npm - @magda/authentication-plugin-sdk - Versions diffs - 2.3.3 → 3.0.0-alpha.0 - Mend

@magda/authentication-plugin-sdk 2.3.3 → 3.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,12 +1,147 @@
-import AuthApiClient from '@magda/auth-api-client';
+import { CookieOptions as CookieOptions_3 } from 'express';
 import express from 'express';
 import passport from 'passport';
 import { QueryDataMap } from 'urijs';
 import { Request as Request_2 } from 'express';
 import { Response as Response_2 } from 'express';
 import { Router } from 'express';
-import { User } from '@magda/auth-api-client';
-import { UserToken } from '@magda/auth-api-client';
+declare class ApiClient {
+    private jwt;
+    private requestInitOption;
+    private baseUrl;
+    constructor(baseUrl: string, jwtSecret?: string, userId?: string);
+    getMergeRequestInitOption(extraOptions?: RequestInit): RequestInit;
+    processJsonResponse<T = any>(res: Response): Promise<T>;
+    /**
+     * Get the data of a user.
+     *
+     * @param {string} userId
+     * @returns {Promise<Maybe<User>>}
+     * @memberof ApiClient
+     */
+    getUser(userId: string): Promise<Maybe<RequiredKeys<User, "id">>>;
+    /**
+     * Lookup user by source (identity provider) & sourceId (identity ID)
+     *
+     * @param {string} source
+     * @param {string} sourceId
+     * @returns {Promise<Maybe<User>>}
+     * @memberof ApiClient
+     */
+    lookupUser(source: string, sourceId: string): Promise<Maybe<RequiredKeys<User, "id">>>;
+    /**
+     * create a user
+     *
+     * @param {CreateUserData} user
+     * @returns {Promise<UserRecord>}
+     * @memberof ApiClient
+     */
+    createUser(user: CreateUserData): Promise<UserRecord>;
+    /**
+     * Add Roles to a user.
+     * Returns a list of current role ids of the user.
+     *
+     * @param {string} userId
+     * @param {string[]} roleIds
+     * @returns {Promise<string[]>}
+     * @memberof ApiClient
+     */
+    addUserRoles(userId: string, roleIds: string[]): Promise<string[]>;
+    /**
+     * Remove a list roles from a user.
+     *
+     * @param {string} userId
+     * @param {string[]} roleIds
+     * @returns {Promise<void>}
+     * @memberof ApiClient
+     */
+    deleteUserRoles(userId: string, roleIds: string[]): Promise<void>;
+    /**
+     * Get all roles of a user
+     *
+     * @param {string} userId
+     * @returns {Promise<Role[]>}
+     * @memberof ApiClient
+     */
+    getUserRoles(userId: string): Promise<Role[]>;
+    /**
+     * Get all permissions of a user
+     *
+     * @param {string} userId
+     * @returns {Promise<Permission[]>}
+     * @memberof ApiClient
+     */
+    getUserPermissions(userId: string): Promise<Permission[]>;
+    /**
+     * Get all permissions of a role
+     *
+     * @param {string} roleId
+     * @returns {Promise<Permission[]>}
+     * @memberof ApiClient
+     */
+    getRolePermissions(roleId: string): Promise<Permission[]>;
+    /**
+     * List OrgUnits at certain org tree level.
+     * Optionally provide a test Org Unit Id that will be used to test the relationship with each of returned orgUnit item.
+     * Possible Value: 'ancestor', 'descendant', 'equal', 'unrelated'
+     *
+     * @param {string} orgLevel The level number (starts from 1) where org Units of the tree are taken horizontally.
+     * @param {string} [relationshipOrgUnitId] Optional; The org unit id that is used to test the relationship with each of returned orgUnit item.
+     * @returns {Promise<OrgUnit[]>}
+     * @memberof ApiClient
+     */
+    getOrgUnitsByLevel(orgLevel: number, relationshipOrgUnitId?: string): Promise<OrgUnit[]>;
+    /**
+     * Get orgunits by name
+     *
+     * @param {string} nodeName
+     * @param {boolean} [leafNodesOnly=false] Whether only leaf nodes should be returned
+     * @param {string} [relationshipOrgUnitId] Optional; The org unit id that is used to test the relationship with each of returned orgUnit item.
