@cubist-labs/cubesigner-sdk 0.1.50 → 0.2.2

package/dist/src/org.d.ts

@@ -1,11 +1,19 @@
-import { CubeSigner, MfaRequestInfo } from ".";
-import { components } from "./client";
+import { OrgInfo } from "./schema_types";
+import { CubeSignerClient } from "./client";
 import { KeyType, Key } from "./key";
-import { MfaPolicy, Role } from "./role";
+import { Role } from "./role";
+import { PageOpts } from "./paginator";
 /** Organization id */
 export type OrgId = string;
 /** Org-wide policy */
-export type OrgPolicy = SourceIpAllowlistPolicy | OriginAllowlistPolicy | MaxDailyUnstakePolicy;
+export type OrgPolicy = SourceIpAllowlistPolicy | OidcAuthSourcesPolicy | OriginAllowlistPolicy | MaxDailyUnstakePolicy;
+/**
+ * Provides an allowlist of OIDC Issuers and audiences that are allowed to authenticate into this org.
+ * @example {"OidcAuthSources": { "https://accounts.google.com": [ "1234.apps.googleusercontent.com" ]}}
+ */
+export interface OidcAuthSourcesPolicy {
+    OidcAuthSources: Record<string, string[]>;
+}
 /**
  * Only allow requests from the specified origins.
  * @example {"OriginAllowlist": "*"}
@@ -27,31 +35,21 @@ export interface SourceIpAllowlistPolicy {
 export interface MaxDailyUnstakePolicy {
     MaxDailyUnstake: number;
 }
-type OrgInfo = components["schemas"]["OrgInfo"];
-type UserIdInfo = components["schemas"]["UserIdInfo"];
-export type OidcIdentity = components["schemas"]["OIDCIdentity"];
-export type MemberRole = components["schemas"]["MemberRole"];
-/** Options for a new OIDC user */
-export interface CreateOidcUserOptions {
-    /** The role of an OIDC user, default is "Alien" */
-    memberRole?: MemberRole;
-    /** Optional MFA policy to associate with the user account */
-    mfaPolicy?: MfaPolicy;
-}
 /** An organization. */
 export declare class Org {
     #private;
     /**
      * @description The org id
      * @example Org#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
-     * */
+     */
     get id(): OrgId;
     /** Human-readable name for the org */
     name(): Promise<string | undefined>;
-    /** Set the human-readable name for the org.
+    /**
+     * Set the human-readable name for the org.
      * @param {string} name The new human-readable name for the org (must be alphanumeric).
      * @example my_org_name
-     * */
+     */
     setName(name: string): Promise<void>;
     /** Is the org enabled? */
     enabled(): Promise<boolean>;
@@ -65,162 +63,278 @@ export declare class Org {
      * @param {OrgPolicy[]} policy The new policy for the org.
      * */
     setPolicy(policy: OrgPolicy[]): Promise<void>;
-    /** Create a new signing key.
+    /**
+     * Create a new signing key.
      * @param {KeyType} type The type of key to create.
      * @param {string?} ownerId The owner of the key. Defaults to the session's user.
      * @return {Key[]} The new keys.
-     * */
+     */
     createKey(type: KeyType, ownerId?: string): Promise<Key>;
-    /** Create new signing keys.
+    /**
+     * Create new signing keys.
      * @param {KeyType} type The type of key to create.
-     * @param {nummber} count The number of keys to create.
+     * @param {number} count The number of keys to create.
      * @param {string?} ownerId The owner of the keys. Defaults to the session's user.
      * @return {Key[]} The new keys.
-     * */
+     */
     createKeys(type: KeyType, count: number, ownerId?: string): Promise<Key[]>;
     /**
-     * Derives a key of the given type using the given derivation path and mnemonic.
+     * Derive a key of the given type using the given derivation path and mnemonic.
+     * The owner of the derived key will be the owner of the mnemonic.
      *
      * @param {KeyType} type Type of key to derive from the mnemonic.
      * @param {string} derivationPath Mnemonic derivation path used to generate new key.
