@mondaydotcomorg/monday-authorization 2.0.1-fix-moshesa-optional-ignite-params-and-backward-compatability.c294010 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/attributions-service.d.ts +1 -3
- package/dist/attributions-service.d.ts.map +1 -1
- package/dist/attributions-service.js +2 -23
- package/dist/authorization-service.d.ts +2 -2
- package/dist/authorization-service.d.ts.map +1 -1
- package/dist/authorization-service.js +18 -21
- package/dist/esm/attributions-service.d.ts +1 -3
- package/dist/esm/attributions-service.d.ts.map +1 -1
- package/dist/esm/attributions-service.mjs +2 -21
- package/dist/esm/authorization-service.d.ts +2 -2
- package/dist/esm/authorization-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.mjs +19 -22
- package/dist/esm/index.d.ts +0 -3
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.mjs +1 -5
- package/dist/index.d.ts +0 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -5
- package/package.json +1 -1
|
@@ -4,9 +4,7 @@ declare enum PlatformProfile {
|
|
|
4
4
|
SLOW = "slow",
|
|
5
5
|
INTERNAL = "internal"
|
|
6
6
|
}
|
|
7
|
-
export declare function
|
|
8
|
-
export declare function getProfileFromInitOption(): PlatformProfile | undefined;
|
|
9
|
-
export declare function getProfileFromTrident(): PlatformProfile;
|
|
7
|
+
export declare function getProfile(): PlatformProfile;
|
|
10
8
|
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
11
9
|
export declare function getAttributionsFromApi(): {
|
|
12
10
|
[key: string]: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,aAAK,eAAe;IAClB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,UAAU,oBAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -7,32 +7,13 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
|
7
7
|
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
8
8
|
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
9
9
|
let didSendFailureLogOnce = false;
|
|
10
|
-
let argPlatformProfile;
|
|
11
10
|
var PlatformProfile;
|
|
12
11
|
(function (PlatformProfile) {
|
|
13
12
|
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
14
13
|
PlatformProfile["SLOW"] = "slow";
|
|
15
14
|
PlatformProfile["INTERNAL"] = "internal";
|
|
16
15
|
})(PlatformProfile || (PlatformProfile = {}));
|
|
17
|
-
function
|
|
18
|
-
argPlatformProfile = platformProfile;
|
|
19
|
-
}
|
|
20
|
-
function getProfileFromInitOption() {
|
|
21
|
-
if (!argPlatformProfile) {
|
|
22
|
-
return undefined;
|
|
23
|
-
}
|
|
24
|
-
switch (argPlatformProfile) {
|
|
25
|
-
case 'api': {
|
|
26
|
-
return PlatformProfile.API_INTERNAL;
|
|
27
|
-
}
|
|
28
|
-
case 'slow': {
|
|
29
|
-
return PlatformProfile.SLOW;
|
|
30
|
-
}
|
|
31
|
-
default:
|
|
32
|
-
return PlatformProfile.INTERNAL;
|
|
33
|
-
}
|
|
34
|
-
}
|
|
35
|
-
function getProfileFromTrident() {
|
|
16
|
+
function getProfile() {
|
|
36
17
|
const tridentContext = tridentBackendApi.Api.getPart('context');
|
|
37
18
|
if (!tridentContext) {
|
|
38
19
|
return PlatformProfile.INTERNAL;
|
|
@@ -99,6 +80,4 @@ function tryJsonParse(value) {
|
|
|
99
80
|
|
|
100
81
|
exports.getAttributionsFromApi = getAttributionsFromApi;
|
|
101
82
|
exports.getExecutionContext = getExecutionContext;
|
|
102
|
-
exports.
