@jcdubs/janus 1.0.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-lambda/auth-lambda.d.ts +2 -2
- package/dist/auth-lambda/auth-lambda.js +2 -2
- package/dist/auth-lambda/index.d.ts +1 -1
- package/dist/authorization-middleware/authorization-middleware.d.ts +3 -3
- package/dist/authorization-middleware/authorization-middleware.js +5 -5
- package/dist/authorization-middleware/index.d.ts +1 -1
- package/dist/authorization-service/authorization-service.d.ts +2 -2
- package/dist/authorization-service/authorization-service.js +19 -19
- package/dist/authorization-service/authorization-tests/config.d.ts +1 -1
- package/dist/authorization-service/authorization-tests/config.js +4 -4
- package/dist/authorization-service/authorization-tests/create-order-entity.d.ts +1 -1
- package/dist/authorization-service/authorization-tests/get-policy.js +2 -2
- package/dist/authorization-service/index.d.ts +2 -2
- package/dist/authorization-service/policy-parser.d.ts +1 -1
- package/dist/authorization-service/policy-parser.js +14 -14
- package/dist/errors/index.d.ts +6 -6
- package/dist/errors/missing-authenticated-user-details-error/index.d.ts +1 -1
- package/dist/errors/missing-authenticated-user-details-error/missing-authenticated-user-details-error.js +2 -2
- package/dist/errors/missing-authorization-action-error/index.d.ts +1 -1
- package/dist/errors/missing-authorization-action-error/missing-authorization-action-error.js +2 -2
- package/dist/errors/missing-authorization-policy-error/index.d.ts +1 -1
- package/dist/errors/missing-authorization-policy-error/missing-authorization-policy-error.js +2 -2
- package/dist/errors/missing-authorization-resource-error/index.d.ts +1 -1
- package/dist/errors/missing-authorization-resource-error/missing-authorization-resource-error.js +2 -2
- package/dist/errors/missing-authorization-schema-error/index.d.ts +1 -1
- package/dist/errors/missing-authorization-schema-error/missing-authorization-schema-error.js +2 -2
- package/dist/errors/unauthorized-error/index.d.ts +1 -1
- package/dist/errors/unauthorized-error/unauthorized-error.js +1 -1
- package/dist/file-loader/file-loader.js +1 -1
- package/dist/file-loader/index.d.ts +1 -1
- package/dist/index.d.ts +6 -5
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js.map +1 -1
- package/dist/setupTests.js +5 -5
- package/dist/user-details/index.d.ts +1 -1
- package/dist/user-details/user-details-service.d.ts +1 -1
- package/dist/user-details/user-details-service.js +9 -9
- package/package.json +1 -1
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import * as njsLambda from
|
|
2
|
-
import type { Construct } from
|
|
1
|
+
import * as njsLambda from 'aws-cdk-lib/aws-lambda-nodejs';
|
|
2
|
+
import type { Construct } from 'constructs';
|
|
3
3
|
/**
|
|
4
4
|
* Configuration properties for the AuthLambda construct.
|
|
5
5
|
*
|
|
@@ -107,8 +107,8 @@ class AuthLambda extends njsLambda.NodejsFunction {
|
|
|
107
107
|
},
|
|
108
108
|
externalModules: [
|
|
109
109
|
...(props.bundling?.externalModules || []),
|
|
110
|
-
|
|
111
|
-
|
|
110
|
+
'@aws-sdk*',
|
|
111
|
+
'@cedar-policy/cedar-wasm',
|
|
112
112
|
],
|
|
113
113
|
},
|
|
114
114
|
});
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './auth-lambda';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import type middy from
|
|
2
|
-
import type { APIGatewayProxyEvent, APIGatewayProxyResult } from
|
|
3
|
-
import { type AuthorizationConfigType } from
|
|
1
|
+
import type middy from '@middy/core';
|
|
2
|
+
import type { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';
|
|
3
|
+
import { type AuthorizationConfigType } from '../authorization-service';
|
|
4
4
|
/**
|
|
5
5
|
* Middy middleware that loads Cedar authorization and user details for policy-based authorization.
