@casual-simulation/aux-vm-browser 3.4.6-alpha.14668890889 → 3.5.0-alpha.15117651144
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/html/IFrameHelpers.js +28 -39
- package/html/IFrameHelpers.js.map +1 -1
- package/managers/AuthCoordinator.d.ts +9 -0
- package/managers/AuthCoordinator.js +369 -383
- package/managers/AuthCoordinator.js.map +1 -1
- package/managers/AuthEndpointHelper.d.ts +3 -2
- package/managers/AuthEndpointHelper.js +399 -462
- package/managers/AuthEndpointHelper.js.map +1 -1
- package/managers/AuthHelper.js +2 -2
- package/managers/AuthHelper.js.map +1 -1
- package/managers/BotManager.js +54 -58
- package/managers/BotManager.js.map +1 -1
- package/managers/BotPanelManager.js +2 -11
- package/managers/BotPanelManager.js.map +1 -1
- package/managers/BrowserSimulationCalculations.js +1 -1
- package/managers/BrowserSimulationCalculations.js.map +1 -1
- package/managers/IdePortalManager.js +2 -11
- package/managers/IdePortalManager.js.map +1 -1
- package/managers/LivekitManager.js +320 -324
- package/managers/LivekitManager.js.map +1 -1
- package/managers/SystemPortalCoordinator.js +74 -66
- package/managers/SystemPortalCoordinator.js.map +1 -1
- package/package.json +15 -12
- package/partitions/LocalStoragePartition.d.ts +6 -0
- package/partitions/LocalStoragePartition.js +44 -46
- package/partitions/LocalStoragePartition.js.map +1 -1
- package/partitions/ProxyClientPartition.js +28 -40
- package/partitions/ProxyClientPartition.js.map +1 -1
- package/vm/AuxVMImpl.js +120 -153
- package/vm/AuxVMImpl.js.map +1 -1
- package/vm/BrowserAuxChannel.js +9 -22
- package/vm/BrowserAuxChannel.js.map +1 -1
- package/vm/ConnectableAuxVM.js +54 -85
- package/vm/ConnectableAuxVM.js.map +1 -1
- package/vm/StaticAuxVMImpl.d.ts +91 -3
- package/vm/StaticAuxVMImpl.js +198 -108
- package/vm/StaticAuxVMImpl.js.map +1 -1
- package/vm/WorkerEntryHelpers.js.map +1 -1
|
@@ -1,15 +1,5 @@
|
|
|
1
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
2
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
4
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
5
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
6
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
7
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
8
|
-
});
|
|
9
|
-
};
|
|
10
1
|
import { BehaviorSubject, NEVER, Subject, Subscription, filter, firstValueFrom, switchMap, } from 'rxjs';
|
|
11
|
-
import { generateV1ConnectionToken } from '@casual-simulation/aux-
|
|
12
|
-
import { asyncResult, hasValue, reportInst, } from '@casual-simulation/aux-common';
|
|
2
|
+
import { asyncResult, hasValue, reportInst, generateV1ConnectionToken, } from '@casual-simulation/aux-common';
|
|
13
3
|
/**
|
|
14
4
|
* Defines a class that is able to coordinate authentication across multiple simulations.