|
|
103
|
-
exports.getProfileFromTrident = getProfileFromTrident;
|
|
104
|
-
exports.setPlatformProfile = setPlatformProfile;
|
|
83
|
+
exports.getProfile = getProfile;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { IgniteClient
|
|
2
|
+
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
3
3
|
import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
|
|
4
4
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
5
|
export interface AuthorizeResponse {
|
|
@@ -48,6 +48,6 @@ export declare class AuthorizationService {
|
|
|
48
48
|
private static isAuthorizedMultiple;
|
|
49
49
|
}
|
|
50
50
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
51
|
-
export declare function setIgniteClient(
|
|
51
|
+
export declare function setIgniteClient(): Promise<void>;
|
|
52
52
|
export declare function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams;
|
|
53
53
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAiG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAIpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
|
|
@@ -116,19 +116,20 @@ class AuthorizationService {
|
|
|
116
116
|
return scopedActionsResponseObjects;
|
|
117
117
|
}
|
|
118
118
|
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
119
|
-
|
|
120
|
-
if (!
|
|
121
|
-
|
|
122
|
-
|
|
119
|
+
// gradually release the new platform profile features
|
|
120
|
+
if (!this.igniteClient) {
|
|
121
|
+
authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
122
|
+
}
|
|
123
|
+
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
123
124
|
return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
|
|
124
125
|
}
|
|
125
|
-
// gradually release the new platform profile features
|
|
126
126
|
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
127
127
|
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
128
128
|
return { ...scopedAction, scope: mapKeys__default.default(scopedAction.scope, (_, key) => snakeCase__default.default(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
129
129
|
});
|
|
130
130
|
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
131
131
|
const httpClient = tridentBackendApi.Api.getPart('httpClient');
|
|
132
|
+
const profile = attributionsService.getProfile();
|
|
132
133
|
let response;
|
|
133
134
|
try {
|
|
134
135
|
response = await httpClient.fetch({
|
|
@@ -231,17 +232,18 @@ class AuthorizationService {
|
|
|
231
232
|
return { isAuthorized: true };
|
|
232
233
|
}
|
|
233
234
|
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
234
|
-
|
|
235
|
-
if (!
|
|
236
|
-
|
|
237
|
-
|
|
235
|
+
// gradually release the new platform profile features
|
|
236
|
+
if (!this.igniteClient) {
|
|
237
|
+
authorizationInternalService.logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
238
|
+
}
|
|
239
|
+
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
238
240
|
return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
|
|
239
241
|
}
|
|
240
|
-
// gradually release the new platform profile features
|
|
241
242
|
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
242
243
|
const startTime = perf_hooks.performance.now();
|
|
243
244
|
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
244
245
|
const httpClient = tridentBackendApi.Api.getPart('httpClient');
|
|
246
|
+
const profile = attributionsService.getProfile();
|
|
245
247
|
let response;
|
|
246
248
|
try {
|
|
247
249
|
response = await httpClient.fetch({
|
|
@@ -309,13 +311,10 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
|
|
|
309
311
|
AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
|
|
310
312
|
}
|
|
311
313
|
}
|
|
312
|
-
async function setIgniteClient(
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
...igniteDependencies,
|
|
317
|
-
});
|
|
318
|
-
}
|
|
314
|
+
async function setIgniteClient() {
|
|
315
|
+
AuthorizationService.igniteClient = await igniteSdk.getIgniteClient({
|
|
316
|
+
namespace: ['authorization'],
|
|
317
|
+
});
|
|
319
318
|
}
|
|
320
319
|
function createAuthorizationParams(resources, action) {
|
|
321
320
|
const params = {
|
|
@@ -334,12 +333,10 @@ function createAuthorizationParams(resources, action) {
|
|
|
334
333
|
return params;
|
|
335
334
|
}
|
|
336
335
|
function getAuthorizeUrl() {
|
|
337
|
-
|
|
338
|
-
return `${baseUrl}/internal_ms/authorization/authorize`;
|
|
336
|
+
return '/internal_ms/authorization/authorize';
|
|
339
337
|
}
|
|
340
338
|
function getCanActionsInScopesUrl() {
|
|
341
|
-
|
|
342
|
-
return `${baseUrl}/internal_ms/authorization/can_actions_in_scopes`;
