@fiado/api-invoker 4.20.1 → 4.21.0

package/bin/complaint/ComplaintApi.d.ts

@@ -0,0 +1,11 @@
+import { IHttpRequest } from "@fiado/http-client";
+import { ResponseOptions } from "@fiado/gateway-adapter";
+import { CreateComplaintRequest, CreateComplaintResponse, ComplaintResponse } from "@fiado/type-kit/bin/complaint/index.js";
+import { IComplaintApi } from "./interfaces/IComplaintApi.js";
+export declare class ComplaintApi implements IComplaintApi {
+    private httpRequest;
+    private readonly baseUrl;
+    constructor(httpRequest: IHttpRequest);
+    createComplaint(request: CreateComplaintRequest): Promise<ResponseOptions<CreateComplaintResponse>>;
+    getComplaint(complaintId: string): Promise<ResponseOptions<ComplaintResponse>>;
+}

package/bin/complaint/ComplaintApi.js

@@ -0,0 +1,34 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+import { inject, injectable } from "inversify";
+let ComplaintApi = class ComplaintApi {
+    httpRequest;
+    baseUrl = process.env.COMPLAINT_MAILBOX_LAMBDA_URL || "";
+    constructor(httpRequest) {
+        this.httpRequest = httpRequest;
+    }
+    async createComplaint(request) {
+        const url = `${this.baseUrl}backoffice/create`;
+        return await this.httpRequest.post(url, request);
+    }
+    async getComplaint(complaintId) {
+        const url = `${this.baseUrl}complaints/${complaintId}`;
+        return await this.httpRequest.get(url);
+    }
+};
+ComplaintApi = __decorate([
+    injectable(),
+    __param(0, inject("IHttpRequest")),
+    __metadata("design:paramtypes", [Object])
+], ComplaintApi);
+export { ComplaintApi };

package/bin/complaint/index.d.ts

@@ -0,0 +1,2 @@
+export * from './interfaces/IComplaintApi.js';
+export * from './ComplaintApi.js';

package/bin/complaint/index.js

@@ -0,0 +1,2 @@
+export * from './interfaces/IComplaintApi.js';
+export * from './ComplaintApi.js';

package/bin/complaint/interfaces/IComplaintApi.d.ts

@@ -0,0 +1,12 @@
+import { ResponseOptions } from "@fiado/gateway-adapter";
+import { CreateComplaintRequest, CreateComplaintResponse, ComplaintResponse } from "@fiado/type-kit/bin/complaint/index.js";
+/**
+ * Cliente del buzón anónimo de denuncias (`complaint-mailbox-business`, BO-19).
+ * URL base en `COMPLAINT_MAILBOX_LAMBDA_URL` (API Gateway privado VPC-only).
+ */
+export interface IComplaintApi {
+    /** Crea una denuncia. `POST /backoffice/create` */
+    createComplaint(request: CreateComplaintRequest): Promise<ResponseOptions<CreateComplaintResponse>>;
+    /** Lee una denuncia (sin exponer la identidad del denunciante). `GET /complaints/{complaintId}` */
+    getComplaint(complaintId: string): Promise<ResponseOptions<ComplaintResponse>>;
+}

package/bin/complaint/interfaces/IComplaintApi.js

@@ -0,0 +1 @@
+export {};

package/bin/container.config.js

@@ -41,6 +41,7 @@ import CnbvApi from "./cnbv-business/CnbvApi.js";
 import TransactionApi from "./transaction/api/TransactionApi.js";
 import { PomeloProcessorApi } from "./pomeloProcessor/index.js";
 import { DisputesApi } from "./disputes/index.js";
+import { ComplaintApi } from "./complaint/index.js";
 import TransactionAlertApi from "./riskProfile/api/TransactionAlertApi.js";
 import { DirectoriesApi } from "./directories/index.js";
 import CognitoConnectorApi from "./cognitoConnector/CognitoConnectorApi.js";
@@ -152,6 +153,7 @@ export const apiInvokerBindings = new ContainerModule(({ bind }) => {
     bind("ICnbvApi").to(CnbvApi);
     bind("IPomeloProcessorApi").to(PomeloProcessorApi);
     bind("IDisputesApi").to(DisputesApi);
+    bind("IComplaintApi").to(ComplaintApi);
     bind("ITransactionAlertApi").to(TransactionAlertApi);
     bind("IDirectoriesApi").to(DirectoriesApi);
     bind("ICognitoConnectorApi").to(CognitoConnectorApi);

package/bin/index.d.ts

@@ -34,6 +34,7 @@ export * from "./fiadoMessages/index.js";
 export * from "./cnbv-business/index.js";
 export * from "./pomeloProcessor/index.js";
 export * from "./disputes/index.js";
+export * from "./complaint/index.js";
 export * from "./directories/index.js";
 export * from "./cognitoConnector/index.js";
 export * from "./centralPayments/index.js";

package/bin/index.js

@@ -34,6 +34,7 @@ export * from "./fiadoMessages/index.js";
 export * from "./cnbv-business/index.js";
 export * from "./pomeloProcessor/index.js";
 export * from "./disputes/index.js";
+export * from "./complaint/index.js";
 export * from "./directories/index.js";
 export * from "./cognitoConnector/index.js";
 export * from "./centralPayments/index.js";