|
|
15
5
|
*/
|
|
@@ -26,6 +16,9 @@ export class AuthCoordinator {
|
|
|
26
16
|
get onRequestAccess() {
|
|
27
17
|
return this._onRequestAccess;
|
|
28
18
|
}
|
|
19
|
+
get onGrantEntitlements() {
|
|
20
|
+
return this._onGrantEntitlements;
|
|
21
|
+
}
|
|
29
22
|
get authEndpoints() {
|
|
30
23
|
const helper = this.authHelper;
|
|
31
24
|
if (helper) {
|
|
@@ -47,12 +40,13 @@ export class AuthCoordinator {
|
|
|
47
40
|
this._onRequestAccess = new Subject();
|
|
48
41
|
this._onNotAuthorized = new Subject();
|
|
49
42
|
this._onShowAccountInfo = new Subject();
|
|
43
|
+
this._onGrantEntitlements = new Subject();
|
|
50
44
|
this._onAuthHelper = new BehaviorSubject(null);
|
|
51
45
|
this._simulationManager = manager;
|
|
52
46
|
this._sub = new Subscription();
|
|
53
47
|
this._sub.add(this._simulationManager.watchSimulations((sim) => {
|
|
54
48
|
let sub = new Subscription();
|
|
55
|
-
sub.add(sim.onAuthMessage.subscribe((msg) =>
|
|
49
|
+
sub.add(sim.onAuthMessage.subscribe(async (msg) => {
|
|
56
50
|
if (msg.type === 'request') {
|
|
57
51
|
this._handleAuthRequest(sim, msg);
|
|
58
52
|
}
|
|
@@ -64,7 +58,7 @@ export class AuthCoordinator {
|
|
|
64
58
|
user: msg.user,
|
|
65
59
|
});
|
|
66
60
|
}
|
|
67
|
-
}))
|
|
61
|
+
}));
|
|
68
62
|
sub.add(sim.localEvents.subscribe((event) => {
|
|
69
63
|
if (event.type === 'show_account_info') {
|
|
70
64
|
this.showAccountInfo(sim.id);
|
|
@@ -72,196 +66,164 @@ export class AuthCoordinator {
|
|
|
72
66
|
sim.helper.transaction(asyncResult(event.taskId, null));
|
|
73
67
|
}
|
|
74
68
|
}
|
|
69
|
+
else if (event.type === 'grant_record_entitlements') {
|
|
70
|
+
this._onGrantEntitlements.next({
|
|
71
|
+
simulationId: sim.id,
|
|
72
|
+
action: event,
|
|
73
|
+
});
|
|
74
|
+
}
|
|
75
75
|
}));
|
|
76
76
|
return sub;
|
|
77
77
|
}));
|
|
78
78
|
}
|
|
79
|
-
openAccountDashboard(simId) {
|
|
79
|
+
async openAccountDashboard(simId) {
|
|
80
80
|
var _a;
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
}
|
|
89
|
-
});
|
|
81
|
+
const sim = this._simulationManager.simulations.get(simId);
|
|
82
|
+
if (sim) {
|
|
83
|
+
await sim.auth.primary.openAccountPage();
|
|
84
|
+
}
|
|
85
|
+
else {
|
|
86
|
+
await ((_a = this.authHelper) === null || _a === void 0 ? void 0 : _a.primary.openAccountPage());
|
|
87
|
+
}
|
|
90
88
|
}
|
|
91
|
-
logout(simId) {
|
|
89
|
+
async logout(simId) {
|
|
92
90
|
var _a;
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
}
|
|
101
|
-
});
|
|
91
|
+
const sim = this._simulationManager.simulations.get(simId);
|
|
92
|
+
if (sim) {
|
|
93
|
+
await sim.auth.primary.logout();
|
|
94
|
+
}
|
|
95
|
+
else {
|
|
96
|
+
await ((_a = this.authHelper) === null || _a === void 0 ? void 0 : _a.primary.logout());
|
|
97
|
+
}
|
|
102
98
|
}
|
|
103
|
-
showReportInst(simId) {
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
}
|
|
109
|
-
});
|
|
99
|
+
async showReportInst(simId) {
|
|
100
|
+
const sim = this._simulationManager.simulations.get(simId);
|
|
101
|
+
if (sim) {
|
|
102
|
+
await sim.helper.transaction(reportInst());
|
|
103
|
+
}
|
|
110
104
|
}
|
|
111
|
-
showAccountInfo(simId) {
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
});
|
|
124
|
-
}
|
|
125
|
-
}
|
|
126
|
-
else if (this.authHelper) {
|
|
127
|
-
const endpoint = this.authHelper.primary;
|
|
128
|
-
const status = endpoint.currentLoginStatus;
|
|
129
|
-
if (status) {
|
|
130
|
-
this._onShowAccountInfo.next({
|
|
131
|
-
simulationId: null,
|
|
132
|
-
loginStatus: status,
|
|
133
|
-
endpoint: endpoint.origin,
|
|
134
|
-
});
|
|
135
|
-
}
