@mondaydotcomorg/monday-authorization 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-2d70b30 → 3.3.1-feature-bashanye-add-membership-create-delete-api-d00c165
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +143 -11
- package/dist/attributions-service.d.ts +3 -2
- package/dist/attributions-service.d.ts.map +1 -1
- package/dist/attributions-service.js +1 -0
- package/dist/authorization-internal-service.d.ts +1 -1
- package/dist/authorization-internal-service.d.ts.map +1 -1
- package/dist/authorization-service.d.ts +5 -0
- package/dist/authorization-service.d.ts.map +1 -1
- package/dist/authorization-service.js +30 -26
- package/dist/clients/graph-api.d.ts +28 -0
- package/dist/clients/graph-api.d.ts.map +1 -0
- package/dist/clients/{graph-api.client.js → graph-api.js} +48 -40
- package/dist/clients/platform-api.d.ts +26 -0
- package/dist/clients/platform-api.d.ts.map +1 -0
- package/dist/clients/{platform-api.client.js → platform-api.js} +20 -20
- package/dist/constants.d.ts +1 -0
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +2 -0
- package/dist/esm/attributions-service.d.ts +3 -2
- package/dist/esm/attributions-service.d.ts.map +1 -1
- package/dist/esm/attributions-service.mjs +1 -0
- package/dist/esm/authorization-internal-service.d.ts +1 -1
- package/dist/esm/authorization-internal-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.d.ts +5 -0
- package/dist/esm/authorization-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.mjs +31 -27
- package/dist/esm/clients/graph-api.d.ts +28 -0
- package/dist/esm/clients/graph-api.d.ts.map +1 -0
- package/dist/esm/clients/{graph-api.client.mjs → graph-api.mjs} +48 -40
- package/dist/esm/clients/platform-api.d.ts +26 -0
- package/dist/esm/clients/platform-api.d.ts.map +1 -0
- package/dist/esm/clients/{platform-api.client.mjs → platform-api.mjs} +21 -21
- package/dist/esm/constants.d.ts +1 -0
- package/dist/esm/constants.d.ts.map +1 -1
- package/dist/esm/constants.mjs +2 -1
- package/dist/esm/index.d.ts +7 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.mjs +9 -0
- package/dist/esm/memberships.d.ts +30 -0
- package/dist/esm/memberships.d.ts.map +1 -0
- package/dist/esm/memberships.mjs +98 -0
- package/dist/esm/metrics-service.d.ts +12 -0
- package/dist/esm/metrics-service.d.ts.map +1 -0
- package/dist/esm/metrics-service.mjs +54 -0
- package/dist/esm/prometheus-service.d.ts +1 -3
- package/dist/esm/prometheus-service.d.ts.map +1 -1
- package/dist/esm/prometheus-service.mjs +5 -58
- package/dist/esm/types/graph-api.types.d.ts +8 -7
- package/dist/esm/types/graph-api.types.d.ts.map +1 -1
- package/dist/esm/types/memberships.d.ts +42 -0
- package/dist/esm/types/memberships.d.ts.map +1 -0
- package/dist/esm/types/memberships.mjs +1 -0
- package/dist/esm/types/scoped-actions-contracts.d.ts +10 -1
- package/dist/esm/types/scoped-actions-contracts.d.ts.map +1 -1
- package/dist/esm/types/scoped-actions-contracts.mjs +9 -0
- package/dist/esm/utils/api-error-handler.d.ts +2 -0
- package/dist/esm/utils/api-error-handler.d.ts.map +1 -0
- package/dist/esm/utils/api-error-handler.mjs +18 -0
- package/dist/index.d.ts +7 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -0
- package/dist/memberships.d.ts +30 -0
- package/dist/memberships.d.ts.map +1 -0
- package/dist/memberships.js +100 -0
- package/dist/metrics-service.d.ts +12 -0
- package/dist/metrics-service.d.ts.map +1 -0
- package/dist/metrics-service.js +58 -0
- package/dist/prometheus-service.d.ts +1 -3
- package/dist/prometheus-service.d.ts.map +1 -1
