@magda/typescript-common 1.2.1 → 2.0.0-alpha.1

package/dist/authorization-api/authMiddleware.js

@@ -1,11 +1,24 @@
 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.mustBeAdmin = exports.getUser = exports.mustBeLoggedIn = void 0;
+exports.requireUserId = exports.getUserId = exports.requirePermission = exports.requireUnconditionalAuthDecision = exports.withAuthDecision = exports.mustBeAdmin = exports.getUser = exports.mustBeLoggedIn = void 0;
 const GetUserId_1 = require("../session/GetUserId");
 const ApiClient_1 = __importDefault(require("./ApiClient"));
+const AuthDecision_1 = require("../opa/AuthDecision");
+const constants_1 = require("./constants");
+const ServerError_1 = __importDefault(require("../ServerError"));
+// deprecated middleware. To be removed after all code is secured with new model
 exports.mustBeLoggedIn = (jwtSecret) => function (req, res, next) {
     GetUserId_1.getUserIdHandling(req, res, jwtSecret, (userId) => {
         this.userId = userId;
@@ -14,11 +27,12 @@ exports.mustBeLoggedIn = (jwtSecret) => function (req, res, next) {
 };
 /**
  * Find the user making the request. Assign it to req passport style.
+ * !deprecated! should use middleware `getUserId` or `requireUserId` instead.
  */
-exports.getUser = (baseAuthUrl, jwtSecret) => (req, res, next) => {
+exports.getUser = (baseAuthUrl, jwtSecret, actionUserId) => (req, res, next) => {
     GetUserId_1.getUserId(req, jwtSecret).caseOf({
         just: (userId) => {
-            const apiClient = new ApiClient_1.default(baseAuthUrl, jwtSecret, userId);
+            const apiClient = new ApiClient_1.default(baseAuthUrl, jwtSecret, actionUserId ? actionUserId : constants_1.DEFAULT_ADMIN_USER_ID);
             apiClient
                 .getUser(userId)
                 .then((maybeUser) => {
@@ -35,6 +49,7 @@ exports.getUser = (baseAuthUrl, jwtSecret) => (req, res, next) => {
         nothing: next
     });
 };
+// deprecated middleware. To be removed after all code is secured with new model
 exports.mustBeAdmin = (baseAuthUrl, jwtSecret) => {
     const getUserInstance = exports.getUser(baseAuthUrl, jwtSecret);
     return (req, res, next) => {
@@ -49,4 +64,141 @@ exports.mustBeAdmin = (baseAuthUrl, jwtSecret) => {
         });
     };
 };
+/**
+ * Make auth decision based on auth decision request config.
+ * Depends on the config provided, either partial eval (conditional decision on a set of records/objects)
+ * Or unconditional decision for a single record / object will be returned via `res.locals.authDecision`.
+ *
+ * @export
+ * @param {AuthDecisionQueryClient} authDecisionClient
+ * @param {AuthDecisionReqConfig} config
+ * @return {*}
+ */
+function withAuthDecision(authDecisionClient, config) {
+    return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
+        try {
+            const jwtToken = req.get("X-Magda-Session");
+            const authDecision = yield authDecisionClient.getAuthDecision(config, jwtToken);
+            res.locals.authDecision = authDecision;
+            next();
+        }
+        catch (e) {
+            console.error(`withAuthDecision middleware error: ${e}`);
+            if (e instanceof ServerError_1.default) {
+                res.status(e.statusCode).send(e.message);
+            }
+            else {
+                res.status(500).send(`An error occurred while retrieving auth decision for the request: ${e}`);
+            }
+        }
+    });
+}
+exports.withAuthDecision = withAuthDecision;
+/**
+ * Require unconditional auth decision based on auth decision request config.
+ * When making decision on a group of records/objects, this method makes sure
+ * the user has permission to all records/objects regardless individual record / object's attributes.
+ *
+ * @export
+ * @param {AuthDecisionQueryClient} authDecisionClient
