@mondaydotcomorg/monday-authorization 3.5.1 → 3.5.3-feat-shaime-support-entity-attributes-in-authorization-sdk-127d99a

package/dist/utils/validation.js

@@ -0,0 +1,119 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const zod = require('zod');
+const errors_argumentError = require('../errors/argument-error.js');
+
+/**
+ * Utility class for common validation operations using Zod
+ */
+class ValidationUtils {
+    /**
+     * Validates that a value is an integer
+     * @param value The value to validate
+     * @param fieldName The name of the field for error messages
+     * @throws ArgumentError if value is not an integer
+     */
+    static validateInteger(value, fieldName) {
+        const schema = zod.z.number().int();
+        try {
+            schema.parse(value);
+        }
+        catch (error) {
+            if (error instanceof zod.z.ZodError) {
+                throw new errors_argumentError.ArgumentError(`${fieldName} must be an integer, got: ${value}`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Validates that a value is a non-empty string
+     * @param value The value to validate
+     * @param fieldName The name of the field for error messages
+     * @throws ArgumentError if value is not a string or is empty
+     */
+    static validateString(value, fieldName) {
+        const schema = zod.z.string().min(1);
+        try {
+            schema.parse(value);
+        }
+        catch (error) {
+            if (error instanceof zod.z.ZodError) {
+                if (typeof value !== 'string') {
+                    throw new errors_argumentError.ArgumentError(`${fieldName} must be a string, got: ${typeof value}`);
+                }
+                throw new errors_argumentError.ArgumentError(`${fieldName} must be a non-empty string`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Validates that a value is an array and optionally checks minimum length
+     * @param value The value to validate
+     * @param fieldName The name of the field for error messages
+     * @param minLength Minimum required length (default: 0)
+     * @returns The validated array
+     * @throws ArgumentError if value is not an array or doesn't meet minimum length
+     */
+    static validateArray(value, fieldName, minLength = 0) {
+        const schema = zod.z.array(zod.z.any()).min(minLength);
+        try {
+            return schema.parse(value);
+        }
+        catch (error) {
+            if (error instanceof zod.z.ZodError) {
+                if (!Array.isArray(value)) {
+                    throw new errors_argumentError.ArgumentError(`${fieldName} must be an array`);
+                }
+                throw new errors_argumentError.ArgumentError(`${fieldName} must have at least ${minLength} items`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Validates that a value is one of the allowed enum values
+     * @param value The value to validate
+     * @param validValues Array of valid values
+     * @param fieldName The name of the field for error messages
+     * @returns The validated value as the enum type
+     * @throws ArgumentError if value is not in validValues
+     */
+    static validateEnum(value, validValues, fieldName) {
+        const schema = zod.z.enum(validValues);
+        try {
+            return schema.parse(value);
+        }
+        catch (error) {
+            if (error instanceof zod.z.ZodError) {
+                throw new errors_argumentError.ArgumentError(`${fieldName} must be one of [${validValues.join(', ')}], got: ${value}`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Validates that all items in an array are strings
+     * @param value Array to validate
+     * @param fieldName The name of the field for error messages
+     * @throws ArgumentError if any item is not a string
+     */
+    static validateStringArray(value, fieldName) {
+        const schema = zod.z.array(zod.z.string());
+        try {
+            schema.parse(value);
+        }
+        catch (error) {
+            if (error instanceof zod.z.ZodError) {
+                const zodError = error;
+                const firstError = zodError.issues[0];
+                // Check if it's an array item validation error
+                if (firstError.path.length > 0 && typeof firstError.path[0] === 'number') {
+                    const index = firstError.path[0];
+                    throw new errors_argumentError.ArgumentError(`All ${fieldName} must be strings, but item at index ${index} is not`);
+                }
+                throw new errors_argumentError.ArgumentError(`${fieldName} must be an array`);
+            }
+            throw error;
+        }
+    }
+}
+
+exports.ValidationUtils = ValidationUtils;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.5.1",
