@mondaydotcomorg/monday-authorization 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-63c65ad → 3.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +36 -10
- package/dist/attributions-service.d.ts +3 -2
- package/dist/attributions-service.d.ts.map +1 -1
- package/dist/attributions-service.js +1 -0
- package/dist/authorization-internal-service.d.ts +1 -1
- package/dist/authorization-internal-service.d.ts.map +1 -1
- package/dist/authorization-service.d.ts +5 -0
- package/dist/authorization-service.d.ts.map +1 -1
- package/dist/authorization-service.js +30 -26
- package/dist/clients/graph-api.d.ts +28 -0
- package/dist/clients/graph-api.d.ts.map +1 -0
- package/dist/clients/{graph-api.client.js → graph-api.js} +48 -40
- package/dist/clients/platform-api.d.ts +26 -0
- package/dist/clients/platform-api.d.ts.map +1 -0
- package/dist/clients/{platform-api.client.js → platform-api.js} +20 -20
- package/dist/constants.d.ts +1 -0
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +2 -0
- package/dist/esm/attributions-service.d.ts +3 -2
- package/dist/esm/attributions-service.d.ts.map +1 -1
- package/dist/esm/attributions-service.mjs +1 -0
- package/dist/esm/authorization-internal-service.d.ts +1 -1
- package/dist/esm/authorization-internal-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.d.ts +5 -0
- package/dist/esm/authorization-service.d.ts.map +1 -1
- package/dist/esm/authorization-service.mjs +31 -27
- package/dist/esm/clients/graph-api.d.ts +28 -0
- package/dist/esm/clients/graph-api.d.ts.map +1 -0
- package/dist/esm/clients/{graph-api.client.mjs → graph-api.mjs} +48 -40
- package/dist/esm/clients/platform-api.d.ts +26 -0
- package/dist/esm/clients/platform-api.d.ts.map +1 -0
- package/dist/esm/clients/{platform-api.client.mjs → platform-api.mjs} +21 -21
- package/dist/esm/constants.d.ts +1 -0
- package/dist/esm/constants.d.ts.map +1 -1
- package/dist/esm/constants.mjs +2 -1
- package/dist/esm/index.d.ts +6 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.mjs +8 -0
- package/dist/esm/metrics-service.d.ts +12 -0
- package/dist/esm/metrics-service.d.ts.map +1 -0
- package/dist/esm/metrics-service.mjs +54 -0
- package/dist/esm/prometheus-service.d.ts +1 -3
- package/dist/esm/prometheus-service.d.ts.map +1 -1
- package/dist/esm/prometheus-service.mjs +5 -58
- package/dist/esm/types/graph-api.types.d.ts +8 -7
- package/dist/esm/types/graph-api.types.d.ts.map +1 -1
- package/dist/esm/types/scoped-actions-contracts.d.ts +10 -1
- package/dist/esm/types/scoped-actions-contracts.d.ts.map +1 -1
- package/dist/esm/types/scoped-actions-contracts.mjs +9 -0
- package/dist/esm/utils/api-error-handler.d.ts +2 -0
- package/dist/esm/utils/api-error-handler.d.ts.map +1 -0
- package/dist/esm/utils/api-error-handler.mjs +18 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -0
- package/dist/metrics-service.d.ts +12 -0
- package/dist/metrics-service.d.ts.map +1 -0
- package/dist/metrics-service.js +58 -0
- package/dist/prometheus-service.d.ts +1 -3
- package/dist/prometheus-service.d.ts.map +1 -1
- package/dist/prometheus-service.js +4 -59
- package/dist/types/graph-api.types.d.ts +8 -7
- package/dist/types/graph-api.types.d.ts.map +1 -1
- package/dist/types/scoped-actions-contracts.d.ts +10 -1
- package/dist/types/scoped-actions-contracts.d.ts.map +1 -1
- package/dist/types/scoped-actions-contracts.js +9 -0
- package/dist/utils/api-error-handler.d.ts +2 -0
- package/dist/utils/api-error-handler.d.ts.map +1 -0
- package/dist/utils/api-error-handler.js +20 -0
- package/package.json +5 -2
- package/src/attributions-service.ts +93 -0
- package/src/authorization-attributes-service.ts +234 -0
- package/src/authorization-internal-service.ts +129 -0
- package/src/authorization-middleware.ts +51 -0
- package/src/authorization-service.ts +356 -0
- package/src/clients/graph-api.ts +170 -0
- package/src/clients/platform-api.ts +117 -0
- package/src/constants/sns.ts +5 -0
