@mondaydotcomorg/monday-authorization 1.2.19-incr-moshesa-upgrade-to-httpclient-and-use-profile--stubisauthorizedfetch.f3e1b8f → 1.2.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/attributions-service.d.ts +0 -9
- package/dist/attributions-service.d.ts.map +1 -1
- package/dist/attributions-service.js +0 -28
- package/dist/authorization-internal-service.d.ts +0 -4
- package/dist/authorization-internal-service.d.ts.map +1 -1
- package/dist/authorization-internal-service.js +2 -26
- package/dist/authorization-middleware.d.ts.map +1 -1
- package/dist/authorization-service.d.ts +0 -18
- package/dist/authorization-service.d.ts.map +1 -1
- package/dist/authorization-service.js +5 -162
- package/dist/esm/attributions-service.d.ts +0 -9
- package/dist/esm/attributions-service.d.ts.map +1 -1
- package/dist/esm/attributions-service.mjs +1 -27
- package/dist/esm/authorization-internal-service.d.ts +0 -4
- package/dist/esm/authorization-internal-service.d.ts.map +1 -1
- package/dist/esm/authorization-internal-service.mjs +3 -26
- package/dist/esm/authorization-middleware.d.ts.map +1 -1
- package/dist/esm/authorization-service.d.ts +0 -18
- package/dist/esm/authorization-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.mjs +8 -164
- package/dist/esm/index.d.ts +1 -1
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.mjs +2 -4
- package/dist/esm/prometheus-service.d.ts +1 -0
- package/dist/esm/prometheus-service.d.ts.map +1 -1
- package/dist/esm/prometheus-service.mjs +18 -1
- package/dist/esm/testKit/index.d.ts.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -3
- package/dist/prometheus-service.d.ts +1 -0
- package/dist/prometheus-service.d.ts.map +1 -1
- package/dist/prometheus-service.js +18 -0
- package/dist/testKit/index.d.ts.map +1 -1
- package/package.json +2 -4
|
@@ -1,13 +1,4 @@
|
|
|
1
|
-
import { Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api';
|
|
2
|
-
declare enum PlatformProfile {
|
|
3
|
-
API_INTERNAL = "api-internal",
|
|
4
|
-
SLOW = "slow",
|
|
5
|
-
INTERNAL = "internal"
|
|
6
|
-
}
|
|
7
|
-
export declare function getProfile(): PlatformProfile;
|
|
8
|
-
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
9
1
|
export declare function getAttributionsFromApi(): {
|
|
10
2
|
[key: string]: string;
|
|
11
3
|
};
|
|
12
|
-
export {};
|
|
13
4
|
//# sourceMappingURL=attributions-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AASA,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -7,32 +7,6 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
|
7
7
|
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
8
8
|
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
9
9
|
let didSendFailureLogOnce = false;
|
|
10
|
-
var PlatformProfile;
|
|
11
|
-
(function (PlatformProfile) {
|
|
12
|
-
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
13
|
-
PlatformProfile["SLOW"] = "slow";
|
|
14
|
-
PlatformProfile["INTERNAL"] = "internal";
|
|
15
|
-
})(PlatformProfile || (PlatformProfile = {}));
|
|
16
|
-
function getProfile() {
|
|
17
|
-
const tridentContext = tridentBackendApi.Api.getPart('context');
|
|
18
|
-
if (!tridentContext) {
|
|
19
|
-
return PlatformProfile.INTERNAL;
|
|
20
|
-
}
|
|
21
|
-
const { mondayRequestSource } = getExecutionContext(tridentContext);
|
|
22
|
-
switch (mondayRequestSource) {
|
|
23
|
-
case 'api': {
|
|
24
|
-
return PlatformProfile.API_INTERNAL;
|
|
25
|
-
}
|
|
26
|
-
case 'slow': {
|
|
27
|
-
return PlatformProfile.SLOW;
|
|
28
|
-
}
|
|
29
|
-
default:
|
|
30
|
-
return PlatformProfile.INTERNAL;
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
|
-
function getExecutionContext(context) {
|
|
34
|
-
return context.execution.get();
|
|
35
|
-
}
|
|
36
10
|
function getAttributionsFromApi() {
|
|
37
11
|
const callerAppNameFromSdk = {
|
|
38
12
|
[APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
|
|
@@ -79,5 +53,3 @@ function tryJsonParse(value) {
|
|
|
79
53
|
}
|
|
80
54
|
|
|
81
55
|
exports.getAttributionsFromApi = getAttributionsFromApi;
|
|
82
|
-
exports.getExecutionContext = getExecutionContext;
|
|
83
|
-
exports.getProfile = getProfile;
|
|
@@ -1,18 +1,14 @@
|
|
|
1
1
|
import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { OnRetryCallback, RetryPolicy } from '@mondaydotcomorg/monday-fetch-api';
|
|
3
2
|
import type { Request } from 'express';
|
|
4
3
|
export declare const logger: import("bunyan");
|
|
5
|
-
export declare const onRetryCallback: OnRetryCallback;
|
|
6
4
|
export declare class AuthorizationInternalService {
|
|
7
5
|
static skipAuthorization(requset: Request): void;
|
|
8
6
|
static markAuthorized(request: Request): void;
|
|
9
7
|
static failIfNotCoveredByAuthorization(request: Request): void;
|
|
10
8
|
static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
|
|
11
|
-
static throwOnHttpError(status: number, placement: string): void;
|
|
12
9
|
static generateInternalAuthToken(accountId: number, userId: number): string;
|
|
13
10
|
static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
|
|
14
11
|
static getRequestFetchOptions(): MondayFetchOptions;
|
|
15
12
|
static getRequestTimeout(): 60000 | 2000;
|
|
16
|
-
static getRetriesPolicy(): RetryPolicy;
|
|
17
13
|
}
|
|
18
14
|
//# sourceMappingURL=authorization-internal-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,
|
|
1
|
+
{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AASvC,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAY/C,qBAAa,4BAA4B;IACvC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIhD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI7C,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAM9D,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,iBAAiB;CAIzB"}
|
|
@@ -24,21 +24,11 @@ return n;
|
|
|
24
24
|
const MondayLogger__namespace = /*#__PURE__*/_interopNamespace(MondayLogger);
|
|
25
25
|
|
|
26
26
|
const INTERNAL_APP_NAME = 'internal_ms';
|
|
27
|
-
const MAX_RETRIES = 3;
|
|
28
|
-
const RETRY_DELAY_MS = 10;
|
|
29
|
-
const logger = MondayLogger__namespace.getLogger();
|
|
30
27
|
const defaultMondayFetchOptions = {
|
|
31
|
-
retries:
|
|
28
|
+
retries: 3,
|
|
32
29
|
callback: logOnFetchFail,
|
|
33
30
|
};
|
|
34
|
-
const
|
|
35
|
-
if (attempt == MAX_RETRIES) {
|
|
36
|
-
logger.error({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed');
|
|
37
|
-
}
|
|
38
|
-
else {
|
|
39
|
-
logger.info({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed, trying again');
|
|
40
|
-
}
|
|
41
|
-
};
|
|
31
|
+
const logger = MondayLogger__namespace.getLogger();
|
|
42
32
|
function logOnFetchFail(retriesLeft, error) {
|
|
43
33
|
if (retriesLeft == 0) {
|
|
