@cubist-labs/cubesigner-sdk 0.3.19 → 0.3.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/dist/cjs/package.json +1 -1
  2. package/dist/cjs/spec/env/beta.json +2 -1
  3. package/dist/cjs/spec/env/gamma.json +2 -1
  4. package/dist/cjs/spec/env/prod.json +2 -1
  5. package/dist/cjs/src/api.d.ts +3 -1
  6. package/dist/cjs/src/api.js +5 -3
  7. package/dist/cjs/src/client.d.ts +11 -2
  8. package/dist/cjs/src/client.js +5 -3
  9. package/dist/cjs/src/env.d.ts +1 -0
  10. package/dist/cjs/src/env.js +1 -1
  11. package/dist/cjs/src/error.js +7 -2
  12. package/dist/cjs/src/index.d.ts +2 -0
  13. package/dist/cjs/src/index.js +3 -1
  14. package/dist/cjs/src/org.d.ts +13 -1
  15. package/dist/cjs/src/org.js +2 -2
  16. package/dist/cjs/src/org_event_processor.d.ts +57 -0
  17. package/dist/cjs/src/org_event_processor.js +137 -0
  18. package/dist/cjs/src/schema.d.ts +94 -26
  19. package/dist/cjs/src/schema.js +1 -1
  20. package/dist/cjs/src/schema_types.d.ts +3 -0
  21. package/dist/cjs/src/schema_types.js +1 -1
  22. package/dist/esm/package.json +1 -1
  23. package/dist/esm/spec/env/beta.json +2 -1
  24. package/dist/esm/spec/env/gamma.json +2 -1
  25. package/dist/esm/spec/env/prod.json +2 -1
  26. package/dist/esm/src/api.d.ts +3 -1
  27. package/dist/esm/src/api.js +5 -3
  28. package/dist/esm/src/client.d.ts +11 -2
  29. package/dist/esm/src/client.js +5 -3
  30. package/dist/esm/src/env.d.ts +1 -0
  31. package/dist/esm/src/env.js +1 -1
  32. package/dist/esm/src/error.js +7 -2
  33. package/dist/esm/src/index.d.ts +2 -0
  34. package/dist/esm/src/index.js +3 -1
  35. package/dist/esm/src/org.d.ts +13 -1
  36. package/dist/esm/src/org.js +2 -2
  37. package/dist/esm/src/org_event_processor.d.ts +57 -0
  38. package/dist/esm/src/org_event_processor.js +133 -0
  39. package/dist/esm/src/schema.d.ts +94 -26
  40. package/dist/esm/src/schema.js +1 -1
  41. package/dist/esm/src/schema_types.d.ts +3 -0
  42. package/dist/esm/src/schema_types.js +1 -1
  43. package/package.json +1 -1
  44. package/src/api.ts +10 -3
  45. package/src/client.ts +11 -3
  46. package/src/env.ts +1 -0
  47. package/src/error.ts +6 -1
  48. package/src/index.ts +2 -0
  49. package/src/org.ts +1 -1
  50. package/src/org_event_processor.ts +173 -0
  51. package/src/schema.ts +100 -23
  52. package/src/schema_types.ts +3 -0
package/dist/esm/src/schema_types.d.ts CHANGED
@@ -3,6 +3,7 @@ import { components } from "./schema";
3
3
  import { JsonMap } from "./util";
4
4
  type schemas = components["schemas"];
5
5
  export type UserInfo = schemas["UserInfo"];
6
+ export type UserInOrgMembership = schemas["UserInOrgMembership"];
6
7
  export type ConfiguredMfa = schemas["ConfiguredMfa"];
7
8
  export type RatchetConfig = schemas["RatchetConfig"];
8
9
  export type IdentityProof = schemas["IdentityProof"];
@@ -28,6 +29,8 @@ export type MemberRole = schemas["MemberRole"];
28
29
  export type SchemaKeyType = schemas["KeyType"];
29
30
  export type ListKeysResponse = schemas["PaginatedListKeysResponse"];
30
31
  export type UpdateKeyRequest = schemas["UpdateKeyRequest"];
32
+ export type UpdateKeyProperties = schemas["UpdateKeyProperties"];
33
+ export type CreateKeyRequest = schemas["CreateKeyRequest"];
31
34
  export type KeyInfoApi = schemas["KeyInfo"];
32
35
  export type KeyInRoleInfo = schemas["KeyInRoleInfo"];
33
36
  export type UserInRoleInfo = schemas["UserInRoleInfo"];
package/dist/esm/src/schema_types.js CHANGED
@@ -1,2 +1,2 @@
1
1
  export {};
2
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2NoZW1hX3R5cGVzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NjaGVtYV90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgTWZhUG9saWN5IH0gZnJvbSBcIi4vcm9sZVwiO1xuaW1wb3J0IHsgY29tcG9uZW50cyB9IGZyb20gXCIuL3NjaGVtYVwiO1xuaW1wb3J0IHsgSnNvbk1hcCB9IGZyb20gXCIuL3V0aWxcIjtcblxudHlwZSBzY2hlbWFzID0gY29tcG9uZW50c1tcInNjaGVtYXNcIl07XG5cbmV4cG9ydCB0eXBlIFVzZXJJbmZvID0gc2NoZW1hc1tcIlVzZXJJbmZvXCJdO1xuZXhwb3J0IHR5cGUgQ29uZmlndXJlZE1mYSA9IHNjaGVtYXNbXCJDb25maWd1cmVkTWZhXCJdO1xuZXhwb3J0IHR5cGUgUmF0Y2hldENvbmZpZyA9IHNjaGVtYXNbXCJSYXRjaGV0Q29uZmlnXCJdO1xuZXhwb3J0IHR5cGUgSWRlbnRpdHlQcm9vZiA9IHNjaGVtYXNbXCJJZGVudGl0eVByb29mXCJdO1xuZXhwb3J0IHR5cGUgVG90cEluZm8gPSBzY2hlbWFzW1wiVG90cEluZm9cIl07XG5cbmV4cG9ydCB0eXBlIE9pZGNBdXRoUmVzcG9uc2UgPSBzY2hlbWFzW1wiTmV3U2Vzc2lvblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXBpQWRkRmlkb0NoYWxsZW5nZSA9IHNjaGVtYXNbXCJGaWRvQ3JlYXRlQ2hhbGxlbmdlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBBcGlNZmFGaWRvQ2hhbGxlbmdlID0gc2NoZW1hc1tcIkZpZG9Bc3NlcnRDaGFsbGVuZ2VcIl07XG5cbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9wdGlvbnMgPSBzY2hlbWFzW1wiUHVibGljS2V5Q3JlZGVudGlhbENyZWF0aW9uT3B0aW9uc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxSZXF1ZXN0T3B0aW9ucyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUmVxdWVzdE9wdGlvbnNcIl07XG5leHBvcnQgdHlwZSBQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVycyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVyc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yXCJdO1xuZXhwb3J0IHR5cGUgQXV0aGVudGljYXRvclNlbGVjdGlvbkNyaXRlcmlhID0gc2NoZW1hc1tcIkF1dGhlbnRpY2F0b3JTZWxlY3Rpb25Dcml0ZXJpYVwiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5ID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgUHVibGljS2V5Q3JlZGVudGlhbCA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsXCJdO1xuXG5leHBvcnQgdHlwZSBPcmdJbmZvID0gc2NoZW1hc1tcIk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVc2VySW5PcmdJbmZvID0gc2NoZW1hc1tcIlVzZXJJbk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXF1ZXN0ID0gc2NoZW1hc1tcIlVwZGF0ZU9yZ1JlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXNwb25zZSA9IHNjaGVtYXNbXCJVcGRhdGVPcmdSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIE5vdGlmaWNhdGlvbkVuZHBvaW50Q29uZmlndXJhdGlvbiA9IHNjaGVtYXNbXCJOb3RpZmljYXRpb25FbmRwb2ludENvbmZpZ3VyYXRpb25cIl07XG5leHBvcnQgdHlwZSBPcmdFdmVudHMgPSBzY2hlbWFzW1wiT3JnRXZlbnREaXNjcmltaW5hbnRzXCJdO1xuXG5leHBvcnQgdHlwZSBPaWRjSWRlbnRpdHkgPSBzY2hlbWFzW1wiT0lEQ0lkZW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgTWVtYmVyUm9sZSA9IHNjaGVtYXNbXCJNZW1iZXJSb2xlXCJdO1xuXG5leHBvcnQgdHlwZSBTY2hlbWFLZXlUeXBlID0gc2NoZW1hc1tcIktleVR5cGVcIl07XG5cbmV4cG9ydCB0eXBlIExpc3RLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdEtleXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVwZGF0ZUtleVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlS2V5UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEtleUluZm9BcGkgPSBzY2hlbWFzW1wiS2V5SW5mb1wiXTtcbmV4cG9ydCB0eXBlIEtleUluUm9sZUluZm8gPSBzY2hlbWFzW1wiS2V5SW5Sb2xlSW5mb1wiXTtcbmV4cG9ydCB0eXBlIFVzZXJJblJvbGVJbmZvID0gc2NoZW1hc1tcIlVzZXJJblJvbGVJbmZvXCJdO1xuZXhwb3J0IHR5cGUgS2V5VHlwZUFwaSA9IHNjaGVtYXNbXCJLZXlUeXBlXCJdO1xuXG5leHBvcnQgdHlwZSBMaXN0S2V5Um9sZXNSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRMaXN0S2V5Um9sZXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIExpc3RSb2xlc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZExpc3RSb2xlc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgTGlzdFJvbGVLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVLZXlzUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBMaXN0Um9sZVVzZXJzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVVc2Vyc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXBkYXRlUm9sZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlUm9sZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBLZXlXaXRoUG9saWNpZXNJbmZvID0gc2NoZW1hc1tcIktleUluUm9sZUluZm9cIl07XG5leHBvcnQgdHlwZSBSb2xlSW5mbyA9IHNjaGVtYXNbXCJSb2xlSW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgU2Vzc2lvbkluZm8gPSBzY2hlbWFzW1wiU2Vzc2lvbkluZm9cIl07XG5leHBvcnQgdHlwZSBDbGllbnRTZXNzaW9uSW5mbyA9IHNjaGVtYXNbXCJDbGllbnRTZXNzaW9uSW5mb1wiXTtcbmV4cG9ydCB0eXBlIE5ld1Nlc3Npb25SZXNwb25zZSA9IHNjaGVtYXNbXCJOZXdTZXNzaW9uUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBTZXNzaW9uc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZFNlc3Npb25zUmVzcG9uc2VcIl07XG5cbmV4cG9ydCB0eXBlIENyZWF0ZVNpZ25lclNlc3Npb25SZXF1ZXN0ID0gc2NoZW1hc1tcIkNyZWF0ZVRva2VuUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFJlZnJlc2hTaWduZXJTZXNzaW9uUmVxdWVzdCA9IHNjaGVtYXNbXCJBdXRoRGF0YVwiXTtcblxuZXhwb3J0IHR5cGUgRXZtU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMVNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXZtU2lnblJlc3BvbnNlID0gc2NoZW1hc1tcIkV0aDFTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFaXAxOTFTaWduUmVxdWVzdCA9IHNjaGVtYXNbXCJFaXAxOTFTaWduUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEVpcDcxMlNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkVpcDcxMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRWlwMTkxT3I3MTJTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiRWlwMTkxT3I3MTJTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFdGgyU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJFdGgyU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlN0YWtlUmVxdWVzdCA9IHNjaGVtYXNbXCJTdGFrZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBFdGgyU3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJTdGFrZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXF1ZXN0ID0gc2NoZW1hc1tcIlVuc3Rha2VSZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJVbnN0YWtlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCbG9iU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQmxvYlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgQmxvYlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJCbG9iU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQnRjU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQnRjU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQnRjU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgU29sYW5hU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBTb2xhbmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXZhU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQXZhU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBBdmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQXZhU2lnblJlc3BvbnNlXCJdO1xuXG5leHBvcnQgdHlwZSBBY2NlcHRlZFJlc3BvbnNlID0gc2NoZW1hc1tcIkFjY2VwdGVkUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFcnJvclJlc3BvbnNlID0gc2NoZW1hc1tcIkVycm9yUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduYXR1cmVLaW5kID0gc2NoZW1hc1tcIkJ0Y1NpZ25hdHVyZUtpbmRcIl07XG5leHBvcnQgdHlwZSBDc0VyckNvZGUgPSBzY2hlbWFzW1wiU2lnbmVyRXJyb3JDb2RlXCJdO1xuXG5leHBvcnQgdHlwZSBNZmFUeXBlID0gc2NoZW1hc1tcIk1mYVR5cGVcIl07XG5leHBvcnQgdHlwZSBNZmFWb3RlID0gc2NoZW1hc1tcIk1mYVZvdGVcIl07XG5leHBvcnQgdHlwZSBNZmFSZXF1ZXN0SW5mbyA9IHNjaGVtYXNbXCJNZmFSZXF1ZXN0SW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEluaXRSZXF1ZXN0ID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRJbml0UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRJbml0UmVzcG9uc2UgPSBzY2hlbWFzW1wiVXNlckV4cG9ydEluaXRSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXNlckV4cG9ydENvbXBsZXRlUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydExpc3RSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRVc2VyRXhwb3J0TGlzdFJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEtleU1hdGVyaWFsID0gc2NoZW1hc1tcIkpzb25LZXlQYWNrYWdlXCJdO1xuXG5leHBvcnQgdHlwZSBFbXB0eSA9IHNjaGVtYXNbXCJFbXB0eUltcGxcIl07XG5cbi8qKiBPcHRpb25zIGZvciBhIG5ldyBPSURDIHVzZXIgKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ3JlYXRlT2lkY1VzZXJPcHRpb25zIHtcbiAgLyoqIFRoZSByb2xlIG9mIGFuIE9JREMgdXNlciwgZGVmYXVsdCBpcyBcIkFsaWVuXCIgKi9cbiAgbWVtYmVyUm9sZT86IE1lbWJlclJvbGU7XG4gIC8qKiBPcHRpb25hbCBNRkEgcG9saWN5IHRvIGFzc29jaWF0ZSB3aXRoIHRoZSB1c2VyIGFjY291bnQgKi9cbiAgbWZhUG9saWN5PzogTWZhUG9saWN5O1xufVxuXG4vKiogQXZhIFAtIG9yIFgtY2hhaW4gdHJhbnNhY3Rpb24gKi9cbmV4cG9ydCB0eXBlIEF2YVR4ID0geyBQOiBBdmFQQ2hhaW5UeCB9IHwgeyBYOiBBdmFYQ2hhaW5UeCB9O1xuXG4vKiogQXZhIFAtY2hhaW4gdHJhbnNhY3Rpb24gKi9cbmV4cG9ydCB0eXBlIEF2YVBDaGFpblR4ID1cbiAgfCB7IEFkZFBlcm1pc3Npb25sZXNzVmFsaWRhdG9yOiBKc29uTWFwIH1cbiAgfCB7IEFkZFN1Ym5ldFZhbGlkYXRvcjogSnNvbk1hcCB9XG4gIHwgeyBBZGRWYWxpZGF0b3I6IEpzb25NYXAgfVxuICB8IHsgQ3JlYXRlQ2hhaW46IEpzb25NYXAgfVxuICB8IHsgQ3JlYXRlU3VibmV0OiBKc29uTWFwIH1cbiAgfCB7IEV4cG9ydDogSnNvbk1hcCB9XG4gIHwgeyBJbXBvcnQ6IEpzb25NYXAgfTtcblxuLyoqIEF2YSBYLWNoYWluIHRyYW5zYWN0aW9uICovXG5leHBvcnQgdHlwZSBBdmFYQ2hhaW5UeCA9IHsgQmFzZTogSnNvbk1hcCB9IHwgeyBFeHBvcnQ6IEpzb25NYXAgfSB8IHsgSW1wb3J0OiBKc29uTWFwIH07XG4iXX0=
2
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2NoZW1hX3R5cGVzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NjaGVtYV90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgTWZhUG9saWN5IH0gZnJvbSBcIi4vcm9sZVwiO1xuaW1wb3J0IHsgY29tcG9uZW50cyB9IGZyb20gXCIuL3NjaGVtYVwiO1xuaW1wb3J0IHsgSnNvbk1hcCB9IGZyb20gXCIuL3V0aWxcIjtcblxudHlwZSBzY2hlbWFzID0gY29tcG9uZW50c1tcInNjaGVtYXNcIl07XG5cbmV4cG9ydCB0eXBlIFVzZXJJbmZvID0gc2NoZW1hc1tcIlVzZXJJbmZvXCJdO1xuZXhwb3J0IHR5cGUgVXNlckluT3JnTWVtYmVyc2hpcCA9IHNjaGVtYXNbXCJVc2VySW5PcmdNZW1iZXJzaGlwXCJdO1xuZXhwb3J0IHR5cGUgQ29uZmlndXJlZE1mYSA9IHNjaGVtYXNbXCJDb25maWd1cmVkTWZhXCJdO1xuZXhwb3J0IHR5cGUgUmF0Y2hldENvbmZpZyA9IHNjaGVtYXNbXCJSYXRjaGV0Q29uZmlnXCJdO1xuZXhwb3J0IHR5cGUgSWRlbnRpdHlQcm9vZiA9IHNjaGVtYXNbXCJJZGVudGl0eVByb29mXCJdO1xuZXhwb3J0IHR5cGUgVG90cEluZm8gPSBzY2hlbWFzW1wiVG90cEluZm9cIl07XG5cbmV4cG9ydCB0eXBlIE9pZGNBdXRoUmVzcG9uc2UgPSBzY2hlbWFzW1wiTmV3U2Vzc2lvblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXBpQWRkRmlkb0NoYWxsZW5nZSA9IHNjaGVtYXNbXCJGaWRvQ3JlYXRlQ2hhbGxlbmdlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBBcGlNZmFGaWRvQ2hhbGxlbmdlID0gc2NoZW1hc1tcIkZpZG9Bc3NlcnRDaGFsbGVuZ2VcIl07XG5cbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9wdGlvbnMgPSBzY2hlbWFzW1wiUHVibGljS2V5Q3JlZGVudGlhbENyZWF0aW9uT3B0aW9uc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxSZXF1ZXN0T3B0aW9ucyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUmVxdWVzdE9wdGlvbnNcIl07XG5leHBvcnQgdHlwZSBQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVycyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVyc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yXCJdO1xuZXhwb3J0IHR5cGUgQXV0aGVudGljYXRvclNlbGVjdGlvbkNyaXRlcmlhID0gc2NoZW1hc1tcIkF1dGhlbnRpY2F0b3JTZWxlY3Rpb25Dcml0ZXJpYVwiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5ID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgUHVibGljS2V5Q3JlZGVudGlhbCA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsXCJdO1xuXG5leHBvcnQgdHlwZSBPcmdJbmZvID0gc2NoZW1hc1tcIk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVc2VySW5PcmdJbmZvID0gc2NoZW1hc1tcIlVzZXJJbk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXF1ZXN0ID0gc2NoZW1hc1tcIlVwZGF0ZU9yZ1JlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXNwb25zZSA9IHNjaGVtYXNbXCJVcGRhdGVPcmdSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIE5vdGlmaWNhdGlvbkVuZHBvaW50Q29uZmlndXJhdGlvbiA9IHNjaGVtYXNbXCJOb3RpZmljYXRpb25FbmRwb2ludENvbmZpZ3VyYXRpb25cIl07XG5leHBvcnQgdHlwZSBPcmdFdmVudHMgPSBzY2hlbWFzW1wiT3JnRXZlbnREaXNjcmltaW5hbnRzXCJdO1xuXG5leHBvcnQgdHlwZSBPaWRjSWRlbnRpdHkgPSBzY2hlbWFzW1wiT0lEQ0lkZW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgTWVtYmVyUm9sZSA9IHNjaGVtYXNbXCJNZW1iZXJSb2xlXCJdO1xuXG5leHBvcnQgdHlwZSBTY2hlbWFLZXlUeXBlID0gc2NoZW1hc1tcIktleVR5cGVcIl07XG5cbmV4cG9ydCB0eXBlIExpc3RLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdEtleXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVwZGF0ZUtleVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlS2V5UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVwZGF0ZUtleVByb3BlcnRpZXMgPSBzY2hlbWFzW1wiVXBkYXRlS2V5UHJvcGVydGllc1wiXTtcbmV4cG9ydCB0eXBlIENyZWF0ZUtleVJlcXVlc3QgPSBzY2hlbWFzW1wiQ3JlYXRlS2V5UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEtleUluZm9BcGkgPSBzY2hlbWFzW1wiS2V5SW5mb1wiXTtcbmV4cG9ydCB0eXBlIEtleUluUm9sZUluZm8gPSBzY2hlbWFzW1wiS2V5SW5Sb2xlSW5mb1wiXTtcbmV4cG9ydCB0eXBlIFVzZXJJblJvbGVJbmZvID0gc2NoZW1hc1tcIlVzZXJJblJvbGVJbmZvXCJdO1xuZXhwb3J0IHR5cGUgS2V5VHlwZUFwaSA9IHNjaGVtYXNbXCJLZXlUeXBlXCJdO1xuXG5leHBvcnQgdHlwZSBMaXN0S2V5Um9sZXNSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRMaXN0S2V5Um9sZXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIExpc3RSb2xlc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZExpc3RSb2xlc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgTGlzdFJvbGVLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVLZXlzUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBMaXN0Um9sZVVzZXJzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVVc2Vyc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXBkYXRlUm9sZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlUm9sZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBLZXlXaXRoUG9saWNpZXNJbmZvID0gc2NoZW1hc1tcIktleUluUm9sZUluZm9cIl07XG5leHBvcnQgdHlwZSBSb2xlSW5mbyA9IHNjaGVtYXNbXCJSb2xlSW