@mondaydotcomorg/monday-authorization 3.3.0-feat-add-graph-api-routing-support-c8d1d84 → 3.3.0-feat-add-graph-api-routing-support-34aa710

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/authorization-service.d.ts.map +1 -1
  2. package/dist/authorization-service.js +4 -4
  3. package/dist/clients/graph-api.d.ts +3 -3
  4. package/dist/clients/graph-api.d.ts.map +1 -1
  5. package/dist/clients/graph-api.js +12 -9
  6. package/dist/constants.d.ts +1 -0
  7. package/dist/constants.d.ts.map +1 -1
  8. package/dist/constants.js +2 -0
  9. package/dist/esm/authorization-service.d.ts.map +1 -1
  10. package/dist/esm/authorization-service.mjs +4 -4
  11. package/dist/esm/clients/graph-api.d.ts +3 -3
  12. package/dist/esm/clients/graph-api.d.ts.map +1 -1
  13. package/dist/esm/clients/graph-api.mjs +12 -9
  14. package/dist/esm/constants.d.ts +1 -0
  15. package/dist/esm/constants.d.ts.map +1 -1
  16. package/dist/esm/constants.mjs +2 -1
  17. package/package.json +1 -1
package/dist/authorization-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA8DnB,oBAAoB;mBAUpB,oBAAoB;CAoF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1
+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAoF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
package/dist/authorization-service.js CHANGED
@@ -112,14 +112,13 @@ class AuthorizationService {
112
112
  return [];
113
113
  }
114
114
  const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
115
- const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
116
115
  const startTime = perf_hooks.performance.now();
117
116
  let scopedActionResponseObjects;
118
117
  let apiType;
119
118
  if (shouldNavigateToGraph) {
119
+ apiType = 'graph';
120
120
  try {
121
- scopedActionResponseObjects = await this.graphApi.checkPermissions(internalAuthToken, scopedActions);
122
- apiType = 'graph';
121
+ scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
123
122
  }
124
123
  catch (error) {
125
124
  const status = error instanceof mondayFetchApi.HttpFetcherError ? error.status : undefined;
@@ -134,9 +133,10 @@ class AuthorizationService {
134
133
  }
135
134
  }
136
135
  else {
136
+ apiType = 'platform';
137
137
  const profile = this.getProfile(accountId, userId);
138
+ const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
138
139
  scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
139
- apiType = 'platform';
140
140
  }
141
141
  const endTime = perf_hooks.performance.now();
142
142
  const time = endTime - startTime;
package/dist/clients/graph-api.d.ts CHANGED
@@ -5,7 +5,7 @@ import { GraphIsAllowedResponse } from '../types/graph-api.types';
5
5
  */
6
6
  export declare class GraphApi {
7
7
  private readonly httpClient;
8
- private readonly appName;
8
+ private readonly consumerAppName;
9
9
  constructor();
10
10
  /**
11
11
  * Builds the request body for Graph API calls
@@ -14,7 +14,7 @@ export declare class GraphApi {
14
14
  /**
15
15
  * Fetches authorization data from the Graph API
16
16
  */
17
- fetchPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<GraphIsAllowedResponse>;
17
+ fetchPermissions(authToken: string, scopedActions: ScopedAction[]): Promise<GraphIsAllowedResponse>;
18
18
  /**
19
19
  * Maps Graph API response to the expected format
20
20
  */
@@ -22,7 +22,7 @@ export declare class GraphApi {
22
22
  /**
23
23
  * Performs a complete authorization check using the Graph API
24
24
  */
25
- checkPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
25
+ checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
26
26
  private static ensureGraphReason;
27
27
  }
28
28
  //# sourceMappingURL=graph-api.d.ts.map
package/dist/clients/graph-api.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAOlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;;IAejC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,iBAAiB,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAqCjH;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAKxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1
+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AASlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAqCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
package/dist/clients/graph-api.js CHANGED
@@ -7,6 +7,8 @@ const authorizationInternalService = require('../authorization-internal-service.
7
7
  const attributionsService = require('../attributions-service.js');
8
8
  const utils_authorization_utils = require('../utils/authorization.utils.js');
9
9
  const metricsService = require('../metrics-service.js');
10
+ const mondayJwt = require('@mondaydotcomorg/monday-jwt');
11
+ const constants = require('../constants.js');
10
12
 
