@mindline/sync 1.0.28 → 1.0.30

package/index.ts

@@ -1,15 +1,14 @@
-//index.js
-
+//index.ts - published interface - AAD implementations, facade to Mindline Config API
+import { IPublicClientApplication, AuthenticationResult } from "@azure/msal-browser"
 import { deserializeArray } from 'class-transformer';
-import { IPublicClientApplication } from '@azure/msal-browser';
-import { getTenantInfo } from './hybridspa';
+import { adminDelete, adminPost, adminsGet, configDelete, configsGet, configPost, configPut, graphConfig, initPost, tenantPut, tenantPost, tenantDelete, tenantsGet, workspacesGet} from './hybridspa';
+import { version } from './package.json';
 import users from "./users.json";
-import targets from "./targets.json";
+import tenants from "./tenants.json";
 import configs from "./configs.json";
 import workspaces from "./workspaces.json";
-
+import tasksData from "./tasks";
 const FILTER_FIELD = "workspaceIDs";
-
 // called by unit tests
 export function sum(a: number, b: number): number {
   return a + b;
@@ -17,8 +16,12 @@ export function sum(a: number, b: number): number {
 export function helloNpm() : string {
   return "hello NPM";
 }
-
-class User {
+export class Group {
+  id: string;
+  displayName: string;
+  description: string;
+}
+export class User {
   oid: string;
   name: string;
   mail: string;
@@ -28,30 +31,50 @@ class User {
   companyDomain: string;
   associatedWorkspaces: string[];
   workspaceIDs: string;
-  session: string;
-  spacode: string;
-  accessToken: string;
+  session: string;  // button text
+  spacode: string;  // to get front end access token
+  accessToken: string; // front end access token
+  loginHint: string; // to help sign out without prompt
+  scopes: string[]; // to detect if incremental consent has happened
+  authTS: Date; // timestamp user was authenticated
   constructor() {
     this.oid = "";
     this.name = "";
     this.mail = "";
-    this.authority = "";
+    this.authority = "https://login.microsoftonline.com/organizations/v2.0";
     this.tid = "";
     this.companyName = "";
     this.companyDomain = "";
     this.associatedWorkspaces = new Array();
     this.workspaceIDs = "";
-    this.session = "";
+    this.session = "Sign In";
     this.spacode = "";
     this.accessToken = "";
+    this.loginHint = "";
+    this.scopes = new Array();
+    this.authTS = new Date(0);
   }
 }
-
-class Target {
+export enum TenantType {
+  invalid = 0,
+  aad = 1,
+  ad = 2,
+  googleworkspace = 3
+}
+type TenantTypeStrings = keyof typeof TenantType;
+export enum TenantPermissionType {
+  read = 1,
+  write = 2,
+  notassigned = 3
+}
+type TenantPermissionTypeStrings = keyof typeof TenantPermissionType;
+export class Tenant {
   tid: string;
   name: string;
   domain: string;
-  type: string;
+  tenantType: TenantTypeStrings;
+  permissionType: TenantPermissionTypeStrings;
+  onboarded: string;
   authority: string;
   readServicePrincipal: string;
   writeServicePrincipal: string;
@@ -60,65 +83,142 @@ class Target {
     this.tid = "";
     this.name = "";
     this.domain = "";
-    this.type = "";
-    this.authority = "";
+    this.tenantType = "aad";
+    this.permissionType = "notassigned";
+    this.onboarded = "false";
+    this.authority = "https://login.microsoftonline.com/organizations/v2.0";
     this.readServicePrincipal = "";
     this.writeServicePrincipal = "";
     this.workspaceIDs = "";
   }
 }
-
-class TargetConfigInfo {
+export enum TenantConfigType {
+  source = 1,
+  target = 2,
+  sourcetarget = 3
+}
+export type TenantConfigTypeStrings = keyof typeof TenantConfigType;
+export class TenantConfigInfo {
   tid: string;
-  sourceGroups: string[];
-  targetGroup: string;
+  sourceGroupId: string;
+  sourceGroupName: string;
+  configurationTenantType: TenantConfigTypeStrings;
+  constructor(){
+    this.tid = "";
+    this.sourceGroupId = "";
+    this.sourceGroupName = "";
+    this.configurationTenantType = "source";
+  }
 }
-
-class Config {
+export class Config {
   id: string;
+  workspaceId: string;
   name: string;
   description: string;
-  targetConfigs: TargetConfigInfo[];
-  enabled: boolean;
+  tenants: TenantConfigInfo[];
+  isEnabled: boolean;
   workspaceIDs: string;
   constructor(){
     this.id = "";
     this.name = "";
     this.description = "";
-    this.targetConfigs = new Array();
-    this.enabled = false;
+    this.tenants = new Array();
+    this.isEnabled = false;
     this.workspaceIDs = "";
   }
 }
-
-class Workspace {
+export class Workspace {
   id: string;
   name: string;
   associatedUsers: string[];
-  associatedTargets: string[];
+  associatedTenants: string[];
   associatedConfigs: string[];
   constructor(){
     this.id = "";
     this.name = "";
     this.associatedUsers = new Array();
-    this.associatedTargets = new Array();
+    this.associatedTenants = new Array();
     this.associatedConfigs = new Array();
   }
 }
-
+// check for localStorage availability
+function storageAvailable(type) {
+  let storage;
+  try {
+    storage = window[type];
+    const x = "__storage_test__";
+    storage.setItem(x, x);
+    storage.removeItem(x);
+    return true;
+  } catch (e) {
+    return (
+      e instanceof DOMException &&
+      // everything except Firefox
+      (e.code === 22 ||
+        // Firefox
+        e.code === 1014 ||
+        // test name field too, because code might not be present
+        // everything except Firefox
+        e.name === "QuotaExceededError" ||
+        // Firefox
+        e.name === "NS_ERROR_DOM_QUOTA_REACHED") &&
+      // acknowledge QuotaExceededError only if there's something already stored
+      storage &&
+      storage.length !== 0
+    );
+  }
+}
 export class InitInfo {
   us: User[];
-  ts: Target[];
+  ts: Tenant[];
   cs: Config[];
   ws: Workspace[];
-  constructor(){
-    this.us = new Array();
-    this.ts = new Array();
