@mondaydotcomorg/monday-authorization 2.0.1-fix-moshesa-optional-ignite-params-and-backward-compatability.58d4f16 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/attributions-service.d.ts +1 -3
- package/dist/attributions-service.d.ts.map +1 -1
- package/dist/attributions-service.js +2 -23
- package/dist/authorization-service.d.ts +2 -2
- package/dist/authorization-service.d.ts.map +1 -1
- package/dist/authorization-service.js +17 -51
- package/dist/esm/attributions-service.d.ts +1 -3
- package/dist/esm/attributions-service.d.ts.map +1 -1
- package/dist/esm/attributions-service.mjs +2 -21
- package/dist/esm/authorization-service.d.ts +2 -2
- package/dist/esm/authorization-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.mjs +18 -33
- package/dist/esm/index.d.ts +0 -3
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.mjs +1 -5
- package/dist/index.d.ts +0 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -5
- package/package.json +1 -2
|
@@ -4,9 +4,7 @@ declare enum PlatformProfile {
|
|
|
4
4
|
SLOW = "slow",
|
|
5
5
|
INTERNAL = "internal"
|
|
6
6
|
}
|
|
7
|
-
export declare function
|
|
8
|
-
export declare function getProfileFromInitOption(): PlatformProfile | undefined;
|
|
9
|
-
export declare function getProfileFromTrident(): PlatformProfile;
|
|
7
|
+
export declare function getProfile(): PlatformProfile;
|
|
10
8
|
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
11
9
|
export declare function getAttributionsFromApi(): {
|
|
12
10
|
[key: string]: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,aAAK,eAAe;IAClB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,UAAU,oBAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -7,32 +7,13 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
|
7
7
|
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
8
8
|
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
9
9
|
let didSendFailureLogOnce = false;
|
|
10
|
-
let argPlatformProfile;
|
|
11
10
|
var PlatformProfile;
|
|
12
11
|
(function (PlatformProfile) {
|
|
13
12
|
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
14
13
|
PlatformProfile["SLOW"] = "slow";
|
|
15
14
|
PlatformProfile["INTERNAL"] = "internal";
|
|
16
15
|
})(PlatformProfile || (PlatformProfile = {}));
|
|
17
|
-
function
|
|
18
|
-
argPlatformProfile = platformProfile;
|
|
19
|
-
}
|
|
20
|
-
function getProfileFromInitOption() {
|
|
21
|
-
if (!argPlatformProfile) {
|
|
22
|
-
return undefined;
|
|
23
|
-
}
|
|
24
|
-
switch (argPlatformProfile) {
|
|
25
|
-
case 'api': {
|
|
26
|
-
return PlatformProfile.API_INTERNAL;
|
|
27
|
-
}
|
|
28
|
-
case 'slow': {
|
|
29
|
-
return PlatformProfile.SLOW;
|
|
30
|
-
}
|
|
31
|
-
default:
|
|
32
|
-
return PlatformProfile.INTERNAL;
|
|
33
|
-
}
|
|
34
|
-
}
|
|
35
|
-
function getProfileFromTrident() {
|
|
16
|
+
function getProfile() {
|
|
36
17
|
const tridentContext = tridentBackendApi.Api.getPart('context');
|
|
37
18
|
if (!tridentContext) {
|
|
38
19
|
return PlatformProfile.INTERNAL;
|
|
@@ -99,6 +80,4 @@ function tryJsonParse(value) {
|
|
|
99
80
|
|
|
100
81
|
exports.getAttributionsFromApi = getAttributionsFromApi;
|
|
101
82
|
exports.getExecutionContext = getExecutionContext;
|
|
102
|
-
exports.
