@mondaydotcomorg/monday-authorization 3.3.0-feat-add-graph-api-routing-support-34aa710 → 3.3.0-feat-add-graph-api-routing-support-c17713e
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/attributions-service.d.ts +3 -2
- package/dist/attributions-service.d.ts.map +1 -1
- package/dist/attributions-service.js +1 -0
- package/dist/authorization-service.d.ts.map +1 -1
- package/dist/authorization-service.js +3 -6
- package/dist/esm/attributions-service.d.ts +3 -2
- package/dist/esm/attributions-service.d.ts.map +1 -1
- package/dist/esm/attributions-service.mjs +1 -0
- package/dist/esm/authorization-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.mjs +4 -7
- package/dist/esm/metrics-service.d.ts +0 -1
- package/dist/esm/metrics-service.d.ts.map +1 -1
- package/dist/esm/metrics-service.mjs +1 -12
- package/dist/esm/prometheus-service.d.ts +1 -1
- package/dist/esm/prometheus-service.d.ts.map +1 -1
- package/dist/esm/prometheus-service.mjs +4 -11
- package/dist/esm/types/scoped-actions-contracts.d.ts +10 -1
- package/dist/esm/types/scoped-actions-contracts.d.ts.map +1 -1
- package/dist/esm/types/scoped-actions-contracts.mjs +9 -0
- package/dist/metrics-service.d.ts +0 -1
- package/dist/metrics-service.d.ts.map +1 -1
- package/dist/metrics-service.js +0 -12
- package/dist/prometheus-service.d.ts +1 -1
- package/dist/prometheus-service.d.ts.map +1 -1
- package/dist/prometheus-service.js +4 -11
- package/dist/types/scoped-actions-contracts.d.ts +10 -1
- package/dist/types/scoped-actions-contracts.d.ts.map +1 -1
- package/dist/types/scoped-actions-contracts.js +9 -0
- package/package.json +4 -2
- package/src/attributions-service.ts +93 -0
- package/src/authorization-attributes-service.ts +234 -0
- package/src/authorization-internal-service.ts +129 -0
- package/src/authorization-middleware.ts +51 -0
- package/src/authorization-service.ts +372 -0
- package/src/clients/graph-api.ts +176 -0
- package/src/clients/platform-api.ts +123 -0
- package/src/constants/sns.ts +5 -0
- package/src/constants.ts +23 -0
- package/src/index.ts +62 -0
- package/src/metrics-service.ts +67 -0
- package/src/prometheus-service.ts +51 -0
- package/src/roles-service.ts +125 -0
- package/src/testKit/index.ts +69 -0
- package/src/types/authorization-attributes-contracts.ts +33 -0
- package/src/types/express.ts +8 -0
- package/src/types/general.ts +32 -0
- package/src/types/graph-api.types.ts +25 -0
- package/src/types/roles.ts +42 -0
- package/src/types/scoped-actions-contracts.ts +57 -0
- package/src/utils/authorization.utils.ts +47 -0
|
@@ -2,9 +2,10 @@ import { Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api'
|
|
|
2
2
|
export declare enum PlatformProfile {
|
|
3
3
|
API_INTERNAL = "api-internal",
|
|
4
4
|
SLOW = "slow",
|
|
5
|
-
INTERNAL = "internal"
|
|
5
|
+
INTERNAL = "internal",
|
|
6
|
+
APP = "app"
|
|
6
7
|
}
|
|
7
|
-
export declare function getProfile(): PlatformProfile;
|
|
8
|
+
export declare function getProfile(): PlatformProfile.API_INTERNAL | PlatformProfile.SLOW | PlatformProfile.INTERNAL;
|
|
8
9
|
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
9
10
|
export declare function getAttributionsFromApi(): {
|
|
10
11
|
[key: string]: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -12,6 +12,7 @@ exports.PlatformProfile = void 0;
|
|
|
12
12
|
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
13
13
|
PlatformProfile["SLOW"] = "slow";
|
|
14
14
|
PlatformProfile["INTERNAL"] = "internal";
|
|
15
|
+
PlatformProfile["APP"] = "app";
|
|
15
16
|
})(exports.PlatformProfile || (exports.PlatformProfile = {}));
|
|
16
17
|
function getProfile() {
|
|
17
18
|
const tridentContext = tridentBackendApi.Api.getPart('context');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4DnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
|
|
@@ -105,7 +105,7 @@ class AuthorizationService {
|
|
|
105
105
|
this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
|
|
106
106
|
return attributionsService.getProfile();
|
|
107
107
|
}
|
|
108
|
-
return attributionsService.PlatformProfile.