|
|
105
|
+
async showAccountInfo(simId) {
|
|
106
|
+
console.log(`[AuthCoordinator] [${simId}] Show account info`);
|
|
107
|
+
const sim = this._simulationManager.simulations.get(simId);
|
|
108
|
+
if (sim) {
|
|
109
|
+
const endpoint = sim.auth.primary;
|
|
110
|
+
const status = endpoint.currentLoginStatus;
|
|
111
|
+
if (status) {
|
|
112
|
+
this._onShowAccountInfo.next({
|
|
113
|
+
simulationId: sim.id,
|
|
114
|
+
loginStatus: status,
|
|
115
|
+
endpoint: endpoint.origin,
|
|
116
|
+
});
|
|
136
117
|
}
|
|
137
|
-
}
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
const key = yield endpoint.getConnectionKey();
|
|
148
|
-
if (key) {
|
|
149
|
-
const connectionId = sim.configBotId;
|
|
150
|
-
const recordName = sim.origin.recordName;
|
|
151
|
-
const inst = sim.inst;
|
|
152
|
-
const token = generateV1ConnectionToken(key, connectionId, recordName, inst);
|
|
153
|
-
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionToken.`);
|
|
154
|
-
sim.sendAuthMessage({
|
|
155
|
-
type: 'response',
|
|
156
|
-
success: true,
|
|
157
|
-
origin: origin,
|
|
158
|
-
indicator: {
|
|
159
|
-
connectionToken: token,
|
|
160
|
-
},
|
|
161
|
-
});
|
|
162
|
-
}
|
|
118
|
+
}
|
|
119
|
+
else if (this.authHelper) {
|
|
120
|
+
const endpoint = this.authHelper.primary;
|
|
121
|
+
const status = endpoint.currentLoginStatus;
|
|
122
|
+
if (status) {
|
|
123
|
+
this._onShowAccountInfo.next({
|
|
124
|
+
simulationId: null,
|
|
125
|
+
loginStatus: status,
|
|
126
|
+
endpoint: endpoint.origin,
|
|
127
|
+
});
|
|
163
128
|
}
|
|
164
|
-
}
|
|
129
|
+
}
|
|
165
130
|
}
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
131
|
+
async changeLogin(simId, origin) {
|
|
132
|
+
console.log(`[AuthCoordinator] [${simId}] Changing login...`);
|
|
133
|
+
const sim = this._simulationManager.simulations.get(simId);
|
|
134
|
+
if (sim) {
|
|
135
|
+
const endpoint = sim.auth.primary;
|
|
136
|
+
await endpoint.logout();
|
|
137
|
+
await endpoint.authenticate();
|
|
138
|
+
const key = await endpoint.getConnectionKey();
|
|
139
|
+
if (key) {
|
|
140
|
+
const connectionId = sim.configBotId;
|
|
141
|
+
const recordName = sim.origin.recordName;
|
|
142
|
+
const inst = sim.inst;
|
|
143
|
+
const token = generateV1ConnectionToken(key, connectionId, recordName, inst);
|
|
144
|
+
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionToken.`);
|
|
173
145
|
sim.sendAuthMessage({
|
|
174
|
-
type: '
|
|
146
|
+
type: 'response',
|
|
147
|
+
success: true,
|
|
175
148
|
origin: origin,
|
|
176
|
-
|
|
149
|
+
indicator: {
|
|
150
|
+
connectionToken: token,
|
|
151
|
+
},
|
|
177
152
|
});
|
|
178
|
-
const response = yield Promise.race([
|
|
179
|
-
promise,
|
|
180
|
-
new Promise((resolve) => {
|
|
181
|
-
setTimeout(() => {
|
|
182
|
-
resolve({
|
|
183
|
-
type: 'external_permission_result',
|
|
184
|
-
origin,
|
|
185
|
-
success: false,
|
|
186
|
-
recordName: reason.recordName,
|
|
187
|
-
resourceKind: reason.resourceKind,
|
|
188
|
-
resourceId: reason.resourceKind,
|
|
189
|
-
subjectType: reason.subjectType,
|
|
190
|
-
subjectId: reason.subjectId,
|
|
191
|
-
errorCode: 'not_authorized',
|
|
192
|
-
errorMessage: 'The request expired.',
|
|
193
|
-
});
|
|
194
|
-
}, 45 * 1000);
|
|
195
|
-
}),
|
|
196
|
-
]);
|
|
197
|
-
console.log(`[AuthCoordinator] [${sim.id}] Got permission result`, response);
|
|
198
|
-
if (response.type === 'external_permission_result') {
|
|
199
|
-
console.log(`[AuthCoordinator] [${sim.id}] Got permission result`, response);
|
|
200
|
-
return Object.assign(Object.assign({}, response), { type: 'permission_result' });