- package/dist/prometheus-service.js +4 -59
- package/dist/types/graph-api.types.d.ts +8 -7
- package/dist/types/graph-api.types.d.ts.map +1 -1
- package/dist/types/memberships.d.ts +42 -0
- package/dist/types/memberships.d.ts.map +1 -0
- package/dist/types/memberships.js +1 -0
- package/dist/types/scoped-actions-contracts.d.ts +10 -1
- package/dist/types/scoped-actions-contracts.d.ts.map +1 -1
- package/dist/types/scoped-actions-contracts.js +9 -0
- package/dist/utils/api-error-handler.d.ts +2 -0
- package/dist/utils/api-error-handler.d.ts.map +1 -0
- package/dist/utils/api-error-handler.js +20 -0
- package/package.json +5 -2
- package/src/attributions-service.ts +93 -0
- package/src/authorization-attributes-service.ts +234 -0
- package/src/authorization-internal-service.ts +129 -0
- package/src/authorization-middleware.ts +51 -0
- package/src/authorization-service.ts +356 -0
- package/src/clients/graph-api.ts +170 -0
- package/src/clients/platform-api.ts +117 -0
- package/src/constants/sns.ts +5 -0
- package/src/constants.ts +23 -0
- package/src/index.ts +63 -0
- package/src/memberships.ts +111 -0
- package/src/metrics-service.ts +71 -0
- package/src/prometheus-service.ts +51 -0
- package/src/roles-service.ts +125 -0
- package/src/testKit/index.ts +69 -0
- package/src/types/authorization-attributes-contracts.ts +33 -0
- package/src/types/express.ts +8 -0
- package/src/types/general.ts +32 -0
- package/src/types/graph-api.types.ts +25 -0
- package/src/types/memberships.ts +47 -0
- package/src/types/roles.ts +42 -0
- package/src/types/scoped-actions-contracts.ts +57 -0
- package/src/utils/api-error-handler.ts +25 -0
- package/src/utils/authorization.utils.ts +47 -0
- package/dist/clients/graph-api.client.d.ts +0 -24
- package/dist/clients/graph-api.client.d.ts.map +0 -1
- package/dist/clients/platform-api.client.d.ts +0 -31
- package/dist/clients/platform-api.client.d.ts.map +0 -1
- package/dist/esm/clients/graph-api.client.d.ts +0 -24
- package/dist/esm/clients/graph-api.client.d.ts.map +0 -1
- package/dist/esm/clients/platform-api.client.d.ts +0 -31
- package/dist/esm/clients/platform-api.client.d.ts.map +0 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../src/metrics-service.ts"],"names":[],"mappings":"AAGA,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,eAAe,CAAC;AAEtD,UAAU,wBAAwB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CA4BzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAUrG;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CActG"}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
|
+
|
|
3
|
+
const mondayObservabilityKit = require('@mondaydotcomorg/monday-observability-kit');
|
|
4
|
+
const authorizationInternalService = require('./authorization-internal-service.js');
|
|
5
|
+
|
|
6
|
+
let initialized = false;
|
|
7
|
+
function initializeMetrics(options) {
|
|
8
|
+
if (initialized) {
|
|
9
|
+
return;
|
|
10
|
+
}
|
|
11
|
+
const { serviceName } = options;
|
|
12
|
+
if (!serviceName) {
|
|
13
|
+
authorizationInternalService.logger.warn({ tag: 'metrics-service' }, 'Metrics initialization skipped: serviceName is missing');
|
|
14
|
+
return;
|
|
15
|
+
}
|
|
16
|
+
const resolvedHost = options.host ?? process.env.DOGSTATSD_HOST ?? 'localhost';
|
|
17
|
+
const envPort = process.env.DOGSTATSD_PORT ? Number(process.env.DOGSTATSD_PORT) : undefined;
|
|
18
|
+
const resolvedPort = options.port ?? (Number.isFinite(envPort ?? NaN) ? envPort : undefined) ?? 8125;
|
|
19
|
+
const resolvedDisabled = options.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
