@node-c/domain-iam 1.0.0-alpha9 → 1.0.0-beta1

package/dist/services/authenticationOAuth2/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./iam.authenticationOAuth2.definitions"), exports);
+__exportStar(require("./iam.authenticationOAuth2.service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/services/authenticationOAuth2/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/authenticationOAuth2/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yEAAuD;AACvD,qEAAmD"}

package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.d.ts

@@ -0,0 +1,12 @@
+import { IAMAuthenticationCompleteData, IAMAuthenticationCompleteOptions, IAMAuthenticationCompleteResult, IAMAuthenticationGetUserCreateAccessTokenConfigResult, IAMAuthenticationInitiateData, IAMAuthenticationInitiateOptions, IAMAuthenticationInitiateResult } from '../authentication';
+export type IAMAuthenticationUserLocalCompleteData = IAMAuthenticationCompleteData;
+export type IAMAuthenticationUserLocalCompleteOptions<Context extends object> = IAMAuthenticationCompleteOptions<Context>;
+export type IAMAuthenticationUserLocalCompleteResult = IAMAuthenticationCompleteResult;
+export type IAMAuthenticationUserLocalGetUserCreateAccessTokenConfigResult = IAMAuthenticationGetUserCreateAccessTokenConfigResult;
+export interface IAMAuthenticationUserLocalInitiateData extends IAMAuthenticationInitiateData {
+    password: string;
+}
+export type IAMAuthenticationUserLocalInitiateOptions<Context extends object> = IAMAuthenticationInitiateOptions<{
+    password: string;
+} & Context>;
+export type IAMAuthenticationUserLocalInitiateResult = IAMAuthenticationInitiateResult;

package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=iam.authenticationUserLocal.definitions.js.map

package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iam.authenticationUserLocal.definitions.js","sourceRoot":"","sources":["../../../src/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.ts"],"names":[],"mappings":""}

package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.service.d.ts

@@ -0,0 +1,15 @@
+import { ConfigProviderService, LoggerService } from '@node-c/core';
+import { IAMAuthenticationUserLocalCompleteData, IAMAuthenticationUserLocalCompleteOptions, IAMAuthenticationUserLocalCompleteResult, IAMAuthenticationUserLocalGetUserCreateAccessTokenConfigResult, IAMAuthenticationUserLocalInitiateData, IAMAuthenticationUserLocalInitiateOptions, IAMAuthenticationUserLocalInitiateResult } from './iam.authenticationUserLocal.definitions';
+import { IAMAuthenticationService } from '../authentication';
+import { IAMMFAService, IAMMFAType } from '../mfa';
+export declare class IAMAuthenticationUserLocalService<CompleteContext extends object, InitiateContext extends object> extends IAMAuthenticationService<CompleteContext, InitiateContext> {
+    protected configProvider: ConfigProviderService;
+    protected logger: LoggerService;
+    protected moduleName: string;
+    protected serviceName: string;
+    protected mfaServices?: Record<IAMMFAType, IAMMFAService<object, object>> | undefined;
+    constructor(configProvider: ConfigProviderService, logger: LoggerService, moduleName: string, serviceName: string, mfaServices?: Record<IAMMFAType, IAMMFAService<object, object>> | undefined);
+    complete(data: IAMAuthenticationUserLocalCompleteData, options: IAMAuthenticationUserLocalCompleteOptions<CompleteContext>): Promise<IAMAuthenticationUserLocalCompleteResult>;
+    getUserCreateAccessTokenConfig(): IAMAuthenticationUserLocalGetUserCreateAccessTokenConfigResult;
+    initiate(data: IAMAuthenticationUserLocalInitiateData, options: IAMAuthenticationUserLocalInitiateOptions<InitiateContext>): Promise<IAMAuthenticationUserLocalInitiateResult>;
+}

