@mondaydotcomorg/monday-authorization 1.2.19 → 2.0.0-fix-moshesa-set-basic-object-val-to-unknown--8965160254.59909b8

package/dist/attributions-service.d.ts

@@ -1,4 +1,13 @@
+import { Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api';
+declare enum PlatformProfile {
+    API_INTERNAL = "api-internal",
+    SLOW = "slow",
+    INTERNAL = "internal"
+}
+export declare function getProfile(): PlatformProfile;
+export declare function getExecutionContext(context: Context): ExecutionContext;
 export declare function getAttributionsFromApi(): {
     [key: string]: string;
 };
+export {};
 //# sourceMappingURL=attributions-service.d.ts.map

package/dist/attributions-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AASA,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
+{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,aAAK,eAAe;IAClB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,UAAU,oBAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}

package/dist/attributions-service.js

@@ -7,6 +7,32 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
 const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
 const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
 let didSendFailureLogOnce = false;
+var PlatformProfile;
+(function (PlatformProfile) {
+    PlatformProfile["API_INTERNAL"] = "api-internal";
+    PlatformProfile["SLOW"] = "slow";
+    PlatformProfile["INTERNAL"] = "internal";
+})(PlatformProfile || (PlatformProfile = {}));
+function getProfile() {
+    const tridentContext = tridentBackendApi.Api.getPart('context');
+    if (!tridentContext) {
+        return PlatformProfile.INTERNAL;
+    }
+    const { mondayRequestSource } = getExecutionContext(tridentContext);
+    switch (mondayRequestSource) {
+        case 'api': {
+            return PlatformProfile.API_INTERNAL;
+        }
+        case 'slow': {
+            return PlatformProfile.SLOW;
+        }
+        default:
+            return PlatformProfile.INTERNAL;
+    }
+}
+function getExecutionContext(context) {
+    return context.execution.get();
+}
 function getAttributionsFromApi() {
     const callerAppNameFromSdk = {
         [APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
@@ -53,3 +79,5 @@ function tryJsonParse(value) {
 }
 
 exports.getAttributionsFromApi = getAttributionsFromApi;
+exports.getExecutionContext = getExecutionContext;
+exports.getProfile = getProfile;

package/dist/authorization-internal-service.d.ts

@@ -1,14 +1,18 @@
 import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import type { Request } from 'express';
+import { OnRetryCallback, RetryPolicy } from '@mondaydotcomorg/monday-fetch-api';
+import { BaseRequest } from './types/general';
 export declare const logger: import("bunyan");
+export declare const onRetryCallback: OnRetryCallback;
 export declare class AuthorizationInternalService {
-    static skipAuthorization(requset: Request): void;
-    static markAuthorized(request: Request): void;
-    static failIfNotCoveredByAuthorization(request: Request): void;
+    static skipAuthorization(requset: BaseRequest): void;
+    static markAuthorized(request: BaseRequest): void;
+    static failIfNotCoveredByAuthorization(request: BaseRequest): void;
     static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
+    static throwOnHttpError(status: number, placement: string): void;
     static generateInternalAuthToken(accountId: number, userId: number): string;
     static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
     static getRequestFetchOptions(): MondayFetchOptions;
     static getRequestTimeout(): 60000 | 2000;
+    static getRetriesPolicy(): RetryPolicy;
 }
 //# sourceMappingURL=authorization-internal-service.d.ts.map

package/dist/authorization-internal-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AASvC,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAY/C,qBAAa,4BAA4B;IACvC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIhD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI7C,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAM9D,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,iBAAiB;CAIzB"}
+{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,EAAyB,eAAe,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AACxG,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK9C,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAO/C,eAAO,MAAM,eAAe,EAAE,eAM7B,CAAC;AAYF,qBAAa,4BAA4B;IACvC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;IAQzD,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,iBAAiB;IAKxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CASvC"}

package/dist/authorization-internal-service.js

@@ -24,11 +24,21 @@ return n;
 const MondayLogger__namespace = /*#__PURE__*/_interopNamespace(MondayLogger);
 
 const INTERNAL_APP_NAME = 'internal_ms';
+const MAX_RETRIES = 3;
+const RETRY_DELAY_MS = 10;
+const logger = MondayLogger__namespace.getLogger();
 const defaultMondayFetchOptions = {
-    retries: 3,
+    retries: MAX_RETRIES,
     callback: logOnFetchFail,
 };
-const logger = MondayLogger__namespace.getLogger();
+const onRetryCallback = (attempt, error) => {
+    if (attempt == MAX_RETRIES) {
+        logger.error({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed');
+    }
+    else {
+        logger.info({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed, trying again');
+    }
+};
 function logOnFetchFail(retriesLeft, error) {
     if (retriesLeft == 0) {
         logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
@@ -58,6 +68,10 @@ class AuthorizationInternalService {
         logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
         throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
     }
+    static throwOnHttpError(status, placement) {
+        logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
+        throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
+    }
     static generateInternalAuthToken(accountId, userId) {
         return mondayJwt.signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
     }
@@ -74,7 +88,17 @@ class AuthorizationInternalService {
         const isDevEnv = process.env.NODE_ENV === 'development';
         return isDevEnv ? 60000 : 2000;
     }
+    static getRetriesPolicy() {
+        const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
+        return {
+            useRetries: fetchOptions.retries !== undefined,
+            maxRetries: fetchOptions.retries !== undefined ? fetchOptions.retries : 0,
+            onRetry: onRetryCallback,
+            retryDelayMS: fetchOptions.retryDelay ?? RETRY_DELAY_MS,
+        };
+    }
 }
 
