@mondaydotcomorg/monday-authorization 2.0.1-feat-membership-service.90c5b99 → 2.0.1-fix-moshesa-optional-ignite-params-and-backward-compatability.cd00ee6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -41
- package/dist/attributions-service.d.ts +3 -1
- package/dist/attributions-service.d.ts.map +1 -1
- package/dist/attributions-service.js +23 -2
- package/dist/authorization-service.d.ts +2 -2
- package/dist/authorization-service.d.ts.map +1 -1
- package/dist/authorization-service.js +13 -14
- package/dist/esm/attributions-service.d.ts +3 -1
- package/dist/esm/attributions-service.d.ts.map +1 -1
- package/dist/esm/attributions-service.mjs +21 -2
- package/dist/esm/authorization-service.d.ts +2 -2
- package/dist/esm/authorization-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.mjs +14 -15
- package/dist/esm/index.d.ts +3 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.mjs +5 -1
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -138,86 +138,57 @@ const canActionInScopeMultipleResponse: ScopedActionResponseObject[] =
|
|
|
138
138
|
```
|
|
139
139
|
|
|
140
140
|
### Authorization Attributes API
|
|
141
|
-
|
|
142
141
|
Authorization attributes have 2 options to get called: sync (http request) and async (send to SNS and consumed asynchronously).
|
|
143
|
-
When you have to make sure the change in the attributes applied before the function return, please use the sync method, otherwise use the async
|
|
142
|
+
When you have to make sure the change in the attributes applied before the function return, please use the sync method, otherwise use the async
|
|
144
143
|
|
|
145
144
|
#### Sync method
|
|
146
|
-
|
|
147
145
|
Use `AuthorizationAttributesService.upsertResourceAttributesSync` to upsert multiple resource attributes in the authorization MS synchronously.
|
|
148
146
|
|
|
149
147
|
```ts
|
|
150
|
-
import {
|
|
151
|
-
AuthorizationAttributesService,
|
|
152
|
-
ResourceAttributeAssignment,
|
|
153
|
-
ResourceAttributeResponse,
|
|
154
|
-
} from '@mondaydotcomorg/monday-authorization';
|
|
148
|
+
import { AuthorizationAttributesService, ResourceAttributeAssignment, ResourceAttributeResponse } from '@mondaydotcomorg/monday-authorization';
|
|
155
149
|
|
|
156
150
|
const accountId = 739630;
|
|
157
151
|
const userId = 4;
|
|
158
152
|
const resourceAttributesAssignments: ResourceAttributeAssignment[] = [
|
|
159
153
|
{ resourceId: 18, resourceType: 'workspace', key: 'is_default_workspace', value: 'true' },
|
|
160
|
-
{ resourceId: 23, resourceType: 'board', key: 'board_kind', value: 'private' }
|
|
154
|
+
{ resourceId: 23, resourceType: 'board', key: 'board_kind', value: 'private' }
|
|
161
155
|
];
|
|
162
156
|
|
|
163
|
-
const response: ResourceAttributeResponse = await AuthorizationAttributesService.upsertResourceAttributesSync(
|
|
164
|
-
accountId,
|
|
165
|
-
userId,
|
|
166
|
-
resourceAttributesAssignments
|
|
167
|
-
);
|
|
157
|
+
const response: ResourceAttributeResponse = await AuthorizationAttributesService.upsertResourceAttributesSync(accountId, userId, resourceAttributesAssignments);
|
|
168
158
|
```
|
|
169
159
|
|
|
170
160
|
Use `AuthorizationAttributesService.deleteResourceAttributesSync` to delete single resource's attributes in the authorization MS synchronously.
