@memberjunction/server 3.4.0 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +689 -513
- package/dist/agents/skip-agent.d.ts +65 -0
- package/dist/agents/skip-agent.d.ts.map +1 -1
- package/dist/agents/skip-agent.js +63 -5
- package/dist/agents/skip-agent.js.map +1 -1
- package/dist/agents/skip-sdk.d.ts +163 -0
- package/dist/agents/skip-sdk.d.ts.map +1 -1
- package/dist/agents/skip-sdk.js +143 -12
- package/dist/agents/skip-sdk.js.map +1 -1
- package/dist/apolloServer/index.d.ts +0 -1
- package/dist/apolloServer/index.d.ts.map +1 -1
- package/dist/auth/APIKeyScopeAuth.d.ts +82 -0
- package/dist/auth/APIKeyScopeAuth.d.ts.map +1 -1
- package/dist/auth/APIKeyScopeAuth.js +78 -0
- package/dist/auth/APIKeyScopeAuth.js.map +1 -1
- package/dist/auth/AuthProviderFactory.d.ts +35 -0
- package/dist/auth/AuthProviderFactory.d.ts.map +1 -1
- package/dist/auth/AuthProviderFactory.js +51 -4
- package/dist/auth/AuthProviderFactory.js.map +1 -1
- package/dist/auth/BaseAuthProvider.d.ts +21 -0
- package/dist/auth/BaseAuthProvider.d.ts.map +1 -1
- package/dist/auth/BaseAuthProvider.js +24 -9
- package/dist/auth/BaseAuthProvider.js.map +1 -1
- package/dist/auth/IAuthProvider.d.ts +32 -0
- package/dist/auth/IAuthProvider.d.ts.map +1 -1
- package/dist/auth/exampleNewUserSubClass.d.ts +5 -1
- package/dist/auth/exampleNewUserSubClass.d.ts.map +1 -1
- package/dist/auth/exampleNewUserSubClass.js +21 -6
- package/dist/auth/exampleNewUserSubClass.js.map +1 -1
- package/dist/auth/index.d.ts +14 -0
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js +35 -22
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/initializeProviders.d.ts +3 -0
- package/dist/auth/initializeProviders.d.ts.map +1 -1
- package/dist/auth/initializeProviders.js +6 -0
- package/dist/auth/initializeProviders.js.map +1 -1
- package/dist/auth/newUsers.d.ts.map +1 -1
- package/dist/auth/newUsers.js +14 -3
- package/dist/auth/newUsers.js.map +1 -1
- package/dist/auth/providers/Auth0Provider.d.ts +9 -0
- package/dist/auth/providers/Auth0Provider.d.ts.map +1 -1
- package/dist/auth/providers/Auth0Provider.js +10 -0
- package/dist/auth/providers/Auth0Provider.js.map +1 -1
- package/dist/auth/providers/CognitoProvider.d.ts +9 -0
- package/dist/auth/providers/CognitoProvider.d.ts.map +1 -1
- package/dist/auth/providers/CognitoProvider.js +10 -0
- package/dist/auth/providers/CognitoProvider.js.map +1 -1
- package/dist/auth/providers/GoogleProvider.d.ts +9 -0
- package/dist/auth/providers/GoogleProvider.d.ts.map +1 -1
- package/dist/auth/providers/GoogleProvider.js +11 -1
- package/dist/auth/providers/GoogleProvider.js.map +1 -1
- package/dist/auth/providers/MSALProvider.d.ts +9 -0
- package/dist/auth/providers/MSALProvider.d.ts.map +1 -1
- package/dist/auth/providers/MSALProvider.js +10 -0
- package/dist/auth/providers/MSALProvider.js.map +1 -1
- package/dist/auth/providers/OktaProvider.d.ts +9 -0
- package/dist/auth/providers/OktaProvider.d.ts.map +1 -1
- package/dist/auth/providers/OktaProvider.js +10 -0
- package/dist/auth/providers/OktaProvider.js.map +1 -1
- package/dist/config.d.ts +12 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +42 -8
- package/dist/config.js.map +1 -1
- package/dist/context.d.ts +8 -1
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +26 -4
- package/dist/context.js.map +1 -1
- package/dist/directives/Public.js +2 -0
- package/dist/directives/Public.js.map +1 -1
- package/dist/entitySubclasses/entityPermissions.server.d.ts +7 -2
- package/dist/entitySubclasses/entityPermissions.server.d.ts.map +1 -1
- package/dist/entitySubclasses/entityPermissions.server.js +26 -8
- package/dist/entitySubclasses/entityPermissions.server.js.map +1 -1
- package/dist/generated/generated.d.ts +539 -2
- package/dist/generated/generated.d.ts.map +1 -1
- package/dist/generated/generated.js +9985 -14951
- package/dist/generated/generated.js.map +1 -1
- package/dist/generic/DeleteOptionsInput.d.ts +3 -0
- package/dist/generic/DeleteOptionsInput.d.ts.map +1 -1
- package/dist/generic/DeleteOptionsInput.js +3 -2
- package/dist/generic/DeleteOptionsInput.js.map +1 -1
- package/dist/generic/KeyInputOutputTypes.js +0 -6
- package/dist/generic/KeyInputOutputTypes.js.map +1 -1
- package/dist/generic/KeyValuePairInput.d.ts +4 -0
- package/dist/generic/KeyValuePairInput.d.ts.map +1 -1
- package/dist/generic/KeyValuePairInput.js +4 -2
- package/dist/generic/KeyValuePairInput.js.map +1 -1
- package/dist/generic/PushStatusResolver.js +0 -3
- package/dist/generic/PushStatusResolver.js.map +1 -1
- package/dist/generic/ResolverBase.d.ts +58 -0
- package/dist/generic/ResolverBase.d.ts.map +1 -1
- package/dist/generic/ResolverBase.js +203 -18
- package/dist/generic/ResolverBase.js.map +1 -1
- package/dist/generic/RunViewResolver.d.ts +22 -0
- package/dist/generic/RunViewResolver.d.ts.map +1 -1
- package/dist/generic/RunViewResolver.js +42 -108
- package/dist/generic/RunViewResolver.js.map +1 -1
- package/dist/index.d.ts +12 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +94 -37
- package/dist/index.js.map +1 -1
- package/dist/orm.d.ts.map +1 -1
- package/dist/orm.js +2 -1
- package/dist/orm.js.map +1 -1
- package/dist/resolvers/APIKeyResolver.d.ts +74 -0
- package/dist/resolvers/APIKeyResolver.d.ts.map +1 -1
- package/dist/resolvers/APIKeyResolver.js +49 -10
- package/dist/resolvers/APIKeyResolver.js.map +1 -1
- package/dist/resolvers/ActionResolver.d.ts +189 -0
- package/dist/resolvers/ActionResolver.d.ts.map +1 -1
- package/dist/resolvers/ActionResolver.js +152 -21
- package/dist/resolvers/ActionResolver.js.map +1 -1
- package/dist/resolvers/ColorResolver.js +0 -5
- package/dist/resolvers/ColorResolver.js.map +1 -1
- package/dist/resolvers/ComponentRegistryResolver.d.ts +65 -0
- package/dist/resolvers/ComponentRegistryResolver.d.ts.map +1 -1
- package/dist/resolvers/ComponentRegistryResolver.js +118 -40
- package/dist/resolvers/ComponentRegistryResolver.js.map +1 -1
- package/dist/resolvers/CreateQueryResolver.d.ts +47 -0
- package/dist/resolvers/CreateQueryResolver.d.ts.map +1 -1
- package/dist/resolvers/CreateQueryResolver.js +92 -116
- package/dist/resolvers/CreateQueryResolver.js.map +1 -1
- package/dist/resolvers/DatasetResolver.js +2 -14
- package/dist/resolvers/DatasetResolver.js.map +1 -1
- package/dist/resolvers/EntityCommunicationsResolver.d.ts +40 -0
- package/dist/resolvers/EntityCommunicationsResolver.d.ts.map +1 -1
- package/dist/resolvers/EntityCommunicationsResolver.js +2 -36
- package/dist/resolvers/EntityCommunicationsResolver.js.map +1 -1
- package/dist/resolvers/EntityRecordNameResolver.js +0 -7