|
|
108
|
+
return attributionsService.PlatformProfile.APP;
|
|
109
109
|
}
|
|
110
110
|
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
111
111
|
if (scopedActions.length === 0) {
|
|
@@ -145,11 +145,8 @@ class AuthorizationService {
|
|
|
145
145
|
const { action, scope } = obj.scopedAction;
|
|
146
146
|
const { resourceType } = utils_authorization_utils.scopeToResource(scope);
|
|
147
147
|
const isAuthorized = obj.permit.can;
|
|
148
|
-
prometheusService.sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time
|
|
148
|
+
prometheusService.sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
|
|
149
149
|
metricsService.recordAuthorizationTiming(apiType, time);
|
|
150
|
-
if (obj.permit.can) {
|
|
151
|
-
metricsService.recordAuthorizationSuccess(apiType);
|
|
152
|
-
}
|
|
153
150
|
}
|
|
154
151
|
return scopedActionResponseObjects;
|
|
155
152
|
}
|
|
@@ -206,7 +203,7 @@ class AuthorizationService {
|
|
|
206
203
|
if (!isAuthorized) {
|
|
207
204
|
unauthorizedObjects.push(authorizationObject);
|
|
208
205
|
}
|
|
209
|
-
prometheusService.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time
|
|
206
|
+
prometheusService.sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time);
|
|
210
207
|
});
|
|
211
208
|
if (unauthorizedObjects.length > 0) {
|
|
212
209
|
authorizationInternalService.logger.info({
|
|
@@ -2,9 +2,10 @@ import { Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api'
|
|
|
2
2
|
export declare enum PlatformProfile {
|
|
3
3
|
API_INTERNAL = "api-internal",
|
|
4
4
|
SLOW = "slow",
|
|
5
|
-
INTERNAL = "internal"
|
|
5
|
+
INTERNAL = "internal",
|
|
6
|
+
APP = "app"
|
|
6
7
|
}
|
|
7
|
-
export declare function getProfile(): PlatformProfile;
|
|
8
|
+
export declare function getProfile(): PlatformProfile.API_INTERNAL | PlatformProfile.SLOW | PlatformProfile.INTERNAL;
|
|
8
9
|
export declare function getExecutionContext(context: Context): ExecutionContext;
|
|
9
10
|
export declare function getAttributionsFromApi(): {
|
|
10
11
|
[key: string]: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;
|
|
1
|
+
{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
|
|
@@ -10,6 +10,7 @@ var PlatformProfile;
|
|
|
10
10
|
PlatformProfile["API_INTERNAL"] = "api-internal";
|
|
11
11
|
PlatformProfile["SLOW"] = "slow";
|
|
12
12
|
PlatformProfile["INTERNAL"] = "internal";
|
|
13
|
+
PlatformProfile["APP"] = "app";
|
|
13
14
|
})(PlatformProfile || (PlatformProfile = {}));
|
|
14
15
|
function getProfile() {
|
|
15
16
|
const tridentContext = Api.getPart('context');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4DnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
|
|
@@ -3,7 +3,7 @@ import { Api } from '@mondaydotcomorg/trident-backend-api';
|
|
|
3
3
|
import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
|
|
4
4
|
import { getIgniteClient } from '@mondaydotcomorg/ignite-sdk';
|
|
5
5
|
import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
|
|
6
|
-
import { recordAuthorizationTiming
|
|
6
|
+
import { recordAuthorizationTiming } from './metrics-service.mjs';
|
|
7
7
|
import { AuthorizationInternalService, logger } from './authorization-internal-service.mjs';
|
|
8
8
|
import { getProfile, PlatformProfile, getAttributionsFromApi } from './attributions-service.mjs';
|
|
9
9
|
import { GraphApi } from './clients/graph-api.mjs';
|
|
@@ -103,7 +103,7 @@ class AuthorizationService {
|
|
|
103
103
|
this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
|
|
104
104
|
return getProfile();
|
|
105
105
|
}
|
|
106
|
-
return PlatformProfile.
