npm - @mondaydotcomorg/monday-authorization - Versions diffs - 3.3.1 → 3.4.0-feature-bashanye-add-membership-create-delete-api-9ba3b16 - Mend

@mondaydotcomorg/monday-authorization 3.3.1 → 3.4.0-feature-bashanye-add-membership-create-delete-api-9ba3b16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/README.md +127 -2
package/dist/authorization-service.js +1 -1
package/dist/clients/graph-api.d.ts.map +1 -1
package/dist/clients/graph-api.js +1 -1
package/dist/esm/authorization-service.mjs +1 -1
package/dist/esm/clients/graph-api.d.ts.map +1 -1
package/dist/esm/clients/graph-api.mjs +1 -1
package/dist/esm/index.d.ts +10 -6
package/dist/esm/index.d.ts.map +1 -1
package/dist/esm/index.mjs +15 -7
package/dist/esm/memberships.d.ts +30 -0
package/dist/esm/memberships.d.ts.map +1 -0
package/dist/esm/memberships.mjs +98 -0
package/dist/esm/metrics-service.d.ts +7 -4
package/dist/esm/metrics-service.d.ts.map +1 -1
package/dist/esm/metrics-service.mjs +34 -16
package/dist/esm/types/memberships.d.ts +42 -0
package/dist/esm/types/memberships.d.ts.map +1 -0
package/dist/esm/types/memberships.mjs +1 -0
package/dist/esm/utils/api-error-handler.d.ts +1 -1
package/dist/esm/utils/api-error-handler.d.ts.map +1 -1
package/dist/esm/utils/api-error-handler.mjs +4 -4
package/dist/index.d.ts +10 -6
package/dist/index.d.ts.map +1 -1
package/dist/index.js +16 -7
package/dist/memberships.d.ts +30 -0
package/dist/memberships.d.ts.map +1 -0
package/dist/memberships.js +100 -0
package/dist/metrics-service.d.ts +7 -4
package/dist/metrics-service.d.ts.map +1 -1
package/dist/metrics-service.js +34 -16
package/dist/types/memberships.d.ts +42 -0
package/dist/types/memberships.d.ts.map +1 -0
package/dist/types/memberships.js +1 -0
package/dist/utils/api-error-handler.d.ts +1 -1
package/dist/utils/api-error-handler.d.ts.map +1 -1
package/dist/utils/api-error-handler.js +4 -4
package/package.json +1 -1
package/src/authorization-service.ts +1 -1
package/src/clients/graph-api.ts +1 -1
package/src/index.ts +25 -15
package/src/memberships.ts +111 -0
package/src/metrics-service.ts +50 -18
package/src/types/memberships.ts +47 -0
package/src/utils/api-error-handler.ts +9 -5

package/README.md CHANGED Viewed

@@ -25,7 +25,7 @@ import * as MondayAuthorization from '@mondaydotcomorg/monday-authorization';
 ...
-MondayAuthorization.init({
+await MondayAuthorization.init({
   prometheus: getPrometheus(),
   metrics: {
     serviceName: process.env.APP_NAME,
@@ -39,7 +39,9 @@ startServer(...)
 **Recommended** - optionally init authorization with redisClient so the granted feature results will be cached and reduce http calls.
 - grantedFeatureRedisExpirationInSeconds - (optional), redis TTL for cached granted features, default set to 5 minutes
-- metrics - (optional), configure internal DataDog/observability integration. Defaults to `process.env.APP_NAME` as the service name, uses the standard StatsD endpoint (`localhost:8125`) when host/port are not provided, and disables emission automatically in test/development environments (override with `disabled`).
+- metrics - (optional), configure internal DataDog/observability integration. Provide either:
+  - `metrics.client` with a pre-initialized StatsD client that exposes `distribution` and `increment`.
+  - Or the config fields (`serviceName`, `host`, `port`, `disabled`) to let the SDK initialize `@mondaydotcomorg/monday-observability-kit` for you. Defaults to `process.env.APP_NAME` as the service name, uses the standard StatsD endpoint (`localhost:8125`) when host/port are not provided, and disables emission automatically in test/development environments (override with `disabled`).