+ * @param {AuthDecisionReqConfig} config
+ * @param {boolean} [requiredDecision=true]
+ * @return {*}
+ */
+function requireUnconditionalAuthDecision(authDecisionClient, config, requiredDecision = true) {
+    return (req, res, next) => {
+        withAuthDecision(authDecisionClient, config)(req, res, () => {
+            const authDecision = res.locals.authDecision;
+            if ((authDecision === null || authDecision === void 0 ? void 0 : authDecision.hasResidualRules) === false &&
+                AuthDecision_1.isTrueEquivalent(authDecision === null || authDecision === void 0 ? void 0 : authDecision.result) == requiredDecision) {
+                return next();
+            }
+            else {
+                res.status(403).send(`you are not permitted to perform \`${config.operationUri}\` on required resources.`);
+            }
+        });
+    };
+}
+exports.requireUnconditionalAuthDecision = requireUnconditionalAuthDecision;
+/**
+ * require permission based on input data provided.
+ * Different from withAuthDecision, its method always set `unknowns` = Nil i.e. it will always attempt to make unconditional decision.
+ * It's for make decision for one single record / object. For partial eval for a set of records / objects, please use `withAuthDecision` or `requireUnconditionalAuthDecision`
+ *
+ * @export
+ * @param {AuthDecisionQueryClient} authDecisionClient
+ * @param {string} operationUri
+ * @param {InputDataOrFuncType} [inputDataFunc] either a function that produce input data (auth decision context data) from `req` & `req` or a plain object
+ * @return {*}
+ */
+function requirePermission(authDecisionClient, operationUri, inputDataOrFunc) {
+    return (req, res, next) => {
+        try {
+            const config = {
+                operationUri,
+                unknowns: []
+            };
+            if (inputDataOrFunc) {
+                if (typeof inputDataOrFunc === "function") {
+                    config.input = inputDataOrFunc(req, res);
+                }
+                else {
+                    config.input = inputDataOrFunc;
+                }
+            }
+            requireUnconditionalAuthDecision(authDecisionClient, config, true)(req, res, next);
+        }
+        catch (e) {
+            console.error(`requirePermission middleware error: ${e}`);
+            if (e instanceof ServerError_1.default) {
+                res.status(e.statusCode).send(e.message);
+            }
+            else {
+                res.status(500).send(`requirePermission middleware error: ${e}`);
+            }
+        }
+    };
+}
+exports.requirePermission = requirePermission;
+/**
+ * Try to locate userId from JwtToken.
+ * If can't find JWT token, return undefined via `res.locals.userId`
+ *
+ * @export
+ * @param {Request} req
+ * @param {Response} res
+ * @param {() => void} next
+ */
+function getUserId(jwtSecret) {
+    return (req, res, next) => {
+        GetUserId_1.getUserId(req, jwtSecret).caseOf({
+            just: (userId) => {
+                res.locals.userId = userId;
+                next();
+            },
+            nothing: () => {
+                res.locals.userId = undefined;
+                next();
+            }
+        });
+    };
+}
+exports.getUserId = getUserId;
+/**
+ * get current user ID from JWT token
+ * If can't locate userId, response 403 error
+ *
+ * @export
+ * @param {Request} req
+ * @param {Response} res
+ * @param {() => void} next
+ */
+exports.requireUserId = (jwtSecret) => (req, res, next) => getUserId(jwtSecret)(req, res, () => {
+    if (!res.locals.userId) {
+        res.status(403).send("Anonymous users access are not permitted: userId is required.");
+    }
+    else {
+        return next();
+    }
+});
 //# sourceMappingURL=authMiddleware.js.map