+  "version": "3.5.3-feat-shaime-support-entity-attributes-in-authorization-sdk-127d99a",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -31,7 +31,8 @@
     "lodash": "^4.17.21",
     "node-fetch": "^2.6.7",
     "on-headers": "^1.0.2",
-    "ts-node": "^10.0.0"
+    "ts-node": "^10.0.0",
+    "zod": "^4.1.13"
   },
   "devDependencies": {
     "@mondaydotcomorg/trident-library": "^1.1.44",

package/src/authorization-attributes-ms-service.ts

@@ -0,0 +1,513 @@
+import { Api, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
+import { z } from 'zod';
+import { ResourceAttributeAssignment } from './resource-attribute-assignment';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import {
+  AttributeOperation,
+  EntityType,
+  ResourceAttributeOperation,
+  EntityAttributeOperation,
+} from './types/authorization-attributes-contracts';
+import { ArgumentError } from './errors/argument-error';
+import { AuthorizationInternalService, logger } from './authorization-internal-service';
+import { getAttributionsFromApi } from './attributions-service';
+import { APP_NAME } from './constants';
+import { ValidationUtils } from './utils/validation';
+import { IAuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+import { Resource } from './types/general';
+const INTERNAL_APP_NAME = 'internal_ms';
+const UPSERT_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource';
+const DELETE_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource/{resourceType}/{resourceId}';
+const UPSERT_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity';
+const DELETE_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity/{entityType}/{entityId}';
+
+interface DeleteRequestBody {
+  keys: string[];
+}
+
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+export class AuthorizationAttributesMsService implements IAuthorizationAttributesService {
+  private static LOG_TAG = 'authorization_attributes_ms';
+  private static httpClient: HttpClient | undefined = Api.getPart('httpClient');
+  /**
+   * Creates or updates resource attributes synchronously.
+   * @param accountId The account ID
+   * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects
+   * @returns Promise<void>
+   */
+  async upsertResourceAttributes(
+    accountId: number,
+    resourceAttributeAssignments: ResourceAttributeAssignment[],
+    _appName?: string,
+    _callerActionIdentifier?: string
+  ): Promise<void> {
+    return AuthorizationAttributesMsService.executeUpsertRequest(
+      accountId,
+      resourceAttributeAssignments,
+      UPSERT_RESOURCE_ATTRIBUTES_PATH,
+      'resourceAttributeAssignments',
+      ResourceAttributeAssignment,
+      'resource',
+      'upsertResourceAttributesSync'
+    );
+  }
+
+  /**
+   * Deletes specific attributes from a resource synchronously.
+   * @param accountId The account ID
+   * @param resource Object with resourceType (string) and resourceId (number)
+   * @param attributeKeys Array of attribute key strings to delete
+   * @returns Promise<void>
+   */
+  async deleteResourceAttributes(
+    accountId: number,
+    resource: Resource,
+    attributeKeys: string[],
+    _appName?: string,
+    _callerActionIdentifier?: string
+  ): Promise<void> {
+    // Validate resource object
+    if (!resource || typeof resource !== 'object') {
+      throw new ArgumentError('resource must be an object');
+    }
+    if (!resource.id) {
+      throw new ArgumentError('resource.id is required');
+    }
+    ValidationUtils.validateInteger(resource.id, 'resource.id');
+    ValidationUtils.validateString(resource.type, 'resource.type');
+
+    return AuthorizationAttributesMsService.executeDeleteRequest(
+      accountId,
+      DELETE_RESOURCE_ATTRIBUTES_PATH,
+      {
+        resourceType: resource.type,
+        resourceId: resource.id,
+      },
+      attributeKeys,
+      'resource',
+      'deleteResourceAttributesSync',
+      { resource }
+    );
+  }
+
+  /**
+   * Creates or updates entity attributes synchronously.
+   * @param accountId The account ID
+   * @param entityAttributeAssignments Array of EntityAttributeAssignment objects
+   * @returns Promise<void>
+   */
+  async upsertEntityAttributes(
+    accountId: number,
+    entityAttributeAssignments: EntityAttributeAssignment[],
+    _appName?: string,
+    _callerActionIdentifier?: string
+  ): Promise<void> {
+    return AuthorizationAttributesMsService.executeUpsertRequest(
+      accountId,
+      entityAttributeAssignments,
+      UPSERT_ENTITY_ATTRIBUTES_PATH,
+      'entityAttributeAssignments',
+      EntityAttributeAssignment,
+      'entity',
+      'upsertEntityAttributesSync'
+    );
+  }
+
+  /**
+   * Deletes specific attributes from an entity synchronously.