|
|
171
161
|
|
|
162
|
+
|
|
172
163
|
```ts
|
|
173
|
-
import {
|
|
174
|
-
AuthorizationAttributesService,
|
|
175
|
-
ResourceAttributeResponse,
|
|
176
|
-
Resource,
|
|
177
|
-
} from '@mondaydotcomorg/monday-authorization';
|
|
164
|
+
import { AuthorizationAttributesService, ResourceAttributeResponse, Resource } from '@mondaydotcomorg/monday-authorization';
|
|
178
165
|
|
|
179
166
|
const accountId = 739630;
|
|
180
167
|
const userId = 4;
|
|
181
168
|
const resource: Resource = { type: 'workspace', id: 18 };
|
|
182
169
|
const attributeKeys: string[] = ['is_default_workspace', 'workspace_kind'];
|
|
183
170
|
|
|
184
|
-
const response: ResourceAttributeResponse = await AuthorizationAttributesService.deleteResourceAttributesSync(
|
|
185
|
-
accountId,
|
|
186
|
-
userId,
|
|
187
|
-
resource,
|
|
188
|
-
attributeKeys
|
|
189
|
-
);
|
|
171
|
+
const response: ResourceAttributeResponse = await AuthorizationAttributesService.deleteResourceAttributesSync(accountId, userId, resource, attributeKeys);
|
|
190
172
|
```
|
|
191
173
|
|
|
192
174
|
#### Async method
|
|
193
|
-
|
|
194
175
|
use `AuthorizationAttributesService.updateResourceAttributesAsync` to upsert or delete multiple resource attributes at once.
|
|
195
176
|
|
|
196
177
|
```ts
|
|
197
|
-
import {
|
|
198
|
-
AuthorizationAttributesService,
|
|
199
|
-
ResourceAttributeAssignment,
|
|
200
|
-
ResourceAttributeResponse,
|
|
201
|
-
} from '@mondaydotcomorg/monday-authorization';
|
|
178
|
+
import { AuthorizationAttributesService, ResourceAttributeAssignment, ResourceAttributeResponse } from '@mondaydotcomorg/monday-authorization';
|
|
202
179
|
|
|
203
180
|
const accountId = 739630;
|
|
204
|
-
const appName =
|
|
205
|
-
const callerActionIdentifier =
|
|
181
|
+
const appName = process.env.APP_NAME;
|
|
182
|
+
const callerActionIdentifier = "actions_v2";
|
|
206
183
|
const resourceAttributeOperations: ResourceAttributesOperation[] = [
|
|
207
184
|
{ operationType: 'upsert', resourceId: 18, resourceType: 'workspace', key: 'is_default_workspace', value: 'true' },
|
|
208
|
-
{ operationType: 'delete', resourceId: 23, resourceType: 'board', key: 'board_kind' }
|
|
185
|
+
{ operationType: 'delete', resourceId: 23, resourceType: 'board', key: 'board_kind' }
|
|
209
186
|
];
|
|
210
187
|
|
|
211
|
-
const response: ResourceAttributeResponse = await AuthorizationAttributesService.updateResourceAttributesAsync(
|
|
212
|
-
accountId,
|
|
213
|
-
appName,
|
|
214
|
-
callerActionIdentifier,
|
|
215
|
-
resourceAttributeOperations
|
|
216
|
-
);
|
|
188
|
+
const response: ResourceAttributeResponse = await AuthorizationAttributesService.updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations);
|
|
217
189
|
```
|
|
218
190
|
|
|
219
191
|
Special notes for asynchronous operations:
|
|
220
|
-
|
|
221
192
|
1. There is no guarantee about the order of the updates, so don't do multiple operations on the same key in the same resource.
|
|
222
193
|
2. To update an existing key, just use upsert operation, it'll override previous value.
|
|
223
194
|
3. Requests with a lot of operations might split to chunks that will be consumed either sequence or in parallel, so there might be a timeframe where some of the operations already applied and some not. Eventually all of them will be applied.
