@memberjunction/server 5.40.1 → 5.41.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agentSessions/HostInstance.d.ts +19 -0
- package/dist/agentSessions/HostInstance.d.ts.map +1 -0
- package/dist/agentSessions/HostInstance.js +48 -0
- package/dist/agentSessions/HostInstance.js.map +1 -0
- package/dist/agentSessions/SessionJanitor.d.ts +97 -0
- package/dist/agentSessions/SessionJanitor.d.ts.map +1 -0
- package/dist/agentSessions/SessionJanitor.js +222 -0
- package/dist/agentSessions/SessionJanitor.js.map +1 -0
- package/dist/agentSessions/SessionManager.d.ts +142 -0
- package/dist/agentSessions/SessionManager.d.ts.map +1 -0
- package/dist/agentSessions/SessionManager.js +308 -0
- package/dist/agentSessions/SessionManager.js.map +1 -0
- package/dist/agentSessions/index.d.ts +4 -0
- package/dist/agentSessions/index.d.ts.map +1 -0
- package/dist/agentSessions/index.js +26 -0
- package/dist/agentSessions/index.js.map +1 -0
- package/dist/auth/initializeProviders.d.ts.map +1 -1
- package/dist/auth/initializeProviders.js +6 -1
- package/dist/auth/initializeProviders.js.map +1 -1
- package/dist/config.d.ts +245 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +34 -0
- package/dist/config.js.map +1 -1
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +41 -7
- package/dist/context.js.map +1 -1
- package/dist/generated/generated.d.ts +659 -3
- package/dist/generated/generated.d.ts.map +1 -1
- package/dist/generated/generated.js +5459 -1759
- package/dist/generated/generated.js.map +1 -1
- package/dist/generic/ResolverBase.js +1 -1
- package/dist/generic/ResolverBase.js.map +1 -1
- package/dist/generic/RunViewResolver.js +9 -10
- package/dist/generic/RunViewResolver.js.map +1 -1
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +112 -42
- package/dist/index.js.map +1 -1
- package/dist/logging/StartupLogger.d.ts +121 -0
- package/dist/logging/StartupLogger.d.ts.map +1 -0
- package/dist/logging/StartupLogger.js +245 -0
- package/dist/logging/StartupLogger.js.map +1 -0
- package/dist/logging/variablesLoggingMiddleware.d.ts.map +1 -1
- package/dist/logging/variablesLoggingMiddleware.js +21 -2
- package/dist/logging/variablesLoggingMiddleware.js.map +1 -1
- package/dist/middleware/RateLimitMiddleware.d.ts +16 -0
- package/dist/middleware/RateLimitMiddleware.d.ts.map +1 -0
- package/dist/middleware/RateLimitMiddleware.js +77 -0
- package/dist/middleware/RateLimitMiddleware.js.map +1 -0
- package/dist/middleware/index.d.ts +1 -0
- package/dist/middleware/index.d.ts.map +1 -1
- package/dist/middleware/index.js +1 -0
- package/dist/middleware/index.js.map +1 -1
- package/dist/resolvers/AgentSessionResolver.d.ts +42 -0
- package/dist/resolvers/AgentSessionResolver.d.ts.map +1 -0
- package/dist/resolvers/AgentSessionResolver.js +152 -0
- package/dist/resolvers/AgentSessionResolver.js.map +1 -0
- package/dist/resolvers/EntityPermissionResolver.d.ts +16 -0
- package/dist/resolvers/EntityPermissionResolver.d.ts.map +1 -0
- package/dist/resolvers/EntityPermissionResolver.js +95 -0
- package/dist/resolvers/EntityPermissionResolver.js.map +1 -0
- package/dist/resolvers/RealtimeClientSessionResolver.d.ts +688 -0
- package/dist/resolvers/RealtimeClientSessionResolver.d.ts.map +1 -0
- package/dist/resolvers/RealtimeClientSessionResolver.js +1774 -0
- package/dist/resolvers/RealtimeClientSessionResolver.js.map +1 -0
- package/dist/resolvers/RemoteBrowserActionResolver.d.ts +359 -0
- package/dist/resolvers/RemoteBrowserActionResolver.d.ts.map +1 -0
- package/dist/resolvers/RemoteBrowserActionResolver.js +896 -0
- package/dist/resolvers/RemoteBrowserActionResolver.js.map +1 -0
- package/dist/rest/SignatureWebhookHandler.js +3 -2
- package/dist/rest/SignatureWebhookHandler.js.map +1 -1
- package/dist/services/ScheduledJobsService.d.ts.map +1 -1
- package/dist/services/ScheduledJobsService.js +6 -5
