@fonoster/authz 0.8.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Fonoster Inc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,32 @@
+authz
+=================
+
+[![Authz](https://img.shields.io/badge/authz-server-brightgreen.svg)](https://fonoster.com)
+[![Version](https://img.shields.io/npm/v/@fonoster/authz.svg)](https://npmjs.org/package/@fonoster/authz)
+[![Downloads/week](https://img.shields.io/npm/dw/@fonoster/authz.svg)](https://npmjs.org/package/@fonoster/authz)
+[![License](https://img.shields.io/npm/l/@fonoster/authz.svg)](https://github.com/fonoster/fonoster/blob/main/package.json)
+
+Authz is a simple and extensible authorization module for Fonoster. It provides a way to authorize incoming phone and API calls. 
+
+The module has a simple interface that allows you to create authorization strategies. That includes verifying if a session is authorized, if a GRPC method is authorized, charging an account, and getting the account balance.
+
+The interface is defined as follows:
+
+```typescript
+type AuthzHandler = {
+  checkSessionAuthorized(request: VoiceRequest): Promise<boolean>;
+  checkMethodAuthorized(
+    request: CheckMethodAuthorizedRequest
+  ): Promise<boolean>;
+  chargeAccount(request: ChargeAccountRequest): Promise<void>;
+  getAccountBalance(request: GetAccountBalanceRequest): Promise<number>;
+};
+```
+
+Please look at the [DummyAuthzHandler](./src/server/DummyAuthzHandler.ts) for an example of implementing your authorization strategy.
+
+## Enabling the Authz module
+
+To enable the Authz module you need to set the `AUTHZ_SERVICE_ENABLED` environment variable to `true`. Also, you need the `AUTHZ_SERVICE_HOST` (required), `AUTHZ_SERVICE_PORT` (defaults), and `AUTHZ_SERVICE_METHODS` (default is `/fonoster.calls.v1beta2.Calls/CreateCall`) environment variables.
+
+Imagine you want to authorize the creation of new Workspaces. You can add the `/fonoster.workspaces.v1beta2.Workspaces/CreateWorkspace` method to the `AUTHZ_SERVICE_METHODS` environment variable and implement the `checkMethodAuthorized` method in your AuthzHandler.

package/dist/client/AuthzClient.d.ts

@@ -0,0 +1,40 @@
+import { CheckMethodAuthorizedRequest, ChargeAccountRequest, GetAccountBalanceRequest, VoiceRequest } from "../types";
+/**
+ * AuthzClient class to interact with the AuthzServer via gRPC.
+ */
+export declare class AuthzClient {
+    private readonly client;
+    /**
+     * Initializes the AuthzClient with the given configuration.
+     * @param address The address of the AuthzServer (e.g., "localhost:50051").
+     */
+    constructor(address: string);
+    /**
+     * Checks if the session is authorized.
+     * @param request VoiceRequest containing session details.
+     * @returns Promise resolving to a boolean indicating authorization.
+     */
+    checkSessionAuthorized(request: VoiceRequest): Promise<boolean>;
+    /**
+     * Checks if a specific method is authorized.
+     * @param request CheckMethodAuthorizedRequest containing accessKeyId and method.
+     * @returns Promise resolving to a boolean indicating authorization.
+     */
+    checkMethodAuthorized(request: CheckMethodAuthorizedRequest): Promise<boolean>;
+    /**
+     * Charges an account by a specified amount.
+     * @param request ChargeAccountRequest containing accessKeyId and amount.
+     * @returns Promise resolving when the charge is successful.
+     */
+    chargeAccount(request: ChargeAccountRequest): Promise<void>;
+    /**
+     * Retrieves the account balance.
+     * @param request GetAccountBalanceRequest containing accessKeyId.
+     * @returns Promise resolving to the account balance.
+     */
+    getAccountBalance(request: GetAccountBalanceRequest): Promise<number>;
+    /**
+     * Closes the gRPC client connection.
+     */
+    close(): void;
+}

