@fonoster/common 0.9.12 → 0.9.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/identity/createAuthInterceptor.js +2 -2
- package/dist/identity/hasAccess.js +20 -1
- package/dist/identity/roles.d.ts +4 -5
- package/dist/identity/roles.js +22 -21
- package/dist/identity/types.d.ts +4 -4
- package/dist/protos/identity.proto +25 -3
- package/dist/validators/identity.d.ts +7 -7
- package/dist/validators/identity.js +2 -2
- package/package.json +2 -2
|
@@ -66,11 +66,11 @@ function createAuthInterceptor(identityPublicKey, publicPath) {
|
|
|
66
66
|
accessKeyId,
|
|
67
67
|
path,
|
|
68
68
|
hasAccess: (0, hasAccess_1.hasAccess)(decodedToken, path),
|
|
69
|
-
pathIsWorkspacePath: roles_1.
|
|
69
|
+
pathIsWorkspacePath: roles_1.workspaceResourceAccess.includes(path),
|
|
70
70
|
tokenHasAccessKeyId: (0, tokenHasAccessKeyId_1.tokenHasAccessKeyId)(token, accessKeyId)
|
|
71
71
|
});
|
|
72
72
|
if (!(0, hasAccess_1.hasAccess)(decodedToken, path) ||
|
|
73
|
-
(roles_1.
|
|
73
|
+
(roles_1.workspaceResourceAccess.includes(path) &&
|
|
74
74
|
!(0, tokenHasAccessKeyId_1.tokenHasAccessKeyId)(token, accessKeyId))) {
|
|
75
75
|
return (0, errors_1.permissionDeniedError)(call);
|
|
76
76
|
}
|
|
@@ -1,13 +1,32 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.hasAccess = hasAccess;
|
|
4
|
+
/*
|
|
5
|
+
* Copyright (C) 2025 by Fonoster Inc (https://fonoster.com)
|
|
6
|
+
* http://github.com/fonoster/fonoster
|
|
7
|
+
*
|
|
8
|
+
* This file is part of Fonoster
|
|
9
|
+
*
|
|
10
|
+
* Licensed under the MIT License (the "License");
|
|
11
|
+
* you may not use this file except in compliance with
|
|
12
|
+
* the License. You may obtain a copy of the License at
|
|
13
|
+
*
|
|
14
|
+
* https://opensource.org/licenses/MIT
|
|
15
|
+
*
|
|
16
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
17
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
18
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
19
|
+
* See the License for the specific language governing permissions and
|
|
20
|
+
* limitations under the License.
|
|
21
|
+
*/
|
|
22
|
+
const types_1 = require("@fonoster/types");
|
|
4
23
|
const roles_1 = require("./roles");
|
|
5
24
|
// This function only checks if the role has access to the grpc method
|
|
6
25
|
function hasAccess(decodedToken, method) {
|
|
7
26
|
const { access, accessKeyId } = decodedToken;
|
|
8
27
|
const roleList = accessKeyId.startsWith("US") && // US is for user; user tokens only have USER role
|
|
9
28
|
access.length === 0 // If it is a user token, and has no access, we still allow it in case it is a user method
|
|
10
|
-
? [
|
|
29
|
+
? [types_1.Role.USER]
|
|
11
30
|
: access.map((a) => a.role);
|
|
12
31
|