-    this.cs = new Array();
-    this.ws = new Array();
+  constructor(bClearLocalStorage: boolean) {
+    this.init(bClearLocalStorage);
+  }
+  // get initial data from localStorage or file
+  init(bClearLocalStorage: boolean): void {
+    console.log(`Calling InitInfo::init(bClearLocalStorage: ${bClearLocalStorage?"true":"false"})`);
+    // if we have a non-zero value stored, read it from localStorage
+    if (storageAvailable("localStorage")) {
+      let result = localStorage.getItem("InitInfo");
+      if (result != null && typeof result === "string" && result !== "") {
+        let initInfoString: string = result;
+        let iiReadFromLocalStorage: InitInfo = JSON.parse(initInfoString);
+        if (iiReadFromLocalStorage.us.length !== 0) {
+          if(bClearLocalStorage) { localStorage.removeItem("InitInfo"); }
+          else{
+            this.#initFromObjects(iiReadFromLocalStorage);
+            return;
+          }
+        }
+      }
+    }
+    // if storage unavailable or we were just asked to clear, read from default files to enable usable UI
+    var usersString = JSON.stringify(users);
+    var tenantsString = JSON.stringify(tenants);
+    var configsString = JSON.stringify(configs);
+    var workspacesString = JSON.stringify(workspaces);
+    try {
+      this.us = deserializeArray(User, usersString);
+      this.ts = deserializeArray(Tenant, tenantsString);
+      this.cs = deserializeArray(Config, configsString);
+      this.ws = deserializeArray(Workspace, workspacesString);
+      this.tagWithWorkspaces();
+    } catch (e) {
+      debugger;
+    }
+  }
+  save(): void{
+    let initInfoString: string = JSON.stringify(this);
+    localStorage.setItem("InitInfo", initInfoString);
   }
   tagWithWorkspaces(): boolean {
-    // for each Workspace tag associated User, Target, Config with Workspace.id
+    // first clear everyone's workspaceIDs
+    this.us.map((item) => item.workspaceIDs = "");
+    this.ts.map((item) => item.workspaceIDs = "");
+    this.cs.map((item) => item.workspaceIDs = "");
+    // for each workspace tag WorkspaceIDs of associated Users, Tenants, Configs
     for (let workspace of this.ws) {
       // find matching Users to tag with this workspace
       for (let userID of workspace.associatedUsers) {
@@ -133,15 +233,15 @@ export class InitInfo {
           return false;
         }
       }
-      // find matching Targets to tag with this workspace
-      for (let targetID of workspace.associatedTargets) {
-        let target = this.ts.find(
-          (currentTarget) => currentTarget.tid === targetID
+      // find matching Tenants to tag with this workspace
+      for (let tenantID of workspace.associatedTenants) {
+        let tenant = this.ts.find(
+          (currentTenant) => currentTenant.tid === tenantID
         );
-        if (target !== undefined) {
-          // we found the target
-          target[FILTER_FIELD] += workspace.id;
-          target[FILTER_FIELD] += " ";
+        if (tenant !== undefined) {
+          // we found the tenant
+          tenant[FILTER_FIELD] += workspace.id;
+          tenant[FILTER_FIELD] += " ";
         } else {
           // we should not have InitInfo missing Workspace components
           debugger;
@@ -166,99 +266,805 @@ export class InitInfo {
     }
     return true;
   }
+  #initFromObjects(ii: InitInfo) : void {
+    // user array is the only one that has a Date that must be re-created on every read
+    if(typeof ii.us === "undefined") this.us = new Array();
+    else this.us = ii.us.map((user: User) => { user.authTS = new Date(user.authTS); return user } );
+    if(typeof ii.ts === "undefined") this.ts = new Array();
+    else this.ts = ii.ts;
+    if(typeof ii.cs === "undefined") this.cs = new Array();
+    else this.cs = ii.cs;
+    if(typeof ii.ws === "undefined") this.ws = new Array();
+    else this.ws = ii.ws;
+  }
 }
-
-// get hardcoded data from JSON
-function DummyInit(ii: InitInfo)
-{
-  var usersString = JSON.stringify(users);
-  var targetsString = JSON.stringify(targets);
-  var configsString = JSON.stringify(configs);
-  var workspacesString = JSON.stringify(workspaces);
+export type TaskType = "initialization" | 
+                            "authenticate user" | 
+                            "reload React" | 
+                            "GET tenant details" | 
+                            "POST config init" |
+                            "GET workspaces" |
+                          "onboard tenant" |
+                          "create 2nd tenant" |
+                          "invite 2nd admin" |
+                          "onboard 2nd tenant" | 
+                          "create config";
+export class TaskArray {
+  tasks: Task[];  
+  constructor(bClearLocalStorage: boolean) {
+    this.tasks = [ new Task() ];
+    this.init(bClearLocalStorage);
+  }
+  // get initial data from localStorage or file
+  init(bClearLocalStorage: boolean): void {
+    console.log(`Calling TaskArray::init(bClearLocalStorage: ${bClearLocalStorage ? "true" : "false"})`);
+    // first clear task array
+    this.tasks.length = 0;
+    // then clear localStorage if we have been asked to
+    if (bClearLocalStorage) {
+      if (storageAvailable("localStorage")) localStorage.removeItem("Tasks");
+    }
+    // then try localStorage
+    if (storageAvailable("localStorage")) {
+        let result = localStorage.getItem("Tasks");
+        if (result != null && typeof result === "string" && result !== "") {
+          // properly create Tasks and Dates from retrieved string
+          let tasksString: string = result;
+          let taskArray: TaskArray = JSON.parse(tasksString);
+          this.tasks = this.#initTasksFromObjects(taskArray.tasks);
+          let l = this.tasks.length;
+          if (l !== 0) return;
+        }
+    }
+    // if here, there was nothing in localStorage, use initialization file