- package/src/constants.ts +23 -0
- package/src/index.ts +62 -0
- package/src/metrics-service.ts +67 -0
- package/src/prometheus-service.ts +51 -0
- package/src/roles-service.ts +125 -0
- package/src/testKit/index.ts +69 -0
- package/src/types/authorization-attributes-contracts.ts +33 -0
- package/src/types/express.ts +8 -0
- package/src/types/general.ts +32 -0
- package/src/types/graph-api.types.ts +25 -0
- package/src/types/roles.ts +42 -0
- package/src/types/scoped-actions-contracts.ts +57 -0
- package/src/utils/api-error-handler.ts +21 -0
- package/src/utils/authorization.utils.ts +47 -0
- package/dist/clients/graph-api.client.d.ts +0 -24
- package/dist/clients/graph-api.client.d.ts.map +0 -1
- package/dist/clients/platform-api.client.d.ts +0 -31
- package/dist/clients/platform-api.client.d.ts.map +0 -1
- package/dist/esm/clients/graph-api.client.d.ts +0 -24
- package/dist/esm/clients/graph-api.client.d.ts.map +0 -1
- package/dist/esm/clients/platform-api.client.d.ts +0 -31
- package/dist/esm/clients/platform-api.client.d.ts.map +0 -1
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
let prometheus = null;
|
|
2
2
|
let authorizationCheckResponseTimeMetric = null;
|
|
3
|
-
let authorizationSuccessMetric = null;
|
|
4
|
-
let authorizationErrorMetric = null;
|
|
5
3
|
const METRICS = {
|
|
6
4
|
AUTHORIZATION_CHECK: 'authorization_check',
|
|
7
5
|
AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
|
|
@@ -9,80 +7,29 @@ const METRICS = {
|
|
|
9
7
|
};
|
|
10
8
|
const authorizationCheckResponseTimeMetricConfig = {
|
|
11
9
|
name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
|
|
12
|
-
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'
|
|
10
|
+
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
|
|
13
11
|
description: 'Authorization check response time summary',
|
|
14
12
|
};
|
|
15
13
|
function setPrometheus(customPrometheus) {
|
|
16
14
|
prometheus = customPrometheus;
|
|
17
15
|
if (!prometheus) {
|
|
18
|
-
authorizationCheckResponseTimeMetric = null;
|
|
19
|
-
authorizationSuccessMetric = null;
|
|
20
|
-
authorizationErrorMetric = null;
|
|
21
16
|
return;
|
|
22
17
|
}
|
|
23
18
|
const { METRICS_TYPES } = prometheus;
|
|
24
|
-
|
|
25
|
-
if (metricsManager) {
|
|
26
|
-
authorizationCheckResponseTimeMetric = metricsManager.addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
27
|
-
initializeAdditionalMetrics();
|
|
28
|
-
}
|
|
19
|
+
authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
29
20
|
}
|
|
30
21
|
function getMetricsManager() {
|
|
31
22
|
return prometheus?.metricsManager;
|
|
32
23
|
}
|
|
33
|
-
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time
|
|
24
|
+
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
|
|
34
25
|
try {
|
|
35
26
|
if (authorizationCheckResponseTimeMetric) {
|
|
36
|
-
authorizationCheckResponseTimeMetric
|
|
37
|
-
.labels(resourceType, action, isAuthorized, responseStatus, apiType)
|
|
38
|
-
.observe(time);
|
|
39
|
-
}
|
|
40
|
-
}
|
|
41
|
-
catch (e) {
|
|
42
|
-
// ignore
|
|
43
|
-
}
|
|
44
|
-
}
|
|
45
|
-
const authorizationSuccessMetricConfig = {
|
|
46
|
-
name: 'authorization_success_total',
|
|
47
|
-
labels: ['resourceType', 'action', 'apiType'],
|
|
48
|
-
description: 'Total number of successful authorization checks',
|
|
49
|
-
};
|
|
50
|
-
const authorizationErrorMetricConfig = {
|
|
51
|
-
name: 'authorization_error_total',
|
|
52
|
-
labels: ['resourceType', 'action', 'statusCode', 'apiType'],
|
|
53
|
-
description: 'Total number of authorization errors',
|
|
54
|
-
};
|
|
55
|
-
function incrementAuthorizationSuccess(resourceType, action, apiType) {
|
|
56
|
-
try {
|
|
57
|
-
if (authorizationSuccessMetric) {
|
|
58
|
-
authorizationSuccessMetric.labels(resourceType, action, apiType).inc();
|
|
27
|
+
authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
|
|
59
28
|
}
|
|
60
29
|
}
|
|
61
30
|
