npm - @mindline/sync - Versions diffs - 1.0.111 → 1.0.113 - Mend

@mindline/sync 1.0.111 → 1.0.113

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/src/index.ts CHANGED Viewed

@@ -9,6 +9,7 @@ import workspaces from "./workspaces.json";
 import syncmilestones from './syncmilestones.json';
 import resources from './resources.json';
 import actors from './actors.json';
+import * as secureApiClient from './api-client';
 const FILTER_FIELD = "workspaceIDs";
 // called by unit tests
@@ -1629,152 +1630,14 @@ export class ActorNode {
     }
 }
 // ======================= Azure AD Graph API ===============================
-// helper functions
-function getGraphAPIScope(user: User): string {
-    user = user;
-    return "Group.Read.All User.Read.All openid profile offline_access User.Read Contacts.Read CrossTenantInformation.ReadBasic.All";
+export async function groupsGet(_instance: IPublicClientApplication, _user: User | undefined, groupSearchString: string): Promise<{ groups: Group[], error: string }> {
+    return await secureApiClient.groupsGet(groupSearchString);
 }
-// TODO: this is where you want to trigger a re-authentication if token expires
-async function graphDefineHeaders(
-    instance: IPublicClientApplication,
-    user: User
-): Promise<Headers> {
-    const headers = new Headers();
-    headers.append("Content-Type", "application/json");
-    headers.append("accept", "*/*");
-    const graphAPIScope: string = getGraphAPIScope(user);
-    // only call acquireTokenByCode if we have never redeemed the code
-    if (user.graphAccessToken == null || user.graphAccessToken === "") {
-        try {
-            let response: AuthenticationResult = await instance.acquireTokenByCode({
-                code: user.spacode,
-            });
-            user.graphAccessToken = response.accessToken; // cache access token
-            console.log("Front end token acquired by code: " + user.graphAccessToken.slice(0, 20));
-        }
-        catch (error: any) {
-            console.log("Front end token failure: " + error);
-        }
-    }
-    // otherwise, call acquireTokenSilent and deal with token expiration on exception
-    else {
-        try {
-            let accounts: AccountInfo[] = instance.getAllAccounts();
-            let homeAccountId = user.oid + "." + user.tid;
-            let account: AccountInfo | undefined | null = null;
-            for (let i: number = 0; i < accounts.length; i++) {
-                if (accounts[i].homeAccountId == homeAccountId) {
-                    account = accounts[i];
-                }
-            }
-            let response: AuthenticationResult = await instance.acquireTokenSilent({
-                scopes: [graphAPIScope],
-                account: account!
-            });
-            user.graphAccessToken = response.accessToken; // cache access token
-            console.log("Front end token graph acquired silently: " + user.graphAccessToken.slice(0, 20));
-        }
-        catch (error: any) {
-            try {
-                console.log("Front end graph token silent acquisition failure: " + error);
-                // fallback to redirect if silent acquisition fails
-                let accounts: AccountInfo[] = instance.getAllAccounts();
-                let homeAccountId = user.oid + "." + user.tid;
-                let account: AccountInfo | null = null;
-                for (let i: number = 0; i < accounts.length; i++) {
-                    if (accounts[i].homeAccountId == homeAccountId) {
-                        account = accounts[i];
-                    }
-                }
-                // assumption: this redirect will trigger login flow callbacks in program.cs
-                instance.acquireTokenRedirect({
-                    scopes: [graphAPIScope],
-                    account: account!
-                });
-            }
-            catch (error: any) {
-                console.log("Front end graph token redirect acquisition failure: " + error);
-            }
-        }
-    }
-    headers.append("Authorization", `Bearer ${user.graphAccessToken}`);
-    return headers;
+export async function oauth2PermissionGrantsGet(_options: RequestInit, _user: User, spid: string, oid: string): Promise<{ grants: string | null, id: string | null, error: string }> {
+    return await secureApiClient.oauth2PermissionGrantsGet(spid, oid);
 }
-export async function groupsGet(instance: IPublicClientApplication, user: User | undefined, groupSearchString: string): Promise<{ groups: Group[], error: string }> {
-    // need a logged in user to get graph users
