npm - @memberjunction/server - Versions diffs - 5.14.0 → 5.16.0 - Mend

@memberjunction/server 5.14.0 → 5.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/dist/auth/index.d.ts +0 -3
package/dist/auth/index.d.ts.map +1 -1
package/dist/auth/index.js +5 -7
package/dist/auth/index.js.map +1 -1
package/dist/auth/initializeProviders.js +2 -2
package/dist/auth/initializeProviders.js.map +1 -1
package/dist/config.d.ts +37 -0
package/dist/config.d.ts.map +1 -1
package/dist/config.js +8 -0
package/dist/config.js.map +1 -1
package/dist/context.d.ts.map +1 -1
package/dist/context.js +3 -3
package/dist/context.js.map +1 -1
package/dist/generated/generated.d.ts +169 -0
package/dist/generated/generated.d.ts.map +1 -1
package/dist/generated/generated.js +909 -1
package/dist/generated/generated.js.map +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +16 -1
package/dist/index.js.map +1 -1
package/dist/resolvers/DatasetResolver.d.ts +5 -0
package/dist/resolvers/DatasetResolver.d.ts.map +1 -1
package/dist/resolvers/DatasetResolver.js +35 -0
package/dist/resolvers/DatasetResolver.js.map +1 -1
package/package.json +60 -59
package/src/__tests__/unifiedAuth.test.ts +3 -2
package/src/auth/__tests__/backward-compatibility.test.ts +2 -3
package/src/auth/index.ts +5 -8
package/src/auth/initializeProviders.ts +2 -2
package/src/config.ts +8 -0
package/src/context.ts +3 -3
package/src/generated/generated.ts +635 -2
package/src/index.ts +21 -3
package/src/resolvers/DatasetResolver.ts +36 -0
package/dist/auth/AuthProviderFactory.d.ts +0 -68
package/dist/auth/AuthProviderFactory.d.ts.map +0 -1
package/dist/auth/AuthProviderFactory.js +0 -155
package/dist/auth/AuthProviderFactory.js.map +0 -1
package/dist/auth/BaseAuthProvider.d.ts +0 -41
package/dist/auth/BaseAuthProvider.d.ts.map +0 -1
package/dist/auth/BaseAuthProvider.js +0 -102
package/dist/auth/BaseAuthProvider.js.map +0 -1
package/dist/auth/IAuthProvider.d.ts +0 -46
package/dist/auth/IAuthProvider.d.ts.map +0 -1
package/dist/auth/IAuthProvider.js +0 -2
package/dist/auth/IAuthProvider.js.map +0 -1
package/dist/auth/providers/Auth0Provider.d.ts +0 -18
package/dist/auth/providers/Auth0Provider.d.ts.map +0 -1
package/dist/auth/providers/Auth0Provider.js +0 -52
package/dist/auth/providers/Auth0Provider.js.map +0 -1
package/dist/auth/providers/CognitoProvider.d.ts +0 -18
package/dist/auth/providers/CognitoProvider.d.ts.map +0 -1
package/dist/auth/providers/CognitoProvider.js +0 -56
package/dist/auth/providers/CognitoProvider.js.map +0 -1
package/dist/auth/providers/GoogleProvider.d.ts +0 -18
package/dist/auth/providers/GoogleProvider.d.ts.map +0 -1
package/dist/auth/providers/GoogleProvider.js +0 -51
package/dist/auth/providers/GoogleProvider.js.map +0 -1
package/dist/auth/providers/MSALProvider.d.ts +0 -18
package/dist/auth/providers/MSALProvider.d.ts.map +0 -1
package/dist/auth/providers/MSALProvider.js +0 -52
package/dist/auth/providers/MSALProvider.js.map +0 -1
package/dist/auth/providers/OktaProvider.d.ts +0 -18
package/dist/auth/providers/OktaProvider.d.ts.map +0 -1
package/dist/auth/providers/OktaProvider.js +0 -52
package/dist/auth/providers/OktaProvider.js.map +0 -1
package/dist/auth/tokenExpiredError.d.ts +0 -5
package/dist/auth/tokenExpiredError.d.ts.map +0 -1
package/dist/auth/tokenExpiredError.js +0 -12
package/dist/auth/tokenExpiredError.js.map +0 -1
package/src/auth/AuthProviderFactory.ts +0 -182
package/src/auth/BaseAuthProvider.ts +0 -137
package/src/auth/IAuthProvider.ts +0 -54
package/src/auth/providers/Auth0Provider.ts +0 -45
package/src/auth/providers/CognitoProvider.ts +0 -50
package/src/auth/providers/GoogleProvider.ts +0 -45
package/src/auth/providers/MSALProvider.ts +0 -45
package/src/auth/providers/OktaProvider.ts +0 -46
package/src/auth/tokenExpiredError.ts +0 -12