|
|
20
|
+
try {
|
|
21
|
+
mondayObservabilityKit.Metric.initialize({
|
|
22
|
+
serviceName,
|
|
23
|
+
host: resolvedHost,
|
|
24
|
+
port: resolvedPort,
|
|
25
|
+
disabled: resolvedDisabled,
|
|
26
|
+
});
|
|
27
|
+
initialized = true;
|
|
28
|
+
}
|
|
29
|
+
catch (error) {
|
|
30
|
+
authorizationInternalService.logger.warn({ tag: 'metrics-service', error }, 'Failed to initialize metrics');
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
function recordAuthorizationTiming(apiType, duration, placement) {
|
|
34
|
+
if (!initialized) {
|
|
35
|
+
return;
|
|
36
|
+
}
|
|
37
|
+
try {
|
|
38
|
+
mondayObservabilityKit.Metric.distribution(`authorization.authorizationCheck.${apiType}.${placement}.duration`, duration);
|
|
39
|
+
}
|
|
40
|
+
catch {
|
|
41
|
+
// ignore metric emission failures
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
function recordAuthorizationError(apiType, statusCode, placement) {
|
|
45
|
+
if (!initialized) {
|
|
46
|
+
return;
|
|
47
|
+
}
|
|
48
|
+
try {
|
|
49
|
+
mondayObservabilityKit.Metric.increment(`authorization.authorizationCheck.${apiType}.${placement}.error`, { statusCode: String(statusCode) }, 1);
|
|
50
|
+
}
|
|
51
|
+
catch {
|
|
52
|
+
// ignore metric emission failures
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
exports.initializeMetrics = initializeMetrics;
|
|
57
|
+
exports.recordAuthorizationError = recordAuthorizationError;
|
|
58
|
+
exports.recordAuthorizationTiming = recordAuthorizationTiming;
|
|
@@ -6,7 +6,5 @@ export declare const METRICS: {
|
|
|
6
6
|
};
|
|
7
7
|
export declare function setPrometheus(customPrometheus: any): void;
|
|
8
8
|
export declare function getMetricsManager(): any;
|
|
9
|
-
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number
|
|
10
|
-
export declare function incrementAuthorizationSuccess(resourceType: string, action: Action, apiType: 'platform' | 'graph'): void;
|
|
11
|
-
export declare function incrementAuthorizationError(resourceType: string, action: Action, statusCode: number, apiType: 'platform' | 'graph'): void;
|
|
9
|
+
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;
|
|
12
10
|
//# sourceMappingURL=prometheus-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAa7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}
|
|
@@ -2,8 +2,6 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
|
2
2
|
|
|
3
3
|
let prometheus = null;
|
|
4
4
|
let authorizationCheckResponseTimeMetric = null;
|
|
5
|
-
let authorizationSuccessMetric = null;
|
|
6
|
-
let authorizationErrorMetric = null;
|
|
7
5
|
const METRICS = {
|
|
8
6
|
AUTHORIZATION_CHECK: 'authorization_check',
|
|
9
7
|
AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
|
|
@@ -11,85 +9,32 @@ const METRICS = {
|
|
|
11
9
|
};
|
|
12
10
|
const authorizationCheckResponseTimeMetricConfig = {
|
|
13
11
|
name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
|
|
14
|
-
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'
|
|
12
|
+
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
|
|
15
13
|
description: 'Authorization check response time summary',
|
|
16
14
|
};
|
|
17
15
|
function setPrometheus(customPrometheus) {
|
|
18
16
|
prometheus = customPrometheus;
|
|
19
17
|
if (!prometheus) {
|
|
20
|
-
authorizationCheckResponseTimeMetric = null;
|
|
21
|
-
authorizationSuccessMetric = null;
|
|
22
|
-
authorizationErrorMetric = null;
|
|
23
18
|
return;
|
|
24
19
|
}
|
|
25
20
|
const { METRICS_TYPES } = prometheus;
|
|
26
|
-
|
|
27
|
-
if (metricsManager) {
|
|
28
|
-