 exports.AuthorizationInternalService = AuthorizationInternalService;
 exports.logger = logger;
+exports.onRetryCallback = onRetryCallback;

package/dist/authorization-middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,KAAK,EAAE,YAAY,EAAW,MAAM,SAAS,CAAC;AAIrD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,aAGlB,WAAW,YACV,YAAY,QAChB,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CAYjB;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAGlH;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CASnH;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAElE"}
+{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAI5C,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,IAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CAajB;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAGlH;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CASnH;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAElE"}

package/dist/authorization-middleware.js

@@ -15,7 +15,8 @@ function getAuthorizationMiddleware(action, resourceGetter, contextGetter) {
         contextGetter ||= defaultContextGetter;
         const { userId, accountId } = contextGetter(request);
         const resources = resourceGetter(request);
-        const { isAuthorized } = await authorizationService.AuthorizationService.isAuthorized(accountId, userId, resources, action);
+        const { authorizationObjects } = authorizationService.createAuthorizationParams(resources, action);
+        const { isAuthorized } = await authorizationService.AuthorizationService.isAuthorized(accountId, userId, authorizationObjects);
         authorizationInternalService.AuthorizationInternalService.markAuthorized(request);
         if (!isAuthorized) {
             response.status(403).json({ message: 'Access denied' });

package/dist/authorization-service.d.ts

@@ -1,5 +1,6 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import { Action, AuthorizationObject, Resource } from './types/general';
+import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
+import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
 import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
 export interface AuthorizeResponse {
     isAuthorized: boolean;
@@ -10,6 +11,7 @@ export declare function setRequestFetchOptions(customMondayFetchOptions: MondayF
 export declare class AuthorizationService {
     static redisClient?: any;
     static grantedFeatureRedisExpirationInSeconds?: number;
+    static igniteClient?: IgniteClient;
     /**
      * @deprecated use the second form with authorizationRequestObjects instead,
      * support of this function will be dropped gradually
@@ -26,9 +28,26 @@ export declare class AuthorizationService {
     private static fetchIsUserGrantedWithFeature;
     private static getCachedKeyName;
     static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param scopedActions
+     */
+    private static canActionInScopeMultiple_withoutPlatformProfile;
     static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
     private static isAuthorizedSingular;
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param authorizationRequestObjects
+     * @private
+     */
+    private static isAuthorizedMultiple_withoutPlatformProfile;
     private static isAuthorizedMultiple;
 }
 export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
+export declare function setIgniteClient(): Promise<void>;
+export declare function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams;
 //# sourceMappingURL=authorization-service.d.ts.map

package/dist/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAuB,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAK7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAM1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAED,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAEvD;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;WAMjB,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAiE1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAiG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAIpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/authorization-service.js

@@ -5,6 +5,9 @@ const snakeCase = require('lodash/snakeCase.js');
 const camelCase = require('lodash/camelCase.js');
 const mapKeys = require('lodash/mapKeys.js');
 const mondayFetch = require('@mondaydotcomorg/monday-fetch');
+const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
+const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
+const igniteSdk = require('@mondaydotcomorg/ignite-sdk');
 const prometheusService = require('./prometheus-service.js');
 const authorizationInternalService = require('./authorization-internal-service.js');
 const attributionsService = require('./attributions-service.js');
@@ -16,12 +19,15 @@ const camelCase__default = /*#__PURE__*/_interopDefault(camelCase);
 const mapKeys__default = /*#__PURE__*/_interopDefault(mapKeys);
 
