@mondaydotcomorg/monday-authorization 1.1.9-bugmoshefixlodashesm.3791 → 1.1.9-featurebelkaauthz-sdk-update.2209

package/dist/{prometheus-service.js → lib/prometheus-service.js}

@@ -1,20 +1,21 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendAuthorizationCheckResponseTimeMetric = exports.sendAuthorizationChecksPerRequestMetric = exports.getMetricsManager = exports.setPrometheus = exports.METRICS = void 0;
 let prometheus = null;
 let authorizationChecksPerRequestMetric = null;
 let authorizationCheckResponseTimeMetric = null;
-const METRICS = {
+exports.METRICS = {
     AUTHORIZATION_CHECK: 'authorization_check',
     AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
     AUTHORIZATION_CHECK_RESPONSE_TIME: 'authorization_check_response_time',
 };
 const authorizationChecksPerRequestMetricConfig = {
-    name: METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
+    name: exports.METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
     labels: ['responseStatus'],
     description: 'Authorization checks per request summary',
 };
 const authorizationCheckResponseTimeMetricConfig = {
-    name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
+    name: exports.METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
     labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
     description: 'Authorization check response time summary',
 };
@@ -24,32 +25,26 @@ function setPrometheus(customPrometheus) {
     authorizationChecksPerRequestMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationChecksPerRequestMetricConfig.name, authorizationChecksPerRequestMetricConfig.labels, authorizationChecksPerRequestMetricConfig.description);
     authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
 }
+exports.setPrometheus = setPrometheus;
 function getMetricsManager() {
-    return prometheus?.metricsManager;
+    return prometheus === null || prometheus === void 0 ? void 0 : prometheus.metricsManager;
 }
+exports.getMetricsManager = getMetricsManager;
 function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthorizationObjects) {
     try {
         if (authorizationChecksPerRequestMetric) {
             authorizationChecksPerRequestMetric.labels(responseStatus).observe(amountOfAuthorizationObjects);
         }
     }
-    catch (e) {
-        // ignore
-    }
+    catch (e) { }
 }
+exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
 function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
     try {
         if (authorizationCheckResponseTimeMetric) {
             authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
         }
     }
-    catch (e) {
-        // ignore
-    }
+    catch (e) { }
 }
-
-exports.METRICS = METRICS;
-exports.getMetricsManager = getMetricsManager;
 exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;
-exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
-exports.setPrometheus = setPrometheus;

package/dist/{testKit → lib/testKit}/index.d.ts

@@ -1,5 +1,5 @@
-import { Action, BaseRequest, BaseResponse, ContextGetter, Resource, ResourceGetter } from '../types/general';
-import type { NextFunction } from 'express';
+import { NextFunction } from "express";
+import { Action, BaseRequest, BaseResponse, ContextGetter, Resource, ResourceGetter } from "../types/general";
 export type TestPermittedAction = {
     accountId: number;
     userId: number;

package/dist/lib/testKit/index.js

@@ -0,0 +1,58 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTestAuthorizationMiddleware = exports.clearTestPermittedActions = exports.addTestPermittedAction = void 0;
+const authorization_middleware_1 = require("../authorization-middleware");
+const authorization_internal_service_1 = require("../authorization-internal-service");
+let testPermittedActions = [];
+const addTestPermittedAction = (accountId, userId, resources, action) => {
+    testPermittedActions.push({ accountId, userId, resources, action });
+};
+exports.addTestPermittedAction = addTestPermittedAction;
+const clearTestPermittedActions = () => {
+    testPermittedActions = [];
+};
+exports.clearTestPermittedActions = clearTestPermittedActions;
+const isActionAuthorized = (accountId, userId, resources, action) => {
+    return {
+        isAuthorized: resources.every(resource => {
+            return testPermittedActions.some(combination => {
+                return combination.accountId === accountId &&
+                    combination.userId === userId &&
+                    combination.action === action &&
+                    combination.resources.some(combinationResource => {
+                        return resources.some(resource => {
+                            return combinationResource.id === resource.id &&
+                                combinationResource.type === resource.type &&
+                                JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData);
+                        });
+                    });
+            });
+        })
+    };
+};
+const getTestAuthorizationMiddleware = (action, resourceGetter, contextGetter) => {
+    return function authorizationMiddleware(request, response, next) {
+        return __awaiter(this, void 0, void 0, function* () {
+            contextGetter || (contextGetter = authorization_middleware_1.defaultContextGetter);
+            const { userId, accountId } = contextGetter(request);
+            const resources = resourceGetter(request);
+            const { isAuthorized } = isActionAuthorized(accountId, userId, resources, action);
+            authorization_internal_service_1.AuthorizationInternalService.markAuthorized(request);
+            if (!isAuthorized) {
+                response.status(403).json({ message: 'Access denied' });
+                return;
+            }
+            next();
+        });
+    };
+};
+exports.getTestAuthorizationMiddleware = getTestAuthorizationMiddleware;

