@microsoft/teams.apps 2.0.0-preview.0 → 2.0.0-preview.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/app.d.ts +59 -53
- package/dist/app.embed.d.ts +4 -3
- package/dist/app.embed.js +12 -2
- package/dist/app.events.d.ts +7 -7
- package/dist/app.events.js +1 -1
- package/dist/app.js +48 -16
- package/dist/app.oauth.d.ts +4 -2
- package/dist/app.oauth.js +1 -1
- package/dist/app.plugins.d.ts +3 -3
- package/dist/app.plugins.js +14 -2
- package/dist/app.process.d.ts +2 -2
- package/dist/app.process.js +28 -21
- package/dist/app.routing.d.ts +9 -5
- package/dist/app.routing.js +1 -1
- package/dist/contexts/activity-signin.d.ts +1 -1
- package/dist/contexts/activity.d.ts +14 -7
- package/dist/contexts/activity.js +5 -4
- package/dist/contexts/client.d.ts +10 -6
- package/dist/contexts/function.d.ts +15 -0
- package/dist/events/index.d.ts +1 -0
- package/dist/events/index.js +14 -1
- package/dist/middleware/auth/jwt-validator.d.ts +60 -0
- package/dist/middleware/auth/jwt-validator.js +213 -0
- package/dist/middleware/index.d.ts +3 -2
- package/dist/middleware/index.js +7 -5
- package/dist/middleware/jwt-validation-middleware.d.ts +11 -0
- package/dist/middleware/jwt-validation-middleware.js +46 -0
- package/dist/middleware/strip-mentions-text.d.ts +1 -1
- package/dist/middleware/strip-mentions-text.js +1 -1
- package/dist/middleware/with-remote-function-jwt-validation.d.ts +16 -0
- package/dist/middleware/with-remote-function-jwt-validation.js +47 -0
- package/dist/plugins/http/plugin.d.ts +10 -4
- package/dist/plugins/http/plugin.js +39 -21
- package/dist/plugins/http/stream.d.ts +5 -3
- package/dist/plugins/http/stream.js +59 -39
- package/dist/router.d.ts +9 -9
- package/dist/router.js +1 -1
- package/dist/routes/activity.d.ts +2 -2
- package/dist/routes/conversation-update.d.ts +2 -2
- package/dist/routes/event.d.ts +2 -2
- package/dist/routes/index.d.ts +7 -6
- package/dist/routes/index.js +4 -4
- package/dist/routes/install.d.ts +2 -2
- package/dist/routes/invoke/index.d.ts +2 -2
- package/dist/routes/message-delete.d.ts +2 -2
- package/dist/routes/message-update.d.ts +2 -2
- package/dist/types/app-events.d.ts +25 -0
- package/dist/types/app-events.js +3 -0
- package/dist/types/app-routing.d.ts +11 -0
- package/dist/types/app-routing.js +3 -0
- package/dist/types/index.d.ts +6 -4
- package/dist/types/index.js +7 -5
- package/dist/types/plugin/decorators/event.d.ts +1 -1
- package/dist/types/plugin/plugin.d.ts +11 -6
- package/dist/types/plugin/sender.d.ts +1 -1
- package/dist/types/plugin/sender.js +2 -1
- package/dist/types/route-handler.d.ts +1 -1
- package/dist/types/union-to-intersection.d.ts +1 -0
- package/dist/types/union-to-intersection.js +3 -0
- package/dist/utils/asserts.d.ts +1 -0
- package/dist/utils/asserts.js +12 -0
- package/dist/utils/function-context.d.ts +5 -0
- package/dist/utils/function-context.js +54 -0
- package/dist/utils/index.d.ts +2 -0
- package/dist/utils/index.js +4 -2
- package/dist/utils/promises/retry.d.ts +8 -3
- package/dist/utils/promises/retry.js +14 -6
- package/package.json +5 -5
- package/dist/middleware/entra-token-validator.d.ts +0 -75
- package/dist/middleware/entra-token-validator.js +0 -169
- package/dist/middleware/with-client-auth.d.ts +0 -13
- package/dist/middleware/with-client-auth.js +0 -40
|
@@ -39,8 +39,8 @@ class ActivityContext {
|
|
|
39
39
|
value.activity = teams_api_1.TypingActivity.from(value.activity).toInterface();
|
|
40
40
|
}
|
|
41
41
|
}
|
|
42
|
-
async send(activity) {
|
|
43
|
-
return await this._plugin.send((0, teams_api_1.toActivityParams)(activity), this.ref);
|
|
42
|
+
async send(activity, conversationRef) {
|
|
43
|
+
return await this._plugin.send((0, teams_api_1.toActivityParams)(activity), conversationRef ?? this.ref);
|
|
44
44
|
}
|
|
45
45
|
async reply(activity) {
|
|
46
46
|
activity = (0, teams_api_1.toActivityParams)(activity);
|
|
@@ -94,6 +94,7 @@ class ActivityContext {
|
|
|
94
94
|
type: 'message',
|
|
95
95
|
inputHint: 'acceptingInput',
|
|
96
96
|
recipient: this.activity.from,
|
|
97
|
+
conversation: convo.conversation,
|
|
97
98
|
attachments: [
|
|
98
99
|
(0, teams_api_1.cardAttachment)('oauth', {
|
|
99
100
|
text: oauthCardText,
|
|
@@ -109,7 +110,7 @@ class ActivityContext {
|
|
|
109
110
|
],
|
|
110
111
|
}),
|
|
111
112
|
],
|
|
112
|
-
});
|
|
113
|
+
}, convo);
|
|
113
114
|
}
|
|
114
115
|
async signout() {
|
|
115
116
|
await this.api.users.token.signOut({
|
|
@@ -156,4 +157,4 @@ class ActivityContext {
|
|
|
156
157
|
}
|
|
157
158
|
}
|
|
158
159
|
exports.ActivityContext = ActivityContext;
|
|
159
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
160
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWN0aXZpdHkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvY29udGV4dHMvYWN0aXZpdHkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsb0RBZ0I4QjtBQTRJakIsUUFBQSxzQkFBc0IsR0FBa0I7SUFDbkQsYUFBYSxFQUFFLG1CQUFtQjtJQUNsQyxnQkFBZ0IsRUFBRSxTQUFTO0NBQzVCLENBQUM7QUFFRixNQUFhLGVBQWU7SUFFMUIsS0FBSyxDQUFVO0lBQ2YsUUFBUSxDQUFLO0lBQ2IsR0FBRyxDQUF5QjtJQUM1QixHQUFHLENBQVc7SUFDZCxHQUFHLENBQWE7SUFDaEIsUUFBUSxDQUFlO0lBQ3ZCLFNBQVMsQ0FBZTtJQUN4QixPQUFPLENBQVk7SUFDbkIsTUFBTSxDQUFZO0lBQ2xCLFVBQVUsQ0FBVztJQUNyQixjQUFjLENBQVM7SUFDdkIsSUFBSSxDQUUwRDtJQUdwRCxPQUFPLENBQVU7SUFDakIsS0FBSyxDQUUrQztJQUU5RCxZQUFZLE1BQWUsRUFBRSxLQUFrQztRQUM3RCxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsQ0FBQztRQUMzQixJQUFJLENBQUMsT0FBTyxHQUFHLE1BQU0sQ0FBQztRQUN0QixJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzdDLElBQUksQ0FBQyxjQUFjLEdBQUcsS0FBSyxDQUFDLGNBQWMsQ0FBQztRQUUzQyxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3RDLEtBQUssQ0FBQyxRQUFRLEdBQUcsMkJBQWUsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ3RFLENBQUM7UUFFRCxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBSSxLQUFLLGVBQWUsRUFBRSxDQUFDO1lBQzVDLEtBQUssQ0FBQyxRQUFRLEdBQUcsaUNBQXFCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUM1RSxDQUFDO1FBRUQsSUFBSSxLQUFLLENBQUMsUUFBUSxDQUFDLElBQUksS0FBSyxlQUFlLEVBQUUsQ0FBQztZQUM1QyxLQUFLLENBQUMsUUFBUSxHQUFHLGlDQUFxQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDNUUsQ0FBQztRQUVELElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDckMsS0FBSyxDQUFDLFFBQVEsR0FBRywwQkFBYyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDckUsQ0FBQztJQUNILENBQUM7SUFFRCxLQUFLLENBQUMsSUFBSSxDQUFDLFFBQXNCLEVBQUUsZUFBdUM7UUFDeEUsT0FBTyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUEsNEJBQWdCLEVBQUMsUUFBUSxDQUFDLEVBQUUsZUFBZSxJQUFJLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMxRixDQUFDO0lBRUQsS0FBSyxDQUFDLEtBQUssQ0FBQyxRQUFzQjtRQUNoQyxRQUFRLEdBQUcsSUFBQSw0QkFBZ0IsRUFBQyxRQUFRLENBQUMsQ0FBQztRQUN0QyxRQUFRLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ3RDLElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxTQUFTLElBQUksUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2pELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQywwQkFBMEIsRUFBRSxDQUFDO1lBQ3JELElBQUksVUFBVSxFQUFFLENBQUM7Z0JBQ2YsUUFBUSxDQUFDLElBQUksR0FBRyxHQUFHLFVBQVUsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDdEQsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDN0IsQ0FBQztJQUVELEtBQUssQ0FBQyxNQUFNLENBQUMsT0FBZ0M7UUFDM0MsTUFBTSxFQUFFLGFBQWEsRUFBRSxnQkFBZ0IsRUFBRSxzQkFBc0IsRUFBRSxHQUFHO1lBQ2xFLEdBQUcsOEJBQXNCO1lBQ3pCLEdBQUcsT0FBTztTQUNYLENBQUM7UUFFRixNQUFNLEtBQUssR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBRTlCLElBQUksQ0FBQztZQUNILE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQztnQkFDekMsU0FBUyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUztnQkFDbEMsTUFBTSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEVBQUU7Z0JBQzdCLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYzthQUNwQyxDQUFDLENBQUM7WUFFSCxPQUFPLEdBQUcsQ0FBQyxLQUFLLENBQUM7UUFDbkIsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sa0JBQWtCLEdBQXVCO1lBQzdDLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztZQUNuQyxZQUFZLEVBQUUsS0FBSztZQUNuQixTQUFTLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTO1lBQ2xDLE9BQU8sRUFBRSxJQUFJLENBQUMsS0FBSztTQUNwQixDQUFDO1FBRUYsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN2QyxrREFBa0Q7WUFDbEQsdUNBQXVDO1lBQ3ZDLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDO2dCQUM5QyxRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsUUFBUTtnQkFDN0MsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsR0FBRyxFQUFFLEVBQUUsRUFBRSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFBRTtnQkFDdkMsT0FBTyxFQUFFLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUM7YUFDOUIsQ0FBQyxDQUFDO1lBRUgsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztZQUMxRCxLQUFLLENBQUMsWUFBWSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsQ0FBQyxFQUFFLEVBQXlCLENBQUM7UUFDN0QsQ0FBQztRQUVELE1BQU0sS0FBSyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUNwRSxRQUFRLENBQ1QsQ0FBQztRQUNGLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUM7UUFFbkUsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUNiLHNCQUFzQixFQUFFLENBQ3RCLFFBQVEsQ0FBQyxxQkFBcUIsRUFDOUIsUUFBUSxDQUFDLGlCQUFpQixFQUMxQixRQUFRLENBQUMsVUFBVSxDQUNwQixJQUFJO1lBQ0gsSUFBSSxFQUFFLFNBQVM7WUFDZixTQUFTLEVBQUUsZ0JBQWdCO1lBQzNCLFNBQVMsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUk7WUFDN0IsWUFBWSxFQUFFLEtBQUssQ0FBQyxZQUFZO1lBQ2hDLFdBQVcsRUFBRTtnQkFDWCxJQUFBLDBCQUFjLEVBQUMsT0FBTyxFQUFFO29CQUN0QixJQUFJLEVBQUUsYUFBYTtvQkFDbkIsY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO29CQUNuQyxxQkFBcUIsRUFBRSxRQUFRLENBQUMscUJBQXFCO29CQUNyRCxpQkFBaUIsRUFBRSxRQUFRLENBQUMsaUJBQWlCO29CQUM3QyxPQUFPLEVBQUU7d0JBQ1A7NEJBQ0UsSUFBSSxFQUFFLFFBQVE7NEJBQ2QsS0FBSyxFQUFFLGdCQUFnQjs0QkFDdkIsS0FBSyxFQUFFLFFBQVEsQ0FBQyxVQUFVO3lCQUMzQjtxQkFDRjtpQkFDRixDQUFDO2FBQ0g7U0FDRixFQUFFLEtBQUssQ0FDVCxDQUFDO0lBQ0osQ0FBQztJQUVELEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDO1lBQ2pDLFNBQVMsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVM7WUFDbEMsTUFBTSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEVBQUU7WUFDN0IsY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO1NBQ3BDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxXQUFXO1FBQ1QsT0FBTztZQUNMLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixHQUFHLEVBQUUsSUFBSSxDQUFDLEdBQUc7WUFDYixRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVE7WUFDdkIsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLEtBQUssRUFBRSxJQUFJLENBQUMsS0FBSztZQUNqQixHQUFHLEVBQUUsSUFBSSxDQUFDLEdBQUc7WUFDYixHQUFHLEVBQUUsSUFBSSxDQUFDLEdBQUc7WUFDYixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO1lBQ25CLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixjQUFjLEVBQUUsSUFBSSxDQUFDLGNBQWM7WUFDbkMsSUFBSSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQztZQUMxQixLQUFLLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO1lBQzVCLElBQUksRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUM7WUFDMUIsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQztZQUM5QixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDO1NBQ2pDLENBQUM7SUFDSixDQUFDO0lBRU8sMEJBQTBCO1FBQ2hDLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEtBQUssU0FBUyxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDM0QsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDO1lBQ3RCLE1BQU0sYUFBYSxHQUNqQixJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxNQUFNLEdBQUcsU0FBUztnQkFDbkMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxTQUFTLENBQUMsS0FBSztnQkFDcEQsQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDO1lBRXpCLE9BQU8sNkVBQTZFLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRTtpQ0FDekUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsRUFBRSxLQUFLLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksMENBQTBDLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRTt3QkFDcEgsYUFBYTtjQUN2QixDQUFDO1FBQ1gsQ0FBQzthQUFNLENBQUM7WUFDTixJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxpREFBaUQsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3hGLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7Q0FDRjtBQXhMRCwwQ0F3TEMifQ==
|
|
@@ -8,13 +8,17 @@ export interface IClientContext {
|
|
|
8
8
|
*/
|
|
9
9
|
readonly appSessionId: string;
|
|
10
10
|
/**
|
|
11
|
-
* The Microsoft Entra tenant ID of the current user.
|
|
11
|
+
* The Microsoft Entra tenant ID of the current user, extracted from request auth token.
|
|
12
12
|
*/
|
|
13
|
-
readonly tenantId
|
|
13
|
+
readonly tenantId: string;
|
|
14
14
|
/**
|
|
15
|
-
* The Microsoft Entra object id of the current user.
|
|
15
|
+
* The Microsoft Entra object id of the current user, extracted from the request auth token.
|
|
16
16
|
*/
|
|
17
|
-
readonly userId
|
|
17
|
+
readonly userId: string;
|
|
18
|
+
/**
|
|
19
|
+
* The name of the current user, extracted from the request auth token.
|
|
20
|
+
*/
|
|
21
|
+
readonly userName: string;
|
|
18
22
|
/**
|
|
19
23
|
* The Microsoft Teams ID for the team with which the content is associated.
|
|
20
24
|
*/
|
|
@@ -33,7 +37,7 @@ export interface IClientContext {
|
|
|
33
37
|
*/
|
|
34
38
|
readonly chatId?: string;
|
|
35
39
|
/**
|
|
36
|
-
* Meeting
|
|
40
|
+
* Meeting ID used by tab when running in meeting context
|
|
37
41
|
*/
|
|
38
42
|
readonly meetingId?: string;
|
|
39
43
|
/**
|
|
@@ -49,5 +53,5 @@ export interface IClientContext {
|
|
|
49
53
|
/**
|
|
50
54
|
* The MSAL entra token.