-    if (user == null || user.spacode == "") {
-        return { groups: [], error: `500: invalid user passed to groupsGet` };
-    }
-    // create headers
-    const headers = await graphDefineHeaders(instance, user);
-    let options = { method: "GET", headers: headers };
-    // make /groups endpoint call
-    try {
-        let groupsEndpoint: string = getGraphEndpoint(user.authority) + graphConfig.graphGroupsPredicate;
-        groupsEndpoint += `/?$filter=startsWith(displayName, '${groupSearchString}')`;
-        let response = await fetch(groupsEndpoint, options);
-        let data = await response.json();
-        if (typeof data.error !== "undefined") {
-            return { groups: [], error: `${data.error.code}: ${data.error.message}` };
-        }
-        return { groups: data.value, error: `` };
-    }
-    catch (error: any) {
-        console.log(error);
-        return { groups: [], error: `Exception: ${error}` };
-    }
-}
-export async function oauth2PermissionGrantsGet(options: RequestInit, user: User, spid: string, oid: string): Promise<{ grants: string | null, id: string | null, error: string }> {
-    try {
-        // make /oauth2PermissionGrants endpoint call
-        let spurl: string = getGraphEndpoint(user.authority) + graphConfig.graphOauth2PermissionGrantsPredicate;
-        let url: URL = new URL(spurl);
-        url.searchParams.append("$filter", `resourceId eq '${spid}' and consentType eq 'Principal' and principalId eq '${oid}'`);
-        let response = await fetch(url.href, options);
-        let data = await response.json();
-        if (typeof data.error != "undefined") {
-            return { grants: null, id: null, error: `${data.error.code}: ${data.error.message}` };
-        }
-        // we assume there is only one such grant
-        if (data.value.length != 1) {
-            debugger;
-            return { grants: null, id: null, error: `oauth2PermissionGrantsGet: more than one matching delegated consent grant.` };
-        }
-        return { grants: data.value[0].scope, id: data.value[0].id, error: `` };
-    }
-    catch (error: any) {
-        console.log(error);
-        return { grants: null, id: null, error: `Exception: ${error}` };
-    }
-}
-export async function oauth2PermissionGrantsSet(instance: IPublicClientApplication, loggedInUser: User, id: string, scopes: string): Promise<boolean> {
-    // need a logged in user to get graph users
-    if (loggedInUser == null || loggedInUser.spacode == "") {
-        return false;
-    }
-    // make /oauth2PermissionGrants endpoint call
-    try {
-        let grantsurl: string = getGraphEndpoint(loggedInUser.authority);
-        grantsurl += graphConfig.graphOauth2PermissionGrantsPredicate + `/${id}`;
-        let scopesBody: string = `{ "scope": "${scopes}" }`;
-        const headers = await graphDefineHeaders(instance, loggedInUser);
-        let options: RequestInit = { method: "PATCH", headers: headers, body: scopesBody };
-        let response = await fetch(grantsurl, options);
-        let data = await response.json();
-        if (response.status == 204 && response.statusText == "No Content") {
-            return true;
-        }
-        else {
-            debugger;
-            console.log(`oauth2PermissionGrantsSet: PATCH failed ${data.error.code}: ${data.error.message}`);
-            return false;
-        }
-    }
-    catch (error: any) {
-        debugger;
-        console.log(error);
-        return false;
-    }
+export async function oauth2PermissionGrantsSet(_instance: IPublicClientApplication, _loggedInUser: User, id: string, scopes: string): Promise<boolean> {
+    return await secureApiClient.oauth2PermissionGrantsSet(id, scopes);
 }
 export function requestAdminConsent(admin: User, tct: TenantConfigType): void {
     //
@@ -1805,27 +1668,8 @@ export function requestAdminConsent(admin: User, tct: TenantConfigType): void {
     url.searchParams.append("login_hint", admin.mail);
     window.location.assign(url.href);
 }
-export async function servicePrincipalGet(options: RequestInit, user: User, appid: string): Promise<{ spid: string, error: string }> {
-    try {
-        // make /servicePrincipals endpoint call to get the Service Principal ID
-        let spurl: string = getGraphEndpoint(user.authority);
-        spurl += graphConfig.graphServicePrincipalsPredicate;
-        spurl += `(appId='${appid}')`;
-        let url: URL = new URL(spurl);
-        url.searchParams.append("$select", "id,appId,displayName");
-        let response = await fetch(url.href, options);
-        let data = await response.json();
