@fraym/auth 0.5.3 → 0.6.1

package/README.md

@@ -15,34 +15,12 @@ There is a sandbox available at `http://auth:3000/management/graphql/sandbox`.
 
 You need to add the `Tenant-Id` header in order to use the graphQL Endpoint and the sandbox.
 
-## CLI command
-
-Use the `auth` cli command to automatically apply your permissions to the auth service.
-
-You can specify the address (and port) of the auth service instance you use in the `AUTH_SERVER_ADDRESS` env variable (default: `127.0.0.1:9000`).
-
-In case of scopes api you need to configure the HTTP api:
-
--   `AUTH_HTTP_SERVER_ADDRESS`: Http api url of the auth service (default: `http://127.0.0.1`)
--   `AUTH_HTTP_API_TOKEN`: The value of that token has to match the token configured in the auth service
-
-The needed schema for auth is a simple enum containing all your permissions. Example:
-
-```graphql
-enum Permission {
-    USER_READ
-    USER_WRITE
-}
-```
-
 ### Config
 
 Use a `.env` file or env variables to configure cte clients and the command:
 
 ```env
 AUTH_SERVER_ADDRESS=127.0.0.1:9000
-AUTH_HTTP_SERVER_ADDRESS=http://127.0.0.1
-AUTH_HTTP_API_TOKEN=
 ```
 
 ## JWT functions
@@ -93,42 +71,10 @@ Parameters:
 
 ### Create the client
 
-management client:
-
 ```typescript
 const managementClient = await newManagementClient();
 ```
 