 ### Metrics & Observability
@@ -402,6 +404,129 @@ interface RolesResponse {
 }
 ```
+### Memberships API
+The Memberships API allows you to manage memberships (role assignments) for entities on resources. Use `MembershipsService` to create/update and delete memberships synchronously.
+Important note: there is no validations for the user that create/delete memberships on authorization side.
+It's on the caller responsibility to validate the user have the right permission to change these memberships.
+#### Create/Update Memberships
+Use `MembershipsService.upsertMemberships` to create or update memberships synchronously:
+```ts
+import { MembershipsService, MembershipForCreate } from '@mondaydotcomorg/monday-authorization';
+const membershipsService = new MembershipsService();
+const accountId = 739630;
+const memberships: MembershipForCreate[] = [
+  {
+    entityId: 123,
+    entityType: 'user',
+    resourceId: 456,
+    resourceType: 'workspace',
+    roleId: 5,
+    roleType: 'basic',
+    addedById: 789,
+  },
+];
+const response = await membershipsService.upsertMemberships(accountId, memberships);
+// Returns: { memberships: Membership[] }
+```
+**Parameters:**
+- `accountId` - The account ID
+- `memberships` - Array of `MembershipForCreate` objects
+#### Delete Memberships
+Use `MembershipsService.deleteMemberships` to delete memberships synchronously:
+```ts
+import { MembershipsService, MembershipForDelete } from '@mondaydotcomorg/monday-authorization';
+const membershipsService = new MembershipsService();
+const accountId = 739630;
+const memberships: MembershipForDelete[] = [
+  {
+    entityId: 123,
+    entityType: 'user',
+    resourceId: 456,
+    resourceType: 'workspace',
+  },
+];
+const response = await membershipsService.deleteMemberships(accountId, memberships);
+// Returns: { memberships: Membership[] }
+```
+**Parameters:**
+- `accountId` - The account ID
+- `memberships` - Array of `MembershipForDelete` objects
+#### Types
+The following types are available for working with memberships:
+```ts
+import {
+  MembershipForCreate,
+  MembershipForDelete,
+  Membership,
+  MembershipCreateResponse,
+  MembershipDeleteResponse,
+} from '@mondaydotcomorg/monday-authorization';
+// MembershipForCreate interface
+interface MembershipForCreate {
+  entityId: number;
+  entityType: string;
+  resourceId: number;
+  resourceType: string;
+  roleId: number;
+  roleType?: string;
+  addedById: number;
+}
+// MembershipForDelete interface
+interface MembershipForDelete {
+  entityId?: number;
+  entityType: string;
+  resourceId?: number;
+  resourceType: string;
+}
+// Membership interface
+interface Membership {
+  id: number;
+  entityId: number;
+  entityType: string;
+  resourceId: number;
+  resourceType: string;
+  roleId: number;
+  roleType: string;
+  addedById: null | number | undefined;
+  hops: number;
+  isNewRecord: boolean;
+  previousValues: Partial<Membership>;
+  walVersion: number | null | undefined;
+}
+// MembershipCreateResponse interface
+interface MembershipCreateResponse {
+  memberships: Membership[];
+}
+// MembershipDeleteResponse interface
+interface MembershipDeleteResponse {
+  memberships: Membership[];
+}
+```
 ## Development
 ### Local Development and Testing

package/dist/authorization-service.js CHANGED Viewed

@@ -133,7 +133,7 @@ class AuthorizationService {
             const { resourceType } = utils_authorization_utils.scopeToResource(scope);
             const isAuthorized = obj.permit.can;
             prometheusService.sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-            metricsService.recordAuthorizationTiming(apiType, time);
+            metricsService.recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
         }
         return scopedActionResponseObjects;
     }

package/dist/clients/graph-api.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"~~AACA~~,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;~~AASlC~~;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1	+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/clients/graph-api.js CHANGED Viewed

@@ -1,11 +1,11 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
+const mondayJwt = require('@mondaydotcomorg/monday-jwt');
 const types_scopedActionsContracts = require('../types/scoped-actions-contracts.js');
 const authorizationInternalService = require('../authorization-internal-service.js');
 const attributionsService = require('../attributions-service.js');
 const utils_authorization_utils = require('../utils/authorization.utils.js');
-const mondayJwt = require('@mondaydotcomorg/monday-jwt');
 const constants = require('../constants.js');
