@fonoster/common 0.8.25 → 0.8.26

package/dist/identity/createAuthInterceptor.d.ts

@@ -0,0 +1,15 @@
+import { ServerInterceptingCall } from "@grpc/grpc-js";
+/**
+ * This function is a gRPC interceptor that checks if the request is valid
+ * and if the user has the right permissions to access the resource. When
+ * validating the request, the function will check if the request is in the
+ * skip list, if the token is valid and if the role is allowed by the RBAC.
+ *
+ * @param {string} identityPublicKey - The public key to validate the token
+ * @param {string[]} publicPath - The list of public paths
+ * @return {Function} - The gRPC interceptor
+ */
+declare function createAuthInterceptor(identityPublicKey: string, publicPath: string[]): (methodDefinition: {
+    path: string;
+}, call: ServerInterceptingCall) => ServerInterceptingCall;
+export { createAuthInterceptor };

package/dist/identity/createAuthInterceptor.js

@@ -0,0 +1,79 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthInterceptor = createAuthInterceptor;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const logger_1 = require("@fonoster/logger");
+const roles_1 = require("./roles");
+const getAccessKeyIdFromCall_1 = require("./getAccessKeyIdFromCall");
+const getTokenFromCall_1 = require("./getTokenFromCall");
+const isValidToken_1 = require("./isValidToken");
+const decodeToken_1 = require("./decodeToken");
+const hasAccess_1 = require("./hasAccess");
+const tokenHasAccessKeyId_1 = require("./tokenHasAccessKeyId");
+const errors_1 = require("./errors");
+const logger = (0, logger_1.getLogger)({ service: "common", filePath: __filename });
+/**
+ * This function is a gRPC interceptor that checks if the request is valid
+ * and if the user has the right permissions to access the resource. When
+ * validating the request, the function will check if the request is in the
+ * skip list, if the token is valid and if the role is allowed by the RBAC.
+ *
+ * @param {string} identityPublicKey - The public key to validate the token
+ * @param {string[]} publicPath - The list of public paths
+ * @return {Function} - The gRPC interceptor
+ */
+function createAuthInterceptor(identityPublicKey, publicPath) {
+    /**
+     * Inner function that will be called by the gRPC server.
+     *
+     * @param {object} methodDefinition - The method definition
+     * @param {string} methodDefinition.path - The path of the gRPC method
+     * @param {ServerInterceptingCall} call - The call object
+     * @return {ServerInterceptingCall} - The modified call object
+     */
+    return (methodDefinition, call) => {
+        const { path } = methodDefinition;
+        const accessKeyId = (0, getAccessKeyIdFromCall_1.getAccessKeyIdFromCall)(call);
+        logger.verbose("intercepting api call to path", { accessKeyId, path });
+        if (publicPath.includes(methodDefinition.path)) {
+            logger.verbose("passing auth control to edge function", { path });
+            return call;
+        }
+        const token = (0, getTokenFromCall_1.getTokenFromCall)(call);
+        logger.verbose("validating token", { accessKeyId, path });
+        if (!(0, isValidToken_1.isValidToken)(token, identityPublicKey)) {
+            return (0, errors_1.unauthenticatedError)(call);
+        }
+        const decodedToken = (0, decodeToken_1.decodeToken)(token);
+        logger.verbose("checking access for accessKeyId", {
+            accessKeyId,
+            path,
+            hasAccess: (0, hasAccess_1.hasAccess)(decodedToken.access, path),
+            pathIsWorkspacePath: roles_1.workspaceAccess.includes(path),
+            tokenHasAccessKeyId: (0, tokenHasAccessKeyId_1.tokenHasAccessKeyId)(token, accessKeyId)
+        });
+        if (!(0, hasAccess_1.hasAccess)(decodedToken.access, path) ||
+            (roles_1.workspaceAccess.includes(path) &&
+                !(0, tokenHasAccessKeyId_1.tokenHasAccessKeyId)(token, accessKeyId))) {
+            return (0, errors_1.permissionDeniedError)(call);
+        }
+        return call;
+    };
+}

package/dist/identity/decodeToken.d.ts

@@ -0,0 +1,3 @@
+import { TokenUseEnum, DecodedToken } from "./types";
+declare function decodeToken<T extends TokenUseEnum>(token: string): DecodedToken<T>;
+export { decodeToken };