+   * @param accountId The account ID
+   * @param entityType The entity type
+   * @param entityId The entity ID
+   * @param attributeKeys Array of attribute key strings to delete
+   * @returns Promise<void>
+   */
+  async deleteEntityAttributes(
+    accountId: number,
+    entityType: EntityType | string,
+    entityId: number,
+    attributeKeys: string[],
+    _appName?: string,
+    _callerActionIdentifier?: string
+  ): Promise<void> {
+    if (!entityType || typeof entityType !== 'string' || entityType.trim() === '') {
+      throw new ArgumentError(`entityType must be a non-empty string, got: ${entityType}`);
+    }
+    ValidationUtils.validateInteger(entityId, 'entityId');
+
+    return AuthorizationAttributesMsService.executeDeleteRequest(
+      accountId,
+      DELETE_ENTITY_ATTRIBUTES_PATH,
+      {
+        entityType,
+        entityId,
+      },
+      attributeKeys,
+      'entity',
+      'deleteEntityAttributesSync',
+      { entityType, entityId }
+    );
+  }
+
+  /**
+   * Updates resource attributes (batch operations).
+   * Note: MS service does not support batch operations directly.
+   * This method processes operations sequentially using upsert/delete methods.
+   * @param accountId The account ID
+   * @param appName App name (required for interface compatibility, but not used in MS service)
+   * @param callerActionIdentifier Action identifier (required for interface compatibility, but not used in MS service)
+   * @param resourceAttributeOperations Array of operations to perform
+   * @returns Promise<ResourceAttributesOperation[]> Array of processed operations
+   */
+  async updateResourceAttributes(
+    accountId: number,
+    _appName: string,
+    _callerActionIdentifier: string,
+    resourceAttributeOperations: ResourceAttributeOperation[]
+  ): Promise<ResourceAttributeOperation[]> {
+    const processedOperations: ResourceAttributeOperation[] = [];
+
+    for (const operation of resourceAttributeOperations) {
+      if (operation.operationType === AttributeOperation.UPSERT) {
+        if (!operation.resourceId) {
+          throw new ArgumentError('resourceId is required for upsert operation');
+        }
+        await this.upsertResourceAttributes(accountId, [
+          new ResourceAttributeAssignment(
+            operation.resourceId,
+            operation.resourceType,
+            operation.key,
+            operation.value || ''
+          ),
+        ]);
+        processedOperations.push(operation);
+      } else if (operation.operationType === AttributeOperation.DELETE) {
+        if (!operation.resourceId) {
+          throw new ArgumentError('resourceId is required for delete operation');
+        }
+        await this.deleteResourceAttributes(
+          accountId,
+          {
+            type: operation.resourceType,
+            id: operation.resourceId,
+          },
+          [operation.key]
+        );
+        processedOperations.push(operation);
+      }
+    }
+
+    return processedOperations;
+  }
+
+  /**
+   * Updates entity attributes (batch operations).
+   * Note: MS service does not support batch operations directly.
+   * This method processes operations sequentially using upsert/delete methods.