package/bin/platformRbac/api/PlatformRbacBusinessApi.d.ts

@@ -24,5 +24,5 @@ export default class PlatformRbacBusinessApi implements IPlatformRbacBusinessApi
     prepareChallenge(input: PrepareChallengeRequest): Promise<ApiGatewayResponse<PrepareChallengeResponse>>;
     verifyChallenge(input: VerifyChallengeRequest): Promise<ApiGatewayResponse<VerifyChallengeResponse>>;
     authorize(input: AuthorizeRequest): Promise<ApiGatewayResponse<AuthorizeResponse>>;
-    effectivePermissions(cognitoSub: string): Promise<ApiGatewayResponse<EffectivePermissionsResponse>>;
+    effectivePermissions(cognitoSub: string, tenantId?: string): Promise<ApiGatewayResponse<EffectivePermissionsResponse>>;
 }

package/bin/platformRbac/api/PlatformRbacBusinessApi.js

@@ -47,8 +47,15 @@ let PlatformRbacBusinessApi = class PlatformRbacBusinessApi {
         const url = `${this.baseUrl}/internal/authorize`;
         return await this.httpRequest.post(url, input);
     }
-    async effectivePermissions(cognitoSub) {
-        const url = `${this.baseUrl}/internal/users/${encodeURIComponent(cognitoSub)}/effective-permissions`;
+    async effectivePermissions(cognitoSub, tenantId) {
+        const base = `${this.baseUrl}/internal/users/${encodeURIComponent(cognitoSub)}/effective-permissions`;
+        // El tenantId es opcional: los usuarios de plataforma resuelven por el silo PlatformUser
+        // sin él, pero los usuarios de un tenant LO NECESITAN para que el rbac sepa en qué silo
+        // buscarlos (sin él, el resolve cae a la rama platform y devuelve 404). Lo manda el
+        // jwt-inyector con el tenantId que ya resolvió del userPoolId.
+        const url = tenantId
+            ? `${base}?tenantId=${encodeURIComponent(tenantId)}`
+            : base;
         return await this.httpRequest.get(url);
     }
 };

package/bin/platformRbac/api/interfaces/IPlatformRbacBusinessApi.d.ts

@@ -50,6 +50,9 @@ export interface IPlatformRbacBusinessApi {
      * efectivos (más epoch y role assignments) de un usuario. Invocado por el
      * `jwt-inyector-trigger` al emitir el token para embeber el bitset RBAC.
      * El `cognitoSub` va en el path param (encodeURIComponent en el publisher).
+     * `tenantId` es opcional y va como query param `?tenantId=`: los usuarios de
+     * plataforma resuelven sin él, pero los de un tenant LO NECESITAN para que el
+     * rbac identifique el silo (sin él, el resolve cae a la rama platform → 404).
      */
-    effectivePermissions(cognitoSub: string): Promise<ApiGatewayResponse<EffectivePermissionsResponse>>;
+    effectivePermissions(cognitoSub: string, tenantId?: string): Promise<ApiGatewayResponse<EffectivePermissionsResponse>>;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fiado/api-invoker",
-  "version": "4.20.1",
+  "version": "4.21.0",
   "description": "Sirve como un puente entre diferentes funciones lambda, facilitando la comunicación entre ellas a través de invocaciones http",
   "type": "module",
   "main": "bin/index.js",
@@ -34,7 +34,7 @@
     "@fiado/gateway-adapter": "^2.0.2",
     "@fiado/http-client": "^2.0.1",
     "@fiado/logger": "^1.1.3",
-    "@fiado/type-kit": "^3.75.0",
+    "@fiado/type-kit": "^3.77.0",
     "dotenv": "^16.4.7"
   },
   "peerDependencies": {

package/src/complaint/ComplaintApi.ts

@@ -0,0 +1,27 @@
+import { inject, injectable } from "inversify";
+import { IHttpRequest } from "@fiado/http-client";
+import { ResponseOptions } from "@fiado/gateway-adapter";
+import {
+    CreateComplaintRequest,
+    CreateComplaintResponse,
+    ComplaintResponse,
+} from "@fiado/type-kit/bin/complaint/index.js";
+import { IComplaintApi } from "./interfaces/IComplaintApi.js";
+
+@injectable()
+export class ComplaintApi implements IComplaintApi {
+
+    private readonly baseUrl = process.env.COMPLAINT_MAILBOX_LAMBDA_URL || "";
+
+    constructor(@inject("IHttpRequest") private httpRequest: IHttpRequest) { }
+
+    async createComplaint(request: CreateComplaintRequest): Promise<ResponseOptions<CreateComplaintResponse>> {
+        const url = `${this.baseUrl}backoffice/create`;
+        return await this.httpRequest.post(url, request);
+    }
+
+    async getComplaint(complaintId: string): Promise<ResponseOptions<ComplaintResponse>> {
+        const url = `${this.baseUrl}complaints/${complaintId}`;
+        return await this.httpRequest.get(url);
+    }
+}

