npm - @mondaydotcomorg/monday-authorization - Versions diffs - 1.0.53 → 1.1.1 - Mend

@mondaydotcomorg/monday-authorization 1.0.53 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/CHANGELOG.md +18 -0
package/README.md +40 -5
package/dist/index.js +3 -3
package/dist/lib/authorization-middleware.js +1 -1
package/dist/lib/authorization-service.d.ts +2 -2
package/dist/lib/authorization-service.js +24 -22
package/dist/lib/types/general.d.ts +10 -10
package/dist/lib/types/scoped-actions-contracts.d.ts +1 -1
package/package.json +3 -3

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,18 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+The format is based on [Keep a Changelog](http://keepachangelog.com/)
+and this project adheres to [Semantic Versioning](http://semver.org/).
+## [1.1.0] - 2023-08-09
+### ⚠ BREAKING CHANGES
+- `canActionInScope` now returns an object of type `{ can: boolean; reason: string; }` instead of `boolean`.
+  This version is considered minor because no one uses this function yet.
+### Changed
+- [`feature/idan/can-action-in-scope/change-behavior-on-error (#3689)`](https://github.com/DaPulse/monday-npm-packages/pull/3689)
+  - `canActionInScope`, `canActionInScopeMultiple` and `isAuthorized` are now throwing an error instead of returning `false` when an error occurs as part of the authorization http request (status code is not 2XX)

package/README.md CHANGED Viewed

@@ -15,6 +15,7 @@ show is the action, post is the resource.
 ```
 yarn add @mondaydotcomorg/monday-authorization
 ```
 First init the package in order for it to work properly <br>
 app.ts:
@@ -34,8 +35,7 @@ startServer(...)
 **Recommended** - optionally init authorization with redisClient so the granted feature results will be cached and reduce http calls.
-- grantedFeatureRedisExpirationInSeconds - (optional), redis TTL for cached granted features, default set to 5 minutes
+- grantedFeatureRedisExpirationInSeconds - (optional), redis TTL for cached granted features, default set to 5 minutes
 ## Usage
@@ -90,14 +90,49 @@ Add `authorizationCheckMiddleware` to make sure that all routes are covered by a
 middleware before you define the routes.
 If you want to skip authorization, use `skipAuthorizationMiddleware`.
 ### Granted Features API
 Use `AuthorizationService.isUserGrantedWithFeature(accountId: number, userId: number, featureName: string): Promise<boolean>` to retrieve if a user is granted with a feature
 ```ts
-import {AuthorizationService, init} from '@mondaydotcomorg/monday-authorization';
+import { AuthorizationService, init } from '@mondaydotcomorg/monday-authorization';
-let isFeatuerGranted = await AuthorizationService.isUserGrantedWithFeature(739628, 2, "unauthorized_content_change_message")
+const isFeatuerGranted = await AuthorizationService.isUserGrantedWithFeature(
+  739628,
+  2,
+  'unauthorized_content_change_message'
+);
+```
+### IsAuthorized API
+```ts
+const authorizationRequestObject = { resource_type: 'board', resource_id: 1234, action: 'show' };
+const isAuthorizedResponse = await AuthorizationService.isAuthorized(accountId, userId, [authorizationRequestObject]);
+const isAuthorized = isAuthorizedResponse.isAuthorized;
 ```
+### canActionInScope API
+```ts
+import { AuthorizationService, ScopedActionResponseObject } from '@mondaydotcomorg/monday-authorization';
+const { can, reason } = await AuthorizationService.canActionInScope(accountId, userId, 'create_main_boards', {
+  workspaceId: 101,
+});
+// or in plural way
+const canActionInScopeMultipleResponse: ScopedActionResponseObject[] =
+  await AuthorizationService.canActionInScopeMultiple(accountId, userId, [
+    { action: 'create_main_boards', scope: { workspaceId: 101 } },
+    { action: 'create_private_boards', scope: { workspaceId: 102 } },
+  ]);
+/***
+ * canActionInScopeMultipleResponse is an array containing:
+ * [
+ *   { scopedAction: { action: 'create_main_boards', scope: { workspaceId: 101 } }, permit: { can: true, reason: { key: '' } } },
+ *   { scopedAction: { action: 'create_private_boards', scope: { workspaceId: 102 } }, permit: { can: false, reason: { key: 'ms-authorization.enforcement.reasons.by_role_in_scope' } } }
+ * ]
+ * /
+```