- package/dist/resolvers/EntityRecordNameResolver.js.map +1 -1
- package/dist/resolvers/FileCategoryResolver.d.ts +1 -1
- package/dist/resolvers/FileCategoryResolver.d.ts.map +1 -1
- package/dist/resolvers/FileCategoryResolver.js +15 -3
- package/dist/resolvers/FileCategoryResolver.js.map +1 -1
- package/dist/resolvers/FileResolver.d.ts +16 -0
- package/dist/resolvers/FileResolver.d.ts.map +1 -1
- package/dist/resolvers/FileResolver.js +59 -74
- package/dist/resolvers/FileResolver.js.map +1 -1
- package/dist/resolvers/GetDataContextDataResolver.d.ts +18 -1
- package/dist/resolvers/GetDataContextDataResolver.d.ts.map +1 -1
- package/dist/resolvers/GetDataContextDataResolver.js +17 -9
- package/dist/resolvers/GetDataContextDataResolver.js.map +1 -1
- package/dist/resolvers/GetDataResolver.d.ts +19 -0
- package/dist/resolvers/GetDataResolver.d.ts.map +1 -1
- package/dist/resolvers/GetDataResolver.js +35 -35
- package/dist/resolvers/GetDataResolver.js.map +1 -1
- package/dist/resolvers/InfoResolver.d.ts +2 -2
- package/dist/resolvers/InfoResolver.d.ts.map +1 -1
- package/dist/resolvers/InfoResolver.js +17 -20
- package/dist/resolvers/InfoResolver.js.map +1 -1
- package/dist/resolvers/MCPResolver.d.ts +325 -1
- package/dist/resolvers/MCPResolver.d.ts.map +1 -1
- package/dist/resolvers/MCPResolver.js +931 -24
- package/dist/resolvers/MCPResolver.js.map +1 -1
- package/dist/resolvers/MergeRecordsResolver.js +3 -29
- package/dist/resolvers/MergeRecordsResolver.js.map +1 -1
- package/dist/resolvers/PotentialDuplicateRecordResolver.d.ts.map +1 -1
- package/dist/resolvers/PotentialDuplicateRecordResolver.js +0 -3
- package/dist/resolvers/PotentialDuplicateRecordResolver.js.map +1 -1
- package/dist/resolvers/QueryResolver.d.ts +20 -0
- package/dist/resolvers/QueryResolver.d.ts.map +1 -1
- package/dist/resolvers/QueryResolver.js +44 -36
- package/dist/resolvers/QueryResolver.js.map +1 -1
- package/dist/resolvers/ReportResolver.d.ts +3 -0
- package/dist/resolvers/ReportResolver.d.ts.map +1 -1
- package/dist/resolvers/ReportResolver.js +9 -10
- package/dist/resolvers/ReportResolver.js.map +1 -1
- package/dist/resolvers/RunAIAgentResolver.d.ts +54 -0
- package/dist/resolvers/RunAIAgentResolver.d.ts.map +1 -1
- package/dist/resolvers/RunAIAgentResolver.js +116 -40
- package/dist/resolvers/RunAIAgentResolver.js.map +1 -1
- package/dist/resolvers/RunAIPromptResolver.d.ts +42 -0
- package/dist/resolvers/RunAIPromptResolver.d.ts.map +1 -1
- package/dist/resolvers/RunAIPromptResolver.js +95 -22
- package/dist/resolvers/RunAIPromptResolver.js.map +1 -1
- package/dist/resolvers/RunTemplateResolver.js +9 -6
- package/dist/resolvers/RunTemplateResolver.js.map +1 -1
- package/dist/resolvers/RunTestResolver.d.ts +12 -0
- package/dist/resolvers/RunTestResolver.d.ts.map +1 -1
- package/dist/resolvers/RunTestResolver.js +35 -21
- package/dist/resolvers/RunTestResolver.js.map +1 -1
- package/dist/resolvers/SqlLoggingConfigResolver.d.ts +312 -0
- package/dist/resolvers/SqlLoggingConfigResolver.d.ts.map +1 -1
- package/dist/resolvers/SqlLoggingConfigResolver.js +295 -45
- package/dist/resolvers/SqlLoggingConfigResolver.js.map +1 -1
- package/dist/resolvers/SyncDataResolver.d.ts +21 -0
- package/dist/resolvers/SyncDataResolver.d.ts.map +1 -1
- package/dist/resolvers/SyncDataResolver.js +36 -22
- package/dist/resolvers/SyncDataResolver.js.map +1 -1
- package/dist/resolvers/SyncRolesUsersResolver.d.ts +14 -0
- package/dist/resolvers/SyncRolesUsersResolver.d.ts.map +1 -1
- package/dist/resolvers/SyncRolesUsersResolver.js +54 -21
- package/dist/resolvers/SyncRolesUsersResolver.js.map +1 -1
- package/dist/resolvers/TaskResolver.d.ts +13 -0
- package/dist/resolvers/TaskResolver.d.ts.map +1 -1
- package/dist/resolvers/TaskResolver.js +22 -7
- package/dist/resolvers/TaskResolver.js.map +1 -1
- package/dist/resolvers/TelemetryResolver.d.ts +22 -0
- package/dist/resolvers/TelemetryResolver.d.ts.map +1 -1
- package/dist/resolvers/TelemetryResolver.js +45 -79
- package/dist/resolvers/TelemetryResolver.js.map +1 -1
- package/dist/resolvers/TransactionGroupResolver.js +11 -13
- package/dist/resolvers/TransactionGroupResolver.js.map +1 -1
- package/dist/resolvers/UserFavoriteResolver.js +3 -12
- package/dist/resolvers/UserFavoriteResolver.js.map +1 -1
- package/dist/resolvers/UserResolver.js +10 -0
- package/dist/resolvers/UserResolver.js.map +1 -1
- package/dist/resolvers/UserViewResolver.js +4 -0
- package/dist/resolvers/UserViewResolver.js.map +1 -1
- package/dist/resolvers/VersionHistoryResolver.d.ts +39 -0
- package/dist/resolvers/VersionHistoryResolver.d.ts.map +1 -0
- package/dist/resolvers/VersionHistoryResolver.js +208 -0
- package/dist/resolvers/VersionHistoryResolver.js.map +1 -0
- package/dist/rest/EntityCRUDHandler.d.ts +19 -0
- package/dist/rest/EntityCRUDHandler.d.ts.map +1 -1
- package/dist/rest/EntityCRUDHandler.js +55 -0
- package/dist/rest/EntityCRUDHandler.js.map +1 -1
- package/dist/rest/OAuthCallbackHandler.d.ts +143 -0
- package/dist/rest/OAuthCallbackHandler.d.ts.map +1 -0
- package/dist/rest/OAuthCallbackHandler.js +634 -0
- package/dist/rest/OAuthCallbackHandler.js.map +1 -0
- package/dist/rest/RESTEndpointHandler.d.ts +120 -0
- package/dist/rest/RESTEndpointHandler.d.ts.map +1 -1
- package/dist/rest/RESTEndpointHandler.js +213 -24
- package/dist/rest/RESTEndpointHandler.js.map +1 -1
- package/dist/rest/ViewOperationsHandler.d.ts +19 -0
- package/dist/rest/ViewOperationsHandler.d.ts.map +1 -1
- package/dist/rest/ViewOperationsHandler.js +39 -0
- package/dist/rest/ViewOperationsHandler.js.map +1 -1
- package/dist/rest/index.d.ts +1 -0
- package/dist/rest/index.d.ts.map +1 -1
- package/dist/rest/index.js +1 -0
- package/dist/rest/index.js.map +1 -1
- package/dist/rest/setupRESTEndpoints.d.ts +35 -0
- package/dist/rest/setupRESTEndpoints.d.ts.map +1 -1
- package/dist/rest/setupRESTEndpoints.js +15 -1
- package/dist/rest/setupRESTEndpoints.js.map +1 -1
- package/dist/services/ScheduledJobsService.d.ts +31 -0
- package/dist/services/ScheduledJobsService.d.ts.map +1 -1
- package/dist/services/ScheduledJobsService.js +38 -4
- package/dist/services/ScheduledJobsService.js.map +1 -1
- package/dist/services/TaskOrchestrator.d.ts +73 -0
- package/dist/services/TaskOrchestrator.d.ts.map +1 -1
- package/dist/services/TaskOrchestrator.js +137 -15
- package/dist/services/TaskOrchestrator.js.map +1 -1
- package/dist/types.d.ts +14 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +0 -13
- package/dist/types.js.map +1 -1
- package/dist/util.d.ts +37 -1
