@commercetools/connect-payments-sdk 0.0.1 → 0.0.3

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @commercetools/connect-payments-sdk
 
+## 0.0.3
+
+### Patch Changes
+
+- f3f238f: Authentication and authorization layer via session API
+
 ## 0.0.1
 
 ### Patch Changes

package/dist/api/context/types/request-context.type.d.ts

@@ -1,4 +1,4 @@
-import { PaymentSessionData } from '../../../security';
+import { Authentication } from '../../../security';
 /**
  * Context provider interface
  */
@@ -12,5 +12,5 @@ export interface ContextProvider<T> {
 export type RequestContextData = {
     correlationId: string;
     requestId: string;
-    sessionData?: PaymentSessionData;
+    authentication?: Authentication;
 };

package/dist/api/handlers/status.handler.d.ts

@@ -1,4 +1,4 @@
-import { Oauth2Service } from '../../security/types/oauth2.type';
+import { CommercetoolsAuthorizationService } from '../../commercetools';
 import { HandlerResponse } from './types/handler.type';
 export type HealthCheckResult = {
     name: string;
@@ -16,10 +16,8 @@ export declare const statusHandler: (options: {
  * @param opts
  * @returns
  */
-export declare const healthCheckCoCoPermissions: (opts: {
-    oauth2Service: Oauth2Service;
-    clientId: string;
-    clientSecret: string;
+export declare const healthCheckCommercetoolsPermissions: (opts: {
+    ctAuthorizationService: CommercetoolsAuthorizationService;
     projectKey: string;
     requiredPermissions: string[];
 }) => () => Promise<HealthCheckResult>;

package/dist/api/handlers/status.handler.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.healthCheckCoCoPermissions = exports.statusHandler = void 0;
+exports.healthCheckCommercetoolsPermissions = exports.statusHandler = void 0;
 const statusHandler = (options) => async () => {
     const status = {
         timestamp: new Date().toISOString(),
@@ -45,11 +45,8 @@ exports.statusHandler = statusHandler;
  * @param opts
  * @returns
  */
-const healthCheckCoCoPermissions = (opts) => async () => {
-    const token = await opts.oauth2Service.getAccessToken({
-        clientId: opts.clientId,
-        clientSecret: opts.clientSecret,
-    });
+const healthCheckCommercetoolsPermissions = (opts) => async () => {
+    const token = await opts.ctAuthorizationService.getAccessToken();
     const foundAll = opts.requiredPermissions.every((currentScope) => token.scope.split(' ').some((scopeInToken) => scopeInToken === `${currentScope}:${opts.projectKey}`));
     if (foundAll) {
         return {
@@ -70,4 +67,4 @@ const healthCheckCoCoPermissions = (opts) => async () => {
         },
     };
 };
-exports.healthCheckCoCoPermissions = healthCheckCoCoPermissions;
+exports.healthCheckCommercetoolsPermissions = healthCheckCommercetoolsPermissions;

package/dist/api/hooks/session-auth.hook.d.ts

@@ -1,15 +1,16 @@
+/// <reference types="node" />
 import { IncomingHttpHeaders } from 'node:http';
-import { SessionAuthenticator } from '../../security/types/session.type';
 import { ContextProvider, RequestContextData } from '../context/types/request-context.type';
-export type SessionAuthHookOptions = {
-    sessionAuthenticator: SessionAuthenticator;
-    contextProvider: ContextProvider<RequestContextData>;
-};
-/**
- * Fastify hook to authenticate and getting session information
- * @param opts
- * @returns
- */
-export declare const sessionAuthHook: (opts: SessionAuthHookOptions) => (req: {
-    headers: IncomingHttpHeaders;
-}) => Promise<void>;
+import { SessionAuthenticationManager } from '../../security';
+import { AuthenticationHook } from './types/hook.type';
+export declare class SessionAuthenticationHook implements AuthenticationHook {
+    private authenticationManager;
+    private contextProvider;
+    constructor(opts: {
+        authenticationManager: SessionAuthenticationManager;
+        contextProvider: ContextProvider<RequestContextData>;
+    });
+    authenticate(): (request: {
+        headers: IncomingHttpHeaders;
+    }) => Promise<void>;
+}

