@mondaydotcomorg/monday-authorization 1.1.9-featuremosheauthorizationesm.3695 → 1.1.9-featureorcomonday-jwt-ts.472

package/CHANGELOG.md

@@ -5,21 +5,6 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
-## [1.2.9] - 2024-10-06
-### Added
-- [`authz/bashanye/add-async-resource-attributes-support`](https://github.com/DaPulse/monday-npm-packages/pull/6859)
-  - `AuthorizationAttributesService` - now supports async upsert and delete - requests sent through SNS-SQS).
-
-## [1.2.3] - 2024-06-10
-### Added
-
-- [`feature/yarden/resource-attributes-api-support-authz-sdk (#5826)`](https://github.com/DaPulse/monday-npm-packages/pull/5826)
-  - `AuthorizationAttributesService` - now supports upsert (`upsertResourceAttributesSync`) and delete (`deleteResourceAttributesSync`) resource attributes in the authorization MS
-
-## [1.2.0] - 2024-01-05
-### Added
- - `isAuthorized` now return the unauthorized objects - regardless to the unauthorized ids (which may be missing resource ids if resource has no id, like `feature` e.g.)
-
 ## [1.1.0] - 2023-08-09
 
 ### ⚠ BREAKING CHANGES

package/README.md

@@ -136,60 +136,3 @@ const canActionInScopeMultipleResponse: ScopedActionResponseObject[] =
  * ]
  * /
 ```
-
-### Authorization Attributes API
-Authorization attributes have 2 options to get called: sync (http request) and async (send to SNS and consumed asynchronously).  
-When you have to make sure the change in the attributes applied before the function return, please use the sync method, otherwise use the async 
-
-#### Sync method
-Use `AuthorizationAttributesService.upsertResourceAttributesSync` to upsert multiple resource attributes in the authorization MS synchronously.
-
-```ts
-import { AuthorizationAttributesService, ResourceAttributeAssignment, ResourceAttributeResponse } from '@mondaydotcomorg/monday-authorization';
-
-const accountId = 739630;
-const userId = 4;
-const resourceAttributesAssignments: ResourceAttributeAssignment[] = [
-  { resourceId: 18, resourceType: 'workspace', key: 'is_default_workspace', value: 'true' },
-  { resourceId: 23, resourceType: 'board', key: 'board_kind', value: 'private' }
-];
-
-const response: ResourceAttributeResponse = await AuthorizationAttributesService.upsertResourceAttributesSync(accountId, userId, resourceAttributesAssignments);
-```
-
-Use `AuthorizationAttributesService.deleteResourceAttributesSync` to delete single resource's attributes in the authorization MS synchronously.
-
-
-```ts
-import { AuthorizationAttributesService, ResourceAttributeResponse, Resource } from '@mondaydotcomorg/monday-authorization';
-
-const accountId = 739630;
-const userId = 4;
-const resource: Resource = { type: 'workspace', id: 18 };
-const attributeKeys: string[] = ['is_default_workspace', 'workspace_kind'];
-
-const response: ResourceAttributeResponse = await AuthorizationAttributesService.deleteResourceAttributesSync(accountId, userId, resource, attributeKeys);
-```
-
-#### Async method
-use `AuthorizationAttributesService.updateResourceAttributesAsync` to upsert or delete multiple resource attributes at once.
-
-```ts
-import { AuthorizationAttributesService, ResourceAttributeAssignment, ResourceAttributeResponse } from '@mondaydotcomorg/monday-authorization';
-
-const accountId = 739630;
-const appName =  process.env.APP_NAME;
-const callerActionIdentifier = "actions_v2";
-const resourceAttributeOperations: ResourceAttributesOperation[] = [
-  { operationType: 'upsert', resourceId: 18, resourceType: 'workspace', key: 'is_default_workspace', value: 'true' },
-  { operationType: 'delete', resourceId: 23, resourceType: 'board', key: 'board_kind' }
-];
-
-const response: ResourceAttributeResponse = await AuthorizationAttributesService.updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations);
-```
-
-Special notes for asynchronous operations:
-1. There is no guarantee about the order of the updates, so don't do multiple operations on the same key in the same resource.
-2. To update an existing key, just use upsert operation, it'll override previous value.
-3. Requests with a lot of operations might split to chunks that will be consumed either sequence or in parallel, so there might be a timeframe where some of the operations already applied and some not. Eventually all of them will be applied.