- package/dist/util.d.ts.map +1 -1
- package/dist/util.js +55 -8
- package/dist/util.js.map +1 -1
- package/package.json +83 -78
- package/src/auth/exampleNewUserSubClass.ts +1 -5
- package/src/auth/newUsers.ts +4 -2
- package/src/entitySubclasses/entityPermissions.server.ts +1 -3
- package/src/generated/generated.ts +4707 -2664
- package/src/index.ts +73 -62
- package/src/resolvers/FileCategoryResolver.ts +1 -1
- package/src/resolvers/InfoResolver.ts +10 -6
- package/src/resolvers/MCPResolver.ts +910 -10
- package/src/resolvers/PotentialDuplicateRecordResolver.ts +0 -4
- package/src/resolvers/VersionHistoryResolver.ts +177 -0
- package/src/rest/OAuthCallbackHandler.ts +766 -0
- package/src/rest/RESTEndpointHandler.ts +58 -35
- package/src/rest/index.ts +2 -1
- package/src/rest/setupRESTEndpoints.ts +13 -12
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"APIKeyScopeAuth.d.ts","sourceRoot":"","sources":["../../src/auth/APIKeyScopeAuth.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"APIKeyScopeAuth.d.ts","sourceRoot":"","sources":["../../src/auth/APIKeyScopeAuth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAmB,mBAAmB,EAAwB,MAAM,0BAA0B,CAAC;AACtG,OAAO,EAAE,QAAQ,EAAW,MAAM,sBAAsB,CAAC;AAGzD;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,WAAW,GAAG,WAAW,GAAG,MAAM,CAAC;AAE3E;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC7B,4DAA4D;IAC5D,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iEAAiE;IACjE,aAAa,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC5B,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,6CAA6C;IAC7C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yFAAyF;IACzF,OAAO,EAAE,OAAO,CAAC;IACjB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;CAC1D;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAsB,gBAAgB,CAClC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,QAAQ,EACrB,OAAO,GAAE,gBAAqB,GAC/B,OAAO,CAAC,eAAe,CAAC,CAmG1B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,sBAAsB,CACxC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,QAAQ,EACrB,YAAY,EAAE;IACV,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;CAC3B,EACD,OAAO,GAAE,gBAAqB,GAC/B,OAAO,CAAC,eAAe,GAAG;IAAE,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA8H/C;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,GAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAM,IAC9E,KAAK;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,EAAE,WAAW,MAAM,mBAQrG;AAGD,eAAO,MAAM,cAAc,QAXJ;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,kBAWhD,CAAC;AACvD,eAAO,MAAM,eAAe,QAZL;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,kBAY9C,CAAC;AACzD,eAAO,MAAM,mBAAmB,QAbT;IAAE,WAAW,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,QAAQ,CAAA;KAAE,CAAA;CAAE,aAAa,MAAM,kBAatC,CAAC"}
|
|
@@ -1,8 +1,43 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* API Key Scope Authorization Utilities
|
|
3
|
+
* Provides utilities for checking API key scopes in resolvers
|
|
4
|
+
* @module @memberjunction/server
|
|
5
|
+
*/
|
|
1
6
|
import { AuthorizationError } from 'type-graphql';
|
|
2
7
|
import { GetAPIKeyEngine } from '@memberjunction/api-keys';
|
|
3
8
|
import { RunView } from '@memberjunction/core';
|
|
9
|
+
/**
|
|
10
|
+
* Check if an API key has the required scope for an operation.
|
|
11
|
+
*
|
|
12
|
+
* This function implements the three-tier permission model:
|
|
13
|
+
* 1. User Permissions - What the user can do (already checked by authentication)
|
|
14
|
+
* 2. Application Ceiling - Maximum scope the application allows
|
|
15
|
+
* 3. API Key Scopes - Specific scopes granted to this key
|
|
16
|
+
*
|
|
17
|
+
* @param apiKeyId - The API key ID from context.userPayload.apiKeyId
|
|
18
|
+
* @param scopePath - The scope path required (e.g., 'view:run', 'agent:execute')
|
|
19
|
+
* @param contextUser - The authenticated user from context.userPayload.userRecord
|
|
20
|
+
* @param options - Additional options for scope checking
|
|
21
|
+
* @returns ScopeAuthResult with authorization details
|
|
22
|
+
* @throws AuthorizationError if access is denied and throwOnDenied is true
|
|
23
|
+
*
|
|
24
|
+
* @example
|
|
25
|
+
* ```typescript
|
|
26
|
+
* // In a resolver
|
|
27
|
+
* async runView(@Ctx() ctx: AppContext): Promise<ViewResult> {
|
|
28
|
+
* await CheckAPIKeyScope(
|
|
29
|
+
* ctx.userPayload.apiKeyId,
|
|
30
|
+
* 'view:run',
|
|
31
|
+
* ctx.userPayload.userRecord,
|
|
32
|
+
* { resource: 'User' }
|
|
33
|
+
* );
|
|
34
|
+
* // ... proceed with operation
|
|
35
|
+
* }
|
|
36
|
+
* ```
|
|
37
|
+
*/
|
|
4
38
|
export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options = {}) {
|
|
5
39
|
const { applicationName = 'MJAPI', resource = '*', throwOnDenied = true } = options;
|
|
40
|
+
// If no API key ID, not authenticated via API key - skip scope check
|
|
6
41
|
if (!apiKeyId) {
|
|
7
42
|
return {
|
|
8
43
|
Allowed: true,
|
|
@@ -11,6 +46,7 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
|
|
|
11
46
|
};
|
|
12
47
|
}
|
|
13
48
|
const engine = GetAPIKeyEngine();
|
|
49
|
+
// Get the API key to find the user ID
|
|
14
50
|
const rv = new RunView();
|
|
15
51
|
const keyResult = await rv.RunView({
|
|
16
52
|
EntityName: 'MJ: API Keys',
|
|
@@ -29,6 +65,7 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
|
|
|
29
65
|
return result;
|
|
30
66
|
}
|
|
31
67
|
const apiKey = keyResult.Results[0];
|
|
68
|
+
// Get the application by name
|
|
32
69
|
const appResult = await rv.RunView({
|
|
33
70
|
EntityName: 'MJ: API Applications',
|
|
34
71
|
ExtraFilter: `Name='${applicationName}'`,
|
|
@@ -57,6 +94,7 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
|
|
|
57
94
|
}
|
|
58
95
|
return result;
|
|
59
96
|
}
|
|
97
|
+
// Build the authorization request
|
|
60
98
|
const request = {
|
|
61
99
|
APIKeyId: apiKeyId,
|
|
62
100
|
UserId: apiKey.UserID,
|
|
@@ -64,6 +102,7 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
|
|
|
64
102
|
ScopePath: scopePath,
|
|
65
103
|
Resource: resource
|
|
66
104
|
};
|
|
105
|
+
// Use the scope evaluator directly (since we already have the key ID)
|
|
67
106
|
const scopeEvaluator = engine.GetScopeEvaluator();
|
|
68
107
|
const authResult = await scopeEvaluator.EvaluateAccess(request, contextUser);
|
|
69
108
|
if (!authResult.Allowed && throwOnDenied) {
|
|
@@ -77,8 +116,22 @@ export async function CheckAPIKeyScope(apiKeyId, scopePath, contextUser, options
|
|
|
77
116
|
EvaluatedRules: authResult.EvaluatedRules
|
|
78
117
|
};
|
|
79
118
|
}
|
|
119
|
+
/**
|
|
120
|
+
* Check if an API key has the required scope and log usage.