44
34
|
logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
|
|
@@ -68,10 +58,6 @@ class AuthorizationInternalService {
|
|
|
68
58
|
logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
|
|
69
59
|
throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
|
|
70
60
|
}
|
|
71
|
-
static throwOnHttpError(status, placement) {
|
|
72
|
-
logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
|
|
73
|
-
throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
|
|
74
|
-
}
|
|
75
61
|
static generateInternalAuthToken(accountId, userId) {
|
|
76
62
|
return mondayJwt.signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
|
|
77
63
|
}
|
|
@@ -88,17 +74,7 @@ class AuthorizationInternalService {
|
|
|
88
74
|
const isDevEnv = process.env.NODE_ENV === 'development';
|
|
89
75
|
return isDevEnv ? 60000 : 2000;
|
|
90
76
|
}
|
|
91
|
-
static getRetriesPolicy() {
|
|
92
|
-
const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
|
|
93
|
-
return {
|
|
94
|
-
useRetries: fetchOptions.retries !== undefined,
|
|
95
|
-
maxRetries: fetchOptions.retries !== undefined ? fetchOptions.retries : 0,
|
|
96
|
-
onRetry: onRetryCallback,
|
|
97
|
-
retryDelayMS: fetchOptions.retryDelay ?? RETRY_DELAY_MS,
|
|
98
|
-
};
|
|
99
|
-
}
|
|
100
77
|
}
|
|
101
78
|
|
|
102
79
|
exports.AuthorizationInternalService = AuthorizationInternalService;
|
|
103
80
|
exports.logger = logger;
|
|
104
|
-
exports.onRetryCallback = onRetryCallback;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,KAAK,EAAE,YAAY,EAAW,MAAM,SAAS,CAAC;AAIrD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,
|
|
1
|
+
{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,KAAK,EAAE,YAAY,EAAW,MAAM,SAAS,CAAC;AAIrD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,aAGlB,WAAW,YACV,YAAY,QAChB,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CAYjB;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAGlH;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CASnH;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAElE"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
3
2
|
import { Action, AuthorizationObject, Resource } from './types/general';
|
|
4
3
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
4
|
export interface AuthorizeResponse {
|
|
@@ -11,7 +10,6 @@ export declare function setRequestFetchOptions(customMondayFetchOptions: MondayF
|
|
|
11
10
|
export declare class AuthorizationService {
|
|
12
11
|
static redisClient?: any;
|
|
13
12
|
static grantedFeatureRedisExpirationInSeconds?: number;
|
|
14
|
-
static igniteClient?: IgniteClient;
|
|
15
13
|
/**
|
|
16
14
|
* @deprecated use the second form with authorizationRequestObjects instead,
|
|
17
15
|
* support of this function will be dropped gradually
|
|
@@ -28,25 +26,9 @@ export declare class AuthorizationService {
|
|
|
28
26
|
private static fetchIsUserGrantedWithFeature;
|
|
29
27
|
private static getCachedKeyName;
|
|
30
28
|
static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
|
|
31
|
-
/**
|
|
32
|
-
* @deprecated - gradually phasing this out
|
|
33
|
-
* @param accountId
|
|
34
|
-
* @param userId
|
|
35
|
-
* @param scopedActions
|
|
36
|
-
*/
|
|
37
|
-
private static canActionInScopeMultiple_withoutPlatformProfile;
|
|
38
29
|
static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
|
|
39
30
|
private static isAuthorizedSingular;
|
|
40
|
-
/**
|
|
41
|
-
* @deprecated - gradually phasing this out
|
|
42
|
-
* @param accountId
|
|
43
|
-
* @param userId
|
|
44
|
-
* @param authorizationRequestObjects
|
|
45
|
-
* @private
|
|
46
|
-
*/
|
|
47
|
-
private static isAuthorizedMultiple_withoutPlatformProfile;
|
|
48
31
|
private static isAuthorizedMultiple;
|
|
49
32
|
}
|
|
50
33
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
51
|
-
export declare function setIgniteClient(): Promise<void>;
|
|
52
34
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAuB,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAK7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAM1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAED,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAEvD;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;WAMjB,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAiE1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F"}
|
|
@@ -5,9 +5,6 @@ const snakeCase = require('lodash/snakeCase.js');
|
|
|
5
5
|
const camelCase = require('lodash/camelCase.js');
|
|
6
6
|
const mapKeys = require('lodash/mapKeys.js');
|
|
7
7
|
const mondayFetch = require('@mondaydotcomorg/monday-fetch');
|
|
8
|
-
const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
|
|
9
|
-
const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
|
|
10
|
-
const igniteSdk = require('@mondaydotcomorg/ignite-sdk');
|
|
11
8
|
const prometheusService = require('./prometheus-service.js');
|
|
12
9
|
const authorizationInternalService = require('./authorization-internal-service.js');
|
|
13
10
|
const attributionsService = require('./attributions-service.js');
|
|
@@ -19,15 +16,12 @@ const camelCase__default = /*#__PURE__*/_interopDefault(camelCase);
|
|
|
19
16
|
const mapKeys__default = /*#__PURE__*/_interopDefault(mapKeys);
|
|
20
17
|
|
|
21
18
|
const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
|
|
22
|
-
const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
|
|
23
|
-
const PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH = '/internal_ms/authorization/can_actions_in_scopes';
|
|
24
19
|
function setRequestFetchOptions(customMondayFetchOptions) {
|
|
25
20
|
authorizationInternalService.AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
|
|
26
21
|
}
|
|
27
22
|
class AuthorizationService {
|
|
28
23
|
static redisClient;
|
|
29
24
|
static grantedFeatureRedisExpirationInSeconds;
|
|
30
|
-
static igniteClient;
|
|
31
25
|
static async isAuthorized(...args) {
|
|
32
26
|
if (args.length === 3) {
|
|
33
27
|
return this.isAuthorizedMultiple(args[0], args[1], args[2]);
|
|
@@ -75,13 +69,7 @@ class AuthorizationService {
|
|
|
75
69
|
const scopedActionResponseObjects = await this.canActionInScopeMultiple(accountId, userId, scopedActions);
|
|
76
70
|
return scopedActionResponseObjects[0].permit;
|
|
77
71
|
}
|
|
78
|
-
|
|
79
|
-
* @deprecated - gradually phasing this out
|
|
80
|
-
* @param accountId
|
|
81
|
-
* @param userId
|
|
82
|
-
* @param scopedActions
|
|
83
|
-
*/
|
|
84
|
-
static async canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions) {
|
|
72
|
+
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
85
73
|
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
86
74
|