|
|
106
|
+
return PlatformProfile.APP;
|
|
107
107
|
}
|
|
108
108
|
static async canActionInScopeMultiple(accountId, userId, scopedActions) {
|
|
109
109
|
if (scopedActions.length === 0) {
|
|
@@ -143,11 +143,8 @@ class AuthorizationService {
|
|
|
143
143
|
const { action, scope } = obj.scopedAction;
|
|
144
144
|
const { resourceType } = scopeToResource(scope);
|
|
145
145
|
const isAuthorized = obj.permit.can;
|
|
146
|
-
sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time
|
|
146
|
+
sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
|
|
147
147
|
recordAuthorizationTiming(apiType, time);
|
|
148
|
-
if (obj.permit.can) {
|
|
149
|
-
recordAuthorizationSuccess(apiType);
|
|
150
|
-
}
|
|
151
148
|
}
|
|
152
149
|
return scopedActionResponseObjects;
|
|
153
150
|
}
|
|
@@ -204,7 +201,7 @@ class AuthorizationService {
|
|
|
204
201
|
if (!isAuthorized) {
|
|
205
202
|
unauthorizedObjects.push(authorizationObject);
|
|
206
203
|
}
|
|
207
|
-
sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time
|
|
204
|
+
sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time);
|
|
208
205
|
});
|
|
209
206
|
if (unauthorizedObjects.length > 0) {
|
|
210
207
|
logger.info({
|
|
@@ -7,7 +7,6 @@ interface InitializeMetricsOptions {
|
|
|
7
7
|
}
|
|
8
8
|
export declare function initializeMetrics(options: InitializeMetricsOptions): void;
|
|
9
9
|
export declare function recordAuthorizationTiming(apiType: ApiType, duration: number): void;
|
|
10
|
-
export declare function recordAuthorizationSuccess(apiType: ApiType): void;
|
|
11
10
|
export declare function recordAuthorizationError(apiType: ApiType, statusCode: number): void;
|
|
12
11
|
export {};
|
|
13
12
|
//# sourceMappingURL=metrics-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../../src/metrics-service.ts"],"names":[],"mappings":"AAGA,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAEpC,UAAU,wBAAwB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CA4BzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAUlF;AAED,wBAAgB,
|
|
1
|
+
{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../../src/metrics-service.ts"],"names":[],"mappings":"AAGA,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAEpC,UAAU,wBAAwB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CA4BzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAUlF;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAUnF"}
|
|
@@ -39,17 +39,6 @@ function recordAuthorizationTiming(apiType, duration) {
|
|
|
39
39
|
logger.warn({ tag: 'metrics-service', error }, 'Failed to record authorization timing');
|
|
40
40
|
}
|
|
41
41
|
}
|
|
42
|
-
function recordAuthorizationSuccess(apiType) {
|
|
43
|
-
if (!initialized) {
|
|
44
|
-
return;
|
|
45
|
-
}
|
|
46
|
-
try {
|
|
47
|
-
Metric.increment(`authorization.authorizationCheck.${apiType}.success`);
|
|
48
|
-
}
|
|
49
|
-
catch (error) {
|
|
50
|
-
logger.warn({ tag: 'metrics-service', error }, 'Failed to record authorization success');
|
|
51
|
-
}
|
|
52
|
-
}
|
|
53
42
|
function recordAuthorizationError(apiType, statusCode) {
|
|
54
43
|
if (!initialized) {
|
|
55
44
|
return;
|
|
@@ -62,4 +51,4 @@ function recordAuthorizationError(apiType, statusCode) {
|
|
|
62
51
|
}
|
|
63
52
|
}
|
|
64
53
|
|
|
65
|
-
export { initializeMetrics, recordAuthorizationError,
|
|
54
|
+
export { initializeMetrics, recordAuthorizationError, recordAuthorizationTiming };
|
|
@@ -6,5 +6,5 @@ export declare const METRICS: {
|
|
|
6
6
|
};
|
|
7
7
|
export declare function setPrometheus(customPrometheus: any): void;
|
|
8
8
|
export declare function getMetricsManager(): any;
