npm - @mondaydotcomorg/monday-authorization - Versions diffs - 1.2.19-incr-moshesa-upgrade-to-httpclient-and-use-profile--stubisauthorizedfetch.b83da61 → 1.2.19-incr-moshesa-upgrade-to-httpclient-and-use-profile--stubisauthorizedfetch.f3e1b8f - Mend

@mondaydotcomorg/monday-authorization 1.2.19-incr-moshesa-upgrade-to-httpclient-and-use-profile--stubisauthorizedfetch.b83da61 → 1.2.19-incr-moshesa-upgrade-to-httpclient-and-use-profile--stubisauthorizedfetch.f3e1b8f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/authorization-service.d.ts +18 -0
package/dist/authorization-service.d.ts.map +1 -1
package/dist/authorization-service.js +117 -0
package/dist/esm/authorization-service.d.ts +18 -0
package/dist/esm/authorization-service.d.ts.map +1 -1
package/dist/esm/authorization-service.mjs +117 -1
package/dist/esm/index.d.ts +1 -1
package/dist/esm/index.d.ts.map +1 -1
package/dist/esm/index.mjs +4 -2
package/dist/index.d.ts +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +3 -1
package/package.json +2 -1

package/dist/authorization-service.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
+import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
 import { Action, AuthorizationObject, Resource } from './types/general';
 import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
 export interface AuthorizeResponse {
@@ -10,6 +11,7 @@ export declare function setRequestFetchOptions(customMondayFetchOptions: MondayF
 export declare class AuthorizationService {
     static redisClient?: any;
     static grantedFeatureRedisExpirationInSeconds?: number;
+    static igniteClient?: IgniteClient;
     /**
      * @deprecated use the second form with authorizationRequestObjects instead,
      * support of this function will be dropped gradually
@@ -26,9 +28,25 @@ export declare class AuthorizationService {
     private static fetchIsUserGrantedWithFeature;
     private static getCachedKeyName;
     static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param scopedActions
+     */
+    private static canActionInScopeMultiple_withoutPlatformProfile;
     static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
     private static isAuthorizedSingular;
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param authorizationRequestObjects
+     * @private
+     */
+    private static isAuthorizedMultiple_withoutPlatformProfile;
     private static isAuthorizedMultiple;
 }
 export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
+export declare function setIgniteClient(): Promise<void>;
 //# sourceMappingURL=authorization-service.d.ts.map

package/dist/authorization-service.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,~~EAAE~~,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;~~AAGnE~~,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAuB,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;~~IAEvD~~;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;~~WAMjB~~,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;~~mBAkEnB~~,oBAAoB;~~mBAUpB~~,oBAAoB;~~CAmF1C~~;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F"}
1	+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAuB,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAiG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAIpC"}