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
87
75
|
return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
@@ -115,82 +103,11 @@ class AuthorizationService {
|
|
|
115
103
|
});
|
|
116
104
|
return scopedActionsResponseObjects;
|
|
117
105
|
}
|
|
118
|
-
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
119
|
-
// gradually release the new platform profile features
|
|
120
|
-
if (!this.igniteClient) {
|
|
121
|
-
authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
122
|
-
}
|
|
123
|
-
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
124
|
-
return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
|
|
125
|
-
}
|
|
126
|
-
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
127
|
-
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
128
|
-
return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
129
|
-
});
|
|
130
|
-
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
131
|
-
const httpClient = tridentBackendApi.Api.getPart('httpClient');
|
|
132
|
-
const profile = attributionsService.getProfile();
|
|
133
|
-
let response;
|
|
134
|
-
try {
|
|
135
|
-
response = await httpClient.fetch({
|
|
136
|
-
url: {
|
|
137
|
-
appName: 'platform',
|
|
138
|
-
path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
|
|
139
|
-
profile,
|
|
140
|
-
},
|
|
141
|
-
method: 'POST',
|
|
142
|
-
headers: {
|
|
143
|
-
Authorization: internalAuthToken,
|
|
144
|
-
'Content-Type': 'application/json',
|
|
145
|
-
...attributionHeaders,
|
|
146
|
-
},
|
|
147
|
-
body: JSON.stringify({
|
|
148
|
-
user_id: userId,
|
|
149
|
-
scoped_actions: scopedActionsPayload,
|
|
150
|
-
}),
|
|
151
|
-
}, {
|
|
152
|
-
timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
|
|
153
|
-
retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
|
|
154
|
-
});
|
|
155
|
-
}
|
|
156
|
-
catch (err) {
|
|
157
|
-
if (err instanceof mondayFetchApi.HttpFetcherError) {
|
|
158
|
-
authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
|
|
159
|
-
}
|
|
160
|
-
else {
|
|
161
|
-
throw err;
|
|
162
|
-
}
|
|
163
|
-
}
|
|
164
|
-
function toCamelCase(obj) {
|
|
165
|
-
return mapKeys__default.default(obj, (_, key) => camelCase__default.default(key));
|
|
166
|
-
}
|
|
167
|
-
if (!response) {
|
|
168
|
-
authorizationInternalService.logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
|
|
169
|
-
throw new Error('AuthorizationService: missing response');
|
|
170
|
-
}
|
|
171
|
-
const scopedActionsResponseObjects = response.result.map(responseObject => {
|
|
172
|
-
const { scopedAction, permit } = responseObject;
|
|
173
|
-
const { scope } = scopedAction;
|
|
174
|
-
return {
|
|
175
|
-
...responseObject,
|
|
176
|
-
scopedAction: { ...scopedAction, scope: toCamelCase(scope) },
|
|
177
|
-
permit: toCamelCase(permit),
|
|
178
|
-
};
|
|
179
|
-
});
|
|
180
|
-
return scopedActionsResponseObjects;
|
|
181
|
-
}
|
|
182
106
|
static async isAuthorizedSingular(accountId, userId, resources, action) {
|
|
183
107
|
const { authorizationObjects } = createAuthorizationParams(resources, action);
|
|
184
108
|
return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
|
|
185
109
|
}
|
|
186
|
-
|
|
187
|
-
* @deprecated - gradually phasing this out
|
|
188
|
-
* @param accountId
|
|
189
|
-
* @param userId
|
|
190
|
-
* @param authorizationRequestObjects
|
|
191
|
-
* @private
|
|
192
|
-
*/
|
|
193
|
-
static async isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects) {
|
|
110
|
+
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
194
111
|
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
195
112
|
const startTime = perf_hooks.performance.now();
|
|
196
113
|
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
@@ -210,6 +127,7 @@ class AuthorizationService {
|
|
|
210
127
|
const endTime = perf_hooks.performance.now();
|
|
211
128
|
const time = endTime - startTime;
|
|
212
129
|
const responseStatus = response.status;
|
|
130
|
+
prometheusService.sendAuthorizationChecksPerRequestMetric(responseStatus, authorizationRequestObjects.length);
|
|
213
131
|
authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
|
|
214
132
|
const responseBody = await response.json();
|
|
215
133
|
const unauthorizedObjects = [];
|
|
@@ -231,75 +149,6 @@ class AuthorizationService {
|
|
|
231
149
|
}
|
|
232
150
|
return { isAuthorized: true };
|
|
233
151
|
}
|
|
234
|
-
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
235
|
-
// gradually release the new platform profile features
|
|
236
|
-
if (!this.igniteClient) {
|
|
237
|
-
authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
238
|
-
}
|
|
239
|
-
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
240
|
-
return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
|
|
241
|
-
}
|
|
242
|
-
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
243
|
-
const startTime = perf_hooks.performance.now();
|
|
244
|
-
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
245
|
-
const httpClient = tridentBackendApi.Api.getPart('httpClient');
|
|
246
|
-
const profile = attributionsService.getProfile();
|
|
247
|
-
let response;
|
|
248
|
-
try {
|
|
249
|
-
response = await httpClient.fetch({
|
|
250
|
-
url: {
|
|
251
|
-
appName: 'platform',
|
|
252
|
-
path: PLATFORM_AUTHORIZE_PATH,
|
|
253
|
-
profile,
|
|
254
|
-
},
|
|
255
|
-
method: 'POST',
|
|
256
|
-
headers: {
|
|
257
|
-
Authorization: internalAuthToken,
|
|
258
|
-
'Content-Type': 'application/json',
|
|
259
|
-
...attributionHeaders,
|
|
260
|
-
},
|
|
261
|
-
body: JSON.stringify({
|
|
262
|
-
user_id: userId,
|
|
263
|
-
authorize_request_objects: authorizationRequestObjects,
|
|
264
|
-
}),
|
|
265
|
-
}, {
|
|
266
|
-
timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
|
|
267
|
-
retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
|
|
268
|
-
});
|
|
269
|
-
}
|
|
270
|
-
catch (err) {
|
|
271
|
-
if (err instanceof httpClient.HttpFetcherError) {
|
|
272
|
-
authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, 'isAuthorizedMultiple');
|
|
273
|
-
}
|
|
274
|
-
else {
|
|
275
|
-
throw err;
|
|
276
|
-
}
|
|
277
|
-
}
|
|
278
|
-
const endTime = perf_hooks.performance.now();
|
|
279
|
-
const time = endTime - startTime;
|
|
280
|
-
const unauthorizedObjects = [];
|
|
281
|
-
if (!response) {
|
|
282
|
-
authorizationInternalService.logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
|
|
283
|
-
throw new Error('AuthorizationService: missing response');
|
|
284
|
-
}
|
|
285
|
-
response.result.forEach(function (isAuthorized, index) {
|
|
286
|
-
const authorizationObject = authorizationRequestObjects[index];
|
|
287
|
-
if (!isAuthorized) {
|
|