-4. If your MS depends on the access to the asynchronous operation, you can use a health check operation `asyncResourceAttributesHealthCheck` that will return false if it can't reach to SNS or can't find the required topic. Note it doesn't check write permissions so make sure your MS have permissions to write to the SNS topic.

package/dist/index.d.ts

@@ -1,5 +1,4 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import * as TestKit from './testKit';
 export interface InitOptions {
     prometheus?: any;
     mondayFetchOptions?: MondayFetchOptions;
@@ -7,7 +6,5 @@ export interface InitOptions {
     grantedFeatureRedisExpirationInSeconds?: number;
 }
 export declare function init(options?: InitOptions): void;
-export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
-export { AuthorizationService } from './authorization-service';
-export { AuthorizationAttributesService } from './authorization-attributes-service';
-export { TestKit };
+export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './lib/authorization-middleware';
+export { AuthorizationService } from './lib/authorization-service';

package/dist/index.js

@@ -1,27 +1,23 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const prometheusService = require('./prometheus-service.js');
-const authorizationService = require('./authorization-service.js');
-const testKit_index = require('./testKit/index.js');
-const authorizationMiddleware = require('./authorization-middleware.js');
-const authorizationAttributesService = require('./authorization-attributes-service.js');
-
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationService = exports.skipAuthorizationMiddleware = exports.getAuthorizationMiddleware = exports.authorizationCheckMiddleware = exports.init = void 0;
+const prometheus_service_1 = require("./lib/prometheus-service");
+const authorization_service_1 = require("./lib/authorization-service");
 function init(options = {}) {
     if (options.prometheus) {
-        prometheusService.setPrometheus(options.prometheus);
+        (0, prometheus_service_1.setPrometheus)(options.prometheus);
     }
     if (options.mondayFetchOptions) {
-        authorizationService.setRequestFetchOptions(options.mondayFetchOptions);
+        (0, authorization_service_1.setRequestFetchOptions)(options.mondayFetchOptions);
     }
     if (options.redisClient) {
-        authorizationService.setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
+        (0, authorization_service_1.setRedisClient)(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
     }
 }
-
-exports.AuthorizationService = authorizationService.AuthorizationService;
-exports.TestKit = testKit_index;
-exports.authorizationCheckMiddleware = authorizationMiddleware.authorizationCheckMiddleware;
-exports.getAuthorizationMiddleware = authorizationMiddleware.getAuthorizationMiddleware;
-exports.skipAuthorizationMiddleware = authorizationMiddleware.skipAuthorizationMiddleware;
-exports.AuthorizationAttributesService = authorizationAttributesService.AuthorizationAttributesService;
 exports.init = init;
+var authorization_middleware_1 = require("./lib/authorization-middleware");
+Object.defineProperty(exports, "authorizationCheckMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.authorizationCheckMiddleware; } });
+Object.defineProperty(exports, "getAuthorizationMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.getAuthorizationMiddleware; } });
+Object.defineProperty(exports, "skipAuthorizationMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.skipAuthorizationMiddleware; } });
+var authorization_service_2 = require("./lib/authorization-service");
+Object.defineProperty(exports, "AuthorizationService", { enumerable: true, get: function () { return authorization_service_2.AuthorizationService; } });

package/dist/lib/authorization-internal-service.d.ts

@@ -0,0 +1,6 @@
+import { Request } from 'express';
+export declare class AuthorizationInternalService {
+    static skipAuthorization(requset: Request): void;
+    static markAuthorized(request: Request): void;
+    static failIfNotCoveredByAuthorization(request: Request): void;
+}

package/dist/lib/authorization-internal-service.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationInternalService = void 0;
+class AuthorizationInternalService {
+    static skipAuthorization(requset) {
+        requset.authorizationSkipPerformed = true;
+    }
+    static markAuthorized(request) {
+        request.authorizationCheckPerformed = true;
+    }
+    static failIfNotCoveredByAuthorization(request) {
+        if (!request.authorizationCheckPerformed && !request.authorizationSkipPerformed) {
+            throw 'Endpoint is not covered by authorization check';
+        }
+    }
+}
+exports.AuthorizationInternalService = AuthorizationInternalService;