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgU2Vzc2lvbkluZm8gPSBzY2hlbWFzW1wiU2Vzc2lvbkluZm9cIl07XG5leHBvcnQgdHlwZSBDbGllbnRTZXNzaW9uSW5mbyA9IHNjaGVtYXNbXCJDbGllbnRTZXNzaW9uSW5mb1wiXTtcbmV4cG9ydCB0eXBlIE5ld1Nlc3Npb25SZXNwb25zZSA9IHNjaGVtYXNbXCJOZXdTZXNzaW9uUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBTZXNzaW9uc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZFNlc3Npb25zUmVzcG9uc2VcIl07XG5cbmV4cG9ydCB0eXBlIENyZWF0ZVNpZ25lclNlc3Npb25SZXF1ZXN0ID0gc2NoZW1hc1tcIkNyZWF0ZVRva2VuUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFJlZnJlc2hTaWduZXJTZXNzaW9uUmVxdWVzdCA9IHNjaGVtYXNbXCJBdXRoRGF0YVwiXTtcblxuZXhwb3J0IHR5cGUgRXZtU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMVNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXZtU2lnblJlc3BvbnNlID0gc2NoZW1hc1tcIkV0aDFTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFaXAxOTFTaWduUmVxdWVzdCA9IHNjaGVtYXNbXCJFaXAxOTFTaWduUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEVpcDcxMlNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkVpcDcxMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRWlwMTkxT3I3MTJTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiRWlwMTkxT3I3MTJTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFdGgyU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJFdGgyU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlN0YWtlUmVxdWVzdCA9IHNjaGVtYXNbXCJTdGFrZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBFdGgyU3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJTdGFrZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXF1ZXN0ID0gc2NoZW1hc1tcIlVuc3Rha2VSZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJVbnN0YWtlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCbG9iU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQmxvYlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgQmxvYlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJCbG9iU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQnRjU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQnRjU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQnRjU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgU29sYW5hU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBTb2xhbmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXZhU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQXZhU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBBdmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQXZhU2lnblJlc3BvbnNlXCJdO1xuXG5leHBvcnQgdHlwZSBBY2NlcHRlZFJlc3BvbnNlID0gc2NoZW1hc1tcIkFjY2VwdGVkUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFcnJvclJlc3BvbnNlID0gc2NoZW1hc1tcIkVycm9yUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduYXR1cmVLaW5kID0gc2NoZW1hc1tcIkJ0Y1NpZ25hdHVyZUtpbmRcIl07XG5leHBvcnQgdHlwZSBDc0VyckNvZGUgPSBzY2hlbWFzW1wiU2lnbmVyRXJyb3JDb2RlXCJdO1xuXG5leHBvcnQgdHlwZSBNZmFUeXBlID0gc2NoZW1hc1tcIk1mYVR5cGVcIl07XG5leHBvcnQgdHlwZSBNZmFWb3RlID0gc2NoZW1hc1tcIk1mYVZvdGVcIl07XG5leHBvcnQgdHlwZSBNZmFSZXF1ZXN0SW5mbyA9IHNjaGVtYXNbXCJNZmFSZXF1ZXN0SW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEluaXRSZXF1ZXN0ID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRJbml0UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRJbml0UmVzcG9uc2UgPSBzY2hlbWFzW1wiVXNlckV4cG9ydEluaXRSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXNlckV4cG9ydENvbXBsZXRlUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydExpc3RSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRVc2VyRXhwb3J0TGlzdFJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEtleU1hdGVyaWFsID0gc2NoZW1hc1tcIkpzb25LZXlQYWNrYWdlXCJdO1xuXG5leHBvcnQgdHlwZSBFbXB0eSA9IHNjaGVtYXNbXCJFbXB0eUltcGxcIl07XG5cbi8qKiBPcHRpb25zIGZvciBhIG5ldyBPSURDIHVzZXIgKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ3JlYXRlT2lkY1VzZXJPcHRpb25zIHtcbiAgLyoqIFRoZSByb2xlIG9mIGFuIE9JREMgdXNlciwgZGVmYXVsdCBpcyBcIkFsaWVuXCIgKi9cbiAgbWVtYmVyUm9sZT86IE1lbWJlclJvbGU7XG4gIC8qKiBPcHRpb25hbCBNRkEgcG9saWN5IHRvIGFzc29jaWF0ZSB3aXRoIHRoZSB1c2VyIGFjY291bnQgKi9cbiAgbWZhUG9saWN5PzogTWZhUG9saWN5O1xufVxuXG4vKiogQXZhIFAtIG9yIFgtY2hhaW4gdHJhbnNhY3Rpb24gKi9cbmV4cG9ydCB0eXBlIEF2YVR4ID0geyBQOiBBdmFQQ2hhaW5UeCB9IHwgeyBYOiBBdmFYQ2hhaW5UeCB9O1xuXG4vKiogQXZhIFAtY2hhaW4gdHJhbnNhY3Rpb24gKi9cbmV4cG9ydCB0eXBlIEF2YVBDaGFpblR4ID1cbiAgfCB7IEFkZFBlcm1pc3Npb25sZXNzVmFsaWRhdG9yOiBKc29uTWFwIH1cbiAgfCB7IEFkZFN1Ym5ldFZhbGlkYXRvcjogSnNvbk1hcCB9XG4gIHwgeyBBZGRWYWxpZGF0b3I6IEpzb25NYXAgfVxuICB8IHsgQ3JlYXRlQ2hhaW46IEpzb25NYXAgfVxuICB8IHsgQ3JlYXRlU3VibmV0OiBKc29uTWFwIH1cbiAgfCB7IEV4cG9ydDogSnNvbk1hcCB9XG4gIHwgeyBJbXBvcnQ6IEpzb25NYXAgfTtcblxuLyoqIEF2YSBYLWNoYWluIHRyYW5zYWN0aW9uICovXG5leHBvcnQgdHlwZSBBdmFYQ2hhaW5UeCA9IHsgQmFzZTogSnNvbk1hcCB9IHwgeyBFeHBvcnQ6IEpzb25NYXAgfSB8IHsgSW1wb3J0OiBKc29uTWFwIH07XG4iXX0=
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cubist-labs/cubesigner-sdk",
3
- "version": "0.3.19",
3
+ "version": "0.3.23",
4
4
  "description": "CubeSigner TypeScript SDK",
5
5
  "license": "MIT OR Apache-2.0",
6
6
  "author": "Cubist, Inc.",
package/src/api.ts CHANGED
@@ -74,7 +74,7 @@ import { KeyPolicy } from "./role";
74
74
  import { EnvInterface } from "./env";
75
75
  import { loadSubtleCrypto } from "./user_export";
76
76
  import { EventEmitter } from "./events";
77
- import { NAME, VERSION } from "./index";
77
+ import { NAME, UpdateKeyProperties, VERSION } from "./index";
78
78
 
79
79
  /** @internal */
80
80
  export type Client = ReturnType<typeof createClient<paths>>;
@@ -712,9 +712,15 @@ export class CubeSignerApi {
712
712
  * @param {KeyType} keyType The type of key to create.