 const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
+const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
+const PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH = '/internal_ms/authorization/can_actions_in_scopes';
 function setRequestFetchOptions(customMondayFetchOptions) {
     authorizationInternalService.AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
 class AuthorizationService {
     static redisClient;
     static grantedFeatureRedisExpirationInSeconds;
+    static igniteClient;
     static async isAuthorized(...args) {
         if (args.length === 3) {
             return this.isAuthorizedMultiple(args[0], args[1], args[2]);
@@ -69,7 +75,13 @@ class AuthorizationService {
         const scopedActionResponseObjects = await this.canActionInScopeMultiple(accountId, userId, scopedActions);
         return scopedActionResponseObjects[0].permit;
     }
-    static async canActionInScopeMultiple(accountId, userId, scopedActions) {
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param scopedActions
+     */
+    static async canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions) {
         const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const scopedActionsPayload = scopedActions.map(scopedAction => {
             return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
@@ -103,11 +115,82 @@ class AuthorizationService {
         });
         return scopedActionsResponseObjects;
     }
+    static async canActionInScopeMultiple(accountId, userId, scopedActions) {
+        // gradually release the new platform profile features
+        if (!this.igniteClient) {
+            authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
+        }
+        else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
+            return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
+        }
+        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const scopedActionsPayload = scopedActions.map(scopedAction => {
+            return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
+        });
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        const httpClient = tridentBackendApi.Api.getPart('httpClient');
+        const profile = attributionsService.getProfile();
+        let response;
+        try {
+            response = await httpClient.fetch({
+                url: {
+                    appName: 'platform',
+                    path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
+                    profile,
+                },
+                method: 'POST',
+                headers: {
+                    Authorization: internalAuthToken,
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({
+                    user_id: userId,
+                    scoped_actions: scopedActionsPayload,
+                }),
+            }, {
+                timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
+            });
+        }
+        catch (err) {
+            if (err instanceof mondayFetchApi.HttpFetcherError) {
+                authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
+            }
+            else {
+                throw err;
+            }
+        }
+        function toCamelCase(obj) {
+            return mapKeys__default.default(obj, (_, key) => camelCase__default.default(key));
+        }
+        if (!response) {
+            authorizationInternalService.logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
+            throw new Error('AuthorizationService: missing response');
+        }
+        const scopedActionsResponseObjects = response.result.map(responseObject => {
+            const { scopedAction, permit } = responseObject;
+            const { scope } = scopedAction;
+            return {
+                ...responseObject,
+                scopedAction: { ...scopedAction, scope: toCamelCase(scope) },
+                permit: toCamelCase(permit),
+            };
+        });
+        return scopedActionsResponseObjects;
+    }
     static async isAuthorizedSingular(accountId, userId, resources, action) {
         const { authorizationObjects } = createAuthorizationParams(resources, action);
         return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
     }
-    static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param authorizationRequestObjects
+     * @private
+     */
+    static async isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects) {
         const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const startTime = perf_hooks.performance.now();
         const attributionHeaders = attributionsService.getAttributionsFromApi();
@@ -127,7 +210,6 @@ class AuthorizationService {
         const endTime = perf_hooks.performance.now();
         const time = endTime - startTime;
         const responseStatus = response.status;
-        prometheusService.sendAuthorizationChecksPerRequestMetric(responseStatus, authorizationRequestObjects.length);
         authorizationInternalService.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
         const responseBody = await response.json();
         const unauthorizedObjects = [];
@@ -149,6 +231,75 @@ class AuthorizationService {
         }
         return { isAuthorized: true };
     }
+    static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
+        // gradually release the new platform profile features
+        if (!this.igniteClient) {
+            authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
+        }
+        else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
+            return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
+        }
+        const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const startTime = perf_hooks.performance.now();
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        const httpClient = tridentBackendApi.Api.getPart('httpClient');
+        const profile = attributionsService.getProfile();
+        let response;
+        try {
+            response = await httpClient.fetch({
+                url: {
+                    appName: 'platform',
+                    path: PLATFORM_AUTHORIZE_PATH,
+                    profile,
+                },
+                method: 'POST',
+                headers: {
+                    Authorization: internalAuthToken,
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({
+                    user_id: userId,
+                    authorize_request_objects: authorizationRequestObjects,
+                }),
+            }, {
+                timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
+            });
+        }
+        catch (err) {
+            if (err instanceof httpClient.HttpFetcherError) {
+                authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, 'isAuthorizedMultiple');
+            }
+            else {
+                throw err;
+            }
+        }
+        const endTime = perf_hooks.performance.now();
+        const time = endTime - startTime;
+        const unauthorizedObjects = [];
+        if (!response) {
+            authorizationInternalService.logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
+            throw new Error('AuthorizationService: missing response');
+        }
+        response.result.forEach(function (isAuthorized, index) {
+            const authorizationObject = authorizationRequestObjects[index];
+            if (!isAuthorized) {
+                unauthorizedObjects.push(authorizationObject);
+            }
+            prometheusService.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time);
+        });
+        if (unauthorizedObjects.length > 0) {
+            authorizationInternalService.logger.info({
+                resources: JSON.stringify(unauthorizedObjects),
+            }, 'AuthorizationService: resource is unauthorized');
+            const unauthorizedIds = unauthorizedObjects
+                .filter(obj => !!obj.resource_id)
+                .map(obj => obj.resource_id);
+            return { isAuthorized: false, unauthorizedIds, unauthorizedObjects };
+        }
+        return { isAuthorized: true };
+    }
 }
 function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS) {
     AuthorizationService.redisClient = client;
@@ -160,6 +311,11 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
         AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
     }
 }
+async function setIgniteClient() {
+    AuthorizationService.igniteClient = await igniteSdk.getIgniteClient({
+        namespace: ['authorization'],
+    });
+}
 function createAuthorizationParams(resources, action) {
     const params = {
         authorizationObjects: resources.map((resource) => {
@@ -177,12 +333,14 @@ function createAuthorizationParams(resources, action) {
     return params;
 }
 function getAuthorizeUrl() {
-    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/authorize`;
+    return '/internal_ms/authorization/authorize';
 }
 function getCanActionsInScopesUrl() {
-    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/can_actions_in_scopes`;
+    return '/internal_ms/authorization/can_actions_in_scopes';
 }
 
 exports.AuthorizationService = AuthorizationService;
+exports.createAuthorizationParams = createAuthorizationParams;
+exports.setIgniteClient = setIgniteClient;
 exports.setRedisClient = setRedisClient;
 exports.setRequestFetchOptions = setRequestFetchOptions;

package/dist/esm/attributions-service.d.ts

@@ -1,4 +1,13 @@
+import { Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api';
+declare enum PlatformProfile {
+    API_INTERNAL = "api-internal",
+    SLOW = "slow",
+    INTERNAL = "internal"
+}
+export declare function getProfile(): PlatformProfile;
+export declare function getExecutionContext(context: Context): ExecutionContext;
 export declare function getAttributionsFromApi(): {
     [key: string]: string;
 };
+export {};
 //# sourceMappingURL=attributions-service.d.ts.map

package/dist/esm/attributions-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AASA,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
+{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,aAAK,eAAe;IAClB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,UAAU,oBAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}

package/dist/esm/attributions-service.mjs

@@ -5,6 +5,32 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
 const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
 const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
 let didSendFailureLogOnce = false;
+var PlatformProfile;
+(function (PlatformProfile) {
+    PlatformProfile["API_INTERNAL"] = "api-internal";
+    PlatformProfile["SLOW"] = "slow";
+    PlatformProfile["INTERNAL"] = "internal";
+})(PlatformProfile || (PlatformProfile = {}));
+function getProfile() {
+    const tridentContext = Api.getPart('context');
+    if (!tridentContext) {
+        return PlatformProfile.INTERNAL;
+    }
+    const { mondayRequestSource } = getExecutionContext(tridentContext);
+    switch (mondayRequestSource) {
+        case 'api': {
+            return PlatformProfile.API_INTERNAL;
+        }
+        case 'slow': {
+            return PlatformProfile.SLOW;
+        }
+        default:
+            return PlatformProfile.INTERNAL;
+    }
+}
+function getExecutionContext(context) {
+    return context.execution.get();
+}
 function getAttributionsFromApi() {
     const callerAppNameFromSdk = {
         [APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
@@ -50,4 +76,4 @@ function tryJsonParse(value) {
     }
 }
 
