@fiado/api-invoker 4.8.2 → 4.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cognitoBackofficeConnector/api/CognitoBackofficeConnectorApi.d.ts +2 -1
- package/bin/cognitoBackofficeConnector/api/CognitoBackofficeConnectorApi.js +4 -0
- package/bin/cognitoBackofficeConnector/api/interfaces/ICognitoBackofficeConnectorApi.d.ts +9 -1
- package/bin/container.config.js +4 -0
- package/bin/index.d.ts +1 -0
- package/bin/index.js +1 -0
- package/bin/platformRbac/api/PlatformRbacBusinessApi.d.ts +3 -2
- package/bin/platformRbac/api/PlatformRbacBusinessApi.js +4 -0
- package/bin/platformRbac/api/interfaces/IPlatformRbacBusinessApi.d.ts +9 -1
- package/bin/stp-business/api/STPBusinessApi.d.ts +1 -0
- package/bin/stp-business/api/STPBusinessApi.js +8 -0
- package/bin/stp-business/api/interfaces/ISTPBusinessApi.d.ts +1 -0
- package/bin/totp-security/api/TotpSecurityApi.d.ts +14 -0
- package/bin/totp-security/api/TotpSecurityApi.js +44 -0
- package/bin/totp-security/api/interfaces/ITotpSecurityApi.d.ts +9 -0
- package/bin/totp-security/api/interfaces/ITotpSecurityApi.js +2 -0
- package/bin/totp-security/index.d.ts +2 -0
- package/bin/totp-security/index.js +18 -0
- package/package.json +2 -2
- package/src/cognitoBackofficeConnector/api/CognitoBackofficeConnectorApi.ts +9 -0
- package/src/cognitoBackofficeConnector/api/interfaces/ICognitoBackofficeConnectorApi.ts +13 -0
- package/src/container.config.ts +5 -0
- package/src/index.ts +1 -0
- package/src/platformRbac/api/PlatformRbacBusinessApi.ts +10 -1
- package/src/platformRbac/api/interfaces/IPlatformRbacBusinessApi.ts +13 -0
- package/src/stp-business/api/STPBusinessApi.ts +11 -2
- package/src/stp-business/api/interfaces/ISTPBusinessApi.ts +2 -0
- package/src/totp-security/api/TotpSecurityApi.ts +38 -0
- package/src/totp-security/api/interfaces/ITotpSecurityApi.ts +16 -0
- package/src/totp-security/index.ts +2 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { IHttpRequest } from "@fiado/http-client";
|
|
2
2
|
import { ApiGatewayResponse } from "@fiado/gateway-adapter";
|
|
3
|
-
import { CreateUserRequest, CreateUserResponse, UpdateUserAttributesRequest, UserActionRequest, ResendInvitationRequest, UserDetailResponse, AuthEventsRequest, AuthEventResponse, InitiateAuthRequest, InitiateAuthResponse, RespondToChallengeRequest, RespondToChallengeResponse, RefreshTokensRequest, RefreshTokensResponse, ForgotPasswordRequest, ConfirmForgotPasswordRequest, ResendConfirmationRequest, ChangePasswordRequest, TotpBeginRequest, TotpBeginResponse, TotpVerifyRequest, MfaVerifyResponse, SetMfaPreferenceRequest, MfaResetRequest, UpdateEmailRequest, VerifyEmailRequest, UpdateProfileRequest, CreatePoolRequest, CreatePoolResponse, HealthcheckResponse, VerifyPasswordRequest, VerifyPasswordResponse } from "@fiado/type-kit/bin/cognitoBackofficeConnector";
|
|
3
|
+
import { CreateUserRequest, CreateUserResponse, UpdateUserAttributesRequest, UserActionRequest, ResendInvitationRequest, UserDetailResponse, AuthEventsRequest, AuthEventResponse, InitiateAuthRequest, InitiateAuthResponse, RespondToChallengeRequest, RespondToChallengeResponse, RefreshTokensRequest, RefreshTokensResponse, ForgotPasswordRequest, ConfirmForgotPasswordRequest, ResendConfirmationRequest, ChangePasswordRequest, TotpBeginRequest, TotpBeginResponse, TotpVerifyRequest, MfaVerifyResponse, SetMfaPreferenceRequest, MfaResetRequest, UpdateEmailRequest, VerifyEmailRequest, UpdateProfileRequest, CreatePoolRequest, CreatePoolResponse, HealthcheckResponse, VerifyPasswordRequest, VerifyPasswordResponse, IntrospectRequest, IntrospectResponse } from "@fiado/type-kit/bin/cognitoBackofficeConnector";
|
|
4
4
|
import { ICognitoBackofficeConnectorApi } from "./interfaces/ICognitoBackofficeConnectorApi";
|
|
5
5
|
/**
|
|
6
6
|
* Publisher HTTP del lambda `cognito-backoffice-connector` (componente 05 SureKeep Fase 0).