-## Get all scopes (permissions)
-
-The `clientId` paramenter is optional. If none is given the default client will be used.
-
-```typescript
-const scopes = await managementClient.getScopes();
-```
-
-Note: you need to configure `AUTH_HTTP_SERVER_ADDRESS` and `AUTH_HTTP_API_TOKEN` to use this function.
-
-## Create a scope (permission)
-
-The `clientId` paramenter is optional. If none is given the default client will be used.
-
-```typescript
-await managementClient.createScope("PERMISSION_NAME");
-```
-
-Note: you need to configure `AUTH_HTTP_SERVER_ADDRESS` and `AUTH_HTTP_API_TOKEN` to use this function.
-
-## Delete a scope (permission)
-
-The `clientId` paramenter is optional. If none is given the default client will be used.
-
-```typescript
-await managementClient.deleteScope("PERMISSION_NAME");
-```
-
-Note: you need to configure `AUTH_HTTP_SERVER_ADDRESS` and `AUTH_HTTP_API_TOKEN` to use this function.
-
 ## Get all roles
 
 ```typescript

package/dist/config/config.d.ts

@@ -1,7 +1,5 @@
 export interface ClientConfig {
     serverAddress: string;
-    httpServerAddress: string;
-    httpApiToken: string;
     keepaliveInterval?: number;
     keepaliveTimeout?: number;
 }

package/dist/config/config.js

@@ -3,11 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.useConfigDefaults = exports.getEnvConfig = void 0;
 const dotenv_1 = require("dotenv");
 const getEnvConfig = () => {
-    var _a, _b, _c;
+    var _a;
     (0, dotenv_1.config)();
     const serverAddress = (_a = process.env.AUTH_SERVER_ADDRESS) !== null && _a !== void 0 ? _a : "";
-    const httpServerAddress = (_b = process.env.AUTH_HTTP_SERVER_ADDRESS) !== null && _b !== void 0 ? _b : "";
-    const httpApiToken = (_c = process.env.AUTH_HTTP_API_TOKEN) !== null && _c !== void 0 ? _c : "";
     let keepaliveInterval;
     let keepaliveTimeout;
     const keepaliveIntervalString = process.env.AUTH_CONNECTION_KEEPALIVE_INTERVAL;
@@ -20,8 +18,6 @@ const getEnvConfig = () => {
     }
     return {
         serverAddress,
-        httpServerAddress,
-        httpApiToken,
         keepaliveInterval,
         keepaliveTimeout,
     };
@@ -34,8 +30,6 @@ const useConfigDefaults = (config) => {
     }
     return {
         serverAddress: config.serverAddress,
-        httpServerAddress: config.httpServerAddress,
-        httpApiToken: config.httpApiToken,
         keepaliveTimeout: (_a = config.keepaliveTimeout) !== null && _a !== void 0 ? _a : 3 * 1000,
         keepaliveInterval: (_b = config.keepaliveInterval) !== null && _b !== void 0 ? _b : 40 * 1000,
     };

package/dist/management/client.d.ts

@@ -4,9 +4,6 @@ import { Role } from "./getRoles";
 import { User } from "./getUsers";
 import { UpsertRoleScope } from "./upsertRole";
 export interface ManagementClient {
-    createScope: (name: string, clientId?: string) => Promise<void>;
-    deleteScope: (name: string, clientId?: string) => Promise<void>;
-    getScopes: (clientId?: string) => Promise<string[]>;
     upsertRole: (tenantId: string, allowedScopes: UpsertRoleScope[], id?: string) => Promise<string>;
     deleteRole: (tenantId: string, id: string) => Promise<void>;
     getRoles: (tenantId: string) => Promise<Role[]>;

package/dist/management/client.js

@@ -4,13 +4,10 @@ exports.newManagementClient = void 0;
 const auth_proto_1 = require("@fraym/auth-proto");
 const grpc_js_1 = require("@grpc/grpc-js");
 const config_1 = require("../config/config");
-const createScope_1 = require("./createScope");
 const createUser_1 = require("./createUser");
 const deleteRole_1 = require("./deleteRole");
-const deleteScope_1 = require("./deleteScope");
 const deleteUser_1 = require("./deleteUser");
 const getRoles_1 = require("./getRoles");
-const getScopes_1 = require("./getScopes");
 const getUsers_1 = require("./getUsers");
 const updateUser_1 = require("./updateUser");
 const upsertRole_1 = require("./upsertRole");
@@ -21,15 +18,6 @@ const newManagementClient = async (config) => {
         "grpc.keepalive_timeout_ms": currentConfig.keepaliveTimeout,
         "grpc.keepalive_permit_without_calls": 1,
     });
-    const createScope = async (name, clientId = "") => {
-        await (0, createScope_1.createNewScope)(name, clientId, currentConfig);
-    };
-    const deleteScope = async (name, clientId = "") => {
-        await (0, deleteScope_1.deleteExistingScope)(name, clientId, currentConfig);