package/dist/lib/types/authorization-attributes-contracts.d.ts

@@ -0,0 +1,10 @@
+import { Resource } from './general';
+export interface ResourceAttributeAssignment {
+    resourceType: Resource['type'];
+    resourceId: Resource['id'];
+    key: string;
+    value: string;
+}
+export interface ResourceAttributeResponse {
+    attributes: ResourceAttributeAssignment[];
+}

package/dist/lib/types/authorization-attributes-contracts.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/lib/types/express.js

@@ -0,0 +1 @@
+"use strict";

package/dist/{types → lib/types}/general.d.ts

@@ -1,14 +1,16 @@
-import type { Request, Response } from 'express';
+import { Request, Response } from 'express';
 export interface Resource {
     id?: number;
     type: string;
     wrapperData?: object;
 }
 export type Action = string;
+export type ResourceGetter = (request: BaseRequest) => Resource[];
 export interface Context {
     accountId: number;
     userId: number;
 }
+export type ContextGetter = (request: BaseRequest) => Context;
 export interface AuthorizationObject {
     resource_id?: Resource['id'];
     resource_type: Resource['type'];
@@ -18,15 +20,11 @@ export interface AuthorizationObject {
 export interface AuthorizationParams {
     authorizationObjects: AuthorizationObject[];
 }
-type BasicObject = {
-    [key: string]: string;
-};
+type BasicObject = {};
 export type BaseParameters = BasicObject;
 export type BaseResponseBody = BasicObject;
 export type BaseBodyParameters = BasicObject;
 export type BaseQueryParameters = BasicObject;
 export type BaseRequest = Request<BaseParameters, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
 export type BaseResponse = Response<BaseResponseBody>;
-export type ResourceGetter = (request: BaseRequest) => Resource[];
-export type ContextGetter = (request: BaseRequest) => Context;
 export {};

package/dist/lib/types/general.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{types → lib/types}/scoped-actions-contracts.js

@@ -1,8 +1,9 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
 exports.PermitTechnicalReason = void 0;
+var PermitTechnicalReason;
 (function (PermitTechnicalReason) {
     PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
     PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
     PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
-})(exports.PermitTechnicalReason || (exports.PermitTechnicalReason = {}));
+})(PermitTechnicalReason || (exports.PermitTechnicalReason = PermitTechnicalReason = {}));