|
|
121
|
+
*
|
|
122
|
+
* Same as CheckAPIKeyScope but also logs the authorization attempt.
|
|
123
|
+
* Use this for operations where you want detailed audit trails.
|
|
124
|
+
*
|
|
125
|
+
* @param apiKeyId - The API key ID from context.userPayload.apiKeyId
|
|
126
|
+
* @param scopePath - The scope path required
|
|
127
|
+
* @param contextUser - The authenticated user
|
|
128
|
+
* @param usageDetails - Details about the request for logging
|
|
129
|
+
* @param options - Additional options for scope checking
|
|
130
|
+
* @returns ScopeAuthResult with authorization details and optional log ID
|
|
131
|
+
*/
|
|
80
132
|
export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, usageDetails, options = {}) {
|
|
81
133
|
const { applicationName = 'MJAPI', resource = '*', throwOnDenied = true } = options;
|
|
134
|
+
// If no API key ID, not authenticated via API key - skip scope check
|
|
82
135
|
if (!apiKeyId) {
|
|
83
136
|
return {
|
|
84
137
|
Allowed: true,
|
|
@@ -88,6 +141,7 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
|
|
|
88
141
|
}
|
|
89
142
|
const engine = GetAPIKeyEngine();
|
|
90
143
|
const rv = new RunView();
|
|
144
|
+
// Get the API key
|
|
91
145
|
const keyResult = await rv.RunView({
|
|
92
146
|
EntityName: 'MJ: API Keys',
|
|
93
147
|
ExtraFilter: `ID='${apiKeyId}'`,
|
|
@@ -105,6 +159,7 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
|
|
|
105
159
|
return result;
|
|
106
160
|
}
|
|
107
161
|
const apiKey = keyResult.Results[0];
|
|
162
|
+
// Get the application
|
|
108
163
|
const appResult = await rv.RunView({
|
|
109
164
|
EntityName: 'MJ: API Applications',
|
|
110
165
|
ExtraFilter: `Name='${applicationName}'`,
|
|
@@ -122,6 +177,7 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
|
|
|
122
177
|
return result;
|
|
123
178
|
}
|
|
124
179
|
const app = appResult.Results[0];
|
|
180
|
+
// Build the authorization request
|
|
125
181
|
const request = {
|
|
126
182
|
APIKeyId: apiKeyId,
|
|
127
183
|
UserId: apiKey.UserID,
|
|
@@ -129,8 +185,10 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
|
|
|
129
185
|
ScopePath: scopePath,
|
|
130
186
|
Resource: resource
|
|
131
187
|
};
|
|
188
|
+
// Evaluate access
|
|
132
189
|
const scopeEvaluator = engine.GetScopeEvaluator();
|
|
133
190
|
const authResult = await scopeEvaluator.EvaluateAccess(request, contextUser);
|
|
191
|
+
// Log the usage
|
|
134
192
|
const usageLogger = engine.GetUsageLogger();
|
|
135
193
|
const statusCode = usageDetails.statusCode ?? (authResult.Allowed ? 200 : 403);
|
|
136
194
|
let logId;
|
|
@@ -152,11 +210,31 @@ export async function CheckAPIKeyScopeAndLog(apiKeyId, scopePath, contextUser, u
|
|
|
152
210
|
LogId: logId
|
|
153
211
|
};
|
|
154
212
|
}
|
|
213
|
+
/**
|
|
214
|
+
* Decorator-style function for common scope checks.
|
|
215
|
+
* Returns a function that can be used in resolvers.
|
|
216
|
+
*
|
|
217
|
+
* @param scopePath - The scope path required
|
|
218
|
+
* @param options - Additional options
|
|
219
|
+
* @returns A function that performs the scope check
|
|
220
|
+
*
|
|
221
|
+
* @example
|
|
222
|
+
* ```typescript
|
|
223
|
+
* const requireViewRun = RequireScope('view:run');
|
|
224
|
+
*
|
|
225
|
+
* // In resolver
|
|
226
|
+
* async runView(@Ctx() ctx: AppContext): Promise<ViewResult> {
|
|
227
|
+
* await requireViewRun(ctx);
|
|
228
|
+
* // ... proceed
|
|
229
|
+
* }
|
|
230
|
+
* ```
|
|
231
|
+
*/
|
|
155
232
|
export function RequireScope(scopePath, options = {}) {
|
|
156
233
|
return async (ctx, resource) => {
|
|
157
234
|
await CheckAPIKeyScope(ctx.userPayload.apiKeyId, scopePath, ctx.userPayload.userRecord, { ...options, resource });
|
|
158
235
|
};
|
|
159
236
|
}
|
|
237
|
+
// Pre-built scope checkers for common operations
|
|
160
238
|
export const RequireViewRun = RequireScope('view:run');
|
|
161
239
|
export const RequireQueryRun = RequireScope('query:run');
|
|
162
240
|
export const RequireAgentExecute = RequireScope('agent:execute');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"APIKeyScopeAuth.js","sourceRoot":"","sources":["../../src/auth/APIKeyScopeAuth.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"APIKeyScopeAuth.js","sourceRoot":"","sources":["../../src/auth/APIKeyScopeAuth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,eAAe,EAA6C,MAAM,0BAA0B,CAAC;AACtG,OAAO,EAAY,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAkCzD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAClC,QAA4B,EAC5B,SAAiB,EACjB,WAAqB,EACrB,UAA4B,EAAE;IAE9B,MAAM,EACF,eAAe,GAAG,OAAO,EACzB,QAAQ,GAAG,GAAG,EACd,aAAa,GAAG,IAAI,EACvB,GAAG,OAAO,CAAC;IAEZ,qEAAqE;IACrE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,OAAO;YACH,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,+BAA+B;SAC1C,CAAC;IACN,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IAEjC,sCAAsC;IACtC,MAAM,EAAE,GAAG,IAAI,OAAO,EAAE,CAAC;IACzB,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAe;QAC7C,UAAU,EAAE,cAAc;QAC1B,WAAW,EAAE,OAAO,QAAQ,GAAG;QAC/B,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,mBAAmB;SAC9B,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAEpC,8BAA8B;IAC9B,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAuB;QACrD,UAAU,EAAE,sBAAsB;QAClC,WAAW,EAAE,SAAS,eAAe,GAAG;QACxC,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,wBAAwB,eAAe,EAAE;SACpD,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAChB,MAAM,MAAM,GAAoB;YAC5B,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,8BAA8B,eAAe,EAAE;SAC1D,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,kCAAkC;IAClC,MAAM,OAAO,GAAyB;QAClC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,aAAa,EAAE,GAAG,CAAC,EAAE;QACrB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE,QAAQ;KACrB,CAAC;IAEF,sEAAsE;IACtE,MAAM,cAAc,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAE7E,IAAI,CAAC,UAAU,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,KAAK,QAAQ,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACjF,MAAM,IAAI,kBAAkB,CACxB,+CAA+C,YAAY,KAAK,UAAU,CAAC,MAAM,IAAI,EAAE,EAAE,CAC5F,CAAC;IACN,CAAC;IAED,OAAO;QACH,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,UAAU,CAAC,cAAc;KAC5C,CAAC;AACN,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CACxC,QAA4B,EAC5B,SAAiB,EACjB,WAAqB,EACrB,YAQC,EACD,UAA4B,EAAE;IAE9B,MAAM,EACF,eAAe,GAAG,OAAO,EACzB,QAAQ,GAAG,GAAG,EACd,aAAa,GAAG,IAAI,EACvB,GAAG,OAAO,CAAC;IAEZ,qEAAqE;IACrE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACZ,OAAO;YACH,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,+BAA+B;SAC1C,CAAC;IACN,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,EAAE,GAAG,IAAI,OAAO,EAAE,CAAC;IAEzB,kBAAkB;IAClB,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAe;QAC7C,UAAU,EAAE,cAAc;QAC1B,WAAW