@de-otio/trellis 0.6.1 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/env.d.ts +21 -0
- package/dist/env.d.ts.map +1 -1
- package/dist/env.js +12 -0
- package/dist/env.js.map +1 -1
- package/dist/lambda/nightly-cron.d.ts.map +1 -1
- package/dist/lambda/nightly-cron.js +5 -2
- package/dist/lambda/nightly-cron.js.map +1 -1
- package/dist/lambda/post-confirmation.d.ts +30 -0
- package/dist/lambda/post-confirmation.d.ts.map +1 -1
- package/dist/lambda/post-confirmation.js +333 -29
- package/dist/lambda/post-confirmation.js.map +1 -1
- package/dist/lambda/pre-token-generation.d.ts +20 -0
- package/dist/lambda/pre-token-generation.d.ts.map +1 -1
- package/dist/lambda/pre-token-generation.js +233 -48
- package/dist/lambda/pre-token-generation.js.map +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
- package/dist/lib/activitypub/activity-processor.js +2 -1
- package/dist/lib/activitypub/activity-processor.js.map +1 -1
- package/dist/lib/activitypub/group-service.d.ts +2 -2
- package/dist/lib/activitypub/group-service.d.ts.map +1 -1
- package/dist/lib/activitypub/group-service.js +5 -2
- package/dist/lib/activitypub/group-service.js.map +1 -1
- package/dist/lib/age-tier-transition.d.ts.map +1 -1
- package/dist/lib/age-tier-transition.js +19 -10
- package/dist/lib/age-tier-transition.js.map +1 -1
- package/dist/lib/audit/csv-export.d.ts +25 -0
- package/dist/lib/audit/csv-export.d.ts.map +1 -0
- package/dist/lib/audit/csv-export.js +54 -0
- package/dist/lib/audit/csv-export.js.map +1 -0
- package/dist/lib/audit/emit.d.ts +56 -0
- package/dist/lib/audit/emit.d.ts.map +1 -0
- package/dist/lib/audit/emit.js +124 -0
- package/dist/lib/audit/emit.js.map +1 -0
- package/dist/lib/audit/event-types.d.ts +36 -0
- package/dist/lib/audit/event-types.d.ts.map +1 -0
- package/dist/lib/audit/event-types.js +69 -0
- package/dist/lib/audit/event-types.js.map +1 -0
- package/dist/lib/audit/pii-filter.d.ts +22 -0
- package/dist/lib/audit/pii-filter.d.ts.map +1 -0
- package/dist/lib/audit/pii-filter.js +51 -0
- package/dist/lib/audit/pii-filter.js.map +1 -0
- package/dist/lib/audit-logger.js +1 -1
- package/dist/lib/audit-logger.js.map +1 -1
- package/dist/lib/auth/auth-context.d.ts +34 -0
- package/dist/lib/auth/auth-context.d.ts.map +1 -0
- package/dist/lib/auth/auth-context.js +10 -0
- package/dist/lib/auth/auth-context.js.map +1 -0
- package/dist/lib/auth/auth-middleware.d.ts +50 -0
- package/dist/lib/auth/auth-middleware.d.ts.map +1 -0
- package/dist/lib/auth/auth-middleware.js +153 -0
- package/dist/lib/auth/auth-middleware.js.map +1 -0
- package/dist/lib/auth/capabilities.d.ts +40 -0
- package/dist/lib/auth/capabilities.d.ts.map +1 -0
- package/dist/lib/auth/capabilities.js +44 -0
- package/dist/lib/auth/capabilities.js.map +1 -0
- package/dist/lib/auth/claims-cache.d.ts +70 -0
- package/dist/lib/auth/claims-cache.d.ts.map +1 -0
- package/dist/lib/auth/claims-cache.js +139 -0
- package/dist/lib/auth/claims-cache.js.map +1 -0
- package/dist/lib/auth/cognito-jwt.d.ts +6 -0
- package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
- package/dist/lib/auth/cognito-jwt.js.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts +43 -0
- package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -0
- package/dist/lib/auth/idp-redirect-builder.js +48 -0
- package/dist/lib/auth/idp-redirect-builder.js.map +1 -0
- package/dist/lib/auth/require.d.ts +51 -0
- package/dist/lib/auth/require.d.ts.map +1 -0
- package/dist/lib/auth/require.js +99 -0
- package/dist/lib/auth/require.js.map +1 -0
- package/dist/lib/auth/role-grants.d.ts +18 -0
- package/dist/lib/auth/role-grants.d.ts.map +1 -0
- package/dist/lib/auth/role-grants.js +62 -0
- package/dist/lib/auth/role-grants.js.map +1 -0
- package/dist/lib/cognito/idp-sdk.d.ts +80 -0
- package/dist/lib/cognito/idp-sdk.d.ts.map +1 -0
- package/dist/lib/cognito/idp-sdk.js +186 -0
- package/dist/lib/cognito/idp-sdk.js.map +1 -0
- package/dist/lib/cognito/issuer-probe.d.ts +47 -0
- package/dist/lib/cognito/issuer-probe.d.ts.map +1 -0
- package/dist/lib/cognito/issuer-probe.js +319 -0
- package/dist/lib/cognito/issuer-probe.js.map +1 -0
- package/dist/lib/comment-handler.d.ts +7 -7
- package/dist/lib/comment-handler.d.ts.map +1 -1
- package/dist/lib/comment-handler.js +23 -20
- package/dist/lib/comment-handler.js.map +1 -1
- package/dist/lib/compliance/baseline.d.ts +15 -0
- package/dist/lib/compliance/baseline.d.ts.map +1 -0
- package/dist/lib/compliance/baseline.js +205 -0
- package/dist/lib/compliance/baseline.js.map +1 -0
- package/dist/lib/compliance/tenant-merge.d.ts +35 -0
- package/dist/lib/compliance/tenant-merge.d.ts.map +1 -0
- package/dist/lib/compliance/tenant-merge.js +80 -0
- package/dist/lib/compliance/tenant-merge.js.map +1 -0
- package/dist/lib/compliance/types.d.ts +135 -0
- package/dist/lib/compliance/types.d.ts.map +1 -0
- package/dist/lib/compliance/types.js +9 -0
- package/dist/lib/compliance/types.js.map +1 -0
- package/dist/lib/connection-code-handler.d.ts +4 -4
- package/dist/lib/connection-code-handler.d.ts.map +1 -1
- package/dist/lib/connection-code-handler.js +21 -11
- package/dist/lib/connection-code-handler.js.map +1 -1
- package/dist/lib/feed-handler.d.ts +2 -2
- package/dist/lib/feed-handler.d.ts.map +1 -1
- package/dist/lib/feed-handler.js +5 -9
- package/dist/lib/feed-handler.js.map +1 -1
- package/dist/lib/middleware/idempotency-store.d.ts +86 -0
- package/dist/lib/middleware/idempotency-store.d.ts.map +1 -0
- package/dist/lib/middleware/idempotency-store.js +109 -0
- package/dist/lib/middleware/idempotency-store.js.map +1 -0
- package/dist/lib/middleware/idempotency.d.ts +37 -0
- package/dist/lib/middleware/idempotency.d.ts.map +1 -0
- package/dist/lib/middleware/idempotency.js +358 -0
- package/dist/lib/middleware/idempotency.js.map +1 -0
- package/dist/lib/net/trusted-client-ip.d.ts +39 -0
