@fiado/type-kit 3.127.0 → 3.129.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/_test_/unit/platformRbac/dtos/CreateTenantRequest.test.ts +42 -0
- package/bin/cognitoBackofficeConnector/dtos/MfaPoolConfig.d.ts +7 -0
- package/bin/cognitoBackofficeConnector/dtos/MfaPoolConfig.js +36 -0
- package/bin/cognitoBackofficeConnector/dtos/PoolConfigResponse.d.ts +20 -0
- package/bin/cognitoBackofficeConnector/dtos/PoolConfigResponse.js +11 -0
- package/bin/cognitoBackofficeConnector/dtos/PoolsListResponse.d.ts +4 -0
- package/bin/cognitoBackofficeConnector/dtos/PoolsListResponse.js +6 -0
- package/bin/cognitoBackofficeConnector/validators/MfaTypesRequiresOne.d.ts +17 -0
- package/bin/cognitoBackofficeConnector/validators/MfaTypesRequiresOne.js +39 -0
- package/bin/platformRbac/dtos/CreateTenantRequest.d.ts +18 -0
- package/bin/platformRbac/dtos/CreateTenantRequest.js +33 -1
- package/bin/rbac/enums/PoolKind.d.ts +16 -0
- package/bin/rbac/enums/PoolKind.js +20 -0
- package/bin/rbac/index.d.ts +1 -0
- package/bin/rbac/index.js +17 -0
- package/bin/remittance/dtos/RemittanceBackofficeStats.d.ts +7 -1
- package/bin/remittance/dtos/RemittanceBackofficeStats.js +5 -2
- package/bin/walletFunding/dtos/CancelFundingReferenceRequest.d.ts +1 -10
- package/bin/walletFunding/dtos/CancelFundingReferenceRequest.js +3 -13
- package/bin/walletFunding/dtos/CancelFundingReferenceResponse.d.ts +1 -9
- package/bin/walletFunding/dtos/CancelFundingReferenceResponse.js +0 -7
- package/bin/walletFunding/dtos/CancelFundingRequest.d.ts +11 -0
- package/bin/{platformRbac/dtos/CompleteMyProfileRequest.js → walletFunding/dtos/CancelFundingRequest.js} +14 -15
- package/bin/walletFunding/dtos/CancelFundingResponse.d.ts +14 -0
- package/bin/walletFunding/dtos/CancelFundingResponse.js +12 -0
- package/package.json +1 -1
- package/src/platformRbac/dtos/CreateTenantRequest.ts +35 -2
- package/src/remittance/dtos/RemittanceBackofficeStats.ts +8 -1
- package/bin/platformRbac/dtos/CompleteMyProfileRequest.d.ts +0 -9
|
@@ -60,6 +60,48 @@ describe('CreateTenantRequest', () => {
|
|
|
60
60
|
expect(errors.some(e => e.property === 'tenantType')).toBe(true);
|
|
61
61
|
});
|
|
62
62
|
|
|
63
|
+
it('valida con securityPolicy omitido (opcional — hereda app.defaults)', async () => {
|
|
64
|
+
const dto = plainToInstance(CreateTenantRequest, valid);
|
|
65
|
+
const errors = await validate(dto);
|
|
66
|
+
expect(errors).toEqual([]);
|
|
67
|
+
expect(dto.securityPolicy).toBeUndefined();
|
|
68
|
+
});
|
|
69
|
+
|
|
70
|
+
it('valida securityPolicy con métodos válidos y mfaEnabled', async () => {
|
|
71
|
+
const dto = plainToInstance(CreateTenantRequest, {
|
|
72
|
+
...valid,
|
|
73
|
+
securityPolicy: { methodsAllowed: ['EMAIL', 'TOTP'], mfaEnabled: true },
|
|
74
|
+
});
|
|
75
|
+
const errors = await validate(dto);
|
|
76
|
+
expect(errors).toEqual([]);
|
|
77
|
+
expect(dto.securityPolicy?.methodsAllowed).toEqual(['EMAIL', 'TOTP']);
|
|
78
|
+
expect(dto.securityPolicy?.mfaEnabled).toBe(true);
|
|
79
|
+
});
|
|
80
|
+
|
|
81
|
+
it('valida securityPolicy con ambos campos opcionales ausentes (objeto vacío)', async () => {
|
|
82
|
+
const dto = plainToInstance(CreateTenantRequest, { ...valid, securityPolicy: {} });
|
|
83
|
+
const errors = await validate(dto);
|
|
84
|
+
expect(errors).toEqual([]);
|
|
85
|
+
});
|
|
86
|
+
|
|
87
|
+
it('falla si securityPolicy.methodsAllowed tiene un método fuera del value-set', async () => {
|
|
88
|
+
const dto = plainToInstance(CreateTenantRequest, {
|
|
89
|
+
...valid,
|
|
90
|
+
securityPolicy: { methodsAllowed: ['SMS'] },
|
|
91
|
+
});
|
|
92
|
+
const errors = await validate(dto);
|
|
93
|
+
expect(errors.some(e => e.property === 'securityPolicy')).toBe(true);
|
|
94
|
+
});
|
|
95
|
+
|
|
96
|
+
it('falla si securityPolicy.mfaEnabled no es boolean', async () => {
|
|
97
|
+
const dto = plainToInstance(CreateTenantRequest, {
|
|
98
|
+
...valid,
|
|
99
|
+
securityPolicy: { mfaEnabled: 'si' },
|
|
100
|
+
});
|
|
101
|
+
const errors = await validate(dto);
|
|
102
|
+
expect(errors.some(e => e.property === 'securityPolicy')).toBe(true);
|
|
103
|
+
});
|
|
104
|
+
|
|
63
105
|
it('NO expone temporaryPassword en el request (campo del response, no del body)', () => {
|
|
64
106
|
// El request NO debe llevar temporaryPassword (es solo del response, fallback out-of-band F-11).