-export { getAttributionsFromApi };
+export { getAttributionsFromApi, getExecutionContext, getProfile };

package/dist/esm/authorization-internal-service.d.ts

@@ -1,14 +1,18 @@
 import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import type { Request } from 'express';
+import { OnRetryCallback, RetryPolicy } from '@mondaydotcomorg/monday-fetch-api';
+import { BaseRequest } from './types/general';
 export declare const logger: import("bunyan");
+export declare const onRetryCallback: OnRetryCallback;
 export declare class AuthorizationInternalService {
-    static skipAuthorization(requset: Request): void;
-    static markAuthorized(request: Request): void;
-    static failIfNotCoveredByAuthorization(request: Request): void;
+    static skipAuthorization(requset: BaseRequest): void;
+    static markAuthorized(request: BaseRequest): void;
+    static failIfNotCoveredByAuthorization(request: BaseRequest): void;
     static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
+    static throwOnHttpError(status: number, placement: string): void;
     static generateInternalAuthToken(accountId: number, userId: number): string;
     static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
     static getRequestFetchOptions(): MondayFetchOptions;
     static getRequestTimeout(): 60000 | 2000;
+    static getRetriesPolicy(): RetryPolicy;
 }
 //# sourceMappingURL=authorization-internal-service.d.ts.map

package/dist/esm/authorization-internal-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AASvC,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAY/C,qBAAa,4BAA4B;IACvC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAIhD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI7C,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAM9D,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,iBAAiB;CAIzB"}
+{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,EAAyB,eAAe,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AACxG,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK9C,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAO/C,eAAO,MAAM,eAAe,EAAE,eAM7B,CAAC;AAYF,qBAAa,4BAA4B;IACvC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;IAQzD,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,iBAAiB;IAKxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CASvC"}

package/dist/esm/authorization-internal-service.mjs

@@ -2,11 +2,21 @@ import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
 import * as MondayLogger from '@mondaydotcomorg/monday-logger';
 
 const INTERNAL_APP_NAME = 'internal_ms';
+const MAX_RETRIES = 3;
+const RETRY_DELAY_MS = 10;
+const logger = MondayLogger.getLogger();
 const defaultMondayFetchOptions = {
-    retries: 3,
+    retries: MAX_RETRIES,
     callback: logOnFetchFail,
 };
-const logger = MondayLogger.getLogger();
+const onRetryCallback = (attempt, error) => {
+    if (attempt == MAX_RETRIES) {
+        logger.error({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed');
+    }
+    else {
+        logger.info({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed, trying again');
+    }
+};
 function logOnFetchFail(retriesLeft, error) {
     if (retriesLeft == 0) {
         logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
@@ -36,6 +46,10 @@ class AuthorizationInternalService {
         logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
         throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
     }
+    static throwOnHttpError(status, placement) {
+        logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
+        throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
+    }
     static generateInternalAuthToken(accountId, userId) {
         return signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
     }
@@ -52,6 +66,15 @@ class AuthorizationInternalService {
         const isDevEnv = process.env.NODE_ENV === 'development';
         return isDevEnv ? 60000 : 2000;
     }
+    static getRetriesPolicy() {
+        const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
+        return {
+            useRetries: fetchOptions.retries !== undefined,
+            maxRetries: fetchOptions.retries !== undefined ? fetchOptions.retries : 0,
+            onRetry: onRetryCallback,
+            retryDelayMS: fetchOptions.retryDelay ?? RETRY_DELAY_MS,
+        };
+    }
 }
 
-export { AuthorizationInternalService, logger };
+export { AuthorizationInternalService, logger, onRetryCallback };

package/dist/esm/authorization-middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,KAAK,EAAE,YAAY,EAAW,MAAM,SAAS,CAAC;AAIrD,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,aAGlB,WAAW,YACV,YAAY,QAChB,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CAYjB;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAGlH;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CASnH;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAElE"}
+{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAI5C,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,IAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CAajB;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAGlH;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CASnH;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAElE"}

package/dist/esm/authorization-middleware.mjs

@@ -1,6 +1,6 @@
 import onHeaders from 'on-headers';
 import { AuthorizationInternalService } from './authorization-internal-service.mjs';
-import { AuthorizationService } from './authorization-service.mjs';
+import { createAuthorizationParams, AuthorizationService } from './authorization-service.mjs';
 