package/dist/identity/decodeToken.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeToken = decodeToken;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const jwt_decode_1 = require("jwt-decode");
+function decodeToken(token) {
+    return (0, jwt_decode_1.jwtDecode)(token);
+}

package/dist/identity/errors.d.ts

@@ -0,0 +1,4 @@
+import { ServerInterceptingCall } from "@grpc/grpc-js";
+declare const unauthenticatedError: (call: ServerInterceptingCall) => ServerInterceptingCall;
+declare const permissionDeniedError: (call: ServerInterceptingCall) => ServerInterceptingCall;
+export { permissionDeniedError, unauthenticatedError };

package/dist/identity/errors.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.unauthenticatedError = exports.permissionDeniedError = void 0;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const grpc_js_1 = require("@grpc/grpc-js");
+const utils_1 = require("../utils");
+const unauthenticatedError = (call) => (0, utils_1.createInterceptingCall)({
+    call,
+    code: grpc_js_1.status.UNAUTHENTICATED,
+    details: "Invalid or expired token"
+});
+exports.unauthenticatedError = unauthenticatedError;
+const permissionDeniedError = (call) => (0, utils_1.createInterceptingCall)({
+    call,
+    code: grpc_js_1.status.PERMISSION_DENIED,
+    details: "Permission denied"
+});
+exports.permissionDeniedError = permissionDeniedError;

package/dist/identity/getAccessKeyIdFromCall.d.ts

@@ -0,0 +1,3 @@
+import { ServerInterceptingCall } from "@grpc/grpc-js";
+declare function getAccessKeyIdFromCall(call: ServerInterceptingCall): string;
+export { getAccessKeyIdFromCall };

package/dist/identity/getAccessKeyIdFromCall.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAccessKeyIdFromCall = getAccessKeyIdFromCall;
+function getAccessKeyIdFromCall(call) {
+    var _a;
+    const metadata = call.metadata.getMap();
+    return (_a = metadata["accesskeyid"]) === null || _a === void 0 ? void 0 : _a.toString();
+}

package/dist/identity/getPublicKey.d.ts

@@ -0,0 +1,5 @@
+type GetPublicKeyResponse = {
+    publicKey: string;
+};
+declare function getPublicKey(endpoint: string, allowInsecure?: boolean): Promise<GetPublicKeyResponse>;
+export { getPublicKey };

package/dist/identity/getPublicKey.js

@@ -0,0 +1,77 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPublicKey = getPublicKey;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const grpc = __importStar(require("@grpc/grpc-js"));
+const utils_1 = require("../utils");
+const IdentityServiceClient = grpc.makeGenericClientConstructor((0, utils_1.createServiceDefinition)({
+    serviceName: "Identity",
+    pckg: "identity",
+    proto: "identity.proto",
+    version: "v1beta2"
+}), "", {});
+function getPublicKey(endpoint, allowInsecure = false) {
+    return new Promise((resolve, reject) => {
+        const client = new IdentityServiceClient(endpoint, allowInsecure
+            ? grpc.credentials.createInsecure()
+            : grpc.credentials.createSsl());
+        client.getPublicKey({}, (error, response) => {
+            if (error) {
+                reject(error);
+            }
+            else {
+                resolve(response);
+            }
+        });
+    });
+}

package/dist/identity/getTokenFromCall.d.ts

@@ -0,0 +1,3 @@
+import { ServerInterceptingCall } from "@grpc/grpc-js";
+declare function getTokenFromCall(call: ServerInterceptingCall): string;
+export { getTokenFromCall };

package/dist/identity/getTokenFromCall.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTokenFromCall = getTokenFromCall;
+function getTokenFromCall(call) {
+    var _a;
+    const metadata = call.metadata.getMap();
+    return (_a = metadata["token"]) === null || _a === void 0 ? void 0 : _a.toString();
+}

package/dist/identity/hasAccess.d.ts

@@ -0,0 +1,3 @@
+import { Access } from "./types";
+declare function hasAccess(access: Access[], method: string): boolean;
+export { hasAccess };

package/dist/identity/hasAccess.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasAccess = hasAccess;
+const roles_1 = require("./roles");
+// This function only checks if the role has access to the grpc method
+function hasAccess(access, method) {
+    const roleList = access.map((a) => a.role);
+    return roleList.some((r) => roles_1.roles.find((role) => role.name === r && role.access.includes(method)));
+}