catch (e) {
|
|
62
31
|
// ignore
|
|
63
32
|
}
|
|
64
33
|
}
|
|
65
|
-
function incrementAuthorizationError(resourceType, action, statusCode, apiType) {
|
|
66
|
-
try {
|
|
67
|
-
if (authorizationErrorMetric) {
|
|
68
|
-
authorizationErrorMetric.labels(resourceType, action, statusCode, apiType).inc();
|
|
69
|
-
}
|
|
70
|
-
}
|
|
71
|
-
catch (e) {
|
|
72
|
-
// ignore
|
|
73
|
-
}
|
|
74
|
-
}
|
|
75
|
-
// Initialize additional metrics when prometheus is set
|
|
76
|
-
function initializeAdditionalMetrics() {
|
|
77
|
-
if (!prometheus) {
|
|
78
|
-
return;
|
|
79
|
-
}
|
|
80
|
-
const { METRICS_TYPES } = prometheus;
|
|
81
|
-
const metricsManager = getMetricsManager();
|
|
82
|
-
if (metricsManager) {
|
|
83
|
-
authorizationSuccessMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationSuccessMetricConfig.name, authorizationSuccessMetricConfig.labels, authorizationSuccessMetricConfig.description);
|
|
84
|
-
authorizationErrorMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationErrorMetricConfig.name, authorizationErrorMetricConfig.labels, authorizationErrorMetricConfig.description);
|
|
85
|
-
}
|
|
86
|
-
}
|
|
87
34
|
|
|
88
|
-
export { METRICS, getMetricsManager,
|
|
35
|
+
export { METRICS, getMetricsManager, sendAuthorizationCheckResponseTimeMetric, setPrometheus };
|
|
@@ -2,14 +2,15 @@ export type ResourceType = string;
|
|
|
2
2
|
export type ResourceId = number;
|
|
3
3
|
export type ActionName = string;
|
|
4
4
|
export type GraphIsAllowedDto = Record<ResourceType, Record<ResourceId, ActionName[]>>;
|
|
5
|
-
export
|
|
5
|
+
export interface GraphPermissionReason {
|
|
6
|
+
key: string;
|
|
7
|
+
additionalOptions?: Record<string, string>;
|
|
8
|
+
technicalReason?: number;
|
|
9
|
+
}
|
|
10
|
+
export interface GraphPermissionResult {
|
|
6
11
|
can: boolean;
|
|
7
|
-
reason
|
|
8
|
-
|
|
9
|
-
additionalOptions?: Record<string, string>;
|
|
10
|
-
technicalReason?: number;
|
|
11
|
-
};
|
|
12
|
-
};
|
|
12
|
+
reason?: GraphPermissionReason;
|
|
13
|
+
}
|
|
13
14
|
export type GraphPermissionResults = Record<ActionName, GraphPermissionResult>;
|
|
14
15
|
export type GraphIsAllowedResponse = Record<ResourceType, Record<string, GraphPermissionResults>>;
|
|
15
16
|
//# sourceMappingURL=graph-api.types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"graph-api.types.d.ts","sourceRoot":"","sources":["../../../src/types/graph-api.types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAChC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAEhC,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEvF,MAAM,
|
|
1
|
+
{"version":3,"file":"graph-api.types.d.ts","sourceRoot":"","sources":["../../../src/types/graph-api.types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAChC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAEhC,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEvF,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3C,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,CAAC,EAAE,qBAAqB,CAAC;CAChC;AAGD,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;AAI/E,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC"}
|
|
@@ -21,7 +21,16 @@ export interface Translation {
|
|
|
21
21
|
export declare enum PermitTechnicalReason {
|
|
22
22
|
NO_REASON = 0,
|
|
23
23
|
NOT_ELIGIBLE = 1,
|
|
24
|
-
BY_ROLE_IN_SCOPE = 2
|
|
24
|
+
BY_ROLE_IN_SCOPE = 2,
|
|
25
|
+
/**
|
|
26
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
27
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
28
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
29
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
30
|
+
*/
|
|
31
|
+
NOT_APPLICABLE = 3,
|
|
32
|
+
BY_POLICY = 4,
|
|
33
|
+
BY_OVERRIDE = 5
|
|
25
34
|
}
|
|
26
35
|
export interface ScopedActionPermit {
|
|
27
36
|
can: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;
|
|
1
|
+