package/dist/api/hooks/session-auth.hook.js

@@ -1,31 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sessionAuthHook = void 0;
-const errorx_1 = require("../../errorx/errorx");
-/**
- * Fastify hook to authenticate and getting session information
- * @param opts
- * @returns
- */
-const sessionAuthHook = (opts) => async (req) => {
-    const sessionId = req.headers['x-session-id'];
-    if (sessionId) {
-        const sessionData = await opts.sessionAuthenticator.introspectSession({
-            sessionId,
-        });
-        opts.contextProvider.updateContextData({
-            sessionData,
-        });
-        //updateSessionContext(sessionData);
+exports.SessionAuthenticationHook = void 0;
+const security_1 = require("../../security");
+class SessionAuthenticationHook {
+    authenticationManager;
+    contextProvider;
+    constructor(opts) {
+        this.authenticationManager = opts.authenticationManager;
+        this.contextProvider = opts.contextProvider;
     }
-    else {
-        //TODO: throw a forbidden error
-        throw new errorx_1.ErrorAuthErrorResponse({
-            privateMessage: 'Session is not valid',
-            fields: {
-                id: sessionId,
-            },
-        });
+    authenticate() {
+        return async (request) => {
+            const sessionIdAuthn = new security_1.HeaderBasedAuthentication(request.headers['x-session-id']);
+            const authn = await this.authenticationManager.authenticate(sessionIdAuthn);
+            this.contextProvider.updateContextData({
+                authentication: authn,
+            });
+        };
     }
-};
-exports.sessionAuthHook = sessionAuthHook;
+}
+exports.SessionAuthenticationHook = SessionAuthenticationHook;

package/dist/api/hooks/types/hook.type.d.ts

@@ -0,0 +1,7 @@
+/// <reference types="node" />
+import { IncomingHttpHeaders } from 'node:http';
+export interface AuthenticationHook {
+    authenticate(): (request: {
+        headers: IncomingHttpHeaders;
+    }) => Promise<void>;
+}

package/dist/api/index.d.ts

@@ -3,3 +3,4 @@ export * from './context/types/request-context.type';
 export * from './handlers/config.handler';
 export * from './handlers/status.handler';
 export * from './hooks/session-auth.hook';
+export * from './hooks/types/hook.type';

package/dist/api/index.js

@@ -19,3 +19,4 @@ __exportStar(require("./context/types/request-context.type"), exports);
 __exportStar(require("./handlers/config.handler"), exports);
 __exportStar(require("./handlers/status.handler"), exports);
 __exportStar(require("./hooks/session-auth.hook"), exports);
+__exportStar(require("./hooks/types/hook.type"), exports);

package/dist/commercetools/index.d.ts

@@ -1,2 +1,4 @@
 export { CartService as CommercetoolsCartService } from './types/cart.type';
 export { PaymentService as CommercetoolsPaymentService, TransactionData, UpdatePayment } from './types/payment.type';
+export { SessionService as CommercetoolsSessionService, Session } from './types/session.type';
+export { AuthorizationService as CommercetoolsAuthorizationService } from './types/authorization.type';

package/dist/commercetools/services/ct-authorization.service.d.ts

@@ -0,0 +1,18 @@
+import { Fetch } from '../../fetch/types/fetch.type';
+import { Logger } from '../../logger';
+import { AuthorizationService, CommercetoolsToken } from '../types/authorization.type';
+export declare class DefaultAuthorizationService implements AuthorizationService {
+    private authUrl;
+    private clientId;
+    private clientSecret;
+    private fetch;
+    private logger?;
+    constructor(opts: {
+        authUrl: string;
+        clientId: string;
+        clientSecret: string;
+        fetch: Fetch;
+        logger?: Logger;
+    });
+    getAccessToken(): Promise<CommercetoolsToken>;
+}

package/dist/{security/services/oauth2.service.js → commercetools/services/ct-authorization.service.js}

@@ -1,32 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DefaultOauth2Service = void 0;
+exports.DefaultAuthorizationService = void 0;
 const errorx_1 = require("../../errorx/errorx");
-class DefaultOauth2Service {
+class DefaultAuthorizationService {
     authUrl;
+    clientId;
+    clientSecret;
     fetch;
     logger;
     constructor(opts) {
         this.authUrl = opts.authUrl;
+        this.clientId = opts.clientId;
+        this.clientSecret = opts.clientSecret;
         this.fetch = opts.fetch;
         this.logger = opts.logger;
     }
-    oauth2tokenCache = new Map();
-    oauth2tokenKey(clientId, clientSecret) {
-        return `${clientId}:${clientSecret}`;
-    }
-    async getAccessToken(opts) {
-        const token = this.oauth2tokenCache.get(this.oauth2tokenKey(opts.clientId, opts.clientSecret));
-        // Check if token is valid for at least 1 hour
-        if (token && token.expiresAt + 3600 * 1000 > Date.now()) {
-            if (this.logger) {
-                this.logger.debug({
-                    isRenewal: token ? true : false,
-                }, 'Renewing token access token');
-            }
-            return token.token;
-        }
-        const encodedCredentials = btoa(`${opts.clientId}:${opts.clientSecret}`);
+    async getAccessToken() {
+        const encodedCredentials = btoa(`${this.clientId}:${this.clientSecret}`);
         const urlencoded = new URLSearchParams();
         urlencoded.append('grant_type', 'client_credentials');
         const response = await this.fetch(`${this.authUrl}/oauth/token`, {
@@ -46,8 +36,7 @@ class DefaultOauth2Service {
                 },
             });
         }
-        const tokenRes = (await response.json());
-        return tokenRes;
+        return (await response.json());
     }
 }
-exports.DefaultOauth2Service = DefaultOauth2Service;
+exports.DefaultAuthorizationService = DefaultAuthorizationService;

