@kravc/dos 1.12.6 → 2.0.0-alpha.0

package/src/Operation/operations/__tests__/List.test.ts

@@ -0,0 +1,146 @@
+import { Profile } from '../../../Document/__tests__/__helpers';
+import { createContext } from '../../../Context/__tests__/__helpers';
+import { List, Operation } from '../../../';
+
+describe('List(Document, actionMethod)', () => {
+  it('throws exception if component class is of invalid type', () => {
+    expect(() => List({}))
+      .toThrow('Argument "ComponentClass" is undefined for "List" operation function');
+  });
+
+  it('returns a list operation class for a document', () => {
+    const ListOperation = List(Profile);
+
+    expect(ListOperation).toBeDefined();
+  });
+
+  describe('ListOperation', () => {
+    const ListProfiles = List(Profile);
+
+    describe('ListOperation.isComponent', () => {
+      it('returns false', () => {
+        expect(ListProfiles.isComponent).toBeFalsy();
+      });
+    });
+
+    describe('ListOperation.type', () => {
+      it('returns READ type', () => {
+        expect(ListProfiles.type).toEqual(Operation.types.READ);
+      });
+    });
+
+    describe('ListOperation.isCreate', () => {
+      it('returns false', () => {
+        expect(ListProfiles.isCreate).toBeFalsy();
+      });
+    });
+
+    describe('ListOperation.isUpdate', () => {
+      it('returns false', () => {
+        expect(ListProfiles.isUpdate).toBeFalsy();
+      });
+    });
+
+    describe('ListOperation.Component', () => {
+      it('returns referenced component', () => {
+        expect(ListProfiles.Component).toEqual(Profile);
+      });
+    });
+
+    describe('ListOperation.componentName', () => {
+      it('returns referenced component name', () => {
+        expect(ListProfiles.componentName).toEqual('Profile');
+      });
+    });
+
+    describe('ListOperation.componentAction', () => {
+      it('returns indexAll action name', () => {
+        expect(ListProfiles.componentAction).toEqual('indexAll');
+      });
+    });
+
+    describe('ListOperation.id', () => {
+      it('returns operation ID', () => {
+        expect(ListProfiles.id).toEqual('ListProfiles');
+      });
+    });
+
+    describe('ListOperation.tags', () => {
+      it('returns operation tags', () => {
+        expect(ListProfiles.tags).toEqual([ 'Profile' ]);
+      });
+    });
+
+    describe('ListOperation.summary', () => {
+      it('returns operation summary', () => {
+        expect(ListProfiles.summary).toEqual('List profiles');
+      });
+    });
+
+    describe('ListOperation.description', () => {
+      it('returns operation description', () => {
+        expect(ListProfiles.description).toEqual('');
+      });
+    });
+
+    describe('ListOperation.security', () => {
+      it('returns operation security requirements', () => {
+        expect(ListProfiles.security).toEqual([]);
+      });
+    });
+
+    describe('ListOperation.errors', () => {
+      it('includes related errors', () => {
+        const errorCodes = Object.keys(ListProfiles.errors);
+        expect(errorCodes).toContain('InvalidOutputError');
+        expect(errorCodes).toContain('UnprocessibleConditionError');
+      });
+    });
+
+    describe('ListOperation.query', () => {
+      it('returns null', () => {
+        expect(ListProfiles.query).toBeNull();
+      });
+    });
+
+    describe('ListOperation.inputSchema', () => {
+      it('returns null', () => {
+        expect(ListProfiles.inputSchema).toBeNull();
+      });
+    });
+
+    describe('ListOperation.outputSchema', () => {
+      it('returns operation output schema', () => {
+        expect(ListProfiles.outputSchema).toBeDefined();
+      });
+    });
+
+    describe('ListOperation.hasOutput', () => {
+      it('returns true', () => {
+        expect(ListProfiles.hasOutput).toBeTruthy();
+      });
+    });
+
+    describe('ListOperation.componentActionMethod', () => {
+      it('returns binded component action method', () => {
+        expect(ListProfiles.componentActionMethod).toBeDefined();
+      });
+    });
+
+    describe('.exec(input)', () => {
+      it('lists documents', async () => {
+        const context = createContext({ request: { operationId: 'ListProfiles' } });
+        const { id } = await Profile.create(context, { name: 'John Doe' });
+