package/dist/client/AuthzClient.js

@@ -0,0 +1,152 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthzClient = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const grpc = __importStar(require("@grpc/grpc-js"));
+const serviceDefinition_1 = require("../serviceDefinition");
+/**
+ * AuthzClient class to interact with the AuthzServer via gRPC.
+ */
+class AuthzClient {
+    /**
+     * Initializes the AuthzClient with the given configuration.
+     * @param address The address of the AuthzServer (e.g., "localhost:50051").
+     */
+    constructor(address) {
+        this.client = new (grpc.makeGenericClientConstructor(serviceDefinition_1.serviceDefinition, "AuthzService", {}))(address, grpc.credentials.createInsecure());
+    }
+    /**
+     * Checks if the session is authorized.
+     * @param request VoiceRequest containing session details.
+     * @returns Promise resolving to a boolean indicating authorization.
+     */
+    async checkSessionAuthorized(request) {
+        return new Promise((resolve, reject) => {
+            this.client.checkSessionAuthorized(request, (error, response) => {
+                if (error) {
+                    reject(new Error(`checkSessionAuthorized failed: ${error.message || error}`));
+                }
+                else if (response && typeof response.authorized === "boolean") {
+                    resolve(response.authorized);
+                }
+                else {
+                    reject(new Error(`checkSessionAuthorized failed: Invalid response format.`));
+                }
+            });
+        });
+    }
+    /**
+     * Checks if a specific method is authorized.
+     * @param request CheckMethodAuthorizedRequest containing accessKeyId and method.
+     * @returns Promise resolving to a boolean indicating authorization.
+     */
+    async checkMethodAuthorized(request) {
+        return new Promise((resolve, reject) => {
+            this.client.checkMethodAuthorized(request, (error, response) => {
+                if (error) {
+                    reject(new Error(`checkMethodAuthorized failed: ${error.message || error}`));
+                }
+                else if (response && typeof response.authorized === "boolean") {
+                    resolve(response.authorized);
+                }
+                else {
+                    reject(new Error(`checkMethodAuthorized failed: Invalid response format.`));
+                }
+            });
+        });
+    }
+    /**
+     * Charges an account by a specified amount.
+     * @param request ChargeAccountRequest containing accessKeyId and amount.
+     * @returns Promise resolving when the charge is successful.
+     */
+    async chargeAccount(request) {
+        return new Promise((resolve, reject) => {
+            this.client.chargeAccount(request, (error, _response) => {
+                if (error) {
+                    reject(new Error(`chargeAccount failed: ${error.message || error}`));
+                }
+                else {
+                    resolve();
+                }
+            });
+        });
+    }
+    /**
+     * Retrieves the account balance.
+     * @param request GetAccountBalanceRequest containing accessKeyId.
+     * @returns Promise resolving to the account balance.
+     */
+    async getAccountBalance(request) {
+        return new Promise((resolve, reject) => {
+            this.client.getAccountBalance(request, (error, response) => {
+                if (error) {
+                    reject(new Error(`getAccountBalance failed: ${error.message || error}`));
+                }
+                else if (response && typeof response.balance === "number") {
+                    resolve(response.balance);
+                }
+                else {
+                    reject(new Error(`getAccountBalance failed: Invalid response format.`));
+                }
+            });
+        });
+    }
+    /**
+     * Closes the gRPC client connection.
+     */
+    close() {
+        this.client.close();
+    }
+}
+exports.AuthzClient = AuthzClient;

package/dist/client/AuthzServiceClient.d.ts

@@ -0,0 +1,19 @@
+import * as grpc from "@grpc/grpc-js";
+import { CheckMethodAuthorizedRequest, ChargeAccountRequest, GetAccountBalanceRequest, VoiceRequest } from "../types";
+/**
+ * Interface representing the AuthzService client methods.
+ * This should match the service definition used by the server.
+ */
+interface AuthzServiceClient extends grpc.Client {
+    checkSessionAuthorized(request: VoiceRequest, callback: grpc.requestCallback<{
+        authorized: boolean;
+    }>): void;
+    checkMethodAuthorized(request: CheckMethodAuthorizedRequest, callback: grpc.requestCallback<{
+        authorized: boolean;
+    }>): void;
+    chargeAccount(request: ChargeAccountRequest, callback: grpc.requestCallback<{}>): void;
+    getAccountBalance(request: GetAccountBalanceRequest, callback: grpc.requestCallback<{
+        balance: number;
+    }>): void;
+}
+export { AuthzServiceClient };

package/dist/client/AuthzServiceClient.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/client/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./AuthzClient";
+export * from "./AuthzServiceClient";

package/dist/client/index.js

@@ -0,0 +1,36 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+__exportStar(require("./AuthzClient"), exports);
+__exportStar(require("./AuthzServiceClient"), exports);