|
|
9
|
-
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number
|
|
9
|
+
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;
|
|
10
10
|
//# sourceMappingURL=prometheus-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,
|
|
1
|
+
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAa7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}
|
|
@@ -7,31 +7,24 @@ const METRICS = {
|
|
|
7
7
|
};
|
|
8
8
|
const authorizationCheckResponseTimeMetricConfig = {
|
|
9
9
|
name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
|
|
10
|
-
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'
|
|
10
|
+
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
|
|
11
11
|
description: 'Authorization check response time summary',
|
|
12
12
|
};
|
|
13
13
|
function setPrometheus(customPrometheus) {
|
|
14
14
|
prometheus = customPrometheus;
|
|
15
15
|
if (!prometheus) {
|
|
16
|
-
authorizationCheckResponseTimeMetric = null;
|
|
17
16
|
return;
|
|
18
17
|
}
|
|
19
18
|
const { METRICS_TYPES } = prometheus;
|
|
20
|
-
|
|
21
|
-
if (!metricsManager) {
|
|
22
|
-
return;
|
|
23
|
-
}
|
|
24
|
-
authorizationCheckResponseTimeMetric = metricsManager.addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
19
|
+
authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
25
20
|
}
|
|
26
21
|
function getMetricsManager() {
|
|
27
22
|
return prometheus?.metricsManager;
|
|
28
23
|
}
|
|
29
|
-
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time
|
|
24
|
+
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
|
|
30
25
|
try {
|
|
31
26
|
if (authorizationCheckResponseTimeMetric) {
|
|
32
|
-
authorizationCheckResponseTimeMetric
|
|
33
|
-
.labels(resourceType, action, isAuthorized, responseStatus, apiType)
|
|
34
|
-
.observe(time);
|
|
27
|
+
authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
|
|
35
28
|
}
|
|
36
29
|
}
|
|
37
30
|
catch (e) {
|
|
@@ -21,7 +21,16 @@ export interface Translation {
|
|
|
21
21
|
export declare enum PermitTechnicalReason {
|
|
22
22
|
NO_REASON = 0,
|
|
23
23
|
NOT_ELIGIBLE = 1,
|
|
24
|
-
BY_ROLE_IN_SCOPE = 2
|
|
24
|
+
BY_ROLE_IN_SCOPE = 2,
|
|
25
|
+
/**
|
|
26
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
27
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
28
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
29
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
30
|
+
*/
|
|
31
|
+
NOT_APPLICABLE = 3,
|
|
32
|
+
BY_POLICY = 4,
|
|
33
|
+
BY_OVERRIDE = 5
|
|
25
34
|
}
|
|
26
35
|
export interface ScopedActionPermit {
|
|
27
36
|
can: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;
|
|
1
|
+
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;IACpB;;;;;OAKG;IACH,cAAc,IAAI;IAClB,SAAS,IAAI;IACb,WAAW,IAAI;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,eAAe,EAAE,qBAAqB,CAAC;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,YAAY,CAAC;CACrB;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,YAAY,CAAC;IAC3B,MAAM,EAAE,kBAAkB,CAAC;CAC5B"}
|
|
@@ -3,6 +3,15 @@ var PermitTechnicalReason;
|
|
|
3
3
|
PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
|
|
4
4
|
PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
|
|
5
5
|
PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
|
|
6
|
+
/**
|
|
7
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
8
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
9
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
10
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
11
|
+
*/
|
|
12
|
+
PermitTechnicalReason[PermitTechnicalReason["NOT_APPLICABLE"] = 3] = "NOT_APPLICABLE";
|