11
13
  const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
12
14
  const APP_NAME_REQUIRED_ERROR = 'GraphApi: APP_NAME environment variable is required for Graph API authentication';
@@ -15,18 +17,18 @@ const APP_NAME_REQUIRED_ERROR = 'GraphApi: APP_NAME environment variable is requ
15
17
  */
16
18
  class GraphApi {
17
19
  httpClient;
18
- appName;
20
+ consumerAppName;
19
21
  constructor() {
20
22
  const httpClient = tridentBackendApi.Api.getPart('httpClient');
21
23
  if (!httpClient) {
22
24
  throw new Error('GraphApi: http client is not initialized');
23
25
  }
24
- const appName = process.env.APP_NAME?.trim();
25
- if (!appName) {
26
+ const consumerAppName = process.env.APP_NAME?.trim();
27
+ if (!consumerAppName) {
26
28
  throw new Error(APP_NAME_REQUIRED_ERROR);
27
29
  }
28
30
  this.httpClient = httpClient;
29
- this.appName = appName;
31
+ this.consumerAppName = consumerAppName;
30
32
  }
31
33
  /**
32
34
  * Builds the request body for Graph API calls
@@ -56,18 +58,18 @@ class GraphApi {
56
58
  /**
57
59
  * Fetches authorization data from the Graph API
58
60
  */
59
- async fetchPermissions(internalAuthToken, scopedActions) {
61
+ async fetchPermissions(authToken, scopedActions) {
60
62
  const attributionHeaders = attributionsService.getAttributionsFromApi();
61
63
  const bodyPayload = GraphApi.buildRequestBody(scopedActions);
62
64
  try {
63
65
  const response = await this.httpClient.fetch({
64
66
  url: {
65
- appName: this.appName,
67
+ appName: constants.GRAPH_APP_NAME,
66
68
  path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
67
69
  },
68
70
  method: 'POST',
69
71
  headers: {
70
- Authorization: internalAuthToken,
72
+ Authorization: authToken,
71
73
  'Content-Type': 'application/json',
72
74
  ...attributionHeaders,
73
75
  },
@@ -119,8 +121,9 @@ class GraphApi {
119
121
  /**
120
122
  * Performs a complete authorization check using the Graph API
121
123
  */
122
- async checkPermissions(internalAuthToken, scopedActions) {
123
- const response = await this.fetchPermissions(internalAuthToken, scopedActions);
124
+ async checkPermissions(accountId, userId, scopedActions) {
125
+ const authToken = mondayJwt.signAuthorizationHeader({ appName: this.consumerAppName, accountId, userId });
126
+ const response = await this.fetchPermissions(authToken, scopedActions);
124
127
  return GraphApi.mapResponse(scopedActions, response);
125
128
  }
126
129
  static ensureGraphReason(reason, context) {
package/dist/constants.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
2
2
  import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
3
3
  export declare const APP_NAME = "authorization";
4
+ export declare const GRAPH_APP_NAME = "authorization-graph";
4
5
  export declare const ERROR_MESSAGES: {
5
6
  readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
6
7
  readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;
package/dist/constants.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AAExC,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
package/dist/constants.js CHANGED
@@ -1,6 +1,7 @@
1
1
  Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
2
2
 
3
3
  const APP_NAME = 'authorization';
4
+ const GRAPH_APP_NAME = 'authorization-graph';
4
5
  const ERROR_MESSAGES = {
5
6
  HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
6
7
  REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
@@ -20,3 +21,4 @@ const DEFAULT_FETCH_OPTIONS = {
20
21
  exports.APP_NAME = APP_NAME;
21
22
  exports.DEFAULT_FETCH_OPTIONS = DEFAULT_FETCH_OPTIONS;
22
23
  exports.ERROR_MESSAGES = ERROR_MESSAGES;
24
+ exports.GRAPH_APP_NAME = GRAPH_APP_NAME;
package/dist/esm/authorization-service.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA8DnB,oBAAoB;mBAUpB,oBAAoB;CAoF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
1
+ {"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAoF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
package/dist/esm/authorization-service.mjs CHANGED
@@ -110,14 +110,13 @@ class AuthorizationService {
110
110
  return [];
111
111
  }
112
112
  const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
113
- const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
114
113
  const startTime = performance.now();
115
114
  let scopedActionResponseObjects;
116
115
  let apiType;
117
116
  if (shouldNavigateToGraph) {
117
+ apiType = 'graph';
118
118
  try {
119
- scopedActionResponseObjects = await this.graphApi.checkPermissions(internalAuthToken, scopedActions);
120
- apiType = 'graph';
119
+ scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
121
120
  }
122
121
  catch (error) {
123
122
  const status = error instanceof HttpFetcherError ? error.status : undefined;
@@ -132,9 +131,10 @@ class AuthorizationService {
132
131
  }
133
132
  }
134
133
  else {
134
+ apiType = 'platform';
135
135
  const profile = this.getProfile(accountId, userId);
136
+ const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
136
137
  scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
137
- apiType = 'platform';
138
138
  }
139
139
  const endTime = performance.now();
140
140
  const time = endTime - startTime;
package/dist/esm/clients/graph-api.d.ts CHANGED
@@ -5,7 +5,7 @@ import { GraphIsAllowedResponse } from '../types/graph-api.types';
5
5
  */
6
6
  export declare class GraphApi {
7
7
  private readonly httpClient;
8
- private readonly appName;
8
+ private readonly consumerAppName;
9
9
  constructor();
10
10
  /**
11
11
  * Builds the request body for Graph API calls
@@ -14,7 +14,7 @@ export declare class GraphApi {
14
14
  /**
15
15
  * Fetches authorization data from the Graph API
16
16
  */
17
- fetchPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<GraphIsAllowedResponse>;
17
+ fetchPermissions(authToken: string, scopedActions: ScopedAction[]): Promise<GraphIsAllowedResponse>;
18
18
  /**
19
19
  * Maps Graph API response to the expected format
20
20
  */
@@ -22,7 +22,7 @@ export declare class GraphApi {
22
22
  /**
23
23
  * Performs a complete authorization check using the Graph API
24
24
  */
25
- checkPermissions(internalAuthToken: string, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
25
+ checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
26
26
  private static ensureGraphReason;
27
27
  }
28
28
  //# sourceMappingURL=graph-api.d.ts.map
package/dist/esm/clients/graph-api.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAOlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;;IAejC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,iBAAiB,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAqCjH;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAKxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1
+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AASlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAqCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
package/dist/esm/clients/graph-api.mjs CHANGED
@@ -5,6 +5,8 @@ import { AuthorizationInternalService } from '../authorization-internal-service.
5
5
  import { getAttributionsFromApi } from '../attributions-service.mjs';
6
6
  import { scopeToResource } from '../utils/authorization.utils.mjs';
7
7
  import { recordAuthorizationError } from '../metrics-service.mjs';
8
+ import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
9
+ import { GRAPH_APP_NAME } from '../constants.mjs';
8
10
 
