@fiado/type-kit 3.77.0 → 3.79.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/platformRbac/dtos/TenantSecurityPolicyResponse.d.ts +10 -0
- package/bin/platformRbac/dtos/TenantSecurityPolicyResponse.js +2 -0
- package/bin/platformRbac/dtos/UpdateTenantSecurityPolicyRequest.d.ts +3 -0
- package/bin/platformRbac/dtos/UpdateTenantSecurityPolicyRequest.js +25 -0
- package/bin/platformRbac/index.d.ts +3 -0
- package/bin/platformRbac/index.js +5 -0
- package/bin/platformRbac/mfa/MfaOptionsResponse.d.ts +6 -0
- package/bin/platformRbac/mfa/MfaOptionsResponse.js +30 -0
- package/bin/riskProfile/dtos/private/CreateProfileNoteRequest.d.ts +13 -0
- package/bin/riskProfile/dtos/private/CreateProfileNoteRequest.js +44 -0
- package/bin/riskProfile/index.d.ts +1 -0
- package/bin/riskProfile/index.js +1 -0
- package/package.json +1 -1
- package/src/platformRbac/dtos/TenantSecurityPolicyResponse.ts +10 -0
- package/src/platformRbac/dtos/UpdateTenantSecurityPolicyRequest.ts +11 -0
- package/src/platformRbac/index.ts +7 -0
- package/src/platformRbac/mfa/MfaOptionsResponse.ts +14 -0
- package/src/riskProfile/dtos/private/CreateProfileNoteRequest.ts +32 -0
- package/src/riskProfile/index.ts +1 -0
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Output de la consulta/actualización de la security policy del tenant. Response plain sin
|
|
3
|
+
* validators (no validamos lo que mandamos al cliente — fiado-validation-and-dtos § 7).
|
|
4
|
+
*
|
|
5
|
+
* TD-RBAC-071: methodsAllowed usa el value-set 'EMAIL'|'TOTP' (string), distinto de
|
|
6
|
+
* MfaMethodEnum ('EMAIL_OTP'|'TOTP') a propósito. Ver TECH_DEBT.md del platform-rbac-business.
|
|
7
|
+
*/
|
|
8
|
+
export interface TenantSecurityPolicyResponse {
|
|
9
|
+
methodsAllowed: ('EMAIL' | 'TOTP')[];
|
|
10
|
+
}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.UpdateTenantSecurityPolicyRequest = void 0;
|
|
13
|
+
const class_transformer_1 = require("class-transformer");
|
|
14
|
+
const class_validator_1 = require("class-validator");
|
|
15
|
+
// TD-RBAC-071: methodsAllowed usa el value-set 'EMAIL'|'TOTP' (string), distinto de MfaMethodEnum
|
|
16
|
+
// ('EMAIL_OTP'|'TOTP') a propósito. Ver TECH_DEBT.md del platform-rbac-business.