package/src/auth/BaseAuthProvider.ts DELETED Viewed

@@ -1,137 +0,0 @@
-import { JwtHeader, JwtPayload, SigningKeyCallback } from 'jsonwebtoken';
-import jwksClient from 'jwks-rsa';
-import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
-import { IAuthProvider } from './IAuthProvider.js';
-import https from 'https';
-import http from 'http';
-/**
- * Base implementation of IAuthProvider with common functionality
- * Concrete providers should extend this class and use @RegisterClass decorator
- * with BaseAuthProvider as the base class
- */
-export abstract class BaseAuthProvider implements IAuthProvider {
-  name: string;
-  issuer: string;
-  audience: string;
-  jwksUri: string;
-  /** OAuth client ID for this provider (used by OAuth proxy for upstream auth) */
-  clientId?: string;
-  protected config: AuthProviderConfig;
-  protected jwksClient: jwksClient.JwksClient;
-  constructor(config: AuthProviderConfig) {
-    this.config = config;
-    this.name = config.name;
-    this.issuer = config.issuer;
-    this.audience = config.audience;
-    this.jwksUri = config.jwksUri;
-    this.clientId = config.clientId;
-    // Create HTTP agent with keep-alive to prevent socket hangups
-    const agent = this.jwksUri.startsWith('https')
-      ? new https.Agent({
-          keepAlive: true,
-          keepAliveMsecs: 30000,
-          maxSockets: 50,
-          maxFreeSockets: 10,
-          timeout: 60000
-        })
-      : new http.Agent({
-          keepAlive: true,
-          keepAliveMsecs: 30000,
-          maxSockets: 50,
-          maxFreeSockets: 10,
-          timeout: 60000
-        });
-    // Initialize JWKS client with connection pooling and extended timeout
-    this.jwksClient = jwksClient({
-      jwksUri: this.jwksUri,
-      cache: true,
-      cacheMaxEntries: 5,
-      cacheMaxAge: 600000, // 10 minutes
-      timeout: 60000, // 60 seconds (increased from default 30s)
-      requestAgent: agent
-    });
-  }
-  /**
-   * Validates that required configuration is present
-   */
-  validateConfig(): boolean {
-    return !!(this.name && this.issuer && this.audience && this.jwksUri);
-  }
-  /**
-   * Gets the signing key for token verification with retry logic
-   */
-  getSigningKey(header: JwtHeader, callback: SigningKeyCallback): void {
-    this.getSigningKeyWithRetry(header, 3, 1000)
-      .then((key) => {
-        const signingKey = 'publicKey' in key ? key.publicKey : key.rsaPublicKey;
-        callback(null, signingKey);
-      })
-      .catch((err) => {
-        console.error(`Error getting signing key for provider ${this.name} after retries:`, err);
-        callback(err);
-      });
-  }
-  /**
-   * Retrieves signing key with exponential backoff retry logic
-   */
-  private async getSigningKeyWithRetry(
-    header: JwtHeader,
-    maxRetries: number,
-    initialDelayMs: number
-  ): Promise<jwksClient.SigningKey> {
-    let lastError: Error | undefined;
-    for (let attempt = 0; attempt <= maxRetries; attempt++) {
-      try {
-        return await this.jwksClient.getSigningKey(header.kid);
-      } catch (err) {
-        lastError = err instanceof Error ? err : new Error(String(err));
-        // Check if this is a connection error that's worth retrying
-        const isRetryableError =
-          lastError.message.includes('socket hang up') ||
-          lastError.message.includes('ECONNRESET') ||
-          lastError.message.includes('ETIMEDOUT') ||
-          lastError.message.includes('ENOTFOUND') ||
-          lastError.message.includes('EAI_AGAIN');
-        if (!isRetryableError || attempt === maxRetries) {
-          throw lastError;
-        }
-        // Exponential backoff: wait longer between each retry
-        const delayMs = initialDelayMs * Math.pow(2, attempt);
-        console.warn(
-          `Attempt ${attempt + 1}/${maxRetries + 1} failed for provider ${this.name}. ` +
-          `Retrying in ${delayMs}ms... Error: ${lastError.message}`
-        );
-        await new Promise(resolve => setTimeout(resolve, delayMs));
-      }
-    }
-    throw lastError || new Error('Failed to retrieve signing key');
-  }
-  /**
-   * Checks if a given issuer URL belongs to this provider
-   */
-  matchesIssuer(issuer: string): boolean {
-    // Handle trailing slashes and case sensitivity
-    const normalizedIssuer = issuer.toLowerCase().replace(/\/$/, '');
-    const normalizedProviderIssuer = this.issuer.toLowerCase().replace(/\/$/, '');
-    return normalizedIssuer === normalizedProviderIssuer;
-  }
-  /**
-   * Abstract method for extracting user info - must be implemented by each provider
-   */
-  abstract extractUserInfo(payload: JwtPayload): AuthUserInfo;
-}