package/dist/{authorization-middleware.d.ts → lib/authorization-middleware.d.ts}

@@ -1,6 +1,5 @@
 import { NextFunction } from 'express';
-import { Action, BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
+import { Action, BaseRequest, BaseResponse, ContextGetter, ResourceGetter } from './types/general';
 export declare function getAuthorizationMiddleware(action: Action, resourceGetter: ResourceGetter, contextGetter?: ContextGetter): (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;
 export declare function skipAuthorizationMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;
 export declare function authorizationCheckMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;
-export declare function defaultContextGetter(request: BaseRequest): Context;

package/dist/lib/authorization-middleware.js

@@ -0,0 +1,54 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorizationCheckMiddleware = exports.skipAuthorizationMiddleware = exports.getAuthorizationMiddleware = void 0;
+const on_headers_1 = __importDefault(require("on-headers"));
+const authorization_internal_service_1 = require("./authorization-internal-service");
+const authorization_service_1 = require("./authorization-service");
+function getAuthorizationMiddleware(action, resourceGetter, contextGetter) {
+    return function authorizationMiddleware(request, response, next) {
+        return __awaiter(this, void 0, void 0, function* () {
+            contextGetter || (contextGetter = defaultContextGetter);
+            const { userId, accountId } = contextGetter(request);
+            const resources = resourceGetter(request);
+            const { isAuthorized } = yield authorization_service_1.AuthorizationService.isAuthorized(accountId, userId, resources, action);
+            authorization_internal_service_1.AuthorizationInternalService.markAuthorized(request);
+            if (!isAuthorized) {
+                response.status(403).json({ message: 'Access denied' });
+                return;
+            }
+            next();
+        });
+    };
+}
+exports.getAuthorizationMiddleware = getAuthorizationMiddleware;
+function skipAuthorizationMiddleware(request, response, next) {
+    authorization_internal_service_1.AuthorizationInternalService.skipAuthorization(request);
+    next();
+}
+exports.skipAuthorizationMiddleware = skipAuthorizationMiddleware;
+function authorizationCheckMiddleware(request, response, next) {
+    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+        (0, on_headers_1.default)(response, function () {
+            if (response.statusCode < 400) {
+                authorization_internal_service_1.AuthorizationInternalService.failIfNotCoveredByAuthorization(request);
+            }
+        });
+    }
+    next();
+}
+exports.authorizationCheckMiddleware = authorizationCheckMiddleware;
+function defaultContextGetter(request) {
+    return request.payload;
+}

package/dist/{authorization-service.d.ts → lib/authorization-service.d.ts}

@@ -1,10 +1,9 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { Action, AuthorizationObject, Resource } from './types/general';
-import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
+import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from 'lib/types/scoped-actions-contracts';
 export interface AuthorizeResponse {
     isAuthorized: boolean;
     unauthorizedIds?: number[];
-    unauthorizedObjects?: AuthorizationObject[];
 }
 export declare function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
 export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;

package/dist/lib/authorization-service.js

@@ -0,0 +1,233 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationService = exports.setRedisClient = exports.setRequestFetchOptions = void 0;
+const lodash_1 = require("lodash");
+const perf_hooks_1 = require("perf_hooks");
+const monday_jwt_1 = require("@mondaydotcomorg/monday-jwt");
+const MondayLogger = __importStar(require("@mondaydotcomorg/monday-logger"));
+const monday_fetch_1 = require("@mondaydotcomorg/monday-fetch");
+const prometheus_service_1 = require("./prometheus-service");
+const INTERNAL_APP_NAME = 'internal_ms';
+const logger = MondayLogger.getLogger();
+const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
+const defaultMondayFetchOptions = {
+    retries: 3,
+    callback: logOnFetchFail,
+};
+let mondayFetchOptions = defaultMondayFetchOptions;
+function setRequestFetchOptions(customMondayFetchOptions) {
+    mondayFetchOptions = Object.assign(Object.assign({}, defaultMondayFetchOptions), customMondayFetchOptions);
+}
+exports.setRequestFetchOptions = setRequestFetchOptions;
+function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS) {
+    AuthorizationService.redisClient = client;