|
|
@@ -4,7 +4,9 @@ declare enum PlatformProfile {
|
|
|
4
4
|
SLOW = "slow",
|
|
5
5
|
INTERNAL = "internal"
|
|
6
6
|
}
|
|
7
|
-
export declare function
|
|
7
|
+
export declare function setPlatformProfile(platformProfile: string): void;
|
|
8
|
+
export declare function getProfileFromInitOption(): PlatformProfile | undefined;
|
|
9
|
+
export declare function getProfileFromTrident(): PlatformProfile;
|
|
8
10
|
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
9
11
|
export declare function getAttributionsFromApi(): {
|
|
10
12
|
[key: string]: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAUtF,aAAK,eAAe;IAClB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,kBAAkB,CAAC,eAAe,EAAE,MAAM,QAEzD;AAED,wBAAgB,wBAAwB,IAAI,eAAe,GAAG,SAAS,CAetE;AAED,wBAAgB,qBAAqB,oBAiBpC;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -7,13 +7,32 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
|
7
7
|
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
8
8
|
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
9
9
|
let didSendFailureLogOnce = false;
|
|
10
|
+
let argPlatformProfile;
|
|
10
11
|
var PlatformProfile;
|
|
11
12
|
(function (PlatformProfile) {
|
|
12
13
|
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
13
14
|
PlatformProfile["SLOW"] = "slow";
|
|
14
15
|
PlatformProfile["INTERNAL"] = "internal";
|
|
15
16
|
})(PlatformProfile || (PlatformProfile = {}));
|
|
16
|
-
function
|
|
17
|
+
function setPlatformProfile(platformProfile) {
|
|
18
|
+
argPlatformProfile = platformProfile;
|
|
19
|
+
}
|
|
20
|
+
function getProfileFromInitOption() {
|
|
21
|
+
if (!argPlatformProfile) {
|
|
22
|
+
return undefined;
|
|
23
|
+
}
|
|
24
|
+
switch (argPlatformProfile) {
|
|
25
|
+
case 'api': {
|
|
26
|
+
return PlatformProfile.API_INTERNAL;
|
|
27
|
+
}
|
|
28
|
+
case 'slow': {
|
|
29
|
+
return PlatformProfile.SLOW;
|
|
30
|
+
}
|
|
31
|
+
default:
|
|
32
|
+
return PlatformProfile.INTERNAL;
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
function getProfileFromTrident() {
|
|
17
36
|
const tridentContext = tridentBackendApi.Api.getPart('context');
|
|
18
37
|
if (!tridentContext) {
|
|
19
38
|
return PlatformProfile.INTERNAL;
|
|
@@ -80,4 +99,6 @@ function tryJsonParse(value) {
|
|
|
80
99
|
|
|
81
100
|
exports.getAttributionsFromApi = getAttributionsFromApi;
|
|
82
101
|
exports.getExecutionContext = getExecutionContext;
|
|
83
|
-
exports.
|
|
102
|
+
exports.getProfileFromInitOption = getProfileFromInitOption;
|
|
103
|
+
exports.getProfileFromTrident = getProfileFromTrident;
|
|
104
|
+
exports.setPlatformProfile = setPlatformProfile;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
2
|
+
import { IgniteClient, IgniteDependencies } from '@mondaydotcomorg/ignite-sdk';
|
|
3
3
|
import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
|
|
4
4
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
5
|
export interface AuthorizeResponse {
|
|
@@ -48,6 +48,6 @@ export declare class AuthorizationService {
|
|
|
48
48
|
private static isAuthorizedMultiple;
|
|
49
49
|
}
|
|
50
50
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
51
|
-
export declare function setIgniteClient(): Promise<void>;
|
|
51
|
+
export declare function setIgniteClient(igniteDependencies?: IgniteDependencies): Promise<void>;
|
|
52
52
|
export declare function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams;
|
|
53
53
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAChG,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA2EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAgG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,CAAC,kBAAkB,CAAC,EAAE,kBAAkB,iBAK5E;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
|
|
@@ -116,20 +116,19 @@ class AuthorizationService {
|
|
|
116
116
|
return scopedActionsResponseObjects;
|
|
117
117
|
}
|
|
118
118
|
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
119
|
-
|
|
120
|
-
if (!
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
119
|
+
const profile = tridentBackendApi.Api.isInitialized() ? attributionsService.getProfileFromTrident() : attributionsService.getProfileFromInitOption();
|
|
120
|
+
if (!profile ||
|
|
121
|
+
!this.igniteClient ||
|
|
122
|
+
!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
124
123
|
return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
|
|
125
124
|
}
|
|
125
|
+
// gradually release the new platform profile features
|
|
126
126
|
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
127
127
|
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
128
128
|
return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
129
129
|
});
|
|
130
130
|
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
131
131
|
const httpClient = tridentBackendApi.Api.getPart('httpClient');
|
|
132
|
-
const profile = attributionsService.getProfile();
|
|
133
132
|
let response;
|
|
134
133
|
try {
|
|
135
134
|
response = await httpClient.fetch({
|
|
@@ -232,18 +231,17 @@ class AuthorizationService {
|
|
|
232
231
|
return { isAuthorized: true };
|
|
233
232
|
}
|
|
234
233
|
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
235
|
-
|
|
236
|
-
if (!