+    this.tasks = this.#initTasksFromObjects(tasksData);
+  }
+  // set start time for a task
+  setTaskStart(taskType: TaskType, startDate: Date): void {
+    let task: Task | undefined = this.#findTask(taskType);
+    if (task != undefined && task != null) {
+      task.setStart(startDate);
+      task.status = "in progress";
+      this.#save();
+    }
+    else {
+        debugger;
+    }
+  }
+  // set end time for a task
+  setTaskEnd(taskType: TaskType, endDate: Date, status: string): void {
+    let task: Task | undefined = this.#findTask(taskType);
+    if (task != undefined && task != null) {
+      task.setEnd(endDate);
+      task.status = status;
+      this.#save();
+    }
+    else {
+        debugger;
+    }
+  }
+  //
+  // private
+  //
+  #findTask(taskType: TaskType): Task | undefined {
+    let task: Task | undefined = this.tasks.find(t => t.task == taskType);
+    if (task == undefined || task == null) {
+      for(task of this.tasks){
+        if(task.subtasks != undefined && task.subtasks != null){
+          task = task.subtasks.find(t => t.task == taskType);
+          if(task != undefined && task != null) break;
+        }
+      }
+    }
+    return task;
+  }
+  #initTasksFromObjects(tasks: Task[]): Task[]{
+    return tasks.map((t: Task) => {
+      let newTask: Task = new Task();
+      newTask.id = t.id;
+      newTask.task = t.task;
+      newTask.setStart(new Date(t.start));
+      newTask.setEnd(new Date(t.end));
+      newTask.expected = t.expected;
+      newTask.status = t.status;
+      newTask.expanded = t.expanded;
+      if(typeof t.subtasks !== "undefined" && t.subtasks != null){
+        newTask.subtasks = t.subtasks.map((st: Task) => {
+          let newSubtask: Task = new Task();
+          newSubtask.id = st.id;
+          newSubtask.task = st.task;
+          newSubtask.setStart(new Date(st.start))
+          newSubtask.setEnd(new Date(st.end));
+          newSubtask.expected = st.expected;
+          newSubtask.status = st.status;
+          newSubtask.expanded = st.expanded;
+          return newSubtask;
+        } ) 
+      }
+      return newTask;
+    } );
+  }
+  #save(): void{
+    let taskArrayString: string = JSON.stringify(this);
+    if (storageAvailable("localStorage")) {
+      localStorage.setItem("Tasks", taskArrayString);
+    }
+  }
+}
+export class Task {
+  id: number;
+  task: string;
+  start: Date;
+  startDisplay: string;
+  end: Date;
+  endDisplay: string;
+  elapsedDisplay: string;
+  expected: number;
+  status: string;
+  expanded: boolean;
+  subtasks: Task[];
+  setEnd(endDate: Date): void{
+    this.end = endDate;
+    this.endDisplay = `${this.end.getMinutes().toString().padStart(2, "0")}:${this.end.getSeconds().toString().padStart(2, "0")}`;
+    let minuteAdjustment: number = 0;
+    let elapsedSeconds: number = this.end.getSeconds() - this.start.getSeconds();
+    if (elapsedSeconds < 0) { elapsedSeconds += 60; minuteAdjustment = -1; }
+    let elapsedMinutes: number = this.end.getMinutes() - this.start.getMinutes() + minuteAdjustment;
+    if (elapsedMinutes < 0) elapsedMinutes += 60;
+    this.elapsedDisplay = `${elapsedMinutes.toString().padStart(2, "0")}:${elapsedSeconds.toString().padStart(2, "0")}`;
+  };
+  setStart(startDate: Date): void{
+    this.start = startDate;
+    this.startDisplay = `${this.start.getMinutes().toString().padStart(2, "0")}:${this.start.getSeconds().toString().padStart(2, "0")}`;
+  };
+}
+// class corresponding to an execution of a Config - a *TenantNode* for each source tenant, each with a *TenantNode* array of target tenants
+export class BatchArray {
+  tenantNodes: TenantNode[];
+  constructor(
+    config: Config | null,
+    syncPortalGlobalState: InitInfo | null,
+    bClearLocalStorage: boolean
+  ) {
+    this.tenantNodes = new Array<TenantNode>();
+    this.init(config, syncPortalGlobalState, bClearLocalStorage);
+  }
+  // populate tenantNodes based on config tenants
+  init(
+    config: Config | null,
+    syncPortalGlobalState: InitInfo | null,
+    bClearLocalStorage: boolean
+  ) : void {
+    console.log(
+      `Calling BatchArray::init(config: "${
+        config ? config.name : "null"
+      }", bClearLocalStorage: ${bClearLocalStorage ? "true" : "false"})`
+    );
+    // first clear batch  array
+    this.tenantNodes.length = 0;
+    // then clear localStorage if we have been asked to
+    if (bClearLocalStorage) {
+      if (storageAvailable("localStorage"))
+        localStorage.removeItem(config.name);
+    }
+    // create BatchArray if passed Config and InitInfo
+    if (
+      config != null &&
+      config.tenants != null &&
+      syncPortalGlobalState != null
+    ) {
+      // create a sourceTenantNode for each Source and SourceTarget
+      config.tenants.map((tciPotentialSource: TenantConfigInfo) => {
+        if (
+          tciPotentialSource.configurationTenantType === "source" ||
+          tciPotentialSource.configurationTenantType === "sourcetarget"
+        ) {
+          let sourceTenant = syncPortalGlobalState.ts.find(
+            (t) => t.tid === tciPotentialSource.tid
+          );
+          if (sourceTenant != null) {
+            let sourceTenantNode: TenantNode = new TenantNode(
+              tciPotentialSource.tid,
+              sourceTenant.name
+            );
+            this.tenantNodes.push(sourceTenantNode);
+          } else {
+            console.log(
+              `Error: no tenant found for config source tenant ${config.name}`
+            );
+            debugger;
+            return;
+          }
+        }
+      });
+      // create targetTenantNodes for each non-matching Target and SourceTarget
+      this.tenantNodes.map((sourceTenantNode: TenantNode) => {
+        config.tenants.map((tciPotentialTarget: TenantConfigInfo) => {
+          // is this a valid target?
