@mondaydotcomorg/monday-authorization 1.1.9-featuremosheauthorizationesm.3695 → 1.1.9-featureorcomonday-jwt-ts.472

package/dist/attributions-service.js

@@ -1,55 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
-const authorizationInternalService = require('./authorization-internal-service.js');
-
-const APP_NAME_VARIABLE_KEY = 'APP_NAME';
-const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
-const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
-let didSendFailureLogOnce = false;
-function getAttributionsFromApi() {
-    let callerAppNameFromSdk = {
-        [APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
-    };
-    try {
-        const tridentContext = tridentBackendApi.Api.getPart('context');
-        if (!tridentContext) {
-            return callerAppNameFromSdk;
-        }
-        const { runtimeAttributions } = tridentContext;
-        let runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
-        if (!runtimeAttributionsOutgoingHeaders) {
-            return callerAppNameFromSdk;
-        }
-        const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);
-        const attributionHeadersFromSdk = {};
-        Object.keys(attributionsHeaders).forEach(function (key) {
-            attributionHeadersFromSdk[`${key}${FROM_SDK_HEADER_SUFFIX}`] = attributionsHeaders[key];
-        });
-        return attributionHeadersFromSdk;
-    }
-    catch (error) {
-        if (!didSendFailureLogOnce) {
-            authorizationInternalService.logger.warn({ tag: 'authorization-service', error }, 'Failed to generate attributions headers from the API. Unexpected error while extracting headers. It may be caused by out of date Trident version.');
-            didSendFailureLogOnce = true;
-        }
-        return callerAppNameFromSdk;
-    }
-}
-function getEnvVariable(key) {
-    const envVar = process.env[key] || process.env[key.toUpperCase()] || process.env[key.toLowerCase()];
-    return envVar;
-}
-function tryJsonParse(value) {
-    if (!value) {
-        return value;
-    }
-    try {
-        return JSON.parse(value);
-    }
-    catch (_err) {
-        return value;
-    }
-}
-
-exports.getAttributionsFromApi = getAttributionsFromApi;

package/dist/authorization-attributes-service.d.ts

@@ -1,44 +0,0 @@
-import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
-import { Resource } from './types/general';
-export declare class AuthorizationAttributesService {
-    private static LOG_TAG;
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param userId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    static upsertResourceAttributes(accountId: number, userId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param userId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    static deleteResourceAttributes(accountId: number, userId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    static updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
-    private static sendSingleSnsMessage;
-    private static getSnsTopicArn;
-    private static getResourceAttributesUrl;
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    static asyncResourceAttributesHealthCheck(): Promise<boolean>;
-}