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;IACpB;;;;;OAKG;IACH,cAAc,IAAI;IAClB,SAAS,IAAI;IACb,WAAW,IAAI;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,eAAe,EAAE,qBAAqB,CAAC;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,YAAY,CAAC;CACrB;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,YAAY,CAAC;IAC3B,MAAM,EAAE,kBAAkB,CAAC;CAC5B"}
|
|
@@ -3,6 +3,15 @@ var PermitTechnicalReason;
|
|
|
3
3
|
PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
|
|
4
4
|
PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
|
|
5
5
|
PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
|
|
6
|
+
/**
|
|
7
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
8
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
9
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
10
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
11
|
+
*/
|
|
12
|
+
PermitTechnicalReason[PermitTechnicalReason["NOT_APPLICABLE"] = 3] = "NOT_APPLICABLE";
|
|
13
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_POLICY"] = 4] = "BY_POLICY";
|
|
14
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_OVERRIDE"] = 5] = "BY_OVERRIDE";
|
|
6
15
|
})(PermitTechnicalReason || (PermitTechnicalReason = {}));
|
|
7
16
|
|
|
8
17
|
export { PermitTechnicalReason };
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK,CAgBpG"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
|
|
2
|
+
import { logger, AuthorizationInternalService } from '../authorization-internal-service.mjs';
|
|
3
|
+
import { recordAuthorizationError } from '../metrics-service.mjs';
|
|
4
|
+
|
|
5
|
+
function handleApiError(err, apiType, placement) {
|
|
6
|
+
if (err instanceof HttpFetcherError) {
|
|
7
|
+
logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
|
|
8
|
+
recordAuthorizationError(apiType, err.status);
|
|
9
|
+
AuthorizationInternalService.throwOnHttpError(err.status, placement);
|
|
10
|
+
}
|
|
11
|
+
else {
|
|
12
|
+
logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
|
|
13
|
+
recordAuthorizationError(apiType, 500);
|
|
14
|
+
throw err;
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
export { handleApiError };
|
package/dist/index.d.ts
CHANGED
|
@@ -5,6 +5,12 @@ export interface InitOptions {
|
|
|
5
5
|
mondayFetchOptions?: MondayFetchOptions;
|
|
6
6
|
redisClient?: any;
|
|
7
7
|
grantedFeatureRedisExpirationInSeconds?: number;
|
|
8
|
+
metrics?: {
|
|
9
|
+
serviceName?: string;
|
|
10
|
+
host?: string;
|
|
11
|
+
port?: number;
|
|
12
|
+
disabled?: boolean;
|
|
13
|
+
};
|
|
8
14
|
}
|
|
9
15
|
export declare function init(options?: InitOptions): Promise<void>;
|
|
10
16
|
export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAInE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE;QACR,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;CACH;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAuBnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -2,6 +2,7 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
|
2
2
|
|
|
3
3
|
const prometheusService = require('./prometheus-service.js');
|
|
4
4
|
const authorizationService = require('./authorization-service.js');
|
|
5
|
+
const metricsService = require('./metrics-service.js');
|
|
5
6
|
const testKit_index = require('./testKit/index.js');
|
|
6
7
|
const authorizationMiddleware = require('./authorization-middleware.js');
|
|
7
8
|
const authorizationAttributesService = require('./authorization-attributes-service.js');
|
|
@@ -12,6 +13,13 @@ async function init(options = {}) {
|
|
|
12
13
|
if (options.prometheus) {
|
|
13
14
|
prometheusService.setPrometheus(options.prometheus);
|
|
14
15
|
}
|
|
16
|
+
const resolvedDisabled = options.metrics?.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
|
|
17
|
+
metricsService.initializeMetrics({
|
|
18
|
+
serviceName: options.metrics?.serviceName ?? process.env.APP_NAME ?? 'authorization-sdk',
|
|
19
|
+
host: options.metrics?.host,
|
|
20
|
+
port: options.metrics?.port,
|
|
21