|
|
65
107
|
// Con excludeExtraneousValues solo sobreviven las props @Expose() del DTO → el contrato lo excluye.
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.MfaPoolConfig = void 0;
|
|
13
|
+
const class_transformer_1 = require("class-transformer");
|
|
14
|
+
const class_validator_1 = require("class-validator");
|
|
15
|
+
const MfaTypesRequiresOne_1 = require("../validators/MfaTypesRequiresOne");
|
|
16
|
+
// EMAIL_OTP removido (3.41.0): el cognito-backoffice-connector no provisiona
|
|
17
|
+
// EmailMfaConfiguration a nivel pool (requiere infra SES que no está montada
|
|
18
|
+
// y la integración con messages-lambda aún no tiene diseño). Ver TD-020 +
|
|
19
|
+
// DEC-001 en cognito-backoffice-connector/docs/. Si se reintroduce, agregar
|
|
20
|
+
// 'EMAIL_OTP' a este array.
|
|
21
|
+
const ALLOWED_MFA_TYPES = ['SOFTWARE_TOKEN_MFA'];
|
|
22
|
+
class MfaPoolConfig {
|
|
23
|
+
}
|
|
24
|
+
exports.MfaPoolConfig = MfaPoolConfig;
|
|
25
|
+
__decorate([
|
|
26
|
+
(0, class_transformer_1.Expose)(),
|
|
27
|
+
(0, class_validator_1.IsBoolean)(),
|
|
28
|
+
__metadata("design:type", Boolean)
|
|
29
|
+
], MfaPoolConfig.prototype, "requireMfa", void 0);
|
|
30
|
+
__decorate([
|
|
31
|
+
(0, class_transformer_1.Expose)(),
|
|
32
|
+
(0, class_validator_1.IsArray)(),
|
|
33
|
+
(0, class_validator_1.IsIn)(ALLOWED_MFA_TYPES, { each: true }),
|
|
34
|
+
(0, class_validator_1.Validate)(MfaTypesRequiresOne_1.MfaTypesRequiresOne),
|
|
35
|
+
__metadata("design:type", Array)
|
|
36
|
+
], MfaPoolConfig.prototype, "mfaTypes", void 0);
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { PoolKind } from '../../rbac/enums/PoolKind';
|
|
2
|
+
/**
|
|
3
|
+
* Shape del `PoolConfigRow` expuesto al caller (BFF M18 / otros lambdas Fiado).
|
|
4
|
+
* Refleja la configuración de un Cognito User Pool registrado en la tabla
|
|
5
|
+
* `PoolConfigs_GT` del lambda `cognito-backoffice-connector`.
|
|
6
|
+
*/
|
|
7
|
+
export declare class PoolConfigResponse {
|
|
8
|
+
userPoolId: string;
|
|
9
|
+
userPoolArn: string;
|
|
10
|
+
region: string;
|
|
11
|
+
poolKind: PoolKind;
|
|
12
|
+
displayName: string;
|
|
13
|
+
appClients: Record<string, {
|
|
14
|
+
clientId: string;
|
|
15
|
+
clientName: string;
|
|
16
|
+
}>;
|
|
17
|
+
status: 'active' | 'deprecated';
|
|
18
|
+
createdAt: number;
|
|
19
|
+
updatedAt: number;
|
|
20
|
+
}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PoolConfigResponse = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Shape del `PoolConfigRow` expuesto al caller (BFF M18 / otros lambdas Fiado).
|
|
6
|
+
* Refleja la configuración de un Cognito User Pool registrado en la tabla
|
|
7
|
+
* `PoolConfigs_GT` del lambda `cognito-backoffice-connector`.
|
|
8
|
+
*/
|
|
9
|
+
class PoolConfigResponse {
|
|
10
|
+
}
|
|
11
|
+
exports.PoolConfigResponse = PoolConfigResponse;
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { ValidatorConstraintInterface, ValidationArguments } from 'class-validator';
|
|
2
|
+
/**
|
|
3
|
+
* Cross-field validator: si `requireMfa: true`, entonces `mfaTypes` debe tener
|
|
4
|
+
* al menos 1 elemento. Si `requireMfa: false`, `mfaTypes` puede ser vacío.