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
234
|
+
const profile = tridentBackendApi.Api.isInitialized() ? attributionsService.getProfileFromTrident() : attributionsService.getProfileFromInitOption();
|
|
235
|
+
if (!profile ||
|
|
236
|
+
!this.igniteClient ||
|
|
237
|
+
!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
240
238
|
return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
|
|
241
239
|
}
|
|
240
|
+
// gradually release the new platform profile features
|
|
242
241
|
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
243
242
|
const startTime = perf_hooks.performance.now();
|
|
244
243
|
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
245
244
|
const httpClient = tridentBackendApi.Api.getPart('httpClient');
|
|
246
|
-
const profile = attributionsService.getProfile();
|
|
247
245
|
let response;
|
|
248
246
|
try {
|
|
249
247
|
response = await httpClient.fetch({
|
|
@@ -311,9 +309,10 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
|
|
|
311
309
|
AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
|
|
312
310
|
}
|
|
313
311
|
}
|
|
314
|
-
async function setIgniteClient() {
|
|
312
|
+
async function setIgniteClient(igniteDependencies) {
|
|
315
313
|
AuthorizationService.igniteClient = await igniteSdk.getIgniteClient({
|
|
316
|
-
namespace: ['authorization'],
|
|
314
|
+
namespace: ['authorization-sdk'],
|
|
315
|
+
...(igniteDependencies || {}),
|
|
317
316
|
});
|
|
318
317
|
}
|
|
319
318
|
function createAuthorizationParams(resources, action) {
|
|
@@ -4,7 +4,9 @@ declare enum PlatformProfile {
|
|
|
4
4
|
SLOW = "slow",
|
|
5
5
|
INTERNAL = "internal"
|
|
6
6
|
}
|
|
7
|
-
export declare function
|
|
7
|
+
export declare function setPlatformProfile(platformProfile: string): void;
|
|
8
|
+
export declare function getProfileFromInitOption(): PlatformProfile | undefined;
|
|
9
|
+
export declare function getProfileFromTrident(): PlatformProfile;
|
|
8
10
|
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
9
11
|
export declare function getAttributionsFromApi(): {
|
|
10
12
|
[key: string]: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAUtF,aAAK,eAAe;IAClB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,kBAAkB,CAAC,eAAe,EAAE,MAAM,QAEzD;AAED,wBAAgB,wBAAwB,IAAI,eAAe,GAAG,SAAS,CAetE;AAED,wBAAgB,qBAAqB,oBAiBpC;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -5,13 +5,32 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
|
5
5
|
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
6
6
|
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
7
7
|
let didSendFailureLogOnce = false;
|
|
8
|
+
let argPlatformProfile;
|
|
8
9
|
var PlatformProfile;
|
|
9
10
|
(function (PlatformProfile) {
|
|
10
11
|
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
11
12
|
PlatformProfile["SLOW"] = "slow";
|
|
12
13
|
PlatformProfile["INTERNAL"] = "internal";
|
|
13
14
|
})(PlatformProfile || (PlatformProfile = {}));
|
|
14
|
-
function
|
|
15
|
+
function setPlatformProfile(platformProfile) {
|
|
16
|
+
argPlatformProfile = platformProfile;
|
|
17
|
+
}
|
|
18
|
+
function getProfileFromInitOption() {
|
|
19
|
+
if (!argPlatformProfile) {
|
|
20
|
+
return undefined;
|
|
21
|
+
}
|
|
22
|
+
switch (argPlatformProfile) {
|
|
23
|
+
case 'api': {
|
|
24
|
+
return PlatformProfile.API_INTERNAL;
|
|
25
|
+
}
|
|
26
|
+
case 'slow': {
|
|
27
|
+
return PlatformProfile.SLOW;
|
|
28
|
+
}
|
|
29
|
+
default:
|
|
30
|
+
return PlatformProfile.INTERNAL;
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
function getProfileFromTrident() {