,EAAE,OAAO,QAAQ,GAAG;QAC/B,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAyC;YACjD,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,mBAAmB;SAC9B,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAEpC,sBAAsB;IACtB,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAuB;QACrD,UAAU,EAAE,sBAAsB;QAClC,WAAW,EAAE,SAAS,eAAe,GAAG;QACxC,UAAU,EAAE,eAAe;KAC9B,EAAE,WAAW,CAAC,CAAC;IAEhB,IAAI,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAyC;YACjD,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,wBAAwB,eAAe,EAAE;SACpD,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAEjC,kCAAkC;IAClC,MAAM,OAAO,GAAyB;QAClC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,aAAa,EAAE,GAAG,CAAC,EAAE;QACrB,SAAS,EAAE,SAAS;QACpB,QAAQ,EAAE,QAAQ;KACrB,CAAC;IAEF,kBAAkB;IAClB,MAAM,cAAc,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAE7E,gBAAgB;IAChB,MAAM,WAAW,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;IAC5C,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE/E,IAAI,KAAyB,CAAC;IAC9B,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACrB,KAAK,GAAG,CAAC,MAAM,WAAW,CAAC,UAAU,CACjC,QAAQ,EACR,GAAG,CAAC,EAAE,EACN,YAAY,CAAC,QAAQ,EACrB,YAAY,CAAC,aAAa,IAAI,IAAI,EAClC,YAAY,CAAC,MAAM,EACnB,UAAU,EACV,YAAY,CAAC,cAAc,IAAI,IAAI,EACnC,QAAQ,EACR,UAAU,CAAC,cAAc,EACzB,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,WAAW,CACd,CAAC,IAAI,SAAS,CAAC;IACpB,CAAC;SAAM,CAAC;QACJ,KAAK,GAAG,CAAC,MAAM,WAAW,CAAC,SAAS,CAChC,QAAQ,EACR,GAAG,CAAC,EAAE,EACN,YAAY,CAAC,QAAQ,EACrB,YAAY,CAAC,aAAa,IAAI,IAAI,EAClC,YAAY,CAAC,MAAM,EACnB,UAAU,EACV,YAAY,CAAC,cAAc,IAAI,IAAI,EACnC,QAAQ,EACR,UAAU,CAAC,cAAc,EACzB,UAAU,CAAC,MAAM,EACjB,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,YAAY,CAAC,SAAS,IAAI,IAAI,EAC9B,WAAW,CACd,CAAC,IAAI,SAAS,CAAC;IACpB,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,KAAK,QAAQ,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACjF,MAAM,IAAI,kBAAkB,CACxB,+CAA+C,YAAY,KAAK,UAAU,CAAC,MAAM,IAAI,EAAE,EAAE,CAC5F,CAAC;IACN,CAAC;IAED,OAAO;QACH,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO,EAAE,IAAI;QACb,cAAc,EAAE,UAAU,CAAC,cAAc;QACzC,KAAK,EAAE,KAAK;KACf,CAAC;AACN,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE,UAA8C,EAAE;IAC5F,OAAO,KAAK,EAAE,GAAiE,EAAE,QAAiB,EAAE,EAAE;QAClG,MAAM,gBAAgB,CAClB,GAAG,CAAC,WAAW,CAAC,QAAQ,EACxB,SAAS,EACT,GAAG,CAAC,WAAW,CAAC,UAAU,EAC1B,EAAE,GAAG,OAAO,EAAE,QAAQ,EAAE,CAC3B,CAAC;IACN,CAAC,CAAC;AACN,CAAC;AAED,iDAAiD;AACjD,MAAM,CAAC,MAAM,cAAc,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;AACvD,MAAM,CAAC,MAAM,eAAe,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,mBAAmB,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC"}
|
|
@@ -5,20 +5,55 @@ import './providers/MSALProvider.js';
|
|
|
5
5
|
import './providers/OktaProvider.js';
|
|
6
6
|
import './providers/CognitoProvider.js';
|
|
7
7
|
import './providers/GoogleProvider.js';
|
|
8
|
+
/**
|
|
9
|
+
* Factory and registry for managing authentication providers
|
|
10
|
+
* Combines provider creation and lifecycle management in a single class
|
|
11
|
+
*/
|
|
8
12
|
export declare class AuthProviderFactory {
|
|
9
13
|
private static instance;
|
|
10
14
|
private providers;
|
|
11
15
|
private issuerCache;
|
|
12
16
|
private constructor();
|
|
17
|
+
/**
|
|
18
|
+
* Gets the singleton instance of the factory
|
|
19
|
+
*/
|
|
13
20
|
static getInstance(): AuthProviderFactory;
|
|
21
|
+
/**
|
|
22
|
+
* Creates an authentication provider instance based on configuration
|
|
23
|
+
* Uses MJGlobal ClassFactory to instantiate the correct provider class
|
|
24
|
+
*/
|
|
14
25
|
static createProvider(config: AuthProviderConfig): IAuthProvider;
|
|
26
|
+
/**
|
|
27
|
+
* Registers a new authentication provider
|
|
28
|
+
*/
|
|
15
29
|
register(provider: IAuthProvider): void;
|
|
30
|
+
/**
|
|
31
|
+
* Gets a provider by its issuer URL
|
|
32
|
+
*/
|
|
16
33
|
getByIssuer(issuer: string): IAuthProvider | undefined;
|
|
34
|
+
/**
|
|
35
|
+
* Gets a provider by its name
|
|
36
|
+
*/
|
|
17
37
|
getByName(name: string): IAuthProvider | undefined;
|
|
38
|
+
/**
|
|
39
|
+
* Gets all registered providers
|
|
40
|
+
*/
|
|
18
41
|
getAllProviders(): IAuthProvider[];
|
|
42
|
+
/**
|
|
43
|
+
* Checks if any providers are registered
|
|
44
|
+
*/
|
|
19
45
|
hasProviders(): boolean;
|
|
46
|
+
/**
|
|
47
|
+
* Clears all registered providers (useful for testing)
|
|
48
|
+
*/
|
|
20
49
|
clear(): void;
|
|
50
|
+
/**
|
|
51
|
+
* Gets all registered provider types from the ClassFactory
|
|
52
|
+
*/
|
|
21
53
|
static getRegisteredProviderTypes(): string[];
|
|
54
|
+
/**
|
|
55
|
+
* Checks if a provider type is registered
|
|
56
|
+
*/
|
|
22
57
|
static isProviderTypeRegistered(type: string): boolean;
|
|
23
58
|
}
|
|
24
59
|
//# sourceMappingURL=AuthProviderFactory.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthProviderFactory.d.ts","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAKnD,OAAO,8BAA8B,CAAC;AACtC,OAAO,6BAA6B,CAAC;AACrC,OAAO,6BAA6B,CAAC;AACrC,OAAO,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"AuthProviderFactory.d.ts","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAKnD,OAAO,8BAA8B,CAAC;AACtC,OAAO,6BAA6B,CAAC;AACrC,OAAO,6BAA6B,CAAC;AACrC,OAAO,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,CAAC;AAEvC;;;GAGG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAsB;IAC7C,OAAO,CAAC,SAAS,CAAyC;IAC1D,OAAO,CAAC,WAAW,CAAyC;IAE5D,OAAO;IAEP;;OAEG;IACH,MAAM,CAAC,WAAW,IAAI,mBAAmB;IAOzC;;;OAGG;IACH,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,kBAAkB,GAAG,aAAa;IAsBhE;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI;IAavC;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAkBtD;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAIlD;;OAEG;IACH,eAAe,IAAI,aAAa,EAAE;IAIlC;;OAEG;IACH,YAAY,IAAI,OAAO;IAIvB;;OAEG;IACH,KAAK,IAAI,IAAI;IAKb;;OAEG;IACH,MAAM,CAAC,0BAA0B,IAAI,MAAM,EAAE;IAW7C;;OAEG;IACH,MAAM,CAAC,wBAAwB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CASvD"}
|
|
@@ -1,23 +1,38 @@
|
|
|
1
1
|
import { BaseAuthProvider } from './BaseAuthProvider.js';
|
|
2
2
|
import { MJGlobal } from '@memberjunction/global';
|
|
3
|
+
// Import providers to ensure they're registered
|
|
3
4
|
import './providers/Auth0Provider.js';
|
|
4
5
|
import './providers/MSALProvider.js';
|
|
5
6
|
import './providers/OktaProvider.js';
|
|
6
7
|
import './providers/CognitoProvider.js';
|
|
7
8
|
import './providers/GoogleProvider.js';
|
|
9
|
+
/**
|
|
10
|
+
* Factory and registry for managing authentication providers
|
|
11
|
+
* Combines provider creation and lifecycle management in a single class
|
|
12
|
+
*/
|
|
8
13
|
export class AuthProviderFactory {
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
14
|
+
constructor() {
|
|
15
|
+