|
|
5
|
+
*
|
|
6
|
+
* Razón: cuando el pool nace con MFA habilitado, el connector llama
|
|
7
|
+
* `SetUserPoolMfaConfigCommand` con la lista de tipos del DTO. Si el array
|
|
8
|
+
* llega vacío con `requireMfa: true`, el SDK rechaza con InvalidParameterException
|
|
9
|
+
* y el pool queda en estado inconsistente (MfaConfiguration:'ON' sin tipos).
|
|
10
|
+
* Mejor rechazar en validación del DTO antes de tocar AWS.
|
|
11
|
+
*
|
|
12
|
+
* Ver pivote v1.4.1 TD-017 cerrado + spec doc §1 R3.
|
|
13
|
+
*/
|
|
14
|
+
export declare class MfaTypesRequiresOne implements ValidatorConstraintInterface {
|
|
15
|
+
validate(mfaTypes: unknown, args: ValidationArguments): boolean;
|
|
16
|
+
defaultMessage(): string;
|
|
17
|
+
}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.MfaTypesRequiresOne = void 0;
|
|
10
|
+
const class_validator_1 = require("class-validator");
|
|
11
|
+
/**
|
|
12
|
+
* Cross-field validator: si `requireMfa: true`, entonces `mfaTypes` debe tener
|
|
13
|
+
* al menos 1 elemento. Si `requireMfa: false`, `mfaTypes` puede ser vacío.
|
|
14
|
+
*
|
|
15
|
+
* Razón: cuando el pool nace con MFA habilitado, el connector llama
|
|
16
|
+
* `SetUserPoolMfaConfigCommand` con la lista de tipos del DTO. Si el array
|
|
17
|
+
* llega vacío con `requireMfa: true`, el SDK rechaza con InvalidParameterException
|
|
18
|
+
* y el pool queda en estado inconsistente (MfaConfiguration:'ON' sin tipos).
|
|
19
|
+
* Mejor rechazar en validación del DTO antes de tocar AWS.
|
|
20
|
+
*
|
|
21
|
+
* Ver pivote v1.4.1 TD-017 cerrado + spec doc §1 R3.
|
|
22
|
+
*/
|
|
23
|
+
let MfaTypesRequiresOne = class MfaTypesRequiresOne {
|
|
24
|
+
validate(mfaTypes, args) {
|
|
25
|
+
const obj = args.object;
|
|
26
|
+
if (obj.requireMfa === true) {
|
|
27
|
+
return Array.isArray(mfaTypes) && mfaTypes.length >= 1;
|
|
28
|
+
}
|
|
29
|
+
// requireMfa: false → cualquier mfaTypes pasa.
|
|
30
|
+
return true;
|
|
31
|
+
}
|
|
32
|
+
defaultMessage() {
|
|
33
|
+
return 'mfaTypes requiere al menos un tipo cuando requireMfa=true';
|
|
34
|
+
}
|
|
35
|
+
};
|
|
36
|
+
exports.MfaTypesRequiresOne = MfaTypesRequiresOne;
|
|
37
|
+
exports.MfaTypesRequiresOne = MfaTypesRequiresOne = __decorate([
|
|
38
|
+
(0, class_validator_1.ValidatorConstraint)({ name: 'MfaTypesRequiresOneWhenMfaRequired', async: false })
|
|
39
|
+
], MfaTypesRequiresOne);
|
|
@@ -1,5 +1,18 @@
|
|
|
1
1
|
import { TokenValidationMode } from '../enums/TokenValidationMode';
|
|
2
2
|
import { TenantType } from '../tenantTypes';
|
|
3
|
+
/**
|
|
4
|
+
* Punto inicial de la política 2FA elegido en el alta del tenant (DEC-RBAC-064). Para el CREATE
|
|
5
|
+
* ambos campos son OPCIONALES: es un override del punto de partida — si se omite, el onboarding
|
|
6
|
+
* hereda de `app.defaults.securityPolicy`.
|
|
7
|
+
*
|
|
8
|
+
* TD-RBAC-071: `methodsAllowed` usa el value-set 'EMAIL'|'TOTP' (string), espejo del que usa
|
|
9
|
+
* `UpdateTenantSecurityPolicyRequest`. NO se reusa ese DTO porque allí `methodsAllowed` es REQUERIDO
|
|
10
|
+
* (@ArrayNotEmpty); en el create es opcional.
|
|
11
|
+
*/
|
|
12
|
+
export declare class CreateTenantSecurityPolicy {
|
|
13
|
+
methodsAllowed?: ('EMAIL' | 'TOTP')[];
|
|
14
|
+
mfaEnabled?: boolean;
|
|
15
|
+
}
|
|
3
16
|
/**
|
|
4
17
|
* Input del POST backoffice de creación de tenant (F-11 — onboarding de tenant en SureKeep).
|
|
5
18
|
* Consumido por el controller `backofficeCreateTenant` del platform-rbac-business y, a futuro,
|
|
@@ -28,4 +41,9 @@ export declare class CreateTenantRequest {
|
|
|
28
41
|
tenantType?: TenantType;
|
|
29
42
|
/** DEC-RBAC-034: aplicación (plantilla) de la que se crea el tenant; opcional, fallback a tenantType (back-compat). */
|
|
30
43
|
applicationId?: string;
|
|
44
|
+
/**
|
|
45
|
+
* DEC-RBAC-064: punto inicial de métodos 2FA elegido en el alta. Opcional: si se omite, el
|
|
46
|
+
* onboarding hereda `app.defaults.securityPolicy`. Aditivo, no rompe altas existentes.