|
|
17
|
+
class UpdateTenantSecurityPolicyRequest {
|
|
18
|
+
}
|
|
19
|
+
exports.UpdateTenantSecurityPolicyRequest = UpdateTenantSecurityPolicyRequest;
|
|
20
|
+
__decorate([
|
|
21
|
+
(0, class_transformer_1.Expose)(),
|
|
22
|
+
(0, class_validator_1.ArrayNotEmpty)(),
|
|
23
|
+
(0, class_validator_1.IsIn)(['EMAIL', 'TOTP'], { each: true }),
|
|
24
|
+
__metadata("design:type", Array)
|
|
25
|
+
], UpdateTenantSecurityPolicyRequest.prototype, "methodsAllowed", void 0);
|
|
@@ -20,9 +20,12 @@ export * from './mfa/EnrollTotpResponse';
|
|
|
20
20
|
export * from './mfa/VerifyTotpEnrollmentRequest';
|
|
21
21
|
export * from './mfa/ChangeMfaMethodRequest';
|
|
22
22
|
export * from './mfa/MfaStatusResponse';
|
|
23
|
+
export * from './mfa/MfaOptionsResponse';
|
|
23
24
|
export { AuthorizeDenyReason } from './enums/AuthorizeDenyReason';
|
|
24
25
|
export * from './dtos/AuthorizeRequest';
|
|
25
26
|
export * from './dtos/AuthorizeResponse';
|
|
26
27
|
export * from './dtos/CreateTenantRequest';
|
|
27
28
|
export type { CreateTenantResponse } from './dtos/CreateTenantResponse';
|
|
29
|
+
export * from './dtos/UpdateTenantSecurityPolicyRequest';
|
|
30
|
+
export type { TenantSecurityPolicyResponse } from './dtos/TenantSecurityPolicyResponse';
|
|
28
31
|
export { TenantType, TENANT_TYPES, levelsOf, tableSuffixForLevel, scopeRankOrder } from './tenantTypes';
|
|
@@ -51,6 +51,7 @@ __exportStar(require("./mfa/EnrollTotpResponse"), exports);
|
|
|
51
51
|
__exportStar(require("./mfa/VerifyTotpEnrollmentRequest"), exports);
|
|
52
52
|
__exportStar(require("./mfa/ChangeMfaMethodRequest"), exports);
|
|
53
53
|
__exportStar(require("./mfa/MfaStatusResponse"), exports);
|
|
54
|
+
__exportStar(require("./mfa/MfaOptionsResponse"), exports);
|
|
54
55
|
// RBAC enforcement (capa de protección) — DTOs del POST /internal/authorize.
|
|
55
56
|
var AuthorizeDenyReason_1 = require("./enums/AuthorizeDenyReason");
|
|
56
57
|
Object.defineProperty(exports, "AuthorizeDenyReason", { enumerable: true, get: function () { return AuthorizeDenyReason_1.AuthorizeDenyReason; } });
|
|
@@ -59,6 +60,10 @@ __exportStar(require("./dtos/AuthorizeResponse"), exports);
|
|
|
59
60
|
// F-11 — onboarding de tenant (POST backoffice createTenant). CreateTenantRequest lleva
|
|
60
61
|
// decoradores class-validator → export de valor; CreateTenantResponse es interface → type-only.
|
|
61
62
|
__exportStar(require("./dtos/CreateTenantRequest"), exports);
|
|
63
|
+
// MFA por tenant — methodsAllowed (value-set 'EMAIL'|'TOTP', TD-RBAC-071, DEC-095).
|
|
64
|
+
// UpdateTenantSecurityPolicyRequest lleva decoradores class-validator → export de valor;
|
|
65
|
+
// TenantSecurityPolicyResponse es interface plain → type-only.
|
|
66
|
+
__exportStar(require("./dtos/UpdateTenantSecurityPolicyRequest"), exports);
|
|
62
67
|
// A1 — registro data-driven de tenant-types (niveles debajo de TENANT, por tipo).
|
|
63
68
|
// Consumido por ScopeValidationService._rank vía scopeRankOrder() y por los seeds.
|
|
64
69
|
// Accesible bajo el namespace PlatformRbac (el index raíz hace export * as PlatformRbac).
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.MfaOptionsResponse = void 0;
|
|
13
|
+
const class_validator_1 = require("class-validator");
|
|
14
|
+
const MfaMethodEnum_1 = require("../enums/MfaMethodEnum");
|
|
15
|
+
class MfaOptionsResponse {
|
|
16
|
+
}
|
|
17
|
+
exports.MfaOptionsResponse = MfaOptionsResponse;
|
|
18
|
+
__decorate([
|
|
19
|
+
(0, class_validator_1.IsArray)(),
|
|
20
|
+
(0, class_validator_1.IsEnum)(MfaMethodEnum_1.MfaMethodEnum, { each: true }),
|
|
21
|
+
__metadata("design:type", Array)
|
|
22
|
+
], MfaOptionsResponse.prototype, "allowedMethods", void 0);
|
|
23
|
+
__decorate([
|
|
24
|
+
(0, class_validator_1.IsEnum)(MfaMethodEnum_1.MfaMethodEnum),
|
|
25
|
+
__metadata("design:type", String)
|
|
26
|
+
], MfaOptionsResponse.prototype, "currentMethod", void 0);
|
|
27
|
+
__decorate([
|
|
28
|
+
(0, class_validator_1.IsBoolean)(),
|
|
29
|
+
__metadata("design:type", Boolean)
|
|
30
|
+
], MfaOptionsResponse.prototype, "mfaConfigured", void 0);
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Request de `POST /risk/backoffice/profiles/{directoryId}/notes` (BO-03 §3.3).