package/dist/commercetools/services/ct-payment.service.d.ts

@@ -1,5 +1,5 @@
 import { Payment, PaymentDraft } from '@commercetools/platform-sdk';
-import { GetPayment, PaymentService, PaymentServiceOptions, UpdatePayment } from '../types/payment.type';
+import { GetPayment, PaymentModificationValidation, PaymentModificationValidationResult, PaymentService, PaymentServiceOptions, UpdatePayment } from '../types/payment.type';
 /**
  * This is the default implementation of the PaymentService interface.
  */
@@ -9,6 +9,7 @@ export declare class DefaultPaymentService implements PaymentService {
     getPayment(opts: GetPayment): Promise<Payment>;
     createPayment(draft: PaymentDraft): Promise<Payment>;
     updatePayment(opts: UpdatePayment): Promise<Payment>;
+    validatePaymentModification(opts: PaymentModificationValidation): PaymentModificationValidationResult;
     private consolidateUpdateActions;
     private populateSetInterfaceIdAction;
     private populateChangeTransactionInteractionId;
@@ -17,4 +18,8 @@ export declare class DefaultPaymentService implements PaymentService {
     private populateSetPaymentMethod;
     private findMatchingTransactions;
     private consolidateTransactionChanges;
+    private validateCancelAuthorization;
+    private validateCapturePayment;
+    private validateRefundPayment;
+    private calculateTotalAmount;
 }

package/dist/commercetools/services/ct-payment.service.js

@@ -44,6 +44,18 @@ class DefaultPaymentService {
         }
         throw err;
     }
+    validatePaymentModification(opts) {
+        switch (opts.type) {
+            case 'cancelAuthorization':
+                return this.validateCancelAuthorization(opts.payment);
+            case 'capturePayment':
+                return this.validateCapturePayment(opts.payment, opts.amount);
+            case 'refundPayment':
+                return this.validateRefundPayment(opts.payment, opts.amount);
+            default:
+                throw new Error(`Invalid payment modification type: ${opts.type}`);
+        }
+    }
     consolidateUpdateActions(payment, updateInfo) {
         const actions = [];
         if (!payment.interfaceId && updateInfo.pspReference) {
@@ -125,5 +137,65 @@ class DefaultPaymentService {
         }
         return actions;
     }
+    validateCancelAuthorization(payment) {
+        const totalAuthorized = this.calculateTotalAmount(payment, 'Authorization', payment.amountPlanned.currencyCode);
+        if (totalAuthorized === 0) {
+            return { isValid: false, reason: `No authorization transaction found for resource ${payment.id}.` };
+        }
+        const totalCaptured = this.calculateTotalAmount(payment, 'Charge', payment.amountPlanned.currencyCode);
+        if (totalCaptured > 0) {
+            return { isValid: false, reason: `Resource ${payment.id} has already been charged.` };
+        }
+        return { isValid: true };
+    }
+    validateCapturePayment(payment, amount) {
+        if (payment.amountPlanned.currencyCode !== amount.currencyCode) {
+            return {
+                isValid: false,
+                reason: `Invalid currency ${amount.currencyCode} for resource ${payment.id}, expected ${payment.amountPlanned.currencyCode}`,
+            };
+        }
+        const totalAuthorized = this.calculateTotalAmount(payment, 'Authorization', amount.currencyCode);
+        if (totalAuthorized === 0) {
+            return { isValid: false, reason: `No authorization transaction found for resource ${payment.id}.` };
+        }
+        const totalCaptured = this.calculateTotalAmount(payment, 'Charge', amount.currencyCode);
+        const allowedAmount = totalAuthorized - totalCaptured;
+        if (amount.centAmount > allowedAmount) {
+            return {
+                isValid: false,
+                reason: `The amount to capture ${amount.centAmount} exceeds the allowed amount [${allowedAmount}]`,
+            };
+        }
+        return { isValid: true };
+    }
+    validateRefundPayment(payment, amount) {
+        if (payment.amountPlanned.currencyCode !== amount.currencyCode) {
+            return {
+                isValid: false,
+                reason: `Invalid currency ${amount.currencyCode} for resource ${payment.id}, expected ${payment.amountPlanned.currencyCode}`,
+            };
+        }
+        const totalCaptured = this.calculateTotalAmount(payment, 'Charge', amount.currencyCode);
+        if (totalCaptured === 0) {
+            return { isValid: false, reason: `No charge transaction found for resource ${payment.id}.` };
+        }
+        const totalRefunded = this.calculateTotalAmount(payment, 'Refund', amount.currencyCode);
+        const allowedAmount = totalCaptured - totalRefunded;
+        if (amount.centAmount > allowedAmount) {
+            return {
+                isValid: false,
+                reason: `The amount to refund ${amount.centAmount} exceeds the allowed amount [${allowedAmount}]`,
+            };
+        }
+        return { isValid: true };
+    }
+    calculateTotalAmount(payment, type, currencyCode) {
+        return payment.transactions
+            .filter((transaction) => transaction.type === type &&
+            transaction.state === 'Success' &&
+            transaction.amount.currencyCode === currencyCode)
+            .reduce((total, transaction) => total + transaction.amount.centAmount, 0);
+    }
 }
 exports.DefaultPaymentService = DefaultPaymentService;