-        if (typeof data.error !== "undefined") {
-            return { spid: "", error: `${data.error.code}: ${data.error.message}` };
-        }
-        else {
-            return { spid: data.id, error: `` };
-        }
-    }
-    catch (error: any) {
-        console.log(error);
-        return { spid: "", error: `Exception: ${error}` };
-    }
+export async function servicePrincipalGet(_options: RequestInit, _user: User, appid: string): Promise<{ spid: string, error: string }> {
+    return await secureApiClient.servicePrincipalGet(appid);
 }
 export async function signIn(user: User, tasks: TaskArray): Promise<boolean> {
     // admin authority is blank at signIn, lookup authority real-time
@@ -2116,59 +1960,47 @@ export async function tenantUnauthenticatedLookup(tenant: Tenant, debug: boolean
     }
     return false; // failed, no need for UX to re-render
 }
-export async function userDelegatedScopesGet(instance: IPublicClientApplication, loggedInUser: User, tenant: Tenant): Promise<{ scopes: string | null, id: string | null, error: string }> {
-    // need a logged in user and valid tenant to query graph
-    if (loggedInUser == null || loggedInUser.spacode == "" || tenant == null) {
-        debugger;
+export async function userDelegatedScopesGet(_instance: IPublicClientApplication, loggedInUser: User, tenant: Tenant): Promise<{ scopes: string | null, id: string | null, error: string }> {
+    if (loggedInUser == null || tenant == null) {
         return { scopes: null, id: null, error: `500: invalid parameter(s) passed to getUserDelegatedScopes` };
     }
-    // create headers
-    const headers = await graphDefineHeaders(instance, loggedInUser);
-    let options: RequestInit = { method: "GET", headers: headers };
     try {
         // first, cache Graph resource ID (service principal) for this tenant if we don't have it already
         if (tenant.graphSP == "") {
-            let { spid, error } = await servicePrincipalGet(options, loggedInUser, "00000003-0000-0000-c000-000000000000");
+            let { spid, error } = await secureApiClient.servicePrincipalGet("00000003-0000-0000-c000-000000000000");
             if (error != "") {
-                debugger;
                 return { scopes: null, id: null, error: `${error}` };
             }
             tenant.graphSP = spid;
         }
         // then, retrieve the delegated Graph permissions assigned to this user
-        let { grants, id, error } = await oauth2PermissionGrantsGet(options, loggedInUser, tenant.graphSP, loggedInUser.oid);
+        let { grants, id, error } = await secureApiClient.oauth2PermissionGrantsGet(tenant.graphSP, loggedInUser.oid);
         if (error != "") {
-            debugger;
             return { scopes: null, id: null, error: `${error}` };
         }
         return { scopes: grants, id: id, error: `` };
     }
     catch (error: any) {
-        debugger;
         console.log(error);
         return { scopes: null, id: null, error: `Exception: ${error}` };
     }
 }
 export async function userDelegatedScopesRemove(instance: IPublicClientApplication, loggedInUser: User, tenant: Tenant, scope: string): Promise<boolean> {
-    // need a logged in user and valid tenant to query graph
-    if (loggedInUser == null || loggedInUser.spacode == "" || tenant == null) {
-        debugger;
+    if (loggedInUser == null || tenant == null) {
         return false;
     }
     // get current set of delegated scopes in order to remove passed scope
     let { scopes, id, error } = await userDelegatedScopesGet(instance, loggedInUser, tenant);
     if (error != "") {
-        debugger;
         console.log(`userDelegatedScopesRemove: cannot find userDelegatedScopes for ${loggedInUser.mail}: ${error}`);
         return false;
     }
     // remove passed scope (case sensitive)
     scopes = scopes!.replace(scope, "");
-    // set updated oauth2permissions
-    let removed: boolean = await oauth2PermissionGrantsSet(instance, loggedInUser, id!, scopes);
+    // set updated oauth2permissions using secure backend API
+    let removed: boolean = await secureApiClient.oauth2PermissionGrantsSet(id!, scopes);
     if (!removed) {
-        debugger;
-        console.log(`userDelegatedScopesRemove: cannot set oauth2PermissionGrants for ${loggedInUser.mail}: ${error}`);
+        console.log(`userDelegatedScopesRemove: cannot set oauth2PermissionGrants for ${loggedInUser.mail}`);
         return false;
     }
     // replace scope array on logged in user
@@ -2176,33 +2008,8 @@ export async function userDelegatedScopesRemove(instance: IPublicClientApplicati
     return removed;
 }