- package/dist/services/ScheduledJobsService.js.map +1 -1
- package/package.json +78 -74
- package/src/__tests__/RealtimeClientSessionResolver.test.ts +2605 -0
- package/src/__tests__/RemoteBrowserAudioStream.test.ts +174 -0
- package/src/__tests__/SessionJanitor.test.ts +234 -0
- package/src/__tests__/SessionManager.test.ts +465 -0
- package/src/__tests__/subscriptionRedaction.test.ts +5 -0
- package/src/agentSessions/HostInstance.ts +53 -0
- package/src/agentSessions/SessionJanitor.ts +267 -0
- package/src/agentSessions/SessionManager.ts +446 -0
- package/src/agentSessions/index.ts +27 -0
- package/src/auth/initializeProviders.ts +6 -1
- package/src/config.ts +38 -0
- package/src/context.ts +42 -7
- package/src/generated/generated.ts +3111 -567
- package/src/generic/ResolverBase.ts +1 -1
- package/src/generic/RunViewResolver.ts +9 -9
- package/src/index.ts +112 -42
- package/src/logging/StartupLogger.ts +317 -0
- package/src/logging/variablesLoggingMiddleware.ts +25 -5
- package/src/middleware/RateLimitMiddleware.ts +87 -0
- package/src/middleware/index.ts +1 -0
- package/src/resolvers/AgentSessionResolver.ts +138 -0
- package/src/resolvers/EntityPermissionResolver.ts +73 -0
- package/src/resolvers/RealtimeClientSessionResolver.ts +2162 -0
- package/src/resolvers/RemoteBrowserActionResolver.ts +907 -0
- package/src/rest/SignatureWebhookHandler.ts +3 -2
- package/src/services/ScheduledJobsService.ts +6 -5
|
@@ -0,0 +1,152 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
+
};
|
|
13
|
+
/**
|
|
14
|
+
* @fileoverview GraphQL resolver for the AI Agent Session record lifecycle.
|
|
15
|
+
*
|
|
16
|
+
* Exposes start / close / heartbeat mutations over {@link SessionManager}, each running under the
|
|
17
|
+
* request's `contextUser` + request-scoped `IMetadataProvider`. Enforces two authorization gates:
|
|
18
|
+
* - **Open**: `CanRun` on the target agent (delegated to {@link SessionManager.CreateSession}).
|
|
19
|
+
* - **Close / Heartbeat**: inbound ownership — the session's `UserID` must equal `contextUser.ID`.
|
|
20
|
+
*
|
|
21
|
+
* The audio/media transport and the long-lived realtime run are out of scope here (P5); this
|
|
22
|
+
* resolver only manipulates the durable session record.
|
|
23
|
+
*
|
|
24
|
+
* @module @memberjunction/server
|
|
25
|
+
*/
|
|
26
|
+
import { Resolver, Mutation, Arg, Ctx, ObjectType, Field } from 'type-graphql';
|
|
27
|
+
import { LogError } from '@memberjunction/core';
|
|
28
|
+
import { UUIDsEqual } from '@memberjunction/global';
|
|
29
|
+
import { ResolverBase } from '../generic/ResolverBase.js';
|
|
30
|
+
import { GetReadWriteProvider } from '../util.js';
|
|
31
|
+
import { SessionManager, SessionAuthorizationError } from '../agentSessions/index.js';
|
|
32
|
+
/** Result of {@link AgentSessionResolver.StartAgentSession}. */
|
|
33
|
+
let StartAgentSessionResult = class StartAgentSessionResult {
|
|
34
|
+
};
|
|
35
|
+
__decorate([
|
|
36
|
+
Field(),
|
|
37
|
+
__metadata("design:type", String)
|
|
38
|
+
], StartAgentSessionResult.prototype, "agentSessionId", void 0);
|
|
39
|
+
__decorate([
|
|
40
|
+
Field(),
|
|
41
|
+
__metadata("design:type", String)
|
|
42
|
+
], StartAgentSessionResult.prototype, "status", void 0);
|
|
43
|
+
__decorate([
|
|
44
|
+
Field(),
|
|
45
|
+
__metadata("design:type", String)
|
|
46
|
+
], StartAgentSessionResult.prototype, "conversationId", void 0);
|
|
47
|
+
StartAgentSessionResult = __decorate([
|
|
48
|
+
ObjectType()
|
|
49
|
+
], StartAgentSessionResult);
|
|
50
|
+
export { StartAgentSessionResult };
|
|
51
|
+
/**
|
|
52
|
+
* Resolver for the AI Agent Session record lifecycle. A single {@link SessionManager} instance is
|
|
53
|
+
* shared across requests — it holds no per-user/provider state (only heartbeat-coalescing
|
|
54
|
+
* timestamps), and every method is passed the request `contextUser` + provider explicitly.