288
|
-
unauthorizedObjects.push(authorizationObject);
|
|
289
|
-
}
|
|
290
|
-
prometheusService.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time);
|
|
291
|
-
});
|
|
292
|
-
if (unauthorizedObjects.length > 0) {
|
|
293
|
-
authorizationInternalService.logger.info({
|
|
294
|
-
resources: JSON.stringify(unauthorizedObjects),
|
|
295
|
-
}, 'AuthorizationService: resource is unauthorized');
|
|
296
|
-
const unauthorizedIds = unauthorizedObjects
|
|
297
|
-
.filter(obj => !!obj.resource_id)
|
|
298
|
-
.map(obj => obj.resource_id);
|
|
299
|
-
return { isAuthorized: false, unauthorizedIds, unauthorizedObjects };
|
|
300
|
-
}
|
|
301
|
-
return { isAuthorized: true };
|
|
302
|
-
}
|
|
303
152
|
}
|
|
304
153
|
function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS) {
|
|
305
154
|
AuthorizationService.redisClient = client;
|
|
@@ -311,11 +160,6 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
|
|
|
311
160
|
AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
|
|
312
161
|
}
|
|
313
162
|
}
|
|
314
|
-
async function setIgniteClient() {
|
|
315
|
-
AuthorizationService.igniteClient = await igniteSdk.getIgniteClient({
|
|
316
|
-
namespace: ['authorization'],
|
|
317
|
-
});
|
|
318
|
-
}
|
|
319
163
|
function createAuthorizationParams(resources, action) {
|
|
320
164
|
const params = {
|
|
321
165
|
authorizationObjects: resources.map((resource) => {
|
|
@@ -333,13 +177,12 @@ function createAuthorizationParams(resources, action) {
|
|
|
333
177
|
return params;
|
|
334
178
|
}
|
|
335
179
|
function getAuthorizeUrl() {
|
|
336
|
-
return
|
|
180
|
+
return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/authorize`;
|
|
337
181
|
}
|
|
338
182
|
function getCanActionsInScopesUrl() {
|
|
339
|
-
return
|
|
183
|
+
return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/can_actions_in_scopes`;
|
|
340
184
|
}
|
|
341
185
|
|
|
342
186
|
exports.AuthorizationService = AuthorizationService;
|
|
343
|
-
exports.setIgniteClient = setIgniteClient;
|
|
344
187
|
exports.setRedisClient = setRedisClient;
|
|
345
188
|
exports.setRequestFetchOptions = setRequestFetchOptions;
|
|
@@ -1,13 +1,4 @@
|
|
|
1
|
-
import { Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api';
|
|
2
|
-
declare enum PlatformProfile {
|
|
3
|
-
API_INTERNAL = "api-internal",
|
|
4
|
-
SLOW = "slow",
|
|
5
|
-
INTERNAL = "internal"
|
|
6
|
-
}
|
|
7
|
-
export declare function getProfile(): PlatformProfile;
|
|
8
|
-
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
9
1
|
export declare function getAttributionsFromApi(): {
|
|
10
2
|
[key: string]: string;
|
|
11
3
|
};
|
|
12
|
-
export {};
|
|
13
4
|
//# sourceMappingURL=attributions-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AASA,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -5,32 +5,6 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
|
5
5
|
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
6
6
|
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
7
7
|
let didSendFailureLogOnce = false;
|
|
8
|
-
var PlatformProfile;
|
|
9
|
-
(function (PlatformProfile) {
|
|
10
|
-
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
11
|
-
PlatformProfile["SLOW"] = "slow";
|
|
12
|
-
PlatformProfile["INTERNAL"] = "internal";
|
|
13
|
-
})(PlatformProfile || (PlatformProfile = {}));
|
|
14
|
-
function getProfile() {
|
|
15
|
-
const tridentContext = Api.getPart('context');
|
|
16
|
-
if (!tridentContext) {
|
|
17
|
-
return PlatformProfile.INTERNAL;
|
|
18
|
-
}
|
|
19
|
-
const { mondayRequestSource } = getExecutionContext(tridentContext);
|
|
20
|
-
switch (mondayRequestSource) {
|
|
21
|
-
case 'api': {
|
|
22
|
-
return PlatformProfile.API_INTERNAL;
|
|
23
|
-
}
|
|
24
|
-
case 'slow': {
|
|
25
|
-
return PlatformProfile.SLOW;
|
|
26
|
-
}
|
|
27
|
-
default:
|
|
28
|
-
return PlatformProfile.INTERNAL;
|
|
29
|
-
}
|
|
30
|
-
}
|
|
31
|
-
function getExecutionContext(context) {
|
|
32
|
-
return context.execution.get();
|
|
33
|
-
}
|
|
34
8
|
function getAttributionsFromApi() {
|
|
35
9
|
const callerAppNameFromSdk = {
|
|
36
10
|
[APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
|
|
@@ -76,4 +50,4 @@ function tryJsonParse(value) {
|
|
|
76
50
|
}
|
|
77
51
|
}
|
|
78
52
|
|
|
79
|
-
export { getAttributionsFromApi
|
|
53
|
+
export { getAttributionsFromApi };
|
|
@@ -1,18 +1,14 @@
|
|
|
1
1
|
import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { OnRetryCallback, RetryPolicy } from '@mondaydotcomorg/monday-fetch-api';
|
|
3
2
|
import type { Request } from 'express';
|
|
4
3
|
export declare const logger: import("bunyan");
|
|
5
|
-
export declare const onRetryCallback: OnRetryCallback;
|
|
6
4
|
export declare class AuthorizationInternalService {
|
|
7
5
|
static skipAuthorization(requset: Request): void;
|
|
8
6
|
static markAuthorized(request: Request): void;
|
|
9
7
|
static failIfNotCoveredByAuthorization(request: Request): void;
|
|
10
8
|
static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
|
|
11
|
-
static throwOnHttpError(status: number, placement: string): void;
|
|
12
9
|
static generateInternalAuthToken(accountId: number, userId: number): string;
|
|
13
10
|
static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
|
|
14
11
|
static getRequestFetchOptions(): MondayFetchOptions;
|
|
15
12
|
static getRequestTimeout(): 60000 | 2000;
|
|
16
|
-
static getRetriesPolicy(): RetryPolicy;
|
|
17
13
|
}
|
|
18
14
|
//# sourceMappingURL=authorization-internal-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,
|
|
1
|
+
{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AASvC,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAY/C,qBAAa,4BAA4B;IACvC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIhD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI7C,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAM9D,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,iBAAiB;CAIzB"}
|
|
@@ -2,21 +2,11 @@ import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
|
|
|
2
2
|
import * as MondayLogger from '@mondaydotcomorg/monday-logger';
|
|
3
3
|
|
|
4
4
|
const INTERNAL_APP_NAME = 'internal_ms';
|
|
5
|
-
const MAX_RETRIES = 3;
|
|
6
|
-
const RETRY_DELAY_MS = 10;
|
|
7
|
-
const logger = MondayLogger.getLogger();
|
|
8
5
|
const defaultMondayFetchOptions = {
|
|
9
|
-
retries:
|
|
6
|
+
retries: 3,
|
|
10
7
|
callback: logOnFetchFail,
|
|
11
8
|
};
|
|
12
|
-
const
|
|
13
|
-
if (attempt == MAX_RETRIES) {
|
|
14
|
-
logger.error({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed');
|
|
15
|
-
}
|
|
16
|
-
else {
|
|
17
|
-
logger.info({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed, trying again');