|
|
201
|
-
}
|
|
202
153
|
}
|
|
203
|
-
|
|
204
|
-
type: 'permission_result',
|
|
205
|
-
origin,
|
|
206
|
-
success: false,
|
|
207
|
-
recordName: reason.recordName,
|
|
208
|
-
resourceKind: reason.resourceKind,
|
|
209
|
-
resourceId: reason.resourceKind,
|
|
210
|
-
subjectType: reason.subjectType,
|
|
211
|
-
subjectId: reason.subjectId,
|
|
212
|
-
errorCode: 'server_error',
|
|
213
|
-
errorMessage: 'A server error occurred.',
|
|
214
|
-
};
|
|
215
|
-
});
|
|
154
|
+
}
|
|
216
155
|
}
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
expireTimeMs,
|
|
235
|
-
});
|
|
236
|
-
if (result.success === true) {
|
|
237
|
-
sim.sendAuthMessage({
|
|
238
|
-
type: 'permission_result',
|
|
239
|
-
success: true,
|
|
156
|
+
async requestAccessToMissingPermission(simId, origin, reason) {
|
|
157
|
+
const sim = this._simulationManager.simulations.get(simId);
|
|
158
|
+
if (sim) {
|
|
159
|
+
const promise = firstValueFrom(sim.onAuthMessage.pipe(filter((m) => m.origin === origin &&
|
|
160
|
+
m.type === 'external_permission_result')));
|
|
161
|
+
console.log(`[AuthCoordinator] [${sim.id}] Requesting permission`, reason);
|
|
162
|
+
sim.sendAuthMessage({
|
|
163
|
+
type: 'permission_request',
|
|
164
|
+
origin: origin,
|
|
165
|
+
reason,
|
|
166
|
+
});
|
|
167
|
+
const response = await Promise.race([
|
|
168
|
+
promise,
|
|
169
|
+
new Promise((resolve) => {
|
|
170
|
+
setTimeout(() => {
|
|
171
|
+
resolve({
|
|
172
|
+
type: 'external_permission_result',
|
|
240
173
|
origin,
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
174
|
+
success: false,
|
|
175
|
+
recordName: reason.recordName,
|
|
176
|
+
resourceKind: reason.resourceKind,
|
|
177
|
+
resourceId: reason.resourceKind,
|
|
178
|
+
subjectType: reason.subjectType,
|
|
179
|
+
subjectId: reason.subjectId,
|
|
180
|
+
errorCode: 'not_authorized',
|
|
181
|
+
errorMessage: 'The request expired.',
|
|
246
182
|
});
|
|
247
|
-
}
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
183
|
+
}, 45 * 1000);
|
|
184
|
+
}),
|
|
185
|
+
]);
|
|
186
|
+
console.log(`[AuthCoordinator] [${sim.id}] Got permission result`, response);
|
|
187
|
+
if (response.type === 'external_permission_result') {
|
|
188
|
+
console.log(`[AuthCoordinator] [${sim.id}] Got permission result`, response);
|
|
189
|
+
return {
|
|
190
|
+
...response,
|
|
191
|
+
type: 'permission_result',
|
|
192
|
+
};
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
return {
|
|
196
|
+
type: 'permission_result',
|
|
197
|
+
origin,
|
|
198
|
+
success: false,
|
|
199
|
+
recordName: reason.recordName,
|
|
200
|
+
resourceKind: reason.resourceKind,
|
|
201
|
+
resourceId: reason.resourceKind,
|
|
202
|
+
subjectType: reason.subjectType,
|
|
203
|
+
subjectId: reason.subjectId,
|
|
204
|
+
errorCode: 'server_error',
|
|
205
|
+
errorMessage: 'A server error occurred.',
|
|
206
|
+
};
|
|
207
|
+
}
|
|
208
|
+
async grantAccessToMissingPermission(simId, origin, reason, expireTimeMs = null, actions = null) {
|
|
209
|
+
const sim = this._simulationManager.simulations.get(simId);
|
|
210
|
+
if (sim) {
|
|
211
|
+
const recordName = reason.recordName;
|
|
212
|
+
const resourceKind = reason.resourceKind;
|
|
213
|
+
const resourceId = reason.resourceId;
|
|
214
|
+
const subjectType = reason.subjectType;
|
|
215
|
+
const subjectId = reason.subjectId;
|
|
216
|
+
if (!actions) {
|
|
217
|
+
const result = await sim.auth.primary.grantPermission(recordName, {
|
|
218
|
+
resourceKind,
|
|
219
|
+
resourceId,
|
|
220
|
+
subjectType,
|
|
221
|
+
subjectId,
|
|
