@fonoster/common 0.9.14 → 0.9.16

package/dist/identity/createAuthInterceptor.js

@@ -66,11 +66,11 @@ function createAuthInterceptor(identityPublicKey, publicPath) {
             accessKeyId,
             path,
             hasAccess: (0, hasAccess_1.hasAccess)(decodedToken, path),
-            pathIsWorkspacePath: roles_1.workspaceAccess.includes(path),
+            pathIsWorkspacePath: roles_1.workspaceResourceAccess.includes(path),
             tokenHasAccessKeyId: (0, tokenHasAccessKeyId_1.tokenHasAccessKeyId)(token, accessKeyId)
         });
         if (!(0, hasAccess_1.hasAccess)(decodedToken, path) ||
-            (roles_1.workspaceAccess.includes(path) &&
+            (roles_1.workspaceResourceAccess.includes(path) &&
                 !(0, tokenHasAccessKeyId_1.tokenHasAccessKeyId)(token, accessKeyId))) {
             return (0, errors_1.permissionDeniedError)(call);
         }

package/dist/identity/hasAccess.js

@@ -1,13 +1,32 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.hasAccess = hasAccess;
+/*
+ * Copyright (C) 2025 by Fonoster Inc (https://fonoster.com)
+ * http://github.com/fonoster/fonoster
+ *
+ * This file is part of Fonoster
+ *
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *    https://opensource.org/licenses/MIT
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const types_1 = require("@fonoster/types");
 const roles_1 = require("./roles");
 // This function only checks if the role has access to the grpc method
 function hasAccess(decodedToken, method) {
     const { access, accessKeyId } = decodedToken;
     const roleList = accessKeyId.startsWith("US") && // US is for user; user tokens only have USER role
         access.length === 0 // If it is a user token, and has no access, we still allow it in case it is a user method
-        ? [roles_1.USER_ROLE]
+        ? [types_1.Role.USER]
         : access.map((a) => a.role);
     return roleList.some((r) => roles_1.roles.find((role) => role.name === r && role.access.includes(method)));
 }

package/dist/identity/roles.d.ts

@@ -1,6 +1,5 @@
-import { Role } from "./types";
+import { RoleType } from "./types";
 declare const VOICE_SERVICE_ROLE = "VOICE_SERVICE";
-declare const USER_ROLE = "USER";
-declare const workspaceAccess: string[];
-declare const roles: Role[];
-export { USER_ROLE, VOICE_SERVICE_ROLE, roles, workspaceAccess };
+declare const workspaceResourceAccess: string[];
+declare const roles: RoleType[];
+export { VOICE_SERVICE_ROLE, roles, workspaceResourceAccess };