|
|
55
|
+
*/
|
|
56
|
+
let AgentSessionResolver = class AgentSessionResolver extends ResolverBase {
|
|
57
|
+
constructor() {
|
|
58
|
+
super(...arguments);
|
|
59
|
+
this.sessionManager = new SessionManager();
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Open a new session for an agent. Authorization (`CanRun`) is enforced inside
|
|
63
|
+
* {@link SessionManager.CreateSession}; a denial surfaces as a thrown error and no row is written.
|
|
64
|
+
*/
|
|
65
|
+
async StartAgentSession(agentId, { userPayload, providers }, conversationId, lastSessionId, configJson) {
|
|
66
|
+
const { contextUser, provider } = this.requireUserAndProvider(userPayload, providers);
|
|
67
|
+
try {
|
|
68
|
+
const session = await this.sessionManager.CreateSession({ agentID: agentId, userID: contextUser.ID, conversationID: conversationId, lastSessionID: lastSessionId, config: configJson }, contextUser, provider);
|
|
69
|
+
return { agentSessionId: session.ID, status: session.Status, conversationId: session.ConversationID ?? '' };
|
|
70
|
+
}
|
|
71
|
+
catch (err) {
|
|
72
|
+
if (err instanceof SessionAuthorizationError) {
|
|
73
|
+
throw new Error(err.message); // authorization denial — no session created
|
|
74
|
+
}
|
|
75
|
+
throw err;
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Close a session. Rejects unless the caller owns it. Returns `true` on a successful (or
|
|
80
|
+
* idempotent) close, `false` if the session can't be loaded.
|
|
81
|
+
*/
|
|
82
|
+
async CloseAgentSession(agentSessionId, { userPayload, providers }) {
|
|
83
|
+
const { contextUser, provider } = this.requireUserAndProvider(userPayload, providers);
|
|
84
|
+
await this.assertOwnership(agentSessionId, contextUser, provider);
|
|
85
|
+
return this.sessionManager.CloseSession(agentSessionId, contextUser, provider);
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* Record activity on a session (coalesced). Rejects unless the caller owns it. Returns `true`
|
|
89
|
+
* when the heartbeat was accepted (written or coalesced), `false` if the session is gone/closed.
|
|
90
|
+
*/
|
|
91
|
+
async AgentSessionHeartbeat(agentSessionId, { userPayload, providers }) {
|
|
92
|
+
const { contextUser, provider } = this.requireUserAndProvider(userPayload, providers);
|
|
93
|
+
await this.assertOwnership(agentSessionId, contextUser, provider);
|
|
94
|
+
return this.sessionManager.Heartbeat(agentSessionId, contextUser, provider);
|
|
95
|
+
}
|
|
96
|
+
// ----- internals -------------------------------------------------------------------------
|
|
97
|
+
/** Resolve the request user + read-write provider, throwing a clear error if unauthenticated. */
|
|
98
|
+
requireUserAndProvider(userPayload, providers) {
|
|
99
|
+
const contextUser = this.GetUserFromPayload(userPayload);
|
|
100
|
+
if (!contextUser) {
|
|
101
|
+
throw new Error('Not authenticated: no user context for agent session operation');
|
|
102
|
+
}
|
|
103
|
+
return { contextUser, provider: GetReadWriteProvider(providers) };
|
|
104
|
+
}
|
|
105
|
+
/**
|
|
106
|
+
* Inbound ownership gate (the one genuinely new session-authz primitive): the session's `UserID`
|
|
107
|
+
* must equal the caller's. Throws on mismatch or when the session can't be loaded.