|
|
339
|
+
return '/internal_ms/authorization/can_actions_in_scopes';
|
|
343
340
|
}
|
|
344
341
|
|
|
345
342
|
exports.AuthorizationService = AuthorizationService;
|
|
@@ -4,9 +4,7 @@ declare enum PlatformProfile {
|
|
|
4
4
|
SLOW = "slow",
|
|
5
5
|
INTERNAL = "internal"
|
|
6
6
|
}
|
|
7
|
-
export declare function
|
|
8
|
-
export declare function getProfileFromInitOption(): PlatformProfile | undefined;
|
|
9
|
-
export declare function getProfileFromTrident(): PlatformProfile;
|
|
7
|
+
export declare function getProfile(): PlatformProfile;
|
|
10
8
|
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
11
9
|
export declare function getAttributionsFromApi(): {
|
|
12
10
|
[key: string]: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,aAAK,eAAe;IAClB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,UAAU,oBAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -5,32 +5,13 @@ const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
|
5
5
|
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
6
6
|
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
7
7
|
let didSendFailureLogOnce = false;
|
|
8
|
-
let argPlatformProfile;
|
|
9
8
|
var PlatformProfile;
|
|
10
9
|
(function (PlatformProfile) {
|
|
11
10
|
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
12
11
|
PlatformProfile["SLOW"] = "slow";
|
|
13
12
|
PlatformProfile["INTERNAL"] = "internal";
|
|
14
13
|
})(PlatformProfile || (PlatformProfile = {}));
|
|
15
|
-
function
|
|
16
|
-
argPlatformProfile = platformProfile;
|
|
17
|
-
}
|
|
18
|
-
function getProfileFromInitOption() {
|
|
19
|
-
if (!argPlatformProfile) {
|
|
20
|
-
return undefined;
|
|
21
|
-
}
|
|
22
|
-
switch (argPlatformProfile) {
|
|
23
|
-
case 'api': {
|
|
24
|
-
return PlatformProfile.API_INTERNAL;
|
|
25
|
-
}
|
|
26
|
-
case 'slow': {
|
|
27
|
-
return PlatformProfile.SLOW;
|
|
28
|
-
}
|
|
29
|
-
default:
|
|
30
|
-
return PlatformProfile.INTERNAL;
|
|
31
|
-
}
|
|
32
|
-
}
|
|
33
|
-
function getProfileFromTrident() {
|
|
14
|
+
function getProfile() {
|
|
34
15
|
const tridentContext = Api.getPart('context');
|
|
35
16
|
if (!tridentContext) {
|
|
36
17
|
return PlatformProfile.INTERNAL;
|
|
@@ -95,4 +76,4 @@ function tryJsonParse(value) {
|
|
|
95
76
|
}
|
|
96
77
|
}
|
|
97
78
|
|
|
98
|
-
export { getAttributionsFromApi, getExecutionContext,
|
|
79
|
+
export { getAttributionsFromApi, getExecutionContext, getProfile };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
|
-
import { IgniteClient
|
|
2
|
+
import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
3
3
|
import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
|
|
4
4
|
import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
|
|
5
5
|
export interface AuthorizeResponse {
|
|
@@ -48,6 +48,6 @@ export declare class AuthorizationService {
|
|
|
48
48
|
private static isAuthorizedMultiple;
|
|
49
49
|
}
|
|
50
50
|
export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
|
|
51
|
-
export declare function setIgniteClient(
|
|
51
|
+
export declare function setIgniteClient(): Promise<void>;
|
|
52
52
|
export declare function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams;
|
|
53
53
|
//# sourceMappingURL=authorization-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AAIA,OAAO,EAAS,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAeD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B;;;;;OAKG;mBACkB,+CAA+C;WAgDvD,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4EnB,oBAAoB;IAUzC;;;;;;OAMG;mBACkB,2CAA2C;mBAiE3C,oBAAoB;CAiG1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAIpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
|
|
@@ -8,7 +8,7 @@ import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
|
|
|
8
8
|
import { getIgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
9
9
|
import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
|
|
10
10
|
import { AuthorizationInternalService, logger } from './authorization-internal-service.mjs';
|
|
11
|
-
import { getAttributionsFromApi,
|
|
11
|
+
import { getAttributionsFromApi, getProfile } from './attributions-service.mjs';
|
|
12
12
|
|
|
13
13
|
const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
|
|
14
14
|
const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
|
|
@@ -108,19 +108,20 @@ class AuthorizationService {
|
|
|
108
108
|
return scopedActionsResponseObjects;
|
|
109
109
|
}
|
|
110
110
|
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
111
|
-
|
|
112
|
-
if (!