|
|
@@ -37,6 +37,7 @@ export default class CognitoBackofficeConnectorApi implements ICognitoBackoffice
|
|
|
37
37
|
resetUserMfa(cognitoSub: string, input: MfaResetRequest): Promise<ApiGatewayResponse<void>>;
|
|
38
38
|
authInitiate(input: InitiateAuthRequest): Promise<ApiGatewayResponse<InitiateAuthResponse>>;
|
|
39
39
|
authVerifyPassword(input: VerifyPasswordRequest): Promise<ApiGatewayResponse<VerifyPasswordResponse>>;
|
|
40
|
+
introspect(input: IntrospectRequest): Promise<ApiGatewayResponse<IntrospectResponse>>;
|
|
40
41
|
authRespondChallenge(input: RespondToChallengeRequest): Promise<ApiGatewayResponse<RespondToChallengeResponse>>;
|
|
41
42
|
authRefreshTokens(input: RefreshTokensRequest): Promise<ApiGatewayResponse<RefreshTokensResponse>>;
|
|
42
43
|
authForgotPassword(input: ForgotPasswordRequest): Promise<ApiGatewayResponse<void>>;
|
|
@@ -95,6 +95,10 @@ let CognitoBackofficeConnectorApi = class CognitoBackofficeConnectorApi {
|
|
|
95
95
|
const url = `${this.baseUrl}/auth/verify-password`;
|
|
96
96
|
return await this.httpRequest.post(url, input);
|
|
97
97
|
}
|
|
98
|
+
async introspect(input) {
|
|
99
|
+
const url = `${this.baseUrl}/auth/introspect`;
|
|
100
|
+
return await this.httpRequest.post(url, input);
|
|
101
|
+
}
|
|
98
102
|
async authRespondChallenge(input) {
|
|
99
103
|
const url = `${this.baseUrl}/auth/respond-challenge`;
|
|
100
104
|
return await this.httpRequest.post(url, input);
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { ApiGatewayResponse } from "@fiado/gateway-adapter";
|
|
2
|
-
import { CreateUserRequest, CreateUserResponse, UpdateUserAttributesRequest, UserActionRequest, ResendInvitationRequest, UserDetailResponse, AuthEventsRequest, AuthEventResponse, InitiateAuthRequest, InitiateAuthResponse, RespondToChallengeRequest, RespondToChallengeResponse, RefreshTokensRequest, RefreshTokensResponse, ForgotPasswordRequest, ConfirmForgotPasswordRequest, ResendConfirmationRequest, ChangePasswordRequest, TotpBeginRequest, TotpBeginResponse, TotpVerifyRequest, MfaVerifyResponse, SetMfaPreferenceRequest, MfaResetRequest, UpdateEmailRequest, VerifyEmailRequest, UpdateProfileRequest, CreatePoolRequest, CreatePoolResponse, HealthcheckResponse, VerifyPasswordRequest, VerifyPasswordResponse } from "@fiado/type-kit/bin/cognitoBackofficeConnector";
|
|
2
|
+
import { CreateUserRequest, CreateUserResponse, UpdateUserAttributesRequest, UserActionRequest, ResendInvitationRequest, UserDetailResponse, AuthEventsRequest, AuthEventResponse, InitiateAuthRequest, InitiateAuthResponse, RespondToChallengeRequest, RespondToChallengeResponse, RefreshTokensRequest, RefreshTokensResponse, ForgotPasswordRequest, ConfirmForgotPasswordRequest, ResendConfirmationRequest, ChangePasswordRequest, TotpBeginRequest, TotpBeginResponse, TotpVerifyRequest, MfaVerifyResponse, SetMfaPreferenceRequest, MfaResetRequest, UpdateEmailRequest, VerifyEmailRequest, UpdateProfileRequest, CreatePoolRequest, CreatePoolResponse, HealthcheckResponse, VerifyPasswordRequest, VerifyPasswordResponse, IntrospectRequest, IntrospectResponse } from "@fiado/type-kit/bin/cognitoBackofficeConnector";
|
|
3
3
|
/**
|
|
4
4
|
* Contrato del publisher HTTP del lambda `cognito-backoffice-connector` (componente 05 SureKeep Fase 0).
|
|
5
5
|
*
|
|
@@ -50,6 +50,14 @@ export interface ICognitoBackofficeConnectorApi {
|
|
|
50
50
|
* solo un veredicto `{ valid }`. El caller (rbac) NO conoce el mecanismo.
|
|
51
51
|
*/
|
|
52
52
|
authVerifyPassword(input: VerifyPasswordRequest): Promise<ApiGatewayResponse<VerifyPasswordResponse>>;
|
|
53
|
+
/**
|
|
54
|
+
* POST /auth/introspect — valida un token (firma + exp + iss + client_id +
|
|
55
|
+
* token_use) y devuelve `{ valid, cognitoSub?, reason? }`. El connector es
|
|
56
|
+
* stateless: el caller (rbac) pasa userPoolId + region + clientId del pool.