package/dist/authorization-attributes-service.js

@@ -1,144 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const chunk = require('lodash/chunk');
-const mondayFetch = require('@mondaydotcomorg/monday-fetch');
-const authorizationInternalService = require('./authorization-internal-service.js');
-const attributionsService = require('./attributions-service.js');
-const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
-const mondaySns = require('@mondaydotcomorg/monday-sns');
-const constants_sns = require('./constants/sns.js');
-
-const _interopDefault = e => e && e.__esModule ? e : { default: e };
-
-const chunk__default = /*#__PURE__*/_interopDefault(chunk);
-
-class AuthorizationAttributesService {
-    static LOG_TAG = "authorization_attributes";
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param userId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    static async upsertResourceAttributes(accountId, userId, resourceAttributeAssignments) {
-        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        const response = await mondayFetch.fetch(this.getResourceAttributesUrl(accountId), {
-            method: 'POST',
-            headers: {
-                Authorization: internalAuthToken,
-                'Content-Type': 'application/json',
-                ...attributionHeaders,
-            },
-            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
-            body: JSON.stringify({ resourceAttributeAssignments }),
-        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
-        const responseBody = await response.json();
-        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'upsertResourceAttributesSync');
-        return { attributes: responseBody['attributes'] };
-    }
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param userId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    static async deleteResourceAttributes(accountId, userId, resource, attributeKeys) {
-        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-        const url = `${this.getResourceAttributesUrl(accountId)}/${resource.type}/${resource.id}`;
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        const response = await mondayFetch.fetch(url, {
-            method: 'DELETE',
-            headers: {
-                Authorization: internalAuthToken,
-                'Content-Type': 'application/json',
-                ...attributionHeaders,
-            },
-            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
-            body: JSON.stringify({ keys: attributeKeys }),
-        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
-        const responseBody = await response.json();
-        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'deleteResourceAttributesSync');
-        return { attributes: responseBody['attributes'] };
-    }
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    static async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
-        const topicArn = this.getSnsTopicArn();
-        const sendToSnsPromises = [];
-        const operationChucks = chunk__default.default(resourceAttributeOperations, constants_sns.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-        for (const operationsChunk of operationChucks) {
-            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
-        }
-        return (await Promise.all(sendToSnsPromises)).flat();
-    }
-    static async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
-        const payload = {
-            kind: constants_sns.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-            payload: {
-                accountId: accountId,
-                callerAppName: appName,
-                callerActionIdentifier: callerActionIdentifier,
-                operations: operations,
-            }
-        };
-        try {
-            await mondaySns.sendToSns(payload, topicArn);
-            return operations;
-        }
-        catch (error) {
-            authorizationInternalService.logger.error({ error, tag: this.LOG_TAG }, "Authorization resource attributes async update: failed to send operations to SNS");
-            return [];
-        }
-    }
-    static getSnsTopicArn() {
-        const arnFromApi = tridentBackendApi.Api.getPart('configurationVariables')?.get(constants_sns.RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME).arn;
-        if (arnFromApi) {
-            return arnFromApi;
-        }
-        const jsonArnFromEnv = process.env[constants_sns.RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME];
-        const arnFromEnv = JSON.parse(jsonArnFromEnv).arn;
-        if (arnFromEnv) {
-            return arnFromEnv;
-        }
-        throw new Error('Unable to get sns topic arn from env variable');
-    }
-    static getResourceAttributesUrl(accountId) {
-        return `${process.env.AUTHORIZATION_URL}/attributes/${accountId}/resource`;
-    }
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    static async asyncResourceAttributesHealthCheck() {
-        try {
-            const requestedTopicArn = this.getSnsTopicArn();
-            const attributes = await mondaySns.getTopicAttributes(requestedTopicArn);
-            const isHealthy = !(!attributes || !("TopicArn" in attributes) || attributes.TopicArn !== requestedTopicArn);
-            if (!isHealthy) {
-                authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: this.LOG_TAG }, "authorization-attributes-service failed in health check");
-            }
-            return isHealthy;
-        }
-        catch (error) {
-            authorizationInternalService.logger.error({ error, tag: this.LOG_TAG }, "authorization-attributes-service got error during health check");
-            return false;
-        }
-    }
-}
-
-exports.AuthorizationAttributesService = AuthorizationAttributesService;

package/dist/authorization-internal-service.d.ts

@@ -1,13 +0,0 @@
-import { Request } from 'express';
-import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-export declare const logger: import("bunyan");
-export declare class AuthorizationInternalService {
-    static skipAuthorization(requset: Request): void;
-    static markAuthorized(request: Request): void;
-    static failIfNotCoveredByAuthorization(request: Request): void;
-    static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
-    static generateInternalAuthToken(accountId: number, userId: number): string;
-    static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
-    static getRequestFetchOptions(): MondayFetchOptions;
-    static getRequestTimeout(): 60000 | 2000;
-}