+          if (
+            tciPotentialTarget.configurationTenantType === "target" ||
+            tciPotentialTarget.configurationTenantType === "sourcetarget"
+          ) {
+            // is this a valid target that does not match this source?
+            if (tciPotentialTarget.tid !== sourceTenantNode.tid) {
+              let targetTenant = syncPortalGlobalState.ts.find(
+                (t) => t.tid === tciPotentialTarget.tid
+              );
+              if (targetTenant != null) {
+                let targetTenantNode: TenantNode = new TenantNode(
+                  tciPotentialTarget.tid,
+                  targetTenant.name
+                );
+                sourceTenantNode.targets.push(targetTenantNode);
+                sourceTenantNode.expanded = true;
+              } else {
+                console.log(
+                  `Error: no tenant found for config target tenant ${config.name}`
+                );
+                debugger;
+                return;
+              }
+            }
+          }
+        });
+      });
+      // then try localStorage to find any matching source tenant metrics
+      if (storageAvailable("localStorage")) {
+        let result = localStorage.getItem(config.name);
+        if (result != null && typeof result === "string" && result !== "") {
+          // TODO: retrieve any relevant stored statistics from localStorage
+          // let batchArrayString: string = result;
+          // let batchArray: BatchArray = JSON.parse(batchArrayString);
+          // batchArray.batches.map((batch: Batch) => {
+          //   config.tenants.map((tciTarget: TenantConfigInfo) => {
+          //     if(tciTarget.tid !== batch.tid) {
+          //       let target: Target = new Target(tciTarget.tid);
+          //       batch.targets.push(target);
+          //     }
+          //   });
+          // });
+        }
+      }
+    }
+  }
+  // cycle through test state machine
+  test() : void {
+    if (this.tenantNodes == null || this.tenantNodes.length == 0) {
+      // we should not have an empty batch array for a test
+      debugger;
+    }
+    // cycle through desired states for sources and targets
+    if (this.tenantNodes != null) {
+      this.tenantNodes.map((sourceTenantNode: TenantNode) => {
+        if (sourceTenantNode.read == 0)       sourceTenantNode.update(100, 50, 0, 0);
+        else if (sourceTenantNode.read == 50) sourceTenantNode.update(100, 100, 0, 0);
+        else                                  sourceTenantNode.update(0, 0, 0, 0);
+        if (sourceTenantNode.targets != null) {
+          sourceTenantNode.targets.map((targetTenantNode: TenantNode) => {
+            if (targetTenantNode.written == 0)        targetTenantNode.update(100, 0, 50, 0);
+            else if (targetTenantNode.written == 50)  targetTenantNode.update(100, 0, 100, 0);
+            else if (targetTenantNode.written == 100) targetTenantNode.update(100, 0, 99, 1);
+            else                                      targetTenantNode.update(0, 0, 0, 0);
+          });
+        }
+      });
+    }
+  }
+}
+export class TenantNode {
+  expanded: boolean;
+  status: string;
+  name: string;
+  tid: string;
+  total: number;
+  read: number;
+  written: number;
+  deferred: number;
+  targets: TenantNode[];
+  constructor(tid: string, name: string) { 
+    this.expanded = false;
+    this.name = name; 
+    this.tid = tid; 
+    this.targets = new Array<TenantNode>();
+    this.update(0, 0, 0, 0);
+  }
+  update(total: number, read: number, written: number, deferred: number): void {
+    this.total = total;
+    this.read = read;
+    this.written = written;
+    this.deferred = deferred;
+    if(this.read === 0 && this.written  === 0) this.status = "not started";
+    if(this.read > 0) {
+      if(this.read < this.total) this.status = "in progress";
+      else if(this.read === this.total) this.status = "complete";
+    }
+    else if(this.written > 0) {
+      if(this.written + this.deferred < this.total) this.status = "in progress";
+      else if(this.written === this.total) this.status = "complete";
+      else if(this.written + this.deferred === this.total) this.status = "failed";
+    }
+  }
+}
+export class APIResult {
+  result: boolean;
+  status: number;
+  error: string;
+  array: Array<Object> | null;
+  constructor() { this.result = true; this.status = 200; this.error = ""; this.array = null; }
+}
+//
+// Azure AD Graph API
+//
+//groupGet - GET /groups/{id}
+export async function groupGet(tenant: Tenant, groupid: string): Promise<{group: string, error: string}> {
+  // need a read or write access token to get graph users
+  let accessToken: string = "";
+  if(tenant.permissionType === TenantPermissionType[TenantPermissionType.read])
+    accessToken = tenant.readServicePrincipal;
+  if(tenant.permissionType === TenantPermissionType[TenantPermissionType.write])
+    accessToken = tenant.writeServicePrincipal;
+  if(accessToken === "") return { group: "", error: "no access token specified" };
+  // prepare Authorization headers as part of options
+  const headers = new Headers();
+  const bearer = `Bearer ${accessToken}`;
+  headers.append("Authorization", bearer);
+  let options = { method: "GET", headers: headers };
+  // make /groups endpoint call
   try {
-    ii.us = deserializeArray(User, usersString); 
-    ii.ts = deserializeArray(Target, targetsString);
-    ii.cs = deserializeArray(Config, configsString);
-    ii.ws = deserializeArray(Workspace, workspacesString);
-    if(!ii.tagWithWorkspaces()) return false;
-  } catch (e) {
-    debugger;
-    return false;
-  }
-  return true;
-}
-// retrieve Workspace(s), User(s), Target(s), Config(s) given logged in user
-    // three InitGet scenarios
-    // scenario 1: empty user array, read defaults
-    // scenario 2: user array with dummy user at end, return without doing anything