|
13
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_POLICY"] = 4] = "BY_POLICY";
|
|
14
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_OVERRIDE"] = 5] = "BY_OVERRIDE";
|
|
6
15
|
})(PermitTechnicalReason || (PermitTechnicalReason = {}));
|
|
7
16
|
|
|
8
17
|
export { PermitTechnicalReason };
|
|
@@ -7,7 +7,6 @@ interface InitializeMetricsOptions {
|
|
|
7
7
|
}
|
|
8
8
|
export declare function initializeMetrics(options: InitializeMetricsOptions): void;
|
|
9
9
|
export declare function recordAuthorizationTiming(apiType: ApiType, duration: number): void;
|
|
10
|
-
export declare function recordAuthorizationSuccess(apiType: ApiType): void;
|
|
11
10
|
export declare function recordAuthorizationError(apiType: ApiType, statusCode: number): void;
|
|
12
11
|
export {};
|
|
13
12
|
//# sourceMappingURL=metrics-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../src/metrics-service.ts"],"names":[],"mappings":"AAGA,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAEpC,UAAU,wBAAwB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CA4BzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAUlF;AAED,wBAAgB,
|
|
1
|
+
{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../src/metrics-service.ts"],"names":[],"mappings":"AAGA,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAEpC,UAAU,wBAAwB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CA4BzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAUlF;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAUnF"}
|
package/dist/metrics-service.js
CHANGED
|
@@ -41,17 +41,6 @@ function recordAuthorizationTiming(apiType, duration) {
|
|
|
41
41
|
authorizationInternalService.logger.warn({ tag: 'metrics-service', error }, 'Failed to record authorization timing');
|
|
42
42
|
}
|
|
43
43
|
}
|
|
44
|
-
function recordAuthorizationSuccess(apiType) {
|
|
45
|
-
if (!initialized) {
|
|
46
|
-
return;
|
|
47
|
-
}
|
|
48
|
-
try {
|
|
49
|
-
mondayObservabilityKit.Metric.increment(`authorization.authorizationCheck.${apiType}.success`);
|
|
50
|
-
}
|
|
51
|
-
catch (error) {
|
|
52
|
-
authorizationInternalService.logger.warn({ tag: 'metrics-service', error }, 'Failed to record authorization success');
|
|
53
|
-
}
|
|
54
|
-
}
|
|
55
44
|
function recordAuthorizationError(apiType, statusCode) {
|
|
56
45
|
if (!initialized) {
|
|
57
46
|
return;
|
|
@@ -66,5 +55,4 @@ function recordAuthorizationError(apiType, statusCode) {
|
|
|
66
55
|
|
|
67
56
|
exports.initializeMetrics = initializeMetrics;
|
|
68
57
|
exports.recordAuthorizationError = recordAuthorizationError;
|
|
69
|
-
exports.recordAuthorizationSuccess = recordAuthorizationSuccess;
|
|
70
58
|
exports.recordAuthorizationTiming = recordAuthorizationTiming;
|
|
@@ -6,5 +6,5 @@ export declare const METRICS: {
|
|
|
6
6
|
};
|
|
7
7
|
export declare function setPrometheus(customPrometheus: any): void;
|
|
8
8
|
export declare function getMetricsManager(): any;
|
|
9
|
-
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number
|
|
9
|
+
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;
|
|
10
10
|
//# sourceMappingURL=prometheus-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,
|
|
1
|
+
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAa7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}
|
|
@@ -9,31 +9,24 @@ const METRICS = {
|
|
|
9
9
|
};
|
|
10
10
|
const authorizationCheckResponseTimeMetricConfig = {
|
|
11
11
|
name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
|
|
12
|
-
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'
|
|
12
|
+
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