return roleList.some((r) => roles_1.roles.find((role) => role.name === r && role.access.includes(method)));
|
|
13
32
|
}
|
package/dist/identity/roles.d.ts
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { RoleType } from "./types";
|
|
2
2
|
declare const VOICE_SERVICE_ROLE = "VOICE_SERVICE";
|
|
3
|
-
declare const
|
|
4
|
-
declare const
|
|
5
|
-
|
|
6
|
-
export { USER_ROLE, VOICE_SERVICE_ROLE, roles, workspaceAccess };
|
|
3
|
+
declare const workspaceResourceAccess: string[];
|
|
4
|
+
declare const roles: RoleType[];
|
|
5
|
+
export { VOICE_SERVICE_ROLE, roles, workspaceResourceAccess };
|
package/dist/identity/roles.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.workspaceResourceAccess = exports.roles = exports.VOICE_SERVICE_ROLE = void 0;
|
|
4
4
|
/* eslint-disable sonarjs/no-duplicate-string */
|
|
5
5
|
/*
|
|
6
6
|
* Copyright (C) 2025 by Fonoster Inc (https://fonoster.com)
|
|
@@ -23,11 +23,7 @@ exports.workspaceAccess = exports.roles = exports.VOICE_SERVICE_ROLE = exports.U
|
|
|
23
23
|
const types_1 = require("@fonoster/types");
|
|
24
24
|
const VOICE_SERVICE_ROLE = "VOICE_SERVICE";
|
|
25
25
|
exports.VOICE_SERVICE_ROLE = VOICE_SERVICE_ROLE;
|
|
26
|
-
|
|
27
|
-
// We will split this two roles in the future
|
|
28
|
-
const USER_ROLE = "USER";
|
|
29
|
-
exports.USER_ROLE = USER_ROLE;
|
|
30
|
-
const workspaceAccess = [
|
|
26
|
+
const workspaceResourceAccess = [
|
|
31
27
|
"/fonoster.applications.v1beta2.Applications/CreateApplication",
|
|
32
28
|
"/fonoster.applications.v1beta2.Applications/UpdateApplication",
|
|
33
29
|
"/fonoster.applications.v1beta2.Applications/GetApplication",
|
|
@@ -74,7 +70,7 @@ const workspaceAccess = [
|
|
|
74
70
|
"/fonoster.calls.v1beta2.Calls/TrackCall",
|
|
75
71
|
"/fonoster.voice.v1beta2.Voice/CreateSession"
|
|
76
72
|
];
|
|
77
|
-
exports.
|
|
73
|
+
exports.workspaceResourceAccess = workspaceResourceAccess;
|
|
78
74
|
const fullIdentityAccess = [
|
|
79
75
|
"/fonoster.identity.v1beta2.Identity/GetUser",
|
|
80
76
|
"/fonoster.identity.v1beta2.Identity/UpdateUser",
|
|
@@ -83,6 +79,7 @@ const fullIdentityAccess = [
|
|
|
83
79
|
"/fonoster.identity.v1beta2.Identity/GetWorkspace",
|
|
84
80
|
"/fonoster.identity.v1beta2.Identity/UpdateWorkspace",
|
|
85
81
|
"/fonoster.identity.v1beta2.Identity/ListWorkspaces",
|
|
82
|
+
"/fonoster.identity.v1beta2.Identity/ListWorkspaceMembers",
|
|
86
83
|
"/fonoster.identity.v1beta2.Identity/DeleteWorkspace",
|
|
87
84
|
"/fonoster.identity.v1beta2.Identity/InviteUserToWorkspace",
|
|
88
85
|
"/fonoster.identity.v1beta2.Identity/RemoveUserFromWorkspace",
|
|
@@ -95,17 +92,7 @@ const fullIdentityAccess = [
|
|
|
95
92
|
];
|
|
96
93
|
const roles = [
|
|
97
94
|
{
|
|
98
|
-
name: types_1.