+   * @param accountId The account ID
+   * @param appName App name (required for interface compatibility, but not used in MS service)
+   * @param callerActionIdentifier Action identifier (required for interface compatibility, but not used in MS service)
+   * @param entityAttributeOperations Array of operations to perform
+   * @returns Promise<EntityAttributesOperation[]> Array of processed operations
+   */
+  async updateEntityAttributes(
+    accountId: number,
+    _appName: string,
+    _callerActionIdentifier: string,
+    entityAttributeOperations: EntityAttributeOperation[]
+  ): Promise<EntityAttributeOperation[]> {
+    const processedOperations: EntityAttributeOperation[] = [];
+    for (const operation of entityAttributeOperations) {
+      if (operation.operationType === 'upsert') {
+        await this.upsertEntityAttributes(accountId, [
+          new EntityAttributeAssignment(operation.entityId, operation.entityType, operation.key, operation.value || ''),
+        ]);
+        processedOperations.push(operation);
+      } else if (operation.operationType === 'delete') {
+        await this.deleteEntityAttributes(accountId, operation.entityType, operation.entityId, [operation.key]);
+        processedOperations.push(operation);
+      }
+    }
+
+    return processedOperations;
+  }
+
+  /**
+   * Replaces path template parameters with actual values
+   * @param template Path template with placeholders like {accountId}
+   * @param params Object with parameter names and values
+   * @returns Path with all placeholders replaced
+   */
+  private static replacePathParams(template: string, params: Record<string, string | number>): string {
+    let path = template;
+    for (const [key, value] of Object.entries(params)) {
+      path = path.replace(`{${key}}`, String(value));
+    }
+    return path;
+  }
+
+  /**
+   * Generic helper for executing delete requests
+   */
+  private static async executeDeleteRequest(
+    accountId: number,
+    pathTemplate: string,
+    pathParams: Record<string, string | number>,
+    keys: string[],
+    logPrefix: string,
+    methodName: string,
+    context: Record<string, any> = {}
+  ): Promise<void> {
+    // Validate inputs
+    ValidationUtils.validateInteger(accountId, 'accountId');
+    ValidationUtils.validateArray(keys, 'attributeKeys');
+
+    if (!keys.length) {
+      logger.warn({ tag: this.LOG_TAG, accountId, ...pathParams }, `${methodName} called with empty keys array`);
+      return;
+    }
+
+    // Validate all keys are strings
+    ValidationUtils.validateStringArray(keys, 'attributeKeys');
+
+    // Build request body
+    const requestBody: DeleteRequestBody = {
+      keys,
+    };
+
+    if (!AuthorizationAttributesMsService.httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = AuthorizationAttributesMsService.replacePathParams(pathTemplate, { accountId, ...pathParams });
+    const headers = AuthorizationAttributesMsService.getRequestHeaders(accountId);
+
+    try {
+      logger.info(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, ...pathParams, keys },
+        `Deleting ${logPrefix} attributes`
+      );
+
+      await AuthorizationAttributesMsService.httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'DELETE',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.info(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, ...pathParams, keys },
+        `Successfully deleted ${logPrefix} attributes`
+      );
+    } catch (err) {
+      logger.error(
+        {
+          tag: AuthorizationAttributesMsService.LOG_TAG,
+          method: methodName,
+          accountId,
+          ...pathParams,
+          ...context,
+          error: err instanceof Error ? err.message : String(err),
+        },
+        `Failed in ${methodName}`
+      );
+      throw err;
+    }
+  }
+
+  /**
+   * Gets request headers including Authorization, Content-Type, and optional attribution headers
+   */
+  private static getRequestHeaders(accountId: number, userId?: number): Record<string, string> {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+    };
+
+    // Generate Authorization token
+    const authToken = signAuthorizationHeader({
+      appName: INTERNAL_APP_NAME,
+      accountId,
+      userId,
+    });
+    headers.Authorization = authToken;
+
+    // Add attribution headers if available
+    const attributionHeaders = getAttributionsFromApi();
+    for (const key in attributionHeaders) {
+      if (Object.prototype.hasOwnProperty.call(attributionHeaders, key)) {
+        headers[key] = attributionHeaders[key];
+      }
+    }
+
+    // Add X-REQUEST-ID if available from context
+    try {
+      const tridentContext = Api.getPart('context');
+      if (tridentContext?.runtimeAttributions) {
+        const outgoingHeaders = tridentContext.runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
+        if (outgoingHeaders) {