713
713
  * @param {number} count The number of keys to create.
714
714
  * @param {string?} ownerId The owner of the keys. Defaults to the session's user.
715
+ * @param {UpdateKeyProperties?} props Additional key properties
715
716
  * @return {KeyInfoApi[]} The new keys.
716
717
  */
717
- async keysCreate(keyType: KeyType, count: number, ownerId?: string): Promise<KeyInfoApi[]> {
718
+ async keysCreate(
719
+ keyType: KeyType,
720
+ count: number,
721
+ ownerId?: string,
722
+ props?: UpdateKeyProperties,
723
+ ): Promise<KeyInfoApi[]> {
718
724
  const chain_id = 0; // not used anymore
719
725
  const client = await this.client("createKey");
720
726
  const data = await client.post("/v0/org/{org_id}/keys", {
@@ -723,7 +729,8 @@ export class CubeSignerApi {
723
729
  count,
724
730
  chain_id,
725
731
  key_type: keyType,
726
- owner: ownerId || null,
732
+ ...props,
733
+ owner: props?.owner ?? ownerId,
727
734
  },
728
735
  });
729
736
  return data.keys;
package/src/client.ts CHANGED
@@ -1,7 +1,13 @@
1
1
  import { SignerSessionManager, SignerSessionStorage } from "./session/signer_session_manager";
2
2
  import { CubeSignerApi, OidcClient } from "./api";
3
3
  import { KeyType, Key } from "./key";
4
- import { MfaRequestInfo, OrgInfo, PublicKeyCredential, RatchetConfig } from "./schema_types";
4
+ import {
5
+ MfaRequestInfo,
6
+ OrgInfo,
7
+ PublicKeyCredential,
8
+ RatchetConfig,
9
+ UpdateKeyProperties,
10
+ } from "./schema_types";
5
11
  import { MfaReceipt } from "./mfa";
6
12
  import { PageOpts } from "./paginator";
7
13
  import { Role } from "./role";
@@ -68,10 +74,12 @@ export class CubeSignerClient extends CubeSignerApi {
68
74
  * Create a new signing key.
69
75
  * @param {KeyType} type The type of key to create.
70
76
  * @param {string?} ownerId The owner of the key. Defaults to the session's user.
77
+ * @param {UpdateKeyProperties?} props Additional key properties
71
78
  * @return {Key[]} The new keys.
72
79
  */
73
- async createKey(type: KeyType, ownerId?: string): Promise<Key> {
74
- return (await this.createKeys(type, 1, ownerId))[0];
80
+ async createKey(type: KeyType, ownerId?: string, props?: UpdateKeyProperties): Promise<Key> {
81
+ const keys = await this.keysCreate(type, 1, ownerId, props);
82
+ return new Key(this, keys[0]);
75
83
  }
76
84
 
77
85
  /**
package/src/env.ts CHANGED
@@ -16,6 +16,7 @@ export interface EnvInterface {
16
16
  Region: string;
17
17
  UserPoolId: string;
18
18
  SignerApiRoot: string;
19
+ OrgEventsTopicArn: string;
19
20
  }
20
21
 
21
22
  export const envs: Record<Environment, EnvInterface> = {
package/src/error.ts CHANGED
@@ -20,7 +20,12 @@ const mfaErrorCodes: CsErrCode[] = [
20
20
  /**
21
21
  * Opcodes corresponding to all different MFA approve/reject requests
22
22
  */
23
- const mfaOpCodes: (keyof operations)[] = ["mfaVoteCs", "mfaVoteTotp", "mfaVoteFidoComplete"];
23
+ const mfaOpCodes: (keyof operations)[] = [
24
+ "mfaVoteCs",
25
+ "userResetTotpComplete",
26
+ "mfaVoteTotp",
27
+ "mfaVoteFidoComplete",
28
+ ];
24
29
 
25
30
  /**
26
31
  * Error response type, thrown on non-successful responses.