|
|
51
55
|
*/
|
|
52
|
-
readonly authToken
|
|
56
|
+
readonly authToken: string;
|
|
53
57
|
}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { ActivityLike, SentActivity } from '@microsoft/teams.api';
|
|
1
2
|
import { ILogger } from '@microsoft/teams.common';
|
|
2
3
|
import { ApiClient, GraphClient } from '../api';
|
|
3
4
|
import { IClientContext } from './client';
|
|
@@ -18,4 +19,18 @@ export interface IFunctionContext<T = any> extends IClientContext {
|
|
|
18
19
|
* the function payload
|
|
19
20
|
*/
|
|
20
21
|
data: T;
|
|
22
|
+
/**
|
|
23
|
+
* Attempts to find the ID of the conversation in which the app is being used, and verifies that the bot and the
|
|
24
|
+
* user making the function call are both present in the conversation. Depending on the conversation type, this
|
|
25
|
+
* is the ID of a chat (for group chats, 1:1 chats and channel meetings), a channel, a meeting, or a user-bot
|
|
26
|
+
* conversation (when the app is hosted in personal scope).
|
|
27
|
+
* Returns undefined if the conversation ID cannot be determined or is invalid.
|
|
28
|
+
*/
|
|
29
|
+
getCurrentConversationId: () => Promise<string | undefined>;
|
|
30
|
+
/**
|
|
31
|
+
* send an activity to the current conversation.
|
|
32
|
+
* Returns null if the conversation ID cannot be determined or is invalid.
|
|
33
|
+
* @param activity activity to send
|
|
34
|
+
*/
|
|
35
|
+
send: (activity: ActivityLike) => Promise<SentActivity | null>;
|
|
21
36
|
}
|
package/dist/events/index.d.ts
CHANGED
|
@@ -12,6 +12,7 @@ export interface IEvents {
|
|
|
12
12
|
'activity.response': IActivityResponseEvent;
|
|
13
13
|
'activity.sent': IActivitySentEvent;
|
|
14
14
|
}
|
|
15
|
+
export declare const allIEventKeys: string[];
|
|
15
16
|
export * from './activity';
|
|
16
17
|
export * from './activity-response';
|
|
17
18
|
export * from './activity-sent';
|
package/dist/events/index.js
CHANGED
|
@@ -14,8 +14,21 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.allIEventKeys = void 0;
|
|
18
|
+
const allIEventKeysRecord = {
|
|
19
|
+
start: true,
|
|
20
|
+
signin: true,
|
|
21
|
+
error: true,
|
|
22
|
+
activity: true,
|
|
23
|
+
'activity.response': true,
|
|
24
|
+
'activity.sent': true,
|
|
25
|
+
};
|
|
26
|
+
// This is a trick to make sure typescript-complains whenever we add a new event
|
|
27
|
+
// in IEvents, we MUST also add it to allIEventKeysRecord so we have a runtime
|
|
28
|
+
// check to make sure we didn't forget to add it to the record.
|
|
29
|
+
exports.allIEventKeys = Object.keys(allIEventKeysRecord);
|
|
17
30
|
__exportStar(require("./activity"), exports);
|
|
18
31
|
__exportStar(require("./activity-response"), exports);
|
|
19
32
|
__exportStar(require("./activity-sent"), exports);
|
|
20
33
|
__exportStar(require("./error"), exports);
|
|
21
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
34
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZXZlbnRzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBa0JBLE1BQU0sbUJBQW1CLEdBQWdDO0lBQ3ZELEtBQUssRUFBRSxJQUFJO0lBQ1gsTUFBTSxFQUFFLElBQUk7SUFDWixLQUFLLEVBQUUsSUFBSTtJQUNYLFFBQVEsRUFBRSxJQUFJO0lBQ2QsbUJBQW1CLEVBQUUsSUFBSTtJQUN6QixlQUFlLEVBQUUsSUFBSTtDQUN0QixDQUFDO0FBRUYsZ0ZBQWdGO0FBQ2hGLDhFQUE4RTtBQUM5RSwrREFBK0Q7QUFDbEQsUUFBQSxhQUFhLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0FBRTlELDZDQUEyQjtBQUMzQixzREFBb0M7QUFDcEMsa0RBQWdDO0FBQ2hDLDBDQUF3QiJ9
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
import { type JwtPayload } from 'jsonwebtoken';
|
|
2
|
+
import { ILogger } from '@microsoft/teams.common';
|
|
3
|
+
export interface IJwtValidationOptions {
|
|
4
|
+
/** Required: Application/Client ID for audience validation */
|
|
5
|
+
clientId: string;
|
|
6
|
+
/**
|
|
7
|
+
* This may be 'common', 'organizations', 'consumers' for multi-tenant apps,
|
|
8
|
+
* or a specific tenant ID for single-tenant apps.
|
|
9
|
+
*/
|
|
10
|
+
tenantId?: string;
|
|
11
|
+
/**
|
|
12
|
+
* JWKS URI options for fetching public keys
|
|
13
|
+
*/
|
|
14
|
+
jwksUriOptions: {
|
|
15
|
+
type: 'tenantId';
|
|
16
|
+
} | {
|
|
17
|
+
type: 'uri';
|
|
18
|
+
uri: string;
|
|
19
|
+
};
|
|
20
|
+
/** Optional: Validate required scope in token */
|
|
21
|
+
validateScope?: {
|
|
22
|
+
requiredScope: string;
|
|
23
|
+
};
|
|
24
|
+
/** Optional: Validate service URL (Bot Framework specific) */
|
|
25
|
+
validateServiceUrl?: {
|
|
26
|
+
expectedServiceUrl: string;
|
|
27
|
+
};
|
|
28
|
+
/** Optional: Custom issuer validation */
|
|
29
|
+
validateIssuer?: {
|
|
30
|
+
/** Allowed */
|
|
31
|
+
allowedIssuer: string;
|
|
32
|
+
} | {
|
|
33
|
+
/** For multi-tenant apps, restrict to specific tenant IDs */
|
|
34
|
+
allowedTenantIds?: string[];
|
|
35
|
+
};
|
|
36
|
+
/** Optional: Clock tolerance in seconds (default: 300) */
|
|
37
|
+
clockTolerance?: number;
|
|
38
|
+
}
|
|
39
|
+
export declare class JwtValidator {
|
|
40
|
+
readonly options: IJwtValidationOptions;
|
|
41
|
+
private readonly logger?;
|
|
42
|
+
private readonly jwksCache;
|
|
43
|
+
constructor(options: IJwtValidationOptions, logger?: ILogger);
|
|
44
|
+
/**
|
|
45
|
+
* Validates a JWT token using the configured options
|
|
46
|
+
*/
|
|
47
|
+
validateAccessToken(rawToken: string, overrideOptions?: Pick<IJwtValidationOptions, 'validateServiceUrl' | 'validateScope'>): Promise<JwtPayload | null>;
|
|
48
|
+
private getJwksClient;
|
|
49
|
+
private getSigningKey;
|
|
50
|
+
private validateIssuer;
|
|
51
|
+
private validateScope;
|
|
52
|
+
private validateServiceUrl;
|
|
53
|
+
private performCustomValidations;
|
|
54
|
+
}
|
|
55
|
+
export declare const createEntraTokenValidator: (tenantId: string, clientId: string, options?: {
|
|
56
|
+
allowedTenantIds?: string[];
|
|
57
|
+
requiredScope?: string;
|
|
58
|
+
logger?: ILogger;
|
|
59
|
+
}) => JwtValidator;
|
|
60
|
+
export declare const createServiceTokenValidator: (appId: string, tenantId?: string, serviceUrl?: string, logger?: ILogger) => JwtValidator;
|
|
@@ -0,0 +1,213 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.createServiceTokenValidator = exports.createEntraTokenValidator = exports.JwtValidator = void 0;
|
|
7
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
8
|
+
const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
|
|
9
|
+
const teams_common_1 = require("@microsoft/teams.common");
|
|
10
|
+