package/package.json

@@ -1,57 +1,36 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "1.1.9-bugmoshefixlodashesm.3791+0724a6a58",
+  "version": "1.1.9-featurebelkaauthz-sdk-update.2209+0f244fa9f",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
-  "exports": {
-    ".": {
-      "import": "./dist/esm/index.mjs",
-      "require": "./dist/index.js",
-      "types": "./dist/index.d.ts"
-    },
-    "./package.json": "./package.json"
-  },
   "scripts": {
-    "test": "trident-library test",
-    "lint": "trident-library lint",
-    "build": "trident-library build",
-    "watch": "trident-library build -w"
+    "test": "mocha -r ts-node/register -r tsconfig-paths/register './tests/*.test.ts' --timeout 5000 --exit",
+    "build": "tsc --build"
   },
   "dependencies": {
     "@mondaydotcomorg/monday-fetch": "^0.0.7",
-    "@mondaydotcomorg/monday-jwt": "^3.0.14",
-    "@mondaydotcomorg/monday-logger": "^4.0.11",
-    "@mondaydotcomorg/monday-sns": "^1.0.6",
-    "@mondaydotcomorg/trident-backend-api": "^0.24.3",
-    "lodash": "^4.17.21",
+    "@mondaydotcomorg/monday-jwt": "^3.0.10",
+    "@mondaydotcomorg/monday-logger": "^3.0.10",
     "node-fetch": "^2.6.7",
     "on-headers": "^1.0.2",
     "ts-node": "^10.0.0"
   },
   "devDependencies": {
-    "@mondaydotcomorg/trident-library": "^0.6.53",
     "@types/express": "^4.17.20",
-    "@types/lodash": "^4.17.10",
+    "@types/mocha": "^8.2.2",
     "@types/on-headers": "^1.0.0",
     "@types/supertest": "^2.0.11",
     "express": "^4.17.1",
     "ioredis": "^5.2.4",
     "ioredis-mock": "^8.2.2",
+    "mocha": "^9.0.1",
     "supertest": "^6.1.3",
-    "typescript": "^5.2.2"
+    "tsconfig-paths": "^3.9.0",
+    "typescript": "^5.1.6"
   },
   "files": [
     "dist/"
   ],
-  "eslintConfig": {
-    "extends": "@mondaydotcomorg/trident-library",
-    "root": true
-  },
-  "trident": {
-    "build": {
-      "esmMjsRename": true
-    }
-  },
-  "gitHead": "0724a6a58ad189b245879473cd13572d601294c0"
+  "gitHead": "0f244fa9ffa6a4bb8c24e8ef1f0f0d8e912d2e25"
 }

package/dist/attributions-service.d.ts

@@ -1,3 +0,0 @@
-export declare function getAttributionsFromApi(): {
-    [key: string]: string;
-};

package/dist/attributions-service.js

@@ -1,55 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
-const authorizationInternalService = require('./authorization-internal-service.js');
-
-const APP_NAME_VARIABLE_KEY = 'APP_NAME';
-const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
-const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
-let didSendFailureLogOnce = false;
-function getAttributionsFromApi() {
-    const callerAppNameFromSdk = {
-        [APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
-    };
-    try {
-        const tridentContext = tridentBackendApi.Api.getPart('context');
-        if (!tridentContext) {
-            return callerAppNameFromSdk;
-        }
-        const { runtimeAttributions } = tridentContext;
-        const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
-        if (!runtimeAttributionsOutgoingHeaders) {
-            return callerAppNameFromSdk;
-        }
-        const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);
-        const attributionHeadersFromSdk = {};
-        Object.keys(attributionsHeaders).forEach(function (key) {
-            attributionHeadersFromSdk[`${key}${FROM_SDK_HEADER_SUFFIX}`] = attributionsHeaders[key];
-        });
-        return attributionHeadersFromSdk;
-    }
-    catch (error) {
-        if (!didSendFailureLogOnce) {
-            authorizationInternalService.logger.warn({ tag: 'authorization-service', error }, 'Failed to generate attributions headers from the API. Unexpected error while extracting headers. It may be caused by out of date Trident version.');
-            didSendFailureLogOnce = true;
-        }
-        return callerAppNameFromSdk;
-    }
-}
-function getEnvVariable(key) {
-    const envVar = process.env[key] || process.env[key.toUpperCase()] || process.env[key.toLowerCase()];
-    return envVar;
-}
-function tryJsonParse(value) {
-    if (!value) {
-        return value;
-    }
-    try {
-        return JSON.parse(value);
-    }
-    catch (_err) {
-        return value;
-    }
-}
-
-exports.getAttributionsFromApi = getAttributionsFromApi;

package/dist/authorization-attributes-service.d.ts

@@ -1,44 +0,0 @@
-import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
-import { Resource } from './types/general';
-export declare class AuthorizationAttributesService {
-    private static LOG_TAG;
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param userId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    static upsertResourceAttributes(accountId: number, userId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param userId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    static deleteResourceAttributes(accountId: number, userId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    static updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
-    private static sendSingleSnsMessage;
-    private static getSnsTopicArn;
-    private static getResourceAttributesUrl;
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    static asyncResourceAttributesHealthCheck(): Promise<boolean>;
-}