|
|
57
|
+
* Consumido por el `AuthorizeManager` del platform-rbac-business durante el
|
|
58
|
+
* enforcement RBAC (PDP).
|
|
59
|
+
*/
|
|
60
|
+
introspect(input: IntrospectRequest): Promise<ApiGatewayResponse<IntrospectResponse>>;
|
|
53
61
|
/** POST /auth/respond-challenge — responde a challenge pendiente (devuelve tokens o nuevo challenge). */
|
|
54
62
|
authRespondChallenge(input: RespondToChallengeRequest): Promise<ApiGatewayResponse<RespondToChallengeResponse>>;
|
|
55
63
|
/** POST /auth/refresh-tokens — refresca accessToken+idToken usando refreshToken. */
|
package/bin/container.config.js
CHANGED
|
@@ -107,6 +107,8 @@ const PlatformRbacBusinessApi_1 = __importDefault(require("./platformRbac/api/Pl
|
|
|
107
107
|
// Messages business — API client + OTP/notifications SQS publisher (Fase 0 SureKeep)
|
|
108
108
|
const messages_business_1 = require("./messages-business");
|
|
109
109
|
const MessagesBusinessPublisher_1 = __importDefault(require("./messages-business/queue/MessagesBusinessPublisher"));
|
|
110
|
+
// Totp security — connector HTTP-only síncrono (Fase 2 SureKeep)
|
|
111
|
+
const totp_security_1 = require("./totp-security");
|
|
110
112
|
exports.apiInvokerBindings = new inversify_1.ContainerModule(({ bind }) => {
|
|
111
113
|
// UTILS bindings
|
|
112
114
|
bind("InvokerUtils").to(InvokerUtils_1.InvokerUtils);
|
|
@@ -219,4 +221,6 @@ exports.apiInvokerBindings = new inversify_1.ContainerModule(({ bind }) => {
|
|
|
219
221
|
// Messages business — API client + OTP/notifications SQS publisher (Fase 0 SureKeep)
|
|
220
222
|
bind("IMessagesBusinessApi").to(messages_business_1.MessagesBusinessApi);
|
|
221
223
|
bind("IMessagesBusinessPublisher").to(MessagesBusinessPublisher_1.default);
|
|
224
|
+
// Totp security — connector HTTP-only síncrono (Fase 2 SureKeep)
|
|
225
|
+
bind("ITotpSecurityApi").to(totp_security_1.TotpSecurityApi);
|
|
222
226
|
});
|
package/bin/index.d.ts
CHANGED
package/bin/index.js
CHANGED
|
@@ -92,3 +92,4 @@ __exportStar(require("./milestone-business"), exports);
|
|
|
92
92
|
__exportStar(require("./cognitoBackofficeConnector"), exports);
|
|
93
93
|
__exportStar(require("./platformRbac"), exports);
|
|
94
94
|
__exportStar(require("./messages-business"), exports);
|
|
95
|
+
__exportStar(require("./totp-security"), exports);
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { IHttpRequest } from "@fiado/http-client";
|
|
1
|
+
import type { IHttpRequest } from "@fiado/http-client";
|
|
2
2
|
import { ApiGatewayResponse } from "@fiado/gateway-adapter";
|
|
3
|
-
import { DefineNextChallengeRequest, DefineNextChallengeResponse, PrepareChallengeRequest, PrepareChallengeResponse, VerifyChallengeRequest, VerifyChallengeResponse } from "@fiado/type-kit/bin/platformRbac";
|
|
3
|
+
import { DefineNextChallengeRequest, DefineNextChallengeResponse, PrepareChallengeRequest, PrepareChallengeResponse, VerifyChallengeRequest, VerifyChallengeResponse, AuthorizeRequest, AuthorizeResponse } from "@fiado/type-kit/bin/platformRbac";
|
|
4
4
|
import { IPlatformRbacBusinessApi } from "./interfaces/IPlatformRbacBusinessApi";
|
|
5
5
|
/**
|
|
6
6
|
* Publisher HTTP del lambda `platform-rbac-business` (componente 06 SureKeep Fase 0)
|
|
@@ -23,4 +23,5 @@ export default class PlatformRbacBusinessApi implements IPlatformRbacBusinessApi
|
|
|
23
23
|
defineNextChallenge(input: DefineNextChallengeRequest): Promise<ApiGatewayResponse<DefineNextChallengeResponse>>;
|
|
24
24
|
prepareChallenge(input: PrepareChallengeRequest): Promise<ApiGatewayResponse<PrepareChallengeResponse>>;
|
|
25
25
|
verifyChallenge(input: VerifyChallengeRequest): Promise<ApiGatewayResponse<VerifyChallengeResponse>>;
|
|
26
|
+