package/dist/authorization-api/authMiddleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"authMiddleware.js","sourceRoot":"","sources":["../../src/authorization-api/authMiddleware.ts"],"names":[],"mappings":";;;;;;AACA,oDAAoE;AACpE,4DAAoC;AAEvB,QAAA,cAAc,GAAG,CAAC,SAAiB,EAAE,EAAE,CAChD,UAAqB,GAAY,EAAE,GAAa,EAAE,IAAgB;IAC9D,6BAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,MAAc,EAAE,EAAE;QACtD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,EAAE,CAAC;IACX,CAAC,CAAC,CAAC;AACP,CAAC,CAAC;AAEN;;GAEG;AACU,QAAA,OAAO,GAAG,CAAC,WAAmB,EAAE,SAAiB,EAAE,EAAE,CAAC,CAC/D,GAAY,EACZ,GAAa,EACb,IAAgB,EAClB,EAAE;IACA,qBAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC;QAC7B,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE;YACb,MAAM,SAAS,GAAG,IAAI,mBAAS,CAAC,WAAW,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;YAChE,SAAS;iBACJ,OAAO,CAAC,MAAM,CAAC;iBACf,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAChB,SAAS,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,CAAC,IAAI,EAAE,EAAE;wBACX,GAAG,CAAC,IAAI,mCAID,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAC1B,IAAI,CACV,CAAC;wBACF,IAAI,EAAE,CAAC;oBACX,CAAC;oBACD,OAAO,EAAE,IAAI;iBAChB,CAAC,CAAC;YACP,CAAC,CAAC;iBACD,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,EAAE,IAAI;KAChB,CAAC,CAAC;AACP,CAAC,CAAC;AAEW,QAAA,WAAW,GAAG,CAAC,WAAmB,EAAE,SAAiB,EAAE,EAAE;IAClE,MAAM,eAAe,GAAG,eAAO,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACxD,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAgB,EAAE,EAAE;QACrD,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YAC3B,IAAI,GAAG,CAAC,IAAI,IAAK,GAAG,CAAC,IAAY,CAAC,OAAO,EAAE;gBACvC,IAAI,EAAE,CAAC;aACV;iBAAM;gBACH,OAAO,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;gBACvD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;aAC3C;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC,CAAC"}
+{"version":3,"file":"authMiddleware.js","sourceRoot":"","sources":["../../src/authorization-api/authMiddleware.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AACA,oDAG8B;AAC9B,4DAAoC;AAIpC,sDAAqE;AACrE,2CAAoD;AACpD,iEAAyC;AAEzC,gFAAgF;AACnE,QAAA,cAAc,GAAG,CAAC,SAAiB,EAAE,EAAE,CAChD,UAAqB,GAAY,EAAE,GAAa,EAAE,IAAgB;IAC9D,6BAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,MAAc,EAAE,EAAE;QACtD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,EAAE,CAAC;IACX,CAAC,CAAC,CAAC;AACP,CAAC,CAAC;AAEN;;;GAGG;AACU,QAAA,OAAO,GAAG,CACnB,WAAmB,EACnB,SAAiB,EACjB,YAAqB,EACvB,EAAE,CAAC,CAAC,GAAY,EAAE,GAAa,EAAE,IAAgB,EAAE,EAAE;IACnD,qBAAgB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC;QACpC,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE;YACb,MAAM,SAAS,GAAG,IAAI,mBAAS,CAC3B,WAAW,EACX,SAAS,EACT,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,iCAAqB,CACtD,CAAC;YACF,SAAS;iBACJ,OAAO,CAAC,MAAM,CAAC;iBACf,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;gBAChB,SAAS,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,CAAC,IAAI,EAAE,EAAE;wBACX,GAAG,CAAC,IAAI,mCAID,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAC1B,IAAI,CACV,CAAC;wBACF,IAAI,EAAE,CAAC;oBACX,CAAC;oBACD,OAAO,EAAE,IAAI;iBAChB,CAAC,CAAC;YACP,CAAC,CAAC;iBACD,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,EAAE,IAAI;KAChB,CAAC,CAAC;AACP,CAAC,CAAC;AAEF,gFAAgF;AACnE,QAAA,WAAW,GAAG,CAAC,WAAmB,EAAE,SAAiB,EAAE,EAAE;IAClE,MAAM,eAAe,GAAG,eAAO,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACxD,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAgB,EAAE,EAAE;QACrD,