      * @param {string} mnemonicId materialId of mnemonic key used to derive the new key.
-     * @param {string} ownerId optional owner of the derived key.
      *
      * @return {Key} newly derived key.
      */
-    deriveKey(type: KeyType, derivationPath: string, mnemonicId: string, ownerId?: string): Promise<Key>;
+    deriveKey(type: KeyType, derivationPath: string, mnemonicId: string): Promise<Key>;
     /**
-     * Derives a set of keys of the given type using the given derivation paths and mnemonic.
+     * Derive a set of keys of the given type using the given derivation paths and mnemonic.
+     *
+     * The owner of the derived keys will be the owner of the mnemonic.
      *
      * @param {KeyType} type Type of key to derive from the mnemonic.
      * @param {string[]} derivationPaths Mnemonic derivation paths used to generate new key.
      * @param {string} mnemonicId materialId of mnemonic key used to derive the new key.
-     * @param {string} ownerId optional owner of the derived key.
      *
      * @return {Key[]} newly derived keys.
      */
-    deriveKeys(type: KeyType, derivationPaths: string[], mnemonicId: string, ownerId?: string): Promise<Key[]>;
-    /**
-     * Create a new user in the organization and sends an invitation to that user
-     * @param {string} email Email of the user
-     * @param {string} name The full name of the user
-     */
-    createUser(email: string, name: string): Promise<void>;
-    /**
-     * Create a new OIDC user
-     * @param {OidcIdentity} identity The identity of the OIDC user
-     * @param {string} email Email of the OIDC user
-     * @param {CreateOidcUserOptions} opts Additional options for new OIDC users
-     * @return {string} User id of the new user
-     */
-    createOidcUser(identity: OidcIdentity, email: string, opts?: CreateOidcUserOptions): Promise<string>;
-    /**
-     * Delete an existing OIDC user
-     * @param {OidcIdentity} identity The identity of the OIDC user
-     */
-    deleteOidcUser(identity: OidcIdentity): Promise<{
+    deriveKeys(type: KeyType, derivationPaths: string[], mnemonicId: string): Promise<Key[]>;
+    /** Create a new user in the organization and sends an invitation to that user. */
+    get createUser(): (email: string, name: string, role?: "Alien" | "Member" | "Owner" | undefined) => Promise<void>;
+    /** Create a new OIDC user */
+    get createOidcUser(): (identity: {
+        iss: string;
+        sub: string;
+    }, email: string, opts?: import("./schema_types").CreateOidcUserOptions) => Promise<string>;
+    /** Delete an existing OIDC user */
+    get deleteOidcUser(): (identity: {
+        iss: string;
+        sub: string;
+    }) => Promise<{
         status: string;
     }>;
+    /** Checks if a given proof of OIDC authentication is valid. */
+    get verifyIdentity(): (proof: {
+        aud?: string | null | undefined;
+        email: string;
+        exp_epoch: number;
+        identity?: {
+            iss: string;
+            sub: string;
+        } | null | undefined;
+        user_info?: {
+            configured_mfa: ({
+                type: "totp";
+            } | {
+                id: string;
+                name: string;
+                type: "fido";
+            })[];
+            initialized: boolean;
+            user_id: string;
+        } | null | undefined;
+    } & {
+        id: string;
+    }) => Promise<void>;
+    /**  List users in the organization */
+    get users(): () => Promise<{
+        email: string;
+        id: string;
+    }[]>;
     /**
-     * List users in the organization
-     * @return {UserIdInfo[]} List of users
-     */
-    users(): Promise<UserIdInfo[]>;
-    /** Get a key by id.
+     * Get a key by id.
      * @param {string} keyId The id of the key to get.
      * @return {Key} The key.
-     * */
+     */
     getKey(keyId: string): Promise<Key>;
-    /** Get all keys in the org.
+    /**
+     * Get all keys in the org.
      * @param {KeyType?} type Optional key type to filter list for.
+     * @param {PageOpts} page Pagination options. Defaults to fetching the entire result set.