 const utils_apiErrorHandler = require('../utils/api-error-handler.js');

package/dist/esm/authorization-service.mjs CHANGED Viewed

@@ -131,7 +131,7 @@ class AuthorizationService {
             const { resourceType } = scopeToResource(scope);
             const isAuthorized = obj.permit.can;
             sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-            recordAuthorizationTiming(apiType, time);
+            recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
         }
         return scopedActionResponseObjects;
     }

package/dist/esm/clients/graph-api.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"~~AACA~~,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;~~AASlC~~;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
1	+ {"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/esm/clients/graph-api.mjs CHANGED Viewed

@@ -1,9 +1,9 @@
 import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
 import { PermitTechnicalReason } from '../types/scoped-actions-contracts.mjs';
 import { AuthorizationInternalService } from '../authorization-internal-service.mjs';
 import { getAttributionsFromApi } from '../attributions-service.mjs';
 import { scopeToResource } from '../utils/authorization.utils.mjs';
-import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
 import { GRAPH_APP_NAME } from '../constants.mjs';
 import { handleApiError } from '../utils/api-error-handler.mjs';

package/dist/esm/index.d.ts CHANGED Viewed

@@ -1,22 +1,26 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
+import { MetricsClient } from './metrics-service';
 import * as TestKit from './testKit';
+interface MetricsInitOptions {
+    client?: MetricsClient;
+    serviceName?: string;
+    host?: string;
+    port?: number;
+    disabled?: boolean;
+}
 export interface InitOptions {
     prometheus?: any;
     mondayFetchOptions?: MondayFetchOptions;
     redisClient?: any;
     grantedFeatureRedisExpirationInSeconds?: number;
-    metrics?: {
-        serviceName?: string;
-        host?: string;
-        port?: number;
-        disabled?: boolean;
-    };
+    metrics?: MetricsInitOptions;
 }
 export declare function init(options?: InitOptions): Promise<void>;
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
 export { RolesService } from './roles-service';
+export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
 export { Translation, ScopedAction, ScopedActionResponseObject, ScopedActionPermit, } from './types/scoped-actions-contracts';
 export { CustomRole, BasicRole, RoleType, RoleCreateRequest, RoleUpdateRequest, RolesResponse } from './types/roles';

package/dist/esm/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;~~AAInE~~,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,~~MAAM~~,~~WAAW,WAAW~~;IAC1B,~~UAAU~~,CAAC,EAAE,~~GAAG~~,CAAC;~~IACjB~~,~~kBAAkB~~,CAAC,EAAE,~~kBAAkB~~,CAAC;~~IACxC~~,~~WAAW~~,CAAC,EAAE,~~GAAG~~,CAAC;~~IAClB~~,~~sCAAsC~~,CAAC,EAAE,MAAM,CAAC;~~IAChD~~,~~OAAO~~,CAAC,EAAE;~~QACR~~,WAAW,CAAC,EAAE,~~MAAM~~,CAAC;~~QACrB~~,~~IAAI~~,CAAC,EAAE,~~MAAM~~,CAAC;~~QACd~~,~~IAAI~~,CAAC,EAAE,~~MAAM~~,CAAC;~~QACd~~,~~QAAQ~~,CAAC,EAAE,~~OAAO~~,CAAC;~~KACpB~~,CAAC;~~CACH~~;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,~~iBAuBnD~~;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/esm/index.mjs CHANGED Viewed

@@ -7,19 +7,27 @@ export { testKit_index as TestKit };
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware } from './authorization-middleware.mjs';
 export { AuthorizationAttributesService } from './authorization-attributes-service.mjs';
 export { RolesService } from './roles-service.mjs';
+export { MembershipsService } from './memberships.mjs';
 export { RoleType } from './types/roles.mjs';
 async function init(options = {}) {
     if (options.prometheus) {
         setPrometheus(options.prometheus);
     }
-    const resolvedDisabled = options.metrics?.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
-    initializeMetrics({
-        serviceName: options.metrics?.serviceName ?? process.env.APP_NAME ?? 'authorization-sdk',
-        host: options.metrics?.host,
-        port: options.metrics?.port,
-        disabled: resolvedDisabled,
-    });
+    if (options.metrics) {
+        if (options.metrics.client) {
+            initializeMetrics({ client: options.metrics.client });
+        }
+        else {
+            const resolvedDisabled = options.metrics.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
+            initializeMetrics({
+                serviceName: options.metrics.serviceName ?? process.env.APP_NAME ?? 'authorization-sdk',
+                host: options.metrics.host,
+                port: options.metrics.port,
+                disabled: resolvedDisabled,