- package/dist/lib/net/trusted-client-ip.d.ts.map +1 -0
- package/dist/lib/net/trusted-client-ip.js +100 -0
- package/dist/lib/net/trusted-client-ip.js.map +1 -0
- package/dist/lib/notification-handler.d.ts +5 -5
- package/dist/lib/notification-handler.d.ts.map +1 -1
- package/dist/lib/notification-handler.js +11 -9
- package/dist/lib/notification-handler.js.map +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts +34 -0
- package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -0
- package/dist/lib/oauth/cognito-issuer.js +53 -0
- package/dist/lib/oauth/cognito-issuer.js.map +1 -0
- package/dist/lib/oauth/device-authorization.d.ts +145 -0
- package/dist/lib/oauth/device-authorization.d.ts.map +1 -0
- package/dist/lib/oauth/device-authorization.js +312 -0
- package/dist/lib/oauth/device-authorization.js.map +1 -0
- package/dist/lib/oauth/envelope-crypto.d.ts +101 -0
- package/dist/lib/oauth/envelope-crypto.d.ts.map +1 -0
- package/dist/lib/oauth/envelope-crypto.js +223 -0
- package/dist/lib/oauth/envelope-crypto.js.map +1 -0
- package/dist/lib/oauth/refresh-detection.d.ts +126 -0
- package/dist/lib/oauth/refresh-detection.d.ts.map +1 -0
- package/dist/lib/oauth/refresh-detection.js +248 -0
- package/dist/lib/oauth/refresh-detection.js.map +1 -0
- package/dist/lib/openapi/generator.d.ts +78 -0
- package/dist/lib/openapi/generator.d.ts.map +1 -0
- package/dist/lib/openapi/generator.js +201 -0
- package/dist/lib/openapi/generator.js.map +1 -0
- package/dist/lib/post-handler.d.ts +1 -1
- package/dist/lib/post-handler.d.ts.map +1 -1
- package/dist/lib/post-handler.js +4 -15
- package/dist/lib/post-handler.js.map +1 -1
- package/dist/lib/rate-limit.d.ts.map +1 -1
- package/dist/lib/rate-limit.js +11 -3
- package/dist/lib/rate-limit.js.map +1 -1
- package/dist/lib/routes/agent-authorize.d.ts +32 -0
- package/dist/lib/routes/agent-authorize.d.ts.map +1 -0
- package/dist/lib/routes/agent-authorize.js +479 -0
- package/dist/lib/routes/agent-authorize.js.map +1 -0
- package/dist/lib/routes/agent-sessions.d.ts +20 -0
- package/dist/lib/routes/agent-sessions.d.ts.map +1 -0
- package/dist/lib/routes/agent-sessions.js +124 -0
- package/dist/lib/routes/agent-sessions.js.map +1 -0
- package/dist/lib/routes/agent-surface.d.ts +37 -0
- package/dist/lib/routes/agent-surface.d.ts.map +1 -0
- package/dist/lib/routes/agent-surface.js +208 -0
- package/dist/lib/routes/agent-surface.js.map +1 -0
- package/dist/lib/routes/auth-discover.d.ts +18 -0
- package/dist/lib/routes/auth-discover.d.ts.map +1 -0
- package/dist/lib/routes/auth-discover.js +177 -0
- package/dist/lib/routes/auth-discover.js.map +1 -0
- package/dist/lib/routes/comments.d.ts.map +1 -1
- package/dist/lib/routes/comments.js +36 -7
- package/dist/lib/routes/comments.js.map +1 -1
- package/dist/lib/routes/connection-codes.d.ts.map +1 -1
- package/dist/lib/routes/connection-codes.js +21 -4
- package/dist/lib/routes/connection-codes.js.map +1 -1
- package/dist/lib/routes/content-discovery.d.ts.map +1 -1
- package/dist/lib/routes/content-discovery.js +18 -13
- package/dist/lib/routes/content-discovery.js.map +1 -1
- package/dist/lib/routes/dashboard.js +1 -1
- package/dist/lib/routes/dashboard.js.map +1 -1
- package/dist/lib/routes/employees.d.ts.map +1 -1
- package/dist/lib/routes/employees.js +57 -15
- package/dist/lib/routes/employees.js.map +1 -1
- package/dist/lib/routes/entities.d.ts.map +1 -1
- package/dist/lib/routes/entities.js +35 -19
- package/dist/lib/routes/entities.js.map +1 -1
- package/dist/lib/routes/errors.d.ts +34 -0
- package/dist/lib/routes/errors.d.ts.map +1 -0
- package/dist/lib/routes/errors.js +57 -0
- package/dist/lib/routes/errors.js.map +1 -0
- package/dist/lib/routes/feeds.d.ts.map +1 -1
- package/dist/lib/routes/feeds.js +12 -2
- package/dist/lib/routes/feeds.js.map +1 -1
- package/dist/lib/routes/index.d.ts.map +1 -1
- package/dist/lib/routes/index.js +50 -0
- package/dist/lib/routes/index.js.map +1 -1
- package/dist/lib/routes/mfa.d.ts.map +1 -1
- package/dist/lib/routes/mfa.js +1 -0
- package/dist/lib/routes/mfa.js.map +1 -1
- package/dist/lib/routes/notifications.d.ts.map +1 -1
- package/dist/lib/routes/notifications.js +21 -4
- package/dist/lib/routes/notifications.js.map +1 -1
- package/dist/lib/routes/oauth.d.ts +15 -0
- package/dist/lib/routes/oauth.d.ts.map +1 -0
- package/dist/lib/routes/oauth.js +139 -0
- package/dist/lib/routes/oauth.js.map +1 -0
- package/dist/lib/routes/posts.d.ts.map +1 -1
- package/dist/lib/routes/posts.js +30 -19
- package/dist/lib/routes/posts.js.map +1 -1
- package/dist/lib/routes/products.d.ts.map +1 -1
- package/dist/lib/routes/products.js +19 -22
- package/dist/lib/routes/products.js.map +1 -1
- package/dist/lib/routes/setup-status.d.ts +34 -0
- package/dist/lib/routes/setup-status.d.ts.map +1 -0
- package/dist/lib/routes/setup-status.js +87 -0
- package/dist/lib/routes/setup-status.js.map +1 -0
- package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.js +15 -14
- package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
- package/dist/lib/routes/taxonomy.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy.js +19 -16
- package/dist/lib/routes/taxonomy.js.map +1 -1
- package/dist/lib/routes/tenant-audit.d.ts +19 -0
- package/dist/lib/routes/tenant-audit.d.ts.map +1 -0
- package/dist/lib/routes/tenant-audit.js +244 -0
- package/dist/lib/routes/tenant-audit.js.map +1 -0
- package/dist/lib/routes/tenant-compliance.d.ts +21 -0
- package/dist/lib/routes/tenant-compliance.d.ts.map +1 -0
- package/dist/lib/routes/tenant-compliance.js +122 -0
- package/dist/lib/routes/tenant-compliance.js.map +1 -0
- package/dist/lib/routes/tenant-domains.d.ts +11 -0
- package/dist/lib/routes/tenant-domains.d.ts.map +1 -0
- package/dist/lib/routes/tenant-domains.js +95 -0
- package/dist/lib/routes/tenant-domains.js.map +1 -0