|
|
103
|
-
exports.getProfileFromTrident = getProfileFromTrident;
|
|
104
|
-
exports.setPlatformProfile = setPlatformProfile;
|
|
83
|
+
exports.getProfile = getProfile;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { IgniteClient
|
|
2
|
+
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
3
3
|
import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
|
|
4
4
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
5
|
export interface AuthorizeResponse {
|
|
@@ -48,6 +48,6 @@ export declare class AuthorizationService {
|
|
|
48
48
|
private static isAuthorizedMultiple;
|
|
49
49
|
}
|
|
50
50
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
51
|
-
export declare function setIgniteClient(
|
|
51
|
+
export declare function setIgniteClient(): Promise<void>;
|
|
52
52
|
export declare function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams;
|
|
53
53
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAiG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAIpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
|
|
@@ -11,32 +11,12 @@ const igniteSdk = require('@mondaydotcomorg/ignite-sdk');
|
|
|
11
11
|
const prometheusService = require('./prometheus-service.js');
|
|
12
12
|
const authorizationInternalService = require('./authorization-internal-service.js');
|
|
13
13
|
const attributionsService = require('./attributions-service.js');
|
|
14
|
-
const contextProvider = require('@mondaydotcomorg/node-execution-context');
|
|
15
14
|
|
|
16
15
|
const _interopDefault = e => e && e.__esModule ? e : { default: e };
|
|
17
16
|
|
|
18
|
-
function _interopNamespace(e) {
|
|
19
|
-
if (e && e.__esModule) return e;
|
|
20
|
-
const n = Object.create(null, { [Symbol.toStringTag]: { value: 'Module' } });
|
|
21
|
-
if (e) {
|
|
22
|
-
for (const k in e) {
|
|
23
|
-
if (k !== 'default') {
|
|
24
|
-
const d = Object.getOwnPropertyDescriptor(e, k);
|
|
25
|
-
Object.defineProperty(n, k, d.get ? d : {
|
|
26
|
-
enumerable: true,
|
|
27
|
-
get: () => e[k]
|
|
28
|
-
});
|
|
29
|
-
}
|
|
30
|
-
}
|
|
31
|
-
}
|
|
32
|
-
n.default = e;
|
|
33
|
-
return n;
|
|
34
|
-
}
|
|
35
|
-
|
|
36
17
|
const snakeCase__default = /*#__PURE__*/_interopDefault(snakeCase);
|
|
37
18
|
const camelCase__default = /*#__PURE__*/_interopDefault(camelCase);
|
|
38
19
|
const mapKeys__default = /*#__PURE__*/_interopDefault(mapKeys);
|
|
39
|
-
const contextProvider__namespace = /*#__PURE__*/_interopNamespace(contextProvider);
|
|
40
20
|
|
|
41
21
|
const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
|
|
42
22
|
const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
|
|
@@ -136,30 +116,20 @@ class AuthorizationService {
|
|
|
136
116
|
return scopedActionsResponseObjects;
|
|
137
117
|
}
|
|
138
118
|
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
// eslint-disable-next-line no-console
|
|
143
|
-
console.log(context, 'Current execution context');
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
catch (error) {
|
|
147
|
-
// eslint-disable-next-line no-console
|
|
148
|
-
console.warn(error, 'Failed to get execution context');
|
|
119
|
+
// gradually release the new platform profile features
|
|
120
|
+
if (!this.igniteClient) {
|
|
121
|
+
authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
149
122
|
}
|
|
150
|
-
|
|
151
|
-
if (!profile ||
|
|
152
|
-
!this.igniteClient ||
|
|
153
|
-
!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
123
|
+
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
154
124
|
return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
|
|
155
125
|
}
|
|
156
|
-
// gradually release the new platform profile features
|
|
157
126
|
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
158
127
|
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
159
128
|
return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
160
129
|
});
|
|
161
130
|
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
162
131
|
const httpClient = tridentBackendApi.Api.getPart('httpClient');
|
|
132
|
+
const profile = attributionsService.getProfile();
|
|
163
133
|
let response;
|
|
164
134
|
try {
|
|
165
135
|
response = await httpClient.fetch({
|
|
@@ -262,17 +232,18 @@ class AuthorizationService {
|
|
|
262
232
|
return { isAuthorized: true };
|
|
263
233
|
}
|
|
264
234
|
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
265
|
-
|
|
266
|
-
if (!