|
|
3
|
+
*
|
|
4
|
+
* Nota de revisión humana del OC sobre el perfil. Cualquier nota cuenta como
|
|
5
|
+
* revisión y reinicia el sello `lastReviewedAt`/`lastReviewedBy` del perfil
|
|
6
|
+
* (Manual de Cumplimiento sec. 8.25 / Art. 24 — re-evaluación cíclica).
|
|
7
|
+
* No se distingue "Revisión OK" de "Nota libre".
|
|
8
|
+
*/
|
|
9
|
+
export declare class CreateProfileNoteRequest {
|
|
10
|
+
email: string;
|
|
11
|
+
comment: string;
|
|
12
|
+
attachmentKeys?: string[];
|
|
13
|
+
}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.CreateProfileNoteRequest = void 0;
|
|
13
|
+
const class_transformer_1 = require("class-transformer");
|
|
14
|
+
const class_validator_1 = require("class-validator");
|
|
15
|
+
/**
|
|
16
|
+
* Request de `POST /risk/backoffice/profiles/{directoryId}/notes` (BO-03 §3.3).
|
|
17
|
+
*
|
|
18
|
+
* Nota de revisión humana del OC sobre el perfil. Cualquier nota cuenta como
|
|
19
|
+
* revisión y reinicia el sello `lastReviewedAt`/`lastReviewedBy` del perfil
|
|
20
|
+
* (Manual de Cumplimiento sec. 8.25 / Art. 24 — re-evaluación cíclica).
|
|
21
|
+
* No se distingue "Revisión OK" de "Nota libre".
|
|
22
|
+
*/
|
|
23
|
+
class CreateProfileNoteRequest {
|
|
24
|
+
}
|
|
25
|
+
exports.CreateProfileNoteRequest = CreateProfileNoteRequest;
|
|
26
|
+
__decorate([
|
|
27
|
+
(0, class_transformer_1.Expose)(),
|
|
28
|
+
(0, class_validator_1.IsEmail)({}, { message: "email debe ser un correo válido" }),
|
|
29
|
+
__metadata("design:type", String)
|
|
30
|
+
], CreateProfileNoteRequest.prototype, "email", void 0);
|
|
31
|
+
__decorate([
|
|
32
|
+
(0, class_transformer_1.Expose)(),
|
|
33
|
+
(0, class_validator_1.IsString)(),
|
|
34
|
+
(0, class_validator_1.MinLength)(10),
|
|
35
|
+
(0, class_validator_1.MaxLength)(2000),
|
|
36
|
+
__metadata("design:type", String)
|
|
37
|
+
], CreateProfileNoteRequest.prototype, "comment", void 0);
|
|
38
|
+
__decorate([
|
|
39
|
+
(0, class_transformer_1.Expose)(),
|
|
40
|
+
(0, class_validator_1.IsOptional)(),
|
|
41
|
+
(0, class_validator_1.IsArray)(),
|
|
42
|
+
(0, class_validator_1.IsString)({ each: true }),
|
|
43
|
+
__metadata("design:type", Array)
|
|
44
|
+
], CreateProfileNoteRequest.prototype, "attachmentKeys", void 0);
|
|
@@ -40,3 +40,4 @@ export * from './dtos/private/SetDeclaredIncomeResponse';
|
|
|
40
40
|
export * from './dtos/private/CreateClientFinancialHistoryRequest';
|
|
41
41
|
export * from './dtos/private/ClientFinancialHistoryResponse';
|
|
42
42
|
export * from './dtos/private/ListClientFinancialHistoryResponse';
|
|
43
|
+
export * from './dtos/private/CreateProfileNoteRequest';
|
package/bin/riskProfile/index.js