|
|
18
|
-
}
|
|
19
|
-
};
|
|
9
|
+
const logger = MondayLogger.getLogger();
|
|
20
10
|
function logOnFetchFail(retriesLeft, error) {
|
|
21
11
|
if (retriesLeft == 0) {
|
|
22
12
|
logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
|
|
@@ -46,10 +36,6 @@ class AuthorizationInternalService {
|
|
|
46
36
|
logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
|
|
47
37
|
throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
|
|
48
38
|
}
|
|
49
|
-
static throwOnHttpError(status, placement) {
|
|
50
|
-
logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
|
|
51
|
-
throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
|
|
52
|
-
}
|
|
53
39
|
static generateInternalAuthToken(accountId, userId) {
|
|
54
40
|
return signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
|
|
55
41
|
}
|
|
@@ -66,15 +52,6 @@ class AuthorizationInternalService {
|
|
|
66
52
|
const isDevEnv = process.env.NODE_ENV === 'development';
|
|
67
53
|
return isDevEnv ? 60000 : 2000;
|
|
68
54
|
}
|
|
69
|
-
static getRetriesPolicy() {
|
|
70
|
-
const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
|
|
71
|
-
return {
|
|
72
|
-
useRetries: fetchOptions.retries !== undefined,
|
|
73
|
-
maxRetries: fetchOptions.retries !== undefined ? fetchOptions.retries : 0,
|
|
74
|
-
onRetry: onRetryCallback,
|
|
75
|
-
retryDelayMS: fetchOptions.retryDelay ?? RETRY_DELAY_MS,
|
|
76
|
-
};
|
|
77
|
-
}
|
|
78
55
|
}
|
|
79
56
|
|
|
80
|
-
export { AuthorizationInternalService, logger
|
|
57
|
+
export { AuthorizationInternalService, logger };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,KAAK,EAAE,YAAY,EAAW,MAAM,SAAS,CAAC;AAIrD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,
|
|
1
|
+
{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,KAAK,EAAE,YAAY,EAAW,MAAM,SAAS,CAAC;AAIrD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,aAGlB,WAAW,YACV,YAAY,QAChB,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CAYjB;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAGlH;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CASnH;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAElE"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
3
2
|
import { Action, AuthorizationObject, Resource } from './types/general';
|
|
4
3
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
4
|
export interface AuthorizeResponse {
|
|
@@ -11,7 +10,6 @@ export declare function setRequestFetchOptions(customMondayFetchOptions: MondayF
|
|
|
11
10
|
export declare class AuthorizationService {
|
|
12
11
|
static redisClient?: any;
|
|
13
12
|
static grantedFeatureRedisExpirationInSeconds?: number;
|
|
14
|
-
static igniteClient?: IgniteClient;
|
|
15
13
|
/**
|
|
16
14
|
* @deprecated use the second form with authorizationRequestObjects instead,
|
|
17
15
|
* support of this function will be dropped gradually
|
|
@@ -28,25 +26,9 @@ export declare class AuthorizationService {
|
|
|
28
26
|
private static fetchIsUserGrantedWithFeature;
|
|
29
27
|
private static getCachedKeyName;
|
|
30
28
|
static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
|
|
31
|
-
/**
|
|
32
|
-
* @deprecated - gradually phasing this out
|
|
33
|
-
* @param accountId
|
|
34
|
-
* @param userId
|
|
35
|
-
* @param scopedActions
|
|
36
|
-
*/
|
|
37
|
-
private static canActionInScopeMultiple_withoutPlatformProfile;
|
|
38
29
|
static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
|
|
39
30
|
private static isAuthorizedSingular;
|
|
40
|
-
/**
|
|
41
|
-
* @deprecated - gradually phasing this out
|
|
42
|
-
* @param accountId
|
|
43
|
-
* @param userId
|
|
44
|
-
* @param authorizationRequestObjects
|
|
45
|
-
* @private
|
|
46
|
-
*/
|
|
47
|
-
private static isAuthorizedMultiple_withoutPlatformProfile;
|
|
48
31
|
private static isAuthorizedMultiple;
|
|
49
32
|
}
|
|
50
33
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
51
|
-
export declare function setIgniteClient(): Promise<void>;
|
|
52
34
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAuB,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAK7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAM1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAED,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAEvD;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;WAMjB,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAiE1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F"}
|
|
@@ -3,23 +3,17 @@ import snakeCase from 'lodash/snakeCase.js';
|
|
|
3
3
|
import camelCase from 'lodash/camelCase.js';
|
|
4
4
|
import mapKeys from 'lodash/mapKeys.js';
|
|
5
5
|
import { fetch } from '@mondaydotcomorg/monday-fetch';
|
|
6
|
-
import {
|
|
7
|
-
import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
|
|
8
|
-
import { getIgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
9
|
-
import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
|
|
6
|
+
import { sendAuthorizationChecksPerRequestMetric, sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
|
|
10
7
|
import { AuthorizationInternalService, logger } from './authorization-internal-service.mjs';
|
|
11
|
-
import { getAttributionsFromApi
|
|
8
|
+
import { getAttributionsFromApi } from './attributions-service.mjs';
|
|
12
9
|
|
|
13
10
|
const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
|
|
14
|
-
const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
|
|
15
|
-
const PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH = '/internal_ms/authorization/can_actions_in_scopes';
|
|
16
11
|
function setRequestFetchOptions(customMondayFetchOptions) {
|
|
17
12
|
AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
|
|
18
13
|
}
|
|
19
14
|
class AuthorizationService {
|
|
20
15
|
static redisClient;
|
|
21
16
|
static grantedFeatureRedisExpirationInSeconds;
|
|
22
|
-
static igniteClient;
|
|
23
17
|
static async isAuthorized(...args) {
|
|
24
18
|
if (args.length === 3) {
|
|
25
19
|
return this.isAuthorizedMultiple(args[0], args[1], args[2]);
|
|
@@ -67,13 +61,7 @@ class AuthorizationService {
|
|
|
67
61
|
const scopedActionResponseObjects = await this.canActionInScopeMultiple(accountId, userId, scopedActions);
|
|
68
62
|
return scopedActionResponseObjects[0].permit;
|
|
69
63
|
}
|
|
70
|
-
|
|
71
|
-
* @deprecated - gradually phasing this out
|
|
72
|
-
* @param accountId
|
|
73
|
-
* @param userId
|
|
74
|
-
* @param scopedActions
|
|
75
|
-
*/
|
|
76
|
-
static async canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions) {
|
|
64
|
+
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
77
65
|
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