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YAC3B,IAAI,GAAG,CAAC,IAAI,IAAK,GAAG,CAAC,IAAY,CAAC,OAAO,EAAE;gBACvC,IAAI,EAAE,CAAC;aACV;iBAAM;gBACH,OAAO,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;gBACvD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;aAC3C;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC,CAAC;AAEF;;;;;;;;;GASG;AACH,SAAgB,gBAAgB,CAC5B,kBAA2C,EAC3C,MAA6B;IAE7B,OAAO,CAAO,GAAY,EAAE,GAAa,EAAE,IAAgB,EAAE,EAAE;QAC3D,IAAI;YACA,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YAC5C,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAAC,eAAe,CACzD,MAAM,EACN,QAAQ,CACX,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;YACvC,IAAI,EAAE,CAAC;SACV;QAAC,OAAO,CAAC,EAAE;YACR,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,EAAE,CAAC,CAAC;YACzD,IAAI,CAAC,YAAY,qBAAW,EAAE;gBAC1B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;aAC5C;iBAAM;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAChB,qEAAqE,CAAC,EAAE,CAC3E,CAAC;aACL;SACJ;IACL,CAAC,CAAA,CAAC;AACN,CAAC;AAxBD,4CAwBC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,gCAAgC,CAC5C,kBAA2C,EAC3C,MAA6B,EAC7B,mBAA4B,IAAI;IAEhC,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAgB,EAAE,EAAE;QACrD,gBAAgB,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YACxD,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,YAA4B,CAAC;YAC7D,IACI,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,gBAAgB,MAAK,KAAK;gBACxC,+BAAgB,CAAC,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,MAAM,CAAC,IAAI,gBAAgB,EAC5D;gBACE,OAAO,IAAI,EAAE,CAAC;aACjB;iBAAM;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAChB,sCAAsC,MAAM,CAAC,YAAY,2BAA2B,CACvF,CAAC;aACL;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC;AApBD,4EAoBC;AAMD;;;;;;;;;;GAUG;AACH,SAAgB,iBAAiB,CAC7B,kBAA2C,EAC3C,YAAoB,EACpB,eAAqC;IAErC,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAgB,EAAE,EAAE;QACrD,IAAI;YACA,MAAM,MAAM,GAAG;gBACX,YAAY;gBACZ,QAAQ,EAAE,EAAE;aACU,CAAC;YAC3B,IAAI,eAAe,EAAE;gBACjB,IAAI,OAAO,eAAe,KAAK,UAAU,EAAE;oBACvC,MAAM,CAAC,KAAK,GAAG,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;iBAC5C;qBAAM;oBACH,MAAM,CAAC,KAAK,GAAG,eAAe,CAAC;iBAClC;aACJ;YACD,gCAAgC,CAAC,kBAAkB,EAAE,MAAM,EAAE,IAAI,CAAC,CAC9D,GAAG,EACH,GAAG,EACH,IAAI,CACP,CAAC;SACL;QAAC,OAAO,CAAC,EAAE;YACR,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,EAAE,CAAC,CAAC;YAC1D,IAAI,CAAC,YAAY,qBAAW,EAAE;gBAC1B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;aAC5C;iBAAM;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAChB,uCAAuC,CAAC,EAAE,CAC7C,CAAC;aACL;SACJ;IACL,CAAC,CAAC;AACN,CAAC;AAlCD,8CAkCC;AAED;;;;;;;;GAQG;AACH,SAAgB,SAAS,CAAC,SAAiB;IACvC,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAgB,EAAE,EAAE;QACrD,qBAAgB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC;YACpC,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE;gBACb,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBAC3B,IAAI,EAAE,CAAC;YACX,CAAC;YACD,OAAO,EAAE,GAAG,EAAE;gBACV,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;gBAC9B,IAAI,EAAE,CAAC;YACX,CAAC;SACJ,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC;AAbD,8BAaC;AAED;;;;;;;;GAQG;AACU,QAAA,aAAa,GAAG,CAAC,SAAiB,EAAE,EAAE,CAAC,CAChD,GAAY,EACZ,GAAa,EACb,IAAgB,EAClB,EAAE,CACA,SAAS,CAAC,SAAS,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;IAChC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAChB,+DAA+D,CAClE,CAAC;KACL;SAAM;QACH,OAAO,IAAI,EAAE,CAAC;KACjB;AACL,CAAC,CAAC,CAAC"}