 // getAuthorizationMiddleware is duplicated in testKit/index.ts
 // If you are making changes to this function, please make sure to update the other file as well
@@ -9,7 +9,8 @@ function getAuthorizationMiddleware(action, resourceGetter, contextGetter) {
         contextGetter ||= defaultContextGetter;
         const { userId, accountId } = contextGetter(request);
         const resources = resourceGetter(request);
-        const { isAuthorized } = await AuthorizationService.isAuthorized(accountId, userId, resources, action);
+        const { authorizationObjects } = createAuthorizationParams(resources, action);
+        const { isAuthorized } = await AuthorizationService.isAuthorized(accountId, userId, authorizationObjects);
         AuthorizationInternalService.markAuthorized(request);
         if (!isAuthorized) {
             response.status(403).json({ message: 'Access denied' });

package/dist/esm/authorization-service.d.ts

@@ -1,5 +1,6 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import { Action, AuthorizationObject, Resource } from './types/general';
+import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
+import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
 import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
 export interface AuthorizeResponse {
     isAuthorized: boolean;
@@ -10,6 +11,7 @@ export declare function setRequestFetchOptions(customMondayFetchOptions: MondayF
 export declare class AuthorizationService {
     static redisClient?: any;
     static grantedFeatureRedisExpirationInSeconds?: number;
+    static igniteClient?: IgniteClient;
     /**
      * @deprecated use the second form with authorizationRequestObjects instead,
      * support of this function will be dropped gradually
@@ -26,9 +28,26 @@ export declare class AuthorizationService {
     private static fetchIsUserGrantedWithFeature;
     private static getCachedKeyName;
     static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param scopedActions
+     */
+    private static canActionInScopeMultiple_withoutPlatformProfile;
     static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
     private static isAuthorizedSingular;
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param authorizationRequestObjects
+     * @private
+     */
+    private static isAuthorizedMultiple_withoutPlatformProfile;
     private static isAuthorizedMultiple;
 }
 export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
+export declare function setIgniteClient(): Promise<void>;
+export declare function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams;
 //# sourceMappingURL=authorization-service.d.ts.map

package/dist/esm/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAuB,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAK7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAM1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAED,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAEvD;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;WAMjB,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAiE1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAiG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAIpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/esm/authorization-service.mjs

@@ -3,17 +3,23 @@ import snakeCase from 'lodash/snakeCase.js';
 import camelCase from 'lodash/camelCase.js';
 import mapKeys from 'lodash/mapKeys.js';
 import { fetch } from '@mondaydotcomorg/monday-fetch';
-import { sendAuthorizationChecksPerRequestMetric, sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
+import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
+import { getIgniteClient } from '@mondaydotcomorg/ignite-sdk';
+import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
 import { AuthorizationInternalService, logger } from './authorization-internal-service.mjs';
-import { getAttributionsFromApi } from './attributions-service.mjs';
+import { getAttributionsFromApi, getProfile } from './attributions-service.mjs';
 
 const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
+const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
+const PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH = '/internal_ms/authorization/can_actions_in_scopes';
 function setRequestFetchOptions(customMondayFetchOptions) {
     AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
 class AuthorizationService {
     static redisClient;
     static grantedFeatureRedisExpirationInSeconds;
+    static igniteClient;
     static async isAuthorized(...args) {
         if (args.length === 3) {
             return this.isAuthorizedMultiple(args[0], args[1], args[2]);
@@ -61,7 +67,13 @@ class AuthorizationService {
         const scopedActionResponseObjects = await this.canActionInScopeMultiple(accountId, userId, scopedActions);
         return scopedActionResponseObjects[0].permit;
     }
-    static async canActionInScopeMultiple(accountId, userId, scopedActions) {
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param scopedActions
+     */
+    static async canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions) {
         const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const scopedActionsPayload = scopedActions.map(scopedAction => {
             return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
@@ -95,11 +107,82 @@ class AuthorizationService {
         });
         return scopedActionsResponseObjects;
     }
+    static async canActionInScopeMultiple(accountId, userId, scopedActions) {
+        // gradually release the new platform profile features
+        if (!this.igniteClient) {
+            logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
+        }
+        else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
+            return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
+        }
+        const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const scopedActionsPayload = scopedActions.map(scopedAction => {
+            return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
+        });
+        const attributionHeaders = getAttributionsFromApi();
+        const httpClient = Api.getPart('httpClient');
+        const profile = getProfile();
+        let response;
+        try {
+            response = await httpClient.fetch({
+                url: {
+                    appName: 'platform',
+                    path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
+                    profile,
+                },
+                method: 'POST',
+                headers: {
+                    Authorization: internalAuthToken,
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({
+                    user_id: userId,
+                    scoped_actions: scopedActionsPayload,
+                }),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+        }
+        catch (err) {
+            if (err instanceof HttpFetcherError) {
+                AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
+            }
+            else {
+                throw err;
+            }
+        }
+        function toCamelCase(obj) {
+            return mapKeys(obj, (_, key) => camelCase(key));
+        }
+        if (!response) {
+            logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
+            throw new Error('AuthorizationService: missing response');
+        }
+        const scopedActionsResponseObjects = response.result.map(responseObject => {
+            const { scopedAction, permit } = responseObject;
+            const { scope } = scopedAction;
+            return {
+                ...responseObject,
+                scopedAction: { ...scopedAction, scope: toCamelCase(scope) },
+                permit: toCamelCase(permit),
+            };
+        });
+        return scopedActionsResponseObjects;
+    }
     static async isAuthorizedSingular(accountId, userId, resources, action) {
         const { authorizationObjects } = createAuthorizationParams(resources, action);
         return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
     }
-    static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
+    /**
+     * @deprecated - gradually phasing this out
+     * @param accountId
+     * @param userId
+     * @param authorizationRequestObjects
+     * @private
+     */
+    static async isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects) {
         const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const startTime = performance.now();
         const attributionHeaders = getAttributionsFromApi();
@@ -119,7 +202,6 @@ class AuthorizationService {
         const endTime = performance.now();
         const time = endTime - startTime;
         const responseStatus = response.status;
-        sendAuthorizationChecksPerRequestMetric(responseStatus, authorizationRequestObjects.length);
         AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
         const responseBody = await response.json();
         const unauthorizedObjects = [];
@@ -141,6 +223,75 @@ class AuthorizationService {
         }
         return { isAuthorized: true };
     }
+    static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
+        // gradually release the new platform profile features
+        if (!this.igniteClient) {
+            logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
+        }
+        else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
+            return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
+        }
+        const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+        const startTime = performance.now();
+        const attributionHeaders = getAttributionsFromApi();
+        const httpClient = Api.getPart('httpClient');
+        const profile = getProfile();
+        let response;
+        try {
+            response = await httpClient.fetch({
+                url: {
+                    appName: 'platform',
+                    path: PLATFORM_AUTHORIZE_PATH,
+                    profile,
+                },
+                method: 'POST',
+                headers: {
+                    Authorization: internalAuthToken,
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({
+                    user_id: userId,
+                    authorize_request_objects: authorizationRequestObjects,
+                }),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+        }
+        catch (err) {
+            if (err instanceof httpClient.HttpFetcherError) {
+                AuthorizationInternalService.throwOnHttpError(err.status, 'isAuthorizedMultiple');
+            }
+            else {
+                throw err;
+            }
+        }
+        const endTime = performance.now();
+        const time = endTime - startTime;
+        const unauthorizedObjects = [];
+        if (!response) {
+            logger.error({ tag: 'authorization-service', response }, 'AuthorizationService: missing response');
+            throw new Error('AuthorizationService: missing response');
+        }
+        response.result.forEach(function (isAuthorized, index) {
+            const authorizationObject = authorizationRequestObjects[index];
+            if (!isAuthorized) {
+                unauthorizedObjects.push(authorizationObject);
+            }
+            sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time);
+        });
+        if (unauthorizedObjects.length > 0) {
+            logger.info({
+                resources: JSON.stringify(unauthorizedObjects),
+            }, 'AuthorizationService: resource is unauthorized');
+            const unauthorizedIds = unauthorizedObjects
+                .filter(obj => !!obj.resource_id)
+                .map(obj => obj.resource_id);
+            return { isAuthorized: false, unauthorizedIds, unauthorizedObjects };
+        }
+        return { isAuthorized: true };
+    }
 }
 function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS) {
     AuthorizationService.redisClient = client;
@@ -152,6 +303,11 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
         AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
     }
 }
+async function setIgniteClient() {
+    AuthorizationService.igniteClient = await getIgniteClient({
+        namespace: ['authorization'],
+    });
+}
 function createAuthorizationParams(resources, action) {
     const params = {
         authorizationObjects: resources.map((resource) => {
@@ -169,10 +325,10 @@ function createAuthorizationParams(resources, action) {
     return params;
 }
 function getAuthorizeUrl() {
-    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/authorize`;
+    return '/internal_ms/authorization/authorize';
 }
 function getCanActionsInScopesUrl() {
-    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/can_actions_in_scopes`;
+    return '/internal_ms/authorization/can_actions_in_scopes';
 }
 