222
|
+
action: null,
|
|
223
|
+
options: {},
|
|
224
|
+
expireTimeMs,
|
|
225
|
+
});
|
|
226
|
+
if (result.success === true) {
|
|
265
227
|
sim.sendAuthMessage({
|
|
266
228
|
type: 'permission_result',
|
|
267
229
|
success: true,
|
|
@@ -272,226 +234,250 @@ export class AuthCoordinator {
|
|
|
272
234
|
subjectType,
|
|
273
235
|
subjectId,
|
|
274
236
|
});
|
|
275
|
-
return {
|
|
276
|
-
success: true,
|
|
277
|
-
};
|
|
278
237
|
}
|
|
279
|
-
|
|
280
|
-
console.error('[AuthCoordinator] Could not find simulation to grant access to.', simId, origin, reason);
|
|
281
|
-
return {
|
|
282
|
-
success: false,
|
|
283
|
-
errorCode: 'server_error',
|
|
284
|
-
errorMessage: 'A server error occurred.',
|
|
285
|
-
};
|
|
286
|
-
});
|
|
287
|
-
}
|
|
288
|
-
respondToPermissionRequest(simId, origin, result) {
|
|
289
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
290
|
-
const sim = this._simulationManager.simulations.get(simId);
|
|
291
|
-
if (sim) {
|
|
292
|
-
sim.sendAuthMessage(result);
|
|
293
|
-
}
|
|
294
|
-
});
|
|
295
|
-
}
|
|
296
|
-
_handleAuthRequest(sim, request) {
|
|
297
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
298
|
-
if (request.kind === 'need_indicator') {
|
|
299
|
-
yield this._handleNeedIndicator(sim, request);
|
|
300
|
-
}
|
|
301
|
-
else if (request.kind === 'invalid_indicator') {
|
|
302
|
-
yield this._handleInvalidIndicator(sim, request);
|
|
303
|
-
}
|
|
304
|
-
else if (request.kind === 'not_authorized') {
|
|
305
|
-
yield this._handleNotAuthorized(sim, request);
|
|
306
|
-
}
|
|
307
|
-
});
|
|
308
|
-
}
|
|
309
|
-
_handleNeedIndicator(sim, request) {
|
|
310
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
311
|
-
console.log(`[AuthCoordinator] [${sim.id}] Needs indicator`);
|
|
312
|
-
const endpoint = sim.auth.primary;
|
|
313
|
-
const key = yield endpoint.getConnectionKey();
|
|
314
|
-
if (!key) {
|
|
315
|
-
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionId.`);
|
|
316
|
-
sim.sendAuthMessage({
|
|
317
|
-
type: 'response',
|
|
318
|
-
success: true,
|
|
319
|
-
origin: request.origin,
|
|
320
|
-
indicator: {
|
|
321
|
-
connectionId: sim.configBotId,
|
|
322
|
-
},
|
|
323
|
-
});
|
|
238
|
+
return result;
|
|
324
239
|
}
|
|
325
240
|
else {
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
241
|
+
for (let action of actions) {
|
|
242
|
+
const result = await sim.auth.primary.grantPermission(recordName, {
|
|
243
|
+
resourceKind,
|
|
244
|
+
resourceId,
|
|
245
|
+
subjectType,
|
|
246
|
+
subjectId,
|
|
247
|
+
action: action,
|
|
248
|
+
options: {},
|
|
249
|
+
expireTimeMs,
|
|
250
|
+
});
|
|
251
|
+
if (result.success === false) {
|
|
252
|
+
return result;
|
|
253
|
+
}
|
|
254
|
+
}
|
|
331
255
|
sim.sendAuthMessage({
|
|
332
|
-
type: '
|
|
256
|
+
type: 'permission_result',
|
|
333
257
|
success: true,
|
|
334
|
-
origin
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
258
|
+
origin,
|
|
259
|
+
recordName,
|
|
260
|
+
resourceKind,
|
|
261
|
+
resourceId,
|
|
262
|
+
subjectType,
|
|
263
|
+
subjectId,
|
|
338
264
|
});
|
|
265
|
+
return {
|
|
266
|
+
success: true,
|
|
267
|
+
};
|
|
339
268
|
}
|
|
340
|
-
}
|
|
269
|
+
}
|
|
270
|
+
console.error('[AuthCoordinator] Could not find simulation to grant access to.', simId, origin, reason);
|
|
271
|
+
return {
|
|
272
|
+
success: false,
|
|
273
|
+
errorCode: 'server_error',
|
|
274
|
+
errorMessage: 'A server error occurred.',
|
|
275
|
+
};
|
|
341
276
|
}
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
277
|
+
async respondToPermissionRequest(simId, origin, result) {
