@mondaydotcomorg/monday-authorization 1.2.11 → 1.2.12

package/dist/esm/types/general.mjs

@@ -0,0 +1 @@
+

package/dist/esm/types/scoped-actions-contracts.mjs

@@ -0,0 +1,8 @@
+var PermitTechnicalReason;
+(function (PermitTechnicalReason) {
+    PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
+    PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
+    PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
+})(PermitTechnicalReason || (PermitTechnicalReason = {}));
+
+export { PermitTechnicalReason };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import * as TestKit from './lib/testKit';
+import * as TestKit from './testKit';
 export interface InitOptions {
     prometheus?: any;
     mondayFetchOptions?: MondayFetchOptions;
@@ -7,7 +7,7 @@ export interface InitOptions {
     grantedFeatureRedisExpirationInSeconds?: number;
 }
 export declare function init(options?: InitOptions): void;
-export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './lib/authorization-middleware';
-export { AuthorizationService } from './lib/authorization-service';
-export { AuthorizationAttributesService } from './lib/authorization-attributes-service';
+export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
+export { AuthorizationService } from './authorization-service';
+export { AuthorizationAttributesService } from './authorization-attributes-service';
 export { TestKit };

package/dist/index.js

@@ -1,51 +1,27 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TestKit = exports.AuthorizationAttributesService = exports.AuthorizationService = exports.skipAuthorizationMiddleware = exports.getAuthorizationMiddleware = exports.authorizationCheckMiddleware = void 0;
-exports.init = init;
-const prometheus_service_1 = require("./lib/prometheus-service");
-const authorization_service_1 = require("./lib/authorization-service");
-const TestKit = __importStar(require("./lib/testKit"));
-exports.TestKit = TestKit;
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const prometheusService = require('./prometheus-service.js');
+const authorizationService = require('./authorization-service.js');
+const testKit_index = require('./testKit/index.js');
+const authorizationMiddleware = require('./authorization-middleware.js');
+const authorizationAttributesService = require('./authorization-attributes-service.js');
+
 function init(options = {}) {
     if (options.prometheus) {
-        (0, prometheus_service_1.setPrometheus)(options.prometheus);
+        prometheusService.setPrometheus(options.prometheus);
     }
     if (options.mondayFetchOptions) {
-        (0, authorization_service_1.setRequestFetchOptions)(options.mondayFetchOptions);
+        authorizationService.setRequestFetchOptions(options.mondayFetchOptions);
     }
     if (options.redisClient) {
-        (0, authorization_service_1.setRedisClient)(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
+        authorizationService.setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
     }
 }
-var authorization_middleware_1 = require("./lib/authorization-middleware");
-Object.defineProperty(exports, "authorizationCheckMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.authorizationCheckMiddleware; } });
-Object.defineProperty(exports, "getAuthorizationMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.getAuthorizationMiddleware; } });
-Object.defineProperty(exports, "skipAuthorizationMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.skipAuthorizationMiddleware; } });
-var authorization_service_2 = require("./lib/authorization-service");
-Object.defineProperty(exports, "AuthorizationService", { enumerable: true, get: function () { return authorization_service_2.AuthorizationService; } });
-var authorization_attributes_service_1 = require("./lib/authorization-attributes-service");
-Object.defineProperty(exports, "AuthorizationAttributesService", { enumerable: true, get: function () { return authorization_attributes_service_1.AuthorizationAttributesService; } });
-//# sourceMappingURL=index.js.map
+
+exports.AuthorizationService = authorizationService.AuthorizationService;
+exports.TestKit = testKit_index;
+exports.authorizationCheckMiddleware = authorizationMiddleware.authorizationCheckMiddleware;
+exports.getAuthorizationMiddleware = authorizationMiddleware.getAuthorizationMiddleware;
+exports.skipAuthorizationMiddleware = authorizationMiddleware.skipAuthorizationMiddleware;
+exports.AuthorizationAttributesService = authorizationAttributesService.AuthorizationAttributesService;
+exports.init = init;