package/dist/authorization-attributes-service.js

@@ -1,144 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const chunk = require('lodash/chunk');
-const mondayFetch = require('@mondaydotcomorg/monday-fetch');
-const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
-const mondaySns = require('@mondaydotcomorg/monday-sns');
-const authorizationInternalService = require('./authorization-internal-service.js');
-const attributionsService = require('./attributions-service.js');
-const constants_sns = require('./constants/sns.js');
-
-const _interopDefault = e => e && e.__esModule ? e : { default: e };
-
-const chunk__default = /*#__PURE__*/_interopDefault(chunk);
-
-class AuthorizationAttributesService {
-    static LOG_TAG = 'authorization_attributes';
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param userId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    static async upsertResourceAttributes(accountId, userId, resourceAttributeAssignments) {
-        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        const response = await mondayFetch.fetch(this.getResourceAttributesUrl(accountId), {
-            method: 'POST',
-            headers: {
-                Authorization: internalAuthToken,
-                'Content-Type': 'application/json',
-                ...attributionHeaders,
-            },
-            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
-            body: JSON.stringify({ resourceAttributeAssignments }),
-        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
-        const responseBody = await response.json();
-        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'upsertResourceAttributesSync');
-        return { attributes: responseBody['attributes'] };
-    }
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param userId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    static async deleteResourceAttributes(accountId, userId, resource, attributeKeys) {
-        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-        const url = `${this.getResourceAttributesUrl(accountId)}/${resource.type}/${resource.id}`;
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        const response = await mondayFetch.fetch(url, {
-            method: 'DELETE',
-            headers: {
-                Authorization: internalAuthToken,
-                'Content-Type': 'application/json',
-                ...attributionHeaders,
-            },
-            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
-            body: JSON.stringify({ keys: attributeKeys }),
-        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
-        const responseBody = await response.json();
-        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'deleteResourceAttributesSync');
-        return { attributes: responseBody['attributes'] };
-    }
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    static async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
-        const topicArn = this.getSnsTopicArn();
-        const sendToSnsPromises = [];
-        const operationChucks = chunk__default.default(resourceAttributeOperations, constants_sns.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-        for (const operationsChunk of operationChucks) {
-            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
-        }
-        return (await Promise.all(sendToSnsPromises)).flat();
-    }
-    static async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
-        const payload = {
-            kind: constants_sns.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-            payload: {
-                accountId: accountId,
-                callerAppName: appName,
-                callerActionIdentifier: callerActionIdentifier,
-                operations: operations,
-            },
-        };
-        try {
-            await mondaySns.sendToSns(payload, topicArn);
-            return operations;
-        }
-        catch (error) {
-            authorizationInternalService.logger.error({ error, tag: this.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
-            return [];
-        }
-    }
-    static getSnsTopicArn() {
-        const arnFromApi = tridentBackendApi.Api.getPart('configurationVariables')?.get(constants_sns.RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME).arn;
-        if (arnFromApi) {
-            return arnFromApi;
-        }
-        const jsonArnFromEnv = process.env[constants_sns.RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME];
-        const arnFromEnv = JSON.parse(jsonArnFromEnv).arn;
-        if (arnFromEnv) {
-            return arnFromEnv;
-        }
-        throw new Error('Unable to get sns topic arn from env variable');
-    }
-    static getResourceAttributesUrl(accountId) {
-        return `${process.env.AUTHORIZATION_URL}/attributes/${accountId}/resource`;
-    }
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    static async asyncResourceAttributesHealthCheck() {
-        try {
-            const requestedTopicArn = this.getSnsTopicArn();
-            const attributes = await mondaySns.getTopicAttributes(requestedTopicArn);
-            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
-            if (!isHealthy) {
-                authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: this.LOG_TAG }, 'authorization-attributes-service failed in health check');
-            }
-            return isHealthy;
-        }
-        catch (error) {
-            authorizationInternalService.logger.error({ error, tag: this.LOG_TAG }, 'authorization-attributes-service got error during health check');
-            return false;
-        }
-    }
-}
-
-exports.AuthorizationAttributesService = AuthorizationAttributesService;