|
|
15
34
|
const tridentContext = Api.getPart('context');
|
|
16
35
|
if (!tridentContext) {
|
|
17
36
|
return PlatformProfile.INTERNAL;
|
|
@@ -76,4 +95,4 @@ function tryJsonParse(value) {
|
|
|
76
95
|
}
|
|
77
96
|
}
|
|
78
97
|
|
|
79
|
-
export { getAttributionsFromApi, getExecutionContext,
|
|
98
|
+
export { getAttributionsFromApi, getExecutionContext, getProfileFromInitOption, getProfileFromTrident, setPlatformProfile };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
2
|
+
import { IgniteClient, IgniteDependencies } from '@mondaydotcomorg/ignite-sdk';
|
|
3
3
|
import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
|
|
4
4
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
5
|
export interface AuthorizeResponse {
|
|
@@ -48,6 +48,6 @@ export declare class AuthorizationService {
|
|
|
48
48
|
private static isAuthorizedMultiple;
|
|
49
49
|
}
|
|
50
50
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
51
|
-
export declare function setIgniteClient(): Promise<void>;
|
|
51
|
+
export declare function setIgniteClient(igniteDependencies?: IgniteDependencies): Promise<void>;
|
|
52
52
|
export declare function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams;
|
|
53
53
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAChG,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA2EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAgG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,CAAC,kBAAkB,CAAC,EAAE,kBAAkB,iBAK5E;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
|
|
@@ -8,7 +8,7 @@ import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
|
|
|
8
8
|
import { getIgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
9
9
|
import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
|
|
10
10
|
import { AuthorizationInternalService, logger } from './authorization-internal-service.mjs';
|
|
11
|
-
import { getAttributionsFromApi,
|
|
11
|
+
import { getAttributionsFromApi, getProfileFromTrident, getProfileFromInitOption } from './attributions-service.mjs';
|
|
12
12
|
|
|
13
13
|
const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
|
|
14
14
|
const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
|
|
@@ -108,20 +108,19 @@ class AuthorizationService {
|
|
|
108
108
|
return scopedActionsResponseObjects;
|
|
109
109
|
}
|
|
110
110
|
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
111
|
-
|
|
112
|
-
if (!
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
111
|
+
const profile = Api.isInitialized() ? getProfileFromTrident() : getProfileFromInitOption();
|
|
112
|
+
if (!profile ||
|
|
113
|
+
!this.igniteClient ||
|
|
114
|
+
!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
116
115
|
return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
|
|
117
116
|
}
|
|
117
|
+
// gradually release the new platform profile features
|
|
118
118
|
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
119
119
|
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
120
120
|
return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
121
121
|
});
|
|
122
122
|
const attributionHeaders = getAttributionsFromApi();
|
|
123
123
|
const httpClient = Api.getPart('httpClient');
|
|
124
|
-
const profile = getProfile();
|
|
125
124
|
let response;
|
|
126
125
|
try {
|
|
127
126
|
response = await httpClient.fetch({
|
|
@@ -224,18 +223,17 @@ class AuthorizationService {
|
|
|
224
223
|
return { isAuthorized: true };
|
|
225
224
|
}
|
|
226
225
|
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
227
|
-
|
|
228
|
-
if (!