+    if (grantedFeatureRedisExpirationInSeconds && grantedFeatureRedisExpirationInSeconds > 0) {
+        AuthorizationService.grantedFeatureRedisExpirationInSeconds = grantedFeatureRedisExpirationInSeconds;
+    }
+    else {
+        logger.warn({ grantedFeatureRedisExpirationInSeconds }, 'Invalid input for grantedFeatureRedisExpirationInSeconds, must be positive number. using default ttl.');
+        AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
+    }
+}
+exports.setRedisClient = setRedisClient;
+class AuthorizationService {
+    static isAuthorized(...args) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (args.length === 3) {
+                return this.isAuthorizedMultiple(args[0], args[1], args[2]);
+            }
+            else if (args.length == 4) {
+                return this.isAuthorizedSingular(args[0], args[1], args[2], args[3]);
+            }
+            else {
+                throw new Error('isAuthorized accepts either 3 or 4 arguments');
+            }
+        });
+    }
+    static isUserGrantedWithFeature(accountId, userId, featureName, options = {}) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            let cachedKey = this.getCachedKeyName(userId, featureName);
+            const shouldSkipCache = (_a = options.shouldSkipCache) !== null && _a !== void 0 ? _a : false;
+            if (this.redisClient && !shouldSkipCache) {
+                let grantedFeatureValue = yield this.redisClient.get(cachedKey);
+                if (!(grantedFeatureValue === undefined || grantedFeatureValue === null)) {
+                    // redis returns the value as string
+                    return grantedFeatureValue === 'true';
+                }
+            }
+            let grantedFeatureValue = yield this.fetchIsUserGrantedWithFeature(featureName, accountId, userId);
+            if (this.redisClient) {
+                yield this.redisClient.set(cachedKey, grantedFeatureValue, 'EX', this.grantedFeatureRedisExpirationInSeconds);
+            }
+            return grantedFeatureValue;
+        });
+    }
+    static fetchIsUserGrantedWithFeature(featureName, accountId, userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let authorizationObject = {
+                action: featureName,
+                resource_type: 'feature',
+            };
+            let authorizeResponsePromise = yield this.isAuthorized(accountId, userId, [authorizationObject]);
+            return authorizeResponsePromise.isAuthorized;
+        });
+    }
+    static getCachedKeyName(userId, featureName) {
+        return `granted-feature-${featureName}-${userId}`;
+    }
+    static canActionInScope(accountId, userId, action, scope) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const scopedActions = [{ action, scope }];
+            const scopedActionResponseObjects = yield this.canActionInScopeMultiple(accountId, userId, scopedActions);
+            return scopedActionResponseObjects[0].permit;
+        });
+    }
+    static canActionInScopeMultiple(accountId, userId, scopedActions) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const internalAuthToken = (0, monday_jwt_1.signAuthorizationHeader)({ appName: INTERNAL_APP_NAME, accountId, userId });
+            const scopedActionsPayload = scopedActions.map(scopedAction => {
+                return Object.assign(Object.assign({}, scopedAction), { scope: (0, lodash_1.mapKeys)(scopedAction.scope, (_, key) => (0, lodash_1.snakeCase)(key)) }); // for example: { workspaceId: 1 } => { workspace_id: 1 }
+            });
+            const response = yield (0, monday_fetch_1.fetch)(getCanActionsInScopesUrl(), {
+                method: 'POST',
+                headers: { Authorization: internalAuthToken, 'Content-Type': 'application/json' },
+                timeout: getRequestTimeout(),
+                body: JSON.stringify({
+                    user_id: userId,
+                    scoped_actions: scopedActionsPayload,
+                }),
+            }, mondayFetchOptions);
+            throwOnHttpErrorIfNeeded(response, 'canActionInScopeMultiple');
+            const responseBody = yield response.json();
+            const camelCaseKeys = (obj) => Object.fromEntries(Object.entries(obj).map(([key, value]) => [(0, lodash_1.camelCase)(key), value]));
+            const scopedActionsResponseObjects = responseBody.result.map(responseObject => {
+                const { scopedAction, permit } = responseObject;
+                const { scope } = scopedAction;
+                const transformKeys = (obj) => camelCaseKeys(obj);
+                return Object.assign(Object.assign({}, responseObject), { scopedAction: Object.assign(Object.assign({}, scopedAction), { scope: transformKeys(scope) }), permit: transformKeys(permit) });
+            });
+            return scopedActionsResponseObjects;