package/dist/identity/index.d.ts

@@ -0,0 +1,9 @@
+export * from "./createAuthInterceptor";
+export * from "./decodeToken";
+export * from "./getPublicKey";
+export * from "./getAccessKeyIdFromCall";
+export * from "./getTokenFromCall";
+export * from "./hasAccess";
+export * from "./isValidToken";
+export * from "./types";
+export * from "./roles";

package/dist/identity/index.js

@@ -0,0 +1,43 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+__exportStar(require("./createAuthInterceptor"), exports);
+__exportStar(require("./decodeToken"), exports);
+__exportStar(require("./getPublicKey"), exports);
+__exportStar(require("./getAccessKeyIdFromCall"), exports);
+__exportStar(require("./getTokenFromCall"), exports);
+__exportStar(require("./hasAccess"), exports);
+__exportStar(require("./isValidToken"), exports);
+__exportStar(require("./types"), exports);
+__exportStar(require("./roles"), exports);

package/dist/identity/isValidToken.d.ts

@@ -0,0 +1,2 @@
+declare function isValidToken(token: string, secret: string): boolean;
+export { isValidToken };

package/dist/identity/isValidToken.js

@@ -0,0 +1,51 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isValidToken = isValidToken;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const logger_1 = require("@fonoster/logger");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const types_1 = require("./types");
+const logger = (0, logger_1.getLogger)({ service: "identity", filePath: __filename });
+function isValidToken(token, secret) {
+    try {
+        const decoded = jsonwebtoken_1.default.verify(token, secret);
+        const currentTime = Math.floor(Date.now() / 1000);
+        if (decoded.exp <= currentTime) {
+            logger.verbose("token expired", { exp: decoded.exp, currentTime });
+            return false;
+        }
+        return true;
+    }
+    catch (error) {
+        if (error.name === types_1.JsonWebErrorEnum.JsonWebTokenError) {
+            logger.verbose("invalid JWT token", { token });
+        }
+        else if (error.name === types_1.JsonWebErrorEnum.TokenExpiredError) {
+            logger.verbose("token expired", { token });
+        }
+        else {
+            logger.verbose("unexpected JWT error:", error);
+        }
+        return false;
+    }
+}

package/dist/identity/roles.d.ts

@@ -0,0 +1,5 @@
+import { Role } from "./types";
+declare const VOICE_SERVICE_ROLE = "VOICE_SERVICE";
+declare const workspaceAccess: string[];
+declare const roles: Role[];
+export { VOICE_SERVICE_ROLE, roles, workspaceAccess };