authorizationCheckResponseTimeMetric = metricsManager.addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
29
|
-
initializeAdditionalMetrics();
|
|
30
|
-
}
|
|
21
|
+
authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
31
22
|
}
|
|
32
23
|
function getMetricsManager() {
|
|
33
24
|
return prometheus?.metricsManager;
|
|
34
25
|
}
|
|
35
|
-
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time
|
|
26
|
+
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
|
|
36
27
|
try {
|
|
37
28
|
if (authorizationCheckResponseTimeMetric) {
|
|
38
|
-
authorizationCheckResponseTimeMetric
|
|
39
|
-
.labels(resourceType, action, isAuthorized, responseStatus, apiType)
|
|
40
|
-
.observe(time);
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
catch (e) {
|
|
44
|
-
// ignore
|
|
45
|
-
}
|
|
46
|
-
}
|
|
47
|
-
const authorizationSuccessMetricConfig = {
|
|
48
|
-
name: 'authorization_success_total',
|
|
49
|
-
labels: ['resourceType', 'action', 'apiType'],
|
|
50
|
-
description: 'Total number of successful authorization checks',
|
|
51
|
-
};
|
|
52
|
-
const authorizationErrorMetricConfig = {
|
|
53
|
-
name: 'authorization_error_total',
|
|
54
|
-
labels: ['resourceType', 'action', 'statusCode', 'apiType'],
|
|
55
|
-
description: 'Total number of authorization errors',
|
|
56
|
-
};
|
|
57
|
-
function incrementAuthorizationSuccess(resourceType, action, apiType) {
|
|
58
|
-
try {
|
|
59
|
-
if (authorizationSuccessMetric) {
|
|
60
|
-
authorizationSuccessMetric.labels(resourceType, action, apiType).inc();
|
|
29
|
+
authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
|
|
61
30
|
}
|
|
62
31
|
}
|
|
63
32
|
catch (e) {
|
|
64
33
|
// ignore
|
|
65
34
|
}
|
|
66
35
|
}
|
|
67
|
-
function incrementAuthorizationError(resourceType, action, statusCode, apiType) {
|
|
68
|
-
try {
|
|
69
|
-
if (authorizationErrorMetric) {
|
|
70
|
-
authorizationErrorMetric.labels(resourceType, action, statusCode, apiType).inc();
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
catch (e) {
|
|
74
|
-
// ignore
|
|
75
|
-
}
|
|
76
|
-
}
|
|
77
|
-
// Initialize additional metrics when prometheus is set
|
|
78
|
-
function initializeAdditionalMetrics() {
|
|
79
|
-
if (!prometheus) {
|
|
80
|
-
return;
|
|
81
|
-
}
|
|
82
|
-
const { METRICS_TYPES } = prometheus;
|
|
83
|
-
const metricsManager = getMetricsManager();
|
|
84
|
-
if (metricsManager) {
|
|
85
|
-
authorizationSuccessMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationSuccessMetricConfig.name, authorizationSuccessMetricConfig.labels, authorizationSuccessMetricConfig.description);
|
|
86
|
-
authorizationErrorMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationErrorMetricConfig.name, authorizationErrorMetricConfig.labels, authorizationErrorMetricConfig.description);
|
|
87
|
-
}
|
|
88
|
-
}
|
|
89
36
|
|
|
90
37
|
exports.METRICS = METRICS;
|
|
91
38
|
exports.getMetricsManager = getMetricsManager;
|
|
92
|
-
exports.incrementAuthorizationError = incrementAuthorizationError;
|
|
93
|
-
exports.incrementAuthorizationSuccess = incrementAuthorizationSuccess;
|
|
94
39
|
exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;
|
|
95
40
|
exports.setPrometheus = setPrometheus;
|
|
@@ -2,14 +2,15 @@ export type ResourceType = string;
|
|
|
2
2
|
export type ResourceId = number;
|
|
3
3
|
export type ActionName = string;
|
|
4
4
|
export type GraphIsAllowedDto = Record<ResourceType, Record<ResourceId, ActionName[]>>;
|
|
5
|
-
export
|
|
5
|
+
export interface GraphPermissionReason {
|
|
6
|
+
key: string;
|
|
7
|
+