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
226
|
+
const profile = Api.isInitialized() ? getProfileFromTrident() : getProfileFromInitOption();
|
|
227
|
+
if (!profile ||
|
|
228
|
+
!this.igniteClient ||
|
|
229
|
+
!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
232
230
|
return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
|
|
233
231
|
}
|
|
232
|
+
// gradually release the new platform profile features
|
|
234
233
|
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
235
234
|
const startTime = performance.now();
|
|
236
235
|
const attributionHeaders = getAttributionsFromApi();
|
|
237
236
|
const httpClient = Api.getPart('httpClient');
|
|
238
|
-
const profile = getProfile();
|
|
239
237
|
let response;
|
|
240
238
|
try {
|
|
241
239
|
response = await httpClient.fetch({
|
|
@@ -303,9 +301,10 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
|
|
|
303
301
|
AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
|
|
304
302
|
}
|
|
305
303
|
}
|
|
306
|
-
async function setIgniteClient() {
|
|
304
|
+
async function setIgniteClient(igniteDependencies) {
|
|
307
305
|
AuthorizationService.igniteClient = await getIgniteClient({
|
|
308
|
-
namespace: ['authorization'],
|
|
306
|
+
namespace: ['authorization-sdk'],
|
|
307
|
+
...(igniteDependencies || {}),
|
|
309
308
|
});
|
|
310
309
|
}
|
|
311
310
|
function createAuthorizationParams(resources, action) {
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
2
|
import * as TestKit from './testKit';
|
|
3
|
+
import type { IgniteDependencies } from '@mondaydotcomorg/ignite-sdk';
|
|
3
4
|
export interface InitOptions {
|
|
4
5
|
prometheus?: any;
|
|
5
6
|
mondayFetchOptions?: MondayFetchOptions;
|
|
6
7
|
redisClient?: any;
|
|
7
8
|
grantedFeatureRedisExpirationInSeconds?: number;
|
|
9
|
+
platformProfile?: string;
|
|
10
|
+
igniteDependencies?: IgniteDependencies;
|
|
8
11
|
}
|
|
9
12
|
export declare function init(options?: InitOptions): Promise<void>;
|
|
10
13
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAInE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AACrC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAEtE,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;CACzC;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAkBnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/esm/index.mjs
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { setPlatformProfile } from './attributions-service.mjs';
|
|
1
2
|
import { setPrometheus } from './prometheus-service.mjs';
|
|
2
3
|
import { setRequestFetchOptions, setRedisClient, setIgniteClient } from './authorization-service.mjs';
|
|
3
4
|
export { AuthorizationService } from './authorization-service.mjs';
|
|
@@ -17,7 +18,10 @@ async function init(options = {}) {
|
|
|
17
18
|
setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
|
|
18
19
|
}
|
|
19
20
|
// add an ignite client for gradual release features
|
|
20
|
-
await setIgniteClient();
|
|
21
|
+
await setIgniteClient(options.igniteDependencies);
|
|
22
|
+
if (options.platformProfile) {
|
|
23
|
+
setPlatformProfile(options.platformProfile);
|
|
24
|
+
}
|
|
21
25
|
}
|
|
22
26
|
|
|
23
27
|
export { init };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
2
|
import * as TestKit from './testKit';
|
|
3
|
+
import type { IgniteDependencies } from '@mondaydotcomorg/ignite-sdk';
|
|
3
4
|
export interface InitOptions {
|
|
4
5
|
prometheus?: any;
|
|
5
6
|
mondayFetchOptions?: MondayFetchOptions;
|
|
6
7
|
redisClient?: any;
|
|
7
8
|
grantedFeatureRedisExpirationInSeconds?: number;
|
|
9
|
+
platformProfile?: string;
|
|
10
|
+
igniteDependencies?: IgniteDependencies;
|
|
8
11
|
}
|
|
9
12
|
export declare function init(options?: InitOptions): Promise<void>;
|
|
10
13
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAInE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AACrC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAEtE,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;CACzC;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAkBnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
2
|
|
|
3
|
+
const attributionsService = require('./attributions-service.js');
|
|
3
4
|
const prometheusService = require('./prometheus-service.js');
|
|
4
5
|
const authorizationService = require('./authorization-service.js');
|
|
5
6
|
const testKit_index = require('./testKit/index.js');
|
|
@@ -17,7 +18,10 @@ async function init(options = {}) {
|
|
|
17
18
|
authorizationService.setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
|
|
18
19
|
}
|
|
19
20
|
// add an ignite client for gradual release features
|
|
20
|
-
await authorizationService.setIgniteClient();
|
|
21
|
+
await authorizationService.setIgniteClient(options.igniteDependencies);
|
|
22
|
+
if (options.platformProfile) {
|
|
23
|
+
attributionsService.setPlatformProfile(options.platformProfile);
|
|
24
|
+
}
|
|
21
25
|
}
|
|
22
26
|
|
|
23
27
|
exports.AuthorizationService = authorizationService.AuthorizationService;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mondaydotcomorg/monday-authorization",
|
|
3
|
-
"version": "2.0.1-
|
|
3
|
+
"version": "2.0.1-fix-moshesa-optional-ignite-params-and-backward-compatability.cd00ee6",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "BSD-3-Clause",
|