package/dist/authorization-api/constants.d.ts

@@ -0,0 +1,5 @@
+export declare const ANONYMOUS_USERS_ROLE_ID = "00000000-0000-0001-0000-000000000000";
+export declare const AUTHENTICATED_USERS_ROLE_ID = "00000000-0000-0002-0000-000000000000";
+export declare const ADMIN_USERS_ROLE_ID = "00000000-0000-0003-0000-000000000000";
+export declare const DEFAULT_ADMIN_USER_ID = "00000000-0000-4000-8000-000000000000";
+export declare const SYSTEM_ROLES: string[];

package/dist/authorization-api/constants.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SYSTEM_ROLES = exports.DEFAULT_ADMIN_USER_ID = exports.ADMIN_USERS_ROLE_ID = exports.AUTHENTICATED_USERS_ROLE_ID = exports.ANONYMOUS_USERS_ROLE_ID = void 0;
+exports.ANONYMOUS_USERS_ROLE_ID = "00000000-0000-0001-0000-000000000000";
+exports.AUTHENTICATED_USERS_ROLE_ID = "00000000-0000-0002-0000-000000000000";
+exports.ADMIN_USERS_ROLE_ID = "00000000-0000-0003-0000-000000000000";
+exports.DEFAULT_ADMIN_USER_ID = "00000000-0000-4000-8000-000000000000";
+exports.SYSTEM_ROLES = [
+    exports.ANONYMOUS_USERS_ROLE_ID,
+    exports.AUTHENTICATED_USERS_ROLE_ID,
+    exports.ADMIN_USERS_ROLE_ID
+];
+//# sourceMappingURL=constants.js.map

package/dist/authorization-api/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/authorization-api/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,uBAAuB,GAAG,sCAAsC,CAAC;AACjE,QAAA,2BAA2B,GACpC,sCAAsC,CAAC;AAC9B,QAAA,mBAAmB,GAAG,sCAAsC,CAAC;AAC7D,QAAA,qBAAqB,GAAG,sCAAsC,CAAC;AAE/D,QAAA,YAAY,GAAG;IACxB,+BAAuB;IACvB,mCAA2B;IAC3B,2BAAmB;CACtB,CAAC"}

package/dist/authorization-api/model.d.ts

@@ -85,15 +85,10 @@ export interface UserToken {
  * You only need this when you try to figure out user characteristic (unknown) via Known information of a dataset.
  * i.e. set `input.user` to unknown then calculate residual rules via partial evaluation.
  */
-export interface DatasetAccessControlMetaData {
-    /**
-     * We do allow "archived" as defined in `publishing.schema.json`
-     * But we probably should avoid using it as there is no story behinds it.
-     */
-    publishingState: "draft" | "published" | "archived";
+export interface AccessControlMetaData {
     accessControl?: {
         ownerId?: string;
-        orgUnitOwnerId?: string;
+        orgUnitId?: string;
         preAuthorisedPermissionIds?: string[];
     };
 }

package/dist/express/getNoCacheHeaders.d.ts

@@ -0,0 +1,6 @@
+declare const getNoCacheHeaders: () => {
+    "Cache-Control": string;
+    Expires: string;
+    "Last-Modified": string;
+};
+export default getNoCacheHeaders;

package/dist/express/getNoCacheHeaders.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const getNoCacheHeaders = () => ({
+    "Cache-Control": "max-age=0, no-cache, must-revalidate, proxy-revalidate",
+    Expires: "Thu, 01 Jan 1970 00:00:00 GMT",
+    "Last-Modified": new Date().toUTCString()
+});
+exports.default = getNoCacheHeaders;
+//# sourceMappingURL=getNoCacheHeaders.js.map

package/dist/express/getNoCacheHeaders.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getNoCacheHeaders.js","sourceRoot":"","sources":["../../src/express/getNoCacheHeaders.ts"],"names":[],"mappings":";;AAAA,MAAM,iBAAiB,GAAG,GAAG,EAAE,CAAC,CAAC;IAC7B,eAAe,EAAE,wDAAwD;IACzE,OAAO,EAAE,+BAA+B;IACxC,eAAe,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;CAC5C,CAAC,CAAC;AAEH,kBAAe,iBAAiB,CAAC"}

package/dist/express/setResponseNoCache.d.ts

@@ -0,0 +1,3 @@
+import { Response } from "express";
+declare const setResponseNoCache: (res: Response) => Response<any>;
+export default setResponseNoCache;

package/dist/express/setResponseNoCache.js

@@ -0,0 +1,9 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const getNoCacheHeaders_1 = __importDefault(require("./getNoCacheHeaders"));
+const setResponseNoCache = (res) => res.set(getNoCacheHeaders_1.default());
+exports.default = setResponseNoCache;
+//# sourceMappingURL=setResponseNoCache.js.map

package/dist/express/setResponseNoCache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setResponseNoCache.js","sourceRoot":"","sources":["../../src/express/setResponseNoCache.ts"],"names":[],"mappings":";;;;;AACA,4EAAoD;AAEpD,MAAM,kBAAkB,GAAG,CAAC,GAAa,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,2BAAiB,EAAE,CAAC,CAAC;AAE3E,kBAAe,kBAAkB,CAAC"}