package/dist/authorization-internal-service.js

@@ -1,80 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const mondayJwt = require('@mondaydotcomorg/monday-jwt');
-const MondayLogger = require('@mondaydotcomorg/monday-logger');
-
-function _interopNamespace(e) {
-if (e && e.__esModule) return e;
-const n = Object.create(null, { [Symbol.toStringTag]: { value: 'Module' } });
-if (e) {
-for (const k in e) {
-if (k !== 'default') {
-const d = Object.getOwnPropertyDescriptor(e, k);
-Object.defineProperty(n, k, d.get ? d : {
-enumerable: true,
-get: () => e[k]
-});
-}
-}
-}
-n.default = e;
-return n;
-}
-
-const MondayLogger__namespace = /*#__PURE__*/_interopNamespace(MondayLogger);
-
-const INTERNAL_APP_NAME = 'internal_ms';
-const defaultMondayFetchOptions = {
-    retries: 3,
-    callback: logOnFetchFail,
-};
-const logger = MondayLogger__namespace.getLogger();
-function logOnFetchFail(retriesLeft, error) {
-    if (retriesLeft == 0) {
-        logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
-    }
-    else {
-        logger.info({ retriesLeft, error }, 'Authorization attempt failed due to network issues, trying again');
-    }
-}
-let mondayFetchOptions = defaultMondayFetchOptions;
-class AuthorizationInternalService {
-    static skipAuthorization(requset) {
-        requset.authorizationSkipPerformed = true;
-    }
-    static markAuthorized(request) {
-        request.authorizationCheckPerformed = true;
-    }
-    static failIfNotCoveredByAuthorization(request) {
-        if (!request.authorizationCheckPerformed && !request.authorizationSkipPerformed) {
-            throw 'Endpoint is not covered by authorization check';
-        }
-    }
-    static throwOnHttpErrorIfNeeded(response, placement) {
-        if (response.ok) {
-            return;
-        }
-        const status = response.status;
-        logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
-        throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
-    }
-    static generateInternalAuthToken(accountId, userId) {
-        return mondayJwt.signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
-    }
-    static setRequestFetchOptions(customMondayFetchOptions) {
-        mondayFetchOptions = {
-            ...defaultMondayFetchOptions,
-            ...customMondayFetchOptions,
-        };
-    }
-    static getRequestFetchOptions() {
-        return mondayFetchOptions;
-    }
-    static getRequestTimeout() {
-        const isDevEnv = process.env.NODE_ENV === 'development';
-        return isDevEnv ? 60000 : 2000;
-    }
-}
-
-exports.AuthorizationInternalService = AuthorizationInternalService;
-exports.logger = logger;

package/dist/authorization-middleware.js

@@ -1,48 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const onHeaders = require('on-headers');
-const authorizationInternalService = require('./authorization-internal-service.js');
-const authorizationService = require('./authorization-service.js');
-
-const _interopDefault = e => e && e.__esModule ? e : { default: e };
-
-const onHeaders__default = /*#__PURE__*/_interopDefault(onHeaders);
-
-// getAuthorizationMiddleware is duplicated in testKit/index.ts
-// If you are making changes to this function, please make sure to update the other file as well
-function getAuthorizationMiddleware(action, resourceGetter, contextGetter) {
-    return async function authorizationMiddleware(request, response, next) {
-        contextGetter ||= defaultContextGetter;
-        const { userId, accountId } = contextGetter(request);
-        const resources = resourceGetter(request);
-        const { isAuthorized } = await authorizationService.AuthorizationService.isAuthorized(accountId, userId, resources, action);
-        authorizationInternalService.AuthorizationInternalService.markAuthorized(request);
-        if (!isAuthorized) {
-            response.status(403).json({ message: 'Access denied' });
-            return;
-        }
-        next();
-    };
-}
-function skipAuthorizationMiddleware(request, response, next) {
-    authorizationInternalService.AuthorizationInternalService.skipAuthorization(request);
-    next();
-}
-function authorizationCheckMiddleware(request, response, next) {
-    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-        onHeaders__default.default(response, function () {
-            if (response.statusCode < 400) {
-                authorizationInternalService.AuthorizationInternalService.failIfNotCoveredByAuthorization(request);
-            }
-        });
-    }
-    next();
-}
-function defaultContextGetter(request) {
-    return request.payload;
-}
-
-exports.authorizationCheckMiddleware = authorizationCheckMiddleware;
-exports.defaultContextGetter = defaultContextGetter;
-exports.getAuthorizationMiddleware = getAuthorizationMiddleware;
-exports.skipAuthorizationMiddleware = skipAuthorizationMiddleware;