package/dist/prometheus-service.d.ts

@@ -0,0 +1,10 @@
+import { Action } from './types/general';
+export declare const METRICS: {
+    AUTHORIZATION_CHECK: string;
+    AUTHORIZATION_CHECKS_PER_REQUEST: string;
+    AUTHORIZATION_CHECK_RESPONSE_TIME: string;
+};
+export declare function setPrometheus(customPrometheus: any): void;
+export declare function getMetricsManager(): any;
+export declare function sendAuthorizationChecksPerRequestMetric(responseStatus: any, amountOfAuthorizationObjects: any): void;
+export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;

package/dist/{lib/prometheus-service.js → prometheus-service.js}

@@ -1,25 +1,20 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.METRICS = void 0;
-exports.setPrometheus = setPrometheus;
-exports.getMetricsManager = getMetricsManager;
-exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
-exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
 let prometheus = null;
 let authorizationChecksPerRequestMetric = null;
 let authorizationCheckResponseTimeMetric = null;
-exports.METRICS = {
+const METRICS = {
     AUTHORIZATION_CHECK: 'authorization_check',
     AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
     AUTHORIZATION_CHECK_RESPONSE_TIME: 'authorization_check_response_time',
 };
 const authorizationChecksPerRequestMetricConfig = {
-    name: exports.METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
+    name: METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
     labels: ['responseStatus'],
     description: 'Authorization checks per request summary',
 };
 const authorizationCheckResponseTimeMetricConfig = {
-    name: exports.METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
+    name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
     labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
     description: 'Authorization check response time summary',
 };
@@ -30,7 +25,7 @@ function setPrometheus(customPrometheus) {
     authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
 }
 function getMetricsManager() {
-    return prometheus === null || prometheus === void 0 ? void 0 : prometheus.metricsManager;
+    return prometheus?.metricsManager;
 }
 function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthorizationObjects) {
     try {
@@ -38,7 +33,9 @@ function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthori
             authorizationChecksPerRequestMetric.labels(responseStatus).observe(amountOfAuthorizationObjects);
         }
     }
-    catch (e) { }
+    catch (e) {
+        // ignore
+    }
 }
 function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
     try {
@@ -46,6 +43,13 @@ function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthor
             authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
         }
     }
-    catch (e) { }
+    catch (e) {
+        // ignore
+    }
 }
-//# sourceMappingURL=prometheus-service.js.map
+
+exports.METRICS = METRICS;
+exports.getMetricsManager = getMetricsManager;
+exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;
+exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
+exports.setPrometheus = setPrometheus;

package/dist/testKit/index.d.ts

@@ -0,0 +1,11 @@
+import { Action, BaseRequest, BaseResponse, ContextGetter, Resource, ResourceGetter } from '../types/general';
+import type { NextFunction } from 'express';
+export type TestPermittedAction = {
+    accountId: number;
+    userId: number;
+    resources: Resource[];
+    action: Action;
+};
+export declare const addTestPermittedAction: (accountId: number, userId: number, resources: Resource[], action: Action) => void;
+export declare const clearTestPermittedActions: () => void;
+export declare const getTestAuthorizationMiddleware: (action: Action, resourceGetter: ResourceGetter, contextGetter?: ContextGetter) => (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;

package/dist/testKit/index.js

@@ -0,0 +1,48 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const authorizationMiddleware = require('../authorization-middleware.js');
+const authorizationInternalService = require('../authorization-internal-service.js');
+
+let testPermittedActions = [];
+const addTestPermittedAction = (accountId, userId, resources, action) => {
+    testPermittedActions.push({ accountId, userId, resources, action });
+};
+const clearTestPermittedActions = () => {
+    testPermittedActions = [];
+};
+const isActionAuthorized = (accountId, userId, resources, action) => {
+    return {
+        isAuthorized: resources.every(_ => {
+            return testPermittedActions.some(combination => {
+                return (combination.accountId === accountId &&
+                    combination.userId === userId &&
+                    combination.action === action &&
+                    combination.resources.some(combinationResource => {
+                        return resources.some(resource => {
+                            return (combinationResource.id === resource.id &&
+                                combinationResource.type === resource.type &&
+                                JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData));
+                        });
+                    }));
+            });
+        }),
+    };
+};
+const getTestAuthorizationMiddleware = (action, resourceGetter, contextGetter) => {
+    return async function authorizationMiddleware$1(request, response, next) {
+        contextGetter ||= authorizationMiddleware.defaultContextGetter;
+        const { userId, accountId } = contextGetter(request);
+        const resources = resourceGetter(request);
+        const { isAuthorized } = isActionAuthorized(accountId, userId, resources, action);
+        authorizationInternalService.AuthorizationInternalService.markAuthorized(request);
+        if (!isAuthorized) {
+            response.status(403).json({ message: 'Access denied' });
+            return;
+        }
+        next();
+    };
+};
+
+exports.addTestPermittedAction = addTestPermittedAction;
+exports.clearTestPermittedActions = clearTestPermittedActions;
+exports.getTestAuthorizationMiddleware = getTestAuthorizationMiddleware;