additionalOptions?: Record<string, string>;
|
|
8
|
+
technicalReason?: number;
|
|
9
|
+
}
|
|
10
|
+
export interface GraphPermissionResult {
|
|
6
11
|
can: boolean;
|
|
7
|
-
reason
|
|
8
|
-
|
|
9
|
-
additionalOptions?: Record<string, string>;
|
|
10
|
-
technicalReason?: number;
|
|
11
|
-
};
|
|
12
|
-
};
|
|
12
|
+
reason?: GraphPermissionReason;
|
|
13
|
+
}
|
|
13
14
|
export type GraphPermissionResults = Record<ActionName, GraphPermissionResult>;
|
|
14
15
|
export type GraphIsAllowedResponse = Record<ResourceType, Record<string, GraphPermissionResults>>;
|
|
15
16
|
//# sourceMappingURL=graph-api.types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"graph-api.types.d.ts","sourceRoot":"","sources":["../../src/types/graph-api.types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAChC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAEhC,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEvF,MAAM,
|
|
1
|
+
{"version":3,"file":"graph-api.types.d.ts","sourceRoot":"","sources":["../../src/types/graph-api.types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAChC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAEhC,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEvF,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3C,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,CAAC,EAAE,qBAAqB,CAAC;CAChC;AAGD,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;AAI/E,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
export interface MembershipCreateRequest {
|
|
2
|
+
memberships: MembershipForCreate[];
|
|
3
|
+
}
|
|
4
|
+
export interface MembershipDeleteRequest {
|
|
5
|
+
memberships: MembershipForDelete[];
|
|
6
|
+
}
|
|
7
|
+
export interface MembershipForCreate {
|
|
8
|
+
entityId: number;
|
|
9
|
+
entityType: string;
|
|
10
|
+
resourceId: number;
|
|
11
|
+
resourceType: string;
|
|
12
|
+
roleId: number;
|
|
13
|
+
roleType?: string;
|
|
14
|
+
addedById: number;
|
|
15
|
+
}
|
|
16
|
+
export interface MembershipForDelete {
|
|
17
|
+
entityId?: number;
|
|
18
|
+
entityType: string;
|
|
19
|
+
resourceId?: number;
|
|
20
|
+
resourceType: string;
|
|
21
|
+
}
|
|
22
|
+
export interface MembershipCreateResponse {
|
|
23
|
+
memberships: Membership[];
|
|
24
|
+
}
|
|
25
|
+
export interface MembershipDeleteResponse {
|
|
26
|
+
memberships: Membership[];
|
|
27
|
+
}
|
|
28
|
+
export interface Membership {
|
|
29
|
+
id: number;
|
|
30
|
+
entityId: number;
|
|
31
|
+
entityType: string;
|
|
32
|
+
resourceId: number;
|
|
33
|
+
resourceType: string;
|
|
34
|
+
roleId: number;
|
|
35
|
+
roleType: string;
|
|
36
|
+
addedById: null | number | undefined;
|
|
37
|
+
hops: number;
|
|
38
|
+
isNewRecord: boolean;
|
|
39
|
+
previousValues: Partial<Membership>;
|
|
40
|
+
walVersion: number | null | undefined;
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=memberships.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../../src/types/memberships.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACpC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;CACvC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
|
|
@@ -21,7 +21,16 @@ export interface Translation {
|
|
|
21
21
|
export declare enum PermitTechnicalReason {
|
|
22
22
|
NO_REASON = 0,
|
|
23
23
|
NOT_ELIGIBLE = 1,
|
|
24
|
-
BY_ROLE_IN_SCOPE = 2
|
|
24
|
+
BY_ROLE_IN_SCOPE = 2,
|
|
25
|
+
/**
|
|
26
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
27
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
28
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
29