-export { AuthorizationService, setRedisClient, setRequestFetchOptions };
+export { AuthorizationService, createAuthorizationParams, setIgniteClient, setRedisClient, setRequestFetchOptions };

package/dist/esm/index.d.ts

@@ -6,7 +6,7 @@ export interface InitOptions {
     redisClient?: any;
     grantedFeatureRedisExpirationInSeconds?: number;
 }
-export declare function init(options?: InitOptions): void;
+export declare function init(options?: InitOptions): Promise<void>;
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';

package/dist/esm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAgB,IAAI,CAAC,OAAO,GAAE,WAAgB,QAW7C;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAcnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/esm/index.mjs

@@ -1,12 +1,12 @@
 import { setPrometheus } from './prometheus-service.mjs';
-import { setRequestFetchOptions, setRedisClient } from './authorization-service.mjs';
+import { setRequestFetchOptions, setRedisClient, setIgniteClient } from './authorization-service.mjs';
 export { AuthorizationService } from './authorization-service.mjs';
 import * as testKit_index from './testKit/index.mjs';
 export { testKit_index as TestKit };
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware } from './authorization-middleware.mjs';
 export { AuthorizationAttributesService } from './authorization-attributes-service.mjs';
 
-function init(options = {}) {
+async function init(options = {}) {
     if (options.prometheus) {
         setPrometheus(options.prometheus);
     }
@@ -16,6 +16,8 @@ function init(options = {}) {
     if (options.redisClient) {
         setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
     }
+    // add an ignite client for gradual release features
+    await setIgniteClient();
 }
 
 export { init };

package/dist/esm/prometheus-service.d.ts

@@ -6,6 +6,5 @@ export declare const METRICS: {
 };
 export declare function setPrometheus(customPrometheus: any): void;
 export declare function getMetricsManager(): any;
-export declare function sendAuthorizationChecksPerRequestMetric(responseStatus: any, amountOfAuthorizationObjects: any): void;
 export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;
 //# sourceMappingURL=prometheus-service.d.ts.map

package/dist/esm/prometheus-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAMzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAcF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAiB7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,uCAAuC,CAAC,cAAc,KAAA,EAAE,4BAA4B,KAAA,QAQnG;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}
+{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAU7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}