package/dist/commercetools/services/ct-session.service.d.ts

@@ -0,0 +1,16 @@
+import { AuthorizationService, CommercetoolsToken } from '../types/authorization.type';
+import { Session, SessionService } from '../types/session.type';
+export declare class DefaultSessionService implements SessionService {
+    private authorizationService;
+    private sessionUrl;
+    private projectKey;
+    protected token: CommercetoolsToken;
+    constructor(opts: {
+        authorizationService: AuthorizationService;
+        sessionUrl: string;
+        projectKey: string;
+    });
+    verifySession(sessionId: string): Promise<Session>;
+    getCartFromSession(session: Session): string;
+    getAllowedPaymentMethodsFromSession(session: Session): string[];
+}

package/dist/commercetools/services/ct-session.service.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultSessionService = void 0;
+const errorx_1 = require("../../errorx/errorx");
+class DefaultSessionService {
+    authorizationService;
+    sessionUrl;
+    projectKey;
+    token;
+    constructor(opts) {
+        this.authorizationService = opts.authorizationService;
+        this.sessionUrl = opts.sessionUrl;
+        this.projectKey = opts.projectKey;
+    }
+    async verifySession(sessionId) {
+        if (!this.token) {
+            this.token = await this.authorizationService.getAccessToken();
+        }
+        const res = await fetch(`${this.sessionUrl}/${this.projectKey}/sessions/${sessionId}`, {
+            method: 'GET',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Bearer ${this.token.access_token}`,
+            },
+        });
+        if (!res.ok) {
+            throw new errorx_1.ErrorGeneral('Could not get session');
+        }
+        const session = (await res.json());
+        if (session.state !== 'ACTIVE') {
+            throw new errorx_1.ErrorAuthErrorResponse();
+        }
+        return session;
+    }
+    getCartFromSession(session) {
+        if (!session.activeCart?.cartRef?.id) {
+            throw new errorx_1.ErrorAuthErrorResponse();
+        }
+        return session.activeCart.cartRef.id;
+    }
+    getAllowedPaymentMethodsFromSession(session) {
+        return session.metadata?.allowedPaymentMethods || [];
+    }
+}
+exports.DefaultSessionService = DefaultSessionService;

package/dist/commercetools/types/api.type.d.ts

@@ -1,6 +1,7 @@
 import { Cart, Payment, PaymentDraft, PaymentPagedQueryResponse, PaymentUpdateAction } from '@commercetools/platform-sdk';
 import { ByProjectKeyRequestBuilder } from '@commercetools/platform-sdk/dist/declarations/src/generated/client/by-project-key-request-builder';
 export type CommercetoolsClient = ByProjectKeyRequestBuilder;
+export type CommercetoolsSessionClient = ByProjectKeyRequestBuilder;
 export interface APIOpts {
     client: CommercetoolsClient;
 }
@@ -16,6 +17,16 @@ export type UpdatePayment = {
     resource: UpdateResource;
     actions: PaymentUpdateAction[];
 };
+export type OauthToken = {
+    accessToken: string;
+    expiresIn: number;
+    tokenType: string;
+    scope: string;
+    refreshToken?: string;
+};
+export interface AuthorizationAPI {
+    getToken(): Promise<OauthToken>;
+}
 export interface CartAPI {
     getCartById(id: string): Promise<Cart>;
     addPayment(opts: AddPayment): Promise<Cart>;

package/dist/commercetools/types/authorization.type.d.ts

@@ -0,0 +1,9 @@
+export type CommercetoolsToken = {
+    access_token: string;
+    token_type: string;
+    scope: string;
+    expires_in: number;
+};
+export interface AuthorizationService {
+    getAccessToken(): Promise<CommercetoolsToken>;
+}