package/dist/authorization-service.js CHANGED Viewed

@@ -4,8 +4,10 @@ const perf_hooks = require('perf_hooks');
 const snakeCase = require('lodash/snakeCase.js');
 const camelCase = require('lodash/camelCase.js');
 const mapKeys = require('lodash/mapKeys.js');
+const mondayFetch = require('@mondaydotcomorg/monday-fetch');
 const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
 const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
+const igniteSdk = require('@mondaydotcomorg/ignite-sdk');
 const prometheusService = require('./prometheus-service.js');
 const authorizationInternalService = require('./authorization-internal-service.js');
 const attributionsService = require('./attributions-service.js');
@@ -25,6 +27,7 @@ function setRequestFetchOptions(customMondayFetchOptions) {
 class AuthorizationService {
     static redisClient;
     static grantedFeatureRedisExpirationInSeconds;
+    static igniteClient;
     static async isAuthorized(...args) {
         if (args.length === 3) {
             return this.isAuthorizedMultiple(args[0], args[1], args[2]);
@@ -72,7 +75,54 @@ class AuthorizationService {
         const scopedActionResponseObjects = await this.canActionInScopeMultiple(accountId, userId, scopedActions);
         return scopedActionResponseObjects[0].permit;
     }
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param scopedActions
+     */
+    static async canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions) {
+        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const scopedActionsPayload = scopedActions.map(scopedAction => {
+            return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
+        });
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        const response = await mondayFetch.fetch(getCanActionsInScopesUrl(), {
+            method: 'POST',
+            headers: {
+                Authorization: internalAuthToken,
+                'Content-Type': 'application/json',
+                ...attributionHeaders,
+            },
+            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+            body: JSON.stringify({
+                user_id: userId,
+                scoped_actions: scopedActionsPayload,
+            }),
+        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
+        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'canActionInScopeMultiple');
+        const responseBody = await response.json();
+        const camelCaseKeys = obj => Object.fromEntries(Object.entries(obj).map(([key, value]) => [camelCase__default.default(key), value]));
+        const scopedActionsResponseObjects = responseBody.result.map(responseObject => {
+            const { scopedAction, permit } = responseObject;
+            const { scope } = scopedAction;
+            const transformKeys = obj => camelCaseKeys(obj);
+            return {
+                ...responseObject,
+                scopedAction: { ...scopedAction, scope: transformKeys(scope) },
+                permit: transformKeys(permit),
+            };
+        });
+        return scopedActionsResponseObjects;
+    }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
+        // gradually release the new platform profile features
+        if (!this.igniteClient) {
+            authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
+        }
+        else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
+            return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
+        }
         const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const scopedActionsPayload = scopedActions.map(scopedAction => {
             return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
@@ -133,7 +183,62 @@ class AuthorizationService {
         const { authorizationObjects } = createAuthorizationParams(resources, action);
         return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
     }
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param authorizationRequestObjects
+     * @private
+     */
+    static async isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects) {
+        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const startTime = perf_hooks.performance.now();
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        const response = await mondayFetch.fetch(getAuthorizeUrl(), {
+            method: 'POST',
+            headers: {
+                Authorization: internalAuthToken,
+                'Content-Type': 'application/json',
+                ...attributionHeaders,
+            },
+            timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+            body: JSON.stringify({
+                user_id: userId,
+                authorize_request_objects: authorizationRequestObjects,
+            }),
+        }, authorizationInternalService.AuthorizationInternalService.getRequestFetchOptions());
+        const endTime = perf_hooks.performance.now();
+        const time = endTime - startTime;
+        const responseStatus = response.status;
+        authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
+        const responseBody = await response.json();
+        const unauthorizedObjects = [];
+        responseBody.result.forEach(function (isAuthorized, index) {
+            const authorizationObject = authorizationRequestObjects[index];
+            if (!isAuthorized) {
+                unauthorizedObjects.push(authorizationObject);
+            }
+            prometheusService.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
+        });
+        if (unauthorizedObjects.length > 0) {
+            authorizationInternalService.logger.info({
+                resources: JSON.stringify(unauthorizedObjects),
+            }, 'AuthorizationService: resource is unauthorized');
+            const unauthorizedIds = unauthorizedObjects
+                .filter(obj => !!obj.resource_id)
+                .map(obj => obj.resource_id);
+            return { isAuthorized: false, unauthorizedIds, unauthorizedObjects };
+        }
+        return { isAuthorized: true };
+    }
     static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
+        // gradually release the new platform profile features
+        if (!this.igniteClient) {
+            authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
+        }
+        else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
+            return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
+        }
         const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const startTime = perf_hooks.performance.now();
         const attributionHeaders = attributionsService.getAttributionsFromApi();
@@ -206,6 +311,11 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
         AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
     }
 }
+async function setIgniteClient() {
+    AuthorizationService.igniteClient = await igniteSdk.getIgniteClient({
+        namespace: ['authorization'],
+    });
+}
 function createAuthorizationParams(resources, action) {
     const params = {
         authorizationObjects: resources.map((resource) => {
@@ -222,7 +332,14 @@ function createAuthorizationParams(resources, action) {
     };
     return params;
 }
+function getAuthorizeUrl() {
+    return '/internal_ms/authorization/authorize';
+}
+function getCanActionsInScopesUrl() {
+    return '/internal_ms/authorization/can_actions_in_scopes';
+}
 exports.AuthorizationService = AuthorizationService;
+exports.setIgniteClient = setIgniteClient;
 exports.setRedisClient = setRedisClient;
 exports.setRequestFetchOptions = setRequestFetchOptions;

package/dist/esm/authorization-service.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
+import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
 import { Action, AuthorizationObject, Resource } from './types/general';
 import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
 export interface AuthorizeResponse {
@@ -10,6 +11,7 @@ export declare function setRequestFetchOptions(customMondayFetchOptions: MondayF
 export declare class AuthorizationService {
     static redisClient?: any;
     static grantedFeatureRedisExpirationInSeconds?: number;
+    static igniteClient?: IgniteClient;
     /**
      * @deprecated use the second form with authorizationRequestObjects instead,
      * support of this function will be dropped gradually
@@ -26,9 +28,25 @@ export declare class AuthorizationService {
     private static fetchIsUserGrantedWithFeature;
     private static getCachedKeyName;
     static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param scopedActions
+     */
+    private static canActionInScopeMultiple_withoutPlatformProfile;
     static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
     private static isAuthorizedSingular;
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param authorizationRequestObjects
+     * @private
+     */
+    private static isAuthorizedMultiple_withoutPlatformProfile;
     private static isAuthorizedMultiple;
 }
 export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
+export declare function setIgniteClient(): Promise<void>;
 //# sourceMappingURL=authorization-service.d.ts.map