|
|
99
|
-
description: "Access to all endpoints",
|
|
100
|
-
access: [...fullIdentityAccess, ...workspaceAccess]
|
|
101
|
-
},
|
|
102
|
-
{
|
|
103
|
-
name: types_1.WorkspaceRoleEnum.ADMIN,
|
|
104
|
-
description: "Access to all endpoints",
|
|
105
|
-
access: [...fullIdentityAccess, ...workspaceAccess]
|
|
106
|
-
},
|
|
107
|
-
{
|
|
108
|
-
name: USER_ROLE,
|
|
95
|
+
name: types_1.Role.USER,
|
|
109
96
|
description: "Access to User and Workspace endpoints",
|
|
110
97
|
access: [
|
|
111
98
|
"/fonoster.identity.v1beta2.Identity/GetUser",
|
|
@@ -116,13 +103,27 @@ const roles = [
|
|
|
116
103
|
"/fonoster.identity.v1beta2.Identity/UpdateWorkspace",
|
|
117
104
|
"/fonoster.identity.v1beta2.Identity/ListWorkspaces",
|
|
118
105
|
"/fonoster.identity.v1beta2.Identity/RefreshToken",
|
|
119
|
-
...
|
|
106
|
+
...workspaceResourceAccess
|
|
120
107
|
]
|
|
121
108
|
},
|
|
122
109
|
{
|
|
123
|
-
name: types_1.
|
|
110
|
+
name: types_1.Role.WORKSPACE_OWNER,
|
|
111
|
+
description: "Access to all endpoints",
|
|
112
|
+
access: [...fullIdentityAccess, ...workspaceResourceAccess]
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
name: types_1.Role.WORKSPACE_ADMIN,
|
|
124
116
|
description: "Access to all endpoints",
|
|
125
|
-
access: [...fullIdentityAccess, ...
|
|
117
|
+
access: [...fullIdentityAccess, ...workspaceResourceAccess]
|
|
118
|
+
},
|
|
119
|
+
{
|
|
120
|
+
name: types_1.Role.WORKSPACE_MEMBER,
|
|
121
|
+
description: "Access to User and Workspace endpoints",
|
|
122
|
+
access: [
|
|
123
|
+
"/fonoster.identity.v1beta2.Identity/GetWorkspace",
|
|
124
|
+
"/fonoster.identity.v1beta2.Identity/ListWorkspaces",
|
|
125
|
+
...workspaceResourceAccess
|
|
126
|
+
]
|
|
126
127
|
},
|
|
127
128
|
{
|
|
128
129
|
name: VOICE_SERVICE_ROLE,
|
package/dist/identity/types.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Role } from "@fonoster/types";
|
|
2
2
|
declare enum TokenUseEnum {
|
|
3
3
|
ID = "id",
|
|
4
4
|
ACCESS = "access",
|
|
@@ -8,14 +8,14 @@ declare enum JsonWebErrorEnum {
|
|
|
8
8
|
JsonWebTokenError = "JsonWebTokenError",
|
|
9
9
|
TokenExpiredError = "TokenExpiredError"
|
|
10
10
|
}
|
|
11
|
-
type
|
|
11
|
+
type RoleType = {
|
|
12
12
|
name: string;
|
|
13
13
|
description: string;
|
|
14
14
|
access: string[];
|
|
15
15
|
};
|
|
16
16
|
type Access = {
|
|
17
17
|
accessKeyId: string;
|
|
18
|
-
role:
|
|
18
|
+
role: Role;
|
|
19
19
|
};
|
|
20
20
|
type BaseToken = {
|
|
21
21
|
iss: string;
|
|
@@ -41,4 +41,4 @@ type RefreshToken = BaseToken & {
|
|
|
41
41
|
tokenUse: TokenUseEnum.REFRESH;
|
|
42
42
|
};
|
|
43
43
|
type DecodedToken<T extends TokenUseEnum> = T extends TokenUseEnum.ID ? IdToken : T extends TokenUseEnum.ACCESS ? AccessToken : T extends TokenUseEnum.REFRESH ? TokenUseEnum : never;