+        });
+    }
+    static isAuthorizedSingular(accountId, userId, resources, action) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { authorizationObjects } = createAuthorizationParams(resources, action);
+            return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
+        });
+    }
+    static isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const internalAuthToken = (0, monday_jwt_1.signAuthorizationHeader)({ appName: INTERNAL_APP_NAME, accountId, userId });
+            const startTime = perf_hooks_1.performance.now();
+            const response = yield (0, monday_fetch_1.fetch)(getAuthorizeUrl(), {
+                method: 'POST',
+                headers: { Authorization: internalAuthToken, 'Content-Type': 'application/json' },
+                timeout: getRequestTimeout(),
+                body: JSON.stringify({
+                    user_id: userId,
+                    authorize_request_objects: authorizationRequestObjects,
+                }),
+            }, mondayFetchOptions);
+            const endTime = perf_hooks_1.performance.now();
+            const time = endTime - startTime;
+            const responseStatus = response.status;
+            (0, prometheus_service_1.sendAuthorizationChecksPerRequestMetric)(responseStatus, authorizationRequestObjects.length);
+            throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
+            const responseBody = yield response.json();
+            const unauthorizedObjects = [];
+            responseBody.result.forEach(function (isAuthorized, index) {
+                const authorizationObject = authorizationRequestObjects[index];
+                if (!isAuthorized) {
+                    unauthorizedObjects.push(authorizationObject);
+                }
+                (0, prometheus_service_1.sendAuthorizationCheckResponseTimeMetric)(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
+            });
+            if (unauthorizedObjects.length > 0) {
+                logger.info({
+                    resources: JSON.stringify(unauthorizedObjects),
+                }, 'AuthorizationService: resource is unauthorized');
+                const unauthorizedIds = unauthorizedObjects
+                    .filter(obj => !!obj.resource_id)
+                    .map(obj => obj.resource_id);
+                return { isAuthorized: false, unauthorizedIds };
+            }
+            return { isAuthorized: true };
+        });
+    }
+}
+exports.AuthorizationService = AuthorizationService;
+function createAuthorizationParams(resources, action) {
+    const params = {
+        authorizationObjects: resources.map((resource) => {
+            const authorizationObject = {
+                resource_id: resource.id,
+                resource_type: resource.type,
+                action,
+            };
+            if (resource.wrapperData) {
+                authorizationObject.wrapper_data = resource.wrapperData;
+            }
+            return authorizationObject;
+        }),
+    };
+    return params;
+}
+function logOnFetchFail(retriesLeft, error) {
+    if (retriesLeft == 0) {
+        logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
+    }
+    else {
+        logger.info({ retriesLeft, error }, 'Authorization attempt failed due to network issues, trying again');
+    }
+}
+function getAuthorizeUrl() {
+    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/authorize`;
+}
+function getCanActionsInScopesUrl() {
+    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/can_actions_in_scopes`;
+}
+function getRequestTimeout() {
+    const isDevEnv = process.env.NODE_ENV === 'development';
+    return isDevEnv ? 60000 : 2000;
+}
+function throwOnHttpErrorIfNeeded(response, placement) {
+    if (response.ok) {
+        return;
+    }
+    const status = response.status;
+    logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
+    throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
+}

package/dist/{prometheus-service.js → lib/prometheus-service.js}

@@ -1,20 +1,21 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendAuthorizationCheckResponseTimeMetric = exports.sendAuthorizationChecksPerRequestMetric = exports.getMetricsManager = exports.setPrometheus = exports.METRICS = void 0;
 let prometheus = null;
 let authorizationChecksPerRequestMetric = null;
 let authorizationCheckResponseTimeMetric = null;
-const METRICS = {
+exports.METRICS = {
     AUTHORIZATION_CHECK: 'authorization_check',
     AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
     AUTHORIZATION_CHECK_RESPONSE_TIME: 'authorization_check_response_time',
 };
 const authorizationChecksPerRequestMetricConfig = {
-    name: METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
+    name: exports.METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