authorize(input: AuthorizeRequest): Promise<ApiGatewayResponse<AuthorizeResponse>>;
|
|
26
27
|
}
|
|
@@ -45,6 +45,10 @@ let PlatformRbacBusinessApi = class PlatformRbacBusinessApi {
|
|
|
45
45
|
const url = `${this.baseUrl}/internal/auth/verify-challenge`;
|
|
46
46
|
return await this.httpRequest.post(url, input);
|
|
47
47
|
}
|
|
48
|
+
async authorize(input) {
|
|
49
|
+
const url = `${this.baseUrl}/internal/authorize`;
|
|
50
|
+
return await this.httpRequest.post(url, input);
|
|
51
|
+
}
|
|
48
52
|
};
|
|
49
53
|
PlatformRbacBusinessApi = __decorate([
|
|
50
54
|
(0, inversify_1.injectable)(),
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { ApiGatewayResponse } from "@fiado/gateway-adapter";
|
|
2
|
-
import { DefineNextChallengeRequest, DefineNextChallengeResponse, PrepareChallengeRequest, PrepareChallengeResponse, VerifyChallengeRequest, VerifyChallengeResponse } from "@fiado/type-kit/bin/platformRbac";
|
|
2
|
+
import { DefineNextChallengeRequest, DefineNextChallengeResponse, PrepareChallengeRequest, PrepareChallengeResponse, VerifyChallengeRequest, VerifyChallengeResponse, AuthorizeRequest, AuthorizeResponse } from "@fiado/type-kit/bin/platformRbac";
|
|
3
3
|
/**
|
|
4
4
|
* Contrato del publisher HTTP del lambda `platform-rbac-business` (componente 06 SureKeep Fase 0)
|
|
5
5
|
* para los 3 endpoints internos del Custom Auth Challenge flow (MFA).
|
|
@@ -37,4 +37,12 @@ export interface IPlatformRbacBusinessApi {
|
|
|
37
37
|
* `verifyAuthChallengeResponse`.
|
|
38
38
|
*/
|
|
39
39
|
verifyChallenge(input: VerifyChallengeRequest): Promise<ApiGatewayResponse<VerifyChallengeResponse>>;
|
|
40
|
+
/**
|
|
41
|
+
* POST /internal/authorize — decide allow/deny de un permiso (PDP del modelo
|
|
42
|
+
* PEP/PDP de RBAC enforcement). Invocado por el decorador `@RequirePermission`
|
|
43
|
+
* del `@fiado/gateway-adapter` vía la impl `IAuthorizer` de cada lambda consumidor.
|
|
44
|
+
* El rbac descubre el pool por `iss`, valida el token (vía connector introspect),
|
|
45
|
+
* resuelve permisos efectivos y devuelve `{ allow, reason?, context? }`.
|
|
46
|
+
*/
|
|
47
|
+
authorize(input: AuthorizeRequest): Promise<ApiGatewayResponse<AuthorizeResponse>>;
|
|
40
48
|
}
|
|
@@ -43,6 +43,14 @@ let STPBusinessApi = class STPBusinessApi {
|
|
|
43
43
|
const url = `${this.baseUrl}conciliation/PAGOCONFIADO?${queryParams.toString()}`;
|
|
44
44
|
return await this.httpRequest.get(url);
|
|
45
45
|
}
|
|
46
|
+
async getAccountDetailByDirectoryId(directoryId) {
|
|
47
|
+
const url = `${this.baseUrl}`;
|
|
48
|
+
const headers = {
|
|
49
|
+
'Content-Type': 'application/json',
|
|
50
|
+
operationName: "privateGetAccountDetailByDirectoryId"
|
|
51
|
+
};
|
|
52
|
+
return await this.httpRequest.post(url, { directoryId }, headers);
|
|
53
|
+
}
|
|
46
54
|
};
|
|
47
55
|
STPBusinessApi = __decorate([
|
|
48
56
|
(0, inversify_1.injectable)(),
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { IHttpRequest } from '@fiado/http-client';
|
|
2
|
+
import FiadoApiResponse from '@fiado/type-kit/bin/apiResponse/dtos/FiadoApiResponse';
|
|
3
|
+
import { TotpEnrollRequest, TotpEnrollResponse, TotpVerifyEnrollmentRequest, TotpVerifyEnrollmentResponse, TotpVerifyRequest, TotpVerifyResponse, TotpDeleteRequest, TotpDeleteResponse, TotpStatusRequest, TotpStatusResponse } from '@fiado/type-kit/bin/totpSecurity';
|
|
4
|
+
import { ITotpSecurityApi } from './interfaces/ITotpSecurityApi';
|
|
5
|
+
export declare class TotpSecurityApi implements ITotpSecurityApi {
|
|
6
|
+
private readonly httpRequest;
|
|
7
|
+
private readonly baseUrl;
|
|
8
|
+
constructor(httpRequest: IHttpRequest);
|
|
9
|
+
enroll(req: TotpEnrollRequest): Promise<FiadoApiResponse<TotpEnrollResponse>>;