package/dist/types/authorization-attributes-contracts.d.ts

@@ -0,0 +1,27 @@
+import { Resource } from './general';
+export interface ResourceAttributeAssignment {
+    resourceType: Resource['type'];
+    resourceId: Resource['id'];
+    key: string;
+    value: string;
+}
+export interface ResourceAttributeResponse {
+    attributes: ResourceAttributeAssignment[];
+}
+export interface ResourceAttributeDelete {
+    resourceType: Resource['type'];
+    resourceId: Resource['id'];
+    key: string;
+}
+export declare enum ResourceAttributeOperationEnum {
+    UPSERT = "upsert",
+    DELETE = "delete"
+}
+interface UpsertResourceAttributeOperation extends ResourceAttributeAssignment {
+    operationType: ResourceAttributeOperationEnum.UPSERT;
+}
+interface DeleteResourceAttributeOperation extends ResourceAttributeDelete {
+    operationType: ResourceAttributeOperationEnum.DELETE;
+}
+export type ResourceAttributesOperation = UpsertResourceAttributeOperation | DeleteResourceAttributeOperation;
+export {};

package/dist/types/authorization-attributes-contracts.js

@@ -0,0 +1,7 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+exports.ResourceAttributeOperationEnum = void 0;
+(function (ResourceAttributeOperationEnum) {
+    ResourceAttributeOperationEnum["UPSERT"] = "upsert";
+    ResourceAttributeOperationEnum["DELETE"] = "delete";
+})(exports.ResourceAttributeOperationEnum || (exports.ResourceAttributeOperationEnum = {}));

package/dist/types/express.d.ts

@@ -0,0 +1,10 @@
+declare namespace Express {
+    interface Request {
+        payload: {
+            accountId: number;
+            userId: number;
+        };
+        authorizationCheckPerformed: boolean;
+        authorizationSkipPerformed: boolean;
+    }
+}

package/dist/types/express.js

@@ -0,0 +1 @@
+

package/dist/types/general.d.ts

@@ -0,0 +1,32 @@
+import type { Request, Response } from 'express';
+export interface Resource {
+    id?: number;
+    type: string;
+    wrapperData?: object;
+}
+export type Action = string;
+export interface Context {
+    accountId: number;
+    userId: number;
+}
+export interface AuthorizationObject {
+    resource_id?: Resource['id'];
+    resource_type: Resource['type'];
+    wrapper_data?: Resource['wrapperData'];
+    action: Action;
+}
+export interface AuthorizationParams {
+    authorizationObjects: AuthorizationObject[];
+}
+type BasicObject = {
+    [key: string]: string;
+};
+export type BaseParameters = BasicObject;
+export type BaseResponseBody = BasicObject;
+export type BaseBodyParameters = BasicObject;
+export type BaseQueryParameters = BasicObject;
+export type BaseRequest = Request<BaseParameters, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
+export type BaseResponse = Response<BaseResponseBody>;
+export type ResourceGetter = (request: BaseRequest) => Resource[];
+export type ContextGetter = (request: BaseRequest) => Context;
+export {};

