@cubist-labs/cubesigner-sdk 0.2.28 → 0.3.1

package/src/session/cognito_manager.ts

@@ -1,161 +0,0 @@
-import path from "path";
-import { Client } from "../api";
-import { EnvInterface } from "../env";
-import { HasEnv, OrgSessionManager, SessionManager } from "./session_manager";
-import { JsonFileSessionStorage, SessionStorage } from "./session_storage";
-import { configDir } from "../util";
-
-/** JSON representation of our "management session" file format */
-export interface CognitoSessionObject {
-  /** The organization ID */
-  org_id: string;
-  /** The email address of the user */
-  email: string;
-  /** The ID token */
-  id_token: string;
-  /** The access token */
-  access_token: string;
-  /** The refresh token */
-  refresh_token: string;
-  /** The expiration time of the access token */
-  expiration: string;
-}
-
-export interface CognitoSessionInfo extends CognitoSessionObject, HasEnv {}
-
-/** Type of storage required for cognito (management) sessions */
-export type CognitoSessionStorage = SessionStorage<CognitoSessionInfo>;
-
-/** The session manager for cognito (management) sessions */
-export class CognitoSessionManager extends OrgSessionManager<CognitoSessionInfo> {
-  #client: Client;
-
-  /**
-   * @return {string} The current auth token.
-   * @internal
-   */
-  async token(): Promise<string> {
-    const session = await this.storage.retrieve();
-    return session.id_token;
-  }
-
-  /**
-   * Returns a client with the current session and refreshes the current
-   * session.
-   */
-  async client(): Promise<Client> {
-    this.refreshIfNeeded();
-    return this.#client;
-  }
-
-  /** Revokes the session. */
-  async revoke(): Promise<void> {
-    const idp = require("@aws-sdk/client-cognito-identity-provider"); // eslint-disable-line @typescript-eslint/no-var-requires
-    const session = await this.storage.retrieve();
-    const client = new idp.CognitoIdentityProviderClient({
-      region: this.env.Region,
-      signer: { sign: async (request: any) => request }, // eslint-disable-line @typescript-eslint/no-explicit-any
-    });
-    const input = {
-      Token: session.refresh_token,
-      ClientId: this.env.ClientId,
-    };
-    await client.send(new idp.RevokeTokenCommand(input));
-  }
-
-  /**
-   * Returns whether it's time to refresh this token.
-   * @return {boolean} Whether it's time to refresh this token.
-   * @internal
-   */
-  async isStale(): Promise<boolean> {
-    const session = await this.storage.retrieve();
-    return SessionManager.isStale(new Date(session.expiration));
-  }
-
-  /**
-   * Refreshes the session and **UPDATES/MUTATES** self.
-   */
-  async refresh(): Promise<void> {
-    const idp = require("@aws-sdk/client-cognito-identity-provider"); // eslint-disable-line @typescript-eslint/no-var-requires
-    const session = await this.storage.retrieve();
-    const client = new idp.CognitoIdentityProviderClient({ region: this.env.Region });
-    const resp = await client.send(
-      new idp.InitiateAuthCommand({
-        AuthFlow: "REFRESH_TOKEN_AUTH",
-        AuthParameters: {
-          REFRESH_TOKEN: session.refresh_token,
-        },
-        ClientId: this.env.ClientId,
-      }),
-    );
-
-    if (
-      !resp.AuthenticationResult ||
-      !resp.AuthenticationResult.ExpiresIn ||
-      !resp.AuthenticationResult.IdToken
-    ) {
-      throw new Error("Refresh failed");
-    }
-
-    const expiresInMs = resp.AuthenticationResult.ExpiresIn * 1000;
-    const expiration = new Date(new Date().getTime() + expiresInMs).toISOString();
-    const idToken = resp.AuthenticationResult.IdToken;
-
-    await this.storage.save(<CognitoSessionInfo>{
-      ...session,
-      id_token: idToken,
-      access_token: resp.AuthenticationResult.AccessToken,
-      expiration,
-    });
-    this.#client = this.createClient(idToken);
-  }
-
-  /**
-   * Loads an existing cognito (management) session from storage.
-   * @param {CognitoSessionStorage} storage The storage back end to use
-   * @return {Promise<SingerSession>} New token
-   */
-  static async loadFromStorage(storage: CognitoSessionStorage): Promise<CognitoSessionManager> {
-    const sessionInfo = await storage.retrieve();
-    return new CognitoSessionManager(
-      sessionInfo.env["Dev-CubeSignerStack"],
-      sessionInfo.org_id,
-      sessionInfo.id_token,
-      storage,
-    );
-  }
-
-  /**
-   * Loads an existing management session and creates a Cognito session manager for it.
-   *
-   * @param {CognitoSessionStorage} storage Optional session storage to load
-   * the session from. If not specified, the management session from the config
-   * directory will be loaded.
-   * @return {Promise<CognitoSessionManager>} Cognito session manager
-   */
-  static async loadManagementSession(
-    storage?: CognitoSessionStorage,
-  ): Promise<CognitoSessionManager> {
-    return await CognitoSessionManager.loadFromStorage(
-      storage ?? new JsonFileSessionStorage(path.join(configDir(), "management-session.json")),
-    );
-  }
-
-  /**
-   * Constructor.
-   * @param {EnvInterface} env The environment of the session
-   * @param {string} orgId The id of the org associated with this session
-   * @param {string} token The current token of the session
-   * @param {CognitoSessionStorage} storage The storage back end to use
-   */
-  private constructor(
-    env: EnvInterface,
-    orgId: string,
-    token: string,
-    storage: CognitoSessionStorage,
-  ) {
-    super(env, orgId, storage);
-    this.#client = this.createClient(token);
-  }
-}

