@memberjunction/server 2.90.0 → 2.91.0

package/src/config.ts

@@ -102,6 +102,18 @@ const sqlLoggingSchema = z.object({
   sessionTimeout: z.number().optional().default(3600000), // 1 hour
 });
 
+const authProviderSchema = z.object({
+  name: z.string(),
+  type: z.string(),
+  issuer: z.string(),
+  audience: z.string(),
+  jwksUri: z.string(),
+  clientId: z.string().optional(),
+  clientSecret: z.string().optional(),
+  tenantId: z.string().optional(),
+  domain: z.string().optional(),
+}).passthrough(); // Allow additional provider-specific fields
+
 const configInfoSchema = z.object({
   userHandling: userHandlingInfoSchema,
   databaseSettings: databaseSettingsInfoSchema,
@@ -109,6 +121,7 @@ const configInfoSchema = z.object({
   restApiOptions: restApiOptionsSchema.optional().default({}),
   askSkip: askSkipInfoSchema.optional(),
   sqlLogging: sqlLoggingSchema.optional(),
+  authProviders: z.array(authProviderSchema).optional(),
 
   apiKey: z.string().optional(),
   baseUrl: z.string().default('http://localhost'),
@@ -131,17 +144,12 @@ const configInfoSchema = z.object({
   ___codeGenAPIPort: z.coerce.number().optional().default(3999),
   ___codeGenAPISubmissionDelay: z.coerce.number().optional().default(5000),
   graphqlRootPath: z.string().optional().default('/'),
-  webClientID: z.string().optional(),
-  tenantID: z.string().optional(),
   enableIntrospection: z.coerce.boolean().optional().default(false),
   websiteRunFromPackage: z.coerce.number().optional(),
   userEmailMap: z
     .string()
     .transform((val) => z.record(z.string()).parse(JSON.parse(val)))
     .optional(),
-  auth0Domain: z.string().optional(),
-  auth0WebClientID: z.string().optional(),
-  auth0ClientSecret: z.string().optional(),
   mjCoreSchema: z.string(),
 });
 
@@ -152,6 +160,7 @@ export type RESTApiOptions = z.infer<typeof restApiOptionsSchema>;
 export type AskSkipInfo = z.infer<typeof askSkipInfoSchema>;
 export type SqlLoggingOptions = z.infer<typeof sqlLoggingOptionsSchema>;
 export type SqlLoggingInfo = z.infer<typeof sqlLoggingSchema>;
+export type AuthProviderConfig = z.infer<typeof authProviderSchema>;
 export type ConfigInfo = z.infer<typeof configInfoSchema>;
 
 export const configInfo: ConfigInfo = loadConfig();
@@ -169,14 +178,9 @@ export const {
   ___codeGenAPIPort,
   ___codeGenAPISubmissionDelay,
   graphqlRootPath,
-  webClientID,
-  tenantID,
   enableIntrospection,
   websiteRunFromPackage,
   userEmailMap,
-  auth0Domain,
-  auth0WebClientID,
-  auth0ClientSecret,
   apiKey,
   baseUrl,
   mjCoreSchema: mj_core_schema,

package/src/context.ts

@@ -5,24 +5,33 @@ import 'reflect-metadata';
 import { Subject, firstValueFrom } from 'rxjs';
 import { AuthenticationError, AuthorizationError } from 'type-graphql';
 import sql from 'mssql';
-import { getSigningKeys, getSystemUser, validationOptions, verifyUserRecord } from './auth/index.js';
+import { getSigningKeys, getSystemUser, getValidationOptions, verifyUserRecord, extractUserInfoFromPayload, TokenExpiredError } from './auth/index.js';
 import { authCache } from './cache.js';
 import { userEmailMap, apiKey, mj_core_schema } from './config.js';
 import { DataSourceInfo, UserPayload } from './types.js';
-import { TokenExpiredError } from './auth/index.js';
 import { GetReadOnlyDataSource, GetReadWriteDataSource } from './util.js';
 import { v4 as uuidv4 } from 'uuid';
 import e from 'express';
 import { DatabaseProviderBase } from '@memberjunction/core';
 import { SQLServerDataProvider, SQLServerProviderConfigData } from '@memberjunction/sqlserver-dataprovider';
+import { AuthProviderFactory } from './auth/AuthProviderFactory.js';
 
-const verifyAsync = async (issuer: string, options: jwt.VerifyOptions, token: string): Promise<jwt.JwtPayload> =>
+const verifyAsync = async (issuer: string, token: string): Promise<jwt.JwtPayload> =>
   new Promise((resolve, reject) => {
+    const options = getValidationOptions(issuer);
+    
+    if (!options) {
+      reject(new Error(`No validation options found for issuer ${issuer}`));
+      return;
+    }
+
     jwt.verify(token, getSigningKeys(issuer), options, (err, jwt) => {
       if (jwt && typeof jwt !== 'string' && !err) {
         const payload = jwt.payload ?? jwt;
 
-        console.log(`Valid token: ${payload.name} (${payload.email ? payload.email : payload.preferred_username})`); // temporary fix to check preferred_username if email is not present
+        // Use provider to extract user info for logging
+        const userInfo = extractUserInfoFromPayload(payload);
+        console.log(`Valid token: ${userInfo.fullName || 'Unknown'} (${userInfo.email || userInfo.preferredUsername || 'Unknown'})`);
         resolve(payload);
       } else {
         console.warn('Invalid token');
@@ -81,15 +90,28 @@ export const getUserPayload = async (
         throw new AuthenticationError('Missing issuer claim on token');
       }
 