-    };
-    const getScopes = async (clientId = "") => {
-        return await (0, getScopes_1.getAllScopes)(clientId, currentConfig);
-    };
     const upsertRole = async (tenantId, allowedScopes, id = "") => {
         return await (0, upsertRole_1.createOrUpdateRole)(tenantId, id, allowedScopes, serviceClient);
     };
@@ -55,9 +43,6 @@ const newManagementClient = async (config) => {
         serviceClient.close();
     };
     return {
-        createScope,
-        deleteScope,
-        getScopes,
         upsertRole,
         deleteRole,
         getRoles,

package/dist/util/token.js

@@ -26,7 +26,9 @@ exports.generateJwt = generateJwt;
 const addDataToJwt = async (appSecret, token, data) => {
     var _a;
     const secret = new TextEncoder().encode(appSecret);
-    const { payload, protectedHeader } = await (0, jose_1.jwtVerify)(token, secret);
+    const { payload, protectedHeader } = await (0, jose_1.jwtVerify)(token, secret, {
+        clockTolerance: "10 seconds",
+    });
     if (!payload.exp) {
         throw Error("expiration time is missing in JWT");
     }
@@ -42,7 +44,9 @@ exports.addDataToJwt = addDataToJwt;
 const getTokenData = async (appSecret, token, requireUserId = true) => {
     var _a, _b, _c;
     const secret = new TextEncoder().encode(appSecret);
-    const { payload } = await (0, jose_1.jwtVerify)(token, secret);
+    const { payload } = await (0, jose_1.jwtVerify)(token, secret, {
+        clockTolerance: "10 seconds",
+    });
     if (!payload.exp) {
         throw Error("expiration time is missing in JWT");
     }

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@fraym/auth",
-    "version": "0.5.3",
+    "version": "0.6.1",
     "license": "MIT",
     "homepage": "https://github.com/fraym/auth-nodejs",
     "repository": {
@@ -12,7 +12,7 @@
         "test": "echo \"Error: no test specified\" && exit 0",
         "format": "prettier --write \"**/*.{ts,tsx,json}\"",
         "lint": "prettier --check \"**/*.{ts,tsx,json}\"",
-        "build": "npm run clean && tsc && chmod +x dist/cmd/auth.js",
+        "build": "npm run clean && tsc",
         "clean": "rm -rf dist",
         "prepublishOnly": "npm test && npm run lint && npm run build",
         "preversion": "npm run lint",
@@ -23,9 +23,6 @@
     ],
     "main": "dist/index.js",
     "types": "dist/index.d.ts",
-    "bin": {
-        "auth": "dist/cmd/auth.js"
-    },
     "dependencies": {
         "@fraym/auth-proto": "^0.6.0",
         "@graphql-tools/graphql-file-loader": "^7.5.11",

package/dist/cmd/auth.d.ts

@@ -1,2 +0,0 @@
-#! /usr/bin/env node
-export {};

package/dist/cmd/auth.js

@@ -1,88 +0,0 @@
-#! /usr/bin/env node
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const yargs_1 = __importDefault(require("yargs/yargs"));
-const helpers_1 = require("yargs/helpers");
-const dotenv_1 = require("dotenv");
-const graphql_file_loader_1 = require("@graphql-tools/graphql-file-loader");
-const load_1 = require("@graphql-tools/load");
-const graphql_1 = require("graphql");
-const client_1 = require("../management/client");
-const run = async () => {
-    (0, dotenv_1.config)();
-    const argv = await (0, yargs_1.default)((0, helpers_1.hideBin)(process.argv))
-        .config({
-        schemaGlob: "./src/**/*.graphql",
-        serverAddress: "127.0.0.1:9000",
-        httpServerAddress: "http://127.0.0.1",
-        httpApiToken: "",
-    })
-        .pkgConf("auth").argv;
-    let schemaGlob = argv.schemaGlob;
-    let serverAddress = argv.serverAddress;
-    let httpServerAddress = argv.httpServerAddress;
-    let httpApiToken = argv.httpApiToken;
-    if (process.env.AUTH_SCHEMA_GLOB) {
-        schemaGlob = process.env.AUTH_SCHEMA_GLOB;
-    }
-    if (process.env.AUTH_SERVER_ADDRESS) {
-        serverAddress = process.env.AUTH_SERVER_ADDRESS;
-    }
-    if (process.env.AUTH_HTTP_SERVER_ADDRESS) {
-        httpServerAddress = process.env.AUTH_HTTP_SERVER_ADDRESS;
-    }
-    if (process.env.AUTH_HTTP_API_TOKEN) {
-        httpApiToken = process.env.AUTH_HTTP_API_TOKEN;
-    }
-    const schema = await (0, load_1.loadSchema)(`${schemaGlob}`, {
-        loaders: [new graphql_file_loader_1.GraphQLFileLoader()],
-    });
-    const permissions = getSchemaPermissions(schema);
-    await migratePermissions(permissions, serverAddress, httpServerAddress, httpApiToken);