78
66
|
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
79
67
|
return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
@@ -107,82 +95,11 @@ class AuthorizationService {
|
|
|
107
95
|
});
|
|
108
96
|
return scopedActionsResponseObjects;
|
|
109
97
|
}
|
|
110
|
-
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
111
|
-
// gradually release the new platform profile features
|
|
112
|
-
if (!this.igniteClient) {
|
|
113
|
-
logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
114
|
-
}
|
|
115
|
-
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
116
|
-
return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
|
|
117
|
-
}
|
|
118
|
-
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
119
|
-
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
120
|
-
return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
121
|
-
});
|
|
122
|
-
const attributionHeaders = getAttributionsFromApi();
|
|
123
|
-
const httpClient = Api.getPart('httpClient');
|
|
124
|
-
const profile = getProfile();
|
|
125
|
-
let response;
|
|
126
|
-
try {
|
|
127
|
-
response = await httpClient.fetch({
|
|
128
|
-
url: {
|
|
129
|
-
appName: 'platform',
|
|
130
|
-
path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
|
|
131
|
-
profile,
|
|
132
|
-
},
|
|
133
|
-
method: 'POST',
|
|
134
|
-
headers: {
|
|
135
|
-
Authorization: internalAuthToken,
|
|
136
|
-
'Content-Type': 'application/json',
|
|
137
|
-
...attributionHeaders,
|
|
138
|
-
},
|
|
139
|
-
body: JSON.stringify({
|
|
140
|
-
user_id: userId,
|
|
141
|
-
scoped_actions: scopedActionsPayload,
|
|
142
|
-
}),
|
|
143
|
-
}, {
|
|
144
|
-
timeout: AuthorizationInternalService.getRequestTimeout(),
|
|
145
|
-
retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
|
|
146
|
-
});
|
|
147
|
-
}
|
|
148
|
-
catch (err) {
|
|
149
|
-
if (err instanceof HttpFetcherError) {
|
|
150
|
-
AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
|
|
151
|
-
}
|
|
152
|
-
else {
|
|
153
|
-
throw err;
|
|
154
|
-
}
|
|
155
|
-
}
|
|
156
|
-
function toCamelCase(obj) {
|
|
157
|
-
return mapKeys(obj, (_, key) => camelCase(key));
|
|
158
|
-
}
|
|
159
|
-
if (!response) {
|
|
160
|
-
logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
|
|
161
|
-
throw new Error('AuthorizationService: missing response');
|
|
162
|
-
}
|
|
163
|
-
const scopedActionsResponseObjects = response.result.map(responseObject => {
|
|
164
|
-
const { scopedAction, permit } = responseObject;
|
|
165
|
-
const { scope } = scopedAction;
|
|
166
|
-
return {
|
|
167
|
-
...responseObject,
|
|
168
|
-
scopedAction: { ...scopedAction, scope: toCamelCase(scope) },
|
|
169
|
-
permit: toCamelCase(permit),
|
|
170
|
-
};
|
|
171
|
-
});
|
|
172
|
-
return scopedActionsResponseObjects;
|
|
173
|
-
}
|
|
174
98
|
static async isAuthorizedSingular(accountId, userId, resources, action) {
|
|
175
99
|
const { authorizationObjects } = createAuthorizationParams(resources, action);
|
|
176
100
|
return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
|
|
177
101
|
}
|
|
178
|
-
|
|
179
|
-
* @deprecated - gradually phasing this out
|
|
180
|
-
* @param accountId
|
|
181
|
-
* @param userId
|
|
182
|
-
* @param authorizationRequestObjects
|
|
183
|
-
* @private
|
|
184
|
-
*/
|
|
185
|
-
static async isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects) {
|
|
102
|
+
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
186
103
|
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
187
104
|
const startTime = performance.now();
|
|
188
105
|
const attributionHeaders = getAttributionsFromApi();
|
|
@@ -202,6 +119,7 @@ class AuthorizationService {
|
|
|
202
119
|
const endTime = performance.now();
|
|
203
120
|
const time = endTime - startTime;
|
|
204
121
|
const responseStatus = response.status;
|
|
122
|
+
sendAuthorizationChecksPerRequestMetric(responseStatus, authorizationRequestObjects.length);
|
|
205
123
|
AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
|
|
206
124
|
const responseBody = await response.json();
|
|
207
125
|
const unauthorizedObjects = [];
|
|
@@ -223,75 +141,6 @@ class AuthorizationService {
|
|
|
223
141
|
}
|
|
224
142
|
return { isAuthorized: true };
|
|
225
143
|
}
|
|
226
|
-
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
227
|
-
// gradually release the new platform profile features
|
|
228
|
-
if (!this.igniteClient) {
|
|
229
|
-
logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
230
|
-
}
|
|
231
|
-
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
232
|
-
return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
|
|
233
|
-
}
|
|
234
|
-
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
235
|
-
const startTime = performance.now();
|
|
236
|
-
const attributionHeaders = getAttributionsFromApi();
|
|
237
|
-
const httpClient = Api.getPart('httpClient');
|
|
238
|
-
const profile = getProfile();
|
|
239
|
-
let response;
|
|
240
|
-
try {
|
|
241
|
-
response = await httpClient.fetch({
|
|
242
|
-
url: {
|
|
243
|
-
appName: 'platform',
|
|
244
|
-
path: PLATFORM_AUTHORIZE_PATH,
|
|
245
|
-
profile,
|
|
246
|
-
},
|
|
247
|
-
method: 'POST',
|
|
248
|
-
headers: {
|
|
249
|
-
Authorization: internalAuthToken,
|
|
250
|
-
'Content-Type': 'application/json',
|
|
251
|
-
...attributionHeaders,
|
|
252
|
-
},
|
|
253
|
-
body: JSON.stringify({
|
|
254
|
-
user_id: userId,
|
|
255
|
-
authorize_request_objects: authorizationRequestObjects,
|
|
256
|
-
}),
|
|
257
|
-
}, {
|
|
258
|
-
timeout: AuthorizationInternalService.getRequestTimeout(),
|
|
259
|
-
retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
|
|
260
|
-
});
|
|
261
|
-
}
|
|
262
|
-
catch (err) {
|
|
263
|
-
if (err instanceof httpClient.HttpFetcherError) {
|
|
264
|
-
AuthorizationInternalService.throwOnHttpError(err.status, 'isAuthorizedMultiple');
|
|
265
|
-
}
|
|
266
|
-
else {
|
|
267
|
-
throw err;
|
|
268
|
-
}
|
|
269
|
-
}
|
|
270
|
-
const endTime = performance.now();
|
|
271
|
-
const time = endTime - startTime;
|
|
272
|
-
const unauthorizedObjects = [];
|
|
273
|
-
if (!response) {
|
|
274
|
-
logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
|
|
275
|
-
throw new Error('AuthorizationService: missing response');
|
|
276
|
-
}
|
|
277
|
-
response.result.forEach(function (isAuthorized, index) {
|
|
278
|
-
const authorizationObject = authorizationRequestObjects[index];
|
|
279
|
-
if (!isAuthorized) {
|
|
280
|
-
unauthorizedObjects.push(authorizationObject);
|
|
281
|
-
}
|
|
282
|
-
sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time);
|
|
283
|
-
});
|
|
284
|
-
if (unauthorizedObjects.length > 0) {