package/src/complaint/index.ts

@@ -0,0 +1,2 @@
+export * from './interfaces/IComplaintApi.js';
+export * from './ComplaintApi.js';

package/src/complaint/interfaces/IComplaintApi.ts

@@ -0,0 +1,18 @@
+import { ResponseOptions } from "@fiado/gateway-adapter";
+import {
+    CreateComplaintRequest,
+    CreateComplaintResponse,
+    ComplaintResponse,
+} from "@fiado/type-kit/bin/complaint/index.js";
+
+/**
+ * Cliente del buzón anónimo de denuncias (`complaint-mailbox-business`, BO-19).
+ * URL base en `COMPLAINT_MAILBOX_LAMBDA_URL` (API Gateway privado VPC-only).
+ */
+export interface IComplaintApi {
+    /** Crea una denuncia. `POST /backoffice/create` */
+    createComplaint(request: CreateComplaintRequest): Promise<ResponseOptions<CreateComplaintResponse>>;
+
+    /** Lee una denuncia (sin exponer la identidad del denunciante). `GET /complaints/{complaintId}` */
+    getComplaint(complaintId: string): Promise<ResponseOptions<ComplaintResponse>>;
+}

package/src/container.config.ts

@@ -65,6 +65,7 @@ import { ICnbvApi } from "./cnbv-business/index.js";
 import TransactionApi from "./transaction/api/TransactionApi.js";
 import { IPomeloProcessorApi, PomeloProcessorApi } from "./pomeloProcessor/index.js";
 import { DisputesApi, IDisputesApi } from "./disputes/index.js";
+import { ComplaintApi, IComplaintApi } from "./complaint/index.js";
 import TransactionAlertApi from "./riskProfile/api/TransactionAlertApi.js";
 import { DirectoriesApi, IDirectoriesApi } from "./directories/index.js";
 import { ICognitoConnectorApi, ICognitoV2Api } from "./cognitoConnector/index.js";
@@ -213,6 +214,7 @@ export const apiInvokerBindings = new ContainerModule(({ bind }) => {
     bind<ICnbvApi>("ICnbvApi").to(CnbvApi);
     bind<IPomeloProcessorApi>("IPomeloProcessorApi").to(PomeloProcessorApi);
     bind<IDisputesApi>("IDisputesApi").to(DisputesApi);
+    bind<IComplaintApi>("IComplaintApi").to(ComplaintApi);
     bind<ITransactionAlertApi>("ITransactionAlertApi").to(TransactionAlertApi);
     bind<IDirectoriesApi>("IDirectoriesApi").to(DirectoriesApi);
     bind<ICognitoConnectorApi>("ICognitoConnectorApi").to(CognitoConnectorApi);

package/src/index.ts

@@ -34,6 +34,7 @@ export * from "./fiadoMessages/index.js";
 export * from "./cnbv-business/index.js";
 export * from "./pomeloProcessor/index.js";
 export * from "./disputes/index.js";
+export * from "./complaint/index.js";
 export * from "./directories/index.js";
 export * from "./cognitoConnector/index.js";
 export * from "./centralPayments/index.js";

package/src/platformRbac/api/PlatformRbacBusinessApi.ts

@@ -65,8 +65,16 @@ export default class PlatformRbacBusinessApi implements IPlatformRbacBusinessApi
 
     async effectivePermissions(
         cognitoSub: string,
+        tenantId?: string,
     ): Promise<ApiGatewayResponse<EffectivePermissionsResponse>> {
-        const url = `${this.baseUrl}/internal/users/${encodeURIComponent(cognitoSub)}/effective-permissions`;
+        const base = `${this.baseUrl}/internal/users/${encodeURIComponent(cognitoSub)}/effective-permissions`;
+        // El tenantId es opcional: los usuarios de plataforma resuelven por el silo PlatformUser
+        // sin él, pero los usuarios de un tenant LO NECESITAN para que el rbac sepa en qué silo
+        // buscarlos (sin él, el resolve cae a la rama platform y devuelve 404). Lo manda el
+        // jwt-inyector con el tenantId que ya resolvió del userPoolId.
+        const url = tenantId
+            ? `${base}?tenantId=${encodeURIComponent(tenantId)}`
+            : base;
         return await this.httpRequest.get(url);
     }
 }

package/src/platformRbac/api/interfaces/IPlatformRbacBusinessApi.ts

@@ -73,8 +73,12 @@ export interface IPlatformRbacBusinessApi {
      * efectivos (más epoch y role assignments) de un usuario. Invocado por el
      * `jwt-inyector-trigger` al emitir el token para embeber el bitset RBAC.
      * El `cognitoSub` va en el path param (encodeURIComponent en el publisher).
+     * `tenantId` es opcional y va como query param `?tenantId=`: los usuarios de
+     * plataforma resuelven sin él, pero los de un tenant LO NECESITAN para que el
+     * rbac identifique el silo (sin él, el resolve cae a la rama platform → 404).
      */
     effectivePermissions(
         cognitoSub: string,
+        tenantId?: string,
     ): Promise<ApiGatewayResponse<EffectivePermissionsResponse>>;
 }