package/src/index.ts CHANGED
@@ -298,6 +298,8 @@ export * from "./role";
298
298
  export * from "./env";
299
299
  /** Fido */
300
300
  export * from "./mfa";
301
+ /** Utils for processing org events */
302
+ export * from "./org_event_processor";
301
303
  /** Pagination */
302
304
  export * from "./paginator";
303
305
  /** Response */
package/src/org.ts CHANGED
@@ -132,7 +132,7 @@ export class Org extends CubeSignerClient {
132
132
  */
133
133
  async setNotificationEndpoints(notification_endpoints: NotificationEndpointConfiguration[]) {
134
134
  await this.orgUpdate({
135
- notification_endpoints: notification_endpoints as unknown as Record<string, never>[],
135
+ notification_endpoints,
136
136
  });
137
137
  }
138
138
 
package/src/org_event_processor.ts ADDED
@@ -0,0 +1,173 @@
1
+ import { X509Certificate, createVerify } from "crypto";
2
+ import { Environment, envs } from ".";
3
+
4
+ // URLs that are safe to retrieve certificates from
5
+ const SNS_CERTIFICATE_URL_HOSTS = ["sns.us-east-1.amazonaws.com"];
6
+
7
+ const SNS_CERTIFICATE_HOST = "sns.amazonaws.com";
8
+
9
+ /** The common fields of SNS messages */
10
+ export interface SnsMessage {
11
+ Type: string;
12
+ MessageId: string;
13
+ TopicArn: string;
14
+ Message: string;
15
+ Timestamp: string;
16
+ SignatureVersion: string;
17
+ Signature: string;
18
+ SigningCertURL: string;
19
+ }
20
+
21
+ /** The format of a subscription confirmation sent by SNS */
22
+ export interface SubscriptionConfirmationMessage extends SnsMessage {
23
+ Token: string;
24
+ SubscribeURL: string;
25
+ }
26
+
27
+ /** Common fields for an org event */
28
+ export interface OrgEventBase {
29
+ org: string;
30
+ utc_timestamp: number;
31
+ org_event: string;
32
+ }
33
+
34
+ /** The format of an event message sent by SNS */
35
+ export interface OrgEventMessage extends SnsMessage {
36
+ Subject?: string;
37
+ UnsubscribeURL: string;
38
+ }
39
+
40
+ /** Options for the processor */
41
+ export interface OrgEventProcessorOptions {
42
+ env: Environment;
43
+ }
44
+
45
+ /** A utility for processing org event messages */
46
+ export class OrgEventProcessor {
47
+ readonly #topicArn: string;
48
+ readonly #orgId: string;
49
+ #cachedCertificates: Map<URL, X509Certificate>;
50
+
51
+ /**
52
+ * Constructor.
53
+ * @param {string} orgId The org id
54
+ * @param {OrgEventProcessorOptions} options Additional options for the processor
55
+ */
56
+ constructor(orgId: string, options?: OrgEventProcessorOptions) {
57
+ this.#topicArn = envs[options?.env ?? "prod"].OrgEventsTopicArn;
58
+ this.#orgId = orgId;
59
+ this.#cachedCertificates = new Map();
60
+ }
61
+
62
+ /**
63
+ * Checks an SNS message and its signature. Throws an error if the message
64
+ * invalid or the signature is invalid.
65
+ *
66
+ * @param {SnsMessage} message The SNS message to check
67
+ */
68
+ async checkMessage(message: SnsMessage) {
69
+ // Check the topic ARN
70
+ if (message.TopicArn !== this.#topicArn) {
71
+ throw new Error(`Expected topic ARN '${this.#topicArn}', found '${message.TopicArn}'`);
72
+ }
73
+
74
+ // Both subscription confirmations and org event messages should have no subject
75
+ if ("Subject" in message) {
76
+ throw new Error("Expected a message without a subject");
77
+ }
78
+
79
+ // The org events topic uses signature version 2 (SHA256)
80
+ if (message.SignatureVersion !== "2") {
81
+ throw new Error("Expected signature version 2");
82
+ }
83
+
84
+ // Retrieve the certificate and sanity check it
85
+ const certificate = await this.#fetchAndValidateCertificate(new URL(message.SigningCertURL));
86
+
87
+ // Extract fields specific to subscription confirmations
88
+ const subscribeUrl = (message as SubscriptionConfirmationMessage).SubscribeURL;
89
+ const token = (message as SubscriptionConfirmationMessage).Token;
90
+
91
+ // Check the signature
92
+ const fields = ["Message", message.Message, "MessageId", message.MessageId]
93
+ .concat(subscribeUrl !== undefined ? ["SubscribeURL", subscribeUrl] : [])
94
+ .concat(["Timestamp", message.Timestamp])
95
+ .concat(token !== undefined ? ["Token", token] : [])
96
+ .concat(["TopicArn", message.TopicArn, "Type", message.Type]);
97
+ const verify = createVerify("RSA-SHA256");
98
+ verify.update(fields.join("\n") + "\n");
99
+ const isValid = verify.verify(certificate.publicKey, message.Signature, "base64");
100
+ if (!isValid) {
101
+ throw new Error("The org event has an invalid signature");
102
+ }
103
+ }
104
+
105
+ /**
106
+ * Parse an org event and check its signature. Throws an error if the
107
+ * message is not a valid org event or the signature is invalid.
108
+ *
109
+ * @param {OrgEventMessage} message The org event message to check
110
+ * @return {OrgEventBase} The org event
111
+ */
112
+ async parse(message: OrgEventMessage): Promise<OrgEventBase> {
113
+ await this.checkMessage(message);
114
+
115
+ // Check that the event is for the expected org
116
+ const orgEvent: OrgEventBase = JSON.parse(message.Message);
117
+ if (orgEvent.org !== this.#orgId) {
118
+ throw new Error(`Expected org to be '${this.#orgId}', found '${orgEvent.org}'`);
119
+ }
120
+
121
+ return orgEvent;
122
+ }
123
+
124
+ /**
125
+ * Fetches a certificate from a given URL or from the certificate cache.
126
+ * Throws an error if the URL does not correspond to an SNS certificate URL.
127
+ *
128
+ * Note: Ideally, this method would verify the certificate chain, but there
129
+ * is no obvious chain. Instead, this method only fetches certificates from
130
+ * a small set of allowlisted URLs.