package/dist/createCheckMethodAuthorized.d.ts

@@ -0,0 +1,12 @@
+import { ServerInterceptingCall } from "@grpc/grpc-js";
+/**
+ * This function is a gRPC interceptor that checks if the request a method is authorized
+ * to be called by the user.
+ *
+ * @param {string} authzServer - The public key to validate the token
+ * @return {Function} - The gRPC interceptor
+ */
+declare function createCheckMethodAuthorized(authzServer: string, methods: string[]): (methodDefinition: {
+    path: string;
+}, call: ServerInterceptingCall) => ServerInterceptingCall;
+export { createCheckMethodAuthorized };

package/dist/createCheckMethodAuthorized.js

@@ -0,0 +1,72 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCheckMethodAuthorized = createCheckMethodAuthorized;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const logger_1 = require("@fonoster/logger");
+const grpc_js_1 = require("@grpc/grpc-js");
+const AuthzClient_1 = require("./client/AuthzClient");
+const identity_1 = require("@fonoster/identity");
+const logger = (0, logger_1.getLogger)({ service: "authz", filePath: __filename });
+/**
+ * This function is a gRPC interceptor that checks if the request a method is authorized
+ * to be called by the user.
+ *
+ * @param {string} authzServer - The public key to validate the token
+ * @return {Function} - The gRPC interceptor
+ */
+function createCheckMethodAuthorized(authzServer, methods) {
+    logger.verbose("creating check method authorized interceptor", {
+        authzServer,
+        methods
+    });
+    const authz = new AuthzClient_1.AuthzClient(authzServer);
+    /**
+     * Inner function that will be called by the gRPC server.
+     *
+     * @param {object} methodDefinition - The method definition
+     * @param {string} methodDefinition.path - The path of the gRPC method
+     * @param {ServerInterceptingCall} call - The call object
+     * @return {ServerInterceptingCall} - The modified call object
+     */
+    return (methodDefinition, call) => {
+        const { path: method } = methodDefinition;
+        if (!methods.includes(method)) {
+            // Ignore the check if the method is not in the list
+            logger.silly("method is not in the list", { method });
+            return call;
+        }
+        logger.silly("checking if method is authorized", { method });
+        const accessKeyId = (0, identity_1.getAccessKeyIdFromCall)(call);
+        authz
+            .checkMethodAuthorized({
+            accessKeyId,
+            method
+        })
+            .then(() => {
+            call.sendMessage({ authorized: true }, () => {
+                logger.silly("method is authorized", { method });
+            });
+        }).catch((error) => {
+            logger.error("error checking if method is authorized", { method, error });
+            call.sendStatus({ code: grpc_js_1.status.PERMISSION_DENIED, details: `Method ${method} is not authorized for accessKeyId ${accessKeyId}` });
+        });
+        return call;
+    };
+}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./server";
+export * from "./client";
+export * from "./createCheckMethodAuthorized";

package/dist/index.js

@@ -0,0 +1,37 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+__exportStar(require("./server"), exports);
+__exportStar(require("./client"), exports);
+__exportStar(require("./createCheckMethodAuthorized"), exports);

package/dist/server/AuthzServer.d.ts

@@ -0,0 +1,6 @@
+import { ServerConfig, AuthzHandler } from "../types";
+export default class AuthzServer {
+    config: ServerConfig;
+    constructor(config?: ServerConfig);
+    listen(handler: AuthzHandler): Promise<void>;
+}