|
|
10
|
+
verifyEnrollment(req: TotpVerifyEnrollmentRequest): Promise<FiadoApiResponse<TotpVerifyEnrollmentResponse>>;
|
|
11
|
+
verify(req: TotpVerifyRequest): Promise<FiadoApiResponse<TotpVerifyResponse>>;
|
|
12
|
+
deleteSecret(req: TotpDeleteRequest): Promise<FiadoApiResponse<TotpDeleteResponse>>;
|
|
13
|
+
status(req: TotpStatusRequest): Promise<FiadoApiResponse<TotpStatusResponse>>;
|
|
14
|
+
}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.TotpSecurityApi = void 0;
|
|
16
|
+
const inversify_1 = require("inversify");
|
|
17
|
+
let TotpSecurityApi = class TotpSecurityApi {
|
|
18
|
+
httpRequest;
|
|
19
|
+
baseUrl = process.env.TOTP_SECURITY_URL || '';
|
|
20
|
+
constructor(httpRequest) {
|
|
21
|
+
this.httpRequest = httpRequest;
|
|
22
|
+
}
|
|
23
|
+
async enroll(req) {
|
|
24
|
+
return await this.httpRequest.post(`${this.baseUrl}totp/enroll`, req, { 'operationName': 'privateTotpEnroll' });
|
|
25
|
+
}
|
|
26
|
+
async verifyEnrollment(req) {
|
|
27
|
+
return await this.httpRequest.post(`${this.baseUrl}totp/verify-enrollment`, req, { 'operationName': 'privateTotpVerifyEnrollment' });
|
|
28
|
+
}
|
|
29
|
+
async verify(req) {
|
|
30
|
+
return await this.httpRequest.post(`${this.baseUrl}totp/verify`, req, { 'operationName': 'privateTotpVerify' });
|
|
31
|
+
}
|
|
32
|
+
async deleteSecret(req) {
|
|
33
|
+
return await this.httpRequest.post(`${this.baseUrl}totp/secret/delete`, req, { 'operationName': 'privateTotpDelete' });
|
|
34
|
+
}
|
|
35
|
+
async status(req) {
|
|
36
|
+
return await this.httpRequest.get(`${this.baseUrl}totp/status`, req, { 'operationName': 'privateTotpStatus' });
|
|
37
|
+
}
|
|
38
|
+
};
|
|
39
|
+
exports.TotpSecurityApi = TotpSecurityApi;
|
|
40
|
+
exports.TotpSecurityApi = TotpSecurityApi = __decorate([
|
|
41
|
+
(0, inversify_1.injectable)(),
|
|
42
|
+
__param(0, (0, inversify_1.inject)('IHttpRequest')),
|
|
43
|
+
__metadata("design:paramtypes", [Object])
|
|
44
|
+
], TotpSecurityApi);
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import FiadoApiResponse from '@fiado/type-kit/bin/apiResponse/dtos/FiadoApiResponse';
|
|
2
|
+
import { TotpEnrollRequest, TotpEnrollResponse, TotpVerifyEnrollmentRequest, TotpVerifyEnrollmentResponse, TotpVerifyRequest, TotpVerifyResponse, TotpDeleteRequest, TotpDeleteResponse, TotpStatusRequest, TotpStatusResponse } from '@fiado/type-kit/bin/totpSecurity';
|
|
3
|
+
export interface ITotpSecurityApi {
|
|
4
|
+
enroll(req: TotpEnrollRequest): Promise<FiadoApiResponse<TotpEnrollResponse>>;
|
|
5
|
+
verifyEnrollment(req: TotpVerifyEnrollmentRequest): Promise<FiadoApiResponse<TotpVerifyEnrollmentResponse>>;
|
|
6
|
+
verify(req: TotpVerifyRequest): Promise<FiadoApiResponse<TotpVerifyResponse>>;
|
|
7
|
+
deleteSecret(req: TotpDeleteRequest): Promise<FiadoApiResponse<TotpDeleteResponse>>;
|
|
8
|
+
status(req: TotpStatusRequest): Promise<FiadoApiResponse<TotpStatusResponse>>;
|
|
9
|
+
}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./api/TotpSecurityApi"), exports);
|
|
18
|
+
__exportStar(require("./api/interfaces/ITotpSecurityApi"), exports);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fiado/api-invoker",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.10.1",
|
|
4
4
|
"description": "Sirve como un puente entre diferentes funciones lambda, facilitando la comunicación entre ellas a través de invocaciones http",
|
|
5
5
|
"main": "bin/index.js",
|
|
6
6
|
"types": "bin/index.d.ts",
|
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
"@fiado/gateway-adapter": "^2.0.0",
|
|
18
18
|
"@fiado/http-client": "^2.0.0",
|
|
19
19
|
"@fiado/logger": "^1.0.3",
|
|
20
|
-
"@fiado/type-kit": "^3.