CHANGED
|
@@ -58,3 +58,4 @@ __exportStar(require("./dtos/private/SetDeclaredIncomeResponse"), exports);
|
|
|
58
58
|
__exportStar(require("./dtos/private/CreateClientFinancialHistoryRequest"), exports);
|
|
59
59
|
__exportStar(require("./dtos/private/ClientFinancialHistoryResponse"), exports);
|
|
60
60
|
__exportStar(require("./dtos/private/ListClientFinancialHistoryResponse"), exports);
|
|
61
|
+
__exportStar(require("./dtos/private/CreateProfileNoteRequest"), exports);
|
package/package.json
CHANGED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Output de la consulta/actualización de la security policy del tenant. Response plain sin
|
|
3
|
+
* validators (no validamos lo que mandamos al cliente — fiado-validation-and-dtos § 7).
|
|
4
|
+
*
|
|
5
|
+
* TD-RBAC-071: methodsAllowed usa el value-set 'EMAIL'|'TOTP' (string), distinto de
|
|
6
|
+
* MfaMethodEnum ('EMAIL_OTP'|'TOTP') a propósito. Ver TECH_DEBT.md del platform-rbac-business.
|
|
7
|
+
*/
|
|
8
|
+
export interface TenantSecurityPolicyResponse {
|
|
9
|
+
methodsAllowed: ('EMAIL' | 'TOTP')[];
|
|
10
|
+
}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { Expose } from 'class-transformer';
|
|
2
|
+
import { ArrayNotEmpty, IsIn } from 'class-validator';
|
|
3
|
+
|
|
4
|
+
// TD-RBAC-071: methodsAllowed usa el value-set 'EMAIL'|'TOTP' (string), distinto de MfaMethodEnum
|
|
5
|
+
// ('EMAIL_OTP'|'TOTP') a propósito. Ver TECH_DEBT.md del platform-rbac-business.
|
|
6
|
+
export class UpdateTenantSecurityPolicyRequest {
|
|
7
|
+
@Expose()
|
|
8
|
+
@ArrayNotEmpty()
|
|
9
|
+
@IsIn(['EMAIL', 'TOTP'], { each: true })
|
|
10
|
+
methodsAllowed!: ('EMAIL' | 'TOTP')[];
|
|
11
|
+
}
|
|
@@ -40,6 +40,7 @@ export * from './mfa/EnrollTotpResponse';
|
|
|
40
40
|
export * from './mfa/VerifyTotpEnrollmentRequest';
|
|
41
41
|
export * from './mfa/ChangeMfaMethodRequest';
|
|
42
42
|
export * from './mfa/MfaStatusResponse';
|
|
43
|
+
export * from './mfa/MfaOptionsResponse';
|
|
43
44
|
|
|
44
45
|
// RBAC enforcement (capa de protección) — DTOs del POST /internal/authorize.
|
|
45
46
|
export { AuthorizeDenyReason } from './enums/AuthorizeDenyReason';
|
|
@@ -51,6 +52,12 @@ export * from './dtos/AuthorizeResponse';
|
|
|
51
52
|
export * from './dtos/CreateTenantRequest';
|
|
52
53
|
export type { CreateTenantResponse } from './dtos/CreateTenantResponse';
|
|
53
54
|
|
|
55
|
+
// MFA por tenant — methodsAllowed (value-set 'EMAIL'|'TOTP', TD-RBAC-071, DEC-095).
|
|
56
|
+
// UpdateTenantSecurityPolicyRequest lleva decoradores class-validator → export de valor;
|
|
57
|
+
// TenantSecurityPolicyResponse es interface plain → type-only.