package/dist/commercetools/types/payment.type.d.ts

@@ -28,6 +28,15 @@ export type UpdatePayment = {
     transaction?: TransactionData;
     paymentMethod?: string;
 };
+export type PaymentModificationValidation = {
+    payment: Payment;
+    amount: Money;
+    type: TransactionType;
+};
+export type PaymentModificationValidationResult = {
+    isValid: boolean;
+    reason?: string;
+};
 /**
  * Payment service interface exposes methods to interact with the commercetools platform API.
  */
@@ -35,4 +44,5 @@ export interface PaymentService {
     getPayment(opts: GetPayment): Promise<Payment>;
     createPayment(draft: PaymentDraft): Promise<Payment>;
     updatePayment(opts: UpdatePayment): Promise<Payment>;
+    validatePaymentModification(opts: PaymentModificationValidation): PaymentModificationValidationResult;
 }

package/dist/commercetools/types/session.type.d.ts

@@ -0,0 +1,28 @@
+export type Session = {
+    id: string;
+    version: number;
+    createdAt: string;
+    lastModifiedAt: string;
+    state: 'ACTIVE' | 'EXPIRED';
+    activeCart?: {
+        cartRef: {
+            id: string;
+        };
+    };
+    customer?: {
+        customerRef: {
+            externalId?: string;
+            id?: string;
+            key?: string;
+        };
+        anonymousId?: string;
+    };
+    metadata?: {
+        [key: string]: unknown;
+    };
+};
+export interface SessionService {
+    verifySession(sessionId: string): Promise<Session>;
+    getCartFromSession(session: Session): string;
+    getAllowedPaymentMethodsFromSession(session: Session): string[];
+}

package/dist/commercetools/types/session.type.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/errorx/errorx.d.ts

@@ -148,3 +148,6 @@ export declare class ErrorResourceNotFound extends Errorx {
 export declare class ErrorConcurrentModification extends Errorx {
     constructor(resourceId: string, expectedVersion: number, currentVersion: number, additionalOpts?: ErrorxAdditionalOpts);
 }
+export declare class ErrorMissingAuthenticationInfo extends Errorx {
+    constructor(additionalOpts?: ErrorxAdditionalOpts);
+}

package/dist/errorx/errorx.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ErrorConcurrentModification = exports.ErrorResourceNotFound = exports.ErrorSyntaxError = exports.ErrorRequiredField = exports.ErrorReferencedResourceNotFound = exports.ErrorReferenceExists = exports.ErrorObjectNotFound = exports.ErrorMoneyOverflow = exports.ErrorInternalConstraintViolated = exports.ErrorInvalidField = exports.ErrorInvalidOperation = exports.ErrorInvalidJsonInput = exports.ErrorMissingProjectKey = exports.ErrorGeneral = exports.ErrorAuthErrorResponse = exports.MultiErrorx = exports.Errorx = void 0;
+exports.ErrorMissingAuthenticationInfo = exports.ErrorConcurrentModification = exports.ErrorResourceNotFound = exports.ErrorSyntaxError = exports.ErrorRequiredField = exports.ErrorReferencedResourceNotFound = exports.ErrorReferenceExists = exports.ErrorObjectNotFound = exports.ErrorMoneyOverflow = exports.ErrorInternalConstraintViolated = exports.ErrorInvalidField = exports.ErrorInvalidOperation = exports.ErrorInvalidJsonInput = exports.ErrorMissingProjectKey = exports.ErrorGeneral = exports.ErrorAuthErrorResponse = exports.MultiErrorx = exports.Errorx = void 0;
 /**
  * Errorx is a custom error class that extends the native Error class.
  */
@@ -324,3 +324,14 @@ class ErrorConcurrentModification extends Errorx {
     }
 }
 exports.ErrorConcurrentModification = ErrorConcurrentModification;
+class ErrorMissingAuthenticationInfo extends Errorx {
+    constructor(additionalOpts) {
+        super({
+            code: 'MissingAuthenticationInfo',
+            httpErrorStatus: 400,
+            message: 'Not able to identify the user',
+            ...additionalOpts,
+        });
+    }
+}
+exports.ErrorMissingAuthenticationInfo = ErrorMissingAuthenticationInfo;