-    // scenario 3: user array with non-dummy user at end, call back end Init
-    //    (1) TODO: Azure AD: lookup companyDomain and companyName
-    //      look up tenant name
-    //      look up tenant domain
-    //      TODO: Mindline: post complete user to init endpoint
-    //      create and push partial tenant at end of target array
-    //      post user and partial tenant to InitInfo
-    //      Return: success return value, need to query for associations
-    //    (2) Sync NPM: ii.ws: once InitInfo completes, retrieve workspaces for the new user
-    //      TODO: Mindline: retrieve associated workspaces
-    //      Returns: associated workspaces
-    //    (3) Sync NPM:
-    //      TODO: Mindline: retrieve associated admins, targets for each workspace
-    //      ii.us / ii.ts / ii.cs: query components of each associated workspaces
-    //      Returns: users, targets, configs for each workspace
-export function InitGet(ii: InitInfo, instance: IPublicClientApplication, debug: boolean): boolean
-{
-  // if empty user array, retrieve dummy data from JSON to populate UI
-  let l = ii.us.length;
-  if(l === 0) return DummyInit(ii);
-
-  // if last user is a dummy user, then we have nothing
-  let user:User = ii.us[l-1];
-  if(user.oid === "1") return true;
-
-  // we have a real user: remove existing dummy user, target, config, workspace
-  let dummyIndex = ii.us.findIndex((u) => u.oid === "1");
-  if(dummyIndex!==-1) ii.us.splice(dummyIndex, 1);
-  dummyIndex = ii.ts.findIndex((u) => u.tid === "1");
-  if(dummyIndex!==-1) ii.ts.splice(dummyIndex, 1);
-  dummyIndex = ii.cs.findIndex((u) => u.id === "1");
-  if(dummyIndex!==-1) ii.cs.splice(dummyIndex, 1);
-  dummyIndex = ii.ws.findIndex((u) => u.id === "1");
-  if(dummyIndex!==-1) ii.ws.splice(dummyIndex, 1);
-
-  // why would instance be null here? investigate!
-  if(instance===null) {
-    debugger;
-    return false;
-  }
-
-  // valid user, query AAD for associated company name and domain
-  if(debug) debugger;
-  getTenantInfo(user, instance);
-  return true;
-}
-
-function AddTarget(): boolean
-{
-  return true;
+    let groupsEndpoint = `${graphConfig.graphGroupsEndpoint}/${groupid}`;
+    let response = await fetch(groupsEndpoint, options);
+    let data = await response.json();
+    if(typeof data.error !== "undefined"){
+      return { group: "", error: `${data.error.code}: ${data.error.message}` };
+    }
+    return { group: data.value, error: `` };
+  }
+  catch(error: any) {
+    console.log(error);
+    return { group: "", error: `Exception: ${error}` };
+  }
+}
+//groupsGet - GET /groups
+export async function groupsGet(tenant: Tenant, groupSearchString: string): Promise<{groups: Group[], error: string}> {
+  // need a read or write access token to get graph users
+  let accessToken: string = "";
+  if(tenant.permissionType === TenantPermissionType[TenantPermissionType.read])
+    accessToken = tenant.readServicePrincipal;
+  if(tenant.permissionType === TenantPermissionType[TenantPermissionType.write])
+    accessToken = tenant.writeServicePrincipal;
+  if(accessToken === "") return { groups: [], error: "no access token specified" };
+  // prepare Authorization headers as part of options
+  const headers = new Headers();
+  const bearer = `Bearer ${accessToken}`;
+  headers.append("Authorization", bearer);
+  let options = { method: "GET", headers: headers };
+  // make /groups endpoint call
+  try {
+    let groupsEndpoint = `${graphConfig.graphGroupsEndpoint}/?$filter=startsWith(displayName, '${groupSearchString}')`;
+    let response = await fetch(groupsEndpoint, options);
+    let data = await response.json();
+    if(typeof data.error !== "undefined"){
+      return { groups: [], error: `${data.error.code}: ${data.error.message}` };
+    }
+    return { groups: data.value, error: `` };
+  }
+  catch(error: any) {
+    console.log(error);
+    return { group: "", error: `Exception: ${error}` };
+  }
 }
-
-function CompleteTarget(): boolean
+export function signIn(user: User, tasks: TaskArray): void {
+  let tenantURL: string = window.location.href;
+  tenantURL += "MicrosoftIdentity/Account/Challenge";
+  let url: URL = new URL(tenantURL);
+  url.searchParams.append("redirectUri", window.location.origin);
+  url.searchParams.append("scope", "openid offline_access profile user.read contacts.read CrossTenantInformation.ReadBasic.All");
+  url.searchParams.append("domainHint", "organizations");
+  if (user.oid !== "1"){
+    url.searchParams.append("loginHint", user.mail);
+  }
+  tasks.setTaskStart("initialization", new Date());
+  tasks.setTaskStart("authenticate user", new Date());
+  window.location.assign(url.href);
+}
+export function signInIncrementally(user: User, scope: string): void {
+  if (user.oid == "1") return;
+  let tenantURL: string = window.location.href;
+  tenantURL += "MicrosoftIdentity/Account/Challenge";
+  let url: URL = new URL(tenantURL);
+  url.searchParams.append("redirectUri", window.location.origin);
+  let scopes = scope;
+  url.searchParams.append("scope", scopes);
+  url.searchParams.append("domainHint", "organizations");
+  url.searchParams.append("loginHint", user.mail);
+  window.location.assign(url.href);
+}
+export function signOut(user: User): void {
+  if (user.oid == "1") return;
+  // these lines provide more callbacks during logout
+      //let tenantURL: string = window.location.href;
+      //tenantURL += "MicrosoftIdentity/Account/SignOut";
+  // this line takes advantage of our saved loginHint to logout right away, but requires additional  cleanup logic
+  // https://aaddevsup.azurewebsites.net/2022/03/how-to-logout-of-an-oauth2-application-without-getting-prompted-to-select-a-user/
+  let tenantURL: string = "https://login.microsoftonline.com/common/oauth2/logout";
+  let url: URL = new URL(tenantURL);
+  url.searchParams.append("post_logout_redirect_uri", window.location.origin);
+  url.searchParams.append("logout_hint", user.loginHint);