package/dist/esm/authorization-service.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,~~EAAE~~,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;~~AAGnE~~,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAuB,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;~~IAEvD~~;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;~~WAMjB~~,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;~~mBAkEnB~~,oBAAoB;~~mBAUpB~~,oBAAoB;~~CAmF1C~~;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F"}
1	+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAuB,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAiG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAIpC"}

package/dist/esm/authorization-service.mjs CHANGED Viewed

@@ -2,8 +2,10 @@ import { performance } from 'perf_hooks';
 import snakeCase from 'lodash/snakeCase.js';
 import camelCase from 'lodash/camelCase.js';
 import mapKeys from 'lodash/mapKeys.js';
+import { fetch } from '@mondaydotcomorg/monday-fetch';
 import { Api } from '@mondaydotcomorg/trident-backend-api';
 import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
+import { getIgniteClient } from '@mondaydotcomorg/ignite-sdk';
 import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
 import { AuthorizationInternalService, logger } from './authorization-internal-service.mjs';
 import { getAttributionsFromApi, getProfile } from './attributions-service.mjs';
@@ -17,6 +19,7 @@ function setRequestFetchOptions(customMondayFetchOptions) {
 class AuthorizationService {
     static redisClient;
     static grantedFeatureRedisExpirationInSeconds;
+    static igniteClient;
     static async isAuthorized(...args) {
         if (args.length === 3) {
             return this.isAuthorizedMultiple(args[0], args[1], args[2]);
@@ -64,7 +67,54 @@ class AuthorizationService {
         const scopedActionResponseObjects = await this.canActionInScopeMultiple(accountId, userId, scopedActions);
         return scopedActionResponseObjects[0].permit;
     }
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param scopedActions
+     */
+    static async canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions) {
+        const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const scopedActionsPayload = scopedActions.map(scopedAction => {
+            return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
+        });
+        const attributionHeaders = getAttributionsFromApi();
+        const response = await fetch(getCanActionsInScopesUrl(), {
+            method: 'POST',
+            headers: {
+                Authorization: internalAuthToken,
+                'Content-Type': 'application/json',
+                ...attributionHeaders,
+            },
+            timeout: AuthorizationInternalService.getRequestTimeout(),
+            body: JSON.stringify({
+                user_id: userId,
+                scoped_actions: scopedActionsPayload,
+            }),
+        }, AuthorizationInternalService.getRequestFetchOptions());
+        AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'canActionInScopeMultiple');
+        const responseBody = await response.json();
+        const camelCaseKeys = obj => Object.fromEntries(Object.entries(obj).map(([key, value]) => [camelCase(key), value]));
+        const scopedActionsResponseObjects = responseBody.result.map(responseObject => {
+            const { scopedAction, permit } = responseObject;
+            const { scope } = scopedAction;
+            const transformKeys = obj => camelCaseKeys(obj);
+            return {
+                ...responseObject,
+                scopedAction: { ...scopedAction, scope: transformKeys(scope) },
+                permit: transformKeys(permit),
+            };
+        });
+        return scopedActionsResponseObjects;
+    }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
+        // gradually release the new platform profile features
+        if (!this.igniteClient) {
+            logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
+        }
+        else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
+            return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
+        }
         const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const scopedActionsPayload = scopedActions.map(scopedAction => {
             return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
@@ -125,7 +175,62 @@ class AuthorizationService {
         const { authorizationObjects } = createAuthorizationParams(resources, action);
         return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
     }
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param authorizationRequestObjects
+     * @private
+     */
+    static async isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects) {
+        const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const startTime = performance.now();
+        const attributionHeaders = getAttributionsFromApi();
+        const response = await fetch(getAuthorizeUrl(), {
+            method: 'POST',
+            headers: {
+                Authorization: internalAuthToken,
+                'Content-Type': 'application/json',
+                ...attributionHeaders,
+            },
+            timeout: AuthorizationInternalService.getRequestTimeout(),
+            body: JSON.stringify({
+                user_id: userId,
+                authorize_request_objects: authorizationRequestObjects,
+            }),
+        }, AuthorizationInternalService.getRequestFetchOptions());
+        const endTime = performance.now();
+        const time = endTime - startTime;
+        const responseStatus = response.status;
+        AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
+        const responseBody = await response.json();
+        const unauthorizedObjects = [];
+        responseBody.result.forEach(function (isAuthorized, index) {
+            const authorizationObject = authorizationRequestObjects[index];
+            if (!isAuthorized) {
+                unauthorizedObjects.push(authorizationObject);
+            }
+            sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
+        });
+        if (unauthorizedObjects.length > 0) {
+            logger.info({
+                resources: JSON.stringify(unauthorizedObjects),
+            }, 'AuthorizationService: resource is unauthorized');
+            const unauthorizedIds = unauthorizedObjects
+                .filter(obj => !!obj.resource_id)
+                .map(obj => obj.resource_id);
+            return { isAuthorized: false, unauthorizedIds, unauthorizedObjects };
+        }
+        return { isAuthorized: true };
+    }
     static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
+        // gradually release the new platform profile features
+        if (!this.igniteClient) {
+            logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
+        }
+        else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
+            return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
+        }
         const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const startTime = performance.now();
         const attributionHeaders = getAttributionsFromApi();
@@ -198,6 +303,11 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
         AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
     }
 }
+async function setIgniteClient() {
+    AuthorizationService.igniteClient = await getIgniteClient({
+        namespace: ['authorization'],
+    });
+}
 function createAuthorizationParams(resources, action) {
     const params = {
         authorizationObjects: resources.map((resource) => {
@@ -214,5 +324,11 @@ function createAuthorizationParams(resources, action) {
     };
     return params;
 }
+function getAuthorizeUrl() {
+    return '/internal_ms/authorization/authorize';
+}
+function getCanActionsInScopesUrl() {
+    return '/internal_ms/authorization/can_actions_in_scopes';
+}
-export { AuthorizationService, setRedisClient, setRequestFetchOptions };
+export { AuthorizationService, setIgniteClient, setRedisClient, setRequestFetchOptions };