- package/dist/lib/routes/tenant-idp.d.ts +3 -0
- package/dist/lib/routes/tenant-idp.d.ts.map +1 -0
- package/dist/lib/routes/tenant-idp.js +89 -0
- package/dist/lib/routes/tenant-idp.js.map +1 -0
- package/dist/lib/routes/tenant-members.d.ts +13 -0
- package/dist/lib/routes/tenant-members.d.ts.map +1 -0
- package/dist/lib/routes/tenant-members.js +75 -0
- package/dist/lib/routes/tenant-members.js.map +1 -0
- package/dist/lib/routes/tenant-role-mappings.d.ts +11 -0
- package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -0
- package/dist/lib/routes/tenant-role-mappings.js +90 -0
- package/dist/lib/routes/tenant-role-mappings.js.map +1 -0
- package/dist/lib/routes/tenants.d.ts +13 -0
- package/dist/lib/routes/tenants.d.ts.map +1 -0
- package/dist/lib/routes/tenants.js +121 -0
- package/dist/lib/routes/tenants.js.map +1 -0
- package/dist/lib/routes/types.d.ts +9 -0
- package/dist/lib/routes/types.d.ts.map +1 -1
- package/dist/lib/schemas.d.ts +2 -2
- package/dist/lib/secrets/idp-secrets.d.ts +51 -0
- package/dist/lib/secrets/idp-secrets.d.ts.map +1 -0
- package/dist/lib/secrets/idp-secrets.js +111 -0
- package/dist/lib/secrets/idp-secrets.js.map +1 -0
- package/dist/lib/security-monitor.d.ts.map +1 -1
- package/dist/lib/security-monitor.js +6 -1
- package/dist/lib/security-monitor.js.map +1 -1
- package/dist/lib/session-manager.d.ts +1 -0
- package/dist/lib/session-manager.d.ts.map +1 -1
- package/dist/lib/session-manager.js.map +1 -1
- package/dist/lib/taxonomy-handler-factory.d.ts +4 -2
- package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler-factory.js +8 -7
- package/dist/lib/taxonomy-handler-factory.js.map +1 -1
- package/dist/lib/tenant/audit-emit.d.ts +18 -0
- package/dist/lib/tenant/audit-emit.d.ts.map +1 -0
- package/dist/lib/tenant/audit-emit.js +16 -0
- package/dist/lib/tenant/audit-emit.js.map +1 -0
- package/dist/lib/tenant/derive-domain.d.ts +19 -0
- package/dist/lib/tenant/derive-domain.d.ts.map +1 -0
- package/dist/lib/tenant/derive-domain.js +38 -0
- package/dist/lib/tenant/derive-domain.js.map +1 -0
- package/dist/lib/tenant/domain-handler.d.ts +42 -0
- package/dist/lib/tenant/domain-handler.d.ts.map +1 -0
- package/dist/lib/tenant/domain-handler.js +344 -0
- package/dist/lib/tenant/domain-handler.js.map +1 -0
- package/dist/lib/tenant/domain-validator.d.ts +28 -0
- package/dist/lib/tenant/domain-validator.d.ts.map +1 -0
- package/dist/lib/tenant/domain-validator.js +145 -0
- package/dist/lib/tenant/domain-validator.js.map +1 -0
- package/dist/lib/tenant/domain-verifier.d.ts +30 -0
- package/dist/lib/tenant/domain-verifier.d.ts.map +1 -0
- package/dist/lib/tenant/domain-verifier.js +53 -0
- package/dist/lib/tenant/domain-verifier.js.map +1 -0
- package/dist/lib/tenant/idp-handler.d.ts +29 -0
- package/dist/lib/tenant/idp-handler.d.ts.map +1 -0
- package/dist/lib/tenant/idp-handler.js +693 -0
- package/dist/lib/tenant/idp-handler.js.map +1 -0
- package/dist/lib/tenant/idp-name.d.ts +2 -0
- package/dist/lib/tenant/idp-name.d.ts.map +1 -0
- package/dist/lib/tenant/idp-name.js +20 -0
- package/dist/lib/tenant/idp-name.js.map +1 -0
- package/dist/lib/tenant/member-handler.d.ts +31 -0
- package/dist/lib/tenant/member-handler.d.ts.map +1 -0
- package/dist/lib/tenant/member-handler.js +343 -0
- package/dist/lib/tenant/member-handler.js.map +1 -0
- package/dist/lib/tenant/reserved-slugs.d.ts +37 -0
- package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -0
- package/dist/lib/tenant/reserved-slugs.js +116 -0
- package/dist/lib/tenant/reserved-slugs.js.map +1 -0
- package/dist/lib/tenant/resolve-role.d.ts +39 -0
- package/dist/lib/tenant/resolve-role.d.ts.map +1 -0
- package/dist/lib/tenant/resolve-role.js +60 -0
- package/dist/lib/tenant/resolve-role.js.map +1 -0
- package/dist/lib/tenant/role-mapping-handler.d.ts +26 -0
- package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -0
- package/dist/lib/tenant/role-mapping-handler.js +260 -0
- package/dist/lib/tenant/role-mapping-handler.js.map +1 -0
- package/dist/lib/tenant/setup-status.d.ts +83 -0
- package/dist/lib/tenant/setup-status.d.ts.map +1 -0
- package/dist/lib/tenant/setup-status.js +201 -0
- package/dist/lib/tenant/setup-status.js.map +1 -0
- package/dist/lib/tenant/slug-validator.d.ts +31 -0
- package/dist/lib/tenant/slug-validator.d.ts.map +1 -0
- package/dist/lib/tenant/slug-validator.js +42 -0
- package/dist/lib/tenant/slug-validator.js.map +1 -0
- package/dist/lib/tenant/tenant-handler.d.ts +49 -0
- package/dist/lib/tenant/tenant-handler.d.ts.map +1 -0
- package/dist/lib/tenant/tenant-handler.js +377 -0
- package/dist/lib/tenant/tenant-handler.js.map +1 -0
- package/dist/lib/tenant/transfer-ownership.d.ts +39 -0
- package/dist/lib/tenant/transfer-ownership.d.ts.map +1 -0
- package/dist/lib/tenant/transfer-ownership.js +66 -0
- package/dist/lib/tenant/transfer-ownership.js.map +1 -0
- package/dist/lib/user/derive-handle.d.ts +29 -0
- package/dist/lib/user/derive-handle.d.ts.map +1 -0
- package/dist/lib/user/derive-handle.js +65 -0
- package/dist/lib/user/derive-handle.js.map +1 -0
- package/dist/lib/user-deprovisioning.d.ts +11 -1
- package/dist/lib/user-deprovisioning.d.ts.map +1 -1
- package/dist/lib/user-deprovisioning.js +46 -2
- package/dist/lib/user-deprovisioning.js.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.d.ts +10 -10
- package/package.json +7 -5
- package/prisma/migrations/20260502094501_add_tenancy_model/migration.sql +334 -0
- package/prisma/migrations/20260503000000_add_tenant_region/migration.sql +4 -0
- package/prisma/schema.prisma +324 -74
- package/src/lambda/nightly-cron.ts +4 -1
- package/src/lambda/post-confirmation.ts +405 -29
- package/src/lambda/pre-token-generation.ts +300 -59
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.tenantIdpRoutes = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Tenant identity-provider routes (T5).
