@mondaydotcomorg/monday-authorization 1.1.9-featurefilipmcipher-core-flags-client.2760 → 1.1.9-featureliorshonehourjwttoken.465

package/CHANGELOG.md

@@ -5,16 +5,6 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
-## [1.2.3] - 2024-06-10
-### Added
-
-- [`feature/yarden/resource-attributes-api-support-authz-sdk (#5826)`](https://github.com/DaPulse/monday-npm-packages/pull/5826)
-  - `AuthorizationAttributesService` - now supports upsert (`upsertResourceAttributesSync`) and delete (`deleteResourceAttributesSync`) resource attributes in the authorization MS
-
-## [1.2.0] - 2024-01-05
-### Added
- - `isAuthorized` now return the unauthorized objects - regardless to the unauthorized ids (which may be missing resource ids if resource has no id, like `feature` e.g.)
-
 ## [1.1.0] - 2023-08-09
 
 ### ⚠ BREAKING CHANGES

package/README.md

@@ -136,35 +136,3 @@ const canActionInScopeMultipleResponse: ScopedActionResponseObject[] =
  * ]
  * /
 ```
-
-### Authorization Attributes API
-
-Use `AuthorizationAttributesService.upsertResourceAttributesSync` to upsert multiple resource attributes in the authorization MS synchronously.
-
-```ts
-import { AuthorizationAttributesService, ResourceAttributeAssignment, ResourceAttributeResponse } from '@mondaydotcomorg/monday-authorization';
-
-const accountId = 739630;
-const userId = 4;
-const resourceAttributesAssignments: ResourceAttributeAssignment[] = [
-  { resourceId: 18, resourceType: 'workspace', key: 'is_default_workspace', value: 'true' },
-  { resourceId: 23, resourceType: 'board', key: 'board_kind', value: 'private' }
-];
-
-const response: ResourceAttributeResponse = await AuthorizationAttributesService.upsertResourceAttributesSync(accountId, userId, resourceAttributesAssignments);
-```
-
-Use `AuthorizationAttributesService.deleteResourceAttributesSync` to delete single resource's attributes in the authorization MS synchronously.
-
-
-```ts
-import { AuthorizationAttributesService, ResourceAttributeResponse, Resource } from '@mondaydotcomorg/monday-authorization';
-
-const accountId = 739630;
-const userId = 4;
-const resource: Resource = { type: 'workspace', id: 18 };
-const attributeKeys: string[] = ['is_default_workspace', 'workspace_kind'];
-
-const response: ResourceAttributeResponse = await AuthorizationAttributesService.deleteResourceAttributesSync(accountId, userId, resource, attributeKeys);
-```
-

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
+export interface InitOptions {
+    prometheus?: any;
+    mondayFetchOptions?: MondayFetchOptions;
+    redisClient?: any;
+    grantedFeatureRedisExpirationInSeconds?: number;
+}
+export declare function init(options?: InitOptions): void;
+export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './lib/authorization-middleware';
+export { AuthorizationService } from './lib/authorization-service';

package/dist/index.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationService = exports.skipAuthorizationMiddleware = exports.getAuthorizationMiddleware = exports.authorizationCheckMiddleware = exports.init = void 0;
+const prometheus_service_1 = require("./lib/prometheus-service");
+const authorization_service_1 = require("./lib/authorization-service");
+function init(options = {}) {
+    if (options.prometheus) {
+        (0, prometheus_service_1.setPrometheus)(options.prometheus);
+    }
+    if (options.mondayFetchOptions) {
+        (0, authorization_service_1.setRequestFetchOptions)(options.mondayFetchOptions);
+    }
+    if (options.redisClient) {
+        (0, authorization_service_1.setRedisClient)(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
+    }
+}
+exports.init = init;
+var authorization_middleware_1 = require("./lib/authorization-middleware");
+Object.defineProperty(exports, "authorizationCheckMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.authorizationCheckMiddleware; } });
+Object.defineProperty(exports, "getAuthorizationMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.getAuthorizationMiddleware; } });
+Object.defineProperty(exports, "skipAuthorizationMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.skipAuthorizationMiddleware; } });
+var authorization_service_2 = require("./lib/authorization-service");
+Object.defineProperty(exports, "AuthorizationService", { enumerable: true, get: function () { return authorization_service_2.AuthorizationService; } });

package/dist/lib/authorization-internal-service.d.ts

@@ -0,0 +1,6 @@