|
|
108
|
+
*/
|
|
109
|
+
async assertOwnership(agentSessionId, contextUser, provider) {
|
|
110
|
+
const session = await provider.GetEntityObject('MJ: AI Agent Sessions', contextUser);
|
|
111
|
+
const loaded = await session.Load(agentSessionId);
|
|
112
|
+
if (!loaded) {
|
|
113
|
+
throw new Error(`Agent session ${agentSessionId} not found`);
|
|
114
|
+
}
|
|
115
|
+
if (!UUIDsEqual(session.UserID, contextUser.ID)) {
|
|
116
|
+
LogError(`AgentSessionResolver: ownership check failed — user ${contextUser.ID} attempted to operate on session ${agentSessionId} owned by ${session.UserID}`);
|
|
117
|
+
throw new Error('Not authorized: you do not own this agent session');
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
};
|
|
121
|
+
__decorate([
|
|
122
|
+
Mutation(() => StartAgentSessionResult),
|
|
123
|
+
__param(0, Arg('agentId')),
|
|
124
|
+
__param(1, Ctx()),
|
|
125
|
+
__param(2, Arg('conversationId', { nullable: true })),
|
|
126
|
+
__param(3, Arg('lastSessionId', { nullable: true })),
|
|
127
|
+
__param(4, Arg('configJson', { nullable: true })),
|
|
128
|
+
__metadata("design:type", Function),
|
|
129
|
+
__metadata("design:paramtypes", [String, Object, String, String, String]),
|
|
130
|
+
__metadata("design:returntype", Promise)
|
|
131
|
+
], AgentSessionResolver.prototype, "StartAgentSession", null);
|
|
132
|
+
__decorate([
|
|
133
|
+
Mutation(() => Boolean),
|
|
134
|
+
__param(0, Arg('agentSessionId')),
|
|
135
|
+
__param(1, Ctx()),
|
|
136
|
+
__metadata("design:type", Function),
|
|
137
|
+
__metadata("design:paramtypes", [String, Object]),
|
|
138
|
+
__metadata("design:returntype", Promise)
|
|
139
|
+
], AgentSessionResolver.prototype, "CloseAgentSession", null);
|
|
140
|
+
__decorate([
|
|
141
|
+
Mutation(() => Boolean),
|
|
142
|
+
__param(0, Arg('agentSessionId')),
|
|
143
|
+
__param(1, Ctx()),
|
|
144
|
+
__metadata("design:type", Function),
|
|
145
|
+
__metadata("design:paramtypes", [String, Object]),
|
|
146
|
+
__metadata("design:returntype", Promise)
|
|
147
|
+
], AgentSessionResolver.prototype, "AgentSessionHeartbeat", null);
|
|
148
|
+
AgentSessionResolver = __decorate([
|
|
149
|
+
Resolver()
|
|
150
|
+
], AgentSessionResolver);
|
|
151
|
+
export { AgentSessionResolver };
|
|
152
|
+
//# sourceMappingURL=AgentSessionResolver.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AgentSessionResolver.js","sourceRoot":"","sources":["../../src/resolvers/AgentSessionResolver.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AAE/E,OAAO,EAA+B,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEpD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,2BAA2B,CAAC;AAEtF,gEAAgE;AAEzD,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;CAYnC,CAAA;AATG;IADC,KAAK,EAAE;;+DACe;AAIvB;IADC,KAAK,EAAE;;uDACO;AAIf;IADC,KAAK,EAAE;;+DACe;AAXd,uBAAuB;IADnC,UAAU,EAAE;GACA,uBAAuB,CAYnC;;AAED;;;;GAIG;AAEI,IAAM,oBAAoB,GAA1B,MAAM,oBAAqB,SAAQ,YAAY;IAA/C;;QACc,mBAAc,GAAG,IAAI,cAAc,EAAE,CAAC;IA4F3D,CAAC;IA1FG;;;OAGG;IAEG,AAAN,KAAK,CAAC,iBAAiB,CACH,OAAe,EACxB,EAAE,WAAW,EAAE,SAAS,EAAc,EACF,cAAuB,EACxB,aAAsB,EACzB,UAAmB;QAE1D