53
+
54
+ private authenticateAndAuthorize = async <TMessage>(
55
+ message: TransactionalInboxMessage<TMessage>,
56
+ envOwnerClient: ClientBase,
57
+ ): Promise<GuardedContext> => {
58
+ const token = message.metadata.authToken;
59
+ if (token === undefined) {
60
+ throw new MosaicError(IdGuardErrors.AccessTokenRequired);
61
+ }
62
+ const subject = await getAuthenticatedManagementSubject(
63
+ token,
64
+ this.config.idServiceAuthBaseUrl,
65
+ );
66
+ await permissionsCheck(subject, this.permissions, this.config.serviceId);
67
+ this.setPgSettings(envOwnerClient, subject);
68
+ return { subject };
69
+ };
70
+
71
+ /**
72
+ * Add the PostgreSQL settings for the environment owner connection and subject
73
+ * @param envOwnerClient The env owner based DB client
74
+ * @param subject The user or service account to use for setting the connection context
75
+ * @example
76
+ * ```ts
77
+ * const pgSettings = buildAuthPgSettings(subject, this.config.serviceId);
78
+ * await setPgSettingsConfig(pgSettings, envOwnerClient);
79
+ * ```
80
+ */
81
+ protected abstract setPgSettings(
82
+ envOwnerClient: ClientBase,
83
+ subject: AuthenticatedManagementSubject,
84
+ ): Promise<void>;
85
+
86
+ override mapError(error: Error): Error {
87
+ return getMappedError(error);
88
+ }
89
+ }
package/src/message-bus/index.ts CHANGED
@@ -1,3 +1,4 @@
1
1
  export * from './guard-message-handler';
2
+ export * from './guarded-transactional-inbox-message-handler';
2
3
  export * from './message-handler-authentication';
3
4
  export * from './message-handler-permissions';