+import { Request } from 'express';
+export declare class AuthorizationInternalService {
+    static skipAuthorization(requset: Request): void;
+    static markAuthorized(request: Request): void;
+    static failIfNotCoveredByAuthorization(request: Request): void;
+}

package/dist/lib/authorization-internal-service.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationInternalService = void 0;
+class AuthorizationInternalService {
+    static skipAuthorization(requset) {
+        requset.authorizationSkipPerformed = true;
+    }
+    static markAuthorized(request) {
+        request.authorizationCheckPerformed = true;
+    }
+    static failIfNotCoveredByAuthorization(request) {
+        if (!request.authorizationCheckPerformed && !request.authorizationSkipPerformed) {
+            throw 'Endpoint is not covered by authorization check';
+        }
+    }
+}
+exports.AuthorizationInternalService = AuthorizationInternalService;

package/dist/lib/authorization-middleware.d.ts

@@ -0,0 +1,5 @@
+import { NextFunction } from 'express';
+import { Action, BaseRequest, BaseResponse, ContextGetter, ResourceGetter } from './types/general';
+export declare function getAuthorizationMiddleware(action: Action, resourceGetter: ResourceGetter, contextGetter?: ContextGetter): (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;
+export declare function skipAuthorizationMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;
+export declare function authorizationCheckMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;

package/dist/lib/authorization-middleware.js

@@ -0,0 +1,54 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorizationCheckMiddleware = exports.skipAuthorizationMiddleware = exports.getAuthorizationMiddleware = void 0;
+const on_headers_1 = __importDefault(require("on-headers"));
+const authorization_internal_service_1 = require("./authorization-internal-service");
+const authorization_service_1 = require("./authorization-service");
+function getAuthorizationMiddleware(action, resourceGetter, contextGetter) {
+    return function authorizationMiddleware(request, response, next) {
+        return __awaiter(this, void 0, void 0, function* () {
+            contextGetter || (contextGetter = defaultContextGetter);
+            const { userId, accountId } = contextGetter(request);
+            const resources = resourceGetter(request);
+            const { isAuthorized } = yield authorization_service_1.AuthorizationService.isAuthorized(accountId, userId, resources, action);
+            authorization_internal_service_1.AuthorizationInternalService.markAuthorized(request);
+            if (!isAuthorized) {
+                response.status(403).json({ message: 'Access denied' });
+                return;
+            }
+            next();
+        });
+    };
+}
+exports.getAuthorizationMiddleware = getAuthorizationMiddleware;
+function skipAuthorizationMiddleware(request, response, next) {
+    authorization_internal_service_1.AuthorizationInternalService.skipAuthorization(request);
+    next();
+}
+exports.skipAuthorizationMiddleware = skipAuthorizationMiddleware;
+function authorizationCheckMiddleware(request, response, next) {
+    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+        (0, on_headers_1.default)(response, function () {
+            if (response.statusCode < 400) {
+                authorization_internal_service_1.AuthorizationInternalService.failIfNotCoveredByAuthorization(request);
+            }
+        });
+    }
+    next();
+}
+exports.authorizationCheckMiddleware = authorizationCheckMiddleware;
+function defaultContextGetter(request) {
+    return request.payload;
+}

package/dist/lib/authorization-service.d.ts

@@ -0,0 +1,28 @@
+import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
+import { Action, AuthorizationObject, Resource } from './types/general';
+import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from 'lib/types/scoped-actions-contracts';
+export interface AuthorizeResponse {
+    isAuthorized: boolean;
+    unauthorizedIds?: number[];
+}
+export declare function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
+export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
+export declare class AuthorizationService {
+    static redisClient?: any;
+    static grantedFeatureRedisExpirationInSeconds?: number;
+    /**
+     * @deprecated use the second form with authorizationRequestObjects instead,
+     * support of this function will be dropped gradually