|
|
267
|
-
|
|
268
|
-
|
|
235
|
+
// gradually release the new platform profile features
|
|
236
|
+
if (!this.igniteClient) {
|
|
237
|
+
authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
238
|
+
}
|
|
239
|
+
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
269
240
|
return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
|
|
270
241
|
}
|
|
271
|
-
// gradually release the new platform profile features
|
|
272
242
|
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
273
243
|
const startTime = perf_hooks.performance.now();
|
|
274
244
|
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
275
245
|
const httpClient = tridentBackendApi.Api.getPart('httpClient');
|
|
246
|
+
const profile = attributionsService.getProfile();
|
|
276
247
|
let response;
|
|
277
248
|
try {
|
|
278
249
|
response = await httpClient.fetch({
|
|
@@ -340,13 +311,10 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
|
|
|
340
311
|
AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
|
|
341
312
|
}
|
|
342
313
|
}
|
|
343
|
-
async function setIgniteClient(
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
...igniteDependencies,
|
|
348
|
-
});
|
|
349
|
-
}
|
|
314
|
+
async function setIgniteClient() {
|
|
315
|
+
AuthorizationService.igniteClient = await igniteSdk.getIgniteClient({
|
|
316
|
+
namespace: ['authorization'],
|
|
317
|
+
});
|
|
350
318
|
}
|
|
351
319
|
function createAuthorizationParams(resources, action) {
|
|
352
320
|
const params = {
|
|
@@ -365,12 +333,10 @@ function createAuthorizationParams(resources, action) {
|
|
|
365
333
|
return params;
|
|
366
334
|
}
|
|
367
335
|
function getAuthorizeUrl() {
|
|
368
|
-
|
|
369
|
-
return `${baseUrl}/internal_ms/authorization/authorize`;
|
|
336
|
+
return '/internal_ms/authorization/authorize';
|
|
370
337
|
}
|
|
371
338
|
function getCanActionsInScopesUrl() {
|
|
372
|
-
|
|
373
|
-
return `${baseUrl}/internal_ms/authorization/can_actions_in_scopes`;
|
|
339
|
+
return '/internal_ms/authorization/can_actions_in_scopes';
|
|
374
340
|
}
|
|
375
341
|
|
|
376
342
|
exports.AuthorizationService = AuthorizationService;
|
|
@@ -4,9 +4,7 @@ declare enum PlatformProfile {
|
|
|
4
4
|
SLOW = "slow",
|
|
5
5
|
INTERNAL = "internal"
|
|
6
6
|
}
|
|
7
|
-
export declare function
|
|
8
|
-
export declare function getProfileFromInitOption(): PlatformProfile | undefined;
|
|
9
|
-
export declare function getProfileFromTrident(): PlatformProfile;
|
|
7
|
+
export declare function getProfile(): PlatformProfile;
|
|
10
8
|
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
11
9
|
export declare function getAttributionsFromApi(): {
|
|
12
10
|
[key: string]: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,aAAK,eAAe;IAClB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,UAAU,oBAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -5,32 +5,13 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
|
5
5
|
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
6
6
|
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
7
7
|
let didSendFailureLogOnce = false;
|
|
8
|
-
let argPlatformProfile;
|
|
9
8
|
var PlatformProfile;
|
|
10
9
|
(function (PlatformProfile) {
|
|
11
10
|
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
12
11
|
PlatformProfile["SLOW"] = "slow";
|
|
13
12
|
PlatformProfile["INTERNAL"] = "internal";
|
|
14
13
|
})(PlatformProfile || (PlatformProfile = {}));
|
|
15
|
-
function
|
|
16
|
-
argPlatformProfile = platformProfile;
|
|
17
|
-
}
|
|
18
|
-
function getProfileFromInitOption() {
|
|
19
|
-
if (!argPlatformProfile) {
|
|
20
|
-
return undefined;
|
|
21
|
-
}
|
|
22
|
-
switch (argPlatformProfile) {
|
|
23
|
-
case 'api': {
|
|
24
|
-
return PlatformProfile.API_INTERNAL;
|
|
25
|
-
}
|
|
26
|
-
case 'slow': {
|
|
27
|
-
return PlatformProfile.SLOW;
|
|
28
|
-
}
|
|
29
|
-
default:
|
|
30
|
-
return PlatformProfile.INTERNAL;
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
|
-
function getProfileFromTrident() {
|
|
14
|
+
function getProfile() {
|
|
34
15
|
const tridentContext = Api.getPart('context');
|
|
35
16
|
if (!tridentContext) {
|
|
36
17
|
return PlatformProfile.INTERNAL;
|
|
@@ -95,4 +76,4 @@ function tryJsonParse(value) {
|
|
|
95
76
|
}
|
|
96
77
|
}
|
|
97
78
|
|
|
98
|
-
export { getAttributionsFromApi, getExecutionContext,
|
|
79
|
+
export { getAttributionsFromApi, getExecutionContext, getProfile };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { IgniteClient
|
|
2
|
+
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
3
3
|