+     * @returns {Promise<OrgUnit[]>}
+     * @memberof ApiClient
+     */
+    getOrgUnitsByName(nodeName: string, leafNodesOnly?: boolean, relationshipOrgUnitId?: string): Promise<OrgUnit[]>;
+    /**
+     * Gets the root organisation unit (top of the tree).
+     *
+     * @returns {Promise<OrgUnit>}
+     * @memberof ApiClient
+     */
+    getRootOrgUnit(): Promise<OrgUnit>;
+    /**
+     * Gets the details of the node with its id.
+     *
+     * @param {string} nodeId
+     * @returns {Promise<OrgUnit>}
+     * @memberof ApiClient
+     */
+    getOrgUnitById(nodeId: string): Promise<OrgUnit>;
+    /**
+     * Gets all the children immediately below the requested node. If the node doesn't exist, returns an empty list.
+     *
+     * @param {string} nodeId
+     * @returns {Promise<OrgUnit[]>}
+     * @memberof ApiClient
+     */
+    getImmediateOrgUnitChildren(nodeId: string): Promise<OrgUnit[]>;
+    /**
+     * Gets all the children below the requested node recursively. If node doesn't exist, returns an empty list.
+     *
+     * @param {string} nodeId
+     * @returns {Promise<OrgUnit[]>}
+     * @memberof ApiClient
+     */
+    getAllOrgUnitChildren(nodeId: string): Promise<OrgUnit[]>;
+    createOrgNode(parentNodeId: string, node: Partial<Omit<OrgUnitRecord, "id" | "createBy" | "createTime" | "editBy" | "editTime" | "left" | "right">>): Promise<OrgUnit>;
+    createRole(name: string, desc?: string): Promise<Role>;
+    createRolePermission(roleId: string, permissionData: CreateRolePermissionInputData): Promise<PermissionRecord>;
+    createPermission(permissionData: CreateRolePermissionInputData): Promise<PermissionRecord>;
+    updatePermission(id: string, permissionData: UpdateRolePermissionInputData): Promise<PermissionRecord>;
+    getOperationByUri(opUri: string): Promise<OperationRecord>;
+    getResourceByUri(resUri: string): Promise<ResourceRecord>;
+    private handleGetResult;
+}
 /**
  * Different type of AuthenticationMethod:
@@ -43,18 +178,7 @@ export declare interface AuthPluginConfig extends Omit<AuthPluginBasicConfig, "b
 export declare type CookieOptions = CookieOptions_2;
-/** This is present in the express-session types but not actually exported properly, so it needs to be copy-pasted here */
-declare type CookieOptions_2 = {
-    maxAge?: number;
-    signed?: boolean;
-    expires?: Date;
-    httpOnly?: boolean;
-    path?: string;
-    domain?: string;
-    secure?: boolean | "auto";
-    encode?: (val: string) => string;
-    sameSite?: boolean | "lax" | "strict" | "none";
-};
+declare type CookieOptions_2 = CookieOptions_3;
 /**
  * Create an express router that can be used to enable session on an express application.
@@ -75,20 +199,20 @@ export declare function createMagdaSessionRouter(options: MagdaSessionRouterOpti
  * @param {passport.Profile} profile
  * @param {string} source
  * @param {(
- *         authApiClient: AuthApiClient,
- *         userData: User,
- *         profile: passport.Profile
- *     ) => Promise<User>} [beforeUserCreated] an optional handler that will be called just before a user is created.
+     *         authApiClient: AuthApiClient,
+     *         userData: User,
+     *         profile: passport.Profile
+     *     ) => Promise<User>} [beforeUserCreated] an optional handler that will be called just before a user is created.
  * The user data returned by this handler will be used to create the user record. The following parameters will be provided to the handler:
  * - authApiClient: Auth API Client. You can use it to add a role to the user.
  * - userData: the user data that is converted from the user profile received using the default conversion logic.
  * - profile: the user profile received
  *
  * @param {(
- *         authApiClient: AuthApiClient,
- *         user: User,
- *         profile: passport.Profile
- *     ) => Promise<void>} [afterUserCreated] an optional call that will be called when a user has just been created.