+     */
+    static isAuthorized(accountId: number, userId: number, resources: Resource[], action: Action): Promise<AuthorizeResponse>;
+    static isAuthorized(accountId: number, userId: number, authorizationRequestObjects: AuthorizationObject[]): Promise<AuthorizeResponse>;
+    static isUserGrantedWithFeature(accountId: number, userId: number, featureName: string, options?: {
+        shouldSkipCache?: boolean;
+    }): Promise<boolean>;
+    private static fetchIsUserGrantedWithFeature;
+    private static getCachedKeyName;
+    static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
+    static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
+    private static isAuthorizedSingular;
+    private static isAuthorizedMultiple;
+}

package/dist/lib/authorization-service.js

@@ -0,0 +1,233 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationService = exports.setRedisClient = exports.setRequestFetchOptions = void 0;
+const lodash_1 = require("lodash");
+const perf_hooks_1 = require("perf_hooks");
+const monday_jwt_1 = require("@mondaydotcomorg/monday-jwt");
+const MondayLogger = __importStar(require("@mondaydotcomorg/monday-logger"));
+const monday_fetch_1 = require("@mondaydotcomorg/monday-fetch");
+const prometheus_service_1 = require("./prometheus-service");
+const INTERNAL_APP_NAME = 'internal_ms';
+const logger = MondayLogger.getLogger();
+const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
+const defaultMondayFetchOptions = {
+    retries: 3,
+    callback: logOnFetchFail,
+};
+let mondayFetchOptions = defaultMondayFetchOptions;
+function setRequestFetchOptions(customMondayFetchOptions) {
+    mondayFetchOptions = Object.assign(Object.assign({}, defaultMondayFetchOptions), customMondayFetchOptions);
+}
+exports.setRequestFetchOptions = setRequestFetchOptions;
+function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS) {
+    AuthorizationService.redisClient = client;
+    if (grantedFeatureRedisExpirationInSeconds && grantedFeatureRedisExpirationInSeconds > 0) {
+        AuthorizationService.grantedFeatureRedisExpirationInSeconds = grantedFeatureRedisExpirationInSeconds;
+    }
+    else {
+        logger.warn({ grantedFeatureRedisExpirationInSeconds }, 'Invalid input for grantedFeatureRedisExpirationInSeconds, must be positive number. using default ttl.');
+        AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
+    }
+}
+exports.setRedisClient = setRedisClient;
+class AuthorizationService {
+    static isAuthorized(...args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (args.length === 3) {
+                return this.isAuthorizedMultiple(args[0], args[1], args[2]);
+            }
+            else if (args.length == 4) {
+                return this.isAuthorizedSingular(args[0], args[1], args[2], args[3]);
+            }
+            else {
+                throw new Error('isAuthorized accepts either 3 or 4 arguments');
+            }
+        });
+    }
+    static isUserGrantedWithFeature(accountId, userId, featureName, options = {}) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            let cachedKey = this.getCachedKeyName(userId, featureName);
+            const shouldSkipCache = (_a = options.shouldSkipCache) !== null && _a !== void 0 ? _a : false;
+            if (this.redisClient && !shouldSkipCache) {
+                let grantedFeatureValue = yield this.redisClient.get(cachedKey);
+                if (!(grantedFeatureValue === undefined || grantedFeatureValue === null)) {
+                    // redis returns the value as string
+                    return grantedFeatureValue === 'true';
+                }
+            }
+            let grantedFeatureValue = yield this.fetchIsUserGrantedWithFeature(featureName, accountId, userId);
+            if (this.redisClient) {
+                yield this.redisClient.set(cachedKey, grantedFeatureValue, 'EX', this.grantedFeatureRedisExpirationInSeconds);
+            }
+            return grantedFeatureValue;
+        });
+    }
+    static fetchIsUserGrantedWithFeature(featureName, accountId, userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let authorizationObject = {
+                action: featureName,
+                resource_type: 'feature',
+            };
+            let authorizeResponsePromise = yield this.isAuthorized(accountId, userId, [authorizationObject]);
+            return authorizeResponsePromise.isAuthorized;
+        });