 //usersGet - GET from AAD Users endpoint
-export async function usersGet(instance: IPublicClientApplication, user: User | undefined): Promise<{ users: string[], error: string }> {
-    // need a logged in user to get graph users
-    if (user == null || user.spacode == "") {
-        return { users: [], error: `500: invalid user passed to usersGet` };
-    }
-    // make /users endpoint call
-    try {
-        // create headers
-        const headers = await graphDefineHeaders(instance, user);
-        let options = { method: "GET", headers: headers };
-        let usersEndpoint = getGraphEndpoint(user.authority);
-        usersEndpoint += graphConfig.graphUsersPredicate;
-        let response = await fetch(usersEndpoint, options);
-        let data = await response.json();
-        if (typeof data.error !== "undefined") {
-            return { users: [], error: `${data.error.code}: ${data.error.message}` };
-        }
-        let users = new Array<string>();
-        for (let user of data.value) {
-            users.push(user.mail);
-        }
-        return { users: users, error: `` };
-    }
-    catch (error: any) {
-        console.log(error);
-        return { users: [], error: `Exception: ${error}` };
-    }
+export async function usersGet(_instance: IPublicClientApplication, _user: User | undefined, searchString?: string): Promise<{ users: string[], error: string }> {
+    return await secureApiClient.usersGet(searchString);
 }
 // ======================= Mindline SyncConfig API ===============================
 export async function auditConfigAdd(instance: IPublicClientApplication, user: User, ac: AuditConfig, debug: boolean): Promise<APIResult> {
@@ -2670,147 +2477,28 @@ export async function getPowerBIAccessToken(
     return accesstoken;
 }
 // ======================= Azure REST API ===============================
-// TODO: this is where you want to trigger a re-authentication if token expires
-async function azureDefineHeaders(
-    instance: IPublicClientApplication,
-    user: User
-): Promise<Headers> {
-    const headers = new Headers();
-    headers.append("Content-Type", "application/json");
-    headers.append("accept", "*/*");
-    // authorization header - if needed, retrieve and cache access token
-    if (user.azureAccessToken == null || user.azureAccessToken === "") {
-        try {
-            let accounts: AccountInfo[] = instance.getAllAccounts();
-            let homeAccountId = user.oid + "." + user.tid;
-            let account: AccountInfo | null = null;
-            for (let i: number = 0; i < accounts.length; i++) {
-                if (accounts[i].homeAccountId == homeAccountId) {
-                    account = accounts[i];
-                }
-            }
-            let response: AuthenticationResult = await instance.acquireTokenSilent({
-                scopes: ["https://management.azure.com/user_impersonation"],
-                account: account!
-            });
-            user.azureAccessToken = response.accessToken; // cache access token
-            console.log("Front end token acquired silently: " + user.azureAccessToken.slice(0, 20));
-        }
-        catch (error: any) {
-            try {
-                console.log("Front end token silent acquisition failure: " + error);
-                // fallback to redirect if silent acquisition fails
-                let accounts: AccountInfo[] = instance.getAllAccounts();
-                let homeAccountId = user.oid + "." + user.tid;
-                let account: AccountInfo | null = null;
-                for (let i: number = 0; i < accounts.length; i++) {
-                    if (accounts[i].homeAccountId == homeAccountId) {
-                        account = accounts[i];
-                    }
-                }
-                instance.acquireTokenRedirect({
-                    scopes: ["https://management.azure.com/user_impersonation"],
-                    account: account!
-                });
-            }
-            catch (error: any) {
-                console.log("Front end token popup acquisition failure: " + error);
-            }
-        }
-    }
-    headers.append("Authorization", `Bearer ${user.azureAccessToken}`);
-    return headers;
+export async function canListRootAssignments(_instance: IPublicClientApplication, _user: User): Promise<boolean> {
+    return await secureApiClient.canListRootAssignments();
 }
-export async function canListRootAssignments(instance: IPublicClientApplication, user: User): Promise<boolean> {
-    // need a logged in user to call Azure REST API
-    if (user == null || user.spacode == "") {