|
|
6
|
+
*
|
|
7
|
+
* POST /api/tenants/:id/identity-provider
|
|
8
|
+
* GET /api/tenants/:id/identity-provider
|
|
9
|
+
* PATCH /api/tenants/:id/identity-provider
|
|
10
|
+
* DELETE /api/tenants/:id/identity-provider?confirm=true
|
|
11
|
+
*
|
|
12
|
+
* The PATCH route serves both config edits (clientSecret rotation,
|
|
13
|
+
* attribute mapping, defaultRole, scopes) and status toggle
|
|
14
|
+
* (`{status: ACTIVE|DISABLED}`); the handler picks based on body shape.
|
|
15
|
+
*/
|
|
16
|
+
const middleware_1 = require("../middleware");
|
|
17
|
+
const idempotency_1 = require("../middleware/idempotency");
|
|
18
|
+
const security_headers_1 = require("../security-headers");
|
|
19
|
+
const auth_middleware_1 = require("../auth/auth-middleware");
|
|
20
|
+
const idp_handler_1 = require("../tenant/idp-handler");
|
|
21
|
+
const errors_1 = require("./errors");
|
|
22
|
+
const IDP_RE = /^\/api\/tenants\/([^/]+)\/identity-provider$/;
|
|
23
|
+
exports.tenantIdpRoutes = [
|
|
24
|
+
{
|
|
25
|
+
path: IDP_RE,
|
|
26
|
+
method: "POST",
|
|
27
|
+
handler: async (request, env, { pathname }) => {
|
|
28
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
29
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
30
|
+
if (!auth)
|
|
31
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
32
|
+
const tenantId = pathname.match(IDP_RE)?.[1] ?? "";
|
|
33
|
+
const handler = new idp_handler_1.IdpHandler();
|
|
34
|
+
const response = await handler.handleCreate(tenantId, request, auth, env);
|
|
35
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
36
|
+
},
|
|
37
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)(), (0, idempotency_1.idempotencyMiddleware)()],
|
|
38
|
+
description: "Connect a tenant identity provider (OIDC)",
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
path: IDP_RE,
|
|
42
|
+
method: "GET",
|
|
43
|
+
handler: async (request, env, { pathname }) => {
|
|
44
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
45
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
46
|
+
if (!auth)
|
|
47
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
48
|
+
const tenantId = pathname.match(IDP_RE)?.[1] ?? "";
|
|
49
|
+
const handler = new idp_handler_1.IdpHandler();
|
|
50
|
+
const response = await handler.handleGet(tenantId, auth, env);
|
|
51
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
52
|
+
},
|
|
53
|
+
middleware: [(0, middleware_1.corsMiddleware)()],
|
|
54
|
+
description: "Read a tenant identity provider",
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
path: IDP_RE,
|
|
58
|
+
method: "PATCH",
|
|
59
|
+
handler: async (request, env, { pathname }) => {
|
|
60
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
61
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
62
|
+
if (!auth)
|
|
63
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
64
|
+
const tenantId = pathname.match(IDP_RE)?.[1] ?? "";
|
|
65
|
+
const handler = new idp_handler_1.IdpHandler();
|
|
66
|
+
const response = await handler.handlePatch(tenantId, request, auth, env);
|
|
67
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
68
|
+
},
|
|
69
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)()],
|
|
70
|
+
description: "Update or toggle a tenant identity provider",
|
|
71
|
+
},
|
|
72
|
+
{
|
|
73
|
+
path: IDP_RE,
|
|
74
|
+
method: "DELETE",
|
|
75
|
+
handler: async (request, env, { pathname }) => {
|
|
76
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
77
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
78
|
+
if (!auth)
|
|
79
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
80
|
+
const tenantId = pathname.match(IDP_RE)?.[1] ?? "";
|
|
81
|
+
const handler = new idp_handler_1.IdpHandler();
|
|
82
|
+
const response = await handler.handleDelete(tenantId, new URL(request.url), auth, env);
|
|
83
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
84
|
+
},
|
|
85
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)()],
|
|
86
|
+
description: "Disconnect a tenant identity provider",
|
|
87
|
+
},
|
|
88
|
+
];
|
|
89
|
+
//# sourceMappingURL=tenant-idp.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tenant-idp.js","sourceRoot":"","sources":["../../../src/lib/routes/tenant-idp.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;GAWG;AACH,8CAA+D;AAC/D,2DAAkE;AAClE,0DAAsD;AACtD,6DAAyD;AACzD,uDAAmD;AACnD,qCAA6C;AAG7C,MAAM,MAAM,GAAG,8CAA8C,CAAC;AAEjD,QAAA,eAAe,GAAY;IACtC;QACE,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,IAAI,wBAAU,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC1E,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,EAAE,IAAA,mCAAqB,GAAE,CAAC;QACzE,WAAW,EAAE,2CAA2C;KACzD;IACD;QACE,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,IAAI,wBAAU,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC9D,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,CAAC;QAC9B,WAAW,EAAE,iCAAiC;KAC/C;IACD;QACE,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,IAAI,wBAAU,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACzE,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,6CAA6C;KAC3D;IACD;QACE,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,QAAQ;QAChB,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,IAAI,wBAAU,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACvF,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,uCAAuC;KACrD;CACF,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tenant member routes.
|
|
3
|
+
*
|
|
4
|
+
* GET /api/tenants/:id/members
|
|
5
|
+
* PATCH /api/tenants/:id/members/:memberId
|
|
6
|
+
* DELETE /api/tenants/:id/members/:memberId
|
|
7
|
+
*
|
|
8
|
+
* `POST /api/tenants/:id/transfer-ownership` is wired in routes/tenants.ts
|
|
9
|
+
* and now backed by MemberHandler.handleTransferOwnership.
|
|
10
|
+
*/
|
|
11
|
+
import type { Route } from "./types";
|
|
12
|
+
export declare const tenantMemberRoutes: Route[];
|
|
13
|
+
//# sourceMappingURL=tenant-members.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tenant-members.d.ts","sourceRoot":"","sources":["../../../src/lib/routes/tenant-members.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAOH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAKrC,eAAO,MAAM,kBAAkB,EAAE,KAAK,EAuDrC,CAAC"}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Tenant member routes.
|
|
4
|
+
*
|
|
5
|
+
* GET /api/tenants/:id/members
|
|
6
|
+
* PATCH /api/tenants/:id/members/:memberId
|
|
7
|
+
* DELETE /api/tenants/:id/members/:memberId
|
|
8
|
+
*
|
|
9
|
+
* `POST /api/tenants/:id/transfer-ownership` is wired in routes/tenants.ts
|
|
10
|
+
* and now backed by MemberHandler.handleTransferOwnership.