+    }
+    static getCachedKeyName(userId, featureName) {
+        return `granted-feature-${featureName}-${userId}`;
+    }
+    static canActionInScope(accountId, userId, action, scope) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const scopedActions = [{ action, scope }];
+            const scopedActionResponseObjects = yield this.canActionInScopeMultiple(accountId, userId, scopedActions);
+            return scopedActionResponseObjects[0].permit;
+        });
+    }
+    static canActionInScopeMultiple(accountId, userId, scopedActions) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const internalAuthToken = (0, monday_jwt_1.signAuthorizationHeader)({ appName: INTERNAL_APP_NAME, accountId, userId });
+            const scopedActionsPayload = scopedActions.map(scopedAction => {
+                return Object.assign(Object.assign({}, scopedAction), { scope: (0, lodash_1.mapKeys)(scopedAction.scope, (_, key) => (0, lodash_1.snakeCase)(key)) }); // for example: { workspaceId: 1 } => { workspace_id: 1 }
+            });
+            const response = yield (0, monday_fetch_1.fetch)(getCanActionsInScopesUrl(), {
+                method: 'POST',
+                headers: { Authorization: internalAuthToken, 'Content-Type': 'application/json' },
+                timeout: getRequestTimeout(),
+                body: JSON.stringify({
+                    user_id: userId,
+                    scoped_actions: scopedActionsPayload,
+                }),
+            }, mondayFetchOptions);
+            throwOnHttpErrorIfNeeded(response, 'canActionInScopeMultiple');
+            const responseBody = yield response.json();
+            const camelCaseKeys = (obj) => Object.fromEntries(Object.entries(obj).map(([key, value]) => [(0, lodash_1.camelCase)(key), value]));
+            const scopedActionsResponseObjects = responseBody.result.map(responseObject => {
+                const { scopedAction, permit } = responseObject;
+                const { scope } = scopedAction;
+                const transformKeys = (obj) => camelCaseKeys(obj);
+                return Object.assign(Object.assign({}, responseObject), { scopedAction: Object.assign(Object.assign({}, scopedAction), { scope: transformKeys(scope) }), permit: transformKeys(permit) });
+            });
+            return scopedActionsResponseObjects;
+        });
+    }
+    static isAuthorizedSingular(accountId, userId, resources, action) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { authorizationObjects } = createAuthorizationParams(resources, action);
+            return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
+        });
+    }
+    static isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const internalAuthToken = (0, monday_jwt_1.signAuthorizationHeader)({ appName: INTERNAL_APP_NAME, accountId, userId });
+            const startTime = perf_hooks_1.performance.now();
+            const response = yield (0, monday_fetch_1.fetch)(getAuthorizeUrl(), {
+                method: 'POST',
+                headers: { Authorization: internalAuthToken, 'Content-Type': 'application/json' },
+                timeout: getRequestTimeout(),
+                body: JSON.stringify({
+                    user_id: userId,
+                    authorize_request_objects: authorizationRequestObjects,
+                }),
+            }, mondayFetchOptions);
+            const endTime = perf_hooks_1.performance.now();
+            const time = endTime - startTime;
+            const responseStatus = response.status;
+            (0, prometheus_service_1.sendAuthorizationChecksPerRequestMetric)(responseStatus, authorizationRequestObjects.length);
+            throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
+            const responseBody = yield response.json();
+            const unauthorizedObjects = [];
+            responseBody.result.forEach(function (isAuthorized, index) {
+                const authorizationObject = authorizationRequestObjects[index];
+                if (!isAuthorized) {
+                    unauthorizedObjects.push(authorizationObject);
+                }
+                (0, prometheus_service_1.sendAuthorizationCheckResponseTimeMetric)(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
+            });
+            if (unauthorizedObjects.length > 0) {
+                logger.info({
+                    resources: JSON.stringify(unauthorizedObjects),
+                }, 'AuthorizationService: resource is unauthorized');