package/dist/authorization-internal-service.js

@@ -1,80 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const mondayJwt = require('@mondaydotcomorg/monday-jwt');
-const MondayLogger = require('@mondaydotcomorg/monday-logger');
-
-function _interopNamespace(e) {
-if (e && e.__esModule) return e;
-const n = Object.create(null, { [Symbol.toStringTag]: { value: 'Module' } });
-if (e) {
-for (const k in e) {
-if (k !== 'default') {
-const d = Object.getOwnPropertyDescriptor(e, k);
-Object.defineProperty(n, k, d.get ? d : {
-enumerable: true,
-get: () => e[k]
-});
-}
-}
-}
-n.default = e;
-return n;
-}
-
-const MondayLogger__namespace = /*#__PURE__*/_interopNamespace(MondayLogger);
-
-const INTERNAL_APP_NAME = 'internal_ms';
-const defaultMondayFetchOptions = {
-    retries: 3,
-    callback: logOnFetchFail,
-};
-function logOnFetchFail(retriesLeft, error) {
-    if (retriesLeft == 0) {
-        logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
-    }
-    else {
-        logger.info({ retriesLeft, error }, 'Authorization attempt failed due to network issues, trying again');
-    }
-}
-let mondayFetchOptions = defaultMondayFetchOptions;
-const logger = MondayLogger__namespace.getLogger();
-class AuthorizationInternalService {
-    static skipAuthorization(requset) {
-        requset.authorizationSkipPerformed = true;
-    }
-    static markAuthorized(request) {
-        request.authorizationCheckPerformed = true;
-    }
-    static failIfNotCoveredByAuthorization(request) {
-        if (!request.authorizationCheckPerformed && !request.authorizationSkipPerformed) {
-            throw 'Endpoint is not covered by authorization check';
-        }
-    }
-    static throwOnHttpErrorIfNeeded(response, placement) {
-        if (response.ok) {
-            return;
-        }
-        const status = response.status;
-        logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
-        throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
-    }
-    static generateInternalAuthToken(accountId, userId) {
-        return mondayJwt.signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
-    }
-    static setRequestFetchOptions(customMondayFetchOptions) {
-        mondayFetchOptions = {
-            ...defaultMondayFetchOptions,
-            ...customMondayFetchOptions,
-        };
-    }
-    static getRequestFetchOptions() {
-        return mondayFetchOptions;
-    }
-    static getRequestTimeout() {
-        const isDevEnv = process.env.NODE_ENV === 'development';
-        return isDevEnv ? 60000 : 2000;
-    }
-}
-
-exports.AuthorizationInternalService = AuthorizationInternalService;
-exports.logger = logger;

package/dist/authorization-middleware.js

@@ -1,48 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const onHeaders = require('on-headers');
-const authorizationInternalService = require('./authorization-internal-service.js');
-const authorizationService = require('./authorization-service.js');
-
-const _interopDefault = e => e && e.__esModule ? e : { default: e };
-
-const onHeaders__default = /*#__PURE__*/_interopDefault(onHeaders);
-
-// getAuthorizationMiddleware is duplicated in testKit/index.ts
-// If you are making changes to this function, please make sure to update the other file as well
-function getAuthorizationMiddleware(action, resourceGetter, contextGetter) {
-    return async function authorizationMiddleware(request, response, next) {
-        contextGetter ||= defaultContextGetter;
-        const { userId, accountId } = contextGetter(request);
-        const resources = resourceGetter(request);
-        const { isAuthorized } = await authorizationService.AuthorizationService.isAuthorized(accountId, userId, resources, action);
-        authorizationInternalService.AuthorizationInternalService.markAuthorized(request);
-        if (!isAuthorized) {
-            response.status(403).json({ message: 'Access denied' });
-            return;
-        }
-        next();
-    };
-}
-function skipAuthorizationMiddleware(request, response, next) {
-    authorizationInternalService.AuthorizationInternalService.skipAuthorization(request);
-    next();
-}
-function authorizationCheckMiddleware(request, response, next) {
-    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-        onHeaders__default.default(response, function () {
-            if (response.statusCode < 400) {
-                authorizationInternalService.AuthorizationInternalService.failIfNotCoveredByAuthorization(request);
-            }
-        });
-    }
-    next();
-}
-function defaultContextGetter(request) {
-    return request.payload;
-}
-
-exports.authorizationCheckMiddleware = authorizationCheckMiddleware;
-exports.defaultContextGetter = defaultContextGetter;
-exports.getAuthorizationMiddleware = getAuthorizationMiddleware;
-exports.skipAuthorizationMiddleware = skipAuthorizationMiddleware;