import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
|
|
4
4
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
5
|
export interface AuthorizeResponse {
|
|
@@ -48,6 +48,6 @@ export declare class AuthorizationService {
|
|
|
48
48
|
private static isAuthorizedMultiple;
|
|
49
49
|
}
|
|
50
50
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
51
|
-
export declare function setIgniteClient(
|
|
51
|
+
export declare function setIgniteClient(): Promise<void>;
|
|
52
52
|
export declare function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams;
|
|
53
53
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAiG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAIpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
|
|
@@ -8,8 +8,7 @@ import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
|
|
|
8
8
|
import { getIgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
9
9
|
import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
|
|
10
10
|
import { AuthorizationInternalService, logger } from './authorization-internal-service.mjs';
|
|
11
|
-
import { getAttributionsFromApi,
|
|
12
|
-
import * as contextProvider from '@mondaydotcomorg/node-execution-context';
|
|
11
|
+
import { getAttributionsFromApi, getProfile } from './attributions-service.mjs';
|
|
13
12
|
|
|
14
13
|
const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
|
|
15
14
|
const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
|
|
@@ -109,30 +108,20 @@ class AuthorizationService {
|
|
|
109
108
|
return scopedActionsResponseObjects;
|
|
110
109
|
}
|
|
111
110
|
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
// eslint-disable-next-line no-console
|
|
116
|
-
console.log(context, 'Current execution context');
|
|
117
|
-
}
|
|
118
|
-
}
|
|
119
|
-
catch (error) {
|
|
120
|
-
// eslint-disable-next-line no-console
|
|
121
|
-
console.warn(error, 'Failed to get execution context');
|
|
111
|
+
// gradually release the new platform profile features
|
|
112
|
+
if (!this.igniteClient) {
|
|
113
|
+
logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
122
114
|
}
|
|
123
|
-
|
|
124
|
-
if (!profile ||
|
|
125
|
-
!this.igniteClient ||
|
|
126
|
-
!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
115
|
+
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
127
116
|
return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
|
|
128
117
|
}
|
|
129
|
-
// gradually release the new platform profile features
|
|
130
118
|
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
131
119
|
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
132
120
|
return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
133
121
|
});
|
|
134
122
|
const attributionHeaders = getAttributionsFromApi();
|
|
135
123
|
const httpClient = Api.getPart('httpClient');
|
|
124
|
+
const profile = getProfile();
|
|
136
125
|
let response;
|
|
137
126
|
try {
|
|
138
127
|
response = await httpClient.fetch({
|
|
@@ -235,17 +224,18 @@ class AuthorizationService {
|
|
|
235
224
|
return { isAuthorized: true };
|
|
236
225
|
}
|
|
237
226
|
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
238
|
-
|
|
239
|
-
if (!
|
|
240
|
-
|
|
241
|
-
|
|
227
|
+
// gradually release the new platform profile features
|
|
228
|
+
if (!this.igniteClient) {
|
|
229
|
+
logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
230
|
+
}
|
|
231
|
+
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
242
232
|
return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
|
|
243
233
|
}
|
|
244
|
-
// gradually release the new platform profile features
|
|
245
234
|
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
246
235
|
const startTime = performance.now();
|
|
247
236
|
const attributionHeaders = getAttributionsFromApi();
|
|
248
237
|
const httpClient = Api.getPart('httpClient');
|
|
238
|
+
const profile = getProfile();
|
|
249
239
|
let response;
|
|
250
240
|
try {
|
|
251
241
|
response = await httpClient.fetch({
|
|
@@ -313,13 +303,10 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
|
|
|
313
303
|
AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
|
|
314
304
|
}
|
|
315
305
|
}
|
|
316
|
-
async function setIgniteClient(
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
...igniteDependencies,
|
|
321
|
-
});
|
|
322
|
-
}
|
|
306
|
+
async function setIgniteClient() {
|
|
307
|
+
AuthorizationService.igniteClient = await getIgniteClient({
|
|
308
|
+
namespace: ['authorization'],
|
|
309
|
+
});
|
|
323
310
|
}
|
|
324
311
|
function createAuthorizationParams(resources, action) {