|
|
278
|
+
const sim = this._simulationManager.simulations.get(simId);
|
|
279
|
+
if (sim) {
|
|
280
|
+
sim.sendAuthMessage(result);
|
|
281
|
+
}
|
|
282
|
+
}
|
|
283
|
+
async grantEntitlements(entitlementGrantEvent) {
|
|
284
|
+
const sim = this._simulationManager.simulations.get(entitlementGrantEvent.simulationId);
|
|
285
|
+
if (sim) {
|
|
286
|
+
await sim.records.grantEntitlements(entitlementGrantEvent.action);
|
|
287
|
+
}
|
|
288
|
+
}
|
|
289
|
+
async denyEntitlements(entitlementGrantEvent) {
|
|
290
|
+
const sim = this._simulationManager.simulations.get(entitlementGrantEvent.simulationId);
|
|
291
|
+
if (sim) {
|
|
292
|
+
sim.helper.transaction(asyncResult(entitlementGrantEvent.action.taskId, {
|
|
293
|
+
success: false,
|
|
294
|
+
errorCode: 'not_authorized',
|
|
295
|
+
errorMessage: 'The request for access was denied.',
|
|
296
|
+
}));
|
|
297
|
+
}
|
|
298
|
+
}
|
|
299
|
+
async _handleAuthRequest(sim, request) {
|
|
300
|
+
if (request.kind === 'need_indicator') {
|
|
301
|
+
await this._handleNeedIndicator(sim, request);
|
|
302
|
+
}
|
|
303
|
+
else if (request.kind === 'invalid_indicator') {
|
|
304
|
+
await this._handleInvalidIndicator(sim, request);
|
|
305
|
+
}
|
|
306
|
+
else if (request.kind === 'not_authorized') {
|
|
307
|
+
await this._handleNotAuthorized(sim, request);
|
|
308
|
+
}
|
|
309
|
+
}
|
|
310
|
+
async _handleNeedIndicator(sim, request) {
|
|
311
|
+
console.log(`[AuthCoordinator] [${sim.id}] Needs indicator`);
|
|
312
|
+
const endpoint = sim.auth.primary;
|
|
313
|
+
const key = await endpoint.getConnectionKey();
|
|
314
|
+
if (!key) {
|
|
315
|
+
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionId.`);
|
|
316
|
+
sim.sendAuthMessage({
|
|
317
|
+
type: 'response',
|
|
318
|
+
success: true,
|
|
319
|
+
origin: request.origin,
|
|
320
|
+
indicator: {
|
|
321
|
+
connectionId: sim.configBotId,
|
|
322
|
+
},
|
|
323
|
+
});
|
|
324
|
+
}
|
|
325
|
+
else {
|
|
326
|
+
const connectionId = sim.configBotId;
|
|
327
|
+
const recordName = sim.origin.recordName;
|
|
328
|
+
const inst = sim.inst;
|
|
329
|
+
const token = generateV1ConnectionToken(key, connectionId, recordName, inst);
|
|
330
|
+
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionToken.`);
|
|
331
|
+
sim.sendAuthMessage({
|
|
332
|
+
type: 'response',
|
|
333
|
+
success: true,
|
|
334
|
+
origin: request.origin,
|
|
335
|
+
indicator: {
|
|
336
|
+
connectionToken: token,
|
|
337
|
+
},
|
|
338
|
+
});
|
|
339
|
+
}
|
|
340
|
+
}
|
|
341
|
+
async _handleInvalidIndicator(sim, request) {
|
|
342
|
+
console.log(`[AuthCoordinator] [${sim.id}] [${request.errorCode}] Invalid indicator.`);
|
|
343
|
+
const endpoint = sim.auth.primary;
|
|
344
|
+
let key;
|
|
345
|
+
if (request.errorCode === 'invalid_token') {
|
|
346
|
+
if (await endpoint.isAuthenticated()) {
|
|
347
|
+
console.log(`[AuthCoordinator] [${sim.id}] Logging out and back in...`);
|
|
348
|
+
await endpoint.relogin();
|
|
360
349
|
}
|
|
350
|
+
}
|
|
351
|
+
else {
|
|
352
|
+
key = await endpoint.getConnectionKey();
|
|
361
353
|
if (!key) {
|
|
362
|
-
|
|
354
|
+
console.log(`[AuthCoordinator] [${sim.id}] Logging in...`);
|
|
355
|
+
await endpoint.authenticate();
|
|
363
356
|
}
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
357
|
+
}
|
|
358
|
+
if (!key) {
|
|
359
|
+
key = await endpoint.getConnectionKey();
|
|
360
|
+
}
|
|
361
|
+
if (key) {
|
|
362
|
+
const connectionId = sim.configBotId;
|
|
363
|
+
const recordName = sim.origin.recordName;
|
|
364
|
+
const inst = sim.inst;
|
|
365
|
+