package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.service.js

@@ -0,0 +1,142 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IAMAuthenticationUserLocalService = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const core_1 = require("@node-c/core");
+const lodash_1 = __importDefault(require("lodash"));
+const authentication_1 = require("../authentication");
+class IAMAuthenticationUserLocalService extends authentication_1.IAMAuthenticationService {
+    constructor(configProvider, logger, moduleName, serviceName, mfaServices) {
+        super(configProvider, logger, moduleName);
+        this.configProvider = configProvider;
+        this.logger = logger;
+        this.moduleName = moduleName;
+        this.serviceName = serviceName;
+        this.mfaServices = mfaServices;
+        this.isLocal = true;
+    }
+    complete(data, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { configProvider, logger, moduleName, mfaServices, serviceName } = this;
+            const { defaultUserIdentifierField } = configProvider.config.domain[moduleName];
+            const { mfaData, mfaType } = data;
+            const { context, mfaOptions } = options;
+            const userIdentifierField = options.contextIdentifierField || defaultUserIdentifierField;
+            const userIdentifierValue = context[userIdentifierField];
+            let mfaUsed = false;
+            let mfaValid = false;
+            if (mfaType) {
+                const mfaService = mfaServices === null || mfaServices === void 0 ? void 0 : mfaServices[mfaType];
+                if (!mfaService) {
+                    logger.error(`[${moduleName}][${serviceName}]: Login attempt failed for user "${userIdentifierValue}" - MFA service ${mfaType} not configured.`);
+                    throw new core_1.ApplicationError('Authentication failed.');
+                }
+                if (!mfaData) {
+                    logger.error(`[${moduleName}][${serviceName}]: Login attempt failed for user "${userIdentifierValue}" - no MFA data provided.`);
+                    throw new core_1.ApplicationError('Authentication failed.');
+                }
+                const mfaResult = yield mfaService.complete(mfaData, Object.assign(Object.assign({}, (mfaOptions || {})), { context }));
+                mfaUsed = true;
+                mfaValid = mfaResult.valid;
+            }
+            return { mfaUsed, mfaValid, valid: true };
+        });
+    }
+    getUserCreateAccessTokenConfig() {
+        const { configProvider, moduleName, serviceName } = this;
+        const moduleConfig = configProvider.config.domain[moduleName];
+        const { steps } = moduleConfig.authServiceSettings[serviceName];
+        const defaultConfig = {
+            [core_1.AppConfigDomainIAMAuthenticationStep.Complete]: {
+                cache: {
+                    settings: {
+                        cacheFieldName: 'userId',
+                        inputFieldName: 'options.context.id'
+                    },
+                    use: {
+                        options: { overwrite: true, use: true }
+                    }
+                },
+                findUser: true,
+                findUserBeforeAuth: true,
+                validWithoutUser: false
+            },
+            [core_1.AppConfigDomainIAMAuthenticationStep.Initiate]: {
+                cache: {
+                    populate: {
+                        options: [{ cacheFieldName: 'context', inputFieldName: 'options.context' }]
+                    },
+                    settings: {
+                        cacheFieldName: 'userId',
+                        inputFieldName: 'options.context.id'
+                    }
+                },
+                findUser: true,
+                findUserBeforeAuth: true,
+                validWithoutUser: false
+            }
+        };
+        return lodash_1.default.merge(defaultConfig, steps || {});
+    }
+    initiate(data, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { configProvider, logger, moduleName, mfaServices, serviceName } = this;
+            const moduleConfig = configProvider.config.domain[moduleName];
+            const { secretKeyHMACAlgorithm, hashingSecret } = moduleConfig.authServiceSettings[serviceName].secretKey;
+            const { mfaData, mfaType, password: authPassword } = data;
+            const { context, context: { password: userPassword }, mfaOptions } = options;
+            const userIdentifierField = options.contextIdentifierField || moduleConfig.defaultUserIdentifierField;
+            const userIdentifierValue = context[userIdentifierField];
+            let mfaUsed = false;
+            let mfaValid = false;
+            let wrongPassword = false;
+            if (!secretKeyHMACAlgorithm || !hashingSecret || !userPassword) {
+                wrongPassword = true;
+                logger.error(`[${moduleName}][${serviceName}]: secretKeyHMACAlgorithm, hashingSecret and/or userPassword not provided.`);
+            }
+            else {
+                const computedPassword = crypto_1.default
+                    .createHmac(secretKeyHMACAlgorithm, hashingSecret)
+                    .update(`${authPassword}`)
+                    .digest('hex')
+                    .toString();
+                if (computedPassword !== userPassword) {
+                    wrongPassword = true;
+                }
+            }
+            if (wrongPassword) {
+                logger.error(`[${moduleName}][${serviceName}]: Login attempt failed for user "${userIdentifierValue}" - wrong password.`);
+                throw new core_1.ApplicationError('Authentication failed.');
+            }
+            if (mfaType) {
+                const mfaService = mfaServices === null || mfaServices === void 0 ? void 0 : mfaServices[mfaType];
+                if (!mfaService) {
+                    logger.error(`[${moduleName}][${serviceName}]: Login attempt failed for user "${userIdentifierValue}" - MFA service ${mfaType} not configured.`);
+                    throw new core_1.ApplicationError('Authentication failed.');
+                }
+                if (!mfaData) {
+                    logger.error(`[${moduleName}][${serviceName}]: Login attempt failed for user "${userIdentifierValue}" - no MFA data provided.`);
+                    throw new core_1.ApplicationError('Authentication failed.');
+                }
+                const mfaResult = yield mfaService.initiate(mfaData, Object.assign(Object.assign({}, (mfaOptions || {})), { context }));
+                mfaUsed = true;
+                mfaValid = mfaResult.valid;
+            }
+            return { mfaUsed, mfaValid, valid: true };
+        });
+    }
+}
+exports.IAMAuthenticationUserLocalService = IAMAuthenticationUserLocalService;
+//# sourceMappingURL=iam.authenticationUserLocal.service.js.map