+            });
+        }
+    }
     if (options.mondayFetchOptions) {
         setRequestFetchOptions(options.mondayFetchOptions);
     }

package/dist/esm/memberships.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import { MembershipCreateResponse, MembershipDeleteResponse, MembershipForCreate, MembershipForDelete } from './types/memberships';
+export declare class MembershipsService {
+    private static API_PATHS;
+    private httpClient;
+    private fetchOptions;
+    /**
+     * Public constructor to create the AuthorizationAttributesService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
+    /**
+     * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to upsert
+     * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+     */
+    upsertMemberships(accountId: number, memberships: MembershipForCreate[]): Promise<MembershipCreateResponse>;
+    /**
+     * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+     * @param accountId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    deleteMemberships(accountId: number, memberships: MembershipForDelete[]): Promise<MembershipDeleteResponse>;
+}
+//# sourceMappingURL=memberships.d.ts.map

package/dist/esm/memberships.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../../src/memberships.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EACL,wBAAwB,EACxB,wBAAwB,EACxB,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAM3B,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IAEtD;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAoBnF;;;;;OAKG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA0BjH;;;;;;OAMG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;CAyBlH"}

package/dist/esm/memberships.mjs ADDED Viewed

@@ -0,0 +1,98 @@
+import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { handleApiError } from './utils/api-error-handler.mjs';
+import { getAttributionsFromApi } from './attributions-service.mjs';
+import { ERROR_MESSAGES, DEFAULT_FETCH_OPTIONS, APP_NAME } from './constants.mjs';
+class MembershipsService {
+    static API_PATHS = {
+        UPSERT_RESOURCE_ATTRIBUTES: '/memberships/{accountId}',
+        DELETE_RESOURCE_ATTRIBUTES: '/memberships/{accountId}',
+    };
+    httpClient;
+    fetchOptions;
+    /**
+     * Public constructor to create the AuthorizationAttributesService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient, fetchOptions) {
+        if (!httpClient) {
+            httpClient = Api.getPart('httpClient');
+            if (!httpClient) {
+                throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+            }
+        }
+        if (!fetchOptions) {
+            fetchOptions = DEFAULT_FETCH_OPTIONS;
+        }
+        else {
+            fetchOptions = {
+                ...DEFAULT_FETCH_OPTIONS,
+                ...fetchOptions,
+            };
+        }
+        this.httpClient = httpClient;
+        this.fetchOptions = fetchOptions;
+    }
+    /**
+     * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to upsert
+     * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+     */
+    async upsertMemberships(accountId, memberships) {
+        const attributionHeaders = getAttributionsFromApi();
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path: MembershipsService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
+                },
+                method: 'PUT',
+                query: {
+                    useAStyleRoleId: 'true',
+                },
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ memberships }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            return handleApiError(err, 'authorization', 'upsertMemberships');
+        }
+    }
+    /**
+     * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+     * @param accountId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    async deleteMemberships(accountId, memberships) {
+        const attributionHeaders = getAttributionsFromApi();
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path: MembershipsService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
+                },
+                method: 'DELETE',
+                query: {
+                    useAStyleRoleId: 'true',
+                },
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ memberships }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            return handleApiError(err, 'authorization', 'deleteMemberships');
+        }
+    }
+}
+export { MembershipsService };

package/dist/esm/metrics-service.d.ts CHANGED Viewed

@@ -1,12 +1,15 @@
-type ApiType = 'platform' | 'graph';
+import { Metric } from '@mondaydotcomorg/monday-observability-kit';