package/dist/generated/registry/api.d.ts

@@ -143,6 +143,11 @@ export declare class WebHook {
     'retryCount': number;
     'isRunning': any;
     'isProcessing': any;
+    'ownerId': string;
+    'creatorId': string;
+    'editorId': string;
+    'createTime': Date;
+    'editTime': Date;
 }
 /**
 * Asynchronously acknowledges receipt of a web hook notification.
@@ -230,8 +235,9 @@ export declare class AspectDefinitionsApi {
      * Get a list of all aspects
      *
      * @param xMagdaTenantId 0
+     * @param xMagdaSession Magda internal session id
      */
-    getAll(xMagdaTenantId: number): Promise<{
+    getAll(xMagdaTenantId: number, xMagdaSession?: string): Promise<{
         response: http.IncomingMessage;
         body: Array<AspectDefinition>;
     }>;
@@ -240,8 +246,9 @@ export declare class AspectDefinitionsApi {
      *
      * @param xMagdaTenantId 0
      * @param id ID of the aspect to be fetched.
+     * @param xMagdaSession Magda internal session id
      */
-    getById(xMagdaTenantId: number, id: string): Promise<{
+    getById(xMagdaTenantId: number, id: string, xMagdaSession?: string): Promise<{
         response: http.IncomingMessage;
         body: AspectDefinition;
     }>;
@@ -292,6 +299,33 @@ export declare class RecordAspectsApi {
         response: http.IncomingMessage;
         body: DeleteResult;
     }>;
+    /**
+     * Get a list of a record&#39;s aspects
+     *
+     * @param xMagdaTenantId 0
+     * @param recordId ID of the record for which to fetch aspects.
+     * @param keyword Specify the keyword to search in the all aspects&#39; aspectId &amp; data fields.
+     * @param aspectIdOnly When set to true, will respond only an array contains aspect id only.
+     * @param start The index of the first record to retrieve.
+     * @param limit The maximum number of records to receive.
+     * @param xMagdaSession Magda internal session id
+     */
+    getAspects(xMagdaTenantId: number, recordId: string, keyword?: string, aspectIdOnly?: boolean, start?: number, limit?: number, xMagdaSession?: string): Promise<{
+        response: http.IncomingMessage;
+        body: Array<any>;
+    }>;
+    /**
+     * Get the number of aspects that a record has
+     *
+     * @param xMagdaTenantId 0
+     * @param recordId ID of the record for which to fetch an aspect.
+     * @param keyword Specify the keyword to search in the all aspects&#39; aspectId &amp; data fields.
+     * @param xMagdaSession Magda internal session id
+     */
+    getAspectsCount(xMagdaTenantId: number, recordId: string, keyword?: string, xMagdaSession?: string): Promise<{
+        response: http.IncomingMessage;
+        body: CountResponse;
+    }>;
     /**
      * Get a record aspect by ID
      *
@@ -449,6 +483,17 @@ export declare class RecordsApi {
         response: http.IncomingMessage;
         body: Record;
     }>;
+    /**
+     * Get a record in full by ID
+     * Get a record with all attached aspects data by the record ID.
+     * @param id ID of the record to be fetched.
+     * @param xMagdaTenantId 0
+     * @param xMagdaSession Magda internal session id
+     */
+    getByIdInFull(id: string, xMagdaTenantId: number, xMagdaSession?: string): Promise<{
+        response: http.IncomingMessage;
+        body: Record;
+    }>;
     /**
      * Get a summary record by ID
      * Gets a summary record, including all the aspect ids for which this record has data.