+          const attributionHeadersMap: Record<string, string> = {};
+          for (const [key, value] of outgoingHeaders) {
+            attributionHeadersMap[key] = value;
+          }
+          if (attributionHeadersMap['x-request-id']) {
+            headers['X-REQUEST-ID'] = attributionHeadersMap['x-request-id'];
+          }
+        }
+      }
+    } catch (error) {
+      // Silently fail if context is not available
+      logger.debug({ tag: AuthorizationAttributesMsService.LOG_TAG, error }, 'Failed to get request ID from context');
+    }
+
+    // Add X-REQUEST-START timestamp
+    headers['X-REQUEST-START'] = Math.floor(Date.now() / 1000).toString();
+
+    return headers;
+  }
+
+  /**
+   * Validates that all messages are instances of the specified message class
+   */
+  private static validateMessages<T>(attributesMessages: T[], messageClass: abstract new (...args: any[]) => T): void {
+    // Validate messageClass is a function using Zod
+    const classSchema = z.custom<abstract new (...args: any[]) => T>(value => typeof value === 'function', {
+      message: 'messageClass must be a class/constructor function',
+    });
+
+    try {
+      classSchema.parse(messageClass);
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        const firstError = error.issues[0];
+        throw new ArgumentError(firstError.message);
+      }
+      throw error;
+    }
+
+    const className = messageClass.name || 'ResourceAttributeAssignment';
+
+    // First validate it's an array
+    ValidationUtils.validateArray(attributesMessages, 'attributesMessages');
+
+    // Then use Zod to validate each item is an instance of the class
+    const schema = z.array(z.any()).refine(
+      items => {
+        for (let i = 0; i < items.length; i++) {
+          if (!(items[i] instanceof messageClass)) {
+            return false;
+          }
+        }
+        return true;
+      },
+      {
+        message: `All attributesMessages must be instances of ${className}`,
+      }
+    );
+
+    try {
+      schema.parse(attributesMessages);
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        // Find the first invalid index for a more specific error message
+        const invalidIndex = attributesMessages.findIndex(item => !(item instanceof messageClass));
+        if (invalidIndex !== -1) {
+          throw new ArgumentError(
+            `All attributesMessages must be instances of ${className}, but item at index ${invalidIndex} is not`
+          );
+        }
+        const firstError = error.issues[0];
+        throw new ArgumentError(firstError.message);
+      }
+      throw error;
+    }
+  }
+
+  /**
+   * Generic helper for executing upsert requests
+   */
+  private static async executeUpsertRequest<T extends ResourceAttributeAssignment | EntityAttributeAssignment>(
+    accountId: number,
+    assignments: T[],
+    pathTemplate: string,
+    requestBodyKey: 'resourceAttributeAssignments' | 'entityAttributeAssignments',
+    assignmentClass: abstract new (...args: any[]) => T,
+    logPrefix: string,
+    methodName: string
+  ): Promise<void> {
+    // Validate inputs
+    ValidationUtils.validateInteger(accountId, 'accountId');
+    ValidationUtils.validateArray(assignments, 'assignments');
+
+    if (!assignments.length) {
+      logger.warn(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId },
+        `${methodName} called with empty array`
+      );
+      return;
+    }
+
+    // Validate all assignments are instances of the correct class
+    AuthorizationAttributesMsService.validateMessages(assignments, assignmentClass);
+
+    const requestBody =
+      requestBodyKey === 'resourceAttributeAssignments'
+        ? { resourceAttributeAssignments: assignments }
+        : { entityAttributeAssignments: assignments };
+
+    if (!AuthorizationAttributesMsService.httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = AuthorizationAttributesMsService.replacePathParams(pathTemplate, { accountId });
+    const headers = AuthorizationAttributesMsService.getRequestHeaders(accountId);
+
+    try {
+      logger.info(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, count: assignments.length },
+        `Upserting ${logPrefix} attributes`
+      );
+
+      await AuthorizationAttributesMsService.httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'POST',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.debug(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, count: assignments.length },
+        `Successfully upserted ${logPrefix} attributes`
+      );
+    } catch (err) {
+      logger.error(
+        {
+          tag: AuthorizationAttributesMsService.LOG_TAG,
+          method: methodName,
+          accountId,
+          error: err instanceof Error ? err.message : String(err),
+        },
+        `Failed in ${methodName}`
+      );
+      throw err;
+    }
+  }
+}