-      await verifyAsync(issuer, validationOptions[issuer], token);
+      // Verify issuer is supported
+      const factory = AuthProviderFactory.getInstance();
+      if (!factory.getByIssuer(issuer)) {
+        console.warn(`Unsupported issuer: ${issuer}`);
+        throw new AuthenticationError(`Unsupported authentication provider: ${issuer}`);
+      }
+
+      await verifyAsync(issuer, token);
       authCache.set(token, true);
     }
 
-    const email = payload?.email ? ((userEmailMap ?? {})[payload?.email] ?? payload?.email) : payload?.preferred_username; // temporary fix to check preferred_username if email is not present
-    const fullName = payload?.name;
-    const firstName = payload?.given_name || fullName?.split(' ')[0];
-    const lastName = payload?.family_name || fullName?.split(' ')[1] || fullName?.split(' ')[0];
-    const userRecord = await verifyUserRecord(email, firstName, lastName, requestDomain, readWriteDataSource);
+    // Use provider to extract user information
+    const userInfo = extractUserInfoFromPayload(payload);
+    const email = userInfo.email ? ((userEmailMap ?? {})[userInfo.email] ?? userInfo.email) : userInfo.preferredUsername;
+    
+    const userRecord = await verifyUserRecord(
+      email, 
+      userInfo.firstName, 
+      userInfo.lastName, 
+      requestDomain, 
+      readWriteDataSource
+    );
 
     if (!userRecord) {
       console.error(`User ${email} not found`);
@@ -99,12 +121,13 @@ export const getUserPayload = async (
       throw new AuthorizationError();
     }
 
-    return { userRecord, email, sessionId };
-  } catch (e) {
-    console.error(e);
-    if (e instanceof TokenExpiredError) {
-      throw e;
-    } else return {} as UserPayload;
+    return { userRecord, email: userRecord.Email, sessionId };
+  } catch (error) {
+    console.error(error);
+    if (error instanceof TokenExpiredError) {
+      throw error;
+    }
+    throw new AuthenticationError('Unable to authenticate user');
   }
 };
 
@@ -171,4 +194,4 @@ export const contextFunction =
     };
     
     return contextResult;
-  };
+  };

package/src/generated/generated.ts

@@ -39135,6 +39135,10 @@ export class ComponentLibrary_ {
     @MaxLength(10)
     _mj__UpdatedAt: Date;
         
+    @Field({description: `Status of the component library. Active: fully supported; Deprecated: works but shows console warning; Disabled: throws error if used`}) 
+    @MaxLength(40)
+    Status: string;
+        
     @Field(() => [ComponentLibraryLink_])
     MJ_ComponentLibraryLinks_LibraryIDArray: ComponentLibraryLink_[]; // Link to MJ_ComponentLibraryLinks
     
@@ -39171,6 +39175,9 @@ export class CreateComponentLibraryInput {
 
     @Field({ nullable: true })
     Description: string | null;
+
+    @Field({ nullable: true })
+    Status?: string;
 }
     
 
@@ -39206,6 +39213,9 @@ export class UpdateComponentLibraryInput {
     @Field({ nullable: true })
     Description?: string | null;
 
+    @Field({ nullable: true })
+    Status?: string;
+
     @Field(() => [KeyValuePairInput], { nullable: true })
     OldValues___?: KeyValuePairInput[];
 }

package/src/generic/ResolverBase.ts

@@ -139,7 +139,8 @@ export class ResolverBase {
           viewInput.AuditLogDescription,
           viewInput.ResultType,
           userPayload,
-          viewInput.MaxRows
+          viewInput.MaxRows,
+          viewInput.StartRow
         );
       }
       else {
@@ -173,7 +174,8 @@ export class ResolverBase {
         viewInput.AuditLogDescription,
         viewInput.ResultType,
         userPayload,
-        viewInput.MaxRows
+        viewInput.MaxRows,
+        viewInput.StartRow
       );
     } catch (err) {
       console.log(err);
@@ -210,7 +212,8 @@ export class ResolverBase {
         viewInput.AuditLogDescription,
         viewInput.ResultType,
         userPayload,
-        viewInput.MaxRows
+        viewInput.MaxRows,
+        viewInput.StartRow
       );
     } catch (err) {
       console.log(err);
@@ -370,7 +373,8 @@ export class ResolverBase {
     auditLogDescription: string | undefined,
     resultType: string | undefined,
     userPayload: UserPayload | null,
-    maxRows: number | undefined
+    maxRows: number | undefined,
+    startRow: number | undefined
   ) {
     try {
       if (!viewInfo || !userPayload) return null;
@@ -420,6 +424,7 @@ export class ResolverBase {
           ExcludeDataFromAllPriorViewRuns: excludeDataFromAllPriorViewRuns,
           IgnoreMaxRows: ignoreMaxRows,
           MaxRows: maxRows,
+          StartRow: startRow,
           ForceAuditLog: forceAuditLog,
           AuditLogDescription: auditLogDescription,
           ResultType: rt,