|
|
6
6
|
*
|
|
@@ -4,7 +4,7 @@ exports.loadCedarAuthorization = void 0;
|
|
|
4
4
|
const logger_1 = require("@aws-lambda-powertools/logger");
|
|
5
5
|
const authorization_service_1 = require("../authorization-service");
|
|
6
6
|
const user_details_1 = require("../user-details");
|
|
7
|
-
const logger = new logger_1.Logger({ serviceName:
|
|
7
|
+
const logger = new logger_1.Logger({ serviceName: 'authorization-middleware' });
|
|
8
8
|
/**
|
|
9
9
|
* Middy middleware that loads Cedar authorization and user details for policy-based authorization.
|
|
10
10
|
*
|
|
@@ -76,16 +76,16 @@ const logger = new logger_1.Logger({ serviceName: "authorization-middleware" });
|
|
|
76
76
|
*/
|
|
77
77
|
const loadCedarAuthorization = (authorizationConfig) => {
|
|
78
78
|
const before = async (request) => {
|
|
79
|
-
logger.debug(
|
|
79
|
+
logger.debug('Loading authorization services...', {
|
|
80
80
|
authorizationConfig,
|
|
81
81
|
});
|
|
82
|
-
const refresh = request.event.headers?.[
|
|
83
|
-
? request.event.headers[
|
|
82
|
+
const refresh = request.event.headers?.['cedar-refresh']
|
|
83
|
+
? request.event.headers['cedar-refresh'] === 'true'
|
|
84
84
|
: false;
|
|
85
85
|
(0, user_details_1.setUserDetails)(request.event);
|
|
86
86
|
await authorization_service_1.AuthorizationService.getService(authorizationConfig, refresh);
|
|
87
87
|
};
|
|
88
|
-
logger.debug(
|
|
88
|
+
logger.debug('Authorization services loaded and configured.');
|
|
89
89
|
return {
|
|
90
90
|
before,
|
|
91
91
|
};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './authorization-middleware';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import * as cedar from
|
|
2
|
-
import type { AuthorizationConfigType } from
|
|
1
|
+
import * as cedar from '@cedar-policy/cedar-wasm/nodejs';
|
|
2
|
+
import type { AuthorizationConfigType } from './types';
|
|
3
3
|
/**
|
|
4
4
|
* Service for evaluating Cedar policy-based authorization requests.
|
|
5
5
|
*
|
|
@@ -40,9 +40,9 @@ const errors_1 = require("../errors");
|
|
|
40
40
|
const file_loader_1 = require("../file-loader/file-loader");
|
|
41
41
|
const user_details_1 = require("../user-details");
|
|
42
42
|
const policy_parser_1 = require("./policy-parser");
|
|
43
|
-
const logger = new logger_1.Logger({ serviceName:
|
|
44
|
-
const POLICY_FILE_NAME =
|
|
45
|
-
const SCHEMA_FILE_NAME =
|
|
43
|
+
const logger = new logger_1.Logger({ serviceName: 'authorization-service' });
|
|
44
|
+
const POLICY_FILE_NAME = 'policies.cedar';
|
|
45
|
+
const SCHEMA_FILE_NAME = 'schema.cedarschema';
|
|
46
46
|
/**
|
|
47
47
|
* Service for evaluating Cedar policy-based authorization requests.
|
|
48
48
|
*
|
|
@@ -202,17 +202,17 @@ class AuthorizationService {
|
|
|
202
202
|
validateAuthorizationProperties() {
|
|
203
203
|
// Validate that a username and roles is available.