package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iam.authenticationUserLocal.service.js","sourceRoot":"","sources":["../../../src/services/authenticationUserLocal/iam.authenticationUserLocal.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,oDAA4B;AAE5B,uCAMsB;AAEtB,oDAAwB;AAYxB,sDAA6D;AAI7D,MAAa,iCAGX,SAAQ,yCAA0D;IAClE,YACY,cAAqC,EACrC,MAAqB,EACrB,UAAkB,EAElB,WAAmB,EAEnB,WAA+D;QAEzE,KAAK,CAAC,cAAc,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QARhC,mBAAc,GAAd,cAAc,CAAuB;QACrC,WAAM,GAAN,MAAM,CAAe;QACrB,eAAU,GAAV,UAAU,CAAQ;QAElB,gBAAW,GAAX,WAAW,CAAQ;QAEnB,gBAAW,GAAX,WAAW,CAAoD;QAGzE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;IACtB,CAAC;IAEK,QAAQ,CACZ,IAA4C,EAC5C,OAAmE;;YAEnE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9E,MAAM,EAAE,0BAA0B,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACtG,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;YAClC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;YACxC,MAAM,mBAAmB,GAAG,OAAO,CAAC,sBAAsB,IAAI,0BAA0B,CAAC;YACzF,MAAM,mBAAmB,GAAG,OAAO,CAAC,mBAA4C,CAAC,CAAC;YAClF,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,IAAI,QAAQ,GAAG,KAAK,CAAC;YACrB,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAG,OAAO,CAAC,CAAC;gBAC1C,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,CAAC,KAAK,CACV,IAAI,UAAU,KAAK,WAAW,qCAAqC,mBAAmB,mBAAmB,OAAO,kBAAkB,CACnI,CAAC;oBACF,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;gBACvD,CAAC;gBACD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,CAAC,KAAK,CACV,IAAI,UAAU,KAAK,WAAW,qCAAqC,mBAAmB,2BAA2B,CAClH,CAAC;oBACF,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;gBACvD,CAAC;gBACD,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,OAAO,kCAAO,CAAC,UAAU,IAAI,EAAE,CAAC,KAAE,OAAO,IAAG,CAAC;gBACzF,OAAO,GAAG,IAAI,CAAC;gBACf,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC;YAC7B,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC5C,CAAC;KAAA;IAED,8BAA8B;QAC5B,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;QACzD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;QACpF,MAAM,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,mBAAoB,CAAC,WAAW,CAAC,CAAC;QACjE,MAAM,aAAa,GAAmE;YACpF,CAAC,2CAAoC,CAAC,QAAQ,CAAC,EAAE;gBAC/C,KAAK,EAAE;oBACL,QAAQ,EAAE;wBACR,cAAc,EAAE,QAAQ;wBACxB,cAAc,EAAE,oBAAoB;qBACrC;oBACD,GAAG,EAAE;wBACH,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE;qBACxC;iBACF;gBACD,QAAQ,EAAE,IAAI;gBACd,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,KAAK;aACxB;YACD,CAAC,2CAAoC,CAAC,QAAQ,CAAC,EAAE;gBAC/C,KAAK,EAAE;oBACL,QAAQ,EAAE;wBACR,OAAO,EAAE,CAAC,EAAE,cAAc,EAAE,SAAS,EAAE,cAAc,EAAE,iBAAiB,EAAE,CAAC;qBAC5E;oBACD,QAAQ,EAAE;wBACR,cAAc,EAAE,QAAQ;wBACxB,cAAc,EAAE,oBAAoB;qBACrC;iBACF;gBACD,QAAQ,EAAE,IAAI;gBACd,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,KAAK;aACxB;SACF,CAAC;QACF,OAAO,gBAAE,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IAEK,QAAQ,CACZ,IAA4C,EAC5C,OAAmE;;YAEnE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;YAC9E,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACpF,MAAM,EAAE,sBAAsB,EAAE,aAAa,EAAE,GAAG,YAAY,CAAC,mBAAoB,CAAC,WAAW,CAAC,CAAC,SAAU,CAAC;YAC5G,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC;YAC1D,MAAM,EACJ,OAAO,EACP,OAAO,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,EACnC,UAAU,EACX,GAAG,OAAO,CAAC;YACZ,MAAM,mBAAmB,GAAG,OAAO,CAAC,sBAAsB,IAAI,YAAY,CAAC,0BAA0B,CAAC;YACtG,MAAM,mBAAmB,GAAG,OAAO,CAAC,mBAA4C,CAAC,CAAC;YAClF,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,IAAI,QAAQ,GAAG,KAAK,CAAC;YACrB,IAAI,aAAa,GAAG,KAAK,CAAC;YAC1B,IAAI,CAAC,sBAAsB,IAAI,CAAC,aAAa,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC/D,aAAa,GAAG,IAAI,CAAC;gBACrB,MAAM,CAAC,KAAK,CACV,IAAI,UAAU,KAAK,WAAW,4EAA4E,CAC3G,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,gBAAgB,GAAG,gBAAM;qBAC5B,UAAU,CAAC,sBAAsB,EAAE,aAAa,CAAC;qBACjD,MAAM,CAAC,GAAG,YAAY,EAAE,CAAC;qBACzB,MAAM,CAAC,KAAK,CAAC;qBACb,QAAQ,EAAE,CAAC;gBACd,IAAI,gBAAgB,KAAK,YAAY,EAAE,CAAC;oBACtC,aAAa,GAAG,IAAI,CAAC;gBACvB,CAAC;YACH,CAAC;YACD,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,CAAC,KAAK,CACV,IAAI,UAAU,KAAK,WAAW,qCAAqC,mBAAmB,qBAAqB,CAC5G,CAAC;gBACF,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;YACvD,CAAC;YACD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAG,OAAO,CAAC,CAAC;gBAC1C,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,CAAC,KAAK,CACV,IAAI,UAAU,KAAK,WAAW,qCAAqC,mBAAmB,mBAAmB,OAAO,kBAAkB,CACnI,CAAC;oBACF,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;gBACvD,CAAC;gBACD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,CAAC,KAAK,CACV,IAAI,UAAU,KAAK,WAAW,qCAAqC,mBAAmB,2BAA2B,CAClH,CAAC;oBACF,MAAM,IAAI,uBAAgB,CAAC,wBAAwB,CAAC,CAAC;gBACvD,CAAC;gBACD,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,OAAO,kCAAO,CAAC,UAAU,IAAI,EAAE,CAAC,KAAE,OAAO,IAAG,CAAC;gBACzF,OAAO,GAAG,IAAI,CAAC;gBACf,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC;YAC7B,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC5C,CAAC;KAAA;CACF;AAlJD,8EAkJC"}