|
|
20
|
+
"@fiado/type-kit": "^3.48.0",
|
|
21
21
|
"dotenv": "^16.4.7"
|
|
22
22
|
},
|
|
23
23
|
"peerDependencies": {
|
|
@@ -35,6 +35,8 @@ import {
|
|
|
35
35
|
HealthcheckResponse,
|
|
36
36
|
VerifyPasswordRequest,
|
|
37
37
|
VerifyPasswordResponse,
|
|
38
|
+
IntrospectRequest,
|
|
39
|
+
IntrospectResponse,
|
|
38
40
|
} from "@fiado/type-kit/bin/cognitoBackofficeConnector";
|
|
39
41
|
import { ICognitoBackofficeConnectorApi } from "./interfaces/ICognitoBackofficeConnectorApi";
|
|
40
42
|
|
|
@@ -177,6 +179,13 @@ export default class CognitoBackofficeConnectorApi implements ICognitoBackoffice
|
|
|
177
179
|
return await this.httpRequest.post(url, input);
|
|
178
180
|
}
|
|
179
181
|
|
|
182
|
+
async introspect(
|
|
183
|
+
input: IntrospectRequest,
|
|
184
|
+
): Promise<ApiGatewayResponse<IntrospectResponse>> {
|
|
185
|
+
const url = `${this.baseUrl}/auth/introspect`;
|
|
186
|
+
return await this.httpRequest.post(url, input);
|
|
187
|
+
}
|
|
188
|
+
|
|
180
189
|
async authRespondChallenge(
|
|
181
190
|
input: RespondToChallengeRequest,
|
|
182
191
|
): Promise<ApiGatewayResponse<RespondToChallengeResponse>> {
|
|
@@ -33,6 +33,8 @@ import {
|
|
|
33
33
|
HealthcheckResponse,
|
|
34
34
|
VerifyPasswordRequest,
|
|
35
35
|
VerifyPasswordResponse,
|
|
36
|
+
IntrospectRequest,
|
|
37
|
+
IntrospectResponse,
|
|
36
38
|
} from "@fiado/type-kit/bin/cognitoBackofficeConnector";
|
|
37
39
|
|
|
38
40
|
/**
|
|
@@ -126,6 +128,17 @@ export interface ICognitoBackofficeConnectorApi {
|
|
|
126
128
|
input: VerifyPasswordRequest,
|
|
127
129
|
): Promise<ApiGatewayResponse<VerifyPasswordResponse>>;
|
|
128
130
|
|
|
131
|
+
/**
|
|
132
|
+
* POST /auth/introspect — valida un token (firma + exp + iss + client_id +
|
|
133
|
+
* token_use) y devuelve `{ valid, cognitoSub?, reason? }`. El connector es
|
|
134
|
+
* stateless: el caller (rbac) pasa userPoolId + region + clientId del pool.
|
|
135
|
+
* Consumido por el `AuthorizeManager` del platform-rbac-business durante el
|
|
136
|
+
* enforcement RBAC (PDP).
|
|
137
|
+
*/
|
|
138
|
+
introspect(
|
|
139
|
+
input: IntrospectRequest,
|
|
140
|
+
): Promise<ApiGatewayResponse<IntrospectResponse>>;
|
|
141
|
+
|
|
129
142
|
/** POST /auth/respond-challenge — responde a challenge pendiente (devuelve tokens o nuevo challenge). */
|
|
130
143
|
authRespondChallenge(
|
|
131
144
|
input: RespondToChallengeRequest,
|
package/src/container.config.ts
CHANGED
|
@@ -160,6 +160,8 @@ import PlatformRbacBusinessApi from "./platformRbac/api/PlatformRbacBusinessApi"
|
|
|
160
160
|
import { IMessagesBusinessApi, MessagesBusinessApi } from "./messages-business";
|
|
161
161
|
import MessagesBusinessPublisher from "./messages-business/queue/MessagesBusinessPublisher";
|
|
162
162
|
import { IMessagesBusinessPublisher } from "./messages-business/queue/interfaces/IMessagesBusinessPublisher";
|
|
163
|
+
// Totp security — connector HTTP-only síncrono (Fase 2 SureKeep)
|
|
164
|
+
import { ITotpSecurityApi, TotpSecurityApi } from "./totp-security";
|
|
163
165
|
|
|
164
166
|
export const apiInvokerBindings = new ContainerModule(({ bind }) => {
|
|
165
167
|
// UTILS bindings
|
|
@@ -286,4 +288,7 @@ export const apiInvokerBindings = new ContainerModule(({ bind }) => {
|
|
|
286
288
|
// Messages business — API client + OTP/notifications SQS publisher (Fase 0 SureKeep)
|
|
287
289
|
bind<IMessagesBusinessApi>("IMessagesBusinessApi").to(MessagesBusinessApi);
|
|
288
290
|
bind<IMessagesBusinessPublisher>("IMessagesBusinessPublisher").to(MessagesBusinessPublisher);
|
|
291
|
+
|
|
292
|
+
// Totp security — connector HTTP-only síncrono (Fase 2 SureKeep)
|
|
293
|
+
bind<ITotpSecurityApi>("ITotpSecurityApi").to(TotpSecurityApi);
|
|
289
294
|
});
|
package/src/index.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { inject, injectable } from "inversify";
|
|
2
|
-
import { IHttpRequest } from "@fiado/http-client";
|
|
2
|
+
import type { IHttpRequest } from "@fiado/http-client";
|
|
3
3
|
import { ApiGatewayResponse } from "@fiado/gateway-adapter";
|
|
4
4
|
// TD-AI-001: import de @fiado/type-kit/bin/platformRbac requiere npm link a type-kit 3.43.1 hasta publish final. Ver docs/TECH_DEBT.md.