|
|
113
|
-
|
|
114
|
-
|
|
111
|
+
// gradually release the new platform profile features
|
|
112
|
+
if (!this.igniteClient) {
|
|
113
|
+
logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
114
|
+
}
|
|
115
|
+
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
115
116
|
return AuthorizationService.canActionInScopeMultiple_withoutPlatformProfile(accountId, userId, scopedActions);
|
|
116
117
|
}
|
|
117
|
-
// gradually release the new platform profile features
|
|
118
118
|
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
119
119
|
const scopedActionsPayload = scopedActions.map(scopedAction => {
|
|
120
120
|
return { ...scopedAction, scope: mapKeys(scopedAction.scope, (_, key) => snakeCase(key)) }; // for example: { workspaceId: 1 } => { workspace_id: 1 }
|
|
121
121
|
});
|
|
122
122
|
const attributionHeaders = getAttributionsFromApi();
|
|
123
123
|
const httpClient = Api.getPart('httpClient');
|
|
124
|
+
const profile = getProfile();
|
|
124
125
|
let response;
|
|
125
126
|
try {
|
|
126
127
|
response = await httpClient.fetch({
|
|
@@ -223,17 +224,18 @@ class AuthorizationService {
|
|
|
223
224
|
return { isAuthorized: true };
|
|
224
225
|
}
|
|
225
226
|
static async isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
|
|
226
|
-
|
|
227
|
-
if (!
|
|
228
|
-
|
|
229
|
-
|
|
227
|
+
// gradually release the new platform profile features
|
|
228
|
+
if (!this.igniteClient) {
|
|
229
|
+
logger.warn({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, using new platform profile feature');
|
|
230
|
+
}
|
|
231
|
+
else if (!this.igniteClient.isReleased('sdk-platform-profiles', { accountId, userId })) {
|
|
230
232
|
return AuthorizationService.isAuthorizedMultiple_withoutPlatformProfile(accountId, userId, authorizationRequestObjects);
|
|
231
233
|
}
|
|
232
|
-
// gradually release the new platform profile features
|
|
233
234
|
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
234
235
|
const startTime = performance.now();
|
|
235
236
|
const attributionHeaders = getAttributionsFromApi();
|
|
236
237
|
const httpClient = Api.getPart('httpClient');
|
|
238
|
+
const profile = getProfile();
|
|
237
239
|
let response;
|
|
238
240
|
try {
|
|
239
241
|
response = await httpClient.fetch({
|
|
@@ -301,13 +303,10 @@ function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED
|
|
|
301
303
|
AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
|
|
302
304
|
}
|
|
303
305
|
}
|
|
304
|
-
async function setIgniteClient(
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
...igniteDependencies,
|
|
309
|
-
});
|
|
310
|
-
}
|
|
306
|
+
async function setIgniteClient() {
|
|
307
|
+
AuthorizationService.igniteClient = await getIgniteClient({
|
|
308
|
+
namespace: ['authorization'],
|
|
309
|
+
});
|
|
311
310
|
}
|
|
312
311
|
function createAuthorizationParams(resources, action) {
|
|
313
312
|
const params = {
|
|
@@ -326,12 +325,10 @@ function createAuthorizationParams(resources, action) {
|
|
|
326
325
|
return params;
|
|
327
326
|
}
|
|
328
327
|
function getAuthorizeUrl() {
|
|
329
|
-
|
|
330
|
-
return `${baseUrl}/internal_ms/authorization/authorize`;
|
|
328
|
+
return '/internal_ms/authorization/authorize';
|
|
331
329
|
}
|
|
332
330
|
function getCanActionsInScopesUrl() {
|
|
333
|
-
|
|
334
|
-
return `${baseUrl}/internal_ms/authorization/can_actions_in_scopes`;
|
|
331
|
+
return '/internal_ms/authorization/can_actions_in_scopes';