package/dist/services/authenticationUserLocal/index.d.ts

@@ -0,0 +1,2 @@
+export * from './iam.authenticationUserLocal.definitions';
+export * from './iam.authenticationUserLocal.service';

package/dist/services/{authenticationLocal → authenticationUserLocal}/index.js

@@ -14,6 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./iam.authenticationLocal.definitions"), exports);
-__exportStar(require("./iam.authenticationLocal.service"), exports);
+__exportStar(require("./iam.authenticationUserLocal.definitions"), exports);
+__exportStar(require("./iam.authenticationUserLocal.service"), exports);
 //# sourceMappingURL=index.js.map

package/dist/services/authenticationUserLocal/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/services/authenticationUserLocal/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4EAA0D;AAC1D,wEAAsD"}

package/dist/services/authorization/iam.authorization.definitions.d.ts

@@ -1,37 +1,47 @@
 import { GenericObject } from '@node-c/core';
+export declare enum AuthorizationCheckErrorCode {
+    FGANoAccessToModule = "FGA_NO_ACCESS",
+    RBACNoAccessToModule = "RBAC_NO_ACCESS_TO_MODULE",
+    RBACNoAccessToResource = "RBAC_NO_ACCESS_TO_RESOURCE"
+}
 export interface AuthorizationPoint<Id> {
     allowedInputData?: GenericObject;
-    controllerNames?: string[];
+    allowedOutputData?: GenericObject;
     forbiddenInputData?: GenericObject;
-    handlerNames?: string[];
+    forbiddenOutputData?: GenericObject;
     id: Id;
     inputDataFieldName?: string;
-    moduleNames?: string[];
+    moduleName: string;
     name: string;
     requiredStaticData?: GenericObject;
+    resources?: string[];
+    resourceContext?: string;
     userFieldName?: string;
-    userTypes: GenericObject[];
 }
-export interface AuthorizationData<AuthorizationPointId> {
-    __all: {
-        __all: {
-            [authorizationPointId: string | number]: AuthorizationPoint<AuthorizationPointId>;
-        };
-        [handlerName: string]: {
-            [authorizationPointId: string | number]: AuthorizationPoint<AuthorizationPointId>;
-        };
-    };
-    [controllerName: string]: {
-        __all: {
-            [authorizationPointId: string | number]: AuthorizationPoint<AuthorizationPointId>;
-        };
-        [handlerName: string]: {
-            [authorizationPointId: string | number]: AuthorizationPoint<AuthorizationPointId>;
-        };
-    };
+export interface AuthorizationStaticCheckAccessOptions {
+    moduleName: string;
+    resource?: string;
+    resourceContext?: string;
+}
+export interface AuthorizationStaticCheckAccessResult {
+    authorizationPoints: GenericObject<AuthorizationPoint<unknown>>;
+    errorCode?: AuthorizationCheckErrorCode;
+    hasAccess: boolean;
+    inputDataToBeMutated: GenericObject;
+    noMatchForResource: boolean;
 }
 export interface AuthorizationUser<AuthorizationPointId> {
-    currentAuthorizationPoints: {
-        [authorizationPointId: string | number]: AuthorizationPoint<AuthorizationPointId>;
+    currentAuthorizationPoints: GenericObject<AuthorizationPoint<AuthorizationPointId>>;
+}
+export interface AuthorizeApiKeyData {
+    apiKey: string;
+    signature?: string;
+    signatureContent?: string;
+}
+export interface AuthorizeApiKeyOptions {
+    config: {
+        apiKey?: string;
+        apiSecret?: string;
+        apiSecretAlgorithm?: string;
     };
 }