const token = generateV1ConnectionToken(key, connectionId, recordName, inst);
|
|
366
|
+
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionToken.`);
|
|
367
|
+
sim.sendAuthMessage({
|
|
368
|
+
type: 'response',
|
|
369
|
+
success: true,
|
|
370
|
+
origin: request.origin,
|
|
371
|
+
indicator: {
|
|
372
|
+
connectionToken: token,
|
|
373
|
+
},
|
|
374
|
+
});
|
|
375
|
+
}
|
|
380
376
|
}
|
|
381
|
-
_handleNotAuthorized(sim, request) {
|
|
377
|
+
async _handleNotAuthorized(sim, request) {
|
|
382
378
|
var _a, _b;
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
}
|
|
397
|
-
});
|
|
379
|
+
if (request.errorCode === 'not_logged_in') {
|
|
380
|
+
await this._handleNotLoggedIn(sim, request);
|
|
381
|
+
}
|
|
382
|
+
else if (((_a = request.reason) === null || _a === void 0 ? void 0 : _a.type) === 'missing_permission') {
|
|
383
|
+
await this._handleMissingPermission(sim, request, request.reason);
|
|
384
|
+
}
|
|
385
|
+
else if (((_b = request.reason) === null || _b === void 0 ? void 0 : _b.type) === 'invalid_token') {
|
|
386
|
+
// Trying to watch a branch that the current connection token doesn't support
|
|
387
|
+
await this._handleInvalidToken(sim, request);
|
|
388
|
+
}
|
|
389
|
+
else {
|
|
390
|
+
await this._handleNotAuthorizedError(sim, request);
|
|
391
|
+
}
|
|
398
392
|
}
|
|
399
|
-
_handleInvalidToken(sim, request) {
|
|
393
|
+
async _handleInvalidToken(sim, request) {
|
|
400
394
|
var _a, _b, _c;
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
}
|
|
443
|
-
});
|
|
395
|
+
const recordName = (_a = request.resource) === null || _a === void 0 ? void 0 : _a.recordName;
|
|
396
|
+
const inst = (_b = request.resource) === null || _b === void 0 ? void 0 : _b.inst;
|
|
397
|
+
const branch = (_c = request.resource) === null || _c === void 0 ? void 0 : _c.branch;
|
|
398
|
+
if (!recordName || !inst || !branch) {
|
|
399
|
+
console.log(`[AuthCoordinator] [${sim.id}] Invalid token request missing recordName, inst, or branch`);
|
|
400
|
+
return;
|
|
401
|
+
}
|
|
402
|
+
// Only allow automatically loading branches that start with 'doc/'
|
|
403
|
+
// This is a temporary solution to prevent loading actual existing inst data and instead only allow loading
|
|
404
|
+
// shared documents from other records
|
|
405
|
+
if (!branch.startsWith('doc/')) {
|
|
406
|
+
console.error(`[AuthCoordinator] [${sim.id}] Invalid token request branch does not start with 'doc/'`);
|
|
407
|
+
return;
|
|
408
|
+
}
|
|
409
|
+
console.log(`[AuthCoordinator] [${sim.id}] Needs new indicator`);
|
|
410
|
+
const endpoint = sim.auth.primary;
|
|
411
|
+
const key = await endpoint.getConnectionKey();
|
|
412
|
+
if (!key) {
|
|
413
|
+
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionId.`);
|
|
414
|
+
sim.sendAuthMessage({
|
|
415
|
+
type: 'response',
|
|
416
|
+
success: true,
|
|
417
|
+
origin: request.origin,
|
|
418
|
+
indicator: {
|
|
419
|
+
connectionId: sim.configBotId,
|
|
420
|
+
},
|
|
421
|
+
});
|
|
422
|
+
}
|
|
423
|
+
else {
|
|
424
|
+
const connectionId = sim.configBotId;
|
|
425
|
+
const token = generateV1ConnectionToken(key, connectionId, recordName, inst);
|
|
426
|
+
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionToken.`);
|
|
427
|
+
sim.sendAuthMessage({
|
|
428
|
+
type: 'response',
|
|
429
|
+
success: true,
|
|
430
|
+
origin: request.origin,
|
|
431
|
+
indicator: {
|
|
432
|
+
connectionToken: token,
|
|
433
|
+
},
|
|
434
|
+
});
|
|
435
|
+
}
|
|
444
436
|
}
|
|
445
|
-
_handleNotLoggedIn(sim, request) {
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
if (!
