@mondaydotcomorg/monday-authorization 1.0.40 → 1.0.42
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,10 +1,17 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { Action, Resource } from './types/general';
|
|
2
|
+
import { Action, AuthorizationObject, Resource } from './types/general';
|
|
3
3
|
export interface AuthorizeResponse {
|
|
4
4
|
isAuthorized: boolean;
|
|
5
5
|
unauthorizedIds?: number[];
|
|
6
6
|
}
|
|
7
7
|
export declare function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
|
|
8
8
|
export declare class AuthorizationService {
|
|
9
|
+
/**
|
|
10
|
+
* @deprecated use the second form with authorizationRequestObjects instead,
|
|
11
|
+
* support of this function will be dropped gradually
|
|
12
|
+
*/
|
|
9
13
|
static isAuthorized(accountId: number, userId: number, resources: Resource[], action: Action): Promise<AuthorizeResponse>;
|
|
14
|
+
static isAuthorized(accountId: number, userId: number, authorizationRequestObjects: AuthorizationObject[]): Promise<AuthorizeResponse>;
|
|
15
|
+
private static isAuthorizedSingular;
|
|
16
|
+
private static isAuthorizedMultiple;
|
|
10
17
|
}
|
|
@@ -46,10 +46,28 @@ function setRequestFetchOptions(customMondayFetchOptions) {
|
|
|
46
46
|
}
|
|
47
47
|
exports.setRequestFetchOptions = setRequestFetchOptions;
|
|
48
48
|
class AuthorizationService {
|
|
49
|
-
static isAuthorized(
|
|
49
|
+
static isAuthorized(...args) {
|
|
50
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
51
|
+
if (args.length === 3) {
|
|
52
|
+
return this.isAuthorizedMultiple(args[0], args[1], args[2]);
|
|
53
|
+
}
|
|
54
|
+
else if (args.length == 4) {
|
|
55
|
+
return this.isAuthorizedSingular(args[0], args[1], args[2], args[3]);
|
|
56
|
+
}
|
|
57
|
+
else {
|
|
58
|
+
throw new Error('isAuthorized accepts either 3 or 4 arguments');
|
|
59
|
+
}
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
static isAuthorizedSingular(accountId, userId, resources, action) {
|
|
50
63
|
return __awaiter(this, void 0, void 0, function* () {
|
|
51
|
-
const internalAuthToken = monday_jwt_1.signAuthorizationHeader(INTERNAL_APP_NAME, accountId);
|
|
52
64
|
const { authorizationObjects } = createAuthorizationParams(resources, action);
|
|
65
|
+
return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
static isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
69
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
70
|
+
const internalAuthToken = monday_jwt_1.signAuthorizationHeader(INTERNAL_APP_NAME, accountId);
|
|
53
71
|
const startTime = perf_hooks_1.performance.now();
|
|
54
72
|
const response = yield monday_fetch_1.fetch(getUrl(), {
|
|
55
73
|
method: 'POST',
|
|
@@ -57,29 +75,29 @@ class AuthorizationService {
|
|
|
57
75
|
timeout: getRequestTimeout(),
|
|
58
76
|
body: JSON.stringify({
|
|
59
77
|
user_id: userId,
|
|
60
|
-
authorize_request_objects:
|
|
78
|
+
authorize_request_objects: authorizationRequestObjects,
|
|
61
79
|
}),
|
|
62
80
|
}, mondayFetchOptions);
|
|
63
81
|
const endTime = perf_hooks_1.performance.now();
|
|
64
82
|
const time = endTime - startTime;
|
|
65
83
|
const responseStatus = response.status;
|
|
66
|
-
prometheus_service_1.sendAuthorizationChecksPerRequestMetric(responseStatus,
|
|
84
|
+
prometheus_service_1.sendAuthorizationChecksPerRequestMetric(responseStatus, authorizationRequestObjects.length);
|
|
67
85
|
if (!response.ok) {
|
|
68
86
|
logger.error({ status: response.status }, 'AuthorizationService: authorization request failed');
|
|
69
87
|
const isAuthorized = false;
|
|
70
|
-
|
|
71
|
-
prometheus_service_1.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, action, isAuthorized, responseStatus, time);
|
|
88
|
+
authorizationRequestObjects.forEach(function (authorizationObject) {
|
|
89
|
+
prometheus_service_1.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
|
|
72
90
|
});
|
|
73
91
|
return { isAuthorized };
|
|
74
92
|
}
|
|
75
93
|
const responseBody = yield response.json();
|
|
76
94
|
const unauthorizedObjects = [];
|
|
77
95
|
responseBody.result.forEach(function (isAuthorized, index) {
|
|
78
|
-
const authorizationObject =
|
|
96
|
+
const authorizationObject = authorizationRequestObjects[index];
|
|
79
97
|
if (!isAuthorized) {
|
|
80
98
|
unauthorizedObjects.push(authorizationObject);
|
|
81
99
|
}
|
|
82
|
-
prometheus_service_1.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, action, isAuthorized, responseStatus, time);
|
|
100
|
+
prometheus_service_1.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
|
|
83
101
|
});
|
|
84
102
|
if (unauthorizedObjects.length > 0) {
|
|
85
103
|
logger.info({
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mondaydotcomorg/monday-authorization",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.42",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "BSD-3-Clause",
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
"@mondaydotcomorg/monday-jwt": "^2.0.4",
|
|
14
14
|
"@mondaydotcomorg/monday-logger": "^3.0.6",
|
|
15
15
|
"@types/express": "^4.17.12",
|
|
16
|
-
"node-fetch": "^2.6.
|
|
16
|
+
"node-fetch": "^2.6.7",
|
|
17
17
|
"ts-node": "^10.0.0"
|
|
18
18
|
},
|
|
19
19
|
"devDependencies": {
|
|
@@ -30,5 +30,5 @@
|
|
|
30
30
|
"files": [
|
|
31
31
|
"dist/"
|
|
32
32
|
],
|
|
33
|
-
"gitHead": "
|
|
33
|
+
"gitHead": "ca2ac56ab29af9fda731e72186e2f9beba2e318c"
|
|
34
34
|
}
|