package/dist/types/general.js

@@ -0,0 +1 @@
+

package/dist/types/scoped-actions-contracts.d.ts

@@ -0,0 +1,38 @@
+export interface WorkspaceScope {
+    workspaceId: number;
+}
+export interface BoardScope {
+    boardId: number;
+}
+export interface PulseScope {
+    pulseId: number;
+}
+export interface AccountProductScope {
+    accountProductId: number;
+}
+export interface AccountScope {
+    accountId: number;
+}
+export type ScopeOptions = WorkspaceScope | BoardScope | PulseScope | AccountProductScope | AccountScope;
+export interface Translation {
+    key: string;
+    [option: string]: string;
+}
+export declare enum PermitTechnicalReason {
+    NO_REASON = 0,
+    NOT_ELIGIBLE = 1,
+    BY_ROLE_IN_SCOPE = 2
+}
+export interface ScopedActionPermit {
+    can: boolean;
+    reason: Translation;
+    technicalReason: PermitTechnicalReason;
+}
+export interface ScopedAction {
+    action: string;
+    scope: ScopeOptions;
+}
+export interface ScopedActionResponseObject {
+    scopedAction: ScopedAction;
+    permit: ScopedActionPermit;
+}

package/dist/{lib/types → types}/scoped-actions-contracts.js

@@ -1,10 +1,8 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
 exports.PermitTechnicalReason = void 0;
-var PermitTechnicalReason;
 (function (PermitTechnicalReason) {
     PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
     PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
     PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
-})(PermitTechnicalReason || (exports.PermitTechnicalReason = PermitTechnicalReason = {}));
-//# sourceMappingURL=scoped-actions-contracts.js.map
+})(exports.PermitTechnicalReason || (exports.PermitTechnicalReason = {}));

package/package.json

@@ -1,60 +1,57 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "1.2.11",
+  "version": "1.2.12",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
-  "jest": {
-    "testEnvironment": "node",
-    "testMatch": [
-      "**/+(*.)+(spec|test).+(ts|js)?(x)"
-    ],
-    "transform": {
-      "^.+\\.(ts|js|html)$": "ts-jest"
+  "exports": {
+    ".": {
+      "import": "./dist/esm/index.mjs",
+      "require": "./dist/index.js",
+      "types": "./dist/index.d.ts"
     },
-    "moduleFileExtensions": [
-      "ts",
-      "js",
-      "html"
-    ],
-    "coverageReporters": [
-      "html"
-    ]
+    "./package.json": "./package.json"
   },
   "scripts": {
-    "test": "jest",
-    "build": "tsc --build"
+    "test": "trident-library test",
+    "lint": "trident-library lint",
+    "build": "trident-library build",
+    "watch": "trident-library build -w"
   },
   "dependencies": {
     "@mondaydotcomorg/monday-fetch": "^0.0.7",
     "@mondaydotcomorg/monday-jwt": "^3.0.14",
     "@mondaydotcomorg/monday-logger": "^4.0.11",
     "@mondaydotcomorg/monday-sns": "^1.0.6",
-    "@mondaydotcomorg/trident-backend-api": "^0.23.10",
-    "@types/lodash": "^4.17.10",
+    "@mondaydotcomorg/trident-backend-api": "^0.24.3",
     "lodash": "^4.17.21",
     "node-fetch": "^2.6.7",
     "on-headers": "^1.0.2",
     "ts-node": "^10.0.0"
   },
   "devDependencies": {
+    "@mondaydotcomorg/trident-library": "^0.6.53",
     "@types/express": "^4.17.20",
-    "@types/jest": "^27.4.1",
-    "@types/mocha": "^8.2.2",
+    "@types/lodash": "^4.17.10",
     "@types/on-headers": "^1.0.0",
     "@types/supertest": "^2.0.11",
     "express": "^4.17.1",
     "ioredis": "^5.2.4",
     "ioredis-mock": "^8.2.2",
-    "jest": "^27.5.1",
-    "mocha": "^9.0.1",
     "supertest": "^6.1.3",
-    "ts-jest": "^27.1.3",
-    "tsconfig-paths": "^3.9.0",
-    "typescript": "^5.1.6"
+    "typescript": "^5.2.2"
   },
   "files": [
     "dist/"
   ],
-  "gitHead": "4db8fcacd3fe976b0e3fbc8e76d556f20f757d41"
+  "eslintConfig": {
+    "extends": "@mondaydotcomorg/trident-library",
+    "root": true
+  },
+  "trident": {
+    "build": {
+      "esmMjsRename": true
+    }
+  },
+  "gitHead": "6f9d0cc11ed13226cff1358f3782e314bb7d1248"
 }