|
|
285
|
-
logger.info({
|
|
286
|
-
resources: JSON.stringify(unauthorizedObjects),
|
|
287
|
-
}, 'AuthorizationService: resource is unauthorized');
|
|
288
|
-
const unauthorizedIds = unauthorizedObjects
|
|
289
|
-
.filter(obj => !!obj.resource_id)
|
|
290
|
-
.map(obj => obj.resource_id);
|
|
291
|
-
return { isAuthorized: false, unauthorizedIds, unauthorizedObjects };
|
|
292
|
-
}
|
|
293
|
-
return { isAuthorized: true };
|
|
294
|
-
}
|
|
295
144
|
}
|
|
296
145
|
function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS) {
|
|
297
146
|
AuthorizationService.redisClient = client;
|
|
@@ -303,11 +152,6 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
|
|
|
303
152
|
AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
|
|
304
153
|
}
|
|
305
154
|
}
|
|
306
|
-
async function setIgniteClient() {
|
|
307
|
-
AuthorizationService.igniteClient = await getIgniteClient({
|
|
308
|
-
namespace: ['authorization'],
|
|
309
|
-
});
|
|
310
|
-
}
|
|
311
155
|
function createAuthorizationParams(resources, action) {
|
|
312
156
|
const params = {
|
|
313
157
|
authorizationObjects: resources.map((resource) => {
|
|
@@ -325,10 +169,10 @@ function createAuthorizationParams(resources, action) {
|
|
|
325
169
|
return params;
|
|
326
170
|
}
|
|
327
171
|
function getAuthorizeUrl() {
|
|
328
|
-
return
|
|
172
|
+
return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/authorize`;
|
|
329
173
|
}
|
|
330
174
|
function getCanActionsInScopesUrl() {
|
|
331
|
-
return
|
|
175
|
+
return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/can_actions_in_scopes`;
|
|
332
176
|
}
|
|
333
177
|
|
|
334
|
-
export { AuthorizationService,
|
|
178
|
+
export { AuthorizationService, setRedisClient, setRequestFetchOptions };
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -6,7 +6,7 @@ export interface InitOptions {
|
|
|
6
6
|
redisClient?: any;
|
|
7
7
|
grantedFeatureRedisExpirationInSeconds?: number;
|
|
8
8
|
}
|
|
9
|
-
export declare function init(options?: InitOptions):
|
|
9
|
+
export declare function init(options?: InitOptions): void;
|
|
10
10
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
|
|
11
11
|
export { AuthorizationService, AuthorizeResponse } from './authorization-service';
|
|
12
12
|
export { AuthorizationAttributesService } from './authorization-attributes-service';
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAgB,IAAI,CAAC,OAAO,GAAE,WAAgB,QAW7C;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/esm/index.mjs
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
import { setPrometheus } from './prometheus-service.mjs';
|
|
2
|
-
import { setRequestFetchOptions, setRedisClient
|
|
2
|
+
import { setRequestFetchOptions, setRedisClient } from './authorization-service.mjs';
|
|
3
3
|
export { AuthorizationService } from './authorization-service.mjs';
|
|
4
4
|
import * as testKit_index from './testKit/index.mjs';
|
|
5
5
|
export { testKit_index as TestKit };
|
|
6
6
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware } from './authorization-middleware.mjs';
|
|
7
7
|
export { AuthorizationAttributesService } from './authorization-attributes-service.mjs';
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
function init(options = {}) {
|
|
10
10
|
if (options.prometheus) {
|
|
11
11
|
setPrometheus(options.prometheus);
|
|
12
12
|
}
|
|
@@ -16,8 +16,6 @@ async function init(options = {}) {
|
|
|
16
16
|
if (options.redisClient) {
|
|
17
17
|
setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
|
|
18
18
|
}
|
|
19
|
-
// add an ignite client for gradual release features
|
|
20
|
-
await setIgniteClient();
|
|
21
19
|
}
|
|
22
20
|
|
|
23
21
|
export { init };
|
|
@@ -6,5 +6,6 @@ export declare const METRICS: {
|
|
|
6
6
|
};
|
|
7
7
|
export declare function setPrometheus(customPrometheus: any): void;
|
|
8
8
|
export declare function getMetricsManager(): any;
|
|
9
|
+
export declare function sendAuthorizationChecksPerRequestMetric(responseStatus: any, amountOfAuthorizationObjects: any): void;
|
|
9
10
|
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;
|
|
10
11
|
//# sourceMappingURL=prometheus-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAMzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAcF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAiB7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,uCAAuC,CAAC,cAAc,KAAA,EAAE,4BAA4B,KAAA,QAQnG;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}
|
|
@@ -1,10 +1,16 @@
|
|
|
1
1
|
let prometheus = null;
|
|
2
|
+
let authorizationChecksPerRequestMetric = null;
|
|
2
3
|
let authorizationCheckResponseTimeMetric = null;
|
|
3
4
|
const METRICS = {
|
|
4
5
|
AUTHORIZATION_CHECK: 'authorization_check',
|
|
5
6
|
AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
|
|
6
7
|
AUTHORIZATION_CHECK_RESPONSE_TIME: 'authorization_check_response_time',
|
|
7
8
|
};
|
|
9
|
+
const authorizationChecksPerRequestMetricConfig = {
|
|
10
|
+
name: METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
|
|
11
|
+
labels: ['responseStatus'],
|
|
12
|
+
description: 'Authorization checks per request summary',
|
|
13
|
+
};
|
|
8
14
|
const authorizationCheckResponseTimeMetricConfig = {
|
|
9
15
|
name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
|
|
10
16
|
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
|
|
@@ -13,11 +19,22 @@ const authorizationCheckResponseTimeMetricConfig = {
|
|
|
13
19
|
function setPrometheus(customPrometheus) {
|
|
14
20
|
prometheus = customPrometheus;
|
|
15
21
|
const { METRICS_TYPES } = prometheus;
|
|
22
|
+
authorizationChecksPerRequestMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationChecksPerRequestMetricConfig.name, authorizationChecksPerRequestMetricConfig.labels, authorizationChecksPerRequestMetricConfig.description);
|
|
16
23
|
authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
17
24
|
}
|
|
18
25
|
function getMetricsManager() {
|
|
19
26
|
return prometheus?.metricsManager;
|
|
20
27
|
}
|
|
28
|
+
function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthorizationObjects) {
|
|
29
|
+
try {
|
|
30
|
+
if (authorizationChecksPerRequestMetric) {
|
|
31
|
+
authorizationChecksPerRequestMetric.labels(responseStatus).observe(amountOfAuthorizationObjects);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
catch (e) {
|
|
35
|
+
// ignore
|
|
36
|
+
}
|
|
37
|
+
}
|
|
21
38
|
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
|
|
22
39
|
try {
|
|
23
40
|
if (authorizationCheckResponseTimeMetric) {
|
|
@@ -29,4 +46,4 @@ function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthor
|
|
|
29
46
|
}
|