package/dist/index.d.ts

@@ -1,10 +1,9 @@
-/// <reference types="node" />
-import { RequestContextData, RequestContextProvider } from './api';
+import { RequestContextData, RequestContextProvider, SessionAuthenticationHook } from './api';
 import { DefaultCommercetoolsAPI } from './commercetools/api/root-api';
 import { DefaultCartService } from './commercetools/services/ct-cart.service';
 import { DefaultPaymentService } from './commercetools/services/ct-payment.service';
+import { DefaultAuthorizationService } from './commercetools/services/ct-authorization.service';
 import { Logger } from './logger';
-import { DefaultOauth2Service, DefaultSessionAuthenticator } from './security';
 export * from './api';
 export * from './commercetools';
 export * from './errorx';
@@ -24,10 +23,7 @@ export declare const setupPaymentSDK: (opts: {
     ctAPI: DefaultCommercetoolsAPI;
     ctCartService: DefaultCartService;
     ctPaymentService: DefaultPaymentService;
-    oauth2Service: DefaultOauth2Service;
-    sessionAuthenticator: DefaultSessionAuthenticator;
+    ctAuthorizationService: DefaultAuthorizationService;
     contextProvider: RequestContextProvider;
-    sessionAuthHookFn: (req: {
-        headers: import("http").IncomingHttpHeaders;
-    }) => Promise<void>;
+    sessionAuthHookFn: SessionAuthenticationHook;
 };

package/dist/index.js

@@ -19,6 +19,8 @@ const api_1 = require("./api");
 const root_api_1 = require("./commercetools/api/root-api");
 const ct_cart_service_1 = require("./commercetools/services/ct-cart.service");
 const ct_payment_service_1 = require("./commercetools/services/ct-payment.service");
+const ct_authorization_service_1 = require("./commercetools/services/ct-authorization.service");
+const ct_session_service_1 = require("./commercetools/services/ct-session.service");
 const base_decorator_1 = require("./fetch/decorators/base.decorator");
 const monitoring_decorator_1 = require("./fetch/decorators/monitoring.decorator");
 const security_1 = require("./security");
@@ -32,6 +34,8 @@ const setupPaymentSDK = (opts) => {
         getContextFn: opts.getContextFn,
         updateContextFn: opts.updateContextFn,
     });
+    const fetcher = new monitoring_decorator_1.MonitoringFetcherDecorator(new base_decorator_1.BasicFetcher(), contextProvider);
+    const decoratedFetch = fetcher.run.bind(fetcher);
     const ctAPI = new root_api_1.DefaultCommercetoolsAPI({
         apiUrl: opts.apiUrl,
         authUrl: opts.authUrl,
@@ -42,31 +46,29 @@ const setupPaymentSDK = (opts) => {
     });
     const ctCartService = new ct_cart_service_1.DefaultCartService({ ctAPI });
     const ctPaymentService = new ct_payment_service_1.DefaultPaymentService({ ctAPI });
-    const fetcher = new monitoring_decorator_1.MonitoringFetcherDecorator(new base_decorator_1.BasicFetcher(), contextProvider);
-    const decoratedFetch = fetcher.run.bind(fetcher);
-    const oauth2Service = new security_1.DefaultOauth2Service({
+    const ctAuthorizationService = new ct_authorization_service_1.DefaultAuthorizationService({
         authUrl: opts.authUrl,
-        fetch: decoratedFetch,
-        logger: opts.logger,
-    });
-    const sessionAuthenticator = new security_1.DefaultSessionAuthenticator({
-        oauth2Service,
         clientId: opts.clientId,
         clientSecret: opts.clientSecret,
-        projectKey: opts.projectKey,
-        sessionUrl: opts.sessionUrl,
         fetch: decoratedFetch,
     });
-    const sessionAuthHookFn = (0, api_1.sessionAuthHook)({
+    const sessionService = new ct_session_service_1.DefaultSessionService({
+        authorizationService: ctAuthorizationService,
+        sessionUrl: opts.sessionUrl,
+        projectKey: opts.projectKey,
+    });
+    const sessionAuthenticationManager = new security_1.SessionAuthenticationManager({
+        sessionService,
+    });
+    const sessionAuthHookFn = new api_1.SessionAuthenticationHook({
+        authenticationManager: sessionAuthenticationManager,
         contextProvider,
-        sessionAuthenticator,
     });
     return {
         ctAPI,
         ctCartService,
         ctPaymentService,
-        oauth2Service,
-        sessionAuthenticator,
+        ctAuthorizationService,
         contextProvider,
         sessionAuthHookFn,
     };

package/dist/security/authn/authns.d.ts

@@ -0,0 +1,24 @@
+import { Authentication, HeaderPrincipal, SessionPrincipal } from './types/authn.type';
+export declare class SessionAuthentication implements Authentication<SessionPrincipal, string> {
+    private principal;
+    private authorities;
+    private sessionId;
+    private authenticated;
+    constructor(sessionId: string, principal: SessionPrincipal);
+    hasPrincipal(): boolean;
+    getAuthorities(): string[];
+    hasCredentials(): boolean;
+    getPrincipal(): SessionPrincipal;
+    getCredentials(): string;
+    isAuthenticated(): boolean;
+}
+export declare class HeaderBasedAuthentication implements Authentication<HeaderPrincipal, string> {
+    private authHeader;
+    constructor(authHeader: string);
+    hasPrincipal(): boolean;
+    getAuthorities(): string[];
+    hasCredentials(): boolean;
+    getCredentials(): string;
+    getPrincipal(): HeaderPrincipal;
+    isAuthenticated(): boolean;
+}

