@flipdish/authorization 0.0.2-rc.1756733622 → 0.0.2-rc.1766090571
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +226 -1
- package/api.ts +3539 -963
- package/configuration.ts +1 -1
- package/dist/api.d.ts +2819 -804
- package/dist/api.js +3020 -488
- package/dist/configuration.js +1 -1
- package/package.json +2 -3
package/README.md
CHANGED
|
@@ -7,7 +7,232 @@ Internally the package utilizes the [axios](https://github.com/axios/axios) as i
|
|
|
7
7
|
### Example code
|
|
8
8
|
|
|
9
9
|
```typescript
|
|
10
|
-
import {
|
|
10
|
+
import {
|
|
11
|
+
AuthorizationApi,
|
|
12
|
+
Configuration,
|
|
13
|
+
ConfigurationDataApi,
|
|
14
|
+
type ErrorResponse,
|
|
15
|
+
Permissions,
|
|
16
|
+
UserPermissionsApi,
|
|
17
|
+
} from "@flipdish/authorization";
|
|
18
|
+
import { describe, expect, it, test } from "@jest/globals";
|
|
19
|
+
import axios, { isAxiosError } from "axios";
|
|
20
|
+
|
|
21
|
+
const basePath = "https://api.flipdish.co/auth/";
|
|
22
|
+
const bearerConfiguration = new Configuration({
|
|
23
|
+
basePath,
|
|
24
|
+
// to get the API key, you should follow these docs:
|
|
25
|
+
// https://developers.flipdish.com/docs/getting-started
|
|
26
|
+
accessToken: process.env.FLIPDISH_BEARER_TOKEN_PROD,
|
|
27
|
+
// if using in a browser set useDefaultUserAgent
|
|
28
|
+
// to true to prevent errors
|
|
29
|
+
// useDefaultUserAgent: true
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
const authorization = new AuthorizationApi(bearerConfiguration);
|
|
33
|
+
const configurationData = new ConfigurationDataApi(bearerConfiguration);
|
|
34
|
+
|
|
35
|
+
// mimic brower config where cookies will be sent automatically
|
|
36
|
+
// you shouldn't need to pass an axios instance as the cookies will be
|
|
37
|
+
// sent automatically by the browser
|
|
38
|
+
const userPermissions = new UserPermissionsApi(
|
|
39
|
+
new Configuration({ basePath }),
|
|
40
|
+
undefined,
|
|
41
|
+
axios.create({
|
|
42
|
+
headers: {
|
|
43
|
+
Cookie: `FD-Authorization=${process.env.FD_AUTH_COOKIE_PROD_JM_CLIENT};`,
|
|
44
|
+
},
|
|
45
|
+
}),
|
|
46
|
+
);
|
|
47
|
+
|
|
48
|
+
describe("Authorization Tests", () => {
|
|
49
|
+
describe("Authorization", () => {
|
|
50
|
+
test("List Permissions", async () => {
|
|
51
|
+
const permissionsResponse = await configurationData.listPermissions();
|
|
52
|
+
expect(permissionsResponse.status).toBe(200);
|
|
53
|
+
expect(permissionsResponse.data.permissions).toBeDefined();
|
|
54
|
+
expect(permissionsResponse.data.permissions.length).toBeGreaterThan(0);
|
|
55
|
+
expect(permissionsResponse.data.permissions).toContain(
|
|
56
|
+
Permissions.ViewApp,
|
|
57
|
+
);
|
|
58
|
+
expect(permissionsResponse.data.permissions).toContain(
|
|
59
|
+
Permissions.CreateApp,
|
|
60
|
+
);
|
|
61
|
+
expect(permissionsResponse.data.permissions).toContain(
|
|
62
|
+
Permissions.UpdateApp,
|
|
63
|
+
);
|
|
64
|
+
expect(permissionsResponse.data.permissions).toContain(
|
|
65
|
+
Permissions.ViewAppName,
|
|
66
|
+
);
|
|
67
|
+
expect(permissionsResponse.data.permissions).toContain(
|
|
68
|
+
Permissions.EditAppAssets,
|
|
69
|
+
);
|
|
70
|
+
});
|
|
71
|
+
|
|
72
|
+
test("List Feature Based Roles", async () => {
|
|
73
|
+
const featureBasedRolesResponse =