131
+ *
132
+ * @param {URL} url The URL of the certificate
133
+ * @return {X509Certificate} The certificate
134
+ */
135
+ async #fetchAndValidateCertificate(url: URL): Promise<X509Certificate> {
136
+ const currTime = new Date().getTime();
137
+ const cachedCertificate = this.#cachedCertificates.get(url);
138
+ if (cachedCertificate && currTime < new Date(cachedCertificate.validTo).getTime()) {
139
+ return cachedCertificate;
140
+ }
141
+
142
+ // Only fetch certificates from HTTPS URLs
143
+ if (url.protocol !== "https:") {
144
+ throw new Error("Expected signing certificate URL to use HTTPS");
145
+ }
146
+
147
+ // Only fetch certificate URLs for SNS
148
+ if (SNS_CERTIFICATE_URL_HOSTS.indexOf(url.host) === -1) {
149
+ throw new Error("Expected signing certificate URL for SNS in us-east-1");
150
+ }
151
+
152
+ const response = await fetch(url);
153
+ if (!response.ok) {
154
+ throw new Error(`Unable to download certificate. Status: ${response.status}`);
155
+ }
156
+ const blob = await response.blob();
157
+ const certificate = new X509Certificate(await blob.text());
158
+ if (!certificate.checkHost(SNS_CERTIFICATE_HOST)) {
159
+ throw new Error(`Expected certificate to be for '${SNS_CERTIFICATE_HOST}'`);
160
+ }
161
+
162
+ // Check validity times
163
+ if (currTime < new Date(certificate.validFrom).getTime()) {
164
+ throw new Error("Certificate not valid yet");
165
+ }
166
+ if (new Date(certificate.validTo).getTime() < currTime) {
167
+ throw new Error("Certificate expired");
168
+ }
169
+
170
+ this.#cachedCertificates.set(url, certificate);
171
+ return certificate;
172
+ }
173
+ }
package/src/schema.ts CHANGED
@@ -1095,8 +1095,10 @@ export interface components {
1095
1095
  | "InvalidEip191SignRequest"
1096
1096
  | "CannotResendUserInvitation"
1097
1097
  | "InvalidNotificationEndpointCount"
1098
+ | "CannotDeletePendingSubscription"
1098
1099
  | "InvalidNotificationUrlProtocol"
1099
- | "EmptyOneOfOrgEventFilter";
1100
+ | "EmptyOneOfOrgEventFilter"
1101
+ | "EmptyAllExceptOrgEventFilter";
1100
1102
  /**
1101
1103
  * @example {
1102
1104
  * "message_base64": "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTYK"
@@ -1215,7 +1217,7 @@ export interface components {
1215
1217
  */
1216
1218
  enclave_signature: string;
1217
1219
  };
1218
- CreateKeyRequest: {
1220
+ CreateKeyRequest: components["schemas"]["UpdateKeyProperties"] & {
1219
1221
  /**
1220
1222
  * Format: int64
1221
1223
  * @description Chain id for which the key is allowed to sign messages
@@ -1229,11 +1231,6 @@ export interface components {
1229
1231
  */
1230
1232
  count: number;
1231
1233
  key_type: components["schemas"]["KeyType"];
1232
- /**
1233
- * @description Allows users to specify a user other than themselves to receive the key
1234
- * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1235
- */
1236
- owner?: string | null;
1237
1234
  };
1238
1235
  CreateKeyResponse: {
1239
1236
  /** @description The info about the created keys */
@@ -1644,6 +1641,7 @@ export interface components {
1644
1641
  | "UserNotInRole"
1645
1642
  | "MustBeFullMember"
1646
1643
  | "SessionExpired"
1644
+ | "SessionChanged"
1647
1645
  | "SessionRevoked"
1648
1646
  | "ExpectedUserSession"
1649
1647
  | "SessionRoleChanged"
@@ -1899,6 +1897,9 @@ export interface components {
1899
1897
  | "CognitoGetUser"
1900
1898
  | "SnsSubscribeError"
1901
1899
  | "SnsUnsubscribeError"
1900
+ | "SnsGetSubscriptionAttributesError"
1901
+ | "SnsSubscriptionAttributesMissing"
1902
+ | "SnsSetSubscriptionAttributesError"
1902
1903
  | "SnsPublishBatchError";
1903
1904
  InviteRequest: {
1904
1905
  /**
@@ -2215,12 +2216,22 @@ export interface components {
2215
2216
  | "TotpChallengeNotFound"
2216
2217
  | "UserExportRequestNotFound"
2217
2218
  | "UserExportCiphertextNotFound";
2219
+ /** @description The configuration and status of a notification endpoint */
2220
+ NotificationEndpoint: components["schemas"]["NotificationEndpointSubscription"] & {
2221
+ status: components["schemas"]["SubscriptionStatus"];
2222
+ };
2218
2223
  /** @description The configuration for an org event endpoint */
2219
2224
  NotificationEndpointConfiguration: {
2220
2225
  filter?: components["schemas"]["OrgEventFilter"];
2221
2226
  /** @description URL of the endpoint */
2222
2227
  url: string;
2223
2228
  };
2229
+ /** @description A notification endpoint subscription */
2230
+ NotificationEndpointSubscription: {
2231
+ /** @description The ARN of the subscription */
2232
+ arn: string;
2233
+ config: components["schemas"]["NotificationEndpointConfiguration"];
2234
+ };
2224
2235
  /**
2225
2236
  * @description Represents a globally unique OIDC-authorized user by expressing the full "path" to a user. That is:
2226
2237
  *
@@ -2266,6 +2277,7 @@ export interface components {
2266
2277
  * @enum {string}
2267
2278
  */
2268
2279
  OrgEventDiscriminants:
2280
+ | "Billing"
2269
2281
  | "OidcAuth"
2270
2282
  | "Eth2ConcurrentAttestationSigning"
2271
2283
  | "Eth2ConcurrentBlockSigning"
@@ -2279,6 +2291,10 @@ export interface components {
2279
2291
  OrgEventFilter: OneOf<
2280
2292
  [
2281
2293
  "All",
2294
+ {
2295
+ /** @description Accepts all org events other than the ones listed */
2296
+ AllExcept: components["schemas"]["OrgEventDiscriminants"][];
2297
+ },
2282
2298
  {
2283
2299
  /** @description Only accepts org events that are one of the listed events */
2284
2300
  OneOf: components["schemas"]["OrgEventDiscriminants"][];
@@ -2317,11 +2333,28 @@ export interface components {
2317
2333
  * request with a JSON-formatted body that contains the event details.
2318
2334
  * @example [
2319
2335
  * {
2320
- * "url": "https://example.com/endpoint"
2336
+ * "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000001",
2337
+ * "config": {
2338
+ * "url": "https://example.com/endpoint1"
2339
+ * },
2340
+ * "status": "Confirmed"
2341
+ * },
2342
+ * {
2343
+ * "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000002",
2344
+ * "config": {
2345
+ * "filter": {
2346
+ * "OneOf": [
2347
+ * "Eth2ConcurrentAttestationSigning",
2348
+ * "Eth2ConcurrentBlockSigning"
2349
+ * ]
2350
+ * },
2351
+ * "url": "https://example.com/endpoint2"
2352
+ * },
2353
+ * "status": "Pending"
2321
2354
  * }
2322
2355
  * ]
2323
2356
  */
2324
- notification_endpoints?: Record<string, never>[];
2357
+ notification_endpoints?: components["schemas"]["NotificationEndpoint"][];
2325
2358
  /**
2326
2359
  * @description The ID of the organization
2327
2360
  * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
@@ -3026,6 +3059,11 @@ export interface components {
3026
3059
  */
3027
3060
  num_auth_factors: number;
3028
3061
  };
3062
+ /**
3063
+ * @description The status of a subscription
3064
+ * @enum {string}
3065
+ */
3066
+ SubscriptionStatus: "Confirmed" | "Pending";
3029
3067
  TokenInfo: {
3030
3068
  /** @description Session ID. Use it to revoke a session. Cannot be used for auth. */
3031
3069
  hash: string;
@@ -3143,19 +3181,14 @@ export interface components {
3143
3181
  */
3144
3182
  signature: string;
3145
3183
  };
3146
- UpdateKeyRequest: {
3147
- /**
3148
- * @description If set, updates the keys's `enabled` property to this value.
3149
- * Once disabled, a key cannot be used for signing.