package/dist/server/AuthzServer.js

@@ -0,0 +1,168 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const common_1 = require("@fonoster/common");
+const logger_1 = require("@fonoster/logger");
+const grpc = __importStar(require("@grpc/grpc-js"));
+const deepmerge_1 = __importDefault(require("deepmerge"));
+const grpc_health_check_1 = require("grpc-health-check");
+const defaultServerConfig_1 = require("./defaultServerConfig");
+const serviceDefinition_1 = require("../serviceDefinition");
+const logger = (0, logger_1.getLogger)({ service: "authz", filePath: __filename });
+class AuthzServer {
+    constructor(config = defaultServerConfig_1.defaultServerConfig) {
+        this.config = (0, deepmerge_1.default)(defaultServerConfig_1.defaultServerConfig, config);
+    }
+    async listen(handler) {
+        try {
+            const healthImpl = new grpc_health_check_1.HealthImplementation(common_1.statusMap);
+            const credentials = await (0, common_1.getServerCredentials)({});
+            const server = new grpc.Server();
+            server.addService(serviceDefinition_1.serviceDefinition, {
+                checkSessionAuthorized: async (call, callback) => {
+                    logger.verbose("checkSessionAuthorized called");
+                    logger.verbose(JSON.stringify(call.request));
+                    try {
+                        const isAuthorized = await handler.checkSessionAuthorized(call.request);
+                        if (isAuthorized) {
+                            callback(null, { authorized: true });
+                        }
+                        else {
+                            callback({
+                                code: grpc.status.PERMISSION_DENIED,
+                                message: "Session is not authorized."
+                            });
+                        }
+                    }
+                    catch (error) {
+                        logger.error("Error in checkSessionAuthorized:", error);
+                        callback({
+                            code: grpc.status.INTERNAL,
+                            message: "Internal server error."
+                        });
+                    }
+                },
+                checkMethodAuthorized: async (call, callback) => {
+                    logger.verbose("checkMethodAuthorized called");
+                    logger.verbose(JSON.stringify(call.request));
+                    try {
+                        const isAuthorized = await handler.checkMethodAuthorized(call.request);
+                        if (isAuthorized) {
+                            callback(null, { authorized: true });
+                        }
+                        else {
+                            callback({
+                                code: grpc.status.PERMISSION_DENIED,
+                                message: "Method is not authorized."
+                            });
+                        }
+                    }
+                    catch (error) {
+                        logger.error("Error in checkMethodAuthorized:", error);
+                        callback({
+                            code: grpc.status.INTERNAL,
+                            message: "Internal server error."
+                        });
+                    }
+                },
+                chargeAccount: async (call, callback) => {
+                    logger.verbose("chargeAccount called");
+                    logger.verbose(JSON.stringify(call.request));
+                    try {
+                        await handler.chargeAccount(call.request);
+                        callback(null, {});
+                    }
+                    catch (error) {
+                        logger.error("Error in chargeAccount:", error);
+                        callback({
+                            code: grpc.status.INTERNAL,
+                            message: "Internal server error."
+                        });
+                    }
+                },
+                getAccountBalance: async (call, callback) => {
+                    logger.verbose("getAccountBalance called");
+                    logger.verbose(JSON.stringify(call.request));
+                    try {
+                        const balance = await handler.getAccountBalance(call.request);
+                        callback(null, { balance });
+                    }
+                    catch (error) {
+                        logger.error("Error in getAccountBalance:", error);
+                        callback({
+                            code: grpc.status.INTERNAL,
+                            message: "Internal server error."
+                        });
+                    }
+                }
+            });
+            healthImpl.addToServer(server);
+            const bindAddr = `${this.config.bind}:${this.config.port}`;
+            server.bindAsync(bindAddr, credentials, async (err, port) => {
+                if (err) {
+                    logger.error("Failed to bind server:", err);
+                    return;
+                }
+                healthImpl.setStatus("", common_1.GRPC_SERVING_STATUS);
+                logger.info(`Authz server started at ${this.config.bind}:${port}`);
+            });
+        }
+        catch (err) {
+            logger.error("Error starting AuthzServer:", err);
+        }
+    }
+}
+exports.default = AuthzServer;

package/dist/server/DummyAuthzHandler.d.ts

@@ -0,0 +1,8 @@
+import { AuthzHandler, ChargeAccountRequest, CheckMethodAuthorizedRequest, GetAccountBalanceRequest, VoiceRequest } from "../types";
+declare class DummyAuthzHandler implements AuthzHandler {
+    checkSessionAuthorized(request: VoiceRequest): Promise<boolean>;
+    checkMethodAuthorized(request: CheckMethodAuthorizedRequest): Promise<boolean>;
+    chargeAccount(request: ChargeAccountRequest): Promise<void>;
+    getAccountBalance(request: GetAccountBalanceRequest): Promise<number>;
+}
+export { DummyAuthzHandler };