this.providers = new Map();
|
|
16
|
+
this.issuerCache = new Map();
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Gets the singleton instance of the factory
|
|
20
|
+
*/
|
|
13
21
|
static getInstance() {
|
|
14
22
|
if (!AuthProviderFactory.instance) {
|
|
15
23
|
AuthProviderFactory.instance = new AuthProviderFactory();
|
|
16
24
|
}
|
|
17
25
|
return AuthProviderFactory.instance;
|
|
18
26
|
}
|
|
27
|
+
/**
|
|
28
|
+
* Creates an authentication provider instance based on configuration
|
|
29
|
+
* Uses MJGlobal ClassFactory to instantiate the correct provider class
|
|
30
|
+
*/
|
|
19
31
|
static createProvider(config) {
|
|
20
32
|
try {
|
|
33
|
+
// Use MJGlobal ClassFactory to create the provider instance
|
|
34
|
+
// The provider type in config should match the key used in @RegisterClass
|
|
35
|
+
// The config is passed as a constructor parameter via the spread operator
|
|
21
36
|
const provider = MJGlobal.Instance.ClassFactory.CreateInstance(BaseAuthProvider, config.type.toLowerCase(), config);
|
|
22
37
|
if (!provider) {
|
|
23
38
|
throw new Error(`No provider registered for type: ${config.type}`);
|
|
@@ -29,48 +44,80 @@ export class AuthProviderFactory {
|
|
|
29
44
|
throw new Error(`Failed to create authentication provider for type '${config.type}': ${message}`);
|
|
30
45
|
}
|
|
31
46
|
}
|
|
47
|
+
/**
|
|
48
|
+
* Registers a new authentication provider
|
|
49
|
+
*/
|
|
32
50
|
register(provider) {
|
|
33
51
|
if (!provider.validateConfig()) {
|
|
34
52
|
throw new Error(`Invalid configuration for provider: ${provider.name}`);
|
|
35
53
|
}
|
|
36
54
|
this.providers.set(provider.name, provider);
|
|
55
|
+
// Clear issuer cache when registering new provider
|
|
37
56
|
this.issuerCache.clear();
|
|
38
57
|
console.log(`Registered auth provider: ${provider.name} with issuer: ${provider.issuer}`);
|
|
39
58
|
}
|
|
59
|
+
/**
|
|
60
|
+
* Gets a provider by its issuer URL
|
|
61
|
+
*/
|
|
40
62
|
getByIssuer(issuer) {
|
|
63
|
+
// Check cache first
|
|
41
64
|
if (this.issuerCache.has(issuer)) {
|
|
42
65
|
return this.issuerCache.get(issuer);
|
|
43
66
|
}
|
|
67
|
+
// Search through providers
|
|
44
68
|
for (const provider of this.providers.values()) {
|
|
45
69
|
if (provider.matchesIssuer(issuer)) {
|
|
70
|
+
// Cache for future lookups
|
|
46
71
|
this.issuerCache.set(issuer, provider);
|
|
47
72
|
return provider;
|
|
48
73
|
}
|
|
49
74
|
}
|
|
50
75
|
return undefined;
|
|
51
76
|
}
|
|
77
|
+
/**
|
|
78
|
+
* Gets a provider by its name
|
|
79
|
+
*/
|
|
52
80
|
getByName(name) {
|
|
53
81
|
return this.providers.get(name);
|
|
54
82
|
}
|
|
83
|
+
/**
|
|
84
|
+
* Gets all registered providers
|
|
85
|
+
*/
|
|
55
86
|
getAllProviders() {
|
|
56
87
|
return Array.from(this.providers.values());
|
|
57
88
|
}
|
|
89
|
+
/**
|
|
90
|
+
* Checks if any providers are registered
|
|
91
|
+
*/
|
|
58
92
|
hasProviders() {
|
|
59
93
|
return this.providers.size > 0;
|
|
60
94
|
}
|
|
95
|
+
/**
|
|
96
|
+
* Clears all registered providers (useful for testing)
|
|
97
|
+
*/
|
|
61
98
|
clear() {
|
|
62
99
|
this.providers.clear();
|
|
63
100
|
this.issuerCache.clear();
|
|
64
101
|
}
|
|
102
|
+
/**
|
|
103
|
+
* Gets all registered provider types from the ClassFactory
|
|
104
|
+
*/
|
|
65
105
|
static getRegisteredProviderTypes() {
|
|
106
|
+
// Get all registrations for BaseAuthProvider from ClassFactory
|
|
66
107
|
const registrations = MJGlobal.Instance.ClassFactory.GetAllRegistrations(BaseAuthProvider);
|
|
108
|
+
// Extract unique keys (provider types) from registrations
|
|
67
109
|
const providerTypes = registrations
|
|
68
110
|
.map(reg => reg.Key)
|
|
69
111
|
.filter((key) => key !== null && key !== undefined);
|
|
112
|
+
// Return unique provider types
|
|
70
113
|
return Array.from(new Set(providerTypes));
|
|
71
114
|
}
|
|
115
|
+
/**
|
|
116
|
+
* Checks if a provider type is registered
|
|
117
|
+
*/
|
|
72
118
|
static isProviderTypeRegistered(type) {
|
|
73
119
|
try {
|
|
120
|
+
// Try to get the registration for this specific type
|
|
74
121
|
const registration = MJGlobal.Instance.ClassFactory.GetRegistration(BaseAuthProvider, type.toLowerCase());
|
|
75
122
|
return registration !== null && registration !== undefined;
|
|
76
123
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AuthProviderFactory.js","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"AuthProviderFactory.js","sourceRoot":"","sources":["../../src/auth/AuthProviderFactory.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAElD,gDAAgD;AAChD,OAAO,8BAA8B,CAAC;AACtC,OAAO,6BAA6B,CAAC;AACrC,OAAO,6BAA6B,CAAC;AACrC,OAAO,gCAAgC,CAAC;AACxC,OAAO,+BAA+B,CAAC;AAEvC;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IAK9B;QAHQ,cAAS,GAA+B,IAAI,GAAG,EAAE,CAAC;QAClD,gBAAW,GAA+B,IAAI,GAAG,EAAE,CAAC;IAErC,CAAC;IAExB;;OAEG;IACH,MAAM,CAAC,WAAW;QAChB,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,CAAC;YAClC,mBAAmB,CAAC,QAAQ,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC3D,CAAC;QACD,OAAO,mBAAmB,CAAC,QAAQ,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,cAAc,CAAC,MAA0B;QAC9C,IAAI,CAAC;YACH,4DAA4D;YAC5D,0EAA0E;YAC1E,0EAA0E;YAC1E,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,cAAc,CAC5D,gBAAgB,EAChB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,EACzB,MAAM,CACP,CAAC;YAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YACrE,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,IAAI,KAAK,CAAC,sDAAsD,MAAM,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC,CAAC;QACpG,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,QAAuB;QAC9B,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE5C,mDAAmD;QACnD,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QAEzB,OAAO,CAAC,GAAG,CAAC,6BAA6B,QAAQ,CAAC,IAAI,iBAAiB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,MAAc;QACxB,oBAAoB;QACpB,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;gBACnC,2BAA2B;gBAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAY;QACpB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,0BAA0B;QAC/B,+DAA+D;QAC/D,MAAM,aAAa,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;QAC3F,0DAA0D;QAC1D,MAAM,aAAa,GAAG,aAAa;aAChC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;aACnB,MAAM,CAAC,CAAC,GAAG,EAAiB,EAAE,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC;QACrE,+BAA+B;QAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,wBAAwB,CAAC,IAAY;QAC1C,IAAI,CAAC;YACH,qDAAqD;YACrD,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,eAAe,CAAC,gBAAgB,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YAC1G,OAAO,YAAY,KAAK,IAAI,IAAI,YAAY,KAAK,SAAS,CAAC;QAC7D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
|
@@ -2,19 +2,40 @@ import { JwtHeader, JwtPayload, SigningKeyCallback } from 'jsonwebtoken';