+type ApiType = 'platform' | 'graph' | 'authorization';
+export type MetricsClient = Pick<typeof Metric, 'distribution' | 'increment'>;
 interface InitializeMetricsOptions {
-    serviceName: string;
+    client?: MetricsClient;
+    serviceName?: string;
     host?: string;
     port?: number;
     disabled?: boolean;
 }
 export declare function initializeMetrics(options: InitializeMetricsOptions): void;
-export declare function recordAuthorizationTiming(apiType: ApiType, duration: number): void;
-export declare function recordAuthorizationError(apiType: ApiType, statusCode: number): void;
+export declare function recordAuthorizationTiming(apiType: ApiType, duration: number, placement: string): void;
+export declare function recordAuthorizationError(apiType: ApiType, statusCode: number, placement: string): void;
 export {};
 //# sourceMappingURL=metrics-service.d.ts.map

package/dist/esm/metrics-service.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../../src/metrics-service.ts"],"names":[],"mappings":"~~AAGA~~,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;~~AAEpC~~,UAAU,wBAAwB;IAChC,WAAW,EAAE,MAAM,CAAC;~~IACpB~~,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,~~CA4BzE~~;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,~~CAUlF~~;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,~~CAUnF~~"}
1	+ {"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../../src/metrics-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,eAAe,CAAC;AAEtD,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,MAAM,EAAE,cAAc,GAAG,WAAW,CAAC,CAAC;AAE9E,UAAU,wBAAwB;IAChC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CAiCzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAoBrG;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAwBtG"}

package/dist/esm/metrics-service.mjs CHANGED Viewed

@@ -1,17 +1,21 @@
 import { Metric } from '@mondaydotcomorg/monday-observability-kit';
 import { logger } from './authorization-internal-service.mjs';
-let initialized = false;
+let metricsClient = null;
 function initializeMetrics(options) {
-    if (initialized) {
+    if (metricsClient) {
+        return;
+    }
+    if (options.client) {
+        metricsClient = options.client;
         return;
     }
     const { serviceName } = options;
     if (!serviceName) {
-        logger.warn({ tag: 'metrics-service' }, 'Metrics initialization skipped: serviceName is missing');
+        logger.warn({ tag: 'monday-authorization-sdk' }, 'Metrics initialization skipped: serviceName is missing');
         return;
     }
-    const resolvedHost = options.host ?? process.env.DOGSTATSD_HOST ?? 'localhost';
+    const resolvedHost = options.host ?? process.env.HOST_IP ?? 'localhost';
     const envPort = process.env.DOGSTATSD_PORT ? Number(process.env.DOGSTATSD_PORT) : undefined;
     const resolvedPort = options.port ?? (Number.isFinite(envPort ?? NaN) ? envPort : undefined) ?? 8125;
     const resolvedDisabled = options.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
@@ -22,32 +26,46 @@ function initializeMetrics(options) {
             port: resolvedPort,
             disabled: resolvedDisabled,
         });
-        initialized = true;
+        metricsClient = Metric;
     }
     catch (error) {
-        logger.warn({ tag: 'metrics-service', error }, 'Failed to initialize metrics');
+        logger.warn({ tag: 'monday-authorization-sdk', error }, 'Failed to initialize metrics');
     }
 }
-function recordAuthorizationTiming(apiType, duration) {
-    if (!initialized) {
+function recordAuthorizationTiming(apiType, duration, placement) {
+    if (!metricsClient) {
         return;
     }
     try {
-        Metric.distribution(`authorization.authorizationCheck.${apiType}.duration`, duration);
+        metricsClient.distribution(`authorization.authorizationCheck.${apiType}.${placement}.duration`, duration);
     }
-    catch {
-        // ignore metric emission failures
+    catch (error) {
+        logger.warn({
+            tag: 'monday-authorization-sdk',
+            metric: 'authorizationCheckDuration',
+            apiType,
+            placement,
+            duration,
+            error,
+        }, 'Failed to emit authorization timing metric');
     }
 }
-function recordAuthorizationError(apiType, statusCode) {
-    if (!initialized) {
+function recordAuthorizationError(apiType, statusCode, placement) {
+    if (!metricsClient) {
         return;
     }
     try {
-        Metric.increment(`authorization.authorizationCheck.${apiType}.error`, { statusCode: String(statusCode) }, 1);
+        metricsClient.increment(`authorization.authorizationCheck.${apiType}.${placement}.error`, { statusCode: String(statusCode) }, 1);