package/dist/esm/prometheus-service.mjs

@@ -1,16 +1,10 @@
 let prometheus = null;
-let authorizationChecksPerRequestMetric = null;
 let authorizationCheckResponseTimeMetric = null;
 const METRICS = {
     AUTHORIZATION_CHECK: 'authorization_check',
     AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
     AUTHORIZATION_CHECK_RESPONSE_TIME: 'authorization_check_response_time',
 };
-const authorizationChecksPerRequestMetricConfig = {
-    name: METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
-    labels: ['responseStatus'],
-    description: 'Authorization checks per request summary',
-};
 const authorizationCheckResponseTimeMetricConfig = {
     name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
     labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
@@ -19,22 +13,11 @@ const authorizationCheckResponseTimeMetricConfig = {
 function setPrometheus(customPrometheus) {
     prometheus = customPrometheus;
     const { METRICS_TYPES } = prometheus;
-    authorizationChecksPerRequestMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationChecksPerRequestMetricConfig.name, authorizationChecksPerRequestMetricConfig.labels, authorizationChecksPerRequestMetricConfig.description);
     authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
 }
 function getMetricsManager() {
     return prometheus?.metricsManager;
 }
-function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthorizationObjects) {
-    try {
-        if (authorizationChecksPerRequestMetric) {
-            authorizationChecksPerRequestMetric.labels(responseStatus).observe(amountOfAuthorizationObjects);
-        }
-    }
-    catch (e) {
-        // ignore
-    }
-}
 function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
     try {
         if (authorizationCheckResponseTimeMetric) {
@@ -46,4 +29,4 @@ function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthor
     }
 }
 
-export { METRICS, getMetricsManager, sendAuthorizationCheckResponseTimeMetric, sendAuthorizationChecksPerRequestMetric, setPrometheus };
+export { METRICS, getMetricsManager, sendAuthorizationCheckResponseTimeMetric, setPrometheus };

package/dist/esm/testKit/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,cAAe,MAAM,UAAU,MAAM,aAAa,QAAQ,EAAE,UAAU,MAAM,SAE9G,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AAyBF,eAAO,MAAM,8BAA8B,WACjC,MAAM,kBACE,cAAc,kBACd,aAAa,eAGlB,WAAW,YACV,YAAY,QAChB,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,GAAI,WAAW,MAAM,EAAE,QAAQ,MAAM,EAAE,WAAW,QAAQ,EAAE,EAAE,QAAQ,MAAM,SAE9G,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AAyBF,eAAO,MAAM,8BAA8B,GACzC,QAAQ,MAAM,EACd,gBAAgB,cAAc,EAC9B,gBAAgB,aAAa,MAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}

package/dist/esm/types/general.d.ts

@@ -19,13 +19,13 @@ export interface AuthorizationParams {
     authorizationObjects: AuthorizationObject[];
 }
 type BasicObject = {
-    [key: string]: string;
+    [key: string]: unknown;
 };
 export type BaseParameters = BasicObject;
 export type BaseResponseBody = BasicObject;
 export type BaseBodyParameters = BasicObject;
 export type BaseQueryParameters = BasicObject;
-export type BaseRequest = Request<BaseParameters, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
+export type BaseRequest = Request<Express.Request, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
 export type BaseResponse = Response<BaseResponseBody>;
 export type ResourceGetter = (request: BaseRequest) => Resource[];
 export type ContextGetter = (request: BaseRequest) => Context;

package/dist/esm/types/general.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"general.d.ts","sourceRoot":"","sources":["../../../src/types/general.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,MAAM,WAAW,QAAQ;IACvB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AACD,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC;AAC5B,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7B,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChC,YAAY,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,KAAK,WAAW,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAE7C,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAC7C,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAC9C,MAAM,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC,CAAC;AAC7G,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AACtD,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,QAAQ,EAAE,CAAC;AAClE,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC"}
+{"version":3,"file":"general.d.ts","sourceRoot":"","sources":["../../../src/types/general.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,MAAM,WAAW,QAAQ;IACvB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AACD,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC;AAC5B,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7B,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChC,YAAY,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,KAAK,WAAW,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAAC;AAE9C,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAC7C,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAC9C,MAAM,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC,CAAC;AAC9G,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AACtD,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,QAAQ,EAAE,CAAC;AAClE,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC"}

package/dist/index.d.ts

@@ -6,7 +6,7 @@ export interface InitOptions {
     redisClient?: any;
     grantedFeatureRedisExpirationInSeconds?: number;
 }
-export declare function init(options?: InitOptions): void;
+export declare function init(options?: InitOptions): Promise<void>;
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAgB,IAAI,CAAC,OAAO,GAAE,WAAgB,QAW7C;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAcnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/index.js

@@ -6,7 +6,7 @@ const testKit_index = require('./testKit/index.js');
 const authorizationMiddleware = require('./authorization-middleware.js');
 const authorizationAttributesService = require('./authorization-attributes-service.js');
 
-function init(options = {}) {
+async function init(options = {}) {
     if (options.prometheus) {
         prometheusService.setPrometheus(options.prometheus);
     }
@@ -16,6 +16,8 @@ function init(options = {}) {
     if (options.redisClient) {
         authorizationService.setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
     }
+    // add an ignite client for gradual release features
+    await authorizationService.setIgniteClient();
 }
 
 exports.AuthorizationService = authorizationService.AuthorizationService;

package/dist/prometheus-service.d.ts

@@ -6,6 +6,5 @@ export declare const METRICS: {
 };
 export declare function setPrometheus(customPrometheus: any): void;
 export declare function getMetricsManager(): any;
-export declare function sendAuthorizationChecksPerRequestMetric(responseStatus: any, amountOfAuthorizationObjects: any): void;
 export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;
 //# sourceMappingURL=prometheus-service.d.ts.map

package/dist/prometheus-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAMzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAcF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAiB7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,uCAAuC,CAAC,cAAc,KAAA,EAAE,4BAA4B,KAAA,QAQnG;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}
+{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAU7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}