|
|
|
2
2
|
import jwksClient from 'jwks-rsa';
|
|
3
3
|
import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
|
|
4
4
|
import { IAuthProvider } from './IAuthProvider.js';
|
|
5
|
+
/**
|
|
6
|
+
* Base implementation of IAuthProvider with common functionality
|
|
7
|
+
* Concrete providers should extend this class and use @RegisterClass decorator
|
|
8
|
+
* with BaseAuthProvider as the base class
|
|
9
|
+
*/
|
|
5
10
|
export declare abstract class BaseAuthProvider implements IAuthProvider {
|
|
6
11
|
name: string;
|
|
7
12
|
issuer: string;
|
|
8
13
|
audience: string;
|
|
9
14
|
jwksUri: string;
|
|
15
|
+
/** OAuth client ID for this provider (used by OAuth proxy for upstream auth) */
|
|
10
16
|
clientId?: string;
|
|
11
17
|
protected config: AuthProviderConfig;
|
|
12
18
|
protected jwksClient: jwksClient.JwksClient;
|
|
13
19
|
constructor(config: AuthProviderConfig);
|
|
20
|
+
/**
|
|
21
|
+
* Validates that required configuration is present
|
|
22
|
+
*/
|
|
14
23
|
validateConfig(): boolean;
|
|
24
|
+
/**
|
|
25
|
+
* Gets the signing key for token verification with retry logic
|
|
26
|
+
*/
|
|
15
27
|
getSigningKey(header: JwtHeader, callback: SigningKeyCallback): void;
|
|
28
|
+
/**
|
|
29
|
+
* Retrieves signing key with exponential backoff retry logic
|
|
30
|
+
*/
|
|
16
31
|
private getSigningKeyWithRetry;
|
|
32
|
+
/**
|
|
33
|
+
* Checks if a given issuer URL belongs to this provider
|
|
34
|
+
*/
|
|
17
35
|
matchesIssuer(issuer: string): boolean;
|
|
36
|
+
/**
|
|
37
|
+
* Abstract method for extracting user info - must be implemented by each provider
|
|
38
|
+
*/
|
|
18
39
|
abstract extractUserInfo(payload: JwtPayload): AuthUserInfo;
|
|
19
40
|
}
|
|
20
41
|
//# sourceMappingURL=BaseAuthProvider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BaseAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"BaseAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,UAAU,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAInD;;;;GAIG;AACH,8BAAsB,gBAAiB,YAAW,aAAa;IAC7D,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,gFAAgF;IAChF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,MAAM,EAAE,kBAAkB,CAAC;IACrC,SAAS,CAAC,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC;gBAEhC,MAAM,EAAE,kBAAkB;IAoCtC;;OAEG;IACH,cAAc,IAAI,OAAO;IAIzB;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI;IAYpE;;OAEG;YACW,sBAAsB;IAuCpC;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAOtC;;OAEG;IACH,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,YAAY;CAC5D"}
|
|
@@ -1,14 +1,12 @@
|
|
|
1
1
|
import jwksClient from 'jwks-rsa';
|
|
2
2
|
import https from 'https';
|
|
3
3
|
import http from 'http';
|
|
4
|
+
/**
|
|
5
|
+
* Base implementation of IAuthProvider with common functionality
|
|
6
|
+
* Concrete providers should extend this class and use @RegisterClass decorator
|
|
7
|
+
* with BaseAuthProvider as the base class
|
|
8
|
+
*/
|
|
4
9
|
export class BaseAuthProvider {
|
|
5
|
-
name;
|
|
6
|
-
issuer;
|
|
7
|
-
audience;
|
|
8
|
-
jwksUri;
|
|
9
|
-
clientId;
|
|
10
|
-
config;
|
|
11
|
-
jwksClient;
|
|
12
10
|
constructor(config) {
|
|
13
11
|
this.config = config;
|
|
14
12
|
this.name = config.name;
|
|
@@ -16,6 +14,7 @@ export class BaseAuthProvider {
|
|
|
16
14
|
this.audience = config.audience;
|
|
17
15
|
this.jwksUri = config.jwksUri;
|
|
18
16
|
this.clientId = config.clientId;
|
|
17
|
+
// Create HTTP agent with keep-alive to prevent socket hangups
|
|
19
18
|
const agent = this.jwksUri.startsWith('https')
|
|
20
19
|
? new https.Agent({
|
|
21
20
|
keepAlive: true,
|
|
@@ -31,18 +30,25 @@ export class BaseAuthProvider {
|
|
|
31
30
|
maxFreeSockets: 10,
|
|
32
31
|
timeout: 60000
|
|
33
32
|
});
|
|
33
|
+
// Initialize JWKS client with connection pooling and extended timeout
|
|
34
34
|
this.jwksClient = jwksClient({
|
|
35
35
|
jwksUri: this.jwksUri,
|
|
36
36
|
cache: true,
|
|
37
37
|
cacheMaxEntries: 5,
|
|
38
|
-
cacheMaxAge: 600000,
|
|
39
|
-
timeout: 60000,
|
|
38
|
+
cacheMaxAge: 600000, // 10 minutes
|
|
39
|
+
timeout: 60000, // 60 seconds (increased from default 30s)
|
|
40
40
|
requestAgent: agent
|
|
41
41
|
});
|
|
42
42
|
}
|
|
43
|
+
/**
|
|
44
|
+
* Validates that required configuration is present
|
|
45
|
+
*/
|
|
43
46
|
validateConfig() {
|
|
44
47
|
return !!(this.name && this.issuer && this.audience && this.jwksUri);
|
|
45
48
|
}
|
|
49
|
+
/**
|
|
50
|
+
* Gets the signing key for token verification with retry logic
|
|
51
|
+
*/
|
|
46
52
|
getSigningKey(header, callback) {
|
|
47
53
|
this.getSigningKeyWithRetry(header, 3, 1000)
|
|
48
54
|
.then((key) => {
|
|
@@ -54,6 +60,9 @@ export class BaseAuthProvider {
|
|
|
54
60
|
callback(err);
|
|
55
61
|
});
|
|
56
62
|
}
|
|
63
|
+
/**
|
|
64
|
+
* Retrieves signing key with exponential backoff retry logic
|
|
65
|
+
*/
|
|
57
66
|
async getSigningKeyWithRetry(header, maxRetries, initialDelayMs) {
|
|
58
67
|
let lastError;
|
|
59
68
|
for (let attempt = 0; attempt <= maxRetries; attempt++) {
|
|
@@ -62,6 +71,7 @@ export class BaseAuthProvider {
|
|
|
62
71
|
}
|
|
63
72
|
catch (err) {
|
|
64
73
|
lastError = err instanceof Error ? err : new Error(String(err));
|
|
74
|
+
// Check if this is a connection error that's worth retrying
|
|
65
75
|
const isRetryableError = lastError.message.includes('socket hang up') ||
|
|
66
76
|
lastError.message.includes('ECONNRESET') ||
|
|
67
77
|
lastError.message.includes('ETIMEDOUT') ||
|
|
@@ -70,6 +80,7 @@ export class BaseAuthProvider {
|
|
|
70
80
|
if (!isRetryableError || attempt === maxRetries) {
|
|
71
81
|
throw lastError;
|
|
72
82
|
}
|
|
83
|
+
// Exponential backoff: wait longer between each retry
|
|
73
84
|
const delayMs = initialDelayMs * Math.pow(2, attempt);
|
|
74
85
|
console.warn(`Attempt ${attempt + 1}/${maxRetries + 1} failed for provider ${this.name}. ` +
|
|
75
86
|
`Retrying in ${delayMs}ms... Error: ${lastError.message}`);
|
|
@@ -78,7 +89,11 @@ export class BaseAuthProvider {
|
|
|
78
89
|
}
|
|
79
90
|
throw lastError || new Error('Failed to retrieve signing key');
|
|
80
91
|
}
|
|
92
|
+
/**
|
|
93
|
+
* Checks if a given issuer URL belongs to this provider
|
|
94
|
+
*/
|
|
81
95
|
matchesIssuer(issuer) {
|
|
96
|
+
// Handle trailing slashes and case sensitivity
|
|
82
97
|
const normalizedIssuer = issuer.toLowerCase().replace(/\/$/, '');
|
|
83
98
|
const normalizedProviderIssuer = this.issuer.toLowerCase().replace(/\/$/, '');
|
|
84
99
|
