@memberjunction/server 2.90.0 → 2.92.0

package/src/config.ts

@@ -102,6 +102,18 @@ const sqlLoggingSchema = z.object({
   sessionTimeout: z.number().optional().default(3600000), // 1 hour
 });
 
+const authProviderSchema = z.object({
+  name: z.string(),
+  type: z.string(),
+  issuer: z.string(),
+  audience: z.string(),
+  jwksUri: z.string(),
+  clientId: z.string().optional(),
+  clientSecret: z.string().optional(),
+  tenantId: z.string().optional(),
+  domain: z.string().optional(),
+}).passthrough(); // Allow additional provider-specific fields
+
 const configInfoSchema = z.object({
   userHandling: userHandlingInfoSchema,
   databaseSettings: databaseSettingsInfoSchema,
@@ -109,6 +121,7 @@ const configInfoSchema = z.object({
   restApiOptions: restApiOptionsSchema.optional().default({}),
   askSkip: askSkipInfoSchema.optional(),
   sqlLogging: sqlLoggingSchema.optional(),
+  authProviders: z.array(authProviderSchema).optional(),
 
   apiKey: z.string().optional(),
   baseUrl: z.string().default('http://localhost'),
@@ -131,17 +144,12 @@ const configInfoSchema = z.object({
   ___codeGenAPIPort: z.coerce.number().optional().default(3999),
   ___codeGenAPISubmissionDelay: z.coerce.number().optional().default(5000),
   graphqlRootPath: z.string().optional().default('/'),
-  webClientID: z.string().optional(),
-  tenantID: z.string().optional(),
   enableIntrospection: z.coerce.boolean().optional().default(false),
   websiteRunFromPackage: z.coerce.number().optional(),
   userEmailMap: z
     .string()
     .transform((val) => z.record(z.string()).parse(JSON.parse(val)))
     .optional(),
-  auth0Domain: z.string().optional(),
-  auth0WebClientID: z.string().optional(),
-  auth0ClientSecret: z.string().optional(),
   mjCoreSchema: z.string(),
 });
 
@@ -152,6 +160,7 @@ export type RESTApiOptions = z.infer<typeof restApiOptionsSchema>;
 export type AskSkipInfo = z.infer<typeof askSkipInfoSchema>;
 export type SqlLoggingOptions = z.infer<typeof sqlLoggingOptionsSchema>;
 export type SqlLoggingInfo = z.infer<typeof sqlLoggingSchema>;
+export type AuthProviderConfig = z.infer<typeof authProviderSchema>;
 export type ConfigInfo = z.infer<typeof configInfoSchema>;
 
 export const configInfo: ConfigInfo = loadConfig();
@@ -169,14 +178,9 @@ export const {
   ___codeGenAPIPort,
   ___codeGenAPISubmissionDelay,
   graphqlRootPath,
-  webClientID,
-  tenantID,
   enableIntrospection,
   websiteRunFromPackage,
   userEmailMap,
-  auth0Domain,
-  auth0WebClientID,
-  auth0ClientSecret,
   apiKey,
   baseUrl,
   mjCoreSchema: mj_core_schema,

package/src/context.ts

@@ -5,24 +5,33 @@ import 'reflect-metadata';
 import { Subject, firstValueFrom } from 'rxjs';
 import { AuthenticationError, AuthorizationError } from 'type-graphql';
 import sql from 'mssql';
-import { getSigningKeys, getSystemUser, validationOptions, verifyUserRecord } from './auth/index.js';
+import { getSigningKeys, getSystemUser, getValidationOptions, verifyUserRecord, extractUserInfoFromPayload, TokenExpiredError } from './auth/index.js';
 import { authCache } from './cache.js';
 import { userEmailMap, apiKey, mj_core_schema } from './config.js';
 import { DataSourceInfo, UserPayload } from './types.js';
-import { TokenExpiredError } from './auth/index.js';
 import { GetReadOnlyDataSource, GetReadWriteDataSource } from './util.js';
 import { v4 as uuidv4 } from 'uuid';
 import e from 'express';
 import { DatabaseProviderBase } from '@memberjunction/core';
 import { SQLServerDataProvider, SQLServerProviderConfigData } from '@memberjunction/sqlserver-dataprovider';
+import { AuthProviderFactory } from './auth/AuthProviderFactory.js';
 
-const verifyAsync = async (issuer: string, options: jwt.VerifyOptions, token: string): Promise<jwt.JwtPayload> =>
+const verifyAsync = async (issuer: string, token: string): Promise<jwt.JwtPayload> =>
   new Promise((resolve, reject) => {
+    const options = getValidationOptions(issuer);
+    
+    if (!options) {
+      reject(new Error(`No validation options found for issuer ${issuer}`));
+      return;
+    }
+
     jwt.verify(token, getSigningKeys(issuer), options, (err, jwt) => {
       if (jwt && typeof jwt !== 'string' && !err) {
         const payload = jwt.payload ?? jwt;
 
-        console.log(`Valid token: ${payload.name} (${payload.email ? payload.email : payload.preferred_username})`); // temporary fix to check preferred_username if email is not present
+        // Use provider to extract user info for logging
+        const userInfo = extractUserInfoFromPayload(payload);
+        console.log(`Valid token: ${userInfo.fullName || 'Unknown'} (${userInfo.email || userInfo.preferredUsername || 'Unknown'})`);
         resolve(payload);
       } else {
         console.warn('Invalid token');
@@ -81,15 +90,28 @@ export const getUserPayload = async (
         throw new AuthenticationError('Missing issuer claim on token');
       }
 