|
|
11
|
+
*/
|
|
12
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
13
|
+
exports.tenantMemberRoutes = void 0;
|
|
14
|
+
const middleware_1 = require("../middleware");
|
|
15
|
+
const security_headers_1 = require("../security-headers");
|
|
16
|
+
const member_handler_1 = require("../tenant/member-handler");
|
|
17
|
+
const auth_middleware_1 = require("../auth/auth-middleware");
|
|
18
|
+
const errors_1 = require("./errors");
|
|
19
|
+
const MEMBERS_LIST = /^\/api\/tenants\/([^/]+)\/members$/;
|
|
20
|
+
const MEMBER_ITEM = /^\/api\/tenants\/([^/]+)\/members\/([^/]+)$/;
|
|
21
|
+
exports.tenantMemberRoutes = [
|
|
22
|
+
{
|
|
23
|
+
path: MEMBERS_LIST,
|
|
24
|
+
method: "GET",
|
|
25
|
+
handler: async (request, env, { pathname }) => {
|
|
26
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
27
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
28
|
+
if (!auth)
|
|
29
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
30
|
+
const tenantId = pathname.match(MEMBERS_LIST)?.[1] ?? "";
|
|
31
|
+
const handler = new member_handler_1.MemberHandler();
|
|
32
|
+
const response = await handler.handleList(tenantId, request, auth, env);
|
|
33
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
34
|
+
},
|
|
35
|
+
middleware: [(0, middleware_1.corsMiddleware)()],
|
|
36
|
+
description: "List tenant members (paginated)",
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
path: MEMBER_ITEM,
|
|
40
|
+
method: "PATCH",
|
|
41
|
+
handler: async (request, env, { pathname }) => {
|
|
42
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
43
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
44
|
+
if (!auth)
|
|
45
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
46
|
+
const match = pathname.match(MEMBER_ITEM);
|
|
47
|
+
const tenantId = match?.[1] ?? "";
|
|
48
|
+
const memberId = match?.[2] ?? "";
|
|
49
|
+
const handler = new member_handler_1.MemberHandler();
|
|
50
|
+
const response = await handler.handlePatchRole(tenantId, memberId, request, auth, env);
|
|
51
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
52
|
+
},
|
|
53
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)()],
|
|
54
|
+
description: "Change a member's role",
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
path: MEMBER_ITEM,
|
|
58
|
+
method: "DELETE",
|
|
59
|
+
handler: async (request, env, { pathname }) => {
|
|
60
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
61
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
62
|
+
if (!auth)
|
|
63
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
64
|
+
const match = pathname.match(MEMBER_ITEM);
|
|
65
|
+
const tenantId = match?.[1] ?? "";
|
|
66
|
+
const memberId = match?.[2] ?? "";
|
|
67
|
+
const handler = new member_handler_1.MemberHandler();
|
|
68
|
+
const response = await handler.handleRemove(tenantId, memberId, auth, env);
|
|
69
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
70
|
+
},
|
|
71
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)()],
|
|
72
|
+
description: "Remove a member (soft-delete + global sign-out)",
|
|
73
|
+
},
|
|
74
|
+
];
|
|
75
|
+
//# sourceMappingURL=tenant-members.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tenant-members.js","sourceRoot":"","sources":["../../../src/lib/routes/tenant-members.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAEH,8CAA+D;AAC/D,0DAAsD;AACtD,6DAAyD;AACzD,6DAAyD;AACzD,qCAA6C;AAG7C,MAAM,YAAY,GAAG,oCAAoC,CAAC;AAC1D,MAAM,WAAW,GAAG,6CAA6C,CAAC;AAErD,QAAA,kBAAkB,GAAY;IACzC;QACE,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YAErD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACzD,MAAM,OAAO,GAAG,IAAI,8BAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACxE,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,CAAC;QAC9B,WAAW,EAAE,iCAAiC;KAC/C;IAED;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YAErD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAC1C,MAAM,QAAQ,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,IAAI,8BAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACvF,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,wBAAwB;KACtC;IAED;QACE,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,QAAQ;QAChB,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YAErD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAC1C,MAAM,QAAQ,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,IAAI,8BAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3E,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,iDAAiD;KAC/D;CACF,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tenant role-mapping routes.
|
|
3
|
+
*
|
|
4
|
+
* GET /api/tenants/:id/role-mappings
|
|
5
|
+
* POST /api/tenants/:id/role-mappings
|
|
6
|
+
* PATCH /api/tenants/:id/role-mappings/:mappingId
|
|
7
|
+
* DELETE /api/tenants/:id/role-mappings/:mappingId
|
|
8
|
+
*/
|
|
9
|
+
import type { Route } from "./types";
|
|
10
|
+
export declare const tenantRoleMappingRoutes: Route[];
|
|
11
|
+
//# sourceMappingURL=tenant-role-mappings.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tenant-role-mappings.d.ts","sourceRoot":"","sources":["../../../src/lib/routes/tenant-role-mappings.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAKrC,eAAO,MAAM,uBAAuB,EAAE,KAAK,EAwE1C,CAAC"}
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Tenant role-mapping routes.
|
|
4
|
+
*
|
|
5
|
+
* GET /api/tenants/:id/role-mappings
|
|
6
|
+
* POST /api/tenants/:id/role-mappings
|
|
7
|
+
* PATCH /api/tenants/:id/role-mappings/:mappingId
|
|
8
|
+
* DELETE /api/tenants/:id/role-mappings/:mappingId
|
|
9
|
+
*/
|
|
10
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
11
|
+
exports.tenantRoleMappingRoutes = void 0;
|
|
12
|
+
const middleware_1 = require("../middleware");
|
|
13
|
+
const idempotency_1 = require("../middleware/idempotency");
|
|
14
|
+
const security_headers_1 = require("../security-headers");
|
|
15
|
+
const role_mapping_handler_1 = require("../tenant/role-mapping-handler");
|
|
16
|
+
const auth_middleware_1 = require("../auth/auth-middleware");
|
|
17
|
+
const errors_1 = require("./errors");
|
|
18
|
+
const MAPPINGS_LIST = /^\/api\/tenants\/([^/]+)\/role-mappings$/;
|
|
19
|
+
const MAPPING_ITEM = /^\/api\/tenants\/([^/]+)\/role-mappings\/([^/]+)$/;
|
|
20
|
+
exports.tenantRoleMappingRoutes = [
|
|
21
|
+
{
|
|
22
|
+
path: MAPPINGS_LIST,
|
|
23
|
+
method: "GET",
|
|
24
|
+
handler: async (request, env, { pathname }) => {
|
|
25
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
26
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
27
|
+
if (!auth)
|
|
28
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
29
|
+
const tenantId = pathname.match(MAPPINGS_LIST)?.[1] ?? "";
|
|
30
|
+
const handler = new role_mapping_handler_1.RoleMappingHandler();
|
|
31
|
+
const response = await handler.handleList(tenantId, auth, env);
|
|
32
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
33
|
+
},
|
|
34
|
+
middleware: [(0, middleware_1.corsMiddleware)()],
|
|
35
|
+
description: "List tenant role mappings",
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
path: MAPPINGS_LIST,
|
|
39
|
+
method: "POST",
|
|
40
|
+
handler: async (request, env, { pathname }) => {
|
|
41
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
42
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