package/dist/identity/roles.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.workspaceAccess = exports.roles = exports.VOICE_SERVICE_ROLE = void 0;
+/* eslint-disable sonarjs/no-duplicate-string */
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const types_1 = require("@fonoster/types");
+const VOICE_SERVICE_ROLE = "VOICE_SERVICE";
+exports.VOICE_SERVICE_ROLE = VOICE_SERVICE_ROLE;
+const workspaceAccess = [
+    "/fonoster.applications.v1beta2.Applications/CreateApplication",
+    "/fonoster.applications.v1beta2.Applications/UpdateApplication",
+    "/fonoster.applications.v1beta2.Applications/GetApplication",
+    "/fonoster.applications.v1beta2.Applications/DeleteApplication",
+    "/fonoster.applications.v1beta2.Applications/ListApplications",
+    "/fonoster.agents.v1beta2.Agents/CreateAgent",
+    "/fonoster.agents.v1beta2.Agents/UpdateAgent",
+    "/fonoster.agents.v1beta2.Agents/GetAgent",
+    "/fonoster.agents.v1beta2.Agents/DeleteAgent",
+    "/fonoster.agents.v1beta2.Agents/ListAgents",
+    "/fonoster.acls.v1beta2.Acls/CreateAcl",
+    "/fonoster.acls.v1beta2.Acls/UpdateAcl",
+    "/fonoster.acls.v1beta2.Acls/ListAcls",
+    "/fonoster.acls.v1beta2.Acls/GetAcl",
+    "/fonoster.acls.v1beta2.Acls/DeleteAcl",
+    "/fonoster.credentials.v1beta2.CredentialsService/CreateCredentials",
+    "/fonoster.credentials.v1beta2.CredentialsService/UpdateCredentials",
+    "/fonoster.credentials.v1beta2.CredentialsService/GetCredentials",
+    "/fonoster.credentials.v1beta2.CredentialsService/DeleteCredentials",
+    "/fonoster.credentials.v1beta2.CredentialsService/ListCredentials",
+    "/fonoster.domains.v1beta2.Domains/CreateDomain",
+    "/fonoster.domains.v1beta2.Domains/UpdateDomain",
+    "/fonoster.domains.v1beta2.Domains/GetDomain",
+    "/fonoster.domains.v1beta2.Domains/DeleteDomain",
+    "/fonoster.domains.v1beta2.Domains/ListDomains",
+    "/fonoster.trunks.v1beta2.Trunks/CreateTrunk",
+    "/fonoster.trunks.v1beta2.Trunks/UpdateTrunk",
+    "/fonoster.trunks.v1beta2.Trunks/GetTrunk",
+    "/fonoster.trunks.v1beta2.Trunks/DeleteTrunk",
+    "/fonoster.trunks.v1beta2.Trunks/ListTrunks",
+    "/fonoster.numbers.v1beta2.Numbers/CreateNumber",
+    "/fonoster.numbers.v1beta2.Numbers/UpdateNumber",
+    "/fonoster.numbers.v1beta2.Numbers/GetNumber",
+    "/fonoster.numbers.v1beta2.Numbers/DeleteNumber",
+    "/fonoster.numbers.v1beta2.Numbers/ListNumbers",
+    "/fonoster.secrets.v1beta2.Secrets/CreateSecret",
+    "/fonoster.secrets.v1beta2.Secrets/UpdateSecret",
+    "/fonoster.secrets.v1beta2.Secrets/GetSecret",
+    "/fonoster.secrets.v1beta2.Secrets/DeleteSecret",
+    "/fonoster.secrets.v1beta2.Secrets/ListSecrets",
+    "/fonoster.calls.v1beta2.Calls/CreateCall",
+    "/fonoster.calls.v1beta2.Calls/ListCalls",
+    "/fonoster.calls.v1beta2.Calls/GetCall",
+    "/fonoster.calls.v1beta2.Calls/TrackCall",
+    "/fonoster.voice.v1beta2.Voice/CreateSession"
+];
+exports.workspaceAccess = workspaceAccess;
+const fullIdentityAccess = [
+    "/fonoster.identity.v1beta2.Identity/GetUser",
+    "/fonoster.identity.v1beta2.Identity/UpdateUser",
+    "/fonoster.identity.v1beta2.Identity/DeleteUser",
+    "/fonoster.identity.v1beta2.Identity/CreateWorkspace",
+    "/fonoster.identity.v1beta2.Identity/GetWorkspace",
+    "/fonoster.identity.v1beta2.Identity/UpdateWorkspace",
+    "/fonoster.identity.v1beta2.Identity/ListWorkspaces",
+    "/fonoster.identity.v1beta2.Identity/DeleteWorkspace",
+    "/fonoster.identity.v1beta2.Identity/InviteUserToWorkspace",
+    "/fonoster.identity.v1beta2.Identity/RemoveUserFromWorkspace",
+    "/fonoster.identity.v1beta2.Identity/ResendWorkspaceMembershipInvitation",
+    "/fonoster.identity.v1beta2.Identity/RefreshToken",
+    "/fonoster.identity.v1beta2.Identity/CreateApiKey",
+    "/fonoster.identity.v1beta2.Identity/DeleteApiKey",
+    "/fonoster.identity.v1beta2.Identity/ListApiKeys",
+    "/fonoster.identity.v1beta2.Identity/RegenerateApiKey"
+];
+const roles = [
+    {
+        name: types_1.WorkspaceRoleEnum.OWNER,
+        description: "Access to all endpoints",
+        access: [...fullIdentityAccess, ...workspaceAccess]
+    },
+    {
+        name: types_1.WorkspaceRoleEnum.ADMIN,
+        description: "Access to all endpoints",
+        access: [...fullIdentityAccess, ...workspaceAccess]
+    },
+    {
+        name: types_1.WorkspaceRoleEnum.USER,
+        description: "Access to User and Workspace endpoints",
+        access: [
+            "/fonoster.identity.v1beta2.Identity/GetUser",
+            "/fonoster.identity.v1beta2.Identity/UpdateUser",
+            "/fonoster.identity.v1beta2.Identity/DeleteUser",
+            "/fonoster.identity.v1beta2.Identity/CreateWorkspace",
+            "/fonoster.identity.v1beta2.Identity/GetWorkspace",
+            "/fonoster.identity.v1beta2.Identity/UpdateWorkspace",
+            "/fonoster.identity.v1beta2.Identity/ListWorkspaces",
+            "/fonoster.identity.v1beta2.Identity/RefreshToken",
+            ...workspaceAccess
+        ]
+    },
+    {
+        name: types_1.ApiRoleEnum.WORKSPACE_ADMIN,
+        description: "Access to all endpoints",
+        access: [...fullIdentityAccess, ...workspaceAccess]
+    },
+    {
+        name: VOICE_SERVICE_ROLE,
+        description: "Role with access only to the Voice service endpoint",
+        access: ["/fonoster.voice.v1beta2.Voice/CreateSession"]
+    }
+];
+exports.roles = roles;