|
|
47
|
+
*/
|
|
48
|
+
securityPolicy?: CreateTenantSecurityPolicy;
|
|
31
49
|
}
|
|
@@ -9,11 +9,36 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.CreateTenantRequest = void 0;
|
|
12
|
+
exports.CreateTenantRequest = exports.CreateTenantSecurityPolicy = void 0;
|
|
13
13
|
const class_transformer_1 = require("class-transformer");
|
|
14
14
|
const class_validator_1 = require("class-validator");
|
|
15
15
|
const TokenValidationMode_1 = require("../enums/TokenValidationMode");
|
|
16
16
|
const tenantTypes_1 = require("../tenantTypes");
|
|
17
|
+
/**
|
|
18
|
+
* Punto inicial de la política 2FA elegido en el alta del tenant (DEC-RBAC-064). Para el CREATE
|
|
19
|
+
* ambos campos son OPCIONALES: es un override del punto de partida — si se omite, el onboarding
|
|
20
|
+
* hereda de `app.defaults.securityPolicy`.
|
|
21
|
+
*
|
|
22
|
+
* TD-RBAC-071: `methodsAllowed` usa el value-set 'EMAIL'|'TOTP' (string), espejo del que usa
|
|
23
|
+
* `UpdateTenantSecurityPolicyRequest`. NO se reusa ese DTO porque allí `methodsAllowed` es REQUERIDO
|
|
24
|
+
* (@ArrayNotEmpty); en el create es opcional.
|
|
25
|
+
*/
|
|
26
|
+
class CreateTenantSecurityPolicy {
|
|
27
|
+
}
|
|
28
|
+
exports.CreateTenantSecurityPolicy = CreateTenantSecurityPolicy;
|
|
29
|
+
__decorate([
|
|
30
|
+
(0, class_transformer_1.Expose)(),
|
|
31
|
+
(0, class_validator_1.IsOptional)(),
|
|
32
|
+
(0, class_validator_1.IsArray)(),
|
|
33
|
+
(0, class_validator_1.IsIn)(['EMAIL', 'TOTP'], { each: true }),
|
|
34
|
+
__metadata("design:type", Array)
|
|
35
|
+
], CreateTenantSecurityPolicy.prototype, "methodsAllowed", void 0);
|
|
36
|
+
__decorate([
|
|
37
|
+
(0, class_transformer_1.Expose)(),
|
|
38
|
+
(0, class_validator_1.IsOptional)(),
|
|
39
|
+
(0, class_validator_1.IsBoolean)(),
|
|
40
|
+
__metadata("design:type", Boolean)
|
|
41
|
+
], CreateTenantSecurityPolicy.prototype, "mfaEnabled", void 0);
|
|
17
42
|
/**
|
|
18
43
|
* Input del POST backoffice de creación de tenant (F-11 — onboarding de tenant en SureKeep).
|
|
19
44
|
* Consumido por el controller `backofficeCreateTenant` del platform-rbac-business y, a futuro,
|
|
@@ -75,3 +100,10 @@ __decorate([
|
|
|
75
100
|
(0, class_validator_1.IsString)(),
|
|
76
101
|
__metadata("design:type", String)
|
|
77
102
|
], CreateTenantRequest.prototype, "applicationId", void 0);
|
|
103
|
+
__decorate([
|
|
104
|
+
(0, class_transformer_1.Expose)(),
|
|
105
|
+
(0, class_validator_1.IsOptional)(),
|
|
106
|
+
(0, class_validator_1.ValidateNested)(),
|
|
107
|
+
(0, class_transformer_1.Type)(() => CreateTenantSecurityPolicy),
|
|
108
|
+
__metadata("design:type", CreateTenantSecurityPolicy)
|
|
109
|
+
], CreateTenantRequest.prototype, "securityPolicy", void 0);
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tipo de User Pool de Cognito desde la perspectiva del modelo RBAC Fiado.
|
|
3
|
+
*
|
|
4
|
+
* Origen: spec del proyecto `cognito-backoffice-connector` (Fase 0, componente 01
|
|
5
|
+
* documento `docs/superpowers/specs/2026-05-26-cognito-connector-decisiones-pendientes-design.md`).
|
|
6
|
+
*
|
|
7
|
+
* Decisión (TD-003): el proyecto converge en estos 2 valores. El documento componente 03
|
|
8
|
+
* lista 3 valores (incluyendo una variante adicional) pero queda como outlier — la
|
|
9
|
+
* decisión vigente en los 6 docs restantes y en el plan de implementación es 2 valores:
|
|
10
|
+
* - BACKOFFICE_PLATFORM — pool del backoffice de plataforma (cross-tenant)
|
|
11
|
+
* - BACKOFFICE_TENANT — pool por tenant (multi-tenant isolation)
|
|
12
|
+
*/
|
|
13
|
+
export declare enum PoolKind {
|
|
14
|
+
BACKOFFICE_PLATFORM = "BACKOFFICE_PLATFORM",
|
|
15
|
+
BACKOFFICE_TENANT = "BACKOFFICE_TENANT"
|
|
16
|
+
}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PoolKind = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Tipo de User Pool de Cognito desde la perspectiva del modelo RBAC Fiado.