43
|
+
if (!auth)
|
|
44
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
45
|
+
const tenantId = pathname.match(MAPPINGS_LIST)?.[1] ?? "";
|
|
46
|
+
const handler = new role_mapping_handler_1.RoleMappingHandler();
|
|
47
|
+
const response = await handler.handleCreate(tenantId, request, auth, env);
|
|
48
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
49
|
+
},
|
|
50
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)(), (0, idempotency_1.idempotencyMiddleware)()],
|
|
51
|
+
description: "Create a tenant role mapping",
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
path: MAPPING_ITEM,
|
|
55
|
+
method: "PATCH",
|
|
56
|
+
handler: async (request, env, { pathname }) => {
|
|
57
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
58
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
59
|
+
if (!auth)
|
|
60
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
61
|
+
const match = pathname.match(MAPPING_ITEM);
|
|
62
|
+
const tenantId = match?.[1] ?? "";
|
|
63
|
+
const mappingId = match?.[2] ?? "";
|
|
64
|
+
const handler = new role_mapping_handler_1.RoleMappingHandler();
|
|
65
|
+
const response = await handler.handleUpdate(tenantId, mappingId, request, auth, env);
|
|
66
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
67
|
+
},
|
|
68
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)()],
|
|
69
|
+
description: "Update a tenant role mapping",
|
|
70
|
+
},
|
|
71
|
+
{
|
|
72
|
+
path: MAPPING_ITEM,
|
|
73
|
+
method: "DELETE",
|
|
74
|
+
handler: async (request, env, { pathname }) => {
|
|
75
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
76
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
77
|
+
if (!auth)
|
|
78
|
+
return (0, errors_1.unauthorizedError)(securityHeaders);
|
|
79
|
+
const match = pathname.match(MAPPING_ITEM);
|
|
80
|
+
const tenantId = match?.[1] ?? "";
|
|
81
|
+
const mappingId = match?.[2] ?? "";
|
|
82
|
+
const handler = new role_mapping_handler_1.RoleMappingHandler();
|
|
83
|
+
const response = await handler.handleDelete(tenantId, mappingId, auth, env);
|
|
84
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
85
|
+
},
|
|
86
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)()],
|
|
87
|
+
description: "Delete a tenant role mapping",
|
|
88
|
+
},
|
|
89
|
+
];
|
|
90
|
+
//# sourceMappingURL=tenant-role-mappings.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tenant-role-mappings.js","sourceRoot":"","sources":["../../../src/lib/routes/tenant-role-mappings.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,8CAA+D;AAC/D,2DAAkE;AAClE,0DAAsD;AACtD,yEAAoE;AACpE,6DAAyD;AACzD,qCAA6C;AAG7C,MAAM,aAAa,GAAG,0CAA0C,CAAC;AACjE,MAAM,YAAY,GAAG,mDAAmD,CAAC;AAE5D,QAAA,uBAAuB,GAAY;IAC9C;QACE,IAAI,EAAE,aAAa;QACnB,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YAErD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC1D,MAAM,OAAO,GAAG,IAAI,yCAAkB,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC/D,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,CAAC;QAC9B,WAAW,EAAE,2BAA2B;KACzC;IAED;QACE,IAAI,EAAE,aAAa;QACnB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YAErD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC1D,MAAM,OAAO,GAAG,IAAI,yCAAkB,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC1E,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,EAAE,IAAA,mCAAqB,GAAE,CAAC;QACzE,WAAW,EAAE,8BAA8B;KAC5C;IAED;QACE,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YAErD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,yCAAkB,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACrF,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,8BAA8B;KAC5C;IAED;QACE,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,QAAQ;QAChB,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC;YAErD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,yCAAkB,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC5E,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,8BAA8B;KAC5C;CACF,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tenant Routes
|
|
3
|
+
*
|
|
4
|
+
* - POST /api/tenants
|
|
5
|
+
* - GET /api/tenants/:id
|
|
6
|
+
* - PATCH /api/tenants/:id
|
|
7
|
+
* - POST /api/tenants/:id/transfer-ownership
|
|
8
|
+
* - GET /api/users/me/tenants
|
|
9
|
+
* - POST /api/auth/switch-tenant
|
|
10
|
+
*/
|
|
11
|
+
import type { Route } from "./types";
|
|
12
|
+
export declare const tenantRoutes: Route[];
|
|
13
|
+
//# sourceMappingURL=tenants.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tenants.d.ts","sourceRoot":"","sources":["../../../src/lib/routes/tenants.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAQH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAErC,eAAO,MAAM,YAAY,EAAE,KAAK,EA0G/B,CAAC"}
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Tenant Routes
|
|
4
|
+
*
|
|
5
|
+
* - POST /api/tenants
|
|
6
|
+
* - GET /api/tenants/:id
|
|
7
|
+
* - PATCH /api/tenants/:id
|
|
8
|
+
* - POST /api/tenants/:id/transfer-ownership
|
|
9
|
+
* - GET /api/users/me/tenants
|
|
10
|
+
* - POST /api/auth/switch-tenant
|
|
11
|
+
*/
|
|
12
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
13
|
+
exports.tenantRoutes = void 0;
|
|
14
|
+
const middleware_1 = require("../middleware");
|
|
15
|
+
const idempotency_1 = require("../middleware/idempotency");
|
|
16
|
+
const security_headers_1 = require("../security-headers");
|
|
17
|
+
const tenant_handler_1 = require("../tenant/tenant-handler");
|
|
18
|
+
const auth_middleware_1 = require("../auth/auth-middleware");
|
|
19
|
+
const errors_1 = require("./errors");
|
|
20
|
+
exports.tenantRoutes = [
|
|
21
|
+
// ── POST /api/tenants ─────────────────────────────────────────────────────
|
|
22
|
+
{
|
|
23
|
+
path: "/api/tenants",
|
|
24
|
+
method: "POST",
|
|
25
|
+
handler: async (request, env) => {
|
|
26
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
27
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
28
|
+
if (!auth)
|
|
29
|
+
return securityHeaders.addSecurityHeaders((0, errors_1.unauthorizedError)(securityHeaders));
|
|
30
|
+
const handler = new tenant_handler_1.TenantHandler();
|
|
31
|
+
const response = await handler.handleCreate(request, auth, env);
|
|
32
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
33
|
+
},
|
|
34
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)(), (0, idempotency_1.idempotencyMiddleware)()],
|
|
35
|
+
description: "Create organization tenant",
|
|
36
|
+
},
|
|
37
|
+
// ── GET /api/tenants/:id ──────────────────────────────────────────────────
|
|
38
|
+
{
|
|
39
|
+
path: /^\/api\/tenants\/([^/]+)$/,
|
|
40
|
+
method: "GET",
|
|
41
|
+
handler: async (request, env, { pathname }) => {
|
|
42
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
43
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
44
|
+
if (!auth)
|
|
45
|
+
return securityHeaders.addSecurityHeaders((0, errors_1.unauthorizedError)(securityHeaders));
|
|
46
|
+
const tenantId = pathname.match(/^\/api\/tenants\/([^/]+)$/)?.[1] ?? "";
|
|
47
|
+
const handler = new tenant_handler_1.TenantHandler();
|
|
48
|
+
const response = await handler.handleGet(tenantId, auth, env);
|
|
49
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
50
|
+
},
|
|
51
|
+
middleware: [(0, middleware_1.corsMiddleware)()],
|
|
52
|
+
description: "Get tenant by ID",
|
|
53
|
+