package/dist/identity/tokenHasAccessKeyId.d.ts

@@ -0,0 +1,2 @@
+declare function tokenHasAccessKeyId(token: string, accessKeyId: string): boolean;
+export { tokenHasAccessKeyId };

package/dist/identity/tokenHasAccessKeyId.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tokenHasAccessKeyId = tokenHasAccessKeyId;
+/*
+ * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const _1 = require(".");
+function tokenHasAccessKeyId(token, accessKeyId) {
+    var _a;
+    const decodedToken = (0, _1.decodeToken)(token);
+    const accessKeyIds = (_a = decodedToken.access) === null || _a === void 0 ? void 0 : _a.map((a) => a.accessKeyId);
+    return accessKeyIds.includes(accessKeyId);
+}

package/dist/identity/types.d.ts

@@ -0,0 +1,44 @@
+import { WorkspaceRoleEnum } from "@fonoster/types";
+declare enum TokenUseEnum {
+    ID = "id",
+    ACCESS = "access",
+    REFRESH = "refresh"
+}
+declare enum JsonWebErrorEnum {
+    JsonWebTokenError = "JsonWebTokenError",
+    TokenExpiredError = "TokenExpiredError"
+}
+type Role = {
+    name: string;
+    description: string;
+    access: string[];
+};
+type Access = {
+    accessKeyId: string;
+    role: WorkspaceRoleEnum;
+};
+type BaseToken = {
+    iss: string;
+    sub: string;
+    aud: string;
+    exp: number;
+    iat: number;
+    tokenUse: TokenUseEnum;
+    accessKeyId: string;
+};
+type IdToken = BaseToken & {
+    emailVerified: boolean;
+    phoneNumberVerified: boolean;
+    phoneNumber: string;
+    email: string;
+    tokenUse: TokenUseEnum.ID;
+};
+type AccessToken = BaseToken & {
+    access: Access[];
+    tokenUse: TokenUseEnum.ACCESS;
+};
+type RefreshToken = BaseToken & {
+    tokenUse: TokenUseEnum.REFRESH;
+};
+type DecodedToken<T extends TokenUseEnum> = T extends TokenUseEnum.ID ? IdToken : T extends TokenUseEnum.ACCESS ? AccessToken : T extends TokenUseEnum.REFRESH ? TokenUseEnum : never;
+export { Access, AccessToken, DecodedToken, IdToken, RefreshToken, Role, TokenUseEnum, JsonWebErrorEnum };

package/dist/identity/types.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JsonWebErrorEnum = exports.TokenUseEnum = void 0;
+var TokenUseEnum;
+(function (TokenUseEnum) {
+    TokenUseEnum["ID"] = "id";
+    TokenUseEnum["ACCESS"] = "access";
+    TokenUseEnum["REFRESH"] = "refresh";
+})(TokenUseEnum || (exports.TokenUseEnum = TokenUseEnum = {}));
+var JsonWebErrorEnum;
+(function (JsonWebErrorEnum) {
+    JsonWebErrorEnum["JsonWebTokenError"] = "JsonWebTokenError";
+    JsonWebErrorEnum["TokenExpiredError"] = "TokenExpiredError";
+})(JsonWebErrorEnum || (exports.JsonWebErrorEnum = JsonWebErrorEnum = {}));

package/dist/index.d.ts

@@ -12,3 +12,4 @@ export * as Validators from "./validators";
 export * from "./validators";
 export * from "./voice";
 export * from "./countryIsoCodes";
+export * from "./identity";

package/dist/index.js

@@ -69,3 +69,4 @@ exports.Validators = __importStar(require("./validators"));
 __exportStar(require("./validators"), exports);
 __exportStar(require("./voice"), exports);
 __exportStar(require("./countryIsoCodes"), exports);
+__exportStar(require("./identity"), exports);

package/dist/utils/createFetchSingleCallByCallId.d.ts

@@ -0,0 +1,4 @@
+import { CallDetailRecord } from "@fonoster/types";
+import { InfluxDBClient } from "./types";
+declare function createFetchSingleCallByCallId(influxdb: InfluxDBClient): (callId: string) => Promise<CallDetailRecord>;
+export { createFetchSingleCallByCallId };

package/dist/utils/{makeFetchSingleCallByCallId.js → createFetchSingleCallByCallId.js}