      * @return {Key} The key.
-     * */
-    keys(type?: KeyType): Promise<Key[]>;
-    /** Create a new role.
+     */
+    keys(type?: KeyType, page?: PageOpts): Promise<Key[]>;
+    /**
+     * Create a new role.
+     *
      * @param {string?} name The name of the role.
      * @return {Role} The new role.
-     * */
+     */
     createRole(name?: string): Promise<Role>;
-    /** Get a role by id or name.
+    /**
+     * Get a role by id or name.
+     *
      * @param {string} roleId The id or name of the role to get.
      * @return {Role} The role.
-     * */
+     */
     getRole(roleId: string): Promise<Role>;
-    /** List all roles in the org.
+    /**
+     * List all roles in the org.
+     *
+     * @param {PageOpts} page Pagination options. Defaults to fetching the entire result set.
      * @return {Role[]} The roles.
-     * */
-    listRoles(): Promise<Role[]>;
-    /** List all users in the org.
-     * @return {User[]} The users.
-     * */
-    listUsers(): Promise<UserIdInfo[]>;
+     */
+    listRoles(page?: PageOpts): Promise<Role[]>;
+    /** List all users in the org. */
+    get listUsers(): () => Promise<{
+        email: string;
+        id: string;
+    }[]>;
     /**
      * Get a pending MFA request by its id.
-     * @param {string} mfaId The id of the MFA request.
-     * @return {Promise<MfaRequestInfo>} The MFA request.
      *
      * @deprecated Use {@link getMfaInfo()} instead.
      */
-    mfaGet(mfaId: string): Promise<MfaRequestInfo>;
+    get mfaGet(): (mfaId: string) => Promise<{
+        expires_at: number;
+        id: string;
+        receipt?: {
+            confirmation: string;
+            final_approver: string;
+            timestamp: number;
+        } | null | undefined;
+        request: {
+            body?: Record<string, unknown> | null | undefined;
+            method: string;
+            path: string;
+        };
+        status: {
+            allowed_approvers: string[];
+            allowed_mfa_types?: ("CubeSigner" | "Totp" | "Fido")[] | null | undefined;
+            approved_by: {
+                [key: string]: {
+                    [key: string]: {
+                        timestamp: number;
+                    };
+                };
+            };
+            count: number;
+            num_auth_factors: number;
+        };
+    }>;
     /**
      * Approve a pending MFA request.
      *
-     * @param {string} mfaId The id of the MFA request.
-     * @return {Promise<MfaRequestInfo>} The MFA request.
-     *
      * @deprecated Use {@link approveMfaRequest()} instead.
      */
-    mfaApprove(mfaId: string): Promise<MfaRequestInfo>;
-    /**
-     * Get a pending MFA request by its id.
-     * @param {string} mfaId The id of the MFA request.
-     * @return {Promise<MfaRequestInfo>} The MFA request.