|
|
204
204
|
if (!(0, user_details_1.getUserName)() || !(0, user_details_1.getRoles)()) {
|
|
205
|
-
logger.error(
|
|
205
|
+
logger.error('Authenticated user username or roles has not been provided');
|
|
206
206
|
throw new errors_1.MissingAuthenticatedUserDetailsError();
|
|
207
207
|
}
|
|
208
208
|
// Validate the cedar scope
|
|
209
209
|
if (!this.action) {
|
|
210
|
-
logger.error(
|
|
210
|
+
logger.error('Cedar authorization action has not been provided');
|
|
211
211
|
throw new errors_1.MissingAuthorizationActionError();
|
|
212
212
|
}
|
|
213
213
|
// Validate the cedar scope
|
|
214
214
|
if (!this.resource) {
|
|
215
|
-
logger.error(
|
|
215
|
+
logger.error('Cedar authorization resource has not been provided');
|
|
216
216
|
throw new errors_1.MissingAuthorizationResourceError();
|
|
217
217
|
}
|
|
218
218
|
}
|
|
@@ -249,7 +249,7 @@ class AuthorizationService {
|
|
|
249
249
|
constructUserEntity() {
|
|
250
250
|
const userName = (0, user_details_1.getUserName)();
|
|
251
251
|
if (!userName) {
|
|
252
|
-
logger.error(
|
|
252
|
+
logger.error('Authenticated user username has not been provided');
|
|
253
253
|
throw new errors_1.MissingAuthenticatedUserDetailsError();
|
|
254
254
|
}
|
|
255
255
|
return {
|
|
@@ -303,15 +303,15 @@ class AuthorizationService {
|
|
|
303
303
|
const roles = this.constructRoleEntities();
|
|
304
304
|
const userName = (0, user_details_1.getUserName)();
|
|
305
305
|
if (!userName) {
|
|
306
|
-
logger.error(
|
|
306
|
+
logger.error('Authenticated user username has not been provided');
|
|
307
307
|
throw new errors_1.MissingAuthenticatedUserDetailsError();
|
|
308
308
|
}
|
|
309
309
|
if (!this.action) {
|
|
310
|
-
logger.error(
|
|
310
|
+
logger.error('Cedar authorization action has not been provided');
|
|
311
311
|
throw new errors_1.MissingAuthorizationActionError();
|
|
312
312
|
}
|
|
313
313
|
if (!this.resource) {
|
|
314
|
-
logger.error(
|
|
314
|
+
logger.error('Cedar authorization resource has not been provided');
|
|
315
315
|
throw new errors_1.MissingAuthorizationResourceError();
|
|
316
316
|
}
|
|
317
317
|
return {
|
|
@@ -365,18 +365,18 @@ class AuthorizationService {
|
|
|
365
365
|
* ```
|
|
366
366
|
*/
|
|
367
367
|
isAuthorized() {
|
|
368
|
-
logger.debug(
|
|
368
|
+
logger.debug('Authorizing request...');
|
|
369
369
|
const builtAuthRequest = this.build();
|
|
370
|
-
logger.debug(
|
|
370
|
+
logger.debug('Built Authorization request', { builtAuthRequest });
|
|
371
371
|
const authResult = cedar.isAuthorized(builtAuthRequest);
|
|
372
|
-
logger.debug(
|
|
373
|
-
if (authResult.type ===
|
|
374
|
-
logger.debug(
|
|
372
|
+
logger.debug('Auth Result', { authResult });
|
|
373
|
+
if (authResult.type === 'failure') {
|
|
374
|
+
logger.debug('A problem occurred while authorizing the request', {
|
|
375
375
|
authResult,
|
|
376
376
|
});
|
|
377
|
-
throw Error(authResult.errors.map((error) => error.message).join(
|
|
377
|
+
throw Error(authResult.errors.map((error) => error.message).join('\n'));
|
|
378
378
|
}
|
|
379
|
-
return authResult.response.decision ===
|
|
379
|
+
return authResult.response.decision === 'allow';
|
|
380
380
|
}
|
|
381
381
|
/**
|
|
382
382
|
* Retrieves the singleton AuthorizationService instance, initializing it if needed.