package/dist/authorization-service.js

@@ -1,176 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const lodash = require('lodash');
-const perf_hooks = require('perf_hooks');
-const mondayFetch = require('@mondaydotcomorg/monday-fetch');
-const prometheusService = require('./prometheus-service.js');
-const authorizationInternalService = require('./authorization-internal-service.js');
-const attributionsService = require('./attributions-service.js');
-
-const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
-function setRequestFetchOptions(customMondayFetchOptions) {
-    authorizationInternalService.AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
-}
-function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS) {
-    AuthorizationService.redisClient = client;
-    if (grantedFeatureRedisExpirationInSeconds && grantedFeatureRedisExpirationInSeconds > 0) {
-        AuthorizationService.grantedFeatureRedisExpirationInSeconds = grantedFeatureRedisExpirationInSeconds;
-    }
-    else {
-        authorizationInternalService.logger.warn({ grantedFeatureRedisExpirationInSeconds }, 'Invalid input for grantedFeatureRedisExpirationInSeconds, must be positive number. using default ttl.');
-        AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
-    }
-}
-class AuthorizationService {
-    static redisClient;
-    static grantedFeatureRedisExpirationInSeconds;
-    static async isAuthorized(...args) {
-        if (args.length === 3) {
-            return this.isAuthorizedMultiple(args[0], args[1], args[2]);
-        }
-        else if (args.length == 4) {
-            return this.isAuthorizedSingular(args[0], args[1], args[2], args[3]);
-        }
-        else {
-            throw new Error('isAuthorized accepts either 3 or 4 arguments');
-        }
-    }
-    static async isUserGrantedWithFeature(accountId, userId, featureName, options = {}) {
-        let cachedKey = this.getCachedKeyName(userId, featureName);
-        const shouldSkipCache = options.shouldSkipCache ?? false;
-        if (this.redisClient && !shouldSkipCache) {
-            let grantedFeatureValue = await this.redisClient.get(cachedKey);
-            if (!(grantedFeatureValue === undefined || grantedFeatureValue === null)) {
-                // redis returns the value as string
-                return grantedFeatureValue === 'true';
-            }
-        }
-        let grantedFeatureValue = await this.fetchIsUserGrantedWithFeature(featureName, accountId, userId);
-        if (this.redisClient) {
-            await this.redisClient.set(cachedKey, grantedFeatureValue, 'EX', this.grantedFeatureRedisExpirationInSeconds);
-        }
-        return grantedFeatureValue;
-    }
-    static async fetchIsUserGrantedWithFeature(featureName, accountId, userId) {
-        let authorizationObject = {
-            action: featureName,
-            resource_type: 'feature',
-        };
-        let authorizeResponsePromise = await this.isAuthorized(accountId, userId, [authorizationObject]);
-        return authorizeResponsePromise.isAuthorized;
-    }
-    static getCachedKeyName(userId, featureName) {
-        return `granted-feature-${featureName}-${userId}`;
-    }
-    static async canActionInScope(accountId, userId, action, scope) {
-        const scopedActions = [{ action, scope }];
-        const scopedActionResponseObjects = await this.canActionInScopeMultiple(accountId, userId, scopedActions);
-        return scopedActionResponseObjects[0].permit;
-    }
-    static async canActionInScopeMultiple(accountId, userId, scopedActions) {
-        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-        const scopedActionsPayload = scopedActions.map(scopedAction => {
-            return { ...scopedAction, scope: lodash.mapKeys(scopedAction.scope, (_, key) => lodash.snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
-        });
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        const response = await mondayFetch.fetch(getCanActionsInScopesUrl(), {
-            method: 'POST',
-            headers: {
-                Authorization: internalAuthToken,
-                'Content-Type': 'application/json',
-                ...attributionHeaders,
-            },
-            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
-            body: JSON.stringify({
-                user_id: userId,
-                scoped_actions: scopedActionsPayload,
-            }),
-        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
-        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'canActionInScopeMultiple');
-        const responseBody = await response.json();
-        const camelCaseKeys = obj => Object.fromEntries(Object.entries(obj).map(([key, value]) => [lodash.camelCase(key), value]));
-        const scopedActionsResponseObjects = responseBody.result.map(responseObject => {
-            const { scopedAction, permit } = responseObject;
-            const { scope } = scopedAction;
-            const transformKeys = obj => camelCaseKeys(obj);
-            return {
-                ...responseObject,
-                scopedAction: { ...scopedAction, scope: transformKeys(scope) },
-                permit: transformKeys(permit),
-            };
-        });
-        return scopedActionsResponseObjects;
-    }
-    static async isAuthorizedSingular(accountId, userId, resources, action) {
-        const { authorizationObjects } = createAuthorizationParams(resources, action);
-        return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
-    }
-    static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
-        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-        const startTime = perf_hooks.performance.now();
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        const response = await mondayFetch.fetch(getAuthorizeUrl(), {
-            method: 'POST',
-            headers: {
-                Authorization: internalAuthToken,
-                'Content-Type': 'application/json',
-                ...attributionHeaders,
-            },
-            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
-            body: JSON.stringify({
-                user_id: userId,
-                authorize_request_objects: authorizationRequestObjects,
-            }),
-        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
-        const endTime = perf_hooks.performance.now();
-        const time = endTime - startTime;
-        const responseStatus = response.status;
-        prometheusService.sendAuthorizationChecksPerRequestMetric(responseStatus, authorizationRequestObjects.length);
-        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
-        const responseBody = await response.json();
-        const unauthorizedObjects = [];
-        responseBody.result.forEach(function (isAuthorized, index) {
-            const authorizationObject = authorizationRequestObjects[index];
-            if (!isAuthorized) {
-                unauthorizedObjects.push(authorizationObject);
-            }
-            prometheusService.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
-        });
-        if (unauthorizedObjects.length > 0) {
-            authorizationInternalService.logger.info({
-                resources: JSON.stringify(unauthorizedObjects),
-            }, 'AuthorizationService: resource is unauthorized');
-            const unauthorizedIds = unauthorizedObjects
-                .filter(obj => !!obj.resource_id)
-                .map(obj => obj.resource_id);
-            return { isAuthorized: false, unauthorizedIds, unauthorizedObjects };
-        }
-        return { isAuthorized: true };
-    }
-}
-function createAuthorizationParams(resources, action) {
-    const params = {
-        authorizationObjects: resources.map((resource) => {
-            const authorizationObject = {
-                resource_id: resource.id,
-                resource_type: resource.type,
-                action,
-            };
-            if (resource.wrapperData) {
-                authorizationObject.wrapper_data = resource.wrapperData;
-            }
-            return authorizationObject;
-        }),
-    };
-    return params;
-}
-function getAuthorizeUrl() {
-    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/authorize`;
-}
-function getCanActionsInScopesUrl() {
-    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/can_actions_in_scopes`;
-}
-
-exports.AuthorizationService = AuthorizationService;
-exports.setRedisClient = setRedisClient;
-exports.setRequestFetchOptions = setRequestFetchOptions;