|
+
disabled: resolvedDisabled,
|
|
22
|
+
});
|
|
15
23
|
if (options.mondayFetchOptions) {
|
|
16
24
|
authorizationService.setRequestFetchOptions(options.mondayFetchOptions);
|
|
17
25
|
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
type ApiType = 'platform' | 'graph';
|
|
2
|
+
interface InitializeMetricsOptions {
|
|
3
|
+
serviceName: string;
|
|
4
|
+
host?: string;
|
|
5
|
+
port?: number;
|
|
6
|
+
disabled?: boolean;
|
|
7
|
+
}
|
|
8
|
+
export declare function initializeMetrics(options: InitializeMetricsOptions): void;
|
|
9
|
+
export declare function recordAuthorizationTiming(apiType: ApiType, duration: number): void;
|
|
10
|
+
export declare function recordAuthorizationError(apiType: ApiType, statusCode: number): void;
|
|
11
|
+
export {};
|
|
12
|
+
//# sourceMappingURL=metrics-service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../src/metrics-service.ts"],"names":[],"mappings":"AAGA,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAEpC,UAAU,wBAAwB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CA4BzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAUlF;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAUnF"}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
|
+
|
|
3
|
+
const mondayObservabilityKit = require('@mondaydotcomorg/monday-observability-kit');
|
|
4
|
+
const authorizationInternalService = require('./authorization-internal-service.js');
|
|
5
|
+
|
|
6
|
+
let initialized = false;
|
|
7
|
+
function initializeMetrics(options) {
|
|
8
|
+
if (initialized) {
|
|
9
|
+
return;
|
|
10
|
+
}
|
|
11
|
+
const { serviceName } = options;
|
|
12
|
+
if (!serviceName) {
|
|
13
|
+
authorizationInternalService.logger.warn({ tag: 'metrics-service' }, 'Metrics initialization skipped: serviceName is missing');
|
|
14
|
+
return;
|
|
15
|
+
}
|
|
16
|
+
const resolvedHost = options.host ?? process.env.DOGSTATSD_HOST ?? 'localhost';
|
|
17
|
+
const envPort = process.env.DOGSTATSD_PORT ? Number(process.env.DOGSTATSD_PORT) : undefined;
|
|
18
|
+
const resolvedPort = options.port ?? (Number.isFinite(envPort ?? NaN) ? envPort : undefined) ?? 8125;
|
|
19
|
+
const resolvedDisabled = options.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
|
|
20
|
+
try {
|
|
21
|
+
mondayObservabilityKit.Metric.initialize({
|
|
22
|
+
serviceName,
|
|
23
|
+
host: resolvedHost,
|
|
24
|
+
port: resolvedPort,
|
|
25
|
+
disabled: resolvedDisabled,
|
|
26
|
+
});
|
|
27
|
+
initialized = true;
|
|
28
|
+
}
|
|
29
|
+
catch (error) {
|
|
30
|
+
authorizationInternalService.logger.warn({ tag: 'metrics-service', error }, 'Failed to initialize metrics');
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
function recordAuthorizationTiming(apiType, duration) {
|
|
34
|
+
if (!initialized) {
|
|
35
|
+
return;
|
|
36
|
+
}
|
|
37
|
+
try {
|
|
38
|
+
mondayObservabilityKit.Metric.distribution(`authorization.authorizationCheck.${apiType}.duration`, duration);
|
|
39
|
+
}
|
|
40
|
+
catch {
|
|
41
|
+
// ignore metric emission failures
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
function recordAuthorizationError(apiType, statusCode) {
|
|
45
|
+
if (!initialized) {
|
|
46
|
+
return;
|
|
47
|
+
}
|
|
48
|
+
try {
|
|
49
|
+
mondayObservabilityKit.Metric.increment(`authorization.authorizationCheck.${apiType}.error`, { statusCode: String(statusCode) }, 1);
|
|
50
|
+
}
|
|
51
|
+
catch {
|
|
52
|
+
// ignore metric emission failures
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
exports.initializeMetrics = initializeMetrics;
|
|
57
|
+
exports.recordAuthorizationError = recordAuthorizationError;
|
|
58
|
+
exports.recordAuthorizationTiming = recordAuthorizationTiming;
|
|
@@ -6,7 +6,5 @@ export declare const METRICS: {
|
|
|
6
6
|
};
|
|
7
7
|
export declare function setPrometheus(customPrometheus: any): void;
|
|
8
8
|
export declare function getMetricsManager(): any;
|
|
9
|
-