|
|
@@ -419,7 +419,7 @@ class AuthorizationService {
|
|
|
419
419
|
*/
|
|
420
420
|
static async getService(authorizationConfig, refresh = false) {
|
|
421
421
|
if (!refresh && AuthorizationService.service) {
|
|
422
|
-
logger.debug(
|
|
422
|
+
logger.debug('Returning cached Authorization service');
|
|
423
423
|
return AuthorizationService.service;
|
|
424
424
|
}
|
|
425
425
|
let policy;
|
|
@@ -438,7 +438,7 @@ class AuthorizationService {
|
|
|
438
438
|
logger.error(err.message, { error: err });
|
|
439
439
|
throw new errors_1.MissingAuthorizationSchemaError();
|
|
440
440
|
}
|
|
441
|
-
logger.debug(
|
|
441
|
+
logger.debug('Policy and Schema loaded', {
|
|
442
442
|
policy,
|
|
443
443
|
schema,
|
|
444
444
|
});
|
|
@@ -2,9 +2,9 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.authorizationConfig = void 0;
|
|
4
4
|
exports.authorizationConfig = {
|
|
5
|
-
namespace:
|
|
6
|
-
principleType:
|
|
7
|
-
resourceType:
|
|
8
|
-
roleType:
|
|
5
|
+
namespace: 'OrderService::',
|
|
6
|
+
principleType: 'User',
|
|
7
|
+
resourceType: 'Order',
|
|
8
|
+
roleType: 'Role',
|
|
9
9
|
};
|
|
10
10
|
//# sourceMappingURL=config.js.map
|
|
@@ -37,11 +37,11 @@ exports.getSchema = exports.getPolicy = void 0;
|
|
|
37
37
|
const fs = __importStar(require("node:fs"));
|
|
38
38
|
const path = __importStar(require("node:path"));
|
|
39
39
|
const getPolicy = () => {
|
|
40
|
-
return fs.readFileSync(path.resolve(__dirname,
|
|
40
|
+
return fs.readFileSync(path.resolve(__dirname, './cedar/policies.cedar'), 'utf-8');
|
|
41
41
|
};
|
|
42
42
|
exports.getPolicy = getPolicy;
|
|
43
43
|
const getSchema = () => {
|
|
44
|
-
return fs.readFileSync(path.resolve(__dirname,
|
|
44
|
+
return fs.readFileSync(path.resolve(__dirname, './cedar/schema.cedarschema'), 'utf-8');
|
|
45
45
|
};
|
|
46
46
|
exports.getSchema = getSchema;
|
|
47
47
|
//# sourceMappingURL=get-policy.js.map
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export * from
|
|
2
|
-
export * from
|
|
1
|
+
export * from './authorization-service';
|
|
2
|
+
export * from './types';
|
|
3
3
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.splitCedarPolicies = splitCedarPolicies;
|
|
4
4
|
const logger_1 = require("@aws-lambda-powertools/logger");
|
|
5
|
-
const logger = new logger_1.Logger({ serviceName:
|
|
5
|
+
const logger = new logger_1.Logger({ serviceName: 'policy-parser' });
|
|
6
6
|
/**
|
|
7
7
|
* Parses a Cedar policy file and splits it into individual policy objects.
|
|
8
8
|
*
|
|
@@ -59,18 +59,18 @@ const logger = new logger_1.Logger({ serviceName: "policy-parser" });
|
|
|
59
59
|
*/
|
|
60
60
|
function splitCedarPolicies(policyFile) {
|
|
61
61
|
const results = [];
|
|
62
|
-
let buf =
|
|
62
|
+
let buf = '';
|
|
63
63
|
let inString = false; // inside "..."
|
|
64
64
|
let inLineComment = false; // inside // ...
|
|
65
65
|
let inBlockComment = false; // inside /* ... */
|
|
66
|
-
let prev =
|
|
66
|
+
let prev = '';
|
|
67
67
|
for (let i = 0; i < policyFile.length; i++) {
|
|
68
68
|
const ch = policyFile[i];
|
|
69
|
-
const next = i + 1 < policyFile.length ? policyFile[i + 1] :
|
|
69
|
+
const next = i + 1 < policyFile.length ? policyFile[i + 1] : '';
|
|
70
70
|
// End line comment
|
|
71
71
|
if (inLineComment) {
|
|
72
72
|
buf += ch;
|
|
73
|
-
if (ch ===
|
|
73
|
+
if (ch === '\n')
|
|
74
74
|
inLineComment = false;
|
|
75
75
|
prev = ch;
|
|
76
76
|
continue;
|
|
@@ -78,32 +78,32 @@ function splitCedarPolicies(policyFile) {
|
|
|
78
78
|
// End block comment
|
|
79
79
|
if (inBlockComment) {
|
|
80
80
|
buf += ch;
|
|
81
|
-
if (prev ===
|
|
81
|
+