package/dist/index.js CHANGED Viewed

@@ -5,13 +5,13 @@ const prometheus_service_1 = require("./lib/prometheus-service");
 const authorization_service_1 = require("./lib/authorization-service");
 function init(options = {}) {
     if (options.prometheus) {
-        prometheus_service_1.setPrometheus(options.prometheus);
+        (0, prometheus_service_1.setPrometheus)(options.prometheus);
     }
     if (options.mondayFetchOptions) {
-        authorization_service_1.setRequestFetchOptions(options.mondayFetchOptions);
+        (0, authorization_service_1.setRequestFetchOptions)(options.mondayFetchOptions);
     }
     if (options.redisClient) {
-        authorization_service_1.setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
+        (0, authorization_service_1.setRedisClient)(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
     }
 }
 exports.init = init;

package/dist/lib/authorization-middleware.js CHANGED Viewed

@@ -40,7 +40,7 @@ function skipAuthorizationMiddleware(request, response, next) {
 exports.skipAuthorizationMiddleware = skipAuthorizationMiddleware;
 function authorizationCheckMiddleware(request, response, next) {
     if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-        on_headers_1.default(response, function () {
+        (0, on_headers_1.default)(response, function () {
             if (response.statusCode < 400) {
                 authorization_internal_service_1.AuthorizationInternalService.failIfNotCoveredByAuthorization(request);
             }

package/dist/lib/authorization-service.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { Action, AuthorizationObject, Resource } from './types/general';
-import { ScopedAction, ScopedActionResponseObject, ScopeOptions } from 'lib/types/scoped-actions-contracts';
+import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from 'lib/types/scoped-actions-contracts';
 export interface AuthorizeResponse {
     isAuthorized: boolean;
     unauthorizedIds?: number[];
@@ -19,7 +19,7 @@ export declare class AuthorizationService {
     static isUserGrantedWithFeature(accountId: number, userId: number, featureName: string): Promise<boolean>;
     private static fetchIsUserGrantedWithFeature;
     private static getCachedKeyName;
-    static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<boolean>;
+    static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
     static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
     private static isAuthorizedSingular;
     private static isAuthorizedMultiple;

package/dist/lib/authorization-service.js CHANGED Viewed

@@ -1,7 +1,11 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];
@@ -106,16 +110,16 @@ class AuthorizationService {
         return __awaiter(this, void 0, void 0, function* () {
             const scopedActions = [{ action, scope }];
             const scopedActionResponseObjects = yield this.canActionInScopeMultiple(accountId, userId, scopedActions);
-            return scopedActionResponseObjects[0].permit.can;
+            return scopedActionResponseObjects[0].permit;
         });
     }
     static canActionInScopeMultiple(accountId, userId, scopedActions) {
         return __awaiter(this, void 0, void 0, function* () {
-            const internalAuthToken = monday_jwt_1.signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
-            const scopedActionsPayload = scopedActions.map((scopedAction) => {
-                return Object.assign(Object.assign({}, scopedAction), { scope: lodash_1.mapKeys(scopedAction.scope, (_, key) => lodash_1.snakeCase(key)) }); // for example: { workspaceId: 1 } => { workspace_id: 1 }
+            const internalAuthToken = (0, monday_jwt_1.signAuthorizationHeader)({ appName: INTERNAL_APP_NAME, accountId, userId });
+            const scopedActionsPayload = scopedActions.map(scopedAction => {
+                return Object.assign(Object.assign({}, scopedAction), { scope: (0, lodash_1.mapKeys)(scopedAction.scope, (_, key) => (0, lodash_1.snakeCase)(key)) }); // for example: { workspaceId: 1 } => { workspace_id: 1 }
             });
-            const response = yield monday_fetch_1.fetch(getCanActionsInScopesUrl(), {
+            const response = yield (0, monday_fetch_1.fetch)(getCanActionsInScopesUrl(), {
                 method: 'POST',
                 headers: { Authorization: internalAuthToken, 'Content-Type': 'application/json' },
                 timeout: getRequestTimeout(),
@@ -124,10 +128,7 @@ class AuthorizationService {
                     scoped_actions: scopedActionsPayload,
                 }),
             }, mondayFetchOptions);
-            if (!response.ok) {
-                logger.error({ status: response.status }, 'AuthorizationService: authorization request failed - canActionInScopeMultiple');
-                return scopedActions.map((scopedAction) => ({ scopedAction, permit: { can: false, reason: { key: 'internal error' } } }));
-            }
+            throwOnHttpErrorIfNeeded(response, 'canActionInScopeMultiple');
             const responseBody = yield response.json();
             return responseBody.result;
         });
@@ -140,9 +141,9 @@ class AuthorizationService {
     }
     static isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
         return __awaiter(this, void 0, void 0, function* () {
-            const internalAuthToken = monday_jwt_1.signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
+            const internalAuthToken = (0, monday_jwt_1.signAuthorizationHeader)({ appName: INTERNAL_APP_NAME, accountId, userId });
             const startTime = perf_hooks_1.performance.now();
-            const response = yield monday_fetch_1.fetch(getAuthorizeUrl(), {
+            const response = yield (0, monday_fetch_1.fetch)(getAuthorizeUrl(), {
                 method: 'POST',
                 headers: { Authorization: internalAuthToken, 'Content-Type': 'application/json' },
                 timeout: getRequestTimeout(),
@@ -154,15 +155,8 @@ class AuthorizationService {
             const endTime = perf_hooks_1.performance.now();
             const time = endTime - startTime;
             const responseStatus = response.status;
-            prometheus_service_1.sendAuthorizationChecksPerRequestMetric(responseStatus, authorizationRequestObjects.length);
-            if (!response.ok) {
-                logger.error({ status: response.status }, 'AuthorizationService: authorization request failed');
-                const isAuthorized = false;
-                authorizationRequestObjects.forEach(function (authorizationObject) {
-                    prometheus_service_1.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
-                });
-                return { isAuthorized };
-            }
+            (0, prometheus_service_1.sendAuthorizationChecksPerRequestMetric)(responseStatus, authorizationRequestObjects.length);
+            throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
             const responseBody = yield response.json();
             const unauthorizedObjects = [];
             responseBody.result.forEach(function (isAuthorized, index) {
@@ -170,7 +164,7 @@ class AuthorizationService {
                 if (!isAuthorized) {
                     unauthorizedObjects.push(authorizationObject);
                 }
-                prometheus_service_1.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
+                (0, prometheus_service_1.sendAuthorizationCheckResponseTimeMetric)(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
             });
             if (unauthorizedObjects.length > 0) {
                 logger.info({
@@ -220,3 +214,11 @@ function getRequestTimeout() {
     const isDevEnv = process.env.NODE_ENV === 'development';
     return isDevEnv ? 60000 : 2000;
 }
+function throwOnHttpErrorIfNeeded(response, placement) {
+    if (response.ok) {
+        return;
+    }
+    const status = response.status;
+    logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
+    throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
+}