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number
|
|
10
|
-
export declare function incrementAuthorizationSuccess(resourceType: string, action: Action, apiType: 'platform' | 'graph'): void;
|
|
11
|
-
export declare function incrementAuthorizationError(resourceType: string, action: Action, statusCode: number, apiType: 'platform' | 'graph'): void;
|
|
9
|
+
export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;
|
|
12
10
|
//# sourceMappingURL=prometheus-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"prometheus-service.d.ts","sourceRoot":"","sources":["../src/prometheus-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAKzC,eAAO,MAAM,OAAO;;;;CAInB,CAAC;AAQF,wBAAgB,aAAa,CAAC,gBAAgB,KAAA,QAa7C;AAED,wBAAgB,iBAAiB,QAEhC;AAED,wBAAgB,wCAAwC,CACtD,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,OAAO,EACrB,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,QASb"}
|
|
@@ -2,8 +2,6 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
|
2
2
|
|
|
3
3
|
let prometheus = null;
|
|
4
4
|
let authorizationCheckResponseTimeMetric = null;
|
|
5
|
-
let authorizationSuccessMetric = null;
|
|
6
|
-
let authorizationErrorMetric = null;
|
|
7
5
|
const METRICS = {
|
|
8
6
|
AUTHORIZATION_CHECK: 'authorization_check',
|
|
9
7
|
AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
|
|
@@ -11,85 +9,32 @@ const METRICS = {
|
|
|
11
9
|
};
|
|
12
10
|
const authorizationCheckResponseTimeMetricConfig = {
|
|
13
11
|
name: METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
|
|
14
|
-
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'
|
|
12
|
+
labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
|
|
15
13
|
description: 'Authorization check response time summary',
|
|
16
14
|
};
|
|
17
15
|
function setPrometheus(customPrometheus) {
|
|
18
16
|
prometheus = customPrometheus;
|
|
19
17
|
if (!prometheus) {
|
|
20
|
-
authorizationCheckResponseTimeMetric = null;
|
|
21
|
-
authorizationSuccessMetric = null;
|
|
22
|
-
authorizationErrorMetric = null;
|
|
23
18
|
return;
|
|
24
19
|
}
|
|
25
20
|
const { METRICS_TYPES } = prometheus;
|
|
26
|
-
|
|
27
|
-
if (metricsManager) {
|
|
28
|
-
authorizationCheckResponseTimeMetric = metricsManager.addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
29
|
-
initializeAdditionalMetrics();
|
|
30
|
-
}
|
|
21
|
+
authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
|
|
31
22
|
}
|
|
32
23
|
function getMetricsManager() {
|
|
33
24
|
return prometheus?.metricsManager;
|
|
34
25
|
}
|
|
35
|
-
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time
|
|
26
|
+
function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
|
|
36
27
|
try {
|
|
37
28
|
if (authorizationCheckResponseTimeMetric) {
|
|
38
|
-
authorizationCheckResponseTimeMetric
|
|
39
|
-
.labels(resourceType, action, isAuthorized, responseStatus, apiType)
|
|
40
|
-
.observe(time);
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
catch (e) {
|
|
44
|
-
// ignore
|
|
45
|
-
}
|
|
46
|
-
}
|
|
47
|
-
const authorizationSuccessMetricConfig = {
|
|
48
|
-
name: 'authorization_success_total',
|
|
49
|
-
labels: ['resourceType', 'action', 'apiType'],
|
|
50
|
-
description: 'Total number of successful authorization checks',
|
|
51
|
-
};
|
|
52
|
-
const authorizationErrorMetricConfig = {
|
|
53
|
-
name: 'authorization_error_total',
|
|
54
|
-
labels: ['resourceType', 'action', 'statusCode', 'apiType'],
|
|
55
|
-
description: 'Total number of authorization errors',
|
|
56
|
-
};
|
|
57
|
-
function incrementAuthorizationSuccess(resourceType, action, apiType) {
|
|
58
|
-
try {
|
|
59
|
-
if (authorizationSuccessMetric) {
|
|
60
|
-
authorizationSuccessMetric.labels(resourceType, action, apiType).inc();
|
|
29
|
+
authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
|
|
61
30
|
}
|
|
62
31
|
}
|
|
63
32
|
catch (e) {
|
|
64
33
|
// ignore
|
|
65
34
|
}
|
|
66
35
|
}
|
|
67
|
-
function incrementAuthorizationError(resourceType, action, statusCode, apiType) {