const asserts_1 = require("../../utils/asserts");
|
|
11
|
+
const DEFAULTS = {
|
|
12
|
+
clockTolerance: 300 // 5 minutes
|
|
13
|
+
};
|
|
14
|
+
class JwtValidator {
|
|
15
|
+
options;
|
|
16
|
+
logger;
|
|
17
|
+
jwksCache = new Map();
|
|
18
|
+
constructor(options, logger) {
|
|
19
|
+
this.options = options;
|
|
20
|
+
this.logger = logger?.child('jwt-validator') ?? new teams_common_1.ConsoleLogger('jwt-validator');
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Validates a JWT token using the configured options
|
|
24
|
+
*/
|
|
25
|
+
async validateAccessToken(rawToken, overrideOptions) {
|
|
26
|
+
if (!rawToken) {
|
|
27
|
+
throw new Error('No token provided');
|
|
28
|
+
}
|
|
29
|
+
return new Promise((resolve) => {
|
|
30
|
+
const verifyOptions = {
|
|
31
|
+
audience: [
|
|
32
|
+
this.options.clientId,
|
|
33
|
+
`api://${this.options.clientId}`,
|
|
34
|
+
],
|
|
35
|
+
issuer: undefined,
|
|
36
|
+
ignoreExpiration: false,
|
|
37
|
+
algorithms: ['RS256'],
|
|
38
|
+
clockTolerance: this.options.clockTolerance ?? DEFAULTS.clockTolerance
|
|
39
|
+
};
|
|
40
|
+
this.logger?.debug('Validating JWT token with options:', {
|
|
41
|
+
audience: verifyOptions.audience,
|
|
42
|
+
clockTolerance: verifyOptions.clockTolerance,
|
|
43
|
+
algorithms: verifyOptions.algorithms
|
|
44
|
+
});
|
|
45
|
+
jsonwebtoken_1.default.verify(rawToken, this.getSigningKey.bind(this), verifyOptions, (err, decoded) => {
|
|
46
|
+
if (err) {
|
|
47
|
+
this.logger?.error('JWT verification failed:', err);
|
|
48
|
+
resolve(null);
|
|
49
|
+
return;
|
|
50
|
+
}
|
|
51
|
+
if (!decoded || typeof decoded !== 'object') {
|
|
52
|
+
this.logger?.error('Decoded token is not a valid object:', decoded);
|
|
53
|
+
resolve(null);
|
|
54
|
+
return;
|
|
55
|
+
}
|
|
56
|
+
this.logger?.debug('JWT verification succeeded');
|
|
57
|
+
const payload = decoded;
|
|
58
|
+
try {
|
|
59
|
+
this.performCustomValidations(payload, overrideOptions);
|
|
60
|
+
this.logger?.debug('Custom validations passed for token');
|
|
61
|
+
resolve(payload);
|
|
62
|
+
}
|
|
63
|
+
catch (validationError) {
|
|
64
|
+
this.logger?.error('Custom validation failed:', validationError);
|
|
65
|
+
resolve(null);
|
|
66
|
+
}
|
|
67
|
+
});
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
getJwksClient() {
|
|
71
|
+
switch (this.options.jwksUriOptions.type) {
|
|
72
|
+
case 'tenantId':
|
|
73
|
+
{
|
|
74
|
+
const cachedClient = this.jwksCache.get(`${this.options.tenantId}`);
|
|
75
|
+
if (cachedClient) {
|
|
76
|
+
this.logger?.debug(`Using cached JWKS client for tenant ID: ${this.options.tenantId}`);
|
|
77
|
+
return cachedClient;
|
|
78
|
+
}
|
|
79
|
+
this.jwksCache.set(`${this.options.tenantId}`, (0, jwks_rsa_1.default)({
|
|
80
|
+
jwksUri: `https://login.microsoftonline.com/${this.options.tenantId}/discovery/v2.0/keys`,
|
|
81
|
+
}));
|
|
82
|
+
return this.jwksCache.get(`${this.options.tenantId}`);
|
|
83
|
+
}
|
|
84
|
+
case 'uri':
|
|
85
|
+
{
|
|
86
|
+
const cachedClient = this.jwksCache.get(this.options.jwksUriOptions.uri);
|
|
87
|
+
if (cachedClient) {
|
|
88
|
+
this.logger?.debug(`Using cached JWKS client for URI: ${this.options.jwksUriOptions.uri}`);
|
|
89
|
+
return cachedClient;
|
|
90
|
+
}
|
|
91
|
+
this.jwksCache.set(this.options.jwksUriOptions.uri, (0, jwks_rsa_1.default)({
|
|
92
|
+
jwksUri: this.options.jwksUriOptions.uri,
|
|
93
|
+
}));
|
|
94
|
+
return this.jwksCache.get(this.options.jwksUriOptions.uri);
|
|
95
|
+
}
|
|
96
|
+
default:
|
|
97
|
+
(0, asserts_1.assertNever)(this.options.jwksUriOptions, `Unknown JWKS URI options type: ${this.options.jwksUriOptions}`);
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
getSigningKey(header, callback) {
|
|
101
|
+
const jwksClient = this.getJwksClient();
|
|
102
|
+
jwksClient?.getSigningKey(header.kid, (err, key) => {
|
|
103
|
+
if (err) {
|
|
104
|
+
this.logger?.error('Failed to get signing key:', err);
|
|
105
|
+
callback(err, undefined);
|
|
106
|
+
return;
|
|
107
|
+
}
|
|
108
|
+
const signingKey = key?.getPublicKey();
|
|
109
|
+
callback(null, signingKey);
|
|
110
|
+
});
|
|
111
|
+
}
|
|
112
|
+
validateIssuer(iss) {
|
|
113
|
+
if (!this.options.validateIssuer) {
|
|
114
|
+
return; // No issuer validation configured
|
|
115
|
+
}
|
|
116
|
+
if (!iss) {
|
|
117
|
+
throw new Error('Token missing issuer claim');
|
|
118
|
+
}
|
|
119
|
+
if ('allowedIssuer' in this.options.validateIssuer) {
|
|
120
|
+
// Validate against a specific allowed issuer
|
|
121
|
+
if (iss !== this.options.validateIssuer.allowedIssuer) {
|
|
122
|
+
throw new Error(`Token issuer '${iss}' does not match allowed issuer '${this.options.validateIssuer.allowedIssuer}'`);
|
|
123
|
+
}
|
|
124
|
+
return;
|
|
125
|
+
}
|
|
126
|
+
if (!this.options.tenantId) {
|
|
127
|
+
return;
|
|
128
|
+
}
|
|
129
|
+
const isMultiTenant = ['common', 'organizations', 'consumers'].includes(this.options.tenantId);
|
|
130
|
+
const allowedTenantIds = [];
|
|
131
|
+
if (isMultiTenant) {
|
|
132
|
+
if (this.options.validateIssuer.allowedTenantIds) {
|
|
133
|
+
// find which tenant ids are not 'common', 'organizations', or 'consumers'
|
|
134
|
+
for (const tenantId of this.options.validateIssuer.allowedTenantIds) {
|
|
135
|
+
if (!['common', 'organizations', 'consumers'].includes(tenantId)) {
|
|
136
|
+
allowedTenantIds.push(tenantId);
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
else {
|
|
142
|
+
// For single-tenant apps, only allow tokens issued by this app's tenant
|
|
143
|
+
// (ignore allowedTenantIds option for single-tenant apps)
|
|
144
|
+
allowedTenantIds.push(this.options.tenantId);
|
|
145
|
+
}
|
|
146
|
+
if (allowedTenantIds.length === 0) {
|
|
147
|
+
return; // No allowed tenant IDs configured, so no validation needed
|
|
148
|
+
}
|
|
149
|
+
else {
|
|
150
|
+
// Validate against allowed tenant IDs
|
|
151
|
+
if (!allowedTenantIds.some((tenantId) => iss.startsWith(`https://login.microsoftonline.com/${tenantId}/`))) {
|
|
152
|
+
throw new Error(`Token issuer '${iss}' not in allowed tenant IDs: ${allowedTenantIds.join(', ')}`);
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
validateScope(scp, overrideValidateScope) {
|
|
157
|
+
const validateScope = overrideValidateScope || this.options.validateScope;
|
|
158
|
+
if (validateScope) {
|
|
159
|
+
const scopes = scp ?? '';