package/dist/server/DummyAuthzHandler.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DummyAuthzHandler = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const logger_1 = require("@fonoster/logger");
+const logger = (0, logger_1.getLogger)({ service: "authz", filePath: __filename });
+class DummyAuthzHandler {
+    async checkSessionAuthorized(request) {
+        logger.verbose("checkSessionAuthorized called", request);
+        return true;
+    }
+    async checkMethodAuthorized(request) {
+        logger.verbose("checkMethodAuthorized called", request);
+        return false;
+    }
+    async chargeAccount(request) {
+        logger.verbose("chargeAccount called", request);
+    }
+    async getAccountBalance(request) {
+        logger.verbose("getAccountBalance called", request);
+        return 20.2;
+    }
+}
+exports.DummyAuthzHandler = DummyAuthzHandler;

package/dist/server/defaultServerConfig.d.ts

@@ -0,0 +1,3 @@
+import { ServerConfig } from "../types";
+declare const defaultServerConfig: ServerConfig;
+export { defaultServerConfig };

package/dist/server/defaultServerConfig.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultServerConfig = void 0;
+const defaultServerConfig = {
+    port: 50071,
+    bind: "0.0.0.0"
+};
+exports.defaultServerConfig = defaultServerConfig;

package/dist/server/index.d.ts

@@ -0,0 +1 @@
+export * from "./AuthzServer";

package/dist/server/index.js

@@ -0,0 +1,35 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+__exportStar(require("./AuthzServer"), exports);

package/dist/server/server.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/server/server.js

@@ -0,0 +1,26 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const AuthzServer_1 = __importDefault(require("./AuthzServer"));
+const DummyAuthzHandler_1 = require("./DummyAuthzHandler");
+new AuthzServer_1.default().listen(new DummyAuthzHandler_1.DummyAuthzHandler());

package/dist/serviceDefinition.d.ts

@@ -0,0 +1,2 @@
+declare const serviceDefinition: import("@grpc/grpc-js").ServiceDefinition<import("@grpc/grpc-js").UntypedServiceImplementation>;
+export { serviceDefinition };

package/dist/serviceDefinition.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serviceDefinition = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const common_1 = require("@fonoster/common");
+const serviceDefinition = (0, common_1.createServiceDefinition)({
+    serviceName: "Authz",
+    pckg: "authz",
+    proto: "authz.proto",
+    version: "v1beta2"
+});
+exports.serviceDefinition = serviceDefinition;

package/dist/types.d.ts

@@ -0,0 +1,23 @@
+import { VoiceRequest } from "@fonoster/common";
+type ServerConfig = {
+    bind?: string;
+    port?: number;
+};
+type CheckMethodAuthorizedRequest = {
+    accessKeyId: string;
+    method: string;
+};
+type ChargeAccountRequest = {
+    accessKeyId: string;
+    amount: number;
+};
+type GetAccountBalanceRequest = {
+    accessKeyId: string;
+};
+type AuthzHandler = {
+    checkSessionAuthorized(request: VoiceRequest): Promise<boolean>;
+    checkMethodAuthorized(request: CheckMethodAuthorizedRequest): Promise<boolean>;
+    chargeAccount(request: ChargeAccountRequest): Promise<void>;
+    getAccountBalance(request: GetAccountBalanceRequest): Promise<number>;
+};
+export { ServerConfig, AuthzHandler, VoiceRequest, CheckMethodAuthorizedRequest, ChargeAccountRequest, GetAccountBalanceRequest };

package/dist/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "@fonoster/authz",
+  "version": "0.8.0",
+  "description": "Authorization module for Fonoster",
+  "author": "Pedro Sanders <psanders@fonoster.com>",
+  "homepage": "https://github.com/fonoster/fonoster#readme",
+  "license": "MIT",
+  "main": "dist/index",
+  "types": "dist/index",
+  "directories": {
+    "src": "src",
+    "test": "test"
+  },
+  "scripts": {
+    "prebuild": "rimraf ./dist tsconfig.tsbuildinfo",
+    "build": "tsc -b tsconfig.json",
+    "clean": "rimraf ./dist node_modules tsconfig.tsbuildinfo"
+  },
+  "bin": {
+    "authz": "./dist/server.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@fonoster/common": "^0.8.0",
+    "@fonoster/identity": "^0.8.0",
+    "@fonoster/logger": "^0.8.0",
+    "@grpc/grpc-js": "~1.10.6",
+    "deepmerge": "^4.3.1",
+    "grpc-health-check": "^2.0.2"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/fonoster/fonoster.git"
+  },
+  "bugs": {
+    "url": "https://github.com/fonoster/fonoster/issues"
+  },
+  "gitHead": "9d8a6fc044fe23f4f75356c142d1ca412db5af15"
+}