package/src/auth/IAuthProvider.ts DELETED Viewed

@@ -1,54 +0,0 @@
-import { JwtHeader, JwtPayload, SigningKeyCallback } from 'jsonwebtoken';
-import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
-/**
- * Interface for authentication providers in MemberJunction
- * Enables support for any OAuth 2.0/OIDC compliant provider
- */
-export interface IAuthProvider {
-  /**
-   * Unique name identifier for this provider
-   */
-  name: string;
-  /**
-   * The issuer URL for this provider (must match the 'iss' claim in tokens)
-   */
-  issuer: string;
-  /**
-   * The expected audience for tokens from this provider
-   */
-  audience: string;
-  /**
-   * The JWKS endpoint URL for retrieving signing keys
-   */
-  jwksUri: string;
-  /**
-   * OAuth client ID for this provider (optional, used by OAuth proxy for upstream authentication)
-   */
-  clientId?: string;
-  /**
-   * Validates that the provider configuration is complete and valid
-   */
-  validateConfig(): boolean;
-  /**
-   * Gets the signing key for token verification
-   */
-  getSigningKey(header: JwtHeader, callback: SigningKeyCallback): void;
-  /**
-   * Extracts user information from the JWT payload
-   * Different providers use different claim names
-   */
-  extractUserInfo(payload: JwtPayload): AuthUserInfo;
-  /**
-   * Checks if a given issuer URL belongs to this provider
-   */
-  matchesIssuer(issuer: string): boolean;
-}