+     *         authApiClient: AuthApiClient,
+     *         user: User,
+     *         profile: passport.Profile
+     *     ) => Promise<void>} [afterUserCreated] an optional call that will be called when a user has just been created.
  * The following parameters will be provided to the handler:
  * - authApiClient: Auth API Client. You can use it to add a role to the user.
  * - user: the user data of the magda user that is just created.
@@ -96,11 +220,21 @@ export declare function createMagdaSessionRouter(options: MagdaSessionRouterOpti
  *
  * @returns {Promise<UserToken>}
  */
-export declare function createOrGetUserToken(authApi: AuthApiClient, profile: passport.Profile, source: string, beforeUserCreated?: (authApiClient: AuthApiClient, userData: User, profile: passport.Profile) => Promise<User>, afterUserCreated?: (authApiClient: AuthApiClient, user: User, profile: passport.Profile) => Promise<void>): Promise<UserToken>;
+export declare function createOrGetUserToken(authApi: ApiClient, profile: passport.Profile, source: string, beforeUserCreated?: (authApiClient: ApiClient, userData: User, profile: passport.Profile) => Promise<User>, afterUserCreated?: (authApiClient: ApiClient, user: User, profile: passport.Profile) => Promise<void>): Promise<UserToken>;
+declare interface CreateRolePermissionInputData extends Omit<PermissionRecord, "id" | "owner_id" | "create_by" | "create_time" | "edit_by" | "edit_time" | "allow_exemption" | "resource_id"> {
+    operationIds?: string[];
+    operationUris?: string[];
+    resource_id?: string;
+    resourceUri?: string;
+    allow_exemption?: boolean;
+}
+declare type CreateUserData = Partial<Omit<UserRecord, "email" | "displayName" | "id">> & Pick<UserRecord, "displayName" | "email">;
 export declare const DEFAULT_SESSION_COOKIE_NAME: string;
-export declare const DEFAULT_SESSION_COOKIE_OPTIONS: CookieOptions_2;
+export declare const DEFAULT_SESSION_COOKIE_OPTIONS: CookieOptions_3;
 export declare const deleteCookie: typeof deleteCookie_2;
@@ -129,6 +263,16 @@ export declare const destroySession: typeof destroySession_2;
  */
 declare function destroySession_2(req: express.Request): Promise<void>;
+declare interface Eq<T> {
+    equals(t: T): boolean;
+}
+declare interface Functor<T> {
+    fmap<U>(f: (t: T) => U): Functor<U>;
+    lift<U>(f: (t: T) => U): Functor<U>;
+    map<U>(f: (t: T) => U): Functor<U>;
+}
 /**
  * Join `url` with `baseUrl` if `url` is not an absolute (full) url string
  *
@@ -153,10 +297,175 @@ export declare type MagdaSessionRouterOptions = {
     sessionDBName?: string;
 };
+declare class Maybe<T> implements Monad<T>, Functor<T>, Eq<Maybe<T>> {
+    private type;
+    private value?;
+    constructor(type: MaybeType, value?: T);
+    static sequence<T>(t: {
+        [k: string]: Maybe<T>;
+    }): Maybe<{
+        [k: string]: T;
+    }>;
+    static all: (t: {
+        [k: string]: Maybe<any>;
+    }) => Maybe<{
+        [k: string]: any;
+    }>;
+    static maybe<T>(t?: T | null): Maybe<T>;
+    static just<T>(t: T): Maybe<T>;
+    static nothing<T>(): Maybe<T>;
+    static isJust<T>(t: Maybe<T>): boolean;
+    static isNothing<T>(t: Maybe<T>): boolean;
+    unit<U>(u: U): Maybe<U>;
+    bind<U>(f: (t: T) => Maybe<U>): Maybe<U>;
+    of: <U>(u: U) => Maybe<U>;
+    chain: <U>(f: (t: T) => Maybe<U>) => Maybe<U>;
+    fmap<U>(f: (t: T) => U): Maybe<U>;
+    lift: <U>(f: (t: T) => U) => Maybe<U>;
+    map: <U>(f: (t: T) => U) => Maybe<U>;
+    caseOf<U>(patterns: MaybePatterns<T, U>): U;
+    defaulting(defaultValue: T): Maybe<T>;