,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAEtF,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CACnD,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE,EAC9H,WAAW,EACX,QAAQ,CACX,CAAC;YACF,OAAO,EAAE,cAAc,EAAE,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,EAAE,EAAE,CAAC;QAChH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,GAAG,YAAY,yBAAyB,EAAE,CAAC;gBAC3C,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,4CAA4C;YAC9E,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC;IAED;;;OAGG;IAEG,AAAN,KAAK,CAAC,iBAAiB,CACI,cAAsB,EACtC,EAAE,WAAW,EAAE,SAAS,EAAc;QAE7C,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QACtF,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,cAAc,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;IACnF,CAAC;IAED;;;OAGG;IAEG,AAAN,KAAK,CAAC,qBAAqB,CACA,cAAsB,EACtC,EAAE,WAAW,EAAE,SAAS,EAAc;QAE7C,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QACtF,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChF,CAAC;IAED,4FAA4F;IAE5F,iGAAiG;IACzF,sBAAsB,CAC1B,WAAsC,EACtC,SAAkC;QAElC,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,oBAAoB,CAAC,SAAS,CAAC,EAAE,CAAC;IACtE,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,eAAe,CACzB,cAAsB,EACtB,WAAqB,EACrB,QAA2B;QAE3B,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,eAAe,CAAyB,uBAAuB,EAAE,WAAW,CAAC,CAAC;QAC7G,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,iBAAiB,cAAc,YAAY,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9C,QAAQ,CAAC,uDAAuD,WAAW,CAAC,EAAE,oCAAoC,cAAc,aAAa,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YAC/J,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACzE,CAAC;IACL,CAAC;CACJ,CAAA;AArFS;IADL,QAAQ,CAAC,GAAG,EAAE,CAAC,uBAAuB,CAAC;IAEnC,WAAA,GAAG,CAAC,SAAS,CAAC,CAAA;IACd,WAAA,GAAG,EAAE,CAAA;IACL,WAAA,GAAG,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;IACzC,WAAA,GAAG,CAAC,eAAe,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;IACxC,WAAA,GAAG,CAAC,YAAY,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;;;;6DAiBzC;AAOK;IADL,QAAQ,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC;IAEnB,WAAA,GAAG,CAAC,gBAAgB,CAAC,CAAA;IACrB,WAAA,GAAG,EAAE,CAAA;;;;6DAKT;AAOK;IADL,QAAQ,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC;IAEnB,WAAA,GAAG,CAAC,gBAAgB,CAAC,CAAA;IACrB,WAAA,GAAG,EAAE,CAAA;;;;iEAKT;AA1DQ,oBAAoB;IADhC,QAAQ,EAAE;GACE,oBAAoB,CA6FhC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { AppContext } from '../types.js';
|
|
2
|
+
import { ResolverBase } from '../generic/ResolverBase.js';
|
|
3
|
+
declare class EntityPermissionResult {
|
|
4
|
+
EntityName: string;
|
|
5
|
+
CanRead: boolean;
|
|
6
|
+
}
|
|
7
|
+
declare class CheckEntityPermissionsResult {
|
|
8
|
+
Success: boolean;
|
|
9
|
+
Results: EntityPermissionResult[];
|
|
10
|
+
ErrorMessage?: string;
|
|
11
|
+
}
|
|
12
|
+
export declare class EntityPermissionResolver extends ResolverBase {
|
|
13
|
+
CheckEntityPermissionsSystemUser(entityNames: string[], userEmail: string, context: AppContext): Promise<CheckEntityPermissionsResult>;
|
|
14
|
+
}
|
|
15
|
+
export {};
|
|
16
|
+