if (prev === '*' && ch === '/')
|
|
82
82
|
inBlockComment = false;
|
|
83
83
|
prev = ch;
|
|
84
84
|
continue;
|
|
85
85
|
}
|
|
86
86
|
// Start line comment (only when not in string)
|
|
87
|
-
if (!inString && ch ===
|
|
87
|
+
if (!inString && ch === '/' && next === '/') {
|
|
88
88
|
inLineComment = true;
|
|
89
89
|
buf += ch; // add '/'
|
|
90
90
|
// next char will be processed in next loop iteration, so add it now and skip
|
|
91
91
|
buf += next; // add second '/'
|
|
92
92
|
i++;
|
|
93
|
-
prev =
|
|
93
|
+
prev = '/';
|
|
94
94
|
continue;
|
|
95
95
|
}
|
|
96
96
|
// Start block comment (only when not in string)
|
|
97
|
-
if (!inString && ch ===
|
|
97
|
+
if (!inString && ch === '/' && next === '*') {
|
|
98
98
|
inBlockComment = true;
|
|
99
99
|
buf += ch; // add '/'
|
|
100
100
|
buf += next; // add '*'
|
|
101
101
|
i++;
|
|
102
|
-
prev =
|
|
102
|
+
prev = '*';
|
|
103
103
|
continue;
|
|
104
104
|
}
|
|
105
105
|
// Toggle string state on unescaped double quote
|
|
106
|
-
if (ch === `"` && prev !==
|
|
106
|
+
if (ch === `"` && prev !== '\\') {
|
|
107
107
|
inString = !inString;
|
|
108
108
|
buf += ch;
|
|
109
109
|
prev = ch;
|
|
@@ -112,11 +112,11 @@ function splitCedarPolicies(policyFile) {
|
|
|
112
112
|
// Normal char
|
|
113
113
|
buf += ch;
|
|
114
114
|
// Policy terminator: semicolon outside string/comments
|
|
115
|
-
if (!inString && ch ===
|
|
115
|
+
if (!inString && ch === ';') {
|
|
116
116
|
const policy = buf.trim();
|
|
117
117
|
if (policy.length > 0)
|
|
118
118
|
results.push(policy);
|
|
119
|
-
buf =
|
|
119
|
+
buf = '';
|
|
120
120
|
}
|
|
121
121
|
prev = ch;
|
|
122
122
|
}
|
|
@@ -124,7 +124,7 @@ function splitCedarPolicies(policyFile) {
|
|
|
124
124
|
const tail = buf.trim();
|
|
125
125
|
if (tail.length > 0) {
|
|
126
126
|
throw new Error("Trailing content after last policy terminator ';'. " +
|
|
127
|
-
|
|
127
|
+
'The policy file may be missing a semicolon at the end.');
|
|
128
128
|
}
|
|
129
129
|
const finalResults = {};
|
|
130
130
|
const filteredResults = results.filter((p) => p.length > 0);
|
package/dist/errors/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
export * from
|
|
2
|
-
export * from
|
|
3
|
-
export * from
|
|
4
|
-
export * from
|
|
5
|
-
export * from
|
|
6
|
-
export * from
|
|
1
|
+
export * from './missing-authenticated-user-details-error';
|
|
2
|
+
export * from './missing-authorization-action-error';
|
|
3
|
+
export * from './missing-authorization-policy-error';
|
|
4
|
+
export * from './missing-authorization-resource-error';
|
|
5
|
+
export * from './missing-authorization-schema-error';
|
|
6
|
+
export * from './unauthorized-error';
|
|
7
7
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './missing-authenticated-user-details-error';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -45,8 +45,8 @@ class MissingAuthenticatedUserDetailsError extends Error {
|
|
|
45
45
|
* in error handling and logging.
|
|
46
46
|
*/
|
|
47
47
|
constructor() {
|
|
48
|
-
super(
|
|
49
|
-
this.name =
|
|
48
|
+
super('Missing authenticated user details');
|
|
49
|
+
this.name = 'MissingAuthenticatedUserDetailsError';
|
|
50
50
|
}
|
|
51
51
|
}
|
|
52
52
|
exports.MissingAuthenticatedUserDetailsError = MissingAuthenticatedUserDetailsError;
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './missing-authorization-action-error';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/errors/missing-authorization-action-error/missing-authorization-action-error.js
CHANGED
|
@@ -41,8 +41,8 @@ class MissingAuthorizationActionError extends Error {
|
|
|
41
41
|
* in error handling and logging.