+  window.location.assign(url.href);
+}
+//tenantRelationshipsGetByDomain - query AAD for associated company name and id
+export async function tenantRelationshipsGetByDomain(loggedInUser: User, tenant: Tenant, instance: IPublicClientApplication, debug: boolean): Promise<boolean> {
+  if (debug) debugger;
+  // do we already have a valid tenant name? if so, nothing to add
+  if (typeof tenant.name !== 'undefined' && tenant.name !== "") return false;
+  // if needed, retrieve and cache access token
+  if (typeof loggedInUser.accessToken === 'undefined' || loggedInUser.accessToken === "") {
+    console.log(`tenantRelationshipsGetByDomain called with invalid logged in user: ${loggedInUser.name}`);
+    try {
+      let response: AuthenticationResult = await instance.acquireTokenByCode({ code: loggedInUser.spacode });
+      loggedInUser.accessToken = response.accessToken; // cache access token on the user
+      console.log("Front end token acquired: " + loggedInUser.accessToken.slice(0,20));
+    }
+    catch(error: any) {
+      console.log("Front end token failure: " + error);
+      return false; // failed to get access token, no need to re-render
+    }
+  }
+  // prepare Authorization headers as part of options
+  const headers = new Headers();
+  const bearer = `Bearer ${loggedInUser.accessToken}`;
+  headers.append("Authorization", bearer);
+  let options = { method: "GET", headers: headers };
+  // make tenant endpoint call
+  try {
+    // create tenant info endpoint
+    var tenantEndpoint = graphConfig.graphTenantByDomainEndpoint;
+    tenantEndpoint += "(domainName='";
+    tenantEndpoint += tenant.domain;
+    tenantEndpoint += "')";
+    console.log("Attempting GET from /findTenantInformationByDomainName:", tenantEndpoint);
+    let response = await fetch(tenantEndpoint, options);
+    let data = await response.json();
+    if(data) {
+      if(typeof data.error !== "undefined") {
+        console.log("Failed GET from /findTenantInformationByDomainName: ", data.error.message);
+        return false;
+      }
+      else if (typeof data.displayName !== undefined && data.displayName !== "") {
+        // set domain information on passed tenant
+        tenant.tid = data.tenantId;
+        tenant.name = data.displayName;
+        console.log("Successful GET from /findTenantInformationByDomainName: ", data.displayName);
+        return true;  // success, need UX to re-render
+      }
+    }
+    else{
+      console.log("Failed to GET from /findTenantInformationByTenantId: ", tenantEndpoint);
+    }
+  }
+  catch(error: any) {
+    console.log("Failed to GET from /findTenantInformationByTenantId: ", error);
+    return false; // failed, no need for UX to re-render
+  }
+  return false; // failed, no need for UX to re-render
+}
+//tenantRelationshipsGetById - query AAD for associated company name and domain
+export async function tenantRelationshipsGetById(user: User, ii: InitInfo, instance: IPublicClientApplication, tasks: TaskArray, debug: boolean): Promise<boolean> {
+  if (debug) debugger;
+  // do we already have a valid company name? if so, nothing to add, no need for UX to re-render
+  if (typeof user.companyName !== 'undefined' && user.companyName !== "") return false;
+  // if needed, retrieve and cache access token
+  if (typeof user.accessToken === 'undefined' || user.accessToken === "") {
+    try {
+      let response: AuthenticationResult = await instance.acquireTokenByCode({ code: user.spacode });
+      user.accessToken = response.accessToken; // cache access token
+      console.log("Front end token acquired: " + user.accessToken.slice(0,20));
+    }
+    catch(error: any) {
+      console.log("Front end token failure: " + error);
+      return false; // failed to get access token, no need to re-render
+    }
+  }
+  // prepare Authorization headers as part of options
+  const headers = new Headers();
+  const bearer = `Bearer ${user.accessToken}`;
+  headers.append("Authorization", bearer);
+  let options = { method: "GET", headers: headers };
+  // make tenant endpoint call
+  try {
+    // create tenant info endpoint
+    var tenantEndpoint = graphConfig.graphTenantByIdEndpoint;
+    tenantEndpoint += "(tenantId='";
+    tenantEndpoint += user.tid;
+    tenantEndpoint += "')";
+    // track time of tenant details query
+    tasks.setTaskStart("GET tenant details", new Date());
+    console.log("Attempting GET from /findTenantInformationByTenantId:", tenantEndpoint);
+    let response = await fetch(tenantEndpoint, options);
+    let data = await response.json();
+    if(data && typeof data.displayName !== undefined && data.displayName !== "") {
+      // set domain information on user
+      user.companyName = data.displayName;
+      user.companyDomain = data.defaultDomainName;
+      // set domain information on tenant
+      let tenant: Tenant | undefined = ii.ts.find((t) => t.tid === user.tid);
+      if(tenant !== undefined){
+        tenant.name = data.displayName;
+        tenant.domain = data.defaultDomainName;
+      }
+      else{
+        console.log("tenantRelationshipsGetById: missing associated tenant for logged in user.");
+        debugger;
+      } 
+      console.log("Successful GET from /findTenantInformationByTenantId: ", data.displayName);
+      tasks.setTaskEnd("GET tenant details", new Date(), "complete");
+      return true;  // success, need UX to re-render
+    }
+    else{
+      console.log("Failed to GET from /findTenantInformationByTenantId: ", tenantEndpoint);
+    }
+  }
+  catch(error: any) {
+    console.log("Failed to GET from /findTenantInformationByTenantId: ", error);
+    tasks.setTaskEnd("GET tenant details", new Date(), "failed");
+    return false; // failed, no need for UX to re-render
+  }
+  tasks.setTaskEnd("GET tenant details", new Date(), "failed");
+  return false; // failed, no need for UX to re-render
+}