|
|
6
|
+
*
|
|
7
|
+
* Origen: spec del proyecto `cognito-backoffice-connector` (Fase 0, componente 01
|
|
8
|
+
* documento `docs/superpowers/specs/2026-05-26-cognito-connector-decisiones-pendientes-design.md`).
|
|
9
|
+
*
|
|
10
|
+
* Decisión (TD-003): el proyecto converge en estos 2 valores. El documento componente 03
|
|
11
|
+
* lista 3 valores (incluyendo una variante adicional) pero queda como outlier — la
|
|
12
|
+
* decisión vigente en los 6 docs restantes y en el plan de implementación es 2 valores:
|
|
13
|
+
* - BACKOFFICE_PLATFORM — pool del backoffice de plataforma (cross-tenant)
|
|
14
|
+
* - BACKOFFICE_TENANT — pool por tenant (multi-tenant isolation)
|
|
15
|
+
*/
|
|
16
|
+
var PoolKind;
|
|
17
|
+
(function (PoolKind) {
|
|
18
|
+
PoolKind["BACKOFFICE_PLATFORM"] = "BACKOFFICE_PLATFORM";
|
|
19
|
+
PoolKind["BACKOFFICE_TENANT"] = "BACKOFFICE_TENANT";
|
|
20
|
+
})(PoolKind || (exports.PoolKind = PoolKind = {}));
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './enums/PoolKind';
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./enums/PoolKind"), exports);
|
|
@@ -8,8 +8,13 @@ export declare class RemittanceBackofficeCountryBucket extends RemittanceBackoff
|
|
|
8
8
|
}
|
|
9
9
|
export declare class RemittanceBackofficeDayBucket extends RemittanceBackofficeStatsBucket {
|
|
10
10
|
date: string;
|
|
11
|
+
/** Fees recaudados ese día (para el delta de fees vs. el día anterior). */
|
|
12
|
+
feesUSD: number;
|
|
11
13
|
}
|
|
12
|
-
|
|
14
|
+
export declare class RemittanceBackofficeStatusBucket extends RemittanceBackofficeStatsBucket {
|
|
15
|
+
status: string;
|
|
16
|
+
}
|
|
17
|
+
/** Volumen/fees agregados por país, por status y por día (F9). */
|
|
13
18
|
export declare class RemittanceBackofficeStats {
|
|
14
19
|
period: RemittanceBackofficeStatsPeriod;
|
|
15
20
|
from: string;
|
|
@@ -17,5 +22,6 @@ export declare class RemittanceBackofficeStats {
|
|
|
17
22
|
volumeUSD: number;
|
|
18
23
|
totalFeesUSD: number;
|
|
19
24
|
byCountry: RemittanceBackofficeCountryBucket[];
|
|
25
|
+
byStatus: RemittanceBackofficeStatusBucket[];
|
|
20
26
|
byDay: RemittanceBackofficeDayBucket[];
|
|
21
27
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.RemittanceBackofficeStats = exports.RemittanceBackofficeDayBucket = exports.RemittanceBackofficeCountryBucket = exports.RemittanceBackofficeStatsBucket = void 0;
|
|
3
|
+
exports.RemittanceBackofficeStats = exports.RemittanceBackofficeStatusBucket = exports.RemittanceBackofficeDayBucket = exports.RemittanceBackofficeCountryBucket = exports.RemittanceBackofficeStatsBucket = void 0;
|
|
4
4
|
class RemittanceBackofficeStatsBucket {
|
|
5
5
|
}
|
|
6
6
|
exports.RemittanceBackofficeStatsBucket = RemittanceBackofficeStatsBucket;
|
|
@@ -10,7 +10,10 @@ exports.RemittanceBackofficeCountryBucket = RemittanceBackofficeCountryBucket;
|
|
|
10
10
|
class RemittanceBackofficeDayBucket extends RemittanceBackofficeStatsBucket {
|
|
11
11
|
}
|
|
12
12
|
exports.RemittanceBackofficeDayBucket = RemittanceBackofficeDayBucket;
|
|
13
|
-
|
|
13
|
+
class RemittanceBackofficeStatusBucket extends RemittanceBackofficeStatsBucket {
|
|
14
|
+
}
|
|
15
|
+
exports.RemittanceBackofficeStatusBucket = RemittanceBackofficeStatusBucket;
|
|
16
|
+
/** Volumen/fees agregados por país, por status y por día (F9). */
|
|
14
17
|
class RemittanceBackofficeStats {
|
|
15
18
|
}
|
|
16
19
|
exports.RemittanceBackofficeStats = RemittanceBackofficeStats;
|
|
@@ -1,14 +1,5 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Body para cancelar una referencia de funding ya creada. La referencia/fundingId
|
|
3
|
-
* viaja en la URL (`/funding/{moduleName}/{fundingId}/cancel`); este body aporta
|
|
4
|
-
* el contexto del solicitante + idempotencia.