-};
-const getSchemaPermissions = (schema) => {
-    const permissions = [];
-    schema.toConfig().types.forEach(t => {
-        var _a, _b;
-        if (!(t instanceof graphql_1.GraphQLEnumType)) {
-            return;
-        }
-        const name = t.toString();
-        if (name !== "Permission") {
-            return;
-        }
-        (_b = (_a = t.astNode) === null || _a === void 0 ? void 0 : _a.values) === null || _b === void 0 ? void 0 : _b.forEach(value => {
-            permissions.push(value.name.value);
-        });
-    });
-    return permissions;
-};
-const migratePermissions = async (permissions, serverAddress, httpServerAddress, httpApiToken) => {
-    const managementClient = await (0, client_1.newManagementClient)({
-        serverAddress,
-        httpServerAddress,
-        httpApiToken,
-    });
-    const existingPermissions = (await managementClient.getScopes()).filter(permission => !permission.startsWith("FRAYM_"));
-    console.log("existingPermissions", existingPermissions);
-    const permissionsToCreate = permissions.filter(permission => !existingPermissions.includes(permission));
-    const permissionsToDelete = existingPermissions.filter(permission => !permissions.includes(permission));
-    if (permissionsToCreate.length > 0) {
-        console.log(`Creating ${permissionsToCreate.length} permissions: ${permissionsToCreate}...`);
-        for (let i = 0; i < permissionsToCreate.length; i++) {
-            await managementClient.createScope(permissionsToCreate[i]);
-        }
-        console.log(`Created ${permissionsToCreate.length} permissions`);
-    }
-    if (permissionsToDelete.length > 0) {
-        console.log(`Removing ${permissionsToDelete.length} permissions: ${permissionsToDelete}...`);
-        for (let i = 0; i < permissionsToDelete.length; i++) {
-            await managementClient.deleteScope(permissionsToDelete[i]);
-        }
-        console.log(`Removed ${permissionsToDelete.length} permissions`);
-    }
-};
-run();

package/dist/management/createScope.d.ts

@@ -1,2 +0,0 @@
-import { ClientConfig } from "config/config";
-export declare const createNewScope: (name: string, clientId: string, config: ClientConfig) => Promise<void>;

package/dist/management/createScope.js

@@ -1,17 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createNewScope = void 0;
-const createNewScope = async (name, clientId, config) => {
-    await fetch(`${config.httpServerAddress}/management/scopes`, {
-        method: "POST",
-        headers: {
-            Authorization: `Bearer ${config.httpApiToken}`,
-            "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-            clientId,
-            name,
-        }),
-    });
-};
-exports.createNewScope = createNewScope;

package/dist/management/deleteScope.d.ts

@@ -1,2 +0,0 @@
-import { ClientConfig } from "config/config";
-export declare const deleteExistingScope: (name: string, clientId: string, config: ClientConfig) => Promise<void>;

package/dist/management/deleteScope.js

@@ -1,17 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.deleteExistingScope = void 0;
-const deleteExistingScope = async (name, clientId, config) => {
-    await fetch(`${config.httpServerAddress}/management/scopes`, {
-        method: "DELETE",
-        headers: {
-            Authorization: `Bearer ${config.httpApiToken}`,
-            "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-            clientId,
-            name,
-        }),
-    });
-};
-exports.deleteExistingScope = deleteExistingScope;

package/dist/management/getScopes.d.ts

@@ -1,2 +0,0 @@
-import { ClientConfig } from "config/config";
-export declare const getAllScopes: (clientId: string, config: ClientConfig) => Promise<string[]>;

package/dist/management/getScopes.js

@@ -1,18 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAllScopes = void 0;
-const getAllScopes = async (clientId, config) => {
-    const response = await fetch(`${config.httpServerAddress}/management/scopes/list`, {
-        method: "POST",
-        headers: {
-            Authorization: `Bearer ${config.httpApiToken}`,
-            "Content-Type": "application/json",
-        },
-        body: JSON.stringify({
-            clientId,
-        }),
-    });
-    const data = await response.json();
-    return data.scopes;
-};
-exports.getAllScopes = getAllScopes;