package/dist/generated/registry/api.js

@@ -214,8 +214,9 @@ class AspectDefinitionsApi {
      * Get a list of all aspects
      *
      * @param xMagdaTenantId 0
+     * @param xMagdaSession Magda internal session id
      */
-    getAll(xMagdaTenantId) {
+    getAll(xMagdaTenantId, xMagdaSession) {
         const localVarPath = this.basePath + '/aspects';
         let queryParameters = {};
         let headerParams = Object.assign({}, this.defaultHeaders);
@@ -225,6 +226,7 @@ class AspectDefinitionsApi {
             throw new Error('Required parameter xMagdaTenantId was null or undefined when calling getAll.');
         }
         headerParams['X-Magda-Tenant-Id'] = xMagdaTenantId;
+        headerParams['X-Magda-Session'] = xMagdaSession;
         let useFormData = false;
         let requestOptions = {
             method: 'GET',
@@ -264,8 +266,9 @@ class AspectDefinitionsApi {
      *
      * @param xMagdaTenantId 0
      * @param id ID of the aspect to be fetched.
+     * @param xMagdaSession Magda internal session id
      */
-    getById(xMagdaTenantId, id) {
+    getById(xMagdaTenantId, id, xMagdaSession) {
         const localVarPath = this.basePath + '/aspects/{id}'
             .replace('{' + 'id' + '}', String(id));
         let queryParameters = {};
@@ -280,6 +283,7 @@ class AspectDefinitionsApi {
             throw new Error('Required parameter id was null or undefined when calling getById.');
         }
         headerParams['X-Magda-Tenant-Id'] = xMagdaTenantId;
+        headerParams['X-Magda-Session'] = xMagdaSession;
         let useFormData = false;
         let requestOptions = {
             method: 'GET',
@@ -545,6 +549,140 @@ class RecordAspectsApi {
             });
         });
     }
+    /**
+     * Get a list of a record's aspects
+     *
+     * @param xMagdaTenantId 0
+     * @param recordId ID of the record for which to fetch aspects.
+     * @param keyword Specify the keyword to search in the all aspects' aspectId & data fields.
+     * @param aspectIdOnly When set to true, will respond only an array contains aspect id only.
+     * @param start The index of the first record to retrieve.
+     * @param limit The maximum number of records to receive.
+     * @param xMagdaSession Magda internal session id
+     */
+    getAspects(xMagdaTenantId, recordId, keyword, aspectIdOnly, start, limit, xMagdaSession) {
+        const localVarPath = this.basePath + '/records/{recordId}/aspects'
+            .replace('{' + 'recordId' + '}', String(recordId));
+        let queryParameters = {};
+        let headerParams = Object.assign({}, this.defaultHeaders);
+        let formParams = {};
+        // verify required parameter 'xMagdaTenantId' is not null or undefined
+        if (xMagdaTenantId === null || xMagdaTenantId === undefined) {
+            throw new Error('Required parameter xMagdaTenantId was null or undefined when calling getAspects.');
+        }
+        // verify required parameter 'recordId' is not null or undefined
+        if (recordId === null || recordId === undefined) {
+            throw new Error('Required parameter recordId was null or undefined when calling getAspects.');
+        }
+        if (keyword !== undefined) {
+            queryParameters['keyword'] = keyword;
+        }
+        if (aspectIdOnly !== undefined) {
+            queryParameters['aspectIdOnly'] = aspectIdOnly;
+        }
+        if (start !== undefined) {
+            queryParameters['start'] = start;
+        }
+        if (limit !== undefined) {
+            queryParameters['limit'] = limit;
+        }
+        headerParams['X-Magda-Tenant-Id'] = xMagdaTenantId;
+        headerParams['X-Magda-Session'] = xMagdaSession;
+        let useFormData = false;
+        let requestOptions = {
+            method: 'GET',
+            qs: queryParameters,
+            headers: headerParams,
+            uri: localVarPath,
+            useQuerystring: this._useQuerystring,
+            json: true,
+        };
+        this.authentications.default.applyToRequest(requestOptions);
+        if (Object.keys(formParams).length) {
+            if (useFormData) {
+                requestOptions.formData = formParams;
+            }
+            else {
+                requestOptions.form = formParams;
+            }
+        }
+        return new Promise((resolve, reject) => {
+            request(requestOptions, (error, response, body) => {
+                if (error) {
+                    reject(error);
+                }
+                else {
+                    if (response.statusCode >= 200 && response.statusCode <= 299) {
+                        resolve({ response: response, body: body });
+                    }
+                    else {
+                        reject({ response: response, body: body });
+                    }
+                }
+            });
+        });
+    }
+    /**
+     * Get the number of aspects that a record has
+     *
+     * @param xMagdaTenantId 0
+     * @param recordId ID of the record for which to fetch an aspect.