-        return false;
-    }
-    // make Azure REST API call
-    try {
-        // create headers
-        const headers = await azureDefineHeaders(instance, user);
-        let options = { method: "GET", headers: headers };
-        let listrootassignmentsEndpoint: string = azureConfig.azureListRootAssignments;
-        listrootassignmentsEndpoint += "'";
-        listrootassignmentsEndpoint += user.oid;
-        listrootassignmentsEndpoint += "'";
-        let response = await fetch(listrootassignmentsEndpoint, options);
-        if (response.status == 200) {
-            let data: any = await response.json();
-            data = data;
-            debugger;
-            console.log("Successful call to Azure Resource Graph list root assignments");
-        }
-        else {
-            console.log(await processErrors(response));
-            return false;
-        }
-    }
-    catch (error: any) {
-        console.log(error);
-        return false;
-    }
-    return true;
-}
-export async function elevateGlobalAdminToUserAccessAdmin(instance: IPublicClientApplication, user: User): Promise<boolean> {
-    // need a logged in user to call Azure REST API
-    if (user == null || user.spacode == "") {
-        return false;
-    }
-    // make Azure REST API call
-    try {
-        // create headers
-        const headers = await azureDefineHeaders(instance, user);
-        let options = { method: "POST", headers: headers };
-        let elevateaccessEndpoint: string = azureConfig.azureElevateAccess;
-        let response = await fetch(elevateaccessEndpoint, options);
-        if (response.status == 200) {
-            console.log("Successful call to Azure Resource Graph list root assignments");
-        }
-        else {
-            console.log(await processErrors(response));
-            return false;
-        }
-    }
-    catch (error: any) {
-        console.log(error);
-        return false;
-    }
-    return true;
+export async function elevateGlobalAdminToUserAccessAdmin(_instance: IPublicClientApplication, _user: User): Promise<boolean> {
+    return await secureApiClient.elevateGlobalAdminToUserAccessAdmin();
 }
-async function readResources(instance: IPublicClientApplication, user: User): Promise<ResourceNode[]> {
-    // need a logged in user to call Azure REST API
-    let resources: ResourceNode[] = new Array<ResourceNode>();
-    if (user == null || user.spacode == "") {
-        return resources;
-    }
-    // make Azure REST API call
+async function readResources(_instance: IPublicClientApplication, _user: User): Promise<ResourceNode[]> {
     try {
-        // create headers
-        const headers = await azureDefineHeaders(instance, user);
-        let options = { method: "GET", headers: headers };
-        let listrootassignmentsEndpoint: string = azureConfig.azureListRootAssignments;
-        listrootassignmentsEndpoint += "'";
-        listrootassignmentsEndpoint += user.oid;
-        listrootassignmentsEndpoint += "'";
-        let response = await fetch(listrootassignmentsEndpoint, options);
-        if (response.status == 200) {
-            let data = await response.json();
-            data = data;
-            debugger;
-            console.log("Successful call to Azure Resource Graph list root assignments");
-        }
-        else {
-            console.log(await processErrors(response));
-            return resources;
-        }
-    }
-    catch (error: any) {
-        console.log(error);
-        return resources;
+        const backendResources = await secureApiClient.readResources();
+        // Convert backend Resource[] to ResourceNode[]
+        // Note: The original implementation returned empty array, so we map basic fields
+        const resourceNodes: ResourceNode[] = backendResources.map(r => {
+            const node = new ResourceNode(r.type, r.name, 0); // cost not available from backend
+            return node;
+        });
+        return resourceNodes;
+    } catch (error: any) {
+        console.error('Error in readResources:', error);
+        return [];
     }
-    return resources;
 }
 // ======================= HYBRIDSPA.TS -- Mindline SyncConfig API helper functions ===============================
 function getAPIScope(user: User): string {

package/.vs/sync.slnx/FileContentIndex/46af7fa0-1a65-4634-9faa-600623e92173.vsidx DELETED Viewed

Binary file

package/.vs/sync.slnx/FileContentIndex/88b226f1-9afd-4cf3-bdb6-5db742bb7e8d.vsidx DELETED Viewed

Binary file

package/.vs/sync.slnx/FileContentIndex/f109c15d-d422-45e9-a5df-0b391ae0a643.vsidx DELETED Viewed

Binary file