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,oBAWC;AArBD,iEAAyD;AACzD,uEAAqF;AACrF,uDAAyC;AA6BhC,0BAAO;AArBhB,SAAgB,IAAI,CAAC,UAAuB,EAAE;IAC5C,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,IAAA,kCAAa,EAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;QAC/B,IAAA,8CAAsB,EAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,IAAA,sCAAc,EAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,sCAAsC,CAAC,CAAC;IACtF,CAAC;AACH,CAAC;AAED,2EAIwC;AAHtC,wIAAA,4BAA4B,OAAA;AAC5B,sIAAA,0BAA0B,OAAA;AAC1B,uIAAA,2BAA2B,OAAA;AAE7B,qEAAmE;AAA1D,6HAAA,oBAAoB,OAAA;AAC7B,2FAAwF;AAA/E,kJAAA,8BAA8B,OAAA"}

package/dist/lib/attributions-service.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"attributions-service.js","sourceRoot":"","sources":["../../lib/attributions-service.ts"],"names":[],"mappings":";;AASA,wDAqCC;AA9CD,8EAA2D;AAC3D,qFAA0D;AAE1D,MAAM,qBAAqB,GAAG,UAAU,CAAC;AACzC,MAAM,oBAAoB,GAAG,4BAA4B,CAAC;AAC1D,MAAM,sBAAsB,GAAG,WAAW,CAAC;AAE3C,IAAI,qBAAqB,GAAG,KAAK,CAAC;AAElC,SAAgB,sBAAsB;IACpC,IAAI,oBAAoB,GAAG;QACzB,CAAC,oBAAoB,CAAC,EAAE,YAAY,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;KAC5E,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,yBAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAE9C,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,oBAAoB,CAAC;QAC9B,CAAC;QAED,MAAM,EAAE,mBAAmB,EAAE,GAAG,cAAc,CAAC;QAC/C,IAAI,kCAAkC,GAAG,mBAAmB,aAAnB,mBAAmB,uBAAnB,mBAAmB,CAAE,oBAAoB,CAAC,eAAe,CAAC,CAAC;QAEpG,IAAI,CAAC,kCAAkC,EAAE,CAAC;YACxC,OAAO,oBAAoB,CAAC;QAC9B,CAAC;QAED,MAAM,mBAAmB,GAAG,MAAM,CAAC,WAAW,CAAC,kCAAkC,CAAC,CAAC;QAEnF,MAAM,yBAAyB,GAAG,EAAE,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG;YACpD,yBAAyB,CAAC,GAAG,GAAG,GAAG,sBAAsB,EAAE,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAC1F,CAAC,CAAC,CAAC;QAEH,OAAO,yBAAyB,CAAC;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC3B,uCAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,uBAAuB,EAAE,KAAK,EAAE,EACvC,mJAAmJ,CACpJ,CAAC;YACF,qBAAqB,GAAG,IAAI,CAAC;QAC/B,CAAC;QACD,OAAO,oBAAoB,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IACpG,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,KAAyB;IAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/lib/authorization-attributes-service.js