+        const operation = new ListProfiles(context);
+
+        const { result, headers, multiValueHeaders } = await operation.exec({});
+
+        expect(headers).toEqual({});
+        expect(multiValueHeaders).toEqual({});
+
+        expect((result.data as Profile[])[0].id).toEqual(id);
+      });
+    });
+  });
+});

package/src/Operation/operations/__tests__/Read.test.ts

@@ -0,0 +1,152 @@
+import { Profile } from '../../../Document/__tests__/__helpers';
+import { createContext } from '../../../Context/__tests__/__helpers';
+import { Read, Operation } from '../../../';
+
+describe('Read(Document, actionMethod)', () => {
+  it('throws exception if component class is of invalid type', () => {
+    expect(() => Read({}))
+      .toThrow('Argument "ComponentClass" is undefined for "Read" operation function');
+  });
+
+  it('returns a read operation class for a document', () => {
+    const ReadOperation = Read(Profile);
+
+    expect(ReadOperation).toBeDefined();
+  });
+
+  describe('ReadOperation', () => {
+    const ReadProfile = Read(Profile);
+
+    describe('ReadOperation.isComponent', () => {
+      it('returns false', () => {
+        expect(ReadProfile.isComponent).toBeFalsy();
+      });
+    });
+
+    describe('ReadOperation.type', () => {
+      it('returns READ type', () => {
+        expect(ReadProfile.type).toEqual(Operation.types.READ);
+      });
+    });
+
+    describe('ReadOperation.isCreate', () => {
+      it('returns false', () => {
+        expect(ReadProfile.isCreate).toBeFalsy();
+      });
+    });
+
+    describe('ReadOperation.isUpdate', () => {
+      it('returns false', () => {
+        expect(ReadProfile.isUpdate).toBeFalsy();
+      });
+    });
+
+    describe('ReadOperation.Component', () => {
+      it('returns referenced component', () => {
+        expect(ReadProfile.Component).toEqual(Profile);
+      });
+    });
+
+    describe('ReadOperation.componentName', () => {
+      it('returns referenced component name', () => {
+        expect(ReadProfile.componentName).toEqual('Profile');
+      });
+    });
+
+    describe('ReadOperation.componentAction', () => {
+      it('returns read action name', () => {
+        expect(ReadProfile.componentAction).toEqual('read');
+      });
+    });
+
+    describe('ReadOperation.id', () => {
+      it('returns operation ID', () => {
+        expect(ReadProfile.id).toEqual('ReadProfile');
+      });
+    });
+
+    describe('ReadOperation.tags', () => {
+      it('returns operation tags', () => {
+        expect(ReadProfile.tags).toEqual([ 'Profile' ]);
+      });
+    });
+
+    describe('ReadOperation.summary', () => {
+      it('returns operation summary', () => {
+        expect(ReadProfile.summary).toEqual('Read profile');
+      });
+    });
+
+    describe('ReadOperation.description', () => {
+      it('returns operation description', () => {
+        expect(ReadProfile.description).toEqual('');
+      });
+    });
+
+    describe('ReadOperation.security', () => {
+      it('returns operation security requirements', () => {
+        expect(ReadProfile.security).toEqual([]);
+      });
+    });
+
+    describe('ReadOperation.errors', () => {
+      it('includes related errors', () => {
+        const errorCodes = Object.keys(ReadProfile.errors);
+        expect(errorCodes).toContain('InvalidInputError');
+        expect(errorCodes).toContain('InvalidOutputError');
+        expect(errorCodes).toContain('UnprocessibleConditionError');
+        expect(errorCodes).toContain('DocumentNotFoundError');
+      });
+    });
+
+    describe('ReadOperation.query', () => {
+      it('includes ID parameters', () => {
+        expect(ReadProfile.query!.id).toEqual({
+          description: 'ID of profile to be returned',
+          required: true
+        });
+      });
+    });
+
+    describe('ReadOperation.inputSchema', () => {
+      it('returns operation input schema', () => {
+        expect(ReadProfile.inputSchema).toBeDefined();
+      });
+    });
+
+    describe('ReadOperation.outputSchema', () => {
+      it('returns operation output schema', () => {
+        expect(ReadProfile.outputSchema).toBeDefined();
+      });
+    });
+
+    describe('ReadOperation.hasOutput', () => {
+      it('returns true', () => {
+        expect(ReadProfile.hasOutput).toBeTruthy();