+    equals(other: Maybe<T>): any;
+    valueOr<U extends T>(defaultValue: U): T | U;
+    valueOrCompute<U extends T>(defaultValueFunction: () => U): T | U;
+    valueOrThrow(error?: Error): T;
+    do(patterns?: Partial<MaybePatterns<T, void>>): Maybe<T>;
+}
+declare interface MaybePatterns<T, U> {
+    just: (t: T) => U;
+    nothing: () => U;
+}
+declare enum MaybeType {
+    Nothing = 0,
+    Just = 1
+}
+declare interface Monad<T> {
+    unit<U>(t: U): Monad<U>;
+    bind<U>(f: (t: T) => Monad<U>): Monad<U>;
+    of<U>(t: U): Monad<U>;
+    chain<U>(f: (t: T) => Monad<U>): Monad<U>;
+}
+declare interface Operation {
+    id: string;
+    uri: string;
+    name: string;
+    description?: string;
+}
+declare type OperationRecord = {
+    id: string;
+    uri: string;
+    name: string;
+    description: string;
+    resource_id: string;
+};
+declare type OrgUnit = Partial<OrgUnitRecord> & {
+    relationship?: OrgUnitRelationshipType;
+};
+declare interface OrgUnitRecord {
+    id: string;
+    name: string;
+    description: string;
+    left: number;
+    right: number;
+    createBy: string;
+    createTime: Date;
+    editBy: string;
+    editTime: Date;
+}
+declare type OrgUnitRelationshipType = "ancestor" | "descendant" | "equal" | "unrelated";
+declare interface Permission {
+    id: string;
+    name: string;
+    description?: string;
+    resourceId: string;
+    resourceUri: string;
+    userOwnershipConstraint: boolean;
+    orgUnitOwnershipConstraint: boolean;
+    preAuthorisedConstraint: boolean;
+    operations: Operation[];
+    createBy?: string;
+    createTime?: Date;
+    editBy?: string;
+    editTime?: Date;
+    allowExemption: boolean;
+}
+declare interface PermissionRecord {
+    id: string;
+    name: string;
+    description: string;
+    resource_id: string;
+    user_ownership_constraint: boolean;
+    org_unit_ownership_constraint: boolean;
+    pre_authorised_constraint: boolean;
+    owner_id: string;
+    create_time: string;
+    create_by: string;
+    edit_time: string;
+    edit_by: string;
+    allow_exemption: boolean;
+}
+declare type PublicUser = Partial<Pick<UserRecord, "id" | "photoURL" | "orgUnitId">> & Omit<UserRecord, "id" | "photoURL" | "orgUnitId" | "email" | "source" | "sourceId"> & {
+    roles?: Role[];
+    permissions?: Permission[];
+    managingOrgUnitIds?: string[];
+    orgUnit?: OrgUnit;
+};
 export declare function redirectOnError(err: any, toURL: string, req: Request_2, res: Response_2): void;
 export declare function redirectOnSuccess(toURL: string, req: Request_2, res: Response_2): void;
+declare type RequiredKeys<T, K extends keyof T> = Omit<T, K> & Required<Pick<T, K>>;
+declare type ResourceRecord = {
+    id: string;
+    uri: string;
+    name: string;
+    description: string;
+};
+declare interface Role {
+    id: string;
+    name: string;
+    permissionIds: string[];
+    description?: string;
+    createBy?: string;
+    createTime?: Date;
+    editBy?: string;
+    editTime?: Date;
+}
 export declare type SessionCookieOptions = CookieOptions_2;
+declare interface UpdateRolePermissionInputData extends Partial<CreateRolePermissionInputData> {
+}
+declare type User = PublicUser & Pick<UserRecord, "email" | "source" | "sourceId">;
+declare interface UserRecord {
+    id: string;
+    displayName: string;
+    photoURL: string;
+    isAdmin: boolean;
+    orgUnitId: string;
+    email: string;
+    source: string;
+    sourceId: string;
+}
+declare interface UserToken {
+    id: string;
+}
 export { }