package/dist/constants/sns.d.ts

@@ -1,3 +0,0 @@
-export declare const RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME = "AUTHORIZATION_RESOURCE_ATTRIBUTES_SNS_TOPIC";
-export declare const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = "resourceAttributeModification";
-export declare const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;

package/dist/constants/sns.js

@@ -1,9 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME = 'AUTHORIZATION_RESOURCE_ATTRIBUTES_SNS_TOPIC';
-const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'resourceAttributeModification';
-const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
-
-exports.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE;
-exports.RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME = RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME;
-exports.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND;

package/dist/esm/attributions-service.d.ts

@@ -1,3 +0,0 @@
-export declare function getAttributionsFromApi(): {
-    [key: string]: string;
-};

package/dist/esm/attributions-service.mjs

@@ -1,53 +0,0 @@
-import { Api } from '@mondaydotcomorg/trident-backend-api';
-import { logger } from './authorization-internal-service.mjs';
-
-const APP_NAME_VARIABLE_KEY = 'APP_NAME';
-const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
-const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
-let didSendFailureLogOnce = false;
-function getAttributionsFromApi() {
-    let callerAppNameFromSdk = {
-        [APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
-    };
-    try {
-        const tridentContext = Api.getPart('context');
-        if (!tridentContext) {
-            return callerAppNameFromSdk;
-        }
-        const { runtimeAttributions } = tridentContext;
-        let runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
-        if (!runtimeAttributionsOutgoingHeaders) {
-            return callerAppNameFromSdk;
-        }
-        const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);
-        const attributionHeadersFromSdk = {};
-        Object.keys(attributionsHeaders).forEach(function (key) {
-            attributionHeadersFromSdk[`${key}${FROM_SDK_HEADER_SUFFIX}`] = attributionsHeaders[key];
-        });
-        return attributionHeadersFromSdk;
-    }
-    catch (error) {
-        if (!didSendFailureLogOnce) {
-            logger.warn({ tag: 'authorization-service', error }, 'Failed to generate attributions headers from the API. Unexpected error while extracting headers. It may be caused by out of date Trident version.');
-            didSendFailureLogOnce = true;
-        }
-        return callerAppNameFromSdk;
-    }
-}
-function getEnvVariable(key) {
-    const envVar = process.env[key] || process.env[key.toUpperCase()] || process.env[key.toLowerCase()];
-    return envVar;
-}
-function tryJsonParse(value) {
-    if (!value) {
-        return value;
-    }
-    try {
-        return JSON.parse(value);
-    }
-    catch (_err) {
-        return value;
-    }
-}
-
-export { getAttributionsFromApi };