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
30
|
+
*/
|
|
31
|
+
NOT_APPLICABLE = 3,
|
|
32
|
+
BY_POLICY = 4,
|
|
33
|
+
BY_OVERRIDE = 5
|
|
25
34
|
}
|
|
26
35
|
export interface ScopedActionPermit {
|
|
27
36
|
can: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;
|
|
1
|
+
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;IACpB;;;;;OAKG;IACH,cAAc,IAAI;IAClB,SAAS,IAAI;IACb,WAAW,IAAI;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,eAAe,EAAE,qBAAqB,CAAC;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,YAAY,CAAC;CACrB;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,YAAY,CAAC;IAC3B,MAAM,EAAE,kBAAkB,CAAC;CAC5B"}
|
|
@@ -5,4 +5,13 @@ exports.PermitTechnicalReason = void 0;
|
|
|
5
5
|
PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
|
|
6
6
|
PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
|
|
7
7
|
PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
|
|
8
|
+
/**
|
|
9
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
10
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
11
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
12
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
13
|
+
*/
|
|
14
|
+
PermitTechnicalReason[PermitTechnicalReason["NOT_APPLICABLE"] = 3] = "NOT_APPLICABLE";
|
|
15
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_POLICY"] = 4] = "BY_POLICY";
|
|
16
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_OVERRIDE"] = 5] = "BY_OVERRIDE";
|
|
8
17
|
})(exports.PermitTechnicalReason || (exports.PermitTechnicalReason = {}));
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAC5B,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,UAAU,GAAG,OAAO,GAAG,eAAe,EAC/C,SAAS,EAAE,MAAM,GAChB,KAAK,CAgBP"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
|
+
|
|
3
|
+
const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
|
|
4
|
+
const authorizationInternalService = require('../authorization-internal-service.js');
|
|
5
|
+
const metricsService = require('../metrics-service.js');
|
|
6
|
+
|
|
7
|
+
function handleApiError(err, apiType, placement) {
|
|
8
|
+
if (err instanceof mondayFetchApi.HttpFetcherError) {
|
|
9
|
+
authorizationInternalService.logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
|
|
10
|
+
metricsService.recordAuthorizationError(apiType, err.status, placement);
|
|
11
|
+
authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, placement);
|
|
12
|
+
}
|
|
13
|
+
else {
|
|
14
|
+
authorizationInternalService.logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
|
|
15
|
+
metricsService.recordAuthorizationError(apiType, 500, placement);
|
|
16
|
+
throw err;
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
exports.handleApiError = handleApiError;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mondaydotcomorg/monday-authorization",
|
|
3
|
-
"version": "3.3.
|
|
3
|
+
"version": "3.3.1-feature-bashanye-add-membership-create-delete-api-d00c165",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "BSD-3-Clause",
|
|
@@ -25,6 +25,7 @@
|
|
|
25
25
|
"@mondaydotcomorg/monday-fetch-api": "^1.0.2",
|
|
26
26
|
"@mondaydotcomorg/monday-jwt": "^3.0.14",
|
|
27
27
|
"@mondaydotcomorg/monday-logger": "^4.0.11",
|
|
28
|
+
"@mondaydotcomorg/monday-observability-kit": "^1.5.3",
|
|
28
29
|
"@mondaydotcomorg/monday-sns": "^1.2.1",
|
|
29
30
|
"@mondaydotcomorg/trident-backend-api": "^0.24.3",
|
|
30
31
|
"lodash": "^4.17.21",
|
|
@@ -46,7 +47,9 @@
|
|
|
46
47
|
"typescript": "^5.2.2"
|
|
47
48
|
},
|
|
48
49
|
"files": [
|
|
49
|
-
"dist/"
|
|
50
|
+
"dist/",
|
|
51
|
+