3150
- */
3151
- enabled?: boolean | null;
3184
+ UpdateKeyProperties: {
3152
3185
  /**
3153
3186
  * @description If set, update this key's metadata. Validation regex: ^[A-Za-z0-9_=+/ \-\.\,]{0,1024}$
3154
3187
  * @example Contract admin key
3155
3188
  */
3156
3189
  metadata?: string | null;
3157
3190
  /**
3158
- * @description If set, updates key's owner to this value.
3191
+ * @description Allows users to specify a user other than themselves to receive the key
3159
3192
  * The new owner must be an existing user who is a member of the same org.
3160
3193
  * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
3161
3194
  */
@@ -3173,6 +3206,13 @@ export interface components {
3173
3206
  */
3174
3207
  policy?: Record<string, never>[] | null;
3175
3208
  };
3209
+ UpdateKeyRequest: components["schemas"]["UpdateKeyProperties"] & {
3210
+ /**
3211
+ * @description If set, updates the keys's `enabled` property to this value.
3212
+ * Once disabled, a key cannot be used for signing.
3213
+ */
3214
+ enabled?: boolean | null;
3215
+ };
3176
3216
  UpdateOrgRequest: {
3177
3217
  /** @description If set, update this org's `enabled` field to this value. */
3178
3218
  enabled?: boolean | null;
@@ -3218,7 +3258,7 @@ export interface components {
3218
3258
  * }
3219
3259
  * ]
3220
3260
  */
3221
- notification_endpoints?: Record<string, never>[] | null;
3261
+ notification_endpoints?: components["schemas"]["NotificationEndpointConfiguration"][] | null;
3222
3262
  /**
3223
3263
  * @description If set, update this org's policies (old policies will be overwritten!).
3224
3264
  * @example [
@@ -3279,7 +3319,7 @@ export interface components {
3279
3319
  * }
3280
3320
  * ]
3281
3321
  */
3282
- notification_endpoints?: Record<string, never>[];
3322
+ notification_endpoints?: components["schemas"]["NotificationEndpointConfiguration"][] | null;
3283
3323
  /**
3284
3324
  * @description The ID of the organization
3285
3325
  * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
@@ -3442,6 +3482,18 @@ export interface components {
3442
3482
  /** @description Optional user name. */
3443
3483
  name?: string | null;
3444
3484
  };
3485
+ /**
3486
+ * @description Information about a user's membership in an organization
3487
+ * (without including any info about the user)
3488
+ */
3489
+ UserInOrgMembership: {
3490
+ membership: components["schemas"]["MemberRole"];
3491
+ /**
3492
+ * @description Organization id
3493
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3494
+ */
3495
+ org_id: string;
3496
+ };
3445
3497
  UserInRoleInfo: {
3446
3498
  user_id: string;
3447
3499
  };
@@ -3461,12 +3513,15 @@ export interface components {
3461
3513
  */
3462
3514
  name?: string | null;
3463
3515
  /**
3464
- * @description All organizations the user belongs to
3516
+ * @deprecated
3517
+ * @description All organizations the user belongs to. Deprecated in favor of 'orgs'.
3465
3518
  * @example [
3466
3519
  * "Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a"
3467
3520
  * ]
3468
3521
  */
3469
3522
  org_ids: string[];
3523
+ /** @description All organizations the user belongs to, including the membership role in each. */
3524
+ orgs: components["schemas"]["UserInOrgMembership"][];
3470
3525
  /**
3471
3526
  * @description The id of the currently logged in user
3472
3527
  * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
@@ -3856,11 +3911,28 @@ export interface components {
3856
3911
  * request with a JSON-formatted body that contains the event details.
3857
3912
  * @example [
3858
3913
  * {
3859
- * "url": "https://example.com/endpoint"
3914
+ * "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000001",
3915
+ * "config": {
3916
+ * "url": "https://example.com/endpoint1"
3917
+ * },
3918
+ * "status": "Confirmed"
3919
+ * },
3920
+ * {
3921
+ * "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000002",
3922
+ * "config": {
3923
+ * "filter": {
3924
+ * "OneOf": [
3925
+ * "Eth2ConcurrentAttestationSigning",
3926
+ * "Eth2ConcurrentBlockSigning"
3927
+ * ]
3928
+ * },
3929
+ * "url": "https://example.com/endpoint2"
3930
+ * },
3931
+ * "status": "Pending"
3860
3932
  * }
3861
3933
  * ]
3862
3934
  */
3863
- notification_endpoints?: Record<string, never>[];
3935
+ notification_endpoints?: components["schemas"]["NotificationEndpoint"][];
3864
3936
  /**
3865
3937
  * @description The ID of the organization
3866
3938
  * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
@@ -4188,7 +4260,9 @@ export interface components {
4188
4260
  * }
4189
4261
  * ]
4190
4262
  */
4191
- notification_endpoints?: Record<string, never>[];
4263
+ notification_endpoints?:
4264
+ | components["schemas"]["NotificationEndpointConfiguration"][]
4265
+ | null;
4192
4266
  /**
4193
4267
  * @description The ID of the organization
4194
4268
  * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
@@ -4276,12 +4350,15 @@ export interface components {
4276
4350
  */
4277
4351
  name?: string | null;
4278
4352
  /**
4279
- * @description All organizations the user belongs to
4353
+ * @deprecated
4354
+ * @description All organizations the user belongs to. Deprecated in favor of 'orgs'.
4280
4355
  * @example [
4281
4356
  * "Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a"
4282
4357
  * ]
4283
4358
  */
4284
4359
  org_ids: string[];
4360
+ /** @description All organizations the user belongs to, including the membership role in each. */
4361
+ orgs: components["schemas"]["UserInOrgMembership"][];
4285
4362
  /**
4286
4363
  * @description The id of the currently logged in user
4287
4364
  * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
package/src/schema_types.ts CHANGED
@@ -5,6 +5,7 @@ import { JsonMap } from "./util";
5
5
  type schemas = components["schemas"];
6
6
 
7
7
  export type UserInfo = schemas["UserInfo"];
8
+ export type UserInOrgMembership = schemas["UserInOrgMembership"];
8
9
  export type ConfiguredMfa = schemas["ConfiguredMfa"];
9
10
  export type RatchetConfig = schemas["RatchetConfig"];
10
11
  export type IdentityProof = schemas["IdentityProof"];
@@ -36,6 +37,8 @@ export type SchemaKeyType = schemas["KeyType"];
36
37
 
37
38
  export type ListKeysResponse = schemas["PaginatedListKeysResponse"];
38
39
  export type UpdateKeyRequest = schemas["UpdateKeyRequest"];
40
+ export type UpdateKeyProperties = schemas["UpdateKeyProperties"];
41
+ export type CreateKeyRequest = schemas["CreateKeyRequest"];
39
42
  export type KeyInfoApi = schemas["KeyInfo"];
40
43
  export type KeyInRoleInfo = schemas["KeyInRoleInfo"];
41
44
  export type UserInRoleInfo = schemas["UserInRoleInfo"];