|
|
13
13
|
description: 'Authorization check response time summary',
|
|
14
14
|
};
|
|
15
15
|
function setPrometheus(customPrometheus) {
|
|
16
16
|
prometheus = customPrometheus;
|
|
17
17
|
if (!prometheus) {
|
|
18
|
-
authorizationCheckResponseTimeMetric = null;
|
|
19
18
|
return;
|
|
20
19
|
}
|
|
21
20
|
const { METRICS_TYPES } = prometheus;
|
|
22
|
-
|
|
23
|
-
if (!metricsManager) {
|
|
24
|
-
return;
|
|
25
|
-
}
|
|
26
|
-
authorizationCheckResponseTimeMetric = metricsManager.addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
21
|
+
authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
27
22
|
}
|
|
28
23
|
function getMetricsManager() {
|
|
29
24
|
return prometheus?.metricsManager;
|
|
30
25
|
}
|
|
31
|
-
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time
|
|
26
|
+
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
|
|
32
27
|
try {
|
|
33
28
|
if (authorizationCheckResponseTimeMetric) {
|
|
34
|
-
authorizationCheckResponseTimeMetric
|
|
35
|
-
.labels(resourceType, action, isAuthorized, responseStatus, apiType)
|
|
36
|
-
.observe(time);
|
|
29
|
+
authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
|
|
37
30
|
}
|
|
38
31
|
}
|
|
39
32
|
catch (e) {
|
|
@@ -21,7 +21,16 @@ export interface Translation {
|
|
|
21
21
|
export declare enum PermitTechnicalReason {
|
|
22
22
|
NO_REASON = 0,
|
|
23
23
|
NOT_ELIGIBLE = 1,
|
|
24
|
-
BY_ROLE_IN_SCOPE = 2
|
|
24
|
+
BY_ROLE_IN_SCOPE = 2,
|
|
25
|
+
/**
|
|
26
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
27
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
28
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
29
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
30
|
+
*/
|
|
31
|
+
NOT_APPLICABLE = 3,
|
|
32
|
+
BY_POLICY = 4,
|
|
33
|
+
BY_OVERRIDE = 5
|
|
25
34
|
}
|
|
26
35
|
export interface ScopedActionPermit {
|
|
27
36
|
can: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;
|
|
1
|
+
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;IACpB;;;;;OAKG;IACH,cAAc,IAAI;IAClB,SAAS,IAAI;IACb,WAAW,IAAI;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,eAAe,EAAE,qBAAqB,CAAC;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,YAAY,CAAC;CACrB;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,YAAY,CAAC;IAC3B,MAAM,EAAE,kBAAkB,CAAC;CAC5B"}
|
|
@@ -5,4 +5,13 @@ exports.PermitTechnicalReason = void 0;
|
|
|
5
5
|
PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
|
|
6
6
|
PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
|
|
7
7
|
PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
|
|
8
|
+
/**
|
|
9
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
10
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
11
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
12
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
13
|
+
*/
|
|
14
|
+
PermitTechnicalReason[PermitTechnicalReason["NOT_APPLICABLE"] = 3] = "NOT_APPLICABLE";
|
|
15
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_POLICY"] = 4] = "BY_POLICY";
|
|
16
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_OVERRIDE"] = 5] = "BY_OVERRIDE";
|
|
8
17
|
})(exports.PermitTechnicalReason || (exports.PermitTechnicalReason = {}));
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mondaydotcomorg/monday-authorization",
|
|
3
|
-
"version": "3.3.0-feat-add-graph-api-routing-support-
|
|
3
|
+
"version": "3.3.0-feat-add-graph-api-routing-support-c17713e",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "BSD-3-Clause",
|
|
@@ -47,7 +47,9 @@
|
|
|
47
47
|
"typescript": "^5.2.2"
|
|
48
48
|
},
|
|
49
49
|
"files": [
|
|