|
|
44
|
-
export { Access, AccessToken, DecodedToken, IdToken, RefreshToken,
|
|
44
|
+
export { Access, AccessToken, DecodedToken, IdToken, RefreshToken, RoleType, TokenUseEnum, JsonWebErrorEnum };
|
|
@@ -32,7 +32,8 @@ service Identity {
|
|
|
32
32
|
rpc InviteUserToWorkspace (InviteUserToWorkspaceRequest) returns (InviteUserToWorkspaceResponse) {}
|
|
33
33
|
rpc RemoveUserFromWorkspace (RemoveUserFromWorkspaceRequest) returns (RemoveUserFromWorkspaceResponse) {}
|
|
34
34
|
rpc ResendWorkspaceMembershipInvitation (ResendWorkspaceMembershipInvitationRequest) returns (ResendWorkspaceMembershipInvitationResponse) {}
|
|
35
|
-
|
|
35
|
+
rpc ListWorkspaceMembers (ListWorkspaceMembersRequest) returns (ListWorkspaceMembersResponse) {}
|
|
36
|
+
|
|
36
37
|
// User specific actions
|
|
37
38
|
rpc CreateUser (CreateUserRequest) returns (CreateUserResponse) {}
|
|
38
39
|
rpc GetUser (GetUserRequest) returns (User) {}
|
|
@@ -134,6 +135,27 @@ message ResendWorkspaceMembershipInvitationResponse {
|
|
|
134
135
|
string user_ref = 1;
|
|
135
136
|
}
|
|
136
137
|
|
|
138
|
+
message Member {
|
|
139
|
+
string ref = 1;
|
|
140
|
+
string user_ref = 2;
|
|
141
|
+
string name = 3;
|
|
142
|
+
string email = 4;
|
|
143
|
+
string role = 5;
|
|
144
|
+
string status = 6;
|
|
145
|
+
int32 created_at = 7;
|
|
146
|
+
int32 updated_at = 8;
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
message ListWorkspaceMembersRequest {
|
|
150
|
+
string page_token = 1;
|
|
151
|
+
int32 page_size = 2;
|
|
152
|
+
}
|
|
153
|
+
|
|
154
|
+
message ListWorkspaceMembersResponse {
|
|
155
|
+
repeated Member items = 1;
|
|
156
|
+
string next_page_token = 2;
|
|
157
|
+
}
|
|
158
|
+
|
|
137
159
|
// User Resources
|
|
138
160
|
enum ContactType {
|
|
139
161
|
EMAIL = 0;
|
|
@@ -217,8 +239,8 @@ message DeleteApiKeyResponse {
|
|
|
217
239
|
}
|
|
218
240
|
|
|
219
241
|
message ListApiKeysRequest {
|
|
220
|
-
|
|
221
|
-
|
|
242
|
+
string page_token = 1;
|
|
243
|
+
int32 page_size = 2;
|
|
222
244
|
}
|
|
223
245
|
|
|
224
246
|
message ListApiKeysResponse {
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Role } from "@fonoster/types";
|
|
2
2
|
import { z } from "zod";
|
|
3
3
|
declare const createWorkspaceRequestSchema: z.ZodObject<{
|
|
4
4
|
name: z.ZodString;
|
|
@@ -8,13 +8,13 @@ declare const createWorkspaceRequestSchema: z.ZodObject<{
|
|
|
8
8
|
name?: string;
|
|
9
9
|
}>;
|
|
10
10
|
declare const createApiKeyRequestSchema: z.ZodObject<{
|
|
11
|
-
role: z.ZodEnum<[
|
|
11
|
+
role: z.ZodEnum<[Role.WORKSPACE_ADMIN]>;
|
|
12
12
|
expiresAt: z.ZodOptional<z.ZodNumber>;
|
|
13
13
|
}, "strip", z.ZodTypeAny, {
|
|
14
|