|
|
74
|
+
await configurationData.listFeatureBasedRoles();
|
|
75
|
+
expect(featureBasedRolesResponse.status).toBe(200);
|
|
76
|
+
expect(featureBasedRolesResponse.data.roles).toBeDefined();
|
|
77
|
+
expect(featureBasedRolesResponse.data.roles.length).toBeGreaterThan(0);
|
|
78
|
+
expect(featureBasedRolesResponse.data.roles).toContainEqual({
|
|
79
|
+
name: "OrgViewer",
|
|
80
|
+
permissions: ["ViewOrg"],
|
|
81
|
+
});
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
test("List named roles", async () => {
|
|
85
|
+
const namedRolesResponse = await configurationData.listRoles();
|
|
86
|
+
expect(namedRolesResponse.status).toBe(200);
|
|
87
|
+
expect(namedRolesResponse.data.roles).toBeDefined();
|
|
88
|
+
expect(namedRolesResponse.data.roles.length).toBeGreaterThan(0);
|
|
89
|
+
expect(namedRolesResponse.data.roles).toContainEqual("Admin");
|
|
90
|
+
});
|
|
91
|
+
|
|
92
|
+
describe("List User Permission Sets", () => {
|
|
93
|
+
it("should list user permission sets", async () => {
|
|
94
|
+
const userPermissionSetsResponse =
|
|
95
|
+
await userPermissions.listOwnPermissions("org42068");
|
|
96
|
+
expect(userPermissionSetsResponse.status).toBe(200);
|
|
97
|
+
expect(userPermissionSetsResponse.data.resources).toBeDefined();
|
|
98
|
+
expect(userPermissionSetsResponse.data.resources).toHaveProperty(
|
|
99
|
+
"org42068",
|
|
100
|
+
);
|
|
101
|
+
expect(
|
|
102
|
+
userPermissionSetsResponse.data.resources.org42068.permissions.length,
|
|
103
|
+
).toBeGreaterThan(0);
|
|
104
|
+
});
|
|
105
|
+
});
|
|
106
|
+
|
|
107
|
+
describe("Authenticate and Authorize", () => {
|
|
108
|
+
it("should authenticate and authorize with a valid FD-Authorization cookie", async () => {
|
|
109
|
+
const authorizationResponse =
|
|
110
|
+
await authorization.authenticateAndAuthorize({
|
|
111
|
+
headers: {
|
|
112
|
+
Cookie: `FD-Authorization=${process.env.FD_AUTH_COOKIE_PROD};`,
|
|
113
|
+
},
|
|
114
|
+
action: Permissions.AnyAuditLogs,
|
|
115
|
+
resource: {
|
|
116
|
+
id: "org12345",
|
|
117
|
+
type: "Org",
|
|
118
|
+
},
|
|
119
|
+
});
|
|
120
|
+
|
|
121
|
+
expect(authorizationResponse.status).toBe(200);
|
|
122
|
+
expect(authorizationResponse.data.authentication.authenticated).toBe(
|
|
123
|
+
true,
|
|
124
|
+
);
|
|
125
|
+
expect(authorizationResponse.data.authentication.principal?.type).toBe(
|
|
126
|
+
"User",
|
|
127
|
+
);
|
|
128
|
+
expect(authorizationResponse.data.authentication.principal?.id).toBe(
|
|
129
|
+
"8147747",
|
|
130
|
+
);
|
|
131
|
+
});
|
|
132
|
+
|
|
133
|
+
it("should not authenticate and authorize with an invalid FD-Authorization cookie", async () => {
|
|
134
|
+
try {
|
|
135
|
+
await authorization.authenticateAndAuthorize({
|
|
136
|
+
headers: {
|
|
137
|
+
Cookie: `FD-Authorization=not-a-valid-cookie;`,
|
|
138
|
+
},
|
|
139
|
+
action: Permissions.AnyAuditLogs,
|
|
140
|
+
resource: {
|
|
141
|
+
id: "org12345",
|
|
142
|
+
type: "Org",
|
|
143
|
+
},
|
|
144
|
+
});
|
|
145
|
+
} catch (error) {
|
|
146
|
+
if (isAxiosError<ErrorResponse>(error)) {
|
|
147
|
+
expect(error.response?.status).toBe(401);
|
|
148
|
+
expect(error.response?.data.message).toBe("Unauthenticated");
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