+      });
+    });
+
+    describe('ReadOperation.componentActionMethod', () => {
+      it('returns binded component action method', () => {
+        expect(ReadProfile.componentActionMethod).toBeDefined();
+      });
+    });
+
+    describe('.exec(input)', () => {
+      it('reads document', async () => {
+        const context = createContext({ request: { operationId: 'ReadProfile' } });
+        const { id } = await Profile.create(context, { name: 'John Doe' });
+
+        const operation = new ReadProfile(context);
+        const input = { id };
+
+        const { result, headers, multiValueHeaders } = await operation.exec(input);
+
+        expect(headers).toEqual({});
+        expect(multiValueHeaders).toEqual({});
+
+        expect((result.data as Profile).attributes.name).toEqual('John Doe');
+      });
+    });
+  });
+});

package/src/Operation/operations/__tests__/Update.test.ts

@@ -0,0 +1,158 @@
+import { Profile } from '../../../Document/__tests__/__helpers';
+import { createContext } from '../../../Context/__tests__/__helpers';
+import { Update, Operation } from '../../../';
+
+describe('Update(Document, actionMethod)', () => {
+  it('throws exception if component class is of invalid type', () => {
+    expect(() => Update({}))
+      .toThrow('Argument "ComponentClass" is undefined for "Update" operation function');
+  });
+
+  it('returns a create operation class for a document', () => {
+    const UpdateOperation = Update(Profile);
+
+    expect(UpdateOperation).toBeDefined();
+  });
+
+  describe('UpdateOperation', () => {
+    const UpdateProfile = Update(Profile);
+
+    describe('UpdateOperation.isComponent', () => {
+      it('returns false', () => {
+        expect(UpdateProfile.isComponent).toBeFalsy();
+      });
+    });
+
+    describe('UpdateOperation.type', () => {
+      it('returns UPDATE type', () => {
+        expect(UpdateProfile.type).toEqual(Operation.types.UPDATE);
+      });
+    });
+
+    describe('UpdateOperation.isCreate', () => {
+      it('returns false', () => {
+        expect(UpdateProfile.isCreate).toBeFalsy();
+      });
+    });
+
+    describe('UpdateOperation.isUpdate', () => {
+      it('returns true', () => {
+        expect(UpdateProfile.isUpdate).toBeTruthy();
+      });
+    });
+
+    describe('UpdateOperation.Component', () => {
+      it('returns referenced component', () => {
+        expect(UpdateProfile.Component).toEqual(Profile);
+      });
+    });
+
+    describe('UpdateOperation.componentName', () => {
+      it('returns referenced component name', () => {
+        expect(UpdateProfile.componentName).toEqual('Profile');
+      });
+    });
+
+    describe('UpdateOperation.componentAction', () => {
+      it('returns update action name', () => {
+        expect(UpdateProfile.componentAction).toEqual('update');
+      });
+    });
+
+    describe('UpdateOperation.componentMutationSchema', () => {
+      it('returns component mutation schema', () => {
+        expect(UpdateProfile.componentMutationSchema).toEqual(Profile.mutationSchema);
+      });
+    });
+
+    describe('UpdateOperation.id', () => {
+      it('returns operation ID', () => {
+        expect(UpdateProfile.id).toEqual('UpdateProfile');
+      });
+    });
+
+    describe('UpdateOperation.tags', () => {
+      it('returns operation tags', () => {
+        expect(UpdateProfile.tags).toEqual([ 'Profile' ]);
+      });
+    });
+
+    describe('UpdateOperation.summary', () => {
+      it('returns operation summary', () => {
+        expect(UpdateProfile.summary).toEqual('Update profile');
+      });
+    });
+
+    describe('UpdateOperation.description', () => {
+      it('returns operation description', () => {
+        expect(UpdateProfile.description).toEqual('');
+      });
+    });
+
+    describe('UpdateOperation.security', () => {
+      it('returns operation security requirements', () => {
+        expect(UpdateProfile.security).toEqual([]);
+      });
+    });
+
+    describe('UpdateOperation.errors', () => {
+      it('includes related errors', () => {
+        const errorCodes = Object.keys(UpdateProfile.errors);
+        expect(errorCodes).toContain('InvalidInputError');
+        expect(errorCodes).toContain('InvalidOutputError');
+        expect(errorCodes).toContain('UnprocessibleConditionError');