package/dist/esm/index.d.ts CHANGED Viewed

@@ -6,7 +6,7 @@ export interface InitOptions {
     redisClient?: any;
     grantedFeatureRedisExpirationInSeconds?: number;
 }
-export declare function init(options?: InitOptions): void;
+export declare function init(options?: InitOptions): Promise<void>;
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';

package/dist/esm/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,~~wBAAgB~~,IAAI,CAAC,OAAO,GAAE,WAAgB,~~QAW7C~~;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAcnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/esm/index.mjs CHANGED Viewed

@@ -1,12 +1,12 @@
 import { setPrometheus } from './prometheus-service.mjs';
-import { setRequestFetchOptions, setRedisClient } from './authorization-service.mjs';
+import { setRequestFetchOptions, setRedisClient, setIgniteClient } from './authorization-service.mjs';
 export { AuthorizationService } from './authorization-service.mjs';
 import * as testKit_index from './testKit/index.mjs';
 export { testKit_index as TestKit };
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware } from './authorization-middleware.mjs';
 export { AuthorizationAttributesService } from './authorization-attributes-service.mjs';
-function init(options = {}) {
+async function init(options = {}) {
     if (options.prometheus) {
         setPrometheus(options.prometheus);
     }
@@ -16,6 +16,8 @@ function init(options = {}) {
     if (options.redisClient) {
         setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
     }
+    // add an ignite client for gradual release features
+    await setIgniteClient();
 }
 export { init };

package/dist/index.d.ts CHANGED Viewed

@@ -6,7 +6,7 @@ export interface InitOptions {
     redisClient?: any;
     grantedFeatureRedisExpirationInSeconds?: number;
 }
-export declare function init(options?: InitOptions): void;
+export declare function init(options?: InitOptions): Promise<void>;
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,~~wBAAgB~~,IAAI,CAAC,OAAO,GAAE,WAAgB,~~QAW7C~~;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAcnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -6,7 +6,7 @@ const testKit_index = require('./testKit/index.js');
 const authorizationMiddleware = require('./authorization-middleware.js');
 const authorizationAttributesService = require('./authorization-attributes-service.js');
-function init(options = {}) {
+async function init(options = {}) {
     if (options.prometheus) {
         prometheusService.setPrometheus(options.prometheus);
     }
@@ -16,6 +16,8 @@ function init(options = {}) {
     if (options.redisClient) {
         authorizationService.setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
     }
+    // add an ignite client for gradual release features
+    await authorizationService.setIgniteClient();
 }
 exports.AuthorizationService = authorizationService.AuthorizationService;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "1.2.19-incr-moshesa-upgrade-to-httpclient-and-use-profile--stubisauthorizedfetch.b83da61",
+  "version": "1.2.19-incr-moshesa-upgrade-to-httpclient-and-use-profile--stubisauthorizedfetch.f3e1b8f",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -19,6 +19,7 @@
     "watch": "trident-library build -w"
   },
   "dependencies": {
+    "@mondaydotcomorg/ignite-sdk": "^2.0.5",
     "@mondaydotcomorg/monday-fetch": "^0.0.7",
     "@mondaydotcomorg/monday-fetch-api": "^1.0.2",
     "@mondaydotcomorg/monday-jwt": "^3.0.14",