+//usersGet - GET from AAD Users endpoint
+export async function usersGet(tenant: Tenant): Promise<{users: string[], error: string}> {
+  // need a read or write access token to get graph users
+  let accessToken: string = "";
+  if(tenant.permissionType === TenantPermissionType[TenantPermissionType.read])
+    accessToken = tenant.readServicePrincipal;
+  if(tenant.permissionType === TenantPermissionType[TenantPermissionType.write])
+    accessToken = tenant.writeServicePrincipal;
+  if(accessToken === "") return { users: [], error: "no access token specified" };
+  // prepare Authorization headers as part of options
+  const headers = new Headers();
+  const bearer = `Bearer ${accessToken}`;
+  headers.append("Authorization", bearer);
+  let options = { method: "GET", headers: headers };
+  // make /users endpoint call
+  try {
+    let response = await fetch(graphConfig.graphUsersEndpoint, options);
+    let data = await response.json();
+    if(typeof data.error !== "undefined"){
+      return { users: [], error: `${data.error.code}: ${data.error.message}` };
+    }
+    let users = new Array<User>();
+    for (let user of data.value) {
+      users.push(user.mail);
+    }
+    return { users: users, error: `` };
+ }
+  catch(error: any) {
+    console.log(error);
+    return { users: [], error: `Exception: ${error}` };
+  }
+}
+//
+// Mindline Config API
+//
+export async function configEdit(instance: IPublicClientApplication, authorizedUser: User, config: Config, workspaceId: string, debug: boolean): Promise<APIResult> {
+  let result: APIResult = new APIResult();
+  if (config.id === "1") {
+    result = await configPost(instance, authorizedUser, config, workspaceId, debug);
+  }
+  else {
+    result = await configPut(instance, authorizedUser, config, debug);
+  }
+  return result;
+}
+export async function configRemove(instance: IPublicClientApplication, authorizedUser: User, config: Config, workspaceId: string, debug: boolean): Promise<APIResult> {
+  return configDelete(instance, authorizedUser, config, workspaceId, debug);
+}
+// retrieve Workspace(s), User(s), Tenant(s), Config(s) given newly logged in user
+export async function initGet(instance: IPublicClientApplication, authorizedUser: User, user: User, ii: InitInfo, tasks: TaskArray, debug: boolean): Promise<APIResult>
 {
-  return true;
+  let result: APIResult = new APIResult();
+  if (debug) debugger;
+  // get tenant name and domain from AAD
+  result.result = await tenantRelationshipsGetById(user, ii, instance, tasks, debug);
+  // if this is the first time, we have just gotten tenant info, then we must POST user and not-yet-onboarded tenant to back end
+  if (result.result) {
+    tasks.setTaskStart("POST config init", new Date());
+    result = await initPost(instance, authorizedUser, user, debug);
+    tasks.setTaskEnd("POST config init", new Date(), result.result ? "complete" : "failed");
+  }
+  // simlarly, if we just did our first post, then query config backend for workspace(s) associated with this user
+  if (result.result) {
+    tasks.setTaskStart("GET workspaces", new Date());
+    result = await workspaceInfoGet(instance, authorizedUser, user, ii, debug);
+    tasks.setTaskEnd("GET workspaces", new Date(), result ? "complete" : "failed");
+  }
+  if(result.result) result.error = version;
+  return result;
+}
+export async function tenantAdd(instance: IPublicClientApplication, authorizedUser: User, tenant: Tenant, workspaceId: string): Promise<APIResult> {
+  return tenantPost(instance, authorizedUser, tenant, workspaceId);
+}
+export async function tenantComplete(instance: IPublicClientApplication, authorizedUser: User, tenant: Tenant, debug: boolean): Promise<APIResult> {
+  return tenantPut(instance, authorizedUser, tenant, debug);
+}
+export async function tenantRemove(instance: IPublicClientApplication, authorizedUser: User, tenant: Tenant, workspaceId: string, debug: boolean): Promise<APIResult> {
+  return tenantDelete(instance, authorizedUser, tenant, workspaceId, debug);
+}
+export async function userAdd(instance: IPublicClientApplication, authorizedUser: User, user: User, workspaceId: string): Promise<APIResult> {
+  return adminPost(instance, authorizedUser, user, workspaceId);
 }
-
-function AddUser(): boolean
+export async function userRemove(instance: IPublicClientApplication, authorizedUser: User, user: User, workspaceId: string): Promise<APIResult> {
+  return adminDelete(instance, authorizedUser, user, workspaceId);
+}
+//
+// Mindline Config API internal helper functions
+//
+function processReturnedAdmins(workspace: Workspace, ii: InitInfo, returnedAdmins: Array<Object>)
 {
-  return true;
+  returnedAdmins.map((item) => {
+    // are we already tracking this user?
+    let user: User|null = null;
+    let usIndex = ii.us.findIndex((u) => u.oid === item.userId);
+    if(usIndex===-1) {
+      // start tracking
+      let dummyIndex = ii.us.findIndex((u) => u.oid === "1");
+      if(dummyIndex!==-1) {
+        // clear and overwrite dummy
+        user = ii.us.at(dummyIndex);
+        user.associatedWorkspaces.length = 0;
+      }
+      else {
+        // create and track new user
+        user = new User();
+        ii.us.push(user);
+      }
+    } else {
+      // already tracking this user
+      user = ii.us.at(usIndex);
+    }
+    // refresh all the data available from the server
+    user.oid = item.userId;
+    user.name = item.firstName;
+    user.mail = item.email;
+    user.tid = item.tenantId;
+    // ensure this workspace tracks this user
+    let idx = workspace.associatedUsers.findIndex((u) => u === item.userId);
+    if(idx == -1) workspace.associatedUsers.push(item.userId);
+  });
 }
-
-function CompleteUser(): boolean
+function processReturnedTenants(workspace: Workspace, ii: InitInfo, returnedTenants: Array<Object>)
 {
-  return true;
+  returnedTenants.map((item) => {
+    // are we already tracking this tenant?