package/dist/lib/types/general.d.ts CHANGED Viewed

@@ -4,13 +4,13 @@ export interface Resource {
     type: string;
     wrapperData?: object;
 }
-export declare type Action = string;
-export declare type ResourceGetter = (request: BaseRequest) => Resource[];
+export type Action = string;
+export type ResourceGetter = (request: BaseRequest) => Resource[];
 export interface Context {
     accountId: number;
     userId: number;
 }
-export declare type ContextGetter = (request: BaseRequest) => Context;
+export type ContextGetter = (request: BaseRequest) => Context;
 export interface AuthorizationObject {
     resource_id?: Resource['id'];
     resource_type: Resource['type'];
@@ -20,11 +20,11 @@ export interface AuthorizationObject {
 export interface AuthorizationParams {
     authorizationObjects: AuthorizationObject[];
 }
-declare type BasicObject = {};
-export declare type BaseParameters = BasicObject;
-export declare type BaseResponseBody = BasicObject;
-export declare type BaseBodyParameters = BasicObject;
-export declare type BaseQueryParameters = BasicObject;
-export declare type BaseRequest = Request<BaseParameters, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
-export declare type BaseResponse = Response<BaseResponseBody>;
+type BasicObject = {};
+export type BaseParameters = BasicObject;
+export type BaseResponseBody = BasicObject;
+export type BaseBodyParameters = BasicObject;
+export type BaseQueryParameters = BasicObject;
+export type BaseRequest = Request<BaseParameters, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
+export type BaseResponse = Response<BaseResponseBody>;
 export {};

package/dist/lib/types/scoped-actions-contracts.d.ts CHANGED Viewed

@@ -13,7 +13,7 @@ export interface AccountProductScope {
 export interface AccountScope {
     accountId: number;
 }
-export declare type ScopeOptions = WorkspaceScope | BoardScope | PulseScope | AccountProductScope | AccountScope;
+export type ScopeOptions = WorkspaceScope | BoardScope | PulseScope | AccountProductScope | AccountScope;
 export interface Translation {
     key: string;
     [option: string]: string;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "1.0.53",
+  "version": "1.1.1",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -27,10 +27,10 @@
     "on-headers": "^1.0.2",
     "supertest": "^6.1.3",
     "tsconfig-paths": "^3.9.0",
-    "typescript": "^4.3.4"
+    "typescript": "^5.1.6"
   },
   "files": [
     "dist/"
   ],
-  "gitHead": "8df5fda8931cf804959647805c4ffe8bf550e9a4"
+  "gitHead": "e9d53044c34ad17d0a2d3c347360d59ef70574c4"
 }