|
|
5
5
|
import {
|
|
@@ -9,6 +9,8 @@ import {
|
|
|
9
9
|
PrepareChallengeResponse,
|
|
10
10
|
VerifyChallengeRequest,
|
|
11
11
|
VerifyChallengeResponse,
|
|
12
|
+
AuthorizeRequest,
|
|
13
|
+
AuthorizeResponse,
|
|
12
14
|
} from "@fiado/type-kit/bin/platformRbac";
|
|
13
15
|
import { IPlatformRbacBusinessApi } from "./interfaces/IPlatformRbacBusinessApi";
|
|
14
16
|
|
|
@@ -52,4 +54,11 @@ export default class PlatformRbacBusinessApi implements IPlatformRbacBusinessApi
|
|
|
52
54
|
const url = `${this.baseUrl}/internal/auth/verify-challenge`;
|
|
53
55
|
return await this.httpRequest.post(url, input);
|
|
54
56
|
}
|
|
57
|
+
|
|
58
|
+
async authorize(
|
|
59
|
+
input: AuthorizeRequest,
|
|
60
|
+
): Promise<ApiGatewayResponse<AuthorizeResponse>> {
|
|
61
|
+
const url = `${this.baseUrl}/internal/authorize`;
|
|
62
|
+
return await this.httpRequest.post(url, input);
|
|
63
|
+
}
|
|
55
64
|
}
|
|
@@ -6,6 +6,8 @@ import {
|
|
|
6
6
|
PrepareChallengeResponse,
|
|
7
7
|
VerifyChallengeRequest,
|
|
8
8
|
VerifyChallengeResponse,
|
|
9
|
+
AuthorizeRequest,
|
|
10
|
+
AuthorizeResponse,
|
|
9
11
|
} from "@fiado/type-kit/bin/platformRbac";
|
|
10
12
|
|
|
11
13
|
/**
|
|
@@ -53,4 +55,15 @@ export interface IPlatformRbacBusinessApi {
|
|
|
53
55
|
verifyChallenge(
|
|
54
56
|
input: VerifyChallengeRequest,
|
|
55
57
|
): Promise<ApiGatewayResponse<VerifyChallengeResponse>>;
|
|
58
|
+
|
|
59
|
+
/**
|
|
60
|
+
* POST /internal/authorize — decide allow/deny de un permiso (PDP del modelo
|
|
61
|
+
* PEP/PDP de RBAC enforcement). Invocado por el decorador `@RequirePermission`
|
|
62
|
+
* del `@fiado/gateway-adapter` vía la impl `IAuthorizer` de cada lambda consumidor.
|
|
63
|
+
* El rbac descubre el pool por `iss`, valida el token (vía connector introspect),
|
|
64
|
+
* resuelve permisos efectivos y devuelve `{ allow, reason?, context? }`.