package/src/auth/providers/Auth0Provider.ts DELETED Viewed

@@ -1,45 +0,0 @@
-import { JwtPayload } from 'jsonwebtoken';
-import { RegisterClass } from '@memberjunction/global';
-import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
-import { BaseAuthProvider } from '../BaseAuthProvider.js';
-/**
- * Auth0 authentication provider implementation
- */
-@RegisterClass(BaseAuthProvider, 'auth0')
-export class Auth0Provider extends BaseAuthProvider {
-  constructor(config: AuthProviderConfig) {
-    super(config);
-  }
-  /**
-   * Extracts user information from Auth0 JWT payload
-   */
-  extractUserInfo(payload: JwtPayload): AuthUserInfo {
-    // Auth0 uses standard OIDC claims
-    const email = payload.email as string | undefined;
-    const fullName = payload.name as string | undefined;
-    const firstName = payload.given_name as string | undefined;
-    const lastName = payload.family_name as string | undefined;
-    const preferredUsername = payload.preferred_username as string | undefined || email;
-    return {
-      email,
-      firstName: firstName || fullName?.split(' ')[0],
-      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
-      fullName,
-      preferredUsername
-    };
-  }
-  /**
-   * Validates Auth0-specific configuration
-   */
-  validateConfig(): boolean {
-    const baseValid = super.validateConfig();
-    const hasClientId = !!this.config.clientId;
-    const hasDomain = !!this.config.domain;
-    return baseValid && hasClientId && hasDomain;
-  }
-}

package/src/auth/providers/CognitoProvider.ts DELETED Viewed

@@ -1,50 +0,0 @@
-import { JwtPayload } from 'jsonwebtoken';
-import { RegisterClass } from '@memberjunction/global';
-import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
-import { BaseAuthProvider } from '../BaseAuthProvider.js';
-/**
- * AWS Cognito authentication provider implementation
- */
-@RegisterClass(BaseAuthProvider, 'cognito')
-export class CognitoProvider extends BaseAuthProvider {
-  constructor(config: AuthProviderConfig) {
-    super(config);
-  }
-  /**
-   * Extracts user information from Cognito JWT payload
-   */
-  extractUserInfo(payload: JwtPayload): AuthUserInfo {
-    // Cognito uses custom claims with 'cognito:' prefix for some fields
-    const email = payload.email as string | undefined ||
-                  payload['cognito:username'] as string | undefined;
-    const fullName = payload.name as string | undefined;
-    const firstName = payload.given_name as string | undefined;
-    const lastName = payload.family_name as string | undefined;
-    const preferredUsername = payload['cognito:username'] as string | undefined ||
-                             payload.preferred_username as string | undefined ||
-                             email;
-    return {
-      email,
-      firstName: firstName || fullName?.split(' ')[0],
-      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
-      fullName,
-      preferredUsername
-    };
-  }
-  /**
-   * Validates Cognito-specific configuration
-   */
-  validateConfig(): boolean {
-    const baseValid = super.validateConfig();
-    const hasClientId = !!this.config.clientId;
-    const hasRegion = !!this.config.region;
-    const hasUserPoolId = !!this.config.userPoolId;
-    return baseValid && hasClientId && hasRegion && hasUserPoolId;
-  }
-}

package/src/auth/providers/GoogleProvider.ts DELETED Viewed

@@ -1,45 +0,0 @@
-import { JwtPayload } from 'jsonwebtoken';
-import { RegisterClass } from '@memberjunction/global';
-import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
-import { BaseAuthProvider } from '../BaseAuthProvider.js';
-/**
- * Google Identity Platform authentication provider implementation
- */
-@RegisterClass(BaseAuthProvider, 'google')
-export class GoogleProvider extends BaseAuthProvider {
-  constructor(config: AuthProviderConfig) {
-    super(config);
-  }
-  /**
-   * Extracts user information from Google JWT payload
-   */
-  extractUserInfo(payload: JwtPayload): AuthUserInfo {
-    // Google uses standard OIDC claims
-    const email = payload.email as string | undefined;
-    const fullName = payload.name as string | undefined;
-    const firstName = payload.given_name as string | undefined;
-    const lastName = payload.family_name as string | undefined;
-    const preferredUsername = email; // Google typically uses email as username
-    return {
-      email,
-      firstName: firstName || fullName?.split(' ')[0],
-      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
-      fullName,
-      preferredUsername
-    };
-  }
-  /**
-   * Validates Google-specific configuration
-   */
-  validateConfig(): boolean {
-    const baseValid = super.validateConfig();
-    const hasClientId = !!this.config.clientId;
-    return baseValid && hasClientId;
-  }
-}