-     */
-    getMfaInfo(mfaId: string): Promise<MfaRequestInfo>;
+    get mfaApprove(): (mfaId: string) => Promise<{
+        expires_at: number;
+        id: string;
+        receipt?: {
+            confirmation: string;
+            final_approver: string;
+            timestamp: number;
+        } | null | undefined;
+        request: {
+            body?: Record<string, unknown> | null | undefined;
+            method: string;
+            path: string;
+        };
+        status: {
+            allowed_approvers: string[];
+            allowed_mfa_types?: ("CubeSigner" | "Totp" | "Fido")[] | null | undefined;
+            approved_by: {
+                [key: string]: {
+                    [key: string]: {
+                        timestamp: number;
+                    };
+                };
+            };
+            count: number;
+            num_auth_factors: number;
+        };
+    }>;
+    /** Get a pending MFA request by its id. */
+    get getMfaInfo(): (mfaId: string) => Promise<{
+        expires_at: number;
+        id: string;
+        receipt?: {
+            confirmation: string;
+            final_approver: string;
+            timestamp: number;
+        } | null | undefined;
+        request: {
+            body?: Record<string, unknown> | null | undefined;
+            method: string;
+            path: string;
+        };
+        status: {
+            allowed_approvers: string[];
+            allowed_mfa_types?: ("CubeSigner" | "Totp" | "Fido")[] | null | undefined;
+            approved_by: {
+                [key: string]: {
+                    [key: string]: {
+                        timestamp: number;
+                    };
+                };
+            };
+            count: number;
+            num_auth_factors: number;
+        };
+    }>;
+    /** List pending MFA requests accessible to the current user. */
+    get listMfaInfos(): () => Promise<{
+        expires_at: number;
+        id: string;
+        receipt?: {
+            confirmation: string;
+            final_approver: string;
+            timestamp: number;
+        } | null | undefined;
+        request: {
+            body?: Record<string, unknown> | null | undefined;
+            method: string;
+            path: string;
+        };
+        status: {
+            allowed_approvers: string[];
+            allowed_mfa_types?: ("CubeSigner" | "Totp" | "Fido")[] | null | undefined;
+            approved_by: {
+                [key: string]: {
+                    [key: string]: {
+                        timestamp: number;
+                    };
+                };
+            };
+            count: number;
+            num_auth_factors: number;
+        };
+    }[]>;
+    /** Approve a pending MFA request. */
+    get approveMfaRequest(): (mfaId: string) => Promise<{
+        expires_at: number;
+        id: string;
+        receipt?: {
+            confirmation: string;
+            final_approver: string;
+            timestamp: number;
+        } | null | undefined;
+        request: {
+            body?: Record<string, unknown> | null | undefined;
+            method: string;
+            path: string;
+        };
+        status: {
+            allowed_approvers: string[];
+            allowed_mfa_types?: ("CubeSigner" | "Totp" | "Fido")[] | null | undefined;
+            approved_by: {
+                [key: string]: {
+                    [key: string]: {
+                        timestamp: number;
+                    };
+                };
+            };
+            count: number;
+            num_auth_factors: number;
+        };
+    }>;
     /**
-     * Approve a pending MFA request.
-     *
-     * @param {string} mfaId The id of the MFA request.
-     * @return {Promise<MfaRequestInfo>} The MFA request.
-     */
-    approveMfaRequest(mfaId: string): Promise<MfaRequestInfo>;
-    /** Create a new org.
-     * @param {CubeSigner} cs The CubeSigner instance.
+     * Create a new org.
+     * @param {CubeSignerClient} csc The CubeSigner instance.
      * @param {OrgInfo} data The JSON response from the API server.
      * @internal
-     * */
-    constructor(cs: CubeSigner, data: OrgInfo);
-    /**
-     * Approve a pending MFA request.
-     *
-     * @param {CubeSigner} cs The CubeSigner instance to use for requests
-     * @param {string} orgId The org id of the MFA request
-     * @param {string} mfaId The id of the MFA request
-     * @return {Promise<MfaRequestInfo>} The result of the MFA request
      */
-    static mfaApprove(cs: CubeSigner, orgId: string, mfaId: string): Promise<MfaRequestInfo>;
-    /** Fetch org info.
-     * @return {OrgInfo} The org info.
-     * */
-    private fetch;
-    /** Update the org.
-     * @param {UpdateOrgRequest} request The JSON request to send to the API server.
-     * @return {UpdateOrgResponse} The JSON response from the API server.
-     * */
-    private update;
-    /** List roles.
-     * @param {CubeSigner} cs The CubeSigner instance to use for signing.
-     * @param {string} orgId The id of the organization to which the role belongs.
-     * @return {Role[]} Org roles.
-     * @internal
-     * */
-    private static roles;
-    /** List users.
-     * @param {CubeSigner} cs The CubeSigner instance to use for signing.
-     * @param {string} orgId The id of the organization to which the role belongs.
-     * @return {User[]} Org users.
-     * @internal
-     * */
-    private static users;
+    constructor(csc: CubeSignerClient, data: OrgInfo);
 }
-export {};