//# sourceMappingURL=EntityPermissionResolver.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"EntityPermissionResolver.d.ts","sourceRoot":"","sources":["../../src/resolvers/EntityPermissionResolver.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAK1D,cACM,sBAAsB;IAEhB,UAAU,EAAE,MAAM,CAAC;IAGnB,OAAO,EAAE,OAAO,CAAC;CAC5B;AAED,cACM,4BAA4B;IAEtB,OAAO,EAAE,OAAO,CAAC;IAGjB,OAAO,EAAE,sBAAsB,EAAE,CAAC;IAG1C,YAAY,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,qBACa,wBAAyB,SAAQ,YAAY;IAIhD,gCAAgC,CACE,WAAW,EAAE,MAAM,EAAE,EACzB,SAAS,EAAE,MAAM,EAC1C,OAAO,EAAE,UAAU,GAC3B,OAAO,CAAC,4BAA4B,CAAC;CAkC3C"}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
11
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
12
|
+
};
|
|
13
|
+
import { Arg, Ctx, Field, ObjectType, Query, Resolver } from 'type-graphql';
|
|
14
|
+
import { LogError } from '@memberjunction/core';
|
|
15
|
+
import { ResolverBase } from '../generic/ResolverBase.js';
|
|
16
|
+
import { RequireSystemUser } from '../directives/RequireSystemUser.js';
|
|
17
|
+
import { GetReadOnlyProvider } from '../util.js';
|
|
18
|
+
import { UserCache } from '@memberjunction/sqlserver-dataprovider';
|
|
19
|
+
let EntityPermissionResult = class EntityPermissionResult {
|
|
20
|
+
};
|
|
21
|
+
__decorate([
|
|
22
|
+
Field(() => String),
|
|
23
|
+
__metadata("design:type", String)
|
|
24
|
+
], EntityPermissionResult.prototype, "EntityName", void 0);
|
|
25
|
+
__decorate([
|
|
26
|
+
Field(() => Boolean),
|
|
27
|
+
__metadata("design:type", Boolean)
|
|
28
|
+
], EntityPermissionResult.prototype, "CanRead", void 0);
|
|
29
|
+
EntityPermissionResult = __decorate([
|
|
30
|
+
ObjectType()
|
|
31
|
+
], EntityPermissionResult);
|
|
32
|
+
let CheckEntityPermissionsResult = class CheckEntityPermissionsResult {
|
|
33
|
+
};
|
|
34
|
+
__decorate([
|
|
35
|
+
Field(() => Boolean),
|
|
36
|
+
__metadata("design:type", Boolean)
|
|
37
|
+
], CheckEntityPermissionsResult.prototype, "Success", void 0);
|
|
38
|
+
__decorate([
|
|
39
|
+
Field(() => [EntityPermissionResult]),
|
|
40
|
+
__metadata("design:type", Array)
|
|
41
|
+
], CheckEntityPermissionsResult.prototype, "Results", void 0);
|
|
42
|
+
__decorate([
|
|
43
|
+
Field(() => String, { nullable: true }),
|
|
44
|
+
__metadata("design:type", String)
|
|
45
|
+
], CheckEntityPermissionsResult.prototype, "ErrorMessage", void 0);
|
|
46
|
+
CheckEntityPermissionsResult = __decorate([
|
|
47
|
+
ObjectType()
|
|
48
|
+
], CheckEntityPermissionsResult);
|
|
49
|
+
let EntityPermissionResolver = class EntityPermissionResolver extends ResolverBase {
|
|
50
|
+
async CheckEntityPermissionsSystemUser(entityNames, userEmail, context) {
|
|
51
|
+
try {
|
|
52
|
+
const user = UserCache.Instance.Users.find(u => u.Email.toLowerCase().trim() === userEmail.toLowerCase().trim());
|
|
53
|
+
if (!user) {
|
|
54
|
+
return { Success: false, Results: [], ErrorMessage: `User not found: ${userEmail}` };
|
|
55
|
+
}
|
|
56
|
+
// Use the per-request provider (not the global default) so entity metadata + permission
|
|
57
|
+
// evaluation resolve against the connection servicing THIS request.