+    let tenant: Tenant|null = null;
+    let tsIndex = ii.ts.findIndex((t) => t.tid === item.tenantId);
+    if (tsIndex === -1) {
+      // start tracking
+      let dummyIndex = ii.ts.findIndex((t) => t.tid === "1");
+      if (dummyIndex !== -1) {
+        // clear and overwrite dummy
+        tenant = ii.ts.at(dummyIndex);
+      } else {
+        // create and track new workspace
+        tenant = new Tenant();
+        ii.ts.push(tenant);
+      }
+    } else {
+      // already tracking this tenant
+      tenant = ii.ts.at(tsIndex);
+    }
+    tenant.tid = item.tenantId;
+    tenant.name = item.name;
+    tenant.domain = item.domain;
+    tenant.tenantType = item.type.toLowerCase(); // should now be strings
+    tenant.permissionType = item.permissionType.toLowerCase(); // should now be strings
+    tenant.onboarded = item.isOnboarded ? "true" : "false";
+    tenant.authority = item.authority;
+    tenant.readServicePrincipal = item.readServicePrincipal;
+    tenant.writeServicePrincipal = item.writeServicePrincipal;
+    // ensure this workspace tracks this tenant
+    let idx = workspace.associatedTenants.findIndex((t) => t === item.tenantId);
+    if (idx == -1) workspace.associatedTenants.push(item.tenantId);
+  });
 }
-
-function CreateConfig(): boolean
+function processReturnedConfigs(workspace: Workspace, ii: InitInfo, returnedConfigs: Array<Object>)
 {
-  return true;
+  // process returned configs
+  returnedConfigs.map((item) => {
+    // are we already tracking this config?
+    let config: Config | null = null;
+    let csIndex = ii.cs.findIndex((c) => c.id === item.id);
+    if (csIndex === -1) {
+      // start tracking
+      let dummyIndex = ii.cs.findIndex((c) => c.id === "1");
+      if (dummyIndex !== -1) {
+        // clear and overwrite dummy
+        config = ii.cs.at(dummyIndex);
+      } else {
+        // create and track new workspace
+        config = new Config();
+        ii.cs.push(config);
+      }
+    } else {
+      // already tracking this config
+      config = ii.cs.at(csIndex);
+    }
+    config!.id = item.id;
+    config!.name = item.name;
+    config!.description = item.description;
+    config!.isEnabled = item.isEnabled;
+    // create TenantConfigInfo array
+    config!.tenants.length = 0;
+    item.tenants.map((tci) => {
+      let tenantConfigInfo = new TenantConfigInfo();
+      tenantConfigInfo.tid = tci.tenantId;
+      tenantConfigInfo.sourceGroupId = tci.sourceGroupId;
+      tenantConfigInfo.sourceGroupName = tci.sourceGroupName;
+      tenantConfigInfo.configurationTenantType = tci.configurationTenantType.toLowerCase();
+      config!.tenants.push(tenantConfigInfo);
+    });
+    // ensure this workspace tracks this config
+    let idx = workspace.associatedConfigs.findIndex((c) => c === item.id);
+    if (idx == -1) workspace.associatedConfigs.push(item.id);
+  });
+}
+async function workspaceInfoGet(instance: IPublicClientApplication, authorizedUser: User, user: User, ii: InitInfo, debug: boolean): Promise<APIResult> {
+  let result: APIResult = new APIResult();
+  if (debug) debugger;
+  try {
+    result = await workspacesGet(instance, authorizedUser, user, debug);
+    if (result.result) {
+      for (let o of result.array!) {
+        // are we already tracking this workspace?
+        let workspace: Workspace = null;
+        let wsIndex = ii.ws.findIndex((w) => w.id === o.id);
+        if (wsIndex === -1) {
+          // start tracking
+          let dummyIndex = ii.ws.findIndex((w) => w.id === "1");
+          if(dummyIndex !== -1) {
+            // clear and overwrite dummy
+            workspace = ii.ws.at(dummyIndex);
+          }
+          else {
+            // create and track new workspace
+            workspace = new Workspace();
+            ii.ws.push(workspace);
+          }
+        } else {
+          // already tracking this workspace
+          workspace = ii.ws.at(wsIndex);
+        }
+        // clear associations as we are about to reset
+        workspace.associatedUsers.length = 0;
+        workspace.associatedTenants.length = 0;
+        workspace.associatedConfigs.length = 0;
+        workspace.id = o.id;
+        workspace.name = o.name;
+        // parallel GET admins, tenants, configs associated with this workspace
+        let adminsPromise: Promise<APIResult> = adminsGet(instance, authorizedUser, workspace.id, debug);
+        let tenantsPromise: Promise<APIResult> = tenantsGet(instance, authorizedUser, workspace.id, debug);
+        let configsPromise: Promise<APIResult> = configsGet(instance, authorizedUser, workspace.id, debug);
+        // wait for all to finish, return on any failure
+        let [adminsResult, tenantsResult, configsResult] = await Promise.all([adminsPromise, tenantsPromise, configsPromise]);
+        if(!adminsResult.result) return adminsResult;
+        if(!tenantsResult.result) return tenantsResult;
+        if(!configsResult.result) return configsResult;
+        // process returned workspace components
+        processReturnedAdmins(workspace, ii, adminsResult.array!);
+        processReturnedTenants(workspace, ii, tenantsResult.array!);
+        processReturnedConfigs(workspace, ii, configsResult.array!);
+        // tag components with workspaceIDs
+        ii.tagWithWorkspaces();
+      }
+      return result;
+    }
+  }
+  catch (error: any) {
+    console.log(error.message);
+    result.error = error.message;
+  }
+  result.result = false;
+  result.status = 500;
+  return result;
 }