|
|
5
|
-
*
|
|
6
|
-
* NOTA: shape inferido desde el uso en `@fiado/api-invoker`
|
|
7
|
-
* (benefits-marketplace / equality-connector) — confirmar con el dueño del
|
|
8
|
-
* módulo walletFunding / el lambda equality-connector que implementa el cancel.
|
|
9
|
-
*/
|
|
10
1
|
export declare class CancelFundingReferenceRequest {
|
|
2
|
+
fundingId: string;
|
|
11
3
|
directoryId: string;
|
|
12
|
-
reason?: string;
|
|
13
4
|
idempotencyKey: string;
|
|
14
5
|
}
|
|
@@ -11,15 +11,6 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.CancelFundingReferenceRequest = void 0;
|
|
13
13
|
const class_validator_1 = require("class-validator");
|
|
14
|
-
/**
|
|
15
|
-
* Body para cancelar una referencia de funding ya creada. La referencia/fundingId
|
|
16
|
-
* viaja en la URL (`/funding/{moduleName}/{fundingId}/cancel`); este body aporta
|
|
17
|
-
* el contexto del solicitante + idempotencia.
|
|
18
|
-
*
|
|
19
|
-
* NOTA: shape inferido desde el uso en `@fiado/api-invoker`
|
|
20
|
-
* (benefits-marketplace / equality-connector) — confirmar con el dueño del
|
|
21
|
-
* módulo walletFunding / el lambda equality-connector que implementa el cancel.
|
|
22
|
-
*/
|
|
23
14
|
class CancelFundingReferenceRequest {
|
|
24
15
|
}
|
|
25
16
|
exports.CancelFundingReferenceRequest = CancelFundingReferenceRequest;
|
|
@@ -27,13 +18,12 @@ __decorate([
|
|
|
27
18
|
(0, class_validator_1.IsString)(),
|
|
28
19
|
(0, class_validator_1.MaxLength)(64),
|
|
29
20
|
__metadata("design:type", String)
|
|
30
|
-
], CancelFundingReferenceRequest.prototype, "
|
|
21
|
+
], CancelFundingReferenceRequest.prototype, "fundingId", void 0);
|
|
31
22
|
__decorate([
|
|
32
|
-
(0, class_validator_1.IsOptional)(),
|
|
33
23
|
(0, class_validator_1.IsString)(),
|
|
34
|
-
(0, class_validator_1.MaxLength)(
|
|
24
|
+
(0, class_validator_1.MaxLength)(64),
|
|
35
25
|
__metadata("design:type", String)
|
|
36
|
-
], CancelFundingReferenceRequest.prototype, "
|
|
26
|
+
], CancelFundingReferenceRequest.prototype, "directoryId", void 0);
|
|
37
27
|
__decorate([
|
|
38
28
|
(0, class_validator_1.IsString)(),
|
|
39
29
|
(0, class_validator_1.MaxLength)(64),
|
|
@@ -1,15 +1,7 @@
|
|
|
1
1
|
import { BenefitPaymentStatusEnum } from "../../benefitCenter/enums/BenefitPaymentStatusEnum";
|
|
2
2
|
import { WalletFundingErrorCodeEnum } from "../enums/WalletFundingErrorCodeEnum";
|
|
3
|
-
/**
|
|
4
|
-
* Respuesta de la cancelación de una referencia de funding. Mismo estilo que
|
|
5
|
-
* CreateFundingReferenceResponse.
|
|
6
|
-
*
|
|
7
|
-
* NOTA: shape inferido desde el uso en `@fiado/api-invoker` — confirmar con el
|
|
8
|
-
* dueño del módulo walletFunding / el lambda equality-connector.
|
|
9
|
-
*/
|
|
10
3
|
export declare class CancelFundingReferenceResponse {
|
|
11
|
-
|
|
12
|
-
reference: string;
|
|
4
|
+
fundingId: string;
|
|
13
5
|
status: BenefitPaymentStatusEnum;
|
|
14
6
|
errorCode?: WalletFundingErrorCodeEnum;
|
|
15
7
|
}
|
|
@@ -1,13 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.CancelFundingReferenceResponse = void 0;
|
|
4
|
-
/**
|
|
5
|
-
* Respuesta de la cancelación de una referencia de funding. Mismo estilo que
|
|
6
|
-
* CreateFundingReferenceResponse.
|
|
7
|
-
*
|
|
8
|
-
* NOTA: shape inferido desde el uso en `@fiado/api-invoker` — confirmar con el
|
|
9
|
-
* dueño del módulo walletFunding / el lambda equality-connector.
|
|
10
|
-
*/
|
|
11
4
|
class CancelFundingReferenceResponse {
|
|
12
5
|
}
|
|
13
6
|
exports.CancelFundingReferenceResponse = CancelFundingReferenceResponse;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Request del cancel via Centro de Beneficios (spec 13 v2.0).