+        expect(errorCodes).toContain('DocumentNotFoundError');
+      });
+    });
+
+    describe('UpdateOperation.query', () => {
+      it('includes ID parameters', () => {
+        expect(UpdateProfile.query!.id).toEqual({
+          description: 'ID of profile to be updated',
+          required: true
+        });
+      });
+    });
+
+    describe('UpdateOperation.inputSchema', () => {
+      it('returns operation input schema', () => {
+        expect(UpdateProfile.inputSchema).toBeDefined();
+      });
+    });
+
+    describe('UpdateOperation.outputSchema', () => {
+      it('returns operation output schema', () => {
+        expect(UpdateProfile.outputSchema).toBeDefined();
+      });
+    });
+
+    describe('UpdateOperation.hasOutput', () => {
+      it('returns true', () => {
+        expect(UpdateProfile.hasOutput).toBeTruthy();
+      });
+    });
+
+    describe('UpdateOperation.componentActionMethod', () => {
+      it('returns binded component action method', () => {
+        expect(UpdateProfile.componentActionMethod).toBeDefined();
+      });
+    });
+
+    describe('.exec(input)', () => {
+      it('updates document', async () => {
+        const context = createContext({ request: { operationId: 'UpdateProfile' } });
+        const { id } = await Profile.create(context, { name: 'John Doe' });
+
+        const operation = new UpdateProfile(context);
+        const input = { id, mutation: { name: 'Jenn Doe' } };
+
+        const { result, headers, multiValueHeaders } = await operation.exec(input);
+
+        expect(headers).toEqual({});
+        expect(multiValueHeaders).toEqual({});
+
+        expect((result.data as Profile).attributes.name).toEqual('Jenn Doe');
+      });
+    });
+  });
+});

package/src/Operation/security/JwtAuthorization.ts

@@ -0,0 +1,247 @@
+import Context from '../../Context';
+import verifyToken from './verifyToken';
+import AccessDeniedError from '../errors/AccessDeniedError';
+import UnauthorizedError from '../errors/UnauthorizedError';
+import { get, capitalize } from 'lodash';
+import { decode, type Algorithm } from 'jsonwebtoken';
+import type { VerificationResult, Requirement } from '../../Service/authorize';
+
+type Claims = {
+  sub?: string;
+  iss?: string;
+  permissions?: string[];
+  [x: string]: unknown;
+}
+
+type TokenVerificationMethod = (
+  context: Context,
+  token: string,
+  publicKey: string,
+  algorithm: Algorithm
+) => Promise<[ true ] | [ false, string ]>;
+
+type AccessVerificationMethod = (
+  context: Context,
+  claims: Claims,
+  permissions?: Permissions,
+) => Promise<[ true ] | [ false, string ]>;
+
+type NormalizeClaimsMethod = (claims: Claims) => Claims;
+
+type RequirementOptions = {
+  name?: string;
+  issuer?: string;
+  publicKey: string;
+  cookieName?: string;
+  description?: string;
+  permissions?: Permissions;
+  requirementName?: string;
+  algorithm?: Algorithm;
+  normalizeClaimsMethod?: NormalizeClaimsMethod;
+  tokenVerificationMethod?: TokenVerificationMethod;
+  accessVerificationMethod?: AccessVerificationMethod;
+}
+
+export type Permissions = Record<string, string[]>;
+
+const DEFAULT_HEADER_NAME = 'authorization';
+
+const MESSAGE_ACCESS_DENIED = 'Access denied';
+
+/** Default method to normalize claims. */
+const DEFAULT_NORMALIZED_CLAIMS_METHOD = (claims: Claims) => claims;
+
+/** Ensures permissions claim includes permissions required by an operation. */
+const DEFAULT_ACCESS_VERIFICATION_METHOD = async (
+  context: Context,
+  claims: Claims,
+  permissionsMap?: Permissions
+): Promise<[ true ] | [ false, string ]> => {
+  if (!permissionsMap) {
+    return [ true ];
+  }
+
+  const { operationId } = context;
+
+  const permissionsClaim = get(claims, 'permissions', []);
+
+  for (const permission of permissionsClaim) {
+    const operationIds = get(permissionsMap, permission, []) as string[];
+
+    const hasAccess = operationIds.includes(operationId);
+
+    if (hasAccess) {
+      return [ true ];
+    }
+  }
+
+  return [ false, MESSAGE_ACCESS_DENIED ];
+};
+
+/** JWT Authorization */
+class JwtAuthorization {
+  private _name: string;
+  private _issuer?: string;
+  private _publicKey: string;
+  private _algorithm: Algorithm;
+  private _cookieName: string;
+  private _permissions?: Permissions;