|
|
42
42
|
*/
|
|
43
43
|
constructor() {
|
|
44
|
-
super(
|
|
45
|
-
this.name =
|
|
44
|
+
super('Missing authorization action details');
|
|
45
|
+
this.name = 'MissingAuthorizationActionError';
|
|
46
46
|
}
|
|
47
47
|
}
|
|
48
48
|
exports.MissingAuthorizationActionError = MissingAuthorizationActionError;
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './missing-authorization-policy-error';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/errors/missing-authorization-policy-error/missing-authorization-policy-error.js
CHANGED
|
@@ -43,8 +43,8 @@ class MissingAuthorizationPolicyError extends Error {
|
|
|
43
43
|
* in error handling and logging.
|
|
44
44
|
*/
|
|
45
45
|
constructor() {
|
|
46
|
-
super(
|
|
47
|
-
this.name =
|
|
46
|
+
super('Missing authorization policy details');
|
|
47
|
+
this.name = 'MissingAuthorizationPolicyError';
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
50
|
exports.MissingAuthorizationPolicyError = MissingAuthorizationPolicyError;
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './missing-authorization-resource-error';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/errors/missing-authorization-resource-error/missing-authorization-resource-error.js
CHANGED
|
@@ -41,8 +41,8 @@ class MissingAuthorizationResourceError extends Error {
|
|
|
41
41
|
* in error handling and logging.
|
|
42
42
|
*/
|
|
43
43
|
constructor() {
|
|
44
|
-
super(
|
|
45
|
-
this.name =
|
|
44
|
+
super('Missing authorization resource details');
|
|
45
|
+
this.name = 'MissingAuthorizationResourceError';
|
|
46
46
|
}
|
|
47
47
|
}
|
|
48
48
|
exports.MissingAuthorizationResourceError = MissingAuthorizationResourceError;
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './missing-authorization-schema-error';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/errors/missing-authorization-schema-error/missing-authorization-schema-error.js
CHANGED
|
@@ -43,8 +43,8 @@ class MissingAuthorizationSchemaError extends Error {
|
|
|
43
43
|
* in error handling and logging.
|
|
44
44
|
*/
|
|
45
45
|
constructor() {
|
|
46
|
-
super(
|
|
47
|
-
this.name =
|
|
46
|
+
super('Missing authorization schema details');
|
|
47
|
+
this.name = 'MissingAuthorizationSchemaError';
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
50
|
exports.MissingAuthorizationSchemaError = MissingAuthorizationSchemaError;
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './unauthorized-error';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -64,7 +64,7 @@ const node_path_1 = __importDefault(require("node:path"));
|
|
|
64
64
|
const loadFileAsString = (fileName) => {
|
|
65
65
|
try {
|
|
66
66
|
const filePath = node_path_1.default.join(__dirname, fileName);
|
|
67
|
-
const data = node_fs_1.default.readFileSync(filePath,
|
|
67
|
+
const data = node_fs_1.default.readFileSync(filePath, 'utf-8');
|
|
68
68
|
return data;
|
|
69
69
|
}
|
|
70
70
|
catch (error) {
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './file-loader';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
export
|
|
2
|
-
export * from
|
|
3
|
-
export * from
|
|
4
|
-
export * from
|
|
5
|
-
export * from
|
|
1
|
+
export { CedarValueJson, EntityJson, EntityUidJson, } from '@cedar-policy/cedar-wasm/nodejs';
|
|
2
|
+
export * from './auth-lambda';
|
|
3
|
+
export * from './authorization-middleware';
|
|
4
|
+
export * from './authorization-service';
|
|
5
|
+
export * from './errors';
|
|
6
|
+
export * from './user-details';
|
|
6
7