     }
-    catch {
-        // ignore metric emission failures
+    catch (error) {
+        logger.warn({
+            tag: 'monday-authorization-sdk',
+            metric: 'authorizationCheckError',
+            apiType,
+            placement,
+            statusCode,
+            error,
+        }, 'Failed to emit authorization error metric');
     }
 }

package/dist/esm/types/memberships.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+export interface MembershipForCreate {
+    entityId: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+    roleId: number;
+    roleType?: string;
+    addedById: number;
+}
+export interface MembershipForDelete {
+    entityId?: number;
+    entityType: string;
+    resourceId?: number;
+    resourceType: string;
+}
+export interface Membership {
+    id: number;
+    entityId: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+    roleId: number;
+    roleType: string;
+    addedById: null | number | undefined;
+    hops: number;
+    isNewRecord: boolean;
+    previousValues: Partial<Membership>;
+    walVersion: number | null | undefined;
+}
+export interface MembershipCreateResponse {
+    memberships: Membership[];
+}
+export interface MembershipDeleteResponse {
+    memberships: Membership[];
+}
+export interface MembershipCreateRequest {
+    memberships: MembershipForCreate[];
+}
+export interface MembershipDeleteRequest {
+    memberships: MembershipForDelete[];
+}
+//# sourceMappingURL=memberships.d.ts.map

package/dist/esm/types/memberships.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../../../src/types/memberships.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACpC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;CACvC;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC"}

package/dist/esm/types/memberships.mjs ADDED Viewed

	@@ -0,0 +1 @@
1	+

package/dist/esm/utils/api-error-handler.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export declare function handleApiError(err: unknown, apiType: 'platform' | 'graph', placement: string): never;
+export declare function handleApiError(err: unknown, apiType: 'platform' | 'graph' | 'authorization', placement: string): never;
 //# sourceMappingURL=api-error-handler.d.ts.map

package/dist/esm/utils/api-error-handler.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,~~CAAC~~,GAAG,EAAE,OAAO,~~EAAE~~,OAAO,EAAE,UAAU,GAAG,OAAO,~~EAAE~~,SAAS,EAAE,MAAM,~~GAAG~~,KAAK,~~CAgBpG~~"}
1	+ {"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAC5B,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,UAAU,GAAG,OAAO,GAAG,eAAe,EAC/C,SAAS,EAAE,MAAM,GAChB,KAAK,CAgBP"}

package/dist/esm/utils/api-error-handler.mjs CHANGED Viewed

@@ -4,13 +4,13 @@ import { recordAuthorizationError } from '../metrics-service.mjs';
 function handleApiError(err, apiType, placement) {
     if (err instanceof HttpFetcherError) {
-        logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
-        recordAuthorizationError(apiType, err.status);
+        logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
+        recordAuthorizationError(apiType, err.status, placement);
         AuthorizationInternalService.throwOnHttpError(err.status, placement);
     }
     else {
-        logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
-        recordAuthorizationError(apiType, 500);
+        logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
+        recordAuthorizationError(apiType, 500, placement);
         throw err;
     }
 }

package/dist/index.d.ts CHANGED Viewed

@@ -1,22 +1,26 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
+import { MetricsClient } from './metrics-service';
 import * as TestKit from './testKit';
+interface MetricsInitOptions {
+    client?: MetricsClient;
+    serviceName?: string;
+    host?: string;
+    port?: number;
+    disabled?: boolean;
+}
 export interface InitOptions {
     prometheus?: any;
     mondayFetchOptions?: MondayFetchOptions;
     redisClient?: any;
     grantedFeatureRedisExpirationInSeconds?: number;
-    metrics?: {
-        serviceName?: string;
-        host?: string;
-        port?: number;
-        disabled?: boolean;
-    };
+    metrics?: MetricsInitOptions;
 }
 export declare function init(options?: InitOptions): Promise<void>;
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
 export { RolesService } from './roles-service';
+export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
 export { Translation, ScopedAction, ScopedActionResponseObject, ScopedActionPermit, } from './types/scoped-actions-contracts';
 export { CustomRole, BasicRole, RoleType, RoleCreateRequest, RoleUpdateRequest, RolesResponse } from './types/roles';