|
|
325
312
|
const params = {
|
|
@@ -338,12 +325,10 @@ function createAuthorizationParams(resources, action) {
|
|
|
338
325
|
return params;
|
|
339
326
|
}
|
|
340
327
|
function getAuthorizeUrl() {
|
|
341
|
-
|
|
342
|
-
return `${baseUrl}/internal_ms/authorization/authorize`;
|
|
328
|
+
return '/internal_ms/authorization/authorize';
|
|
343
329
|
}
|
|
344
330
|
function getCanActionsInScopesUrl() {
|
|
345
|
-
|
|
346
|
-
return `${baseUrl}/internal_ms/authorization/can_actions_in_scopes`;
|
|
331
|
+
return '/internal_ms/authorization/can_actions_in_scopes';
|
|
347
332
|
}
|
|
348
333
|
|
|
349
334
|
export { AuthorizationService, createAuthorizationParams, setIgniteClient, setRedisClient, setRequestFetchOptions };
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -1,13 +1,10 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
2
|
import * as TestKit from './testKit';
|
|
3
|
-
import type { IgniteDependencies } from '@mondaydotcomorg/ignite-sdk';
|
|
4
3
|
export interface InitOptions {
|
|
5
4
|
prometheus?: any;
|
|
6
5
|
mondayFetchOptions?: MondayFetchOptions;
|
|
7
6
|
redisClient?: any;
|
|
8
7
|
grantedFeatureRedisExpirationInSeconds?: number;
|
|
9
|
-
platformProfile?: string;
|
|
10
|
-
igniteDependencies?: IgniteDependencies;
|
|
11
8
|
}
|
|
12
9
|
export declare function init(options?: InitOptions): Promise<void>;
|
|
13
10
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAcnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/esm/index.mjs
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { setPlatformProfile } from './attributions-service.mjs';
|
|
2
1
|
import { setPrometheus } from './prometheus-service.mjs';
|
|
3
2
|
import { setRequestFetchOptions, setRedisClient, setIgniteClient } from './authorization-service.mjs';
|
|
4
3
|
export { AuthorizationService } from './authorization-service.mjs';
|
|
@@ -18,10 +17,7 @@ async function init(options = {}) {
|
|
|
18
17
|
setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
|
|
19
18
|
}
|
|
20
19
|
// add an ignite client for gradual release features
|
|
21
|
-
await setIgniteClient(
|
|
22
|
-
if (options.platformProfile) {
|
|
23
|
-
setPlatformProfile(options.platformProfile);
|
|
24
|
-
}
|
|
20
|
+
await setIgniteClient();
|
|
25
21
|
}
|
|
26
22
|
|
|
27
23
|
export { init };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,13 +1,10 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
2
|
import * as TestKit from './testKit';
|
|
3
|
-
import type { IgniteDependencies } from '@mondaydotcomorg/ignite-sdk';
|
|
4
3
|
export interface InitOptions {
|
|
5
4
|
prometheus?: any;
|
|
6
5
|
mondayFetchOptions?: MondayFetchOptions;
|
|
7
6
|
redisClient?: any;
|
|
8
7
|
grantedFeatureRedisExpirationInSeconds?: number;
|
|
9
|
-
platformProfile?: string;
|
|
10
|
-
igniteDependencies?: IgniteDependencies;
|
|
11
8
|
}
|
|
12
9
|
export declare function init(options?: InitOptions): Promise<void>;
|
|
13
10
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAcnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
2
|
|
|
3
|
-
const attributionsService = require('./attributions-service.js');
|
|
4
3
|
const prometheusService = require('./prometheus-service.js');
|
|
5
4
|
const authorizationService = require('./authorization-service.js');
|
|
6
5
|
const testKit_index = require('./testKit/index.js');
|
|
@@ -18,10 +17,7 @@ async function init(options = {}) {
|
|
|
18
17
|
authorizationService.setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
|
|
19
18
|
}
|
|
20
19
|
// add an ignite client for gradual release features
|
|
21
|
-
await authorizationService.setIgniteClient(
|
|
22
|
-
if (options.platformProfile) {
|
|
23
|
-
attributionsService.setPlatformProfile(options.platformProfile);
|
|
24
|
-
}
|
|
20
|
+
await authorizationService.setIgniteClient();
|
|
25
21
|
}
|
|
26
22
|
|
|
27
23
|
exports.AuthorizationService = authorizationService.AuthorizationService;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mondaydotcomorg/monday-authorization",
|
|
3
|
-
"version": "2.0.1
|
|
3
|
+
"version": "2.0.1",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "BSD-3-Clause",
|
|
@@ -25,7 +25,6 @@
|
|
|
25
25
|
"@mondaydotcomorg/monday-jwt": "^3.0.14",
|
|
26
26
|
"@mondaydotcomorg/monday-logger": "^4.0.11",
|
|
27
27
|
"@mondaydotcomorg/monday-sns": "^1.0.6",
|
|
28
|
-
"@mondaydotcomorg/node-execution-context": "^1.0.4",
|
|
29
28
|
"@mondaydotcomorg/trident-backend-api": "^0.24.3",
|
|
30
29
|
"lodash": "^4.17.21",
|
|
31
30
|
"node-fetch": "^2.6.7",
|