|
|
68
|
-
try {
|
|
69
|
-
if (authorizationErrorMetric) {
|
|
70
|
-
authorizationErrorMetric.labels(resourceType, action, statusCode, apiType).inc();
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
catch (e) {
|
|
74
|
-
// ignore
|
|
75
|
-
}
|
|
76
|
-
}
|
|
77
|
-
// Initialize additional metrics when prometheus is set
|
|
78
|
-
function initializeAdditionalMetrics() {
|
|
79
|
-
if (!prometheus) {
|
|
80
|
-
return;
|
|
81
|
-
}
|
|
82
|
-
const { METRICS_TYPES } = prometheus;
|
|
83
|
-
const metricsManager = getMetricsManager();
|
|
84
|
-
if (metricsManager) {
|
|
85
|
-
authorizationSuccessMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationSuccessMetricConfig.name, authorizationSuccessMetricConfig.labels, authorizationSuccessMetricConfig.description);
|
|
86
|
-
authorizationErrorMetric = metricsManager.addMetric(METRICS_TYPES.COUNTER, authorizationErrorMetricConfig.name, authorizationErrorMetricConfig.labels, authorizationErrorMetricConfig.description);
|
|
87
|
-
}
|
|
88
|
-
}
|
|
89
36
|
|
|
90
37
|
exports.METRICS = METRICS;
|
|
91
38
|
exports.getMetricsManager = getMetricsManager;
|
|
92
|
-
exports.incrementAuthorizationError = incrementAuthorizationError;
|
|
93
|
-
exports.incrementAuthorizationSuccess = incrementAuthorizationSuccess;
|
|
94
39
|
exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;
|
|
95
40
|
exports.setPrometheus = setPrometheus;
|
|
@@ -2,14 +2,15 @@ export type ResourceType = string;
|
|
|
2
2
|
export type ResourceId = number;
|
|
3
3
|
export type ActionName = string;
|
|
4
4
|
export type GraphIsAllowedDto = Record<ResourceType, Record<ResourceId, ActionName[]>>;
|
|
5
|
-
export
|
|
5
|
+
export interface GraphPermissionReason {
|
|
6
|
+
key: string;
|
|
7
|
+
additionalOptions?: Record<string, string>;
|
|
8
|
+
technicalReason?: number;
|
|
9
|
+
}
|
|
10
|
+
export interface GraphPermissionResult {
|
|
6
11
|
can: boolean;
|
|
7
|
-
reason
|
|
8
|
-
|
|
9
|
-
additionalOptions?: Record<string, string>;
|
|
10
|
-
technicalReason?: number;
|
|
11
|
-
};
|
|
12
|
-
};
|
|
12
|
+
reason?: GraphPermissionReason;
|
|
13
|
+
}
|
|
13
14
|
export type GraphPermissionResults = Record<ActionName, GraphPermissionResult>;
|
|
14
15
|
export type GraphIsAllowedResponse = Record<ResourceType, Record<string, GraphPermissionResults>>;
|
|
15
16
|
//# sourceMappingURL=graph-api.types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"graph-api.types.d.ts","sourceRoot":"","sources":["../../src/types/graph-api.types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAChC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAEhC,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEvF,MAAM,
|
|
1
|
+
{"version":3,"file":"graph-api.types.d.ts","sourceRoot":"","sources":["../../src/types/graph-api.types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAChC,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC;AAEhC,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAEvF,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3C,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,CAAC,EAAE,qBAAqB,CAAC;CAChC;AAGD,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;AAI/E,MAAM,MAAM,sBAAsB,GAAG,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC"}
|
|
@@ -21,7 +21,16 @@ export interface Translation {
|
|
|
21
21
|
export declare enum PermitTechnicalReason {
|
|
22
22
|
NO_REASON = 0,
|
|
23
23
|
NOT_ELIGIBLE = 1,
|
|
24
|
-
BY_ROLE_IN_SCOPE = 2
|
|
24
|
+
BY_ROLE_IN_SCOPE = 2,
|
|
25
|
+
/**
|
|
26
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
27
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
28
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
29
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
30
|
+
*/
|
|
31
|
+
NOT_APPLICABLE = 3,
|
|
32
|
+
BY_POLICY = 4,
|
|
33
|
+
BY_OVERRIDE = 5
|
|
25
34
|
}
|
|
26
35
|