@@ -1,155 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthorizationAttributesService = void 0;
-const chunk_1 = __importDefault(require("lodash/chunk"));
-const monday_fetch_1 = require("@mondaydotcomorg/monday-fetch");
-const authorization_internal_service_1 = require("./authorization-internal-service");
-const attributions_service_1 = require("./attributions-service");
-const trident_backend_api_1 = require("@mondaydotcomorg/trident-backend-api");
-const monday_sns_1 = require("@mondaydotcomorg/monday-sns");
-const sns_1 = require("./constants/sns");
-class AuthorizationAttributesService {
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param userId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    static upsertResourceAttributes(accountId, userId, resourceAttributeAssignments) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const internalAuthToken = authorization_internal_service_1.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            const attributionHeaders = (0, attributions_service_1.getAttributionsFromApi)();
-            const response = yield (0, monday_fetch_1.fetch)(this.getResourceAttributesUrl(accountId), {
-                method: 'POST',
-                headers: Object.assign({ Authorization: internalAuthToken, 'Content-Type': 'application/json' }, attributionHeaders),
-                timeout: authorization_internal_service_1.AuthorizationInternalService.getRequestTimeout(),
-                body: JSON.stringify({ resourceAttributeAssignments }),
-            }, authorization_internal_service_1.AuthorizationInternalService.getRequestFetchOptions());
-            const responseBody = yield response.json();
-            authorization_internal_service_1.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'upsertResourceAttributesSync');
-            return { attributes: responseBody['attributes'] };
-        });
-    }
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param userId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    static deleteResourceAttributes(accountId, userId, resource, attributeKeys) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const internalAuthToken = authorization_internal_service_1.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            const url = `${this.getResourceAttributesUrl(accountId)}/${resource.type}/${resource.id}`;
-            const attributionHeaders = (0, attributions_service_1.getAttributionsFromApi)();
-            const response = yield (0, monday_fetch_1.fetch)(url, {
-                method: 'DELETE',
-                headers: Object.assign({ Authorization: internalAuthToken, 'Content-Type': 'application/json' }, attributionHeaders),
-                timeout: authorization_internal_service_1.AuthorizationInternalService.getRequestTimeout(),
-                body: JSON.stringify({ keys: attributeKeys }),
-            }, authorization_internal_service_1.AuthorizationInternalService.getRequestFetchOptions());
-            const responseBody = yield response.json();
-            authorization_internal_service_1.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'deleteResourceAttributesSync');
-            return { attributes: responseBody['attributes'] };
-        });
-    }
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    static updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const topicArn = this.getSnsTopicArn();
-            const sendToSnsPromises = [];
-            const operationChucks = (0, chunk_1.default)(resourceAttributeOperations, sns_1.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-            for (const operationsChunk of operationChucks) {
-                sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
-            }
-            return (yield Promise.all(sendToSnsPromises)).flat();
-        });
-    }
-    static sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const payload = {
-                kind: sns_1.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-                payload: {
-                    accountId: accountId,
-                    callerAppName: appName,
-                    callerActionIdentifier: callerActionIdentifier,
-                    operations: operations,
-                }
-            };
-            try {
-                yield (0, monday_sns_1.sendToSns)(payload, topicArn);
-                return operations;
-            }
-            catch (error) {
-                authorization_internal_service_1.logger.error({ error, tag: this.LOG_TAG }, "Authorization resource attributes async update: failed to send operations to SNS");
-                return [];
-            }
-        });
-    }
-    static getSnsTopicArn() {
-        var _a;
-        const arnFromApi = (_a = trident_backend_api_1.Api.getPart('configurationVariables')) === null || _a === void 0 ? void 0 : _a.get(sns_1.RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME).arn;
-        if (arnFromApi) {
-            return arnFromApi;
-        }
-        const jsonArnFromEnv = process.env[sns_1.RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME];
-        const arnFromEnv = JSON.parse(jsonArnFromEnv).arn;
-        if (arnFromEnv) {
-            return arnFromEnv;
-        }
-        throw new Error('Unable to get sns topic arn from env variable');
-    }
-    static getResourceAttributesUrl(accountId) {
-        return `${process.env.AUTHORIZATION_URL}/attributes/${accountId}/resource`;
-    }
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    static asyncResourceAttributesHealthCheck() {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                const requestedTopicArn = this.getSnsTopicArn();
-                const attributes = yield (0, monday_sns_1.getTopicAttributes)(requestedTopicArn);
-                const isHealthy = !(!attributes || !("TopicArn" in attributes) || attributes.TopicArn !== requestedTopicArn);
-                if (!isHealthy) {
-                    authorization_internal_service_1.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: this.LOG_TAG }, "authorization-attributes-service failed in health check");
-                }
-                return isHealthy;
-            }
-            catch (error) {
-                authorization_internal_service_1.logger.error({ error, tag: this.LOG_TAG }, "authorization-attributes-service got error during health check");
-                return false;
-            }
-        });
-    }
-}
-exports.AuthorizationAttributesService = AuthorizationAttributesService;
-AuthorizationAttributesService.LOG_TAG = "authorization_attributes";
-//# sourceMappingURL=authorization-attributes-service.js.map