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,UAAU,CAAC;AACzB,cAAc,gBAAgB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,cAAc,EACd,UAAU,EACV,aAAa,GACb,MAAM,iCAAiC,CAAC;AACzC,cAAc,eAAe,CAAC;AAC9B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,UAAU,CAAC;AACzB,cAAc,gBAAgB,CAAC"}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAKA,gDAA8B;AAC9B,6DAA2C;AAC3C,0DAAwC;AACxC,2CAAyB;AACzB,iDAA+B"}
|
package/dist/setupTests.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
// Mock AWS Lambda Powertools Logger to avoid initialization issues in tests
|
|
3
|
-
jest.mock(
|
|
3
|
+
jest.mock('@aws-lambda-powertools/logger', () => {
|
|
4
4
|
return {
|
|
5
5
|
Logger: jest.fn().mockImplementation(() => ({
|
|
6
6
|
debug: jest.fn(),
|
|
@@ -12,8 +12,8 @@ jest.mock("@aws-lambda-powertools/logger", () => {
|
|
|
12
12
|
};
|
|
13
13
|
});
|
|
14
14
|
// Mock environment variables for AWS Lambda Powertools Logger
|
|
15
|
-
process.env.AWS_LAMBDA_FUNCTION_NAME =
|
|
16
|
-
process.env.AWS_LAMBDA_FUNCTION_VERSION =
|
|
17
|
-
process.env.AWS_REGION =
|
|
18
|
-
process.env.POWERTOOLS_SERVICE_NAME =
|
|
15
|
+
process.env.AWS_LAMBDA_FUNCTION_NAME = 'test-function';
|
|
16
|
+
process.env.AWS_LAMBDA_FUNCTION_VERSION = '$LATEST';
|
|
17
|
+
process.env.AWS_REGION = 'us-east-1';
|
|
18
|
+
process.env.POWERTOOLS_SERVICE_NAME = 'test-service';
|
|
19
19
|
//# sourceMappingURL=setupTests.js.map
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export * from
|
|
1
|
+
export * from './user-details-service';
|
|
2
2
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -5,7 +5,7 @@ exports.getUserName = getUserName;
|
|
|
5
5
|
exports.getRoles = getRoles;
|
|
6
6
|
exports.resetDetails = resetDetails;
|
|
7
7
|
const logger_1 = require("@aws-lambda-powertools/logger");
|
|
8
|
-
const logger = new logger_1.Logger({ serviceName:
|
|
8
|
+
const logger = new logger_1.Logger({ serviceName: 'user-detail-service' });
|
|
9
9
|
/**
|
|
10
10
|
* User details service for extracting and managing authenticated user information.
|
|
11
11
|
*
|
|
@@ -91,22 +91,22 @@ let roles;
|
|
|
91
91
|
*/
|
|
92
92
|
function setUserDetails(authenticatedEvent) {
|
|
93
93
|
if (!authenticatedEvent?.requestContext?.authorizer) {
|
|
94
|
-
logger.warn(
|
|
94
|
+
logger.warn('The event is not an authenticated request.');
|
|
95
95
|
return;
|
|
96
96
|
}
|
|
97
|
-
logger.debug(
|
|
97
|
+
logger.debug('Getting user name...');
|
|
98
98
|
userName =
|
|
99
|
-
authenticatedEvent.requestContext?.authorizer?.claims[
|
|
100
|
-
logger.debug(
|
|
101
|
-
if (typeof authenticatedEvent.requestContext?.authorizer?.claims[
|
|
99
|
+
authenticatedEvent.requestContext?.authorizer?.claims['cognito:username'];
|
|
100
|
+
logger.debug('User name set.', { userName });
|
|
101
|
+
if (typeof authenticatedEvent.requestContext?.authorizer?.claims['cognito:groups'] === 'string') {
|
|
102
102
|
roles = [];
|
|
103
|
-
roles.push(authenticatedEvent.requestContext?.authorizer?.claims[
|
|
103
|
+
roles.push(authenticatedEvent.requestContext?.authorizer?.claims['cognito:groups']);
|
|
104
104
|
}
|
|
105
105
|
else {
|
|
106
106
|
roles =
|
|
107
|
-
authenticatedEvent.requestContext?.authorizer?.claims[
|
|
107
|
+
authenticatedEvent.requestContext?.authorizer?.claims['cognito:groups'];
|
|
108
108
|
}
|
|
109
|
-
logger.debug(
|
|
109
|
+
logger.debug('User details set', {
|
|
110
110
|
userName,
|
|
111
111
|
roles,
|
|
112
112
|
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@jcdubs/janus",
|
|
3
|
-
"version": "1.0
|
|
3
|
+
"version": "1.1.0",
|
|
4
4
|
"description": "Open source Serverless authentication: A Cedar-based authorisation engine for deterministic, deny-by-default access decisions through a CDK construct and SDK libraries.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|