50
|
-
"dist/"
|
|
50
|
+
"dist/",
|
|
51
|
+
"src/",
|
|
52
|
+
"dist/node_modules/lodash-cjs/"
|
|
51
53
|
],
|
|
52
54
|
"eslintConfig": {
|
|
53
55
|
"extends": "@mondaydotcomorg/trident-library",
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
import { Api, Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api';
|
|
2
|
+
import { logger } from './authorization-internal-service';
|
|
3
|
+
|
|
4
|
+
const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
5
|
+
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
6
|
+
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
7
|
+
|
|
8
|
+
let didSendFailureLogOnce = false;
|
|
9
|
+
|
|
10
|
+
export enum PlatformProfile {
|
|
11
|
+
API_INTERNAL = 'api-internal',
|
|
12
|
+
SLOW = 'slow',
|
|
13
|
+
INTERNAL = 'internal',
|
|
14
|
+
APP = 'app',
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
export function getProfile() {
|
|
18
|
+
const tridentContext = Api.getPart('context');
|
|
19
|
+
if (!tridentContext) {
|
|
20
|
+
return PlatformProfile.INTERNAL;
|
|
21
|
+
}
|
|
22
|
+
const { mondayRequestSource } = getExecutionContext(tridentContext);
|
|
23
|
+
|
|
24
|
+
switch (mondayRequestSource) {
|
|
25
|
+
case 'api': {
|
|
26
|
+
return PlatformProfile.API_INTERNAL;
|
|
27
|
+
}
|
|
28
|
+
case 'slow': {
|
|
29
|
+
return PlatformProfile.SLOW;
|
|
30
|
+
}
|
|
31
|
+
default:
|
|
32
|
+
return PlatformProfile.INTERNAL;
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
export function getExecutionContext(context: Context): ExecutionContext {
|
|
37
|
+
return context.execution.get();
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
export function getAttributionsFromApi(): { [key: string]: string } {
|
|
41
|
+
const callerAppNameFromSdk = {
|
|
42
|
+
[APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
|
|
43
|
+
};
|
|
44
|
+
|
|
45
|
+
try {
|
|
46
|
+
const tridentContext = Api.getPart('context');
|
|
47
|
+
|
|
48
|
+
if (!tridentContext) {
|
|
49
|
+
return callerAppNameFromSdk;
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
const { runtimeAttributions } = tridentContext;
|
|
53
|
+
const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
|
|
54
|
+
|
|
55
|
+
if (!runtimeAttributionsOutgoingHeaders) {
|
|
56
|
+
return callerAppNameFromSdk;
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);
|
|
60
|
+
|
|
61
|
+
const attributionHeadersFromSdk = {};
|
|
62
|
+
Object.keys(attributionsHeaders).forEach(function (key) {
|
|
63
|
+
attributionHeadersFromSdk[`${key}${FROM_SDK_HEADER_SUFFIX}`] = attributionsHeaders[key];
|
|
64
|
+
});
|
|
65
|
+
|
|
66
|
+
return attributionHeadersFromSdk;
|
|
67
|
+
} catch (error) {
|
|
68
|
+
if (!didSendFailureLogOnce) {
|
|
69
|
+
logger.warn(
|
|
70
|
+
{ tag: 'authorization-service', error },
|
|
71
|
+
'Failed to generate attributions headers from the API. Unexpected error while extracting headers. It may be caused by out of date Trident version.'
|
|
72
|
+
);
|
|
73
|
+
didSendFailureLogOnce = true;
|
|
74
|
+
}
|
|
75
|
+
return callerAppNameFromSdk;
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
function getEnvVariable(key: string) {
|
|
80
|
+
const envVar = process.env[key] || process.env[key.toUpperCase()] || process.env[key.toLowerCase()];
|
|
81
|
+
return envVar;
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
function tryJsonParse(value: string | undefined) {
|
|
85
|
+
if (!value) {
|
|
86
|
+
return value;
|
|
87
|
+
}
|
|
88
|
+
try {
|
|
89
|
+
return JSON.parse(value);
|
|
90
|
+
} catch (_err) {
|
|
91
|
+
return value;
|
|
92
|
+
}
|
|
93
|
+
}
|