+
+  private _verifyToken: TokenVerificationMethod;
+  private _verifyAccess: AccessVerificationMethod;
+  private _normalizeClaims: NormalizeClaimsMethod;
+
+  /** Creates an instance of JWT authorization security. */
+  constructor({
+    name,
+    issuer,
+    publicKey,
+    cookieName,
+    permissions,
+    algorithm = 'RS256',
+    normalizeClaimsMethod = DEFAULT_NORMALIZED_CLAIMS_METHOD,
+    tokenVerificationMethod = verifyToken,
+    accessVerificationMethod = DEFAULT_ACCESS_VERIFICATION_METHOD,
+  }: {
+    name: string;
+    issuer?: string;
+    publicKey: string;
+    algorithm?: Algorithm;
+    cookieName?: string;
+    permissions?: Permissions;
+    normalizeClaimsMethod?: NormalizeClaimsMethod;
+    tokenVerificationMethod?: TokenVerificationMethod;
+    accessVerificationMethod?: AccessVerificationMethod;
+  }) {
+    this._name = name;
+    this._issuer = issuer;
+    this._publicKey = publicKey;
+    this._algorithm = algorithm;
+    this._cookieName = cookieName || name;
+    this._permissions = permissions;
+
+    this._verifyToken = tokenVerificationMethod;
+    this._verifyAccess = accessVerificationMethod;
+    this._normalizeClaims = normalizeClaimsMethod;
+  }
+
+  /** Returns specification for JWT authorization security requirement. */
+  static createRequirement(options: RequirementOptions): Record<string, Requirement> {
+    const name = get(options, 'name', DEFAULT_HEADER_NAME);
+    const description = get(options, 'description');
+    const requirementName = get(options, 'requirementName', capitalize(name));
+
+    return {
+      [requirementName]: {
+        definition: {
+          in: 'header',
+          type: 'apiKey',
+          name,
+          description,
+        },
+        errors: JwtAuthorization.errors,
+        /** Verifies context via JWT authorization requirement. */
+        verify: (context: Context) => {
+          const security = new JwtAuthorization({ name, ...options });
+          return security.verify(context);
+        }
+      }
+    };
+  }
+
+  /** Returns security related errors. */
+  static get errors() {
+    return {
+      UnauthorizedError: {
+        statusCode:  401,
+        description: 'Unauthorized request'
+      },
+      AccessDeniedError: {
+        statusCode:  403,
+        description: 'Operation access denied'
+      }
+    };
+  }
+
+  /** Verifies JWT authorization. */
+  async verify(context: Context): Promise<VerificationResult> {
+    const { headers, cookies } = context;
+
+    let token = get(cookies, this._cookieName);
+
+    if (!token) {
+      token = headers[this._name] as string;
+    }
+
+    if (!token) {
+      const error = new UnauthorizedError(`Header "${this._name}" is missing`);
+
+      return {
+        isAuthorized: false,
+        error
+      };
+    }
+
+    token = token.replace(/^bearer\s+/i, '');
+
+    const object = decode(token, { complete: true });
+
+    if (!object) {
+      const error = new UnauthorizedError(`Invalid "${this._name}" token`);
+
+      return {
+        isAuthorized: false,
+        error
+      };
+    }
+
+    const [ isTokenOk, tokenErrorMessage ] =
+      await this._verifyToken(context, token, this._publicKey, this._algorithm);
+
+    if (!isTokenOk) {
+      const error = new UnauthorizedError(`"${this._name}" token verification failed: ${tokenErrorMessage}`);
+
+      return {
+        isAuthorized: false,
+        error
+      };
+    }
+
+    const claims = object.payload as Claims;
+
+    if (this._issuer) {
+      const { iss } = claims;
+
+      const isValidIssuer = iss === this._issuer;
+
+      if (!isValidIssuer) {
+        const error = new UnauthorizedError(`Invalid issuer of "${this._name}" token`);
+
+        return {
+          isAuthorized: false,
+          error
+        };
+      }
+    }
+
+    const [ isAccessOk, accessErrorMessage ] = await this._verifyAccess(context, claims, this._permissions);
+
+    if (!isAccessOk) {
+      const error = new AccessDeniedError(accessErrorMessage);
+
+      return {
+        isAuthorized: false,
+        error
+      };
+    }
+
+    const normalizedClaims = this._normalizeClaims(claims);
+
+    return {
+      isAuthorized: true,
+      claims: normalizedClaims
+    };
+  }
+}
+
+export default JwtAuthorization;