|
|
58
|
+
export * from './dtos/UpdateTenantSecurityPolicyRequest';
|
|
59
|
+
export type { TenantSecurityPolicyResponse } from './dtos/TenantSecurityPolicyResponse';
|
|
60
|
+
|
|
54
61
|
// A1 — registro data-driven de tenant-types (niveles debajo de TENANT, por tipo).
|
|
55
62
|
// Consumido por ScopeValidationService._rank vía scopeRankOrder() y por los seeds.
|
|
56
63
|
// Accesible bajo el namespace PlatformRbac (el index raíz hace export * as PlatformRbac).
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { IsArray, IsBoolean, IsEnum } from 'class-validator';
|
|
2
|
+
import { MfaMethodEnum } from '../enums/MfaMethodEnum';
|
|
3
|
+
|
|
4
|
+
export class MfaOptionsResponse {
|
|
5
|
+
@IsArray()
|
|
6
|
+
@IsEnum(MfaMethodEnum, { each: true })
|
|
7
|
+
allowedMethods!: MfaMethodEnum[];
|
|
8
|
+
|
|
9
|
+
@IsEnum(MfaMethodEnum)
|
|
10
|
+
currentMethod!: MfaMethodEnum;
|
|
11
|
+
|
|
12
|
+
@IsBoolean()
|
|
13
|
+
mfaConfigured!: boolean;
|
|
14
|
+
}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import { Expose } from "class-transformer";
|
|
2
|
+
import { IsArray, IsEmail, IsOptional, IsString, MaxLength, MinLength } from "class-validator";
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Request de `POST /risk/backoffice/profiles/{directoryId}/notes` (BO-03 §3.3).
|
|
6
|
+
*
|
|
7
|
+
* Nota de revisión humana del OC sobre el perfil. Cualquier nota cuenta como
|
|
8
|
+
* revisión y reinicia el sello `lastReviewedAt`/`lastReviewedBy` del perfil
|
|
9
|
+
* (Manual de Cumplimiento sec. 8.25 / Art. 24 — re-evaluación cíclica).
|
|
10
|
+
* No se distingue "Revisión OK" de "Nota libre".
|
|
11
|
+
*/
|
|
12
|
+
export class CreateProfileNoteRequest {
|
|
13
|
+
|
|
14
|
+
// Email del OC que registra la nota → se persiste como autor + lastReviewedBy.
|
|
15
|
+
@Expose()
|
|
16
|
+
@IsEmail({}, { message: "email debe ser un correo válido" })
|
|
17
|
+
email!: string;
|
|
18
|
+
|
|
19
|
+
// Texto de la nota. Entre 10 y 2000 caracteres.
|
|
20
|
+
@Expose()
|
|
21
|
+
@IsString()
|
|
22
|
+
@MinLength(10)
|
|
23
|
+
@MaxLength(2000)
|
|
24
|
+
comment!: string;
|
|
25
|
+
|
|
26
|
+
// Claves S3 de adjuntos opcionales (PDF/imagen). El Dashboard firma y sube.
|
|
27
|
+
@Expose()
|
|
28
|
+
@IsOptional()
|
|
29
|
+
@IsArray()
|
|
30
|
+
@IsString({ each: true })
|
|
31
|
+
attachmentKeys?: string[];
|
|
32
|
+
}
|
package/src/riskProfile/index.ts
CHANGED
|
@@ -45,4 +45,5 @@ export * from './dtos/private/SetDeclaredIncomeResponse';
|
|
|
45
45
|
export * from './dtos/private/CreateClientFinancialHistoryRequest';
|
|
46
46
|
export * from './dtos/private/ClientFinancialHistoryResponse';
|
|
47
47
|
export * from './dtos/private/ListClientFinancialHistoryResponse';
|
|
48
|
+
export * from './dtos/private/CreateProfileNoteRequest';
|
|
48
49
|
|