});
|
|
152
|
+
|
|
153
|
+
it("should authenticate and authorize with a valid Bearer token", async () => {
|
|
154
|
+
const authorizationResponse =
|
|
155
|
+
await authorization.authenticateAndAuthorize({
|
|
156
|
+
headers: {
|
|
157
|
+
Authorization: `Bearer ${process.env.FLIPDISH_BEARER_TOKEN_PROD}`,
|
|
158
|
+
},
|
|
159
|
+
action: Permissions.AnyAuditLogs,
|
|
160
|
+
resource: {
|
|
161
|
+
id: "org12345",
|
|
162
|
+
type: "Org",
|
|
163
|
+
},
|
|
164
|
+
});
|
|
165
|
+
|
|
166
|
+
expect(authorizationResponse.status).toBe(200);
|
|
167
|
+
expect(authorizationResponse.data.authentication.authenticated).toBe(
|
|
168
|
+
true,
|
|
169
|
+
);
|
|
170
|
+
expect(authorizationResponse.data.authentication.principal?.type).toBe(
|
|
171
|
+
"User",
|
|
172
|
+
);
|
|
173
|
+
expect(authorizationResponse.data.authentication.principal?.id).toBe(
|
|
174
|
+
"8147747",
|
|
175
|
+
);
|
|
176
|
+
});
|
|
177
|
+
});
|
|
178
|
+
|
|
179
|
+
test("Authorize", async () => {
|
|
180
|
+
const authorizationResponse = await authorization.authorize({
|
|
181
|
+
principal: {
|
|
182
|
+
id: "12345",
|
|
183
|
+
type: "User",
|
|
184
|
+
},
|
|
185
|
+
action: Permissions.AnyAuditLogs,
|
|
186
|
+
resource: {
|
|
187
|
+
id: "org12345",
|
|
188
|
+
type: "Org",
|
|
189
|
+
},
|
|
190
|
+
});
|
|
191
|
+
expect(authorizationResponse.status).toBe(200);
|
|
192
|
+
expect(authorizationResponse.data.allowed).toBe(false);
|
|
193
|
+
expect(authorizationResponse.data.decision).toBe("DENY");
|
|
194
|
+
});
|
|
195
|
+
|
|
196
|
+
describe("Check is in role", () => {
|
|
197
|
+
it("should check if a user is in a role", async () => {
|
|
198
|
+
const isInRoleResponse = await authorization.checkIsInRole({
|
|
199
|
+
principal: {
|
|
200
|
+
id: "12345",
|
|
201
|
+
type: "User",
|
|
202
|
+
},
|
|
203
|
+
roles: ["Admin"],
|
|
204
|
+
});
|
|
205
|
+
expect(isInRoleResponse.status).toBe(200);
|
|
206
|
+
expect(isInRoleResponse.data.authorized).toBe(false);
|
|
207
|
+
});
|
|
208
|
+
|
|
209
|
+
it("should authenticate and check if a user is in a role with a valid FD-Authorization cookie", async () => {
|
|
210
|
+
const isInRoleResponse =
|
|
211
|
+
await authorization.authenticateAndCheckIsInRole({
|
|
212
|
+
headers: {
|
|
213
|
+
Cookie: `FD-Authorization=${process.env.FD_AUTH_COOKIE_PROD};`,
|
|
214
|
+
},
|
|
215
|
+
roles: ["Admin"],
|
|
216
|
+
});
|
|
217
|
+
expect(isInRoleResponse.status).toBe(200);
|
|
218
|
+
expect(isInRoleResponse.data.authorized).toBe(false);
|
|
219
|
+
});
|
|
220
|
+
|
|
221
|
+
it("should authenticate and check if a user is in a role with a valid Bearer token", async () => {
|
|
222
|
+
const isInRoleResponse =
|
|
223
|
+
await authorization.authenticateAndCheckIsInRole({
|
|
224
|
+
headers: {
|
|
225
|
+
Authorization: `Bearer ${process.env.FLIPDISH_BEARER_TOKEN_PROD}`,
|
|
226
|
+
},
|
|
227
|
+
roles: ["Admin"],
|
|
228
|
+
});
|
|
229
|
+
expect(isInRoleResponse.status).toBe(200);
|
|
230
|
+
expect(isInRoleResponse.data.authorized).toBe(false);
|
|
231
|
+
});
|
|
232
|
+
});
|
|
233
|
+
});
|
|
234
|
+
});
|
|
235
|
+
|
|
11
236
|
```
|
|
12
237
|
|
|
13
238
|
The generated Node module can be used in the following environments:
|