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
key = yield endpoint.getConnectionKey();
|
|
455
|
-
}
|
|
456
|
-
}
|
|
457
|
-
if (key) {
|
|
458
|
-
const connectionId = sim.configBotId;
|
|
459
|
-
const recordName = sim.origin.recordName;
|
|
460
|
-
const inst = sim.inst;
|
|
461
|
-
const token = generateV1ConnectionToken(key, connectionId, recordName, inst);
|
|
462
|
-
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionToken.`);
|
|
463
|
-
sim.sendAuthMessage({
|
|
464
|
-
type: 'response',
|
|
465
|
-
success: true,
|
|
466
|
-
origin: request.origin,
|
|
467
|
-
indicator: {
|
|
468
|
-
connectionToken: token,
|
|
469
|
-
},
|
|
470
|
-
});
|
|
437
|
+
async _handleNotLoggedIn(sim, request) {
|
|
438
|
+
console.log(`[AuthCoordinator] [${sim.id}] Not logged in`);
|
|
439
|
+
const endpoint = sim.auth.primary;
|
|
440
|
+
let key = await endpoint.getConnectionKey();
|
|
441
|
+
if (!key) {
|
|
442
|
+
if (!(await endpoint.isAuthenticated())) {
|
|
443
|
+
console.log(`[AuthCoordinator] [${sim.id}] Logging in...`);
|
|
444
|
+
await endpoint.authenticate();
|
|
445
|
+
key = await endpoint.getConnectionKey();
|
|
471
446
|
}
|
|
472
|
-
}
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
447
|
+
}
|
|
448
|
+
if (key) {
|
|
449
|
+
const connectionId = sim.configBotId;
|
|
450
|
+
const recordName = sim.origin.recordName;
|
|
451
|
+
const inst = sim.inst;
|
|
452
|
+
const token = generateV1ConnectionToken(key, connectionId, recordName, inst);
|
|
453
|
+
console.log(`[AuthCoordinator] [${sim.id}] Sending connectionToken.`);
|
|
454
|
+
sim.sendAuthMessage({
|
|
455
|
+
type: 'response',
|
|
456
|
+
success: true,
|
|
481
457
|
origin: request.origin,
|
|
482
|
-
|
|
458
|
+
indicator: {
|
|
459
|
+
connectionToken: token,
|
|
460
|
+
},
|
|
483
461
|
});
|
|
462
|
+
}
|
|
463
|
+
}
|
|
464
|
+
async _handleMissingPermission(sim, request, reason) {
|
|
465
|
+
console.log(`[AuthCoordinator] [${sim.id}] Missing permission ${reason.resourceKind}.${reason.action}.`);
|
|
466
|
+
this._onMissingPermission.next({
|
|
467
|
+
simulationId: sim.id,
|
|
468
|
+
errorCode: request.errorCode,
|
|
469
|
+
errorMessage: request.errorMessage,
|
|
470
|
+
origin: request.origin,
|
|
471
|
+
reason,
|
|
484
472
|
});
|
|
485
473
|
}
|
|
486
|
-
_handleNotAuthorizedError(sim, request) {
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
origin: request.origin,
|
|
494
|
-
});
|
|
474
|
+
async _handleNotAuthorizedError(sim, request) {
|
|
475
|
+
console.log(`[AuthCoordinator] [${sim.id}] Not authorized: ${request.errorMessage}.`);
|
|
476
|
+
this._onNotAuthorized.next({
|
|
477
|
+
simulationId: sim.id,
|
|
478
|
+
errorCode: request.errorCode,
|
|
479
|
+
errorMessage: request.errorMessage,
|
|
480
|
+
origin: request.origin,
|
|
495
481
|
});
|
|
496
482
|
}
|
|
497
483
|
unsubscribe() {
|