|
|
65
|
+
*/
|
|
66
|
+
authorize(
|
|
67
|
+
input: AuthorizeRequest,
|
|
68
|
+
): Promise<ApiGatewayResponse<AuthorizeResponse>>;
|
|
56
69
|
}
|
|
@@ -26,7 +26,16 @@ export default class STPBusinessApi implements ISTPBusinessApi {
|
|
|
26
26
|
if (params.sort) queryParams.append('sort', params.sort);
|
|
27
27
|
queryParams.append('date', params.date);
|
|
28
28
|
const url: string = `${this.baseUrl}conciliation/PAGOCONFIADO?${queryParams.toString()}`;
|
|
29
|
-
return await this.httpRequest.get(url);
|
|
29
|
+
return await this.httpRequest.get(url);
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
async getAccountDetailByDirectoryId(directoryId: string): Promise<any> {
|
|
33
|
+
const url: string = `${this.baseUrl}`;
|
|
34
|
+
const headers = {
|
|
35
|
+
'Content-Type': 'application/json',
|
|
36
|
+
operationName: "privateGetAccountDetailByDirectoryId"
|
|
37
|
+
};
|
|
38
|
+
return await this.httpRequest.post(url, { directoryId }, headers);
|
|
30
39
|
}
|
|
31
|
-
|
|
40
|
+
|
|
32
41
|
}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import { inject, injectable } from 'inversify';
|
|
2
|
+
import type { IHttpRequest } from '@fiado/http-client';
|
|
3
|
+
import FiadoApiResponse from '@fiado/type-kit/bin/apiResponse/dtos/FiadoApiResponse';
|
|
4
|
+
import {
|
|
5
|
+
TotpEnrollRequest, TotpEnrollResponse,
|
|
6
|
+
TotpVerifyEnrollmentRequest, TotpVerifyEnrollmentResponse,
|
|
7
|
+
TotpVerifyRequest, TotpVerifyResponse,
|
|
8
|
+
TotpDeleteRequest, TotpDeleteResponse,
|
|
9
|
+
TotpStatusRequest, TotpStatusResponse,
|
|
10
|
+
} from '@fiado/type-kit/bin/totpSecurity';
|
|
11
|
+
import { ITotpSecurityApi } from './interfaces/ITotpSecurityApi';
|
|
12
|
+
|
|
13
|
+
@injectable()
|
|
14
|
+
export class TotpSecurityApi implements ITotpSecurityApi {
|
|
15
|
+
private readonly baseUrl = process.env.TOTP_SECURITY_URL || '';
|
|
16
|
+
|
|
17
|
+
constructor(@inject('IHttpRequest') private readonly httpRequest: IHttpRequest) {}
|
|
18
|
+
|
|
19
|
+
async enroll(req: TotpEnrollRequest): Promise<FiadoApiResponse<TotpEnrollResponse>> {
|
|
20
|
+
return await this.httpRequest.post(`${this.baseUrl}totp/enroll`, req, { 'operationName': 'privateTotpEnroll' });
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
async verifyEnrollment(req: TotpVerifyEnrollmentRequest): Promise<FiadoApiResponse<TotpVerifyEnrollmentResponse>> {
|
|
24
|
+
return await this.httpRequest.post(`${this.baseUrl}totp/verify-enrollment`, req, { 'operationName': 'privateTotpVerifyEnrollment' });
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
async verify(req: TotpVerifyRequest): Promise<FiadoApiResponse<TotpVerifyResponse>> {
|
|
28
|
+
return await this.httpRequest.post(`${this.baseUrl}totp/verify`, req, { 'operationName': 'privateTotpVerify' });
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
async deleteSecret(req: TotpDeleteRequest): Promise<FiadoApiResponse<TotpDeleteResponse>> {
|
|
32
|
+
return await this.httpRequest.post(`${this.baseUrl}totp/secret/delete`, req, { 'operationName': 'privateTotpDelete' });
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
async status(req: TotpStatusRequest): Promise<FiadoApiResponse<TotpStatusResponse>> {
|
|
36
|
+
return await this.httpRequest.get(`${this.baseUrl}totp/status`, req, { 'operationName': 'privateTotpStatus' });
|
|
37
|
+
}
|
|
38
|
+
}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import FiadoApiResponse from '@fiado/type-kit/bin/apiResponse/dtos/FiadoApiResponse';
|
|
2
|
+
import {
|
|
3
|
+
TotpEnrollRequest, TotpEnrollResponse,
|
|
4
|
+
TotpVerifyEnrollmentRequest, TotpVerifyEnrollmentResponse,
|
|
5
|
+
TotpVerifyRequest, TotpVerifyResponse,
|
|
6
|
+
TotpDeleteRequest, TotpDeleteResponse,
|
|
7
|
+
TotpStatusRequest, TotpStatusResponse,
|
|
8
|
+
} from '@fiado/type-kit/bin/totpSecurity';
|
|
9
|
+
|
|
10
|
+
export interface ITotpSecurityApi {
|
|
11
|
+
enroll(req: TotpEnrollRequest): Promise<FiadoApiResponse<TotpEnrollResponse>>;
|
|
12
|
+
verifyEnrollment(req: TotpVerifyEnrollmentRequest): Promise<FiadoApiResponse<TotpVerifyEnrollmentResponse>>;
|
|
13
|
+
verify(req: TotpVerifyRequest): Promise<FiadoApiResponse<TotpVerifyResponse>>;
|
|
14
|
+
deleteSecret(req: TotpDeleteRequest): Promise<FiadoApiResponse<TotpDeleteResponse>>;
|
|
15
|
+
status(req: TotpStatusRequest): Promise<FiadoApiResponse<TotpStatusResponse>>;
|
|
16
|
+
}
|