|
|
335
332
|
}
|
|
336
333
|
|
|
337
334
|
export { AuthorizationService, createAuthorizationParams, setIgniteClient, setRedisClient, setRequestFetchOptions };
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -1,13 +1,10 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
2
|
import * as TestKit from './testKit';
|
|
3
|
-
import type { IgniteDependencies } from '@mondaydotcomorg/ignite-sdk';
|
|
4
3
|
export interface InitOptions {
|
|
5
4
|
prometheus?: any;
|
|
6
5
|
mondayFetchOptions?: MondayFetchOptions;
|
|
7
6
|
redisClient?: any;
|
|
8
7
|
grantedFeatureRedisExpirationInSeconds?: number;
|
|
9
|
-
platformProfile?: string;
|
|
10
|
-
igniteDependencies?: IgniteDependencies;
|
|
11
8
|
}
|
|
12
9
|
export declare function init(options?: InitOptions): Promise<void>;
|
|
13
10
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAcnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/esm/index.mjs
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { setPlatformProfile } from './attributions-service.mjs';
|
|
2
1
|
import { setPrometheus } from './prometheus-service.mjs';
|
|
3
2
|
import { setRequestFetchOptions, setRedisClient, setIgniteClient } from './authorization-service.mjs';
|
|
4
3
|
export { AuthorizationService } from './authorization-service.mjs';
|
|
@@ -18,10 +17,7 @@ async function init(options = {}) {
|
|
|
18
17
|
setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
|
|
19
18
|
}
|
|
20
19
|
// add an ignite client for gradual release features
|
|
21
|
-
await setIgniteClient(
|
|
22
|
-
if (options.platformProfile) {
|
|
23
|
-
setPlatformProfile(options.platformProfile);
|
|
24
|
-
}
|
|
20
|
+
await setIgniteClient();
|
|
25
21
|
}
|
|
26
22
|
|
|
27
23
|
export { init };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,13 +1,10 @@
|
|
|
1
1
|
import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
|
|
2
2
|
import * as TestKit from './testKit';
|
|
3
|
-
import type { IgniteDependencies } from '@mondaydotcomorg/ignite-sdk';
|
|
4
3
|
export interface InitOptions {
|
|
5
4
|
prometheus?: any;
|
|
6
5
|
mondayFetchOptions?: MondayFetchOptions;
|
|
7
6
|
redisClient?: any;
|
|
8
7
|
grantedFeatureRedisExpirationInSeconds?: number;
|
|
9
|
-
platformProfile?: string;
|
|
10
|
-
igniteDependencies?: IgniteDependencies;
|
|
11
8
|
}
|
|
12
9
|
export declare function init(options?: InitOptions): Promise<void>;
|
|
13
10
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAcnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
2
|
|
|
3
|
-
const attributionsService = require('./attributions-service.js');
|
|
4
3
|
const prometheusService = require('./prometheus-service.js');
|
|
5
4
|
const authorizationService = require('./authorization-service.js');
|
|
6
5
|
const testKit_index = require('./testKit/index.js');
|
|
@@ -18,10 +17,7 @@ async function init(options = {}) {
|
|
|
18
17
|
authorizationService.setRedisClient(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
|
|
19
18
|
}
|
|
20
19
|
// add an ignite client for gradual release features
|
|
21
|
-
await authorizationService.setIgniteClient(
|
|
22
|
-
if (options.platformProfile) {
|
|
23
|
-
attributionsService.setPlatformProfile(options.platformProfile);
|
|
24
|
-
}
|
|
20
|
+
await authorizationService.setIgniteClient();
|
|
25
21
|
}
|
|
26
22
|
|
|
27
23
|
exports.AuthorizationService = authorizationService.AuthorizationService;
|
package/package.json
CHANGED