|
|
3
|
+
* `fundingId` viaja en el path, `directoryId` se resuelve del JWT.
|
|
4
|
+
* `providerModuleName` permite al marketplace rutear al publisher correcto
|
|
5
|
+
* sin tener que persistir el mapping (el wallet-app sabe el moduleName
|
|
6
|
+
* porque vino en la respuesta del authorize).
|
|
7
|
+
*/
|
|
8
|
+
export declare class CancelFundingRequest {
|
|
9
|
+
idempotencyKey: string;
|
|
10
|
+
providerModuleName: string;
|
|
11
|
+
}
|
|
@@ -9,26 +9,25 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.
|
|
13
|
-
const class_transformer_1 = require("class-transformer");
|
|
12
|
+
exports.CancelFundingRequest = void 0;
|
|
14
13
|
const class_validator_1 = require("class-validator");
|
|
15
14
|
/**
|
|
16
|
-
*
|
|
17
|
-
*
|
|
18
|
-
*
|
|
15
|
+
* Request del cancel via Centro de Beneficios (spec 13 v2.0).
|
|
16
|
+
* `fundingId` viaja en el path, `directoryId` se resuelve del JWT.
|
|
17
|
+
* `providerModuleName` permite al marketplace rutear al publisher correcto
|
|
18
|
+
* sin tener que persistir el mapping (el wallet-app sabe el moduleName
|
|
19
|
+
* porque vino en la respuesta del authorize).
|
|
19
20
|
*/
|
|
20
|
-
class
|
|
21
|
+
class CancelFundingRequest {
|
|
21
22
|
}
|
|
22
|
-
exports.
|
|
23
|
+
exports.CancelFundingRequest = CancelFundingRequest;
|
|
23
24
|
__decorate([
|
|
24
|
-
(0, class_transformer_1.Expose)(),
|
|
25
25
|
(0, class_validator_1.IsString)(),
|
|
26
|
-
(0, class_validator_1.
|
|
26
|
+
(0, class_validator_1.MaxLength)(64),
|
|
27
27
|
__metadata("design:type", String)
|
|
28
|
-
],
|
|
28
|
+
], CancelFundingRequest.prototype, "idempotencyKey", void 0);
|
|
29
29
|
__decorate([
|
|
30
|
-
(0,
|
|
31
|
-
(0, class_validator_1.
|
|
32
|
-
(
|
|
33
|
-
|
|
34
|
-
], CompleteMyProfileRequest.prototype, "customFields", void 0);
|
|
30
|
+
(0, class_validator_1.IsString)(),
|
|
31
|
+
(0, class_validator_1.MaxLength)(128),
|
|
32
|
+
__metadata("design:type", String)
|
|
33
|
+
], CancelFundingRequest.prototype, "providerModuleName", void 0);
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { BenefitPaymentStatusEnum } from "../../benefitCenter/enums/BenefitPaymentStatusEnum";
|
|
2
|
+
import { WalletFundingErrorCodeEnum } from "../enums/WalletFundingErrorCodeEnum";
|
|
3
|
+
/**
|
|
4
|
+
* Response del cancel via Centro de Beneficios (spec 13 v2.0).
|
|
5
|
+
* `status` reusa `BenefitPaymentStatusEnum` (APPROVED = cancel aceptado;
|
|
6
|
+
* REJECTED = no se pudo) para consistencia con `CancelFundingReferenceResponse`
|
|
7
|
+
* (marketplace ↔ connector). Idempotente: re-cancelar devuelve APPROVED.
|
|
8
|
+
*/
|
|
9
|
+
export declare class CancelFundingResponse {
|
|
10
|
+
fundingId: string;
|
|
11
|
+
status: BenefitPaymentStatusEnum;
|
|
12
|
+
errorCode?: WalletFundingErrorCodeEnum;
|
|
13
|
+
message?: string;
|
|
14
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CancelFundingResponse = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Response del cancel via Centro de Beneficios (spec 13 v2.0).
|
|
6
|
+
* `status` reusa `BenefitPaymentStatusEnum` (APPROVED = cancel aceptado;
|
|
7
|
+
* REJECTED = no se pudo) para consistencia con `CancelFundingReferenceResponse`
|
|
8
|
+
* (marketplace ↔ connector). Idempotente: re-cancelar devuelve APPROVED.
|
|
9
|
+
*/
|
|
10
|
+
class CancelFundingResponse {
|
|
11
|
+
}
|
|
12
|
+
exports.CancelFundingResponse = CancelFundingResponse;
|
package/package.json
CHANGED
|
@@ -1,8 +1,35 @@
|
|
|
1
|
-
import { Expose } from 'class-transformer';
|
|
2
|
-
import {
|
|
1
|
+
import { Expose, Type } from 'class-transformer';
|
|
2
|
+
import {
|
|
3
|
+
IsArray,
|
|
4
|
+
IsBoolean,
|
|
5
|
+
IsEmail,
|
|
6
|
+
IsEnum,
|
|
7
|
+
IsIn,
|
|
8
|
+
IsOptional,
|
|
9
|
+
IsString,
|
|
10
|
+
Matches,
|
|
11
|
+
ValidateNested,
|
|
12
|
+
} from 'class-validator';
|
|
3
13
|
import { TokenValidationMode } from '../enums/TokenValidationMode';
|
|
4
14
|
import { TenantType } from '../tenantTypes';
|
|
5
15
|
|
|
16
|
+
/**
|
|
17
|
+
* Punto inicial de la política 2FA elegido en el alta del tenant (DEC-RBAC-064). Para el CREATE
|
|
18
|
+
* ambos campos son OPCIONALES: es un override del punto de partida — si se omite, el onboarding
|
|
19
|
+
* hereda de `app.defaults.securityPolicy`.