},
|
|
54
|
+
// ── PATCH /api/tenants/:id ────────────────────────────────────────────────
|
|
55
|
+
{
|
|
56
|
+
path: /^\/api\/tenants\/([^/]+)$/,
|
|
57
|
+
method: "PATCH",
|
|
58
|
+
handler: async (request, env, { pathname }) => {
|
|
59
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
60
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
61
|
+
if (!auth)
|
|
62
|
+
return securityHeaders.addSecurityHeaders((0, errors_1.unauthorizedError)(securityHeaders));
|
|
63
|
+
const tenantId = pathname.match(/^\/api\/tenants\/([^/]+)$/)?.[1] ?? "";
|
|
64
|
+
const handler = new tenant_handler_1.TenantHandler();
|
|
65
|
+
const response = await handler.handleUpdate(tenantId, request, auth, env);
|
|
66
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
67
|
+
},
|
|
68
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)()],
|
|
69
|
+
description: "Update tenant displayName",
|
|
70
|
+
},
|
|
71
|
+
// ── POST /api/tenants/:id/transfer-ownership ──────────────────────────────
|
|
72
|
+
{
|
|
73
|
+
path: /^\/api\/tenants\/([^/]+)\/transfer-ownership$/,
|
|
74
|
+
method: "POST",
|
|
75
|
+
handler: async (request, env, { pathname }) => {
|
|
76
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
77
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
78
|
+
if (!auth)
|
|
79
|
+
return securityHeaders.addSecurityHeaders((0, errors_1.unauthorizedError)(securityHeaders));
|
|
80
|
+
const tenantId = pathname.match(/^\/api\/tenants\/([^/]+)\/transfer-ownership$/)?.[1] ?? "";
|
|
81
|
+
const handler = new tenant_handler_1.TenantHandler();
|
|
82
|
+
const response = await handler.handleTransferOwnership(tenantId, request, auth, env);
|
|
83
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
84
|
+
},
|
|
85
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)()],
|
|
86
|
+
description: "Transfer tenant ownership",
|
|
87
|
+
},
|
|
88
|
+
// ── GET /api/users/me/tenants ─────────────────────────────────────────────
|
|
89
|
+
{
|
|
90
|
+
path: "/api/users/me/tenants",
|
|
91
|
+
method: "GET",
|
|
92
|
+
handler: async (request, env) => {
|
|
93
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
94
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
95
|
+
if (!auth)
|
|
96
|
+
return securityHeaders.addSecurityHeaders((0, errors_1.unauthorizedError)(securityHeaders));
|
|
97
|
+
const handler = new tenant_handler_1.TenantHandler();
|
|
98
|
+
const response = await handler.handleListMyTenants(auth, env);
|
|
99
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
100
|
+
},
|
|
101
|
+
middleware: [(0, middleware_1.corsMiddleware)()],
|
|
102
|
+
description: "List caller's tenant memberships",
|
|
103
|
+
},
|
|
104
|
+
// ── POST /api/auth/switch-tenant ──────────────────────────────────────────
|
|
105
|
+
{
|
|
106
|
+
path: "/api/auth/switch-tenant",
|
|
107
|
+
method: "POST",
|
|
108
|
+
handler: async (request, env) => {
|
|
109
|
+
const securityHeaders = new security_headers_1.SecurityHeaders(env);
|
|
110
|
+
const auth = await (0, auth_middleware_1.authMiddleware)(request, env);
|
|
111
|
+
if (!auth)
|
|
112
|
+
return securityHeaders.addSecurityHeaders((0, errors_1.unauthorizedError)(securityHeaders));
|
|
113
|
+
const handler = new tenant_handler_1.TenantHandler();
|
|
114
|
+
const response = await handler.handleSwitchTenant(request, auth, env);
|
|
115
|
+
return securityHeaders.addSecurityHeaders(response);
|
|
116
|
+
},
|
|
117
|
+
middleware: [(0, middleware_1.corsMiddleware)(), (0, middleware_1.csrfMiddleware)()],
|
|
118
|
+
description: "Switch active tenant",
|
|
119
|
+
},
|
|
120
|
+
];
|
|
121
|
+
//# sourceMappingURL=tenants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tenants.js","sourceRoot":"","sources":["../../../src/lib/routes/tenants.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAEH,8CAA+D;AAC/D,2DAAkE;AAClE,0DAAsD;AACtD,6DAAyD;AACzD,6DAAyD;AACzD,qCAA6C;AAGhC,QAAA,YAAY,GAAY;IACnC,6EAA6E;IAC7E;QACE,IAAI,EAAE,cAAc;QACpB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;YAC9B,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,eAAe,CAAC,kBAAkB,CAAC,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC,CAAC;YAEzF,MAAM,OAAO,GAAG,IAAI,8BAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAChE,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,EAAE,IAAA,mCAAqB,GAAE,CAAC;QACzE,WAAW,EAAE,4BAA4B;KAC1C;IAED,6EAA6E;IAC7E;QACE,IAAI,EAAE,2BAA2B;QACjC,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,eAAe,CAAC,kBAAkB,CAAC,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC,CAAC;YAEzF,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,2BAA2B,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACxE,MAAM,OAAO,GAAG,IAAI,8BAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC9D,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,CAAC;QAC9B,WAAW,EAAE,kBAAkB;KAChC;IAED,6EAA6E;IAC7E;QACE,IAAI,EAAE,2BAA2B;QACjC,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,eAAe,CAAC,kBAAkB,CAAC,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC,CAAC;YAEzF,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,2BAA2B,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACxE,MAAM,OAAO,GAAG,IAAI,8BAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAC1E,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,2BAA2B;KACzC;IAED,6EAA6E;IAC7E;QACE,IAAI,EAAE,+CAA+C;QACrD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,eAAe,CAAC,kBAAkB,CAAC,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC,CAAC;YAEzF,MAAM,QAAQ,GACZ,QAAQ,CAAC,KAAK,CAAC,+CAA+C,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7E,MAAM,OAAO,GAAG,IAAI,8BAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,uBAAuB,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACrF,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,2BAA2B;KACzC;IAED,6EAA6E;IAC7E;QACE,IAAI,EAAE,uBAAuB;QAC7B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;YAC9B,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,eAAe,CAAC,kBAAkB,CAAC,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC,CAAC;YAEzF,MAAM,OAAO,GAAG,IAAI,8BAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC9D,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,CAAC;QAC9B,WAAW,EAAE,kCAAkC;KAChD;IAED,6EAA6E;IAC7E;QACE,IAAI,EAAE,yBAAyB;QAC/B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;YAC9B,MAAM,eAAe,GAAG,IAAI,kCAAe,CAAC,GAAG,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAc,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,eAAe,CAAC,kBAAkB,CAAC,IAAA,0BAAiB,EAAC,eAAe,CAAC,CAAC,CAAC;YAEzF,MAAM,OAAO,GAAG,IAAI,8BAAa,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YACtE,OAAO,eAAe,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,sBAAsB;KACpC;CACF,CAAC"}
|
|
@@ -42,5 +42,14 @@ export interface Route {
|
|
|
42
42
|
* API version (for versioning support)
|
|
43
43
|
*/
|
|
44
44
|
version?: string;
|
|
45
|
+
/**
|
|
46
|
+
* Opt-in flag for publication on the public OpenAPI spec
|
|
47
|
+
* (`/openapi.json`) (G4 MEDIUM-3). Default `false` — only routes
|
|
48
|
+
* explicitly marked `publicSpec: true` appear in the document. The
|
|
49
|
+
* agent-discovery surface and the federation management routes are
|
|
50
|
+
* expected to set this; non-federation routes (posts, comments,
|
|
51
|
+
* media, ActivityPub, etc.) are excluded from the public spec.