package/dist/security/authn/authns.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HeaderBasedAuthentication = exports.SessionAuthentication = void 0;
+class SessionAuthentication {
+    principal;
+    authorities;
+    sessionId;
+    authenticated;
+    constructor(sessionId, principal) {
+        this.principal = principal;
+        this.sessionId = sessionId;
+        this.authenticated = true;
+    }
+    hasPrincipal() {
+        return this.getPrincipal() !== undefined;
+    }
+    getAuthorities() {
+        return this.authorities;
+    }
+    hasCredentials() {
+        return this.getCredentials() !== undefined;
+    }
+    getPrincipal() {
+        return this.principal;
+    }
+    getCredentials() {
+        return this.sessionId;
+    }
+    isAuthenticated() {
+        return this.authenticated;
+    }
+}
+exports.SessionAuthentication = SessionAuthentication;
+class HeaderBasedAuthentication {
+    authHeader;
+    constructor(authHeader) {
+        this.authHeader = authHeader;
+    }
+    hasPrincipal() {
+        return this.getPrincipal() != undefined;
+    }
+    getAuthorities() {
+        return [];
+    }
+    hasCredentials() {
+        return this.getCredentials() != undefined;
+    }
+    getCredentials() {
+        return this.authHeader;
+    }
+    getPrincipal() {
+        return {
+            authHeader: this.authHeader,
+        };
+    }
+    isAuthenticated() {
+        return false;
+    }
+}
+exports.HeaderBasedAuthentication = HeaderBasedAuthentication;

package/dist/security/authn/session-authn-manager.d.ts

@@ -0,0 +1,10 @@
+import { AuthenticationManager } from './types/authn.type';
+import { HeaderBasedAuthentication, SessionAuthentication } from './authns';
+import { CommercetoolsSessionService } from '../../commercetools';
+export declare class SessionAuthenticationManager implements AuthenticationManager {
+    private sessionService;
+    constructor(opts: {
+        sessionService: CommercetoolsSessionService;
+    });
+    authenticate(authentication: HeaderBasedAuthentication): Promise<SessionAuthentication>;
+}

package/dist/security/authn/session-authn-manager.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionAuthenticationManager = void 0;
+const authns_1 = require("./authns");
+const errorx_1 = require("../../errorx");
+class SessionAuthenticationManager {
+    sessionService;
+    constructor(opts) {
+        this.sessionService = opts.sessionService;
+    }
+    async authenticate(authentication) {
+        const principal = authentication.getPrincipal();
+        try {
+            const session = await this.sessionService.verifySession(principal.authHeader);
+            return new authns_1.SessionAuthentication(principal.authHeader, {
+                cartId: this.sessionService.getCartFromSession(session),
+                allowedPaymentMethods: this.sessionService.getAllowedPaymentMethodsFromSession(session),
+            });
+        }
+        catch (e) {
+            throw new errorx_1.ErrorAuthErrorResponse();
+        }
+    }
+}
+exports.SessionAuthenticationManager = SessionAuthenticationManager;

package/dist/security/authn/types/authn.type.d.ts

@@ -0,0 +1,18 @@
+export interface AuthenticationManager {
+    authenticate(authentication: Authentication): Promise<Authentication> | Authentication;
+}
+export interface Authentication<Principal = unknown, Credentials = unknown> {
+    hasPrincipal(): boolean;
+    getAuthorities(): string[];
+    hasCredentials(): boolean;
+    getPrincipal(): Principal;
+    getCredentials(): Credentials;
+    isAuthenticated(): boolean;
+}
+export type SessionPrincipal = {
+    cartId: string;
+    allowedPaymentMethods: string[];
+};
+export type HeaderPrincipal = {
+    authHeader: string;
+};

package/dist/security/authn/types/authn.type.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/security/index.d.ts

@@ -1,3 +1,3 @@
-export * from './auth/session.auth';
-export * from './services/oauth2.service';
-export * from './types/session.type';
+export * from './authn/types/authn.type';
+export * from './authn/authns';
+export * from './authn/session-authn-manager';

package/dist/security/index.js

@@ -14,6 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./auth/session.auth"), exports);
-__exportStar(require("./services/oauth2.service"), exports);
-__exportStar(require("./types/session.type"), exports);
+__exportStar(require("./authn/types/authn.type"), exports);
+__exportStar(require("./authn/authns"), exports);
+__exportStar(require("./authn/session-authn-manager"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commercetools/connect-payments-sdk",
-  "version": "0.0.1",
+  "version": "0.0.3",
   "description": "Payment SDK for commercetools payment connectors",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -15,7 +15,7 @@
   ],
   "license": "ISC",
   "dependencies": {
-    "@commercetools/platform-sdk": "6.0.0",
+    "@commercetools/platform-sdk": "7.2.0-alpha.4",
     "@commercetools/sdk-client-v2": "2.3.0"
   }
 }