|
|
160
|
+
if (!scopes.includes(validateScope.requiredScope)) {
|
|
161
|
+
throw new Error(`Token missing required scope: ${validateScope.requiredScope}`);
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
validateServiceUrl(serviceUrl, overrideValidateServiceUrl) {
|
|
166
|
+
const validateServiceUrl = overrideValidateServiceUrl || this.options.validateServiceUrl;
|
|
167
|
+
if (validateServiceUrl) {
|
|
168
|
+
if (!serviceUrl) {
|
|
169
|
+
throw new Error('Token missing serviceurl claim');
|
|
170
|
+
}
|
|
171
|
+
const normalizedTokenUrl = serviceUrl.replace(/\/$/, '').toLowerCase();
|
|
172
|
+
const normalizedExpectedUrl = validateServiceUrl.expectedServiceUrl.replace(/\/$/, '').toLowerCase();
|
|
173
|
+
if (normalizedTokenUrl !== normalizedExpectedUrl) {
|
|
174
|
+
throw new Error(`Service URL mismatch. Token: ${normalizedTokenUrl}, Expected: ${normalizedExpectedUrl}`);
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
performCustomValidations(payload, overrideOptions) {
|
|
179
|
+
this.validateIssuer(payload.iss);
|
|
180
|
+
this.validateScope(payload.scp, overrideOptions?.validateScope);
|
|
181
|
+
this.validateServiceUrl(payload.serviceurl, overrideOptions?.validateServiceUrl);
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
exports.JwtValidator = JwtValidator;
|
|
185
|
+
// Factory functions for common scenarios
|
|
186
|
+
const createEntraTokenValidator = (tenantId, clientId, options) => {
|
|
187
|
+
return new JwtValidator({
|
|
188
|
+
clientId,
|
|
189
|
+
tenantId,
|
|
190
|
+
validateIssuer: {
|
|
191
|
+
allowedTenantIds: options?.allowedTenantIds
|
|
192
|
+
},
|
|
193
|
+
validateScope: options?.requiredScope ? { requiredScope: options.requiredScope } : undefined,
|
|
194
|
+
jwksUriOptions: {
|
|
195
|
+
type: 'tenantId'
|
|
196
|
+
},
|
|
197
|
+
}, options?.logger);
|
|
198
|
+
};
|
|
199
|
+
exports.createEntraTokenValidator = createEntraTokenValidator;
|
|
200
|
+
const createServiceTokenValidator = (appId, tenantId, serviceUrl, logger) => {
|
|
201
|
+
return new JwtValidator({
|
|
202
|
+
clientId: appId,
|
|
203
|
+
tenantId,
|
|
204
|
+
validateIssuer: { allowedIssuer: 'https://api.botframework.com' },
|
|
205
|
+
validateServiceUrl: serviceUrl ? { expectedServiceUrl: serviceUrl } : undefined,
|
|
206
|
+
jwksUriOptions: {
|
|
207
|
+
type: 'uri',
|
|
208
|
+
uri: 'https://login.botframework.com/v1/.well-known/keys'
|
|
209
|
+
},
|
|
210
|
+
}, logger);
|
|
211
|
+
};
|
|
212
|
+
exports.createServiceTokenValidator = createServiceTokenValidator;
|
|
213
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiand0LXZhbGlkYXRvci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9taWRkbGV3YXJlL2F1dGgvand0LXZhbGlkYXRvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQSxnRUFBdUY7QUFDdkYsd0RBQTJEO0FBRTNELDBEQUFpRTtBQUVqRSxpREFBa0Q7QUFFbEQsTUFBTSxRQUFRLEdBQUc7SUFDZixjQUFjLEVBQUUsR0FBRyxDQUFDLFlBQVk7Q0FDakMsQ0FBQztBQXlDRixNQUFhLFlBQVk7SUFDUCxPQUFPLENBQXdCO0lBQzlCLE1BQU0sQ0FBVztJQUNqQixTQUFTLEdBQTRCLElBQUksR0FBRyxFQUFFLENBQUM7SUFFaEUsWUFBWSxPQUE4QixFQUFFLE1BQWdCO1FBQzFELElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxFQUFFLEtBQUssQ0FBQyxlQUFlLENBQUMsSUFBSSxJQUFJLDRCQUFhLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDckYsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLG1CQUFtQixDQUN2QixRQUFnQixFQUNoQixlQUFxRjtRQUVyRixJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDZCxNQUFNLElBQUksS0FBSyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDdkMsQ0FBQztRQUVELE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRTtZQUM3QixNQUFNLGFBQWEsR0FBc0I7Z0JBQ3ZDLFFBQVEsRUFBRTtvQkFDUixJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVE7b0JBQ3JCLFNBQVMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUU7aUJBQ2pDO2dCQUNELE1BQU0sRUFBRSxTQUFTO2dCQUNqQixnQkFBZ0IsRUFBRSxLQUFLO2dCQUN2QixVQUFVLEVBQUUsQ0FBQyxPQUFPLENBQUM7Z0JBQ3JCLGNBQWMsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsSUFBSSxRQUFRLENBQUMsY0FBYzthQUN2RSxDQUFDO1lBRUYsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsb0NBQW9DLEVBQUU7Z0JBQ3ZELFFBQVEsRUFBRSxhQUFhLENBQUMsUUFBUTtnQkFDaEMsY0FBYyxFQUFFLGFBQWEsQ0FBQyxjQUFjO2dCQUM1QyxVQUFVLEVBQUUsYUFBYSxDQUFDLFVBQVU7YUFDckMsQ0FBQyxDQUFDO1lBQ0gsc0JBQUcsQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLElBQUksQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLGFBQWEsRUFBRSxDQUFDLEdBQUcsRUFBRSxPQUFPLEVBQUUsRUFBRTtnQkFDbEYsSUFBSSxHQUFHLEVBQUUsQ0FBQztvQkFDUixJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQywwQkFBMEIsRUFBRSxHQUFHLENBQUMsQ0FBQztvQkFDcEQsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNkLE9BQU87Z0JBQ1QsQ0FBQztnQkFFRCxJQUFJLENBQUMsT0FBTyxJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRSxDQUFDO29CQUM1QyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxzQ0FBc0MsRUFBRSxPQUFPLENBQUMsQ0FBQztvQkFDcEUsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNkLE9BQU87Z0JBQ1QsQ0FBQztnQkFDRCxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO2dCQUVqRCxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUM7Z0JBRXhCLElBQUksQ0FBQztvQkFDSCxJQUFJLENBQUMsd0JBQXdCLENBQUMsT0FBTyxFQUFFLGVBQWUsQ0FBQyxDQUFDO29CQUN4RCxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO29CQUMxRCxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQ25CLENBQUM7Z0JBQUMsT0FBTyxlQUFlLEVBQUUsQ0FBQztvQkFDekIsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsMkJBQTJCLEVBQUUsZUFBZSxDQUFDLENBQUM7b0JBQ2pFLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDaEIsQ0FBQztZQUNILENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRU8sYUFBYTtRQUNuQixRQUFRLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3pDLEtBQUssVUFBVTtnQkFDYixDQUFDO29CQUNDLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO29CQUNwRSxJQUFJLFlBQVksRUFBRSxDQUFDO3dCQUNqQixJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQywyQ0FBMkMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO3dCQUN2RixPQUFPLFlBQVksQ0FBQztvQkFDdEIsQ0FBQztvQkFDRCxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLEVBQUUsSUFBQSxrQkFBTyxFQUFDO3dCQUNyRCxPQUFPLEVBQUUscUNBQXFDLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxzQkFBc0I7cUJBQzFGLENBQUMsQ0FBQyxDQUFDO29CQUVKLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxDQUFFLENBQUM7Z0JBQ3pELENBQUM7WUFFSCxLQUFLLEtBQUs7Z0JBQ1IsQ0FBQztvQkFDQyxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQztvQkFDekUsSUFBSSxZQUFZLEVBQUUsQ0FBQzt3QkFDakIsSUFBSSxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMscUNBQXFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUM7d0JBQzNGLE9BQU8sWUFBWSxDQUFDO29CQUN0QixDQUFDO29CQUNELElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLEdBQUcsRUFBRSxJQUFBLGtCQUFPLEVBQUM7d0JBQzFELE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxHQUFHO3FCQUN6QyxDQUFDLENBQUMsQ0FBQztvQkFFSixPQUFPLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBRSxDQUFDO2dCQUM5RCxDQUFDO1lBQ0g7Z0JBQ0UsSUFBQSxxQkFBVyxFQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxFQUFFLGtDQUFrQyxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsRUFBRSxDQUFDLENBQUM7UUFDOUcsQ0FBQztJQUNILENBQUM7SUFFTyxhQUFhLENBQUMsTUFBaUIsRUFBRSxRQUFzQjtRQUM3RCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDeEMsVUFBVSxFQUFFLGFBQWEsQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUMsR0FBaUIsRUFBRSxHQUEyQixFQUFRLEVBQUU7WUFDN0YsSUFBSSxHQUFHLEVBQUUsQ0FBQztnQkFDUixJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyw0QkFBNEIsRUFBRSxHQUFHLENBQUMsQ0FBQztnQkFDdEQsUUFBUSxDQUFDLEdBQUcsRUFBRSxTQUFTLENBQUMsQ0FBQztnQkFDekIsT0FBTztZQUNULENBQUM7WUFDRCxNQUFNLFVBQVUsR0FBRyxHQUFHLEVBQUUsWUFBWSxFQUFFLENBQUM7WUFDdkMsUUFBUSxDQUFDLElBQUksRUFBRSxVQUFVLENBQUMsQ0FBQztRQUM3QixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFTyxjQUFjLENBQUMsR0FBdUI7UUFDNUMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxFQUFFLENBQUM7WUFDakMsT0FBTyxDQUFDLGtDQUFrQztRQUM1QyxDQUFDO1FBQ0QsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ1QsTUFBTSxJQUFJLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO1FBQ2hELENBQUM7UUFFRCxJQUFJLGVBQWUsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ25ELDZDQUE2QztZQUM3QyxJQUFJLEdBQUcsS0FBSyxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxhQUFhLEVBQUUsQ0FBQztnQkFDdEQsTUFBTSxJQUFJLEtBQUssQ0FBQyxpQkFBaUIsR0FBRyxvQ0FBb0MsSUFBSSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsYUFBYSxHQUFHLENBQUMsQ0FBQztZQUN4SCxDQUFDO1lBQ0QsT0FBTztRQUNULENBQUM7UUFFRCxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUMzQixPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLENBQUMsUUFBUSxFQUFFLGVBQWUsRUFBRSxXQUFXLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvRixNQUFNLGdCQUFnQixHQUFHLEVBQUUsQ0FBQztRQUM1QixJQUFJLGFBQWEsRUFBRSxDQUFDO1lBQ2xCLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDakQsMEVBQTBFO2dCQUMxRSxLQUFLLE1BQU0sUUFBUSxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLGdCQUFnQixFQUFFLENBQUM7b0JBQ3BFLElBQUksQ0FBQyxDQUFDLFFBQVEsRUFBRSxlQUFlLEVBQUUsV0FBVyxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7d0JBQ2pFLGdCQUFnQixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztvQkFDbEMsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7YUFBTSxDQUFDO1lBQ04sd0VBQXdFO1lBQ3hFLDBEQUEwRDtZQUMxRCxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvQyxDQUFDO1FBRUQsSUFBSSxnQkFBZ0IsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDbEMsT0FBTyxDQUFDLDREQUE0RDtRQUN0RSxDQUFDO2FBQU0sQ0FBQztZQUNOLHNDQUFzQztZQUN0QyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLHFDQUFxQyxRQUFRLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDM0csTUFBTSxJQUFJLEtBQUssQ0FBQyxpQkFBaUIsR0FBRyxnQ0FBZ0MsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNyRyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFTyxhQUFhLENBQUMsR0FBdUIsRUFBRSxxQkFBaUQ7UUFDOUYsTUFBTSxhQUFhLEdBQUcscUJBQXFCLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUM7UUFDMUUsSUFBSSxhQUFhLEVBQUUsQ0FBQztZQUNsQixNQUFNLE1BQU0sR0FBRyxHQUFHLElBQUksRUFBRSxDQUFDO1lBQ3pCLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDO2dCQUNsRCxNQUFNLElBQUksS0FBSyxDQUFDLGlDQUFpQyxhQUFhLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQztZQUNsRixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFTyxrQkFBa0IsQ0FBQyxVQUE4QixFQUFFLDBCQUEyRDtRQUNwSCxNQUFNLGtCQUFrQixHQUFHLDBCQUEwQixJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsa0JBQWtCLENBQUM7UUFDekYsSUFBSSxrQkFBa0IsRUFBRSxDQUFDO1lBQ3ZCLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDaEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1lBQ3BELENBQUM7WUFFRCxNQUFNLGtCQUFrQixHQUFHLFVBQVUsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3ZFLE1BQU0scUJBQXFCLEdBQUcsa0JBQWtCLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUVyRyxJQUFJLGtCQUFrQixLQUFLLHFCQUFxQixFQUFFLENBQUM7Z0JBQ2pELE1BQU0sSUFBSSxLQUFLLENBQUMsZ0NBQWdDLGtCQUFrQixlQUFlLHFCQUFxQixFQUFFLENBQUMsQ0FBQztZQUM1RyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFTyx3QkFBd0IsQ0FDOUIsT0FBbUIsRUFDbkIsZUFBcUY7UUFFckYsSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDakMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLGVBQWUsRUFBRSxhQUFhLENBQUMsQ0FBQztRQUNoRSxJQUFJLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLFVBQVUsRUFBRSxlQUFlLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztJQUNuRixDQUFDO0NBQ0Y7QUFsTUQsb0NBa01DO0FBRUQseUNBQXlDO0FBQ2xDLE1BQU0seUJBQXlCLEdBQUcsQ0FDdkMsUUFBZ0IsRUFDaEIsUUFBZ0IsRUFDaEIsT0FJQyxFQUNELEVBQUU7SUFDRixPQUFPLElBQUksWUFBWSxDQUFDO1FBQ3RCLFFBQVE7UUFDUixRQUFRO1FBQ1IsY0FBYyxFQUFFO1lBQ2QsZ0JBQWdCLEVBQUUsT0FBTyxFQUFFLGdCQUFnQjtTQUM1QztRQUNELGFBQWEsRUFBRSxPQUFPLEVBQUUsYUFBYSxDQUFDLENBQUMsQ0FBQyxFQUFFLGFBQWEsRUFBRSxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDNUYsY0FBYyxFQUFFO1lBQ2QsSUFBSSxFQUFFLFVBQVU7U0FDakI7S0FDRixFQUFFLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztBQUN0QixDQUFDLENBQUM7QUFwQlcsUUFBQSx5QkFBeUIsNkJBb0JwQztBQUVLLE1BQU0sMkJBQTJCLEdBQUcsQ0FDekMsS0FBYSxFQUNiLFFBQWlCLEVBQ2pCLFVBQW1CLEVBQ25CLE1BQWdCLEVBQ2hCLEVBQUU7SUFDRixPQUFPLElBQUksWUFBWSxDQUFDO1FBQ3RCLFFBQVEsRUFBRSxLQUFLO1FBQ2YsUUFBUTtRQUNSLGNBQWMsRUFBRSxFQUFFLGFBQWEsRUFBRSw4QkFBOEIsRUFBRTtRQUNqRSxrQkFBa0IsRUFBRSxVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQUUsa0JBQWtCLEVBQUUsVUFBVSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDL0UsY0FBYyxFQUFFO1lBQ2QsSUFBSSxFQUFFLEtBQUs7WUFDWCxHQUFHLEVBQUUsb0RBQW9EO1NBQzFEO0tBQ0YsRUFBRSxNQUFNLENBQUMsQ0FBQztBQUNiLENBQUMsQ0FBQztBQWhCVyxRQUFBLDJCQUEyQiwrQkFnQnRDIn0=
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
-
export {
|
|
1
|
+
export { createEntraTokenValidator, JwtValidator } from './auth/jwt-validator';
|
|
2
|
+
export * from './jwt-validation-middleware';
|
|
2
3
|
export * from './strip-mentions-text';
|
|
3
|
-
export * from './with-
|
|
4
|
+
export * from './with-remote-function-jwt-validation';
|
package/dist/middleware/index.js
CHANGED
|
@@ -14,9 +14,11 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
exports.