export interface ScopedActionPermit {
|
|
27
36
|
can: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;
|
|
1
|
+
{"version":3,"file":"scoped-actions-contracts.d.ts","sourceRoot":"","sources":["../../src/types/scoped-actions-contracts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,cAAc,GAAG,UAAU,GAAG,UAAU,GAAG,mBAAmB,GAAG,YAAY,CAAC;AAEzG,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;CAC1B;AAED,oBAAY,qBAAqB;IAC/B,SAAS,IAAI;IACb,YAAY,IAAI;IAChB,gBAAgB,IAAI;IACpB;;;;;OAKG;IACH,cAAc,IAAI;IAClB,SAAS,IAAI;IACb,WAAW,IAAI;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,OAAO,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,eAAe,EAAE,qBAAqB,CAAC;CACxC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,YAAY,CAAC;CACrB;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,EAAE,YAAY,CAAC;IAC3B,MAAM,EAAE,kBAAkB,CAAC;CAC5B"}
|
|
@@ -5,4 +5,13 @@ exports.PermitTechnicalReason = void 0;
|
|
|
5
5
|
PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
|
|
6
6
|
PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
|
|
7
7
|
PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
|
|
8
|
+
/**
|
|
9
|
+
* NOT_APPLICABLE indicates that the permit was requested as part of the `permissions` parameter to the `getPermits`
|
|
10
|
+
* method, but would not otherwise be returned. This is done so that a cache in the monolith can serve
|
|
11
|
+
* two purposes: to mean both that a permit was requested and that it was received; at least: in the
|
|
12
|
+
* case of where a `permissions` parameter is passed to the `getPermits` method.
|
|
13
|
+
*/
|
|
14
|
+
PermitTechnicalReason[PermitTechnicalReason["NOT_APPLICABLE"] = 3] = "NOT_APPLICABLE";
|
|
15
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_POLICY"] = 4] = "BY_POLICY";
|
|
16
|
+
PermitTechnicalReason[PermitTechnicalReason["BY_OVERRIDE"] = 5] = "BY_OVERRIDE";
|
|
8
17
|
})(exports.PermitTechnicalReason || (exports.PermitTechnicalReason = {}));
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK,CAgBpG"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
|
+
|
|
3
|
+
const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
|
|
4
|
+
const authorizationInternalService = require('../authorization-internal-service.js');
|
|
5
|
+
const metricsService = require('../metrics-service.js');
|
|
6
|
+
|
|
7
|
+
function handleApiError(err, apiType, placement) {
|
|
8
|
+
if (err instanceof mondayFetchApi.HttpFetcherError) {
|
|
9
|
+
authorizationInternalService.logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
|
|
10
|
+
metricsService.recordAuthorizationError(apiType, err.status);
|
|
11
|
+
authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, placement);
|
|
12
|
+
}
|
|
13
|
+
else {
|
|
14
|
+
authorizationInternalService.logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
|
|
15
|
+
metricsService.recordAuthorizationError(apiType, 500);
|
|
16
|
+
throw err;
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
exports.handleApiError = handleApiError;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mondaydotcomorg/monday-authorization",
|
|
3
|
-
"version": "3.3.
|
|
3
|
+
"version": "3.3.1",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "BSD-3-Clause",
|
|
@@ -25,6 +25,7 @@
|
|
|
25
25
|
"@mondaydotcomorg/monday-fetch-api": "^1.0.2",
|
|
26
26
|
"@mondaydotcomorg/monday-jwt": "^3.0.14",
|
|
27
27
|
"@mondaydotcomorg/monday-logger": "^4.0.11",
|
|
28
|
+
"@mondaydotcomorg/monday-observability-kit": "^1.5.3",
|
|
28
29
|
"@mondaydotcomorg/monday-sns": "^1.2.1",
|
|
29
30
|
"@mondaydotcomorg/trident-backend-api": "^0.24.3",
|
|
30
31
|
"lodash": "^4.17.21",
|
|
@@ -46,7 +47,9 @@
|
|
|
46
47
|
"typescript": "^5.2.2"
|
|
47
48
|
},
|
|
48
49
|
"files": [
|
|
49
|
-
"dist/"
|
|
50
|
+
"dist/",
|
|
51
|
+
"src/",
|
|
52
|
+
"dist/node_modules/lodash-cjs/"
|
|
50
53
|
],
|
|
51
54
|
"eslintConfig": {
|
|
52
55
|
"extends": "@mondaydotcomorg/trident-library",
|