return normalizedIssuer === normalizedProviderIssuer;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BaseAuthProvider.js","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AACA,OAAO,UAAU,MAAM,UAAU,CAAC;AAGlC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"BaseAuthProvider.js","sourceRoot":"","sources":["../../src/auth/BaseAuthProvider.ts"],"names":[],"mappings":"AACA,OAAO,UAAU,MAAM,UAAU,CAAC;AAGlC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB;;;;GAIG;AACH,MAAM,OAAgB,gBAAgB;IAUpC,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAEhC,8DAA8D;QAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;YAC5C,CAAC,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC;gBACd,SAAS,EAAE,IAAI;gBACf,cAAc,EAAE,KAAK;gBACrB,UAAU,EAAE,EAAE;gBACd,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,KAAK;aACf,CAAC;YACJ,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC;gBACb,SAAS,EAAE,IAAI;gBACf,cAAc,EAAE,KAAK;gBACrB,UAAU,EAAE,EAAE;gBACd,cAAc,EAAE,EAAE;gBAClB,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QAEP,sEAAsE;QACtE,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI;YACX,eAAe,EAAE,CAAC;YAClB,WAAW,EAAE,MAAM,EAAE,aAAa;YAClC,OAAO,EAAE,KAAK,EAAE,0CAA0C;YAC1D,YAAY,EAAE,KAAK;SACpB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,MAAiB,EAAE,QAA4B;QAC3D,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC;aACzC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YACZ,MAAM,UAAU,GAAG,WAAW,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC;YACzE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7B,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,OAAO,CAAC,KAAK,CAAC,0CAA0C,IAAI,CAAC,IAAI,iBAAiB,EAAE,GAAG,CAAC,CAAC;YACzF,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAClC,MAAiB,EACjB,UAAkB,EAClB,cAAsB;QAEtB,IAAI,SAA4B,CAAC;QAEjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAEhE,4DAA4D;gBAC5D,MAAM,gBAAgB,GACpB,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;oBAC5C,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;oBACxC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACvC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;oBACvC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAE1C,IAAI,CAAC,gBAAgB,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;oBAChD,MAAM,SAAS,CAAC;gBAClB,CAAC;gBAED,sDAAsD;gBACtD,MAAM,OAAO,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;gBACtD,OAAO,CAAC,IAAI,CACV,WAAW,OAAO,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,wBAAwB,IAAI,CAAC,IAAI,IAAI;oBAC7E,eAAe,OAAO,gBAAgB,SAAS,CAAC,OAAO,EAAE,CAC1D,CAAC;gBAEF,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,MAAc;QAC1B,+CAA+C;QAC/C,MAAM,gBAAgB,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACjE,MAAM,wBAAwB,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC9E,OAAO,gBAAgB,KAAK,wBAAwB,CAAC;IACvD,CAAC;CAMF"}
|
|
@@ -1,14 +1,46 @@
|
|
|
1
1
|
import { JwtHeader, JwtPayload, SigningKeyCallback } from 'jsonwebtoken';
|
|
2
2
|
import { AuthUserInfo } from '@memberjunction/core';
|
|
3
|
+
/**
|
|
4
|
+
* Interface for authentication providers in MemberJunction
|
|
5
|
+
* Enables support for any OAuth 2.0/OIDC compliant provider
|
|
6
|
+
*/
|
|
3
7
|
export interface IAuthProvider {
|
|
8
|
+
/**
|
|
9
|
+
* Unique name identifier for this provider
|
|
10
|
+
*/
|
|
4
11
|
name: string;
|
|
12
|
+
/**
|
|
13
|
+
* The issuer URL for this provider (must match the 'iss' claim in tokens)
|
|
14
|
+
*/
|
|
5
15
|
issuer: string;
|
|
16
|
+
/**
|
|
17
|
+
* The expected audience for tokens from this provider
|
|
18
|
+
*/
|
|
6
19
|
audience: string;
|
|
20
|
+
/**
|
|
21
|
+
* The JWKS endpoint URL for retrieving signing keys
|
|
22
|
+
*/
|
|
7
23
|
jwksUri: string;
|
|
24
|
+
/**
|
|
25
|
+
* OAuth client ID for this provider (optional, used by OAuth proxy for upstream authentication)
|
|
26
|
+
*/
|
|
8
27
|
clientId?: string;
|
|
28
|
+
/**
|
|
29
|
+
* Validates that the provider configuration is complete and valid
|
|
30
|
+
*/
|
|
9
31
|
validateConfig(): boolean;
|
|
32
|
+
/**
|
|
33
|
+
* Gets the signing key for token verification
|
|
34
|
+
*/
|
|
10
35
|
getSigningKey(header: JwtHeader, callback: SigningKeyCallback): void;
|
|
36
|
+
/**
|
|
37
|
+
* Extracts user information from the JWT payload
|
|
38
|
+
* Different providers use different claim names
|
|
39
|
+
*/
|
|
11
40
|
extractUserInfo(payload: JwtPayload): AuthUserInfo;
|
|
41
|
+
/**
|
|
42
|
+
* Checks if a given issuer URL belongs to this provider
|
|
43
|
+
*/
|
|
12
44
|
matchesIssuer(issuer: string): boolean;
|
|
13
45
|
}
|
|
14
46
|
//# sourceMappingURL=IAuthProvider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/IAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAsB,YAAY,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"IAuthProvider.d.ts","sourceRoot":"","sources":["../../src/auth/IAuthProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAsB,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAExE;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,cAAc,IAAI,OAAO,CAAC;IAE1B;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAErE;;;OAGG;IACH,eAAe,CAAC,OAAO,EAAE,UAAU,GAAG,YAAY,CAAC;IAEnD;;OAEG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;CACxC"}
|
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
import { NewUserBase } from './newUsers.js';
|
|
2
2
|
import { UserEntity } from '@memberjunction/core-entities';
|
|
3
|
+
/**
|
|
4
|
+
* This example class subclasses the @NewUserBase class and overrides the createNewUser method to create a new person record and then call the base class to create the user record. In this example there is an entity
|
|
5
|
+
* called "Persons" that is mapped to the User table in the core MemberJunction schema. You can sub-class the NewUserBase to do whatever behavior you want and pre-process, post-process or entirely override the base
|
|
6
|
+
* class behavior.
|
|
7
|
+
*/
|
|
3
8
|
export declare class ExampleNewUserSubClass extends NewUserBase {
|
|
4
9
|
createNewUser(firstName: string, lastName: string, email: string, linkedRecordType?: string, linkedEntityId?: string, linkedEntityRecordId?: string): Promise<UserEntity | null>;
|
|
5
10
|
}
|
|
6
|
-
export declare function LoadExampleNewUserSubClass(): void;
|
|
7
11
|
//# sourceMappingURL=exampleNewUserSubClass.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"exampleNewUserSubClass.d.ts","sourceRoot":"","sources":["../../src/auth/exampleNewUserSubClass.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5C,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"exampleNewUserSubClass.d.ts","sourceRoot":"","sources":["../../src/auth/exampleNewUserSubClass.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5C,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAE3D;;;;GAIG;AAIH,qBAAa,sBAAuB,SAAQ,WAAW;IAC/B,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,GAAE,MAAe,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;CA4D/M"}
|