|
|
52
|
+
*/
|
|
53
|
+
publicSpec?: boolean;
|
|
45
54
|
}
|
|
46
55
|
//# sourceMappingURL=types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/lib/routes/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,MAAM,WAAW,KAAK;IACpB;;;;;;;OAOG;IACH,IAAI,EAAE,YAAY,CAAC;IAEnB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE3B;;OAEG;IACH,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,GAAG,EACR,OAAO,EAAE;QACP,GAAG,EAAE,GAAG,CAAC;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/B,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,KACE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEvB;;OAEG;IACH,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAE1B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/lib/routes/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,MAAM,WAAW,KAAK;IACpB;;;;;;;OAOG;IACH,IAAI,EAAE,YAAY,CAAC;IAEnB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE3B;;OAEG;IACH,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE,GAAG,EACR,OAAO,EAAE;QACP,GAAG,EAAE,GAAG,CAAC;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/B,cAAc,CAAC,EAAE,cAAc,CAAC;KACjC,KACE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEvB;;OAEG;IACH,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAE1B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;;;;OAOG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB"}
|
package/dist/lib/schemas.d.ts
CHANGED
|
@@ -275,16 +275,16 @@ export declare const feedQuerySchema: z.ZodObject<{
|
|
|
275
275
|
}, "strip", z.ZodTypeAny, {
|
|
276
276
|
limit: number;
|
|
277
277
|
cursor?: string | undefined;
|
|
278
|
-
entityRef?: string | undefined;
|
|
279
278
|
taxonomyTags?: string[] | undefined;
|
|
279
|
+
entityRef?: string | undefined;
|
|
280
280
|
entityRefs?: string[] | undefined;
|
|
281
281
|
offset?: number | undefined;
|
|
282
282
|
personalized?: boolean | undefined;
|
|
283
283
|
personalizationEntityIds?: string[] | undefined;
|
|
284
284
|
}, {
|
|
285
285
|
cursor?: string | undefined;
|
|
286
|
-
entityRef?: string | undefined;
|
|
287
286
|
taxonomyTags?: string[] | undefined;
|
|
287
|
+
entityRef?: string | undefined;
|
|
288
288
|
limit?: number | undefined;
|
|
289
289
|
entityRefs?: string[] | undefined;
|
|
290
290
|
offset?: number | undefined;
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secrets Manager wrapper for IdP client secrets.
|
|
3
|
+
*
|
|
4
|
+
* Naming convention: `tenant/{tenantId}/idp-client-secret`. The IAM policy
|
|
5
|
+
* grants Skybber's task role only `secretsmanager:CreateSecret`,
|
|
6
|
+
* `PutSecretValue`, `DeleteSecret`, `DescribeSecret`, `GetSecretValue` on
|
|
7
|
+
* `arn:aws:secretsmanager:{region}:{account}:secret:tenant/*` so a leak in
|
|
8
|
+
* the IdP CRUD path can never read or rewrite secrets outside that prefix.
|
|
9
|
+
*
|
|
10
|
+
* The plaintext secret enters via `createOrUpdate` and is forwarded straight
|
|
11
|
+
* to Secrets Manager. It is never logged here. Callers must not log it
|
|
12
|
+
* either.
|
|
13
|
+
*/
|
|
14
|
+
import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
|
|
15
|
+
export declare const IDP_SECRET_PREFIX = "tenant/";
|
|
16
|
+
export declare const IDP_SECRET_SUFFIX = "/idp-client-secret";
|
|
17
|
+
export declare function idpSecretName(tenantId: string): string;
|
|
18
|
+
export interface IdpSecretRecord {
|
|
19
|
+
arn: string;
|
|
20
|
+
versionId?: string;
|
|
21
|
+
}
|
|
22
|
+
export declare class IdpSecretsClient {
|
|
23
|
+
private readonly client;
|
|
24
|
+
constructor(client: SecretsManagerClient);
|
|
25
|
+
/**
|
|
26
|
+
* Create the secret on first IdP connect. Tagged with the tenantId so an
|
|
27
|
+
* audit (or per-tenant cleanup) can find the secret without a lookup table.
|
|
28
|
+
* Throws if a secret with the same name already exists — the route handler
|
|
29
|
+
* maps that into 409.
|
|
30
|
+
*/
|
|
31
|
+
create(tenantId: string, plaintext: string): Promise<IdpSecretRecord>;
|
|
32
|
+
/**
|
|
33
|
+
* Rotate the secret in place. Returns the new version id so the caller
|
|
34
|
+
* can attach it to audit metadata.
|
|
35
|
+
*/
|
|
36
|
+
rotate(tenantId: string, plaintext: string): Promise<IdpSecretRecord>;
|
|
37
|
+
/**
|
|
38
|
+
* Permanently delete with no recovery window. We never want to leave
|
|
39
|
+
* dangling client secrets in Secrets Manager, and the only call sites
|
|
40
|
+
* (rollback after Cognito create failure, IdP disconnect) are explicitly
|
|
41
|
+
* destructive. NotFound is silently swallowed for idempotency.
|
|
42
|
+
*/
|
|
43
|
+
delete(tenantId: string): Promise<void>;
|
|
44
|
+
/**
|
|
45
|
+
* Existence + ARN lookup. Used at IdP create time to decide whether to
|
|
46
|
+
* call Create vs Put. Returns null if the secret does not exist.
|
|
47
|
+
*/
|
|
48
|
+
describe(tenantId: string): Promise<IdpSecretRecord | null>;
|
|
49
|
+
}
|
|
50
|
+
export declare function createIdpSecretsClient(region?: string): IdpSecretsClient;
|
|
51
|
+
//# sourceMappingURL=idp-secrets.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"idp-secrets.d.ts","sourceRoot":"","sources":["../../../src/lib/secrets/idp-secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EACL,oBAAoB,EAKrB,MAAM,iCAAiC,CAAC;AAEzC,eAAO,MAAM,iBAAiB,YAAY,CAAC;AAC3C,eAAO,MAAM,iBAAiB,uBAAuB,CAAC;AAEtD,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,gBAAgB;IACf,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,oBAAoB;IAEzD;;;;;OAKG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAkB3E;;;OAGG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAc3E;;;;;OAKG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgB7C;;;OAGG;IACG,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;CAclE;AAED,wBAAgB,sBAAsB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,gBAAgB,CAIxE"}
|