+                const unauthorizedIds = unauthorizedObjects
+                    .filter(obj => !!obj.resource_id)
+                    .map(obj => obj.resource_id);
+                return { isAuthorized: false, unauthorizedIds };
+            }
+            return { isAuthorized: true };
+        });
+    }
+}
+exports.AuthorizationService = AuthorizationService;
+function createAuthorizationParams(resources, action) {
+    const params = {
+        authorizationObjects: resources.map((resource) => {
+            const authorizationObject = {
+                resource_id: resource.id,
+                resource_type: resource.type,
+                action,
+            };
+            if (resource.wrapperData) {
+                authorizationObject.wrapper_data = resource.wrapperData;
+            }
+            return authorizationObject;
+        }),
+    };
+    return params;
+}
+function logOnFetchFail(retriesLeft, error) {
+    if (retriesLeft == 0) {
+        logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
+    }
+    else {
+        logger.info({ retriesLeft, error }, 'Authorization attempt failed due to network issues, trying again');
+    }
+}
+function getAuthorizeUrl() {
+    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/authorize`;
+}
+function getCanActionsInScopesUrl() {
+    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/can_actions_in_scopes`;
+}
+function getRequestTimeout() {
+    const isDevEnv = process.env.NODE_ENV === 'development';
+    return isDevEnv ? 60000 : 2000;
+}
+function throwOnHttpErrorIfNeeded(response, placement) {
+    if (response.ok) {
+        return;
+    }
+    const status = response.status;
+    logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
+    throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
+}

package/dist/lib/prometheus-service.d.ts

@@ -0,0 +1,10 @@
+import { Action } from './types/general';
+export declare const METRICS: {
+    AUTHORIZATION_CHECK: string;
+    AUTHORIZATION_CHECKS_PER_REQUEST: string;
+    AUTHORIZATION_CHECK_RESPONSE_TIME: string;
+};
+export declare function setPrometheus(customPrometheus: any): void;
+export declare function getMetricsManager(): any;
+export declare function sendAuthorizationChecksPerRequestMetric(responseStatus: any, amountOfAuthorizationObjects: any): void;
+export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;

package/dist/lib/prometheus-service.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendAuthorizationCheckResponseTimeMetric = exports.sendAuthorizationChecksPerRequestMetric = exports.getMetricsManager = exports.setPrometheus = exports.METRICS = void 0;
+let prometheus = null;
+let authorizationChecksPerRequestMetric = null;
+let authorizationCheckResponseTimeMetric = null;
+exports.METRICS = {
+    AUTHORIZATION_CHECK: 'authorization_check',
+    AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
+    AUTHORIZATION_CHECK_RESPONSE_TIME: 'authorization_check_response_time',
+};
+const authorizationChecksPerRequestMetricConfig = {
+    name: exports.METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
+    labels: ['responseStatus'],
+    description: 'Authorization checks per request summary',
+};
+const authorizationCheckResponseTimeMetricConfig = {
+    name: exports.METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
+    labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
+    description: 'Authorization check response time summary',
+};
+function setPrometheus(customPrometheus) {
+    prometheus = customPrometheus;
+    const { METRICS_TYPES } = prometheus;
+    authorizationChecksPerRequestMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationChecksPerRequestMetricConfig.name, authorizationChecksPerRequestMetricConfig.labels, authorizationChecksPerRequestMetricConfig.description);
+    authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
+}
+exports.setPrometheus = setPrometheus;
+function getMetricsManager() {
+    return prometheus === null || prometheus === void 0 ? void 0 : prometheus.metricsManager;
+}
+exports.getMetricsManager = getMetricsManager;
+function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthorizationObjects) {
+    try {
+        if (authorizationChecksPerRequestMetric) {
+            authorizationChecksPerRequestMetric.labels(responseStatus).observe(amountOfAuthorizationObjects);
+        }
+    }
+    catch (e) { }
+}
+exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
+function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
+    try {
+        if (authorizationCheckResponseTimeMetric) {
+            authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
+        }
+    }
+    catch (e) { }
+}
+exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;

package/dist/lib/types/express.d.ts

@@ -0,0 +1,10 @@
+declare namespace Express {
+    interface Request {
+        payload: {
+            accountId: number;
+            userId: number;
+        };
+        authorizationCheckPerformed: boolean;
+        authorizationSkipPerformed: boolean;
+    }
+}

package/dist/lib/types/express.js

@@ -0,0 +1 @@
+"use strict";

package/dist/lib/types/general.d.ts

@@ -0,0 +1,30 @@
+import { Request, Response } from 'express';
+export interface Resource {
+    id?: number;
+    type: string;
+    wrapperData?: object;
+}
+export type Action = string;
+export type ResourceGetter = (request: BaseRequest) => Resource[];
+export interface Context {
+    accountId: number;
+    userId: number;
+}
+export type ContextGetter = (request: BaseRequest) => Context;
+export interface AuthorizationObject {
+    resource_id?: Resource['id'];
+    resource_type: Resource['type'];
+    wrapper_data?: Resource['wrapperData'];
+    action: Action;
+}
+export interface AuthorizationParams {
+    authorizationObjects: AuthorizationObject[];
+}
+type BasicObject = {};
+export type BaseParameters = BasicObject;
+export type BaseResponseBody = BasicObject;
+export type BaseBodyParameters = BasicObject;
+export type BaseQueryParameters = BasicObject;
+export type BaseRequest = Request<BaseParameters, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
+export type BaseResponse = Response<BaseResponseBody>;
+export {};

package/dist/lib/types/general.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/lib/types/scoped-actions-contracts.d.ts

@@ -0,0 +1,38 @@
+export interface WorkspaceScope {
+    workspaceId: number;
+}
+export interface BoardScope {
+    boardId: number;
+}
+export interface PulseScope {
+    pulseId: number;
+}
+export interface AccountProductScope {
+    accountProductId: number;
+}
+export interface AccountScope {
+    accountId: number;
+}
+export type ScopeOptions = WorkspaceScope | BoardScope | PulseScope | AccountProductScope | AccountScope;
+export interface Translation {
+    key: string;
+    [option: string]: string;
+}
+export declare enum PermitTechnicalReason {
+    NO_REASON = 0,
+    NOT_ELIGIBLE = 1,
+    BY_ROLE_IN_SCOPE = 2
+}
+export interface ScopedActionPermit {
+    can: boolean;
+    reason: Translation;
+    technicalReason: PermitTechnicalReason;
+}
+export interface ScopedAction {
+    action: string;
+    scope: ScopeOptions;
+}
+export interface ScopedActionResponseObject {
+    scopedAction: ScopedAction;
+    permit: ScopedActionPermit;
+}

package/dist/lib/types/scoped-actions-contracts.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermitTechnicalReason = void 0;
+var PermitTechnicalReason;
+(function (PermitTechnicalReason) {
+    PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
+    PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
+    PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
+})(PermitTechnicalReason || (exports.PermitTechnicalReason = PermitTechnicalReason = {}));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "1.1.9-featurefilipmcipher-core-flags-client.2760+996328beb",
+  "version": "1.1.9-featureliorshonehourjwttoken.465+164eb3b11",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -10,11 +10,9 @@
   },
   "dependencies": {
     "@mondaydotcomorg/monday-fetch": "^0.0.7",
-    "@mondaydotcomorg/monday-jwt": "^3.0.14",
-    "@mondaydotcomorg/monday-logger": "^4.0.11",
-    "@mondaydotcomorg/trident-backend-api": "^0.23.10",
+    "@mondaydotcomorg/monday-jwt": "^3.0.9-featureliorshonehourjwttoken.465+164eb3b11",
+    "@mondaydotcomorg/monday-logger": "^3.0.10",
     "node-fetch": "^2.6.7",
-    "on-headers": "^1.0.2",
     "ts-node": "^10.0.0"
   },
   "devDependencies": {
@@ -26,6 +24,7 @@
     "ioredis": "^5.2.4",
     "ioredis-mock": "^8.2.2",
     "mocha": "^9.0.1",
+    "on-headers": "^1.0.2",
     "supertest": "^6.1.3",
     "tsconfig-paths": "^3.9.0",
     "typescript": "^5.1.6"
@@ -33,5 +32,5 @@
   "files": [
     "dist/"
   ],
-  "gitHead": "996328beba873d81b9dd60aa3273d807a0a57244"
+  "gitHead": "164eb3b11392586ed8175eaa15ec61c914a85234"
 }