     labels: ['responseStatus'],
     description: 'Authorization checks per request summary',
 };
 const authorizationCheckResponseTimeMetricConfig = {
-    name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
+    name: exports.METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
     labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
     description: 'Authorization check response time summary',
 };
@@ -24,9 +25,11 @@ function setPrometheus(customPrometheus) {
     authorizationChecksPerRequestMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationChecksPerRequestMetricConfig.name, authorizationChecksPerRequestMetricConfig.labels, authorizationChecksPerRequestMetricConfig.description);
     authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
 }
+exports.setPrometheus = setPrometheus;
 function getMetricsManager() {
-    return prometheus?.metricsManager;
+    return prometheus === null || prometheus === void 0 ? void 0 : prometheus.metricsManager;
 }
+exports.getMetricsManager = getMetricsManager;
 function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthorizationObjects) {
     try {
         if (authorizationChecksPerRequestMetric) {
@@ -35,6 +38,7 @@ function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthori
     }
     catch (e) { }
 }
+exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
 function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
     try {
         if (authorizationCheckResponseTimeMetric) {
@@ -43,9 +47,4 @@ function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthor
     }
     catch (e) { }
 }
-
-exports.METRICS = METRICS;
-exports.getMetricsManager = getMetricsManager;
 exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;
-exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
-exports.setPrometheus = setPrometheus;

package/dist/lib/types/express.js

@@ -0,0 +1 @@
+"use strict";

package/dist/lib/types/general.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/{types → lib/types}/scoped-actions-contracts.js

@@ -1,8 +1,9 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
 exports.PermitTechnicalReason = void 0;
+var PermitTechnicalReason;
 (function (PermitTechnicalReason) {
     PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
     PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
     PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
-})(exports.PermitTechnicalReason || (exports.PermitTechnicalReason = {}));
+})(PermitTechnicalReason || (exports.PermitTechnicalReason = PermitTechnicalReason = {}));

package/package.json

@@ -1,59 +1,36 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "1.1.9-featuremosheauthorizationesm.3695+dabe70b1e",
+  "version": "1.1.9-featureorcomonday-jwt-ts.472+0053951b7",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
-  "exports": {
-    ".": {
-      "import": "./dist/esm/index.mjs",
-      "require": "./dist/index.js",
-      "types": "./dist/index.d.ts"
-    },
-    "./package.json": "./package.json"
-  },
   "scripts": {
-    "test": "trident-library test",
-    "lint": "trident-library lint",
-    "build": "trident-library build",
-    "watch": "trident-library build -w"
+    "test": "mocha -r ts-node/register -r tsconfig-paths/register './tests/*.test.ts' --timeout 5000 --exit",
+    "build": "tsc --build"
   },
   "dependencies": {
     "@mondaydotcomorg/monday-fetch": "^0.0.7",
-    "@mondaydotcomorg/monday-jwt": "^3.0.14",
-    "@mondaydotcomorg/monday-logger": "^4.0.11",
-    "@mondaydotcomorg/monday-sns": "^1.0.6",
-    "@mondaydotcomorg/trident-backend-api": "^0.23.10",
-    "@types/lodash": "^4.17.10",
-    "lodash": "^4.17.21",
+    "@mondaydotcomorg/monday-jwt": "^3.0.9-featureorcomonday-jwt-ts.472+0053951b7",
+    "@mondaydotcomorg/monday-logger": "^3.0.10",
     "node-fetch": "^2.6.7",
-    "on-headers": "^1.0.2",
     "ts-node": "^10.0.0"
   },
   "devDependencies": {
-    "@mondaydotcomorg/trident-library": "^0.6.53",
     "@types/express": "^4.17.20",
-    "@types/jest": "^27.4.1",
     "@types/mocha": "^8.2.2",
     "@types/on-headers": "^1.0.0",
     "@types/supertest": "^2.0.11",
     "express": "^4.17.1",
     "ioredis": "^5.2.4",
     "ioredis-mock": "^8.2.2",
-    "jest": "^27.5.1",
     "mocha": "^9.0.1",
+    "on-headers": "^1.0.2",
     "supertest": "^6.1.3",
-    "ts-jest": "^27.1.3",
     "tsconfig-paths": "^3.9.0",
     "typescript": "^5.1.6"
   },
   "files": [
     "dist/"
   ],
-  "trident": {
-    "build": {
-      "esmMjsRename": true
-    }
-  },
-  "gitHead": "dabe70b1ee6b4bee07fdd8ca06eb4944d62a4c96"
+  "gitHead": "0053951b70f13ef040d8646d709dd3cdcce11168"
 }

package/dist/attributions-service.d.ts

@@ -1,3 +0,0 @@
-export declare function getAttributionsFromApi(): {
-    [key: string]: string;
-};