package/dist/prometheus-service.js

@@ -1,18 +1,12 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
 let prometheus = null;
-let authorizationChecksPerRequestMetric = null;
 let authorizationCheckResponseTimeMetric = null;
 const METRICS = {
     AUTHORIZATION_CHECK: 'authorization_check',
     AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
     AUTHORIZATION_CHECK_RESPONSE_TIME: 'authorization_check_response_time',
 };
-const authorizationChecksPerRequestMetricConfig = {
-    name: METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
-    labels: ['responseStatus'],
-    description: 'Authorization checks per request summary',
-};
 const authorizationCheckResponseTimeMetricConfig = {
     name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
     labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
@@ -21,22 +15,11 @@ const authorizationCheckResponseTimeMetricConfig = {
 function setPrometheus(customPrometheus) {
     prometheus = customPrometheus;
     const { METRICS_TYPES } = prometheus;
-    authorizationChecksPerRequestMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationChecksPerRequestMetricConfig.name, authorizationChecksPerRequestMetricConfig.labels, authorizationChecksPerRequestMetricConfig.description);
     authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
 }
 function getMetricsManager() {
     return prometheus?.metricsManager;
 }
-function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthorizationObjects) {
-    try {
-        if (authorizationChecksPerRequestMetric) {
-            authorizationChecksPerRequestMetric.labels(responseStatus).observe(amountOfAuthorizationObjects);
-        }
-    }
-    catch (e) {
-        // ignore
-    }
-}
 function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
     try {
         if (authorizationCheckResponseTimeMetric) {
@@ -51,5 +34,4 @@ function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthor
 exports.METRICS = METRICS;
 exports.getMetricsManager = getMetricsManager;
 exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;
-exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
 exports.setPrometheus = setPrometheus;

package/dist/testKit/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,cAAe,MAAM,UAAU,MAAM,aAAa,QAAQ,EAAE,UAAU,MAAM,SAE9G,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AAyBF,eAAO,MAAM,8BAA8B,WACjC,MAAM,kBACE,cAAc,kBACd,aAAa,eAGlB,WAAW,YACV,YAAY,QAChB,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/testKit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAG9G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,MAAM,MAAM,mBAAmB,GAAG;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAGF,eAAO,MAAM,sBAAsB,GAAI,WAAW,MAAM,EAAE,QAAQ,MAAM,EAAE,WAAW,QAAQ,EAAE,EAAE,QAAQ,MAAM,SAE9G,CAAC;AAEF,eAAO,MAAM,yBAAyB,YAErC,CAAC;AAyBF,eAAO,MAAM,8BAA8B,GACzC,QAAQ,MAAM,EACd,gBAAgB,cAAc,EAC9B,gBAAgB,aAAa,MAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAYhB,CAAC"}

package/dist/types/general.d.ts

@@ -19,13 +19,13 @@ export interface AuthorizationParams {
     authorizationObjects: AuthorizationObject[];
 }
 type BasicObject = {
-    [key: string]: string;
+    [key: string]: unknown;
 };
 export type BaseParameters = BasicObject;
 export type BaseResponseBody = BasicObject;
 export type BaseBodyParameters = BasicObject;
 export type BaseQueryParameters = BasicObject;
-export type BaseRequest = Request<BaseParameters, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
+export type BaseRequest = Request<Express.Request, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
 export type BaseResponse = Response<BaseResponseBody>;
 export type ResourceGetter = (request: BaseRequest) => Resource[];
 export type ContextGetter = (request: BaseRequest) => Context;

package/dist/types/general.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"general.d.ts","sourceRoot":"","sources":["../../src/types/general.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,MAAM,WAAW,QAAQ;IACvB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AACD,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC;AAC5B,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7B,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChC,YAAY,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,KAAK,WAAW,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAE7C,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAC7C,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAC9C,MAAM,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC,CAAC;AAC7G,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AACtD,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,QAAQ,EAAE,CAAC;AAClE,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC"}
+{"version":3,"file":"general.d.ts","sourceRoot":"","sources":["../../src/types/general.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEjD,MAAM,WAAW,QAAQ;IACvB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AACD,MAAM,MAAM,MAAM,GAAG,MAAM,CAAC;AAC5B,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7B,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChC,YAAY,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC;IACvC,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,mBAAmB;IAClC,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,KAAK,WAAW,GAAG;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAAE,CAAC;AAE9C,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAC7C,MAAM,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAC9C,MAAM,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC,CAAC;AAC9G,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AACtD,MAAM,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,QAAQ,EAAE,CAAC;AAClE,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "1.2.19",
+  "version": "2.0.0-fix-moshesa-set-basic-object-val-to-unknown--8965160254.59909b8",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -19,7 +19,9 @@
     "watch": "trident-library build -w"
   },
   "dependencies": {
+    "@mondaydotcomorg/ignite-sdk": "^2.0.5",
     "@mondaydotcomorg/monday-fetch": "^0.0.7",
+    "@mondaydotcomorg/monday-fetch-api": "^1.0.2",
     "@mondaydotcomorg/monday-jwt": "^3.0.14",
     "@mondaydotcomorg/monday-logger": "^4.0.11",
     "@mondaydotcomorg/monday-sns": "^1.0.6",
@@ -37,7 +39,7 @@
     "@types/supertest": "^2.0.11",
     "express": "^4.17.1",
     "ioredis": "^5.2.4",
-    "ioredis-mock": "^8.2.2",
+    "ioredis-mock": "^8.9.0",
     "sinon": "9.0.3",
     "supertest": "^6.1.3",
     "typescript": "^5.2.2"