@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.makeFetchSingleCallByCallId = makeFetchSingleCallByCallId;
+exports.createFetchSingleCallByCallId = createFetchSingleCallByCallId;
 /*
  * Copyright (C) 2024 by Fonoster Inc (https://fonoster.com)
  * http://github.com/fonoster/fonoster
@@ -30,9 +30,10 @@ exports.makeFetchSingleCallByCallId = makeFetchSingleCallByCallId;
  */
 const influxdb_client_1 = require("@influxdata/influxdb-client");
 const constants_1 = require("../constants");
-function makeFetchSingleCallByCallId(influxdb) {
-    return (callId) => __awaiter(this, void 0, void 0, function* () {
-        const query = (0, influxdb_client_1.flux) `from(bucket: "${constants_1.INFLUXDB_CALLS_BUCKET}")
+function createFetchSingleCallByCallId(influxdb) {
+    return function fetchSingleCallByCallId(callId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const query = (0, influxdb_client_1.flux) `from(bucket: "${constants_1.INFLUXDB_CALLS_BUCKET}")
       |> range(start: -365d)
       |> pivot(rowKey: ["callId"], columnKey: ["_field"], valueColumn: "_value")
       |> map(fn: (r) => ({
@@ -43,7 +44,8 @@ function makeFetchSingleCallByCallId(influxdb) {
       |> filter(fn: (r) => r.callId == ${callId})
       |> sort(columns: ["_time"], desc: true)
       |> limit(n: 1)`;
-        const items = (yield influxdb.collectRows(query));
-        return items.length > 0 ? items[0] : null;
-    });
+            const items = (yield influxdb.collectRows(query));
+            return items.length > 0 ? items[0] : null;
+        });
+    };
 }

package/dist/utils/index.d.ts

@@ -10,4 +10,4 @@ export * from "./withErrorHandling";
 export * from "./withErrorHandlingAndValidation";
 export * from "./withValidation";
 export * from "./types";
-export * from "./makeFetchSingleCallByCallId";
+export * from "./createFetchSingleCallByCallId";

package/dist/utils/index.js

@@ -44,4 +44,4 @@ __exportStar(require("./withErrorHandling"), exports);
 __exportStar(require("./withErrorHandlingAndValidation"), exports);
 __exportStar(require("./withValidation"), exports);
 __exportStar(require("./types"), exports);
-__exportStar(require("./makeFetchSingleCallByCallId"), exports);
+__exportStar(require("./createFetchSingleCallByCallId"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fonoster/common",
-  "version": "0.8.25",
+  "version": "0.8.26",
   "description": "Common library for Fonoster projects",
   "author": "Pedro Sanders <psanders@fonoster.com>",
   "homepage": "https://github.com/fonoster/fonoster#readme",
@@ -18,7 +18,7 @@
     "clean": "rimraf ./dist node_modules tsconfig.tsbuildinfo"
   },
   "dependencies": {
-    "@fonoster/logger": "^0.8.24",
+    "@fonoster/logger": "^0.8.26",
     "@grpc/grpc-js": "~1.10.6",
     "@grpc/proto-loader": "^0.7.12",
     "@influxdata/influxdb-client": "^1.35.0",
@@ -46,5 +46,5 @@
   "devDependencies": {
     "@types/nodemailer": "^6.4.14"
   },
-  "gitHead": "159876a77dc3f30e2d155a2d4f39d1a73919f2af"
+  "gitHead": "f01e634eca9a94b3a276369e998c6e75f8b75284"
 }

package/dist/utils/makeFetchSingleCallByCallId.d.ts

@@ -1,4 +0,0 @@
-import { CallDetailRecord } from "@fonoster/types";
-import { InfluxDBClient } from "./types";
-declare function makeFetchSingleCallByCallId(influxdb: InfluxDBClient): (callId: string) => Promise<CallDetailRecord>;
-export { makeFetchSingleCallByCallId };