package/dist/identity/roles.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.workspaceAccess = exports.roles = exports.VOICE_SERVICE_ROLE = exports.USER_ROLE = void 0;
+exports.workspaceResourceAccess = exports.roles = exports.VOICE_SERVICE_ROLE = void 0;
 /* eslint-disable sonarjs/no-duplicate-string */
 /*
  * Copyright (C) 2025 by Fonoster Inc (https://fonoster.com)
@@ -23,11 +23,7 @@ exports.workspaceAccess = exports.roles = exports.VOICE_SERVICE_ROLE = exports.U
 const types_1 = require("@fonoster/types");
 const VOICE_SERVICE_ROLE = "VOICE_SERVICE";
 exports.VOICE_SERVICE_ROLE = VOICE_SERVICE_ROLE;
-// The WorkspaceRole.USER is the same as the USER_ROLE constant
-// We will split this two roles in the future
-const USER_ROLE = "USER";
-exports.USER_ROLE = USER_ROLE;
-const workspaceAccess = [
+const workspaceResourceAccess = [
     "/fonoster.applications.v1beta2.Applications/CreateApplication",
     "/fonoster.applications.v1beta2.Applications/UpdateApplication",
     "/fonoster.applications.v1beta2.Applications/GetApplication",
@@ -74,7 +70,7 @@ const workspaceAccess = [
     "/fonoster.calls.v1beta2.Calls/TrackCall",
     "/fonoster.voice.v1beta2.Voice/CreateSession"
 ];
-exports.workspaceAccess = workspaceAccess;
+exports.workspaceResourceAccess = workspaceResourceAccess;
 const fullIdentityAccess = [
     "/fonoster.identity.v1beta2.Identity/GetUser",
     "/fonoster.identity.v1beta2.Identity/UpdateUser",
@@ -96,17 +92,7 @@ const fullIdentityAccess = [
 ];
 const roles = [
     {
-        name: types_1.WorkspaceRole.OWNER,
-        description: "Access to all endpoints",
-        access: [...fullIdentityAccess, ...workspaceAccess]
-    },
-    {
-        name: types_1.WorkspaceRole.ADMIN,
-        description: "Access to all endpoints",
-        access: [...fullIdentityAccess, ...workspaceAccess]
-    },
-    {
-        name: USER_ROLE,
+        name: types_1.Role.USER,
         description: "Access to User and Workspace endpoints",
         access: [
             "/fonoster.identity.v1beta2.Identity/GetUser",
@@ -117,13 +103,27 @@ const roles = [
             "/fonoster.identity.v1beta2.Identity/UpdateWorkspace",
             "/fonoster.identity.v1beta2.Identity/ListWorkspaces",
             "/fonoster.identity.v1beta2.Identity/RefreshToken",
-            ...workspaceAccess
+            ...workspaceResourceAccess
         ]
     },
     {
-        name: types_1.ApiRole.WORKSPACE_ADMIN,
+        name: types_1.Role.WORKSPACE_OWNER,
+        description: "Access to all endpoints",
+        access: [...fullIdentityAccess, ...workspaceResourceAccess]
+    },
+    {
+        name: types_1.Role.WORKSPACE_ADMIN,
         description: "Access to all endpoints",
-        access: [...fullIdentityAccess, ...workspaceAccess]
+        access: [...fullIdentityAccess, ...workspaceResourceAccess]
+    },
+    {
+        name: types_1.Role.WORKSPACE_MEMBER,
+        description: "Access to User and Workspace endpoints",
+        access: [
+            "/fonoster.identity.v1beta2.Identity/GetWorkspace",
+            "/fonoster.identity.v1beta2.Identity/ListWorkspaces",
+            ...workspaceResourceAccess
+        ]
     },
     {
         name: VOICE_SERVICE_ROLE,

package/dist/identity/types.d.ts

@@ -1,4 +1,4 @@
-import { WorkspaceRole } from "@fonoster/types";
+import { Role } from "@fonoster/types";
 declare enum TokenUseEnum {
     ID = "id",
     ACCESS = "access",
@@ -8,14 +8,14 @@ declare enum JsonWebErrorEnum {
     JsonWebTokenError = "JsonWebTokenError",
     TokenExpiredError = "TokenExpiredError"
 }
-type Role = {
+type RoleType = {
     name: string;
     description: string;
     access: string[];
 };
 type Access = {
     accessKeyId: string;
-    role: WorkspaceRole;
+    role: Role;
 };
 type BaseToken = {
     iss: string;
@@ -41,4 +41,4 @@ type RefreshToken = BaseToken & {
     tokenUse: TokenUseEnum.REFRESH;
 };
 type DecodedToken<T extends TokenUseEnum> = T extends TokenUseEnum.ID ? IdToken : T extends TokenUseEnum.ACCESS ? AccessToken : T extends TokenUseEnum.REFRESH ? TokenUseEnum : never;
-export { Access, AccessToken, DecodedToken, IdToken, RefreshToken, Role, TokenUseEnum, JsonWebErrorEnum };
+export { Access, AccessToken, DecodedToken, IdToken, RefreshToken, RoleType, TokenUseEnum, JsonWebErrorEnum };

package/dist/protos/identity.proto

@@ -135,7 +135,7 @@ message ResendWorkspaceMembershipInvitationResponse {
   string user_ref = 1;
 }
 