|
|
18
|
-
var
|
|
19
|
-
Object.defineProperty(exports, "
|
|
17
|
+
exports.JwtValidator = exports.createEntraTokenValidator = void 0;
|
|
18
|
+
var jwt_validator_1 = require("./auth/jwt-validator");
|
|
19
|
+
Object.defineProperty(exports, "createEntraTokenValidator", { enumerable: true, get: function () { return jwt_validator_1.createEntraTokenValidator; } });
|
|
20
|
+
Object.defineProperty(exports, "JwtValidator", { enumerable: true, get: function () { return jwt_validator_1.JwtValidator; } });
|
|
21
|
+
__exportStar(require("./jwt-validation-middleware"), exports);
|
|
20
22
|
__exportStar(require("./strip-mentions-text"), exports);
|
|
21
|
-
__exportStar(require("./with-
|
|
22
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
23
|
+
__exportStar(require("./with-remote-function-jwt-validation"), exports);
|
|
24
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbWlkZGxld2FyZS9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLHNEQUErRTtBQUF0RSwwSEFBQSx5QkFBeUIsT0FBQTtBQUFFLDZHQUFBLFlBQVksT0FBQTtBQUNoRCw4REFBNEM7QUFDNUMsd0RBQXNDO0FBQ3RDLHdFQUFzRCJ9
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import express from 'express';
|
|
2
|
+
import { Credentials, IToken } from '@microsoft/teams.api';
|
|
3
|
+
import { ILogger } from '@microsoft/teams.common';
|
|
4
|
+
export type JwtValidationParams = {
|
|
5
|
+
credentials?: Credentials;
|
|
6
|
+
logger: ILogger;
|
|
7
|
+
};
|
|
8
|
+
export type JwtValidatedRequest = express.Request & {
|
|
9
|
+
validatedToken?: IToken;
|
|
10
|
+
};
|
|
11
|
+
export declare function withJwtValidation(params: JwtValidationParams): (req: JwtValidatedRequest, res: express.Response, next: express.NextFunction) => Promise<void>;
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.withJwtValidation = withJwtValidation;
|
|
4
|
+
const teams_api_1 = require("@microsoft/teams.api");
|
|
5
|
+
const teams_common_1 = require("@microsoft/teams.common");
|
|
6
|
+
const jwt_validator_1 = require("./auth/jwt-validator");
|
|
7
|
+
function withJwtValidation(params) {
|
|
8
|
+
const { credentials, logger: inputLogger } = params;
|
|
9
|
+
const logger = inputLogger?.child('jwt-validation-middleware') ?? new teams_common_1.ConsoleLogger('jwt-validation-middleware');
|
|
10
|
+
// Create service token validator if credentials are provided
|
|
11
|
+
let serviceTokenValidator;
|
|
12
|
+
if (credentials?.clientId) {
|
|
13
|
+
serviceTokenValidator = (0, jwt_validator_1.createServiceTokenValidator)(credentials.clientId, credentials.tenantId, undefined, logger);
|
|
14
|
+
}
|
|
15
|
+
else {
|
|
16
|
+
logger.debug('No credentials provided, skipping service token validation');
|
|
17
|
+
serviceTokenValidator = null;
|
|
18
|
+
}
|
|
19
|
+
return async (req, res, next) => {
|
|
20
|
+
if (!serviceTokenValidator) {
|
|
21
|
+
logger.debug('No service token validator configured, skipping validation');
|
|
22
|
+
next();
|
|
23
|
+
return;
|
|
24
|
+
}
|
|
25
|
+
const authorization = req.headers.authorization?.replace('Bearer ', '');
|
|
26
|
+
if (!authorization) {
|
|
27
|
+
res.status(401).send('unauthorized');
|
|
28
|
+
return;
|
|
29
|
+
}
|
|
30
|
+
const activity = req.body;
|
|
31
|
+
// Use cached validator with per-request service URL validation
|
|
32
|
+
const validationResult = await serviceTokenValidator.validateAccessToken(authorization, activity.serviceUrl ? {
|
|
33
|
+
validateServiceUrl: { expectedServiceUrl: activity.serviceUrl }
|
|
34
|
+
} : undefined);
|
|
35
|
+
if (validationResult) {
|
|
36
|
+
logger.debug(`validated service token for activity ${activity.id}`);
|
|
37
|
+
// Store the validated token in the request for use in subsequent handlers
|
|
38
|
+
req.validatedToken = new teams_api_1.JsonWebToken(authorization);
|
|
39
|
+
next();
|
|
40
|
+
}
|
|
41
|
+
else {
|
|
42
|
+
res.status(401).send('Invalid token');
|
|
43
|
+
}
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiand0LXZhbGlkYXRpb24tbWlkZGxld2FyZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9taWRkbGV3YXJlL2p3dC12YWxpZGF0aW9uLW1pZGRsZXdhcmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFnQkEsOENBbURDO0FBakVELG9EQUFtRjtBQUNuRiwwREFBaUU7QUFFakUsd0RBQWlGO0FBV2pGLFNBQWdCLGlCQUFpQixDQUFDLE1BQTJCO0lBQzNELE1BQU0sRUFBRSxXQUFXLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sQ0FBQztJQUNwRCxNQUFNLE1BQU0sR0FBRyxXQUFXLEVBQUUsS0FBSyxDQUFDLDJCQUEyQixDQUFDLElBQUksSUFBSSw0QkFBYSxDQUFDLDJCQUEyQixDQUFDLENBQUM7SUFFakgsNkRBQTZEO0lBQzdELElBQUkscUJBQTBDLENBQUM7SUFDL0MsSUFBSSxXQUFXLEVBQUUsUUFBUSxFQUFFLENBQUM7UUFDMUIscUJBQXFCLEdBQUcsSUFBQSwyQ0FBMkIsRUFDakQsV0FBVyxDQUFDLFFBQVEsRUFDcEIsV0FBVyxDQUFDLFFBQVEsRUFDcEIsU0FBUyxFQUNULE1BQU0sQ0FDUCxDQUFDO0lBQ0osQ0FBQztTQUFNLENBQUM7UUFDTixNQUFNLENBQUMsS0FBSyxDQUFDLDREQUE0RCxDQUFDLENBQUM7UUFDM0UscUJBQXFCLEdBQUcsSUFBSSxDQUFDO0lBQy9CLENBQUM7SUFFRCxPQUFPLEtBQUssRUFDVixHQUF3QixFQUN4QixHQUFxQixFQUNyQixJQUEwQixFQUMxQixFQUFFO1FBQ0YsSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7WUFDM0IsTUFBTSxDQUFDLEtBQUssQ0FBQyw0REFBNEQsQ0FBQyxDQUFDO1lBQzNFLElBQUksRUFBRSxDQUFDO1lBQ1AsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLGFBQWEsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3hFLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUNuQixHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsQ0FBQztZQUNyQyxPQUFPO1FBQ1QsQ0FBQztRQUdELE1BQU0sUUFBUSxHQUFhLEdBQUcsQ0FBQyxJQUFJLENBQUM7UUFDcEMsK0RBQStEO1FBQy9ELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxxQkFBcUIsQ0FBQyxtQkFBbUIsQ0FBQyxhQUFhLEVBQUUsUUFBUSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7WUFDNUcsa0JBQWtCLEVBQUUsRUFBRSxrQkFBa0IsRUFBRSxRQUFRLENBQUMsVUFBVSxFQUFFO1NBQ2hFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRWYsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sQ0FBQyxLQUFLLENBQUMsd0NBQXdDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ3BFLDBFQUEwRTtZQUMxRSxHQUFHLENBQUMsY0FBYyxHQUFHLElBQUksd0JBQVksQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUNyRCxJQUFJLEVBQUUsQ0FBQztRQUNULENBQUM7YUFBTSxDQUFDO1lBQ04sR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUM7UUFDeEMsQ0FBQztJQUNILENBQUMsQ0FBQztBQUNKLENBQUMifQ==
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import * as api from '@microsoft/teams.api';
|
|
2
2
|
import { IActivityContext } from '../contexts';
|
|
3
|
-
export declare function stripMentionsText(options?: api.StripMentionsTextOptions): ({ activity, next }: IActivityContext
|
|
3
|
+
export declare function stripMentionsText(options?: api.StripMentionsTextOptions): ({ activity, next }: IActivityContext<api.Activity, any>) => any;
|
|
@@ -45,4 +45,4 @@ function stripMentionsText(options) {
|
|
|
45
45
|
return next();
|
|
46
46
|
};
|
|
47
47
|
}
|
|
48
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
48
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RyaXAtbWVudGlvbnMtdGV4dC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9taWRkbGV3YXJlL3N0cmlwLW1lbnRpb25zLXRleHQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFJQSw4Q0FZQztBQWhCRCwwREFBNEM7QUFJNUMsU0FBZ0IsaUJBQWlCLENBQUMsT0FBc0M7SUFDdEUsT0FBTyxDQUFDLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBdUMsRUFBRSxFQUFFO1FBQ2pFLElBQ0UsUUFBUSxDQUFDLElBQUksS0FBSyxTQUFTO1lBQzNCLFFBQVEsQ0FBQyxJQUFJLEtBQUssZUFBZTtZQUNqQyxRQUFRLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFDMUIsQ0FBQztZQUNELFFBQVEsQ0FBQyxJQUFJLEdBQUcsR0FBRyxDQUFDLGlCQUFpQixDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUMzRCxDQUFDO1FBRUQsT0FBTyxJQUFJLEVBQUUsQ0FBQztJQUNoQixDQUFDLENBQUM7QUFDSixDQUFDIn0=
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import express from 'express';
|
|
2
|
+
import { Credentials } from '@microsoft/teams.api';
|
|
3
|
+
import { ILogger } from '@microsoft/teams.common';
|
|
4
|
+
import { IClientContext } from '../contexts';
|
|
5
|
+
import { JwtValidator } from './auth/jwt-validator';
|
|
6
|
+
export type WithRemoteFunctionJwtValidationParams = Partial<Credentials> & {
|
|
7
|
+
entraTokenValidator?: Pick<JwtValidator, 'validateAccessToken'>;
|
|
8
|
+
readonly logger: ILogger;
|
|
9
|
+
};
|
|
10
|
+
export type JwtRemoteFunctionRequest = express.Request & {
|
|
11
|
+
context?: IClientContext;
|
|
12
|
+
};
|
|
13
|
+
/**
|
|
14
|
+
* JWT validation middleware used to validate the entra token when remote functions are invoked.