9
11
  const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
10
12
  const APP_NAME_REQUIRED_ERROR = 'GraphApi: APP_NAME environment variable is required for Graph API authentication';
@@ -13,18 +15,18 @@ const APP_NAME_REQUIRED_ERROR = 'GraphApi: APP_NAME environment variable is requ
13
15
  */
14
16
  class GraphApi {
15
17
  httpClient;
16
- appName;
18
+ consumerAppName;
17
19
  constructor() {
18
20
  const httpClient = Api.getPart('httpClient');
19
21
  if (!httpClient) {
20
22
  throw new Error('GraphApi: http client is not initialized');
21
23
  }
22
- const appName = process.env.APP_NAME?.trim();
23
- if (!appName) {
24
+ const consumerAppName = process.env.APP_NAME?.trim();
25
+ if (!consumerAppName) {
24
26
  throw new Error(APP_NAME_REQUIRED_ERROR);
25
27
  }
26
28
  this.httpClient = httpClient;
27
- this.appName = appName;
29
+ this.consumerAppName = consumerAppName;
28
30
  }
29
31
  /**
30
32
  * Builds the request body for Graph API calls
@@ -54,18 +56,18 @@ class GraphApi {
54
56
  /**
55
57
  * Fetches authorization data from the Graph API
56
58
  */
57
- async fetchPermissions(internalAuthToken, scopedActions) {
59
+ async fetchPermissions(authToken, scopedActions) {
58
60
  const attributionHeaders = getAttributionsFromApi();
59
61
  const bodyPayload = GraphApi.buildRequestBody(scopedActions);
60
62
  try {
61
63
  const response = await this.httpClient.fetch({
62
64
  url: {
63
- appName: this.appName,
65
+ appName: GRAPH_APP_NAME,
64
66
  path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
65
67
  },
66
68
  method: 'POST',
67
69
  headers: {
68
- Authorization: internalAuthToken,
70
+ Authorization: authToken,
69
71
  'Content-Type': 'application/json',
70
72
  ...attributionHeaders,
71
73
  },
@@ -117,8 +119,9 @@ class GraphApi {
117
119
  /**
118
120
  * Performs a complete authorization check using the Graph API
119
121
  */
120
- async checkPermissions(internalAuthToken, scopedActions) {
121
- const response = await this.fetchPermissions(internalAuthToken, scopedActions);
122
+ async checkPermissions(accountId, userId, scopedActions) {
123
+ const authToken = signAuthorizationHeader({ appName: this.consumerAppName, accountId, userId });
124
+ const response = await this.fetchPermissions(authToken, scopedActions);
122
125
  return GraphApi.mapResponse(scopedActions, response);
123
126
  }
124
127
  static ensureGraphReason(reason, context) {
package/dist/esm/constants.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
2
2
  import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
3
3
  export declare const APP_NAME = "authorization";
4
+ export declare const GRAPH_APP_NAME = "authorization-graph";
4
5
  export declare const ERROR_MESSAGES: {
5
6
  readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
6
7
  readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;
package/dist/esm/constants.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AAExC,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
package/dist/esm/constants.mjs CHANGED
@@ -1,4 +1,5 @@
1
1
  const APP_NAME = 'authorization';
2
+ const GRAPH_APP_NAME = 'authorization-graph';
2
3
  const ERROR_MESSAGES = {
3
4
  HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
4
5
  REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
@@ -15,4 +16,4 @@ const DEFAULT_FETCH_OPTIONS = {
15
16
  },
16
17
  };
17
18
 
18
- export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES };
19
+ export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES, GRAPH_APP_NAME };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mondaydotcomorg/monday-authorization",
3
- "version": "3.3.0-feat-add-graph-api-routing-support-c8d1d84",
3
+ "version": "3.3.0-feat-add-graph-api-routing-support-34aa710",
4
4
  "main": "dist/index.js",
5
5
  "types": "dist/index.d.ts",
6
6
  "license": "BSD-3-Clause",