|
30
47
|
}
|
|
31
48
|
|
|
32
|
-
export { METRICS, getMetricsManager, sendAuthorizationCheckResponseTimeMetric, setPrometheus };
|
|
49
|
+
export { METRICS, getMetricsManager, sendAuthorizationCheckResponseTimeMetric, sendAuthorizationChecksPerRequestMetric, setPrometheus };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,cAAe,MAAM,UAAU,MAAM,aAAa,QAAQ,EAAE,UAAU,MAAM,SAE9G,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AAyBF,eAAO,MAAM,8BAA8B,WACjC,MAAM,kBACE,cAAc,kBACd,aAAa,eAGlB,WAAW,YACV,YAAY,QAChB,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -6,7 +6,7 @@ export interface InitOptions {
|
|
|
6
6
|
redisClient?: any;
|
|
7
7
|
grantedFeatureRedisExpirationInSeconds?: number;
|
|
8
8
|
}
|
|
9
|
-
export declare function init(options?: InitOptions):
|
|
9
|
+
export declare function init(options?: InitOptions): void;
|
|
10
10
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
|
|
11
11
|
export { AuthorizationService, AuthorizeResponse } from './authorization-service';
|
|
12
12
|
export { AuthorizationAttributesService } from './authorization-attributes-service';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAgB,IAAI,CAAC,OAAO,GAAE,WAAgB,QAW7C;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -6,7 +6,7 @@ const testKit_index = require('./testKit/index.js');
|
|
|
6
6
|
const authorizationMiddleware = require('./authorization-middleware.js');
|
|
7
7
|
const authorizationAttributesService = require('./authorization-attributes-service.js');
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
function init(options = {}) {
|
|
10
10
|
if (options.prometheus) {
|
|
11
11
|
prometheusService.setPrometheus(options.prometheus);
|
|
12
12
|
}
|
|
@@ -16,8 +16,6 @@ async function init(options = {}) {
|
|
|
16
16
|
if (options.redisClient) {
|
|
17
17
|
authorizationService.setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
|
|
18
18
|
}
|
|
19
|
-
// add an ignite client for gradual release features
|
|
20
|
-
await authorizationService.setIgniteClient();
|
|
21
19
|
}
|
|
22
20
|
|
|
23
21
|
exports.AuthorizationService = authorizationService.AuthorizationService;
|
|
@@ -6,5 +6,6 @@ export declare const METRICS: {
|
|
|
6
6
|
};
|
|
7
7
|
export declare function setPrometheus(customPrometheus: any): void;
|
|
8
8
|
export declare function getMetricsManager(): any;
|
|
9
|
+
export declare function sendAuthorizationChecksPerRequestMetric(responseStatus: any, amountOfAuthorizationObjects: any): void;
|
|
9
10
|
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;
|
|
10
11
|
//# sourceMappingURL=prometheus-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAMzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAcF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAiB7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,uCAAuC,CAAC,cAAc,KAAA,EAAE,4BAA4B,KAAA,QAQnG;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}
|
|
@@ -1,12 +1,18 @@
|
|
|
1
1
|
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
2
|
|
|
3
3
|
let prometheus = null;
|
|
4
|
+
let authorizationChecksPerRequestMetric = null;
|
|
4
5
|
let authorizationCheckResponseTimeMetric = null;
|
|
5
6
|
const METRICS = {
|
|
6
7
|
AUTHORIZATION_CHECK: 'authorization_check',
|
|
7
8
|
AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
|
|
8
9
|
AUTHORIZATION_CHECK_RESPONSE_TIME: 'authorization_check_response_time',
|
|
9
10
|
};
|
|
11
|
+
const authorizationChecksPerRequestMetricConfig = {
|
|
12
|
+
name: METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
|
|
13
|
+
labels: ['responseStatus'],
|
|
14
|
+
description: 'Authorization checks per request summary',
|
|
15
|
+
};
|
|
10
16
|
const authorizationCheckResponseTimeMetricConfig = {
|
|
11
17
|
name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
|
|
12
18
|
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
|
|
@@ -15,11 +21,22 @@ const authorizationCheckResponseTimeMetricConfig = {
|
|
|
15
21
|
function setPrometheus(customPrometheus) {
|
|
16
22
|
prometheus = customPrometheus;
|
|
17
23
|
const { METRICS_TYPES } = prometheus;
|
|
24
|
+
authorizationChecksPerRequestMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationChecksPerRequestMetricConfig.name, authorizationChecksPerRequestMetricConfig.labels, authorizationChecksPerRequestMetricConfig.description);
|
|
18
25
|
authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
19
26
|
}
|
|
20
27
|
function getMetricsManager() {
|
|
21
28
|
return prometheus?.metricsManager;
|
|
22
29
|
}
|
|
30
|
+
function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthorizationObjects) {
|
|
31
|
+
try {
|
|
32
|
+
if (authorizationChecksPerRequestMetric) {
|
|
33
|
+
authorizationChecksPerRequestMetric.labels(responseStatus).observe(amountOfAuthorizationObjects);
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
catch (e) {
|
|
37
|
+
// ignore
|
|
38
|
+
}
|
|
39
|
+
}
|
|
23
40
|
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
|
|
24
41
|
try {
|
|
25
42
|
if (authorizationCheckResponseTimeMetric) {
|
|
@@ -34,4 +51,5 @@ function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthor
|
|
|
34
51
|
exports.METRICS = METRICS;
|
|
35
52
|
exports.getMetricsManager = getMetricsManager;
|
|
36
53
|
exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;
|
|
54
|
+
exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
|
|
37
55
|
exports.setPrometheus = setPrometheus;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,cAAe,MAAM,UAAU,MAAM,aAAa,QAAQ,EAAE,UAAU,MAAM,SAE9G,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AAyBF,eAAO,MAAM,8BAA8B,WACjC,MAAM,kBACE,cAAc,kBACd,aAAa,eAGlB,WAAW,YACV,YAAY,QAChB,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mondaydotcomorg/monday-authorization",
|
|
3
|
-
"version": "1.2.19
|
|
3
|
+
"version": "1.2.19",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "BSD-3-Clause",
|
|
@@ -19,9 +19,7 @@
|
|
|
19
19
|
"watch": "trident-library build -w"
|
|
20
20
|
},
|
|
21
21
|
"dependencies": {
|
|
22
|
-
"@mondaydotcomorg/ignite-sdk": "^2.0.5",
|
|
23
22
|
"@mondaydotcomorg/monday-fetch": "^0.0.7",
|
|
24
|
-
"@mondaydotcomorg/monday-fetch-api": "^1.0.2",
|
|
25
23
|
"@mondaydotcomorg/monday-jwt": "^3.0.14",
|
|
26
24
|
"@mondaydotcomorg/monday-logger": "^4.0.11",
|
|
27
25
|
"@mondaydotcomorg/monday-sns": "^1.0.6",
|
|
@@ -39,7 +37,7 @@
|
|
|
39
37
|
"@types/supertest": "^2.0.11",
|
|
40
38
|
"express": "^4.17.1",
|
|
41
39
|
"ioredis": "^5.2.4",
|
|
42
|
-
"ioredis-mock": "^8.
|
|
40
|
+
"ioredis-mock": "^8.2.2",
|
|
43
41
|
"sinon": "9.0.3",
|
|
44
42
|
"supertest": "^6.1.3",
|
|
45
43
|
"typescript": "^5.2.2"
|