|
|
20
|
+
*
|
|
21
|
+
* TD-RBAC-071: `methodsAllowed` usa el value-set 'EMAIL'|'TOTP' (string), espejo del que usa
|
|
22
|
+
* `UpdateTenantSecurityPolicyRequest`. NO se reusa ese DTO porque allí `methodsAllowed` es REQUERIDO
|
|
23
|
+
* (@ArrayNotEmpty); en el create es opcional.
|
|
24
|
+
*/
|
|
25
|
+
export class CreateTenantSecurityPolicy {
|
|
26
|
+
@Expose() @IsOptional() @IsArray() @IsIn(['EMAIL', 'TOTP'], { each: true })
|
|
27
|
+
methodsAllowed?: ('EMAIL' | 'TOTP')[];
|
|
28
|
+
|
|
29
|
+
@Expose() @IsOptional() @IsBoolean()
|
|
30
|
+
mfaEnabled?: boolean;
|
|
31
|
+
}
|
|
32
|
+
|
|
6
33
|
/**
|
|
7
34
|
* Input del POST backoffice de creación de tenant (F-11 — onboarding de tenant en SureKeep).
|
|
8
35
|
* Consumido por el controller `backofficeCreateTenant` del platform-rbac-business y, a futuro,
|
|
@@ -34,4 +61,10 @@ export class CreateTenantRequest {
|
|
|
34
61
|
@Expose() @IsOptional() @IsEnum(TenantType) tenantType?: TenantType;
|
|
35
62
|
/** DEC-RBAC-034: aplicación (plantilla) de la que se crea el tenant; opcional, fallback a tenantType (back-compat). */
|
|
36
63
|
@Expose() @IsOptional() @IsString() applicationId?: string;
|
|
64
|
+
/**
|
|
65
|
+
* DEC-RBAC-064: punto inicial de métodos 2FA elegido en el alta. Opcional: si se omite, el
|
|
66
|
+
* onboarding hereda `app.defaults.securityPolicy`. Aditivo, no rompe altas existentes.
|
|
67
|
+
*/
|
|
68
|
+
@Expose() @IsOptional() @ValidateNested() @Type(() => CreateTenantSecurityPolicy)
|
|
69
|
+
securityPolicy?: CreateTenantSecurityPolicy;
|
|
37
70
|
}
|
|
@@ -11,9 +11,15 @@ export class RemittanceBackofficeCountryBucket extends RemittanceBackofficeStats
|
|
|
11
11
|
|
|
12
12
|
export class RemittanceBackofficeDayBucket extends RemittanceBackofficeStatsBucket {
|
|
13
13
|
date!: string;
|
|
14
|
+
/** Fees recaudados ese día (para el delta de fees vs. el día anterior). */
|
|
15
|
+
feesUSD!: number;
|
|
14
16
|
}
|
|
15
17
|
|
|
16
|
-
|
|
18
|
+
export class RemittanceBackofficeStatusBucket extends RemittanceBackofficeStatsBucket {
|
|
19
|
+
status!: string;
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
/** Volumen/fees agregados por país, por status y por día (F9). */
|
|
17
23
|
export class RemittanceBackofficeStats {
|
|
18
24
|
period!: RemittanceBackofficeStatsPeriod;
|
|
19
25
|
from!: string;
|
|
@@ -21,5 +27,6 @@ export class RemittanceBackofficeStats {
|
|
|
21
27
|
volumeUSD!: number;
|
|
22
28
|
totalFeesUSD!: number;
|
|
23
29
|
byCountry!: RemittanceBackofficeCountryBucket[];
|
|
30
|
+
byStatus!: RemittanceBackofficeStatusBucket[];
|
|
24
31
|
byDay!: RemittanceBackofficeDayBucket[];
|
|
25
32
|
}
|
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Body del PUT /me/profile/complete (autenticado, gate post-MFA del autoregistro). DEC-RBAC-034.
|
|
3
|
-
* Opera sobre el propio usuario (cognitoSub del token). Valida nombre + los `userFieldDefs` requeridos
|
|
4
|
-
* del tenant (422 MISSING_REQUIRED_FIELDS si faltan) y flipea `profileComplete=true`.
|
|
5
|
-
*/
|
|
6
|
-
export declare class CompleteMyProfileRequest {
|
|
7
|
-
displayName: string;
|
|
8
|
-
customFields?: Record<string, string>;
|
|
9
|
-
}
|