-
role?:
|
|
14
|
+
role?: Role.WORKSPACE_ADMIN;
|
|
15
15
|
expiresAt?: number;
|
|
16
16
|
}, {
|
|
17
|
-
role?:
|
|
17
|
+
role?: Role.WORKSPACE_ADMIN;
|
|
18
18
|
expiresAt?: number;
|
|
19
19
|
}>;
|
|
20
20
|
declare const exchangeApiKeysRequestSchema: z.ZodObject<{
|
|
@@ -92,16 +92,16 @@ declare const updateUserRequestSchema: z.ZodObject<{
|
|
|
92
92
|
declare const inviteUserToWorkspaceRequestSchema: z.ZodObject<{
|
|
93
93
|
email: z.ZodString;
|
|
94
94
|
name: z.ZodString;
|
|
95
|
-
role: z.ZodEnum<[
|
|
95
|
+
role: z.ZodEnum<[Role.WORKSPACE_ADMIN, Role.WORKSPACE_MEMBER]>;
|
|
96
96
|
password: z.ZodUnion<[z.ZodString, z.ZodUndefined]>;
|
|
97
97
|
}, "strip", z.ZodTypeAny, {
|
|
98
98
|
name?: string;
|
|
99
|
-
role?:
|
|
99
|
+
role?: Role.WORKSPACE_ADMIN | Role.WORKSPACE_MEMBER;
|
|
100
100
|
password?: string;
|
|
101
101
|
email?: string;
|
|
102
102
|
}, {
|
|
103
103
|
name?: string;
|
|
104
|
-
role?:
|
|
104
|
+
role?: Role.WORKSPACE_ADMIN | Role.WORKSPACE_MEMBER;
|
|
105
105
|
password?: string;
|
|
106
106
|
email?: string;
|
|
107
107
|
}>;
|
|
@@ -36,7 +36,7 @@ const createWorkspaceRequestSchema = zod_1.z.object({
|
|
|
36
36
|
});
|
|
37
37
|
exports.createWorkspaceRequestSchema = createWorkspaceRequestSchema;
|
|
38
38
|
const createApiKeyRequestSchema = zod_1.z.object({
|
|
39
|
-
role: zod_1.z.enum([types_1.
|
|
39
|
+
role: zod_1.z.enum([types_1.Role.WORKSPACE_ADMIN]),
|
|
40
40
|
expiresAt: zod_1.z
|
|
41
41
|
.number()
|
|
42
42
|
.int({ message: messages_1.POSITIVE_INTEGER_MESSAGE })
|
|
@@ -89,7 +89,7 @@ exports.updateUserRequestSchema = updateUserRequestSchema;
|
|
|
89
89
|
const inviteUserToWorkspaceRequestSchema = zod_1.z.object({
|
|
90
90
|
email: zod_1.z.string().email({ message: EMAIL_MESSAGE }),
|
|
91
91
|
name: zod_1.z.string().max(50, { message: MAX_NAME_MESSAGE }),
|
|
92
|
-
role: zod_1.z.enum([types_1.
|
|
92
|
+
role: zod_1.z.enum([types_1.Role.WORKSPACE_ADMIN, types_1.Role.WORKSPACE_MEMBER]),
|
|
93
93
|
password: zod_1.z.string().min(8, { message: PASSWORD_MESSAGE }).or(zod_1.z.undefined())
|
|
94
94
|
});
|
|
95
95
|
exports.inviteUserToWorkspaceRequestSchema = inviteUserToWorkspaceRequestSchema;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fonoster/common",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.15",
|
|
4
4
|
"description": "Common library for Fonoster projects",
|
|
5
5
|
"author": "Pedro Sanders <psanders@fonoster.com>",
|
|
6
6
|
"homepage": "https://github.com/fonoster/fonoster#readme",
|
|
@@ -48,5 +48,5 @@
|
|
|
48
48
|
"devDependencies": {
|
|
49
49
|
"@types/nodemailer": "^6.4.14"
|
|
50
50
|
},
|
|
51
|
-
"gitHead": "
|
|
51
|
+
"gitHead": "82708d0237fb1cd19a8188ee3f1c99d450a2c116"
|
|
52
52
|
}
|