package/src/session/session_manager.ts

@@ -1,165 +0,0 @@
-import { Events } from "../events";
-import { EnvInterface } from "../env";
-import { Client, createHttpClient } from "../api";
-import { SessionStorage } from "./session_storage";
-import { delay } from "../util";
-
-const DEFAULT_EXPIRATION_BUFFER_SECS = 30;
-
-/** Generic session manager interface. */
-export abstract class SessionManager<U> {
-  readonly env: EnvInterface;
-  readonly storage: SessionStorage<U>;
-  readonly events = new Events();
-  #refreshing: boolean = false;
-
-  /**
-   * @return {string} The current auth token.
-   * @internal
-   */
-  abstract token(): Promise<string>;
-
-  /** Returns a client instance that uses the token. */
-  abstract client(): Promise<Client>;
-
-  /** Revokes the session. */
-  abstract revoke(): Promise<void>;
-
-  /** Refreshes the session. */
-  abstract refresh(): Promise<void>;
-
-  /**
-   * Returns whether it's time to refresh this token.
-   * @return {boolean} Whether it's time to refresh this token.
-   * @internal
-   */
-  abstract isStale(): Promise<boolean>;
-
-  /**
-   * Refreshes the session if it is about to expire.
-   * @return {boolean} Whether the session token was refreshed.
-   * @internal
-   */
-  async refreshIfNeeded(): Promise<boolean> {
-    if (await this.isStale()) {
-      if (this.#refreshing) {
-        // wait until done refreshing
-        while (this.#refreshing) {
-          await delay(100);
-        }
-        return false;
-      } else {
-        // refresh
-        this.#refreshing = true;
-        try {
-          await this.refresh();
-          return true;
-        } finally {
-          this.#refreshing = false;
-        }
-      }
-    }
-
-    return false;
-  }
-
-  /**
-   * Automatically refreshes the session in the background.
-   * The default implementation refreshes (if needed) every minute.
-   * Base implementations can, instead use the token expirations timestamps
-   * to refresh less often. This is a simple wrapper around `setInterval`.
-   * @return {number} The interval ID of the refresh timer.
-   */
-  autoRefresh(): RefreshId {
-    return setInterval(async () => {
-      await this.refreshIfNeeded();
-    }, 60 * 1000);
-  }
-
-  /**
-   * Clears the auto refresh timer.
-   * @param {number} timer The timer ID to clear.
-   */
-  clearAutoRefresh(timer: RefreshId): void {
-    clearInterval(timer);
-  }
-
-  /**
-   * Constructor.
-   * @param {EnvInterface} env The environment of the session
-   * @param {SessionStorage<U>} storage The storage back end to use for storing
-   *                                    session information
-   */
-  constructor(env: EnvInterface, storage: SessionStorage<U>) {
-    this.env = env;
-    this.storage = storage;
-  }
-
-  /**
-   * Creates a new REST client with a given token
-   * @param {string} token The authorization token to use for the client
-   * @return {Client} The new REST client
-   */
-  protected createClient(token: string): Client {
-    return createHttpClient(this.env.SignerApiRoot, token);
-  }
-
-  /**
-   * Check if a timestamp is within {@link bufferSeconds} seconds from expiration.
-   * @param {Date} exp The timestamp to check
-   * @param {number} bufferSeconds Time buffer in seconds (defaults to 0s)
-   * @return {boolean} True if the timestamp has expired
-   */
-  protected static hasExpired(exp: Date, bufferSeconds?: number): boolean {
-    bufferSeconds ??= 0;
-    const expMsSinceEpoch = exp.getTime();
-    const nowMsSinceEpoch = new Date().getTime();
-    const bufferMs = bufferSeconds * 1000;
-    return expMsSinceEpoch < nowMsSinceEpoch + bufferMs;
-  }
-
-  /**
-   * Check if a timestamp is stale, i.e., it's within {@link bufferSeconds} seconds from expiration.
-   * @param {Date} exp The timestamp to check
-   * @param {number} bufferSeconds Time buffer in seconds (defaults to 30s)
-   * @return {boolean} True if the timestamp is stale
-   */
-  protected static isStale(exp: Date, bufferSeconds?: number): boolean {
-    return this.hasExpired(exp, bufferSeconds ?? DEFAULT_EXPIRATION_BUFFER_SECS);
-  }
-
-  /**
-   * Throws an error that says that some feature is unsupported.
-   * @param {string} name The name of the feature that is not supported
-   */
-  protected unsupported(name: string): never {
-    throw new Error(`'${name}' not supported`);
-  }
-}
-
-/** Interface for a session manager that knows about the org that the session is in. */
-export abstract class OrgSessionManager<U> extends SessionManager<U> {
-  readonly orgId: string;
-
-  /**
-   * Constructor.
-   * @param {EnvInterface} env The environment of the session
-   * @param {string} orgId The id of the org associated with this session
-   * @param {SessionStorage<U>} storage The storage back end to use for storing
-   *                                    session information
-   */
-  constructor(env: EnvInterface, orgId: string, storage: SessionStorage<U>) {
-    super(env, storage);
-    this.orgId = orgId;
-  }
-}
-
-export interface HasEnv {
-  /** The environment */
-  env: {
-    ["Dev-CubeSignerStack"]: EnvInterface;
-  };
-}
-
-/** Type of the refresh timer ID. */
-export type RefreshId = ReturnType<typeof setInterval>;