"src/",
|
|
52
|
+
"dist/node_modules/lodash-cjs/"
|
|
50
53
|
],
|
|
51
54
|
"eslintConfig": {
|
|
52
55
|
"extends": "@mondaydotcomorg/trident-library",
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
import { Api, Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api';
|
|
2
|
+
import { logger } from './authorization-internal-service';
|
|
3
|
+
|
|
4
|
+
const APP_NAME_VARIABLE_KEY = 'APP_NAME';
|
|
5
|
+
const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
|
|
6
|
+
const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
|
|
7
|
+
|
|
8
|
+
let didSendFailureLogOnce = false;
|
|
9
|
+
|
|
10
|
+
export enum PlatformProfile {
|
|
11
|
+
API_INTERNAL = 'api-internal',
|
|
12
|
+
SLOW = 'slow',
|
|
13
|
+
INTERNAL = 'internal',
|
|
14
|
+
APP = 'app',
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
export function getProfile() {
|
|
18
|
+
const tridentContext = Api.getPart('context');
|
|
19
|
+
if (!tridentContext) {
|
|
20
|
+
return PlatformProfile.INTERNAL;
|
|
21
|
+
}
|
|
22
|
+
const { mondayRequestSource } = getExecutionContext(tridentContext);
|
|
23
|
+
|
|
24
|
+
switch (mondayRequestSource) {
|
|
25
|
+
case 'api': {
|
|
26
|
+
return PlatformProfile.API_INTERNAL;
|
|
27
|
+
}
|
|
28
|
+
case 'slow': {
|
|
29
|
+
return PlatformProfile.SLOW;
|
|
30
|
+
}
|
|
31
|
+
default:
|
|
32
|
+
return PlatformProfile.INTERNAL;
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
export function getExecutionContext(context: Context): ExecutionContext {
|
|
37
|
+
return context.execution.get();
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
export function getAttributionsFromApi(): { [key: string]: string } {
|
|
41
|
+
const callerAppNameFromSdk = {
|
|
42
|
+
[APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
|
|
43
|
+
};
|
|
44
|
+
|
|
45
|
+
try {
|
|
46
|
+
const tridentContext = Api.getPart('context');
|
|
47
|
+
|
|
48
|
+
if (!tridentContext) {
|
|
49
|
+
return callerAppNameFromSdk;
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
const { runtimeAttributions } = tridentContext;
|
|
53
|
+
const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
|
|
54
|
+
|
|
55
|
+
if (!runtimeAttributionsOutgoingHeaders) {
|
|
56
|
+
return callerAppNameFromSdk;
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);
|
|
60
|
+
|
|
61
|
+
const attributionHeadersFromSdk = {};
|
|
62
|
+
Object.keys(attributionsHeaders).forEach(function (key) {
|
|
63
|
+
attributionHeadersFromSdk[`${key}${FROM_SDK_HEADER_SUFFIX}`] = attributionsHeaders[key];
|
|
64
|
+
});
|
|
65
|
+
|
|
66
|
+
return attributionHeadersFromSdk;
|
|
67
|
+
} catch (error) {
|
|
68
|
+
if (!didSendFailureLogOnce) {
|
|
69
|
+
logger.warn(
|
|
70
|
+
{ tag: 'authorization-service', error },
|
|
71
|
+
'Failed to generate attributions headers from the API. Unexpected error while extracting headers. It may be caused by out of date Trident version.'
|
|
72
|
+
);
|
|
73
|
+
didSendFailureLogOnce = true;
|
|
74
|
+
}
|
|
75
|
+
return callerAppNameFromSdk;
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
function getEnvVariable(key: string) {
|
|
80
|
+
const envVar = process.env[key] || process.env[key.toUpperCase()] || process.env[key.toLowerCase()];
|
|
81
|
+
return envVar;
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
function tryJsonParse(value: string | undefined) {
|
|
85
|
+
if (!value) {
|
|
86
|
+
return value;
|
|
87
|
+
}
|
|
88
|
+
try {
|
|
89
|
+
return JSON.parse(value);
|
|
90
|
+
} catch (_err) {
|
|
91
|
+
return value;
|
|
92
|
+
}
|
|
93
|
+
}
|