package/src/auth/providers/MSALProvider.ts DELETED Viewed

@@ -1,45 +0,0 @@
-import { JwtPayload } from 'jsonwebtoken';
-import { RegisterClass } from '@memberjunction/global';
-import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
-import { BaseAuthProvider } from '../BaseAuthProvider.js';
-/**
- * Microsoft Authentication Library (MSAL) provider implementation
- */
-@RegisterClass(BaseAuthProvider, 'msal')
-export class MSALProvider extends BaseAuthProvider {
-  constructor(config: AuthProviderConfig) {
-    super(config);
-  }
-  /**
-   * Extracts user information from MSAL/Azure AD JWT payload
-   */
-  extractUserInfo(payload: JwtPayload): AuthUserInfo {
-    // MSAL/Azure AD uses some custom claims
-    const email = payload.email as string | undefined || payload.preferred_username as string | undefined;
-    const fullName = payload.name as string | undefined;
-    const firstName = payload.given_name as string | undefined;
-    const lastName = payload.family_name as string | undefined;
-    const preferredUsername = payload.preferred_username as string | undefined;
-    return {
-      email,
-      firstName: firstName || fullName?.split(' ')[0],
-      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
-      fullName,
-      preferredUsername
-    };
-  }
-  /**
-   * Validates MSAL-specific configuration
-   */
-  validateConfig(): boolean {
-    const baseValid = super.validateConfig();
-    const hasClientId = !!this.config.clientId;
-    const hasTenantId = !!this.config.tenantId;
-    return baseValid && hasClientId && hasTenantId;
-  }
-}

package/src/auth/providers/OktaProvider.ts DELETED Viewed

@@ -1,46 +0,0 @@
-import { JwtPayload } from 'jsonwebtoken';
-import { RegisterClass } from '@memberjunction/global';
-import { AuthProviderConfig, AuthUserInfo } from '@memberjunction/core';
-import { BaseAuthProvider } from '../BaseAuthProvider.js';
-/**
- * Okta authentication provider implementation
- */
-@RegisterClass(BaseAuthProvider, 'okta')
-export class OktaProvider extends BaseAuthProvider {
-  constructor(config: AuthProviderConfig) {
-    super(config);
-  }
-  /**
-   * Extracts user information from Okta JWT payload
-   */
-  extractUserInfo(payload: JwtPayload): AuthUserInfo {
-    // Okta uses standard OIDC claims plus some custom ones
-    const email = payload.email as string | undefined || payload.preferred_username as string | undefined;
-    const fullName = payload.name as string | undefined;
-    const firstName = payload.given_name as string | undefined;
-    const lastName = payload.family_name as string | undefined;
-    const preferredUsername = payload.preferred_username as string | undefined || email;
-    return {
-      email,
-      firstName: firstName || fullName?.split(' ')[0],
-      lastName: lastName || fullName?.split(' ')[1] || fullName?.split(' ')[0],
-      fullName,
-      preferredUsername
-    };
-  }
-  /**
-   * Validates Okta-specific configuration
-   */
-  validateConfig(): boolean {
-    const baseValid = super.validateConfig();
-    const hasClientId = !!this.config.clientId;
-    const hasDomain = !!this.config.domain;
-    return baseValid && hasClientId && hasDomain;
-  }
-}

package/src/auth/tokenExpiredError.ts DELETED Viewed

@@ -1,12 +0,0 @@
-import { GraphQLError } from 'graphql';
-export class TokenExpiredError extends GraphQLError {
-  constructor(expiryDate: Date, message = 'The provided token has expired. Please authenticate again.') {
-    super(message, {
-      extensions: {
-        code: 'JWT_EXPIRED',
-        expiryDate: expiryDate.toISOString(),
-      },
-    });
-  }
-}