+     * @param keyword Specify the keyword to search in the all aspects&#39; aspectId &amp; data fields.
+     * @param xMagdaSession Magda internal session id
+     */
+    getAspectsCount(xMagdaTenantId, recordId, keyword, xMagdaSession) {
+        const localVarPath = this.basePath + '/records/{recordId}/aspects/count'
+            .replace('{' + 'recordId' + '}', String(recordId));
+        let queryParameters = {};
+        let headerParams = Object.assign({}, this.defaultHeaders);
+        let formParams = {};
+        // verify required parameter 'xMagdaTenantId' is not null or undefined
+        if (xMagdaTenantId === null || xMagdaTenantId === undefined) {
+            throw new Error('Required parameter xMagdaTenantId was null or undefined when calling getAspectsCount.');
+        }
+        // verify required parameter 'recordId' is not null or undefined
+        if (recordId === null || recordId === undefined) {
+            throw new Error('Required parameter recordId was null or undefined when calling getAspectsCount.');
+        }
+        if (keyword !== undefined) {
+            queryParameters['keyword'] = keyword;
+        }
+        headerParams['X-Magda-Tenant-Id'] = xMagdaTenantId;
+        headerParams['X-Magda-Session'] = xMagdaSession;
+        let useFormData = false;
+        let requestOptions = {
+            method: 'GET',
+            qs: queryParameters,
+            headers: headerParams,
+            uri: localVarPath,
+            useQuerystring: this._useQuerystring,
+            json: true,
+        };
+        this.authentications.default.applyToRequest(requestOptions);
+        if (Object.keys(formParams).length) {
+            if (useFormData) {
+                requestOptions.formData = formParams;
+            }
+            else {
+                requestOptions.form = formParams;
+            }
+        }
+        return new Promise((resolve, reject) => {
+            request(requestOptions, (error, response, body) => {
+                if (error) {
+                    reject(error);
+                }
+                else {
+                    if (response.statusCode >= 200 && response.statusCode <= 299) {
+                        resolve({ response: response, body: body });
+                    }
+                    else {
+                        reject({ response: response, body: body });
+                    }
+                }
+            });
+        });
+    }
     /**
      * Get a record aspect by ID
      *
@@ -1305,6 +1443,63 @@ class RecordsApi {
             });
         });
     }
+    /**
+     * Get a record in full by ID
+     * Get a record with all attached aspects data by the record ID.
+     * @param id ID of the record to be fetched.
+     * @param xMagdaTenantId 0
+     * @param xMagdaSession Magda internal session id
+     */
+    getByIdInFull(id, xMagdaTenantId, xMagdaSession) {
+        const localVarPath = this.basePath + '/records/inFull/{id}'
+            .replace('{' + 'id' + '}', String(id));
+        let queryParameters = {};
+        let headerParams = Object.assign({}, this.defaultHeaders);
+        let formParams = {};
+        // verify required parameter 'id' is not null or undefined
+        if (id === null || id === undefined) {
+            throw new Error('Required parameter id was null or undefined when calling getByIdInFull.');
+        }
+        // verify required parameter 'xMagdaTenantId' is not null or undefined
+        if (xMagdaTenantId === null || xMagdaTenantId === undefined) {
+            throw new Error('Required parameter xMagdaTenantId was null or undefined when calling getByIdInFull.');
+        }
+        headerParams['X-Magda-Tenant-Id'] = xMagdaTenantId;
+        headerParams['X-Magda-Session'] = xMagdaSession;
+        let useFormData = false;
+        let requestOptions = {
+            method: 'GET',
+            qs: queryParameters,
+            headers: headerParams,
+            uri: localVarPath,
+            useQuerystring: this._useQuerystring,
+            json: true,
+        };
+        this.authentications.default.applyToRequest(requestOptions);
+        if (Object.keys(formParams).length) {
+            if (useFormData) {
+                requestOptions.formData = formParams;
+            }
+            else {
+                requestOptions.form = formParams;
+            }
+        }
+        return new Promise((resolve, reject) => {
+            request(requestOptions, (error, response, body) => {
+                if (error) {
+                    reject(error);
+                }
+                else {
+                    if (response.statusCode >= 200 && response.statusCode <= 299) {
+                        resolve({ response: response, body: body });
+                    }
+                    else {
+                        reject({ response: response, body: body });
+                    }
+                }
+            });
+        });
+    }
     /**
      * Get a summary record by ID
      * Gets a summary record, including all the aspect ids for which this record has data.