package/.husky/pre-commit

@@ -1,4 +0,0 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
-pnpm run format && pnpm run lint

package/dist/security/auth/session.auth.d.ts

@@ -1,20 +0,0 @@
-import { Fetch } from '../../fetch/types/fetch.type';
-import { Oauth2Service } from '../types/oauth2.type';
-import { IntrospectSessionParams, PaymentSessionData, SessionAuthenticator } from '../types/session.type';
-export declare class DefaultSessionAuthenticator implements SessionAuthenticator {
-    private oauth2Service;
-    private sessionUrl;
-    private clientId;
-    private clientSecret;
-    private projectKey;
-    private fetch;
-    constructor(opts: {
-        oauth2Service: Oauth2Service;
-        sessionUrl: string;
-        clientId: string;
-        clientSecret: string;
-        projectKey: string;
-        fetch: Fetch;
-    });
-    introspectSession(opts: IntrospectSessionParams): Promise<PaymentSessionData>;
-}

package/dist/security/auth/session.auth.js

@@ -1,54 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DefaultSessionAuthenticator = void 0;
-const errorx_1 = require("../../errorx/errorx");
-class DefaultSessionAuthenticator {
-    oauth2Service;
-    sessionUrl;
-    clientId;
-    clientSecret;
-    projectKey;
-    fetch;
-    constructor(opts) {
-        this.oauth2Service = opts.oauth2Service;
-        this.sessionUrl = opts.sessionUrl;
-        this.clientId = opts.clientId;
-        this.clientSecret = opts.clientSecret;
-        this.projectKey = opts.projectKey;
-        this.fetch = opts.fetch;
-    }
-    async introspectSession(opts) {
-        const accessToken = await this.oauth2Service.getAccessToken({
-            clientId: this.clientId,
-            clientSecret: this.clientSecret,
-        });
-        const response = await this.fetch(`${this.sessionUrl}/${this.projectKey}/sessions/${opts.sessionId}`, {
-            method: 'GET',
-            headers: {
-                'Content-Type': 'application/json',
-                Authorization: `Bearer ${accessToken.access_token}`,
-            },
-        });
-        if (!response.ok) {
-            if (response.status === 401) {
-                throw new errorx_1.ErrorAuthErrorResponse({
-                    privateMessage: 'Failed to get session data',
-                    privateFields: {
-                        responseStatus: response.status,
-                        responseText: await response.text(),
-                    },
-                });
-            }
-            throw new errorx_1.ErrorGeneral(undefined, {
-                privateMessage: 'Failed to get session data',
-                privateFields: {
-                    responseStatus: response.status,
-                    responseText: await response.text(),
-                },
-            });
-        }
-        const sessionRes = (await response.json());
-        return sessionRes.metadata;
-    }
-}
-exports.DefaultSessionAuthenticator = DefaultSessionAuthenticator;

package/dist/security/services/oauth2.service.d.ts

@@ -1,16 +0,0 @@
-import { Fetch } from '../../fetch/types/fetch.type';
-import { Logger } from '../../logger';
-import { GetAccessTokenParams, Oauth2Service, TokenResponse } from '../types/oauth2.type';
-export declare class DefaultOauth2Service implements Oauth2Service {
-    private authUrl;
-    private fetch;
-    private logger?;
-    constructor(opts: {
-        authUrl: string;
-        fetch: Fetch;
-        logger?: Logger;
-    });
-    private oauth2tokenCache;
-    private oauth2tokenKey;
-    getAccessToken(opts: GetAccessTokenParams): Promise<TokenResponse>;
-}

package/dist/security/types/oauth2.type.d.ts

@@ -1,13 +0,0 @@
-export type TokenResponse = {
-    access_token: string;
-    token_type: string;
-    scope: string;
-    expires_in: number;
-};
-export interface Oauth2Service {
-    getAccessToken(opts: GetAccessTokenParams): Promise<TokenResponse>;
-}
-export type GetAccessTokenParams = {
-    clientId: string;
-    clientSecret: string;
-};

package/dist/security/types/session.type.d.ts

@@ -1,10 +0,0 @@
-export type PaymentSessionData = {
-    cartId: string;
-    allowedPaymentMethods?: string[];
-};
-export interface SessionAuthenticator {
-    introspectSession(opts: IntrospectSessionParams): Promise<PaymentSessionData>;
-}
-export type IntrospectSessionParams = {
-    sessionId: string;
-};