-      await verifyAsync(issuer, validationOptions[issuer], token);
+      // Verify issuer is supported
+      const factory = AuthProviderFactory.getInstance();
+      if (!factory.getByIssuer(issuer)) {
+        console.warn(`Unsupported issuer: ${issuer}`);
+        throw new AuthenticationError(`Unsupported authentication provider: ${issuer}`);
+      }
+
+      await verifyAsync(issuer, token);
       authCache.set(token, true);
     }
 
-    const email = payload?.email ? ((userEmailMap ?? {})[payload?.email] ?? payload?.email) : payload?.preferred_username; // temporary fix to check preferred_username if email is not present
-    const fullName = payload?.name;
-    const firstName = payload?.given_name || fullName?.split(' ')[0];
-    const lastName = payload?.family_name || fullName?.split(' ')[1] || fullName?.split(' ')[0];
-    const userRecord = await verifyUserRecord(email, firstName, lastName, requestDomain, readWriteDataSource);
+    // Use provider to extract user information
+    const userInfo = extractUserInfoFromPayload(payload);
+    const email = userInfo.email ? ((userEmailMap ?? {})[userInfo.email] ?? userInfo.email) : userInfo.preferredUsername;
+    
+    const userRecord = await verifyUserRecord(
+      email, 
+      userInfo.firstName, 
+      userInfo.lastName, 
+      requestDomain, 
+      readWriteDataSource
+    );
 
     if (!userRecord) {
       console.error(`User ${email} not found`);
@@ -99,12 +121,13 @@ export const getUserPayload = async (
       throw new AuthorizationError();
     }
 
-    return { userRecord, email, sessionId };
-  } catch (e) {
-    console.error(e);
-    if (e instanceof TokenExpiredError) {
-      throw e;
-    } else return {} as UserPayload;
+    return { userRecord, email: userRecord.Email, sessionId };
+  } catch (error) {
+    console.error(error);
+    if (error instanceof TokenExpiredError) {
+      throw error;
+    }
+    throw new AuthenticationError('Unable to authenticate user');
   }
 };
 
@@ -171,4 +194,4 @@ export const contextFunction =
     };
     
     return contextResult;
-  };
+  };

package/src/generated/generated.ts

@@ -39135,6 +39135,13 @@ export class ComponentLibrary_ {
     @MaxLength(10)
     _mj__UpdatedAt: Date;
         
+    @Field({description: `Status of the component library. Active: fully supported; Deprecated: works but shows console warning; Disabled: throws error if used`}) 
+    @MaxLength(40)
+    Status: string;
+        
+    @Field({nullable: true, description: `JSON configuration for library-specific lint rules that are applied during component validation. This field contains structured rules that define how components using this library should be validated, including DOM element requirements, initialization patterns, lifecycle methods, and common error patterns. Example structure: {"initialization": {"constructorName": "Chart", "elementType": "canvas"}, "lifecycle": {"requiredMethods": ["render"], "cleanupMethods": ["destroy"]}}. The linter dynamically applies these rules based on the libraries referenced in a component spec, enabling extensible validation without hardcoding library-specific logic.`}) 
+    LintRules?: string;
+        
     @Field(() => [ComponentLibraryLink_])
     MJ_ComponentLibraryLinks_LibraryIDArray: ComponentLibraryLink_[]; // Link to MJ_ComponentLibraryLinks
     
@@ -39171,6 +39178,12 @@ export class CreateComponentLibraryInput {
 
     @Field({ nullable: true })
     Description: string | null;
+
+    @Field({ nullable: true })
+    Status?: string;
+
+    @Field({ nullable: true })
+    LintRules: string | null;
 }
     
 
@@ -39206,6 +39219,12 @@ export class UpdateComponentLibraryInput {
     @Field({ nullable: true })
     Description?: string | null;
 
+    @Field({ nullable: true })
+    Status?: string;
+
+    @Field({ nullable: true })
+    LintRules?: string | null;
+
     @Field(() => [KeyValuePairInput], { nullable: true })
     OldValues___?: KeyValuePairInput[];
 }

package/src/generic/ResolverBase.ts

@@ -139,7 +139,8 @@ export class ResolverBase {
           viewInput.AuditLogDescription,
           viewInput.ResultType,
           userPayload,
-          viewInput.MaxRows
+          viewInput.MaxRows,
+          viewInput.StartRow
         );
       }
       else {
@@ -173,7 +174,8 @@ export class ResolverBase {
         viewInput.AuditLogDescription,
         viewInput.ResultType,
         userPayload,
-        viewInput.MaxRows
+        viewInput.MaxRows,
+        viewInput.StartRow
       );
     } catch (err) {
       console.log(err);
@@ -210,7 +212,8 @@ export class ResolverBase {
         viewInput.AuditLogDescription,
         viewInput.ResultType,
         userPayload,
-        viewInput.MaxRows
+        viewInput.MaxRows,
+        viewInput.StartRow
       );
     } catch (err) {
       console.log(err);
@@ -370,7 +373,8 @@ export class ResolverBase {
     auditLogDescription: string | undefined,
     resultType: string | undefined,
     userPayload: UserPayload | null,
-    maxRows: number | undefined
+    maxRows: number | undefined,
+    startRow: number | undefined
   ) {
     try {
       if (!viewInfo || !userPayload) return null;
@@ -420,6 +424,7 @@ export class ResolverBase {
           ExcludeDataFromAllPriorViewRuns: excludeDataFromAllPriorViewRuns,
           IgnoreMaxRows: ignoreMaxRows,
           MaxRows: maxRows,
+          StartRow: startRow,
           ForceAuditLog: forceAuditLog,
           AuditLogDescription: auditLogDescription,
           ResultType: rt,