|
|
15
|
+
*/
|
|
16
|
+
export declare function withRemoteFunctionJwtValidation(params: WithRemoteFunctionJwtValidationParams): (req: JwtRemoteFunctionRequest, res: express.Response, next: express.NextFunction) => Promise<void>;
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.withRemoteFunctionJwtValidation = withRemoteFunctionJwtValidation;
|
|
4
|
+
/**
|
|
5
|
+
* JWT validation middleware used to validate the entra token when remote functions are invoked.
|
|
6
|
+
*/
|
|
7
|
+
function withRemoteFunctionJwtValidation(params) {
|
|
8
|
+
const entraTokenValidator = params.entraTokenValidator;
|
|
9
|
+
const log = params.logger;
|
|
10
|
+
return async (req, res, next) => {
|
|
11
|
+
const appSessionId = req.header('X-Teams-App-Session-Id');
|
|
12
|
+
const pageId = req.header('X-Teams-Page-Id');
|
|
13
|
+
const authorization = req.header('Authorization')?.split(' ');
|
|
14
|
+
const authToken = authorization?.length === 2 && authorization[0].toLowerCase() === 'bearer'
|
|
15
|
+
? authorization[1]
|
|
16
|
+
: '';
|
|
17
|
+
const tokenPayload = !entraTokenValidator
|
|
18
|
+
? null
|
|
19
|
+
: await entraTokenValidator.validateAccessToken(authToken);
|
|
20
|
+
if (!pageId ||
|
|
21
|
+
!appSessionId ||
|
|
22
|
+
!authToken ||
|
|
23
|
+
!entraTokenValidator ||
|
|
24
|
+
!tokenPayload) {
|
|
25
|
+
log.debug('unauthorized');
|
|
26
|
+
res.status(401).send('unauthorized');
|
|
27
|
+
return;
|
|
28
|
+
}
|
|
29
|
+
req.context = {
|
|
30
|
+
appId: tokenPayload?.['appId'],
|
|
31
|
+
appSessionId,
|
|
32
|
+
authToken,
|
|
33
|
+
channelId: req.header('X-Teams-Channel-Id'),
|
|
34
|
+
chatId: req.header('X-Teams-Chat-Id'),
|
|
35
|
+
meetingId: req.header('X-Teams-Meeting-Id'),
|
|
36
|
+
messageId: req.header('X-Teams-Message-Id'),
|
|
37
|
+
pageId,
|
|
38
|
+
subPageId: req.header('X-Teams-Sub-Page-Id'),
|
|
39
|
+
teamId: req.header('X-Teams-Team-Id'),
|
|
40
|
+
tenantId: tokenPayload['tid'],
|
|
41
|
+
userId: tokenPayload['oid'],
|
|
42
|
+
userName: tokenPayload['name'],
|
|
43
|
+
};
|
|
44
|
+
next();
|
|
45
|
+
};
|
|
46
|
+
}
|
|
47
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2l0aC1yZW1vdGUtZnVuY3Rpb24tand0LXZhbGlkYXRpb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbWlkZGxld2FyZS93aXRoLXJlbW90ZS1mdW5jdGlvbi1qd3QtdmFsaWRhdGlvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQXFCQSwwRUFvREM7QUF2REQ7O0dBRUc7QUFDSCxTQUFnQiwrQkFBK0IsQ0FDN0MsTUFBNkM7SUFFN0MsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLENBQUMsbUJBQW1CLENBQUM7SUFDdkQsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQztJQUUxQixPQUFPLEtBQUssRUFDVixHQUE2QixFQUM3QixHQUFxQixFQUNyQixJQUEwQixFQUMxQixFQUFFO1FBQ0YsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO1FBQzFELE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUMsQ0FBQztRQUM3QyxNQUFNLGFBQWEsR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxFQUFFLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUM5RCxNQUFNLFNBQVMsR0FDYixhQUFhLEVBQUUsTUFBTSxLQUFLLENBQUMsSUFBSSxhQUFhLENBQUMsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFLEtBQUssUUFBUTtZQUN4RSxDQUFDLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQztZQUNsQixDQUFDLENBQUMsRUFBRSxDQUFDO1FBRVQsTUFBTSxZQUFZLEdBQUcsQ0FBQyxtQkFBbUI7WUFDdkMsQ0FBQyxDQUFDLElBQUk7WUFDTixDQUFDLENBQUMsTUFBTSxtQkFBbUIsQ0FBQyxtQkFBbUIsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUM3RCxJQUNFLENBQUMsTUFBTTtZQUNQLENBQUMsWUFBWTtZQUNiLENBQUMsU0FBUztZQUNWLENBQUMsbUJBQW1CO1lBQ3BCLENBQUMsWUFBWSxFQUNiLENBQUM7WUFDRCxHQUFHLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1lBQzFCLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1lBQ3JDLE9BQU87UUFDVCxDQUFDO1FBRUQsR0FBRyxDQUFDLE9BQU8sR0FBRztZQUNaLEtBQUssRUFBRSxZQUFZLEVBQUUsQ0FBQyxPQUFPLENBQUM7WUFDOUIsWUFBWTtZQUNaLFNBQVM7WUFDVCxTQUFTLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQztZQUMzQyxNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQztZQUNyQyxTQUFTLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQztZQUMzQyxTQUFTLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQztZQUMzQyxNQUFNO1lBQ04sU0FBUyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMscUJBQXFCLENBQUM7WUFDNUMsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUM7WUFDckMsUUFBUSxFQUFFLFlBQVksQ0FBQyxLQUFLLENBQUM7WUFDN0IsTUFBTSxFQUFFLFlBQVksQ0FBQyxLQUFLLENBQUM7WUFDM0IsUUFBUSxFQUFFLFlBQVksQ0FBQyxNQUFNLENBQUM7U0FDL0IsQ0FBQztRQUVGLElBQUksRUFBRSxDQUFDO0lBQ1QsQ0FBQyxDQUFDO0FBQ0osQ0FBQyJ9
|