|
|
58
|
+
const md = GetReadOnlyProvider(context.providers, { allowFallbackToReadWrite: true });
|
|
59
|
+
const results = [];
|
|
60
|
+
for (const name of entityNames) {
|
|
61
|
+
const entityInfo = md.EntityByName(name);
|
|
62
|
+
if (!entityInfo) {
|
|
63
|
+
results.push({ EntityName: name, CanRead: false });
|
|
64
|
+
continue;
|
|
65
|
+
}
|
|
66
|
+
const perms = entityInfo.GetUserPermisions(user);
|
|
67
|
+
results.push({ EntityName: name, CanRead: perms?.CanRead ?? false });
|
|
68
|
+
}
|
|
69
|
+
return { Success: true, Results: results };
|
|
70
|
+
}
|
|
71
|
+
catch (err) {
|
|
72
|
+
LogError(err);
|
|
73
|
+
return {
|
|
74
|
+
Success: false,
|
|
75
|
+
Results: [],
|
|
76
|
+
ErrorMessage: `EntityPermissionResolver::CheckEntityPermissionsSystemUser --- ${err instanceof Error ? err.message : String(err)}`
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
};
|
|
81
|
+
__decorate([
|
|
82
|
+
RequireSystemUser(),
|
|
83
|
+
Query(() => CheckEntityPermissionsResult),
|
|
84
|
+
__param(0, Arg('EntityNames', () => [String])),
|
|
85
|
+
__param(1, Arg('UserEmail', () => String)),
|
|
86
|
+
__param(2, Ctx()),
|
|
87
|
+
__metadata("design:type", Function),
|
|
88
|
+
__metadata("design:paramtypes", [Array, String, Object]),
|
|
89
|
+
__metadata("design:returntype", Promise)
|
|
90
|
+
], EntityPermissionResolver.prototype, "CheckEntityPermissionsSystemUser", null);
|
|
91
|
+
EntityPermissionResolver = __decorate([
|
|
92
|
+
Resolver()
|
|
93
|
+
], EntityPermissionResolver);
|
|
94
|
+
export { EntityPermissionResolver };
|
|
95
|
+
//# sourceMappingURL=EntityPermissionResolver.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"EntityPermissionResolver.js","sourceRoot":"","sources":["../../src/resolvers/EntityPermissionResolver.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAEhD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,wCAAwC,CAAC;AAGnE,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;CAM3B,CAAA;AAJW;IADP,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC;;0DACO;AAGnB;IADP,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC;;uDACI;AALvB,sBAAsB;IAD3B,UAAU,EAAE;GACP,sBAAsB,CAM3B;AAGD,IAAM,4BAA4B,GAAlC,MAAM,4BAA4B;CASjC,CAAA;AAPW;IADP,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC;;6DACI;AAGjB;IADP,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,sBAAsB,CAAC,CAAC;;6DACI;AAG1C;IADC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;kEAClB;AARpB,4BAA4B;IADjC,UAAU,EAAE;GACP,4BAA4B,CASjC;AAGM,IAAM,wBAAwB,GAA9B,MAAM,wBAAyB,SAAQ,YAAY;IAIhD,AAAN,KAAK,CAAC,gCAAgC,CACE,WAAqB,EACzB,SAAiB,EAC1C,OAAmB;QAE1B,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CACvE,CAAC;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACR,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,mBAAmB,SAAS,EAAE,EAAE,CAAC;YACzF,CAAC;YAED,wFAAwF;YACxF,oEAAoE;YACpE,MAAM,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,wBAAwB,EAAE,IAAI,EAAE,CAAC,CAAC;YACtF,MAAM,OAAO,GAA6B,EAAE,CAAC;YAE7C,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC7B,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;gBACzC,IAAI,CAAC,UAAU,EAAE,CAAC;oBACd,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;oBACnD,SAAS;gBACb,CAAC;gBACD,MAAM,KAAK,GAAG,UAAU,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACjD,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,IAAI,KAAK,EAAE,CAAC,CAAC;YACzE,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,EAAE;gBACX,YAAY,EAAE,kEAAkE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;aACrI,CAAC;QACN,CAAC;IACL,CAAC;CACJ,CAAA;AAtCS;IAFL,iBAAiB,EAAE;IACnB,KAAK,CAAC,GAAG,EAAE,CAAC,4BAA4B,CAAC;IAErC,WAAA,GAAG,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAA;IAClC,WAAA,GAAG,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,CAAA;IAC9B,WAAA,GAAG,EAAE,CAAA;;;;gFAkCT;AAzCQ,wBAAwB;IADpC,QAAQ,EAAE;GACE,wBAAwB,CA0CpC"}
|