-message Member {
+message WorkspaceMember {
   string ref = 1;
   string user_ref = 2;
   string name = 3;
@@ -152,7 +152,7 @@ message ListWorkspaceMembersRequest {
 }
 
 message ListWorkspaceMembersResponse {
-  repeated Member items = 1;
+  repeated WorkspaceMember items = 1;
   string next_page_token = 2;
 }
 

package/dist/validators/identity.d.ts

@@ -1,4 +1,4 @@
-import { ApiRole, WorkspaceRole } from "@fonoster/types";
+import { Role } from "@fonoster/types";
 import { z } from "zod";
 declare const createWorkspaceRequestSchema: z.ZodObject<{
     name: z.ZodString;
@@ -8,13 +8,13 @@ declare const createWorkspaceRequestSchema: z.ZodObject<{
     name?: string;
 }>;
 declare const createApiKeyRequestSchema: z.ZodObject<{
-    role: z.ZodEnum<[ApiRole]>;
+    role: z.ZodEnum<[Role.WORKSPACE_ADMIN]>;
     expiresAt: z.ZodOptional<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
-    role?: ApiRole;
+    role?: Role.WORKSPACE_ADMIN;
     expiresAt?: number;
 }, {
-    role?: ApiRole;
+    role?: Role.WORKSPACE_ADMIN;
     expiresAt?: number;
 }>;
 declare const exchangeApiKeysRequestSchema: z.ZodObject<{
@@ -92,16 +92,16 @@ declare const updateUserRequestSchema: z.ZodObject<{
 declare const inviteUserToWorkspaceRequestSchema: z.ZodObject<{
     email: z.ZodString;
     name: z.ZodString;
-    role: z.ZodEnum<[WorkspaceRole.ADMIN, WorkspaceRole.USER]>;
+    role: z.ZodEnum<[Role.WORKSPACE_ADMIN, Role.WORKSPACE_MEMBER]>;
     password: z.ZodUnion<[z.ZodString, z.ZodUndefined]>;
 }, "strip", z.ZodTypeAny, {
     name?: string;
-    role?: WorkspaceRole.ADMIN | WorkspaceRole.USER;
+    role?: Role.WORKSPACE_ADMIN | Role.WORKSPACE_MEMBER;
     password?: string;
     email?: string;
 }, {
     name?: string;
-    role?: WorkspaceRole.ADMIN | WorkspaceRole.USER;
+    role?: Role.WORKSPACE_ADMIN | Role.WORKSPACE_MEMBER;
     password?: string;
     email?: string;
 }>;

package/dist/validators/identity.js

@@ -36,7 +36,7 @@ const createWorkspaceRequestSchema = zod_1.z.object({
 });
 exports.createWorkspaceRequestSchema = createWorkspaceRequestSchema;
 const createApiKeyRequestSchema = zod_1.z.object({
-    role: zod_1.z.enum([types_1.ApiRole.WORKSPACE_ADMIN]),
+    role: zod_1.z.enum([types_1.Role.WORKSPACE_ADMIN]),
     expiresAt: zod_1.z
         .number()
         .int({ message: messages_1.POSITIVE_INTEGER_MESSAGE })
@@ -89,7 +89,7 @@ exports.updateUserRequestSchema = updateUserRequestSchema;
 const inviteUserToWorkspaceRequestSchema = zod_1.z.object({
     email: zod_1.z.string().email({ message: EMAIL_MESSAGE }),
     name: zod_1.z.string().max(50, { message: MAX_NAME_MESSAGE }),
-    role: zod_1.z.enum([types_1.WorkspaceRole.ADMIN, types_1.WorkspaceRole.USER]),
+    role: zod_1.z.enum([types_1.Role.WORKSPACE_ADMIN, types_1.Role.WORKSPACE_MEMBER]),
     password: zod_1.z.string().min(8, { message: PASSWORD_MESSAGE }).or(zod_1.z.undefined())
 });
 exports.inviteUserToWorkspaceRequestSchema = inviteUserToWorkspaceRequestSchema;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fonoster/common",
-  "version": "0.9.14",
+  "version": "0.9.16",
   "description": "Common library for Fonoster projects",
   "author": "Pedro Sanders <psanders@fonoster.com>",
   "homepage": "https://github.com/fonoster/fonoster#readme",
@@ -48,5 +48,5 @@
   "devDependencies": {
     "@types/nodemailer": "^6.4.14"
   },
-  "gitHead": "ba1b5e9898fafef1d3c4d3f1e72d3c2326fcec7b"
+  "gitHead": "351223b8851c88b46fa633ab4f47286e4ae0a561"
 }