package/dist/services/authorization/iam.authorization.definitions.js

@@ -1,3 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationCheckErrorCode = void 0;
+var AuthorizationCheckErrorCode;
+(function (AuthorizationCheckErrorCode) {
+    AuthorizationCheckErrorCode["FGANoAccessToModule"] = "FGA_NO_ACCESS";
+    AuthorizationCheckErrorCode["RBACNoAccessToModule"] = "RBAC_NO_ACCESS_TO_MODULE";
+    AuthorizationCheckErrorCode["RBACNoAccessToResource"] = "RBAC_NO_ACCESS_TO_RESOURCE";
+})(AuthorizationCheckErrorCode || (exports.AuthorizationCheckErrorCode = AuthorizationCheckErrorCode = {}));
 //# sourceMappingURL=iam.authorization.definitions.js.map

package/dist/services/authorization/iam.authorization.definitions.js.map

@@ -1 +1 @@
-{"version":3,"file":"iam.authorization.definitions.js","sourceRoot":"","sources":["../../../src/services/authorization/iam.authorization.definitions.ts"],"names":[],"mappings":""}
+{"version":3,"file":"iam.authorization.definitions.js","sourceRoot":"","sources":["../../../src/services/authorization/iam.authorization.definitions.ts"],"names":[],"mappings":";;;AAEA,IAAY,2BAOX;AAPD,WAAY,2BAA2B;IAErC,oEAAqC,CAAA;IAErC,gFAAiD,CAAA;IAEjD,oFAAqD,CAAA;AACvD,CAAC,EAPW,2BAA2B,2CAA3B,2BAA2B,QAOtC"}

package/dist/services/authorization/iam.authorization.service.d.ts

@@ -1,18 +1,34 @@
-import { DomainBaseOptionsForAdditionalServicesFull, DomainEntityService, DomainEntityServiceDefaultData, GenericObject, PersistanceEntityService } from '@node-c/core';
-import { AuthorizationData, AuthorizationUser, AuthorizationPoint as BaseAuthorizationPoint } from './iam.authorization.definitions';
-export declare class IAMAuthorizationService<AuthorizationPoint extends BaseAuthorizationPoint<unknown>, Data extends DomainEntityServiceDefaultData<Partial<AuthorizationPoint>> = DomainEntityServiceDefaultData<Partial<AuthorizationPoint>>> extends DomainEntityService<AuthorizationPoint, PersistanceEntityService<AuthorizationPoint>, Data, Record<string, PersistanceEntityService<Partial<AuthorizationPoint>>> | undefined> {
-    protected persistanceAuthorizationPointsService: PersistanceEntityService<AuthorizationPoint>;
+import { DataEntityService, DomainEntityService, DomainEntityServiceDefaultData, GenericObject, LoggerService } from '@node-c/core';
+import { AuthorizationStaticCheckAccessOptions, AuthorizationStaticCheckAccessResult, AuthorizationUser, AuthorizeApiKeyData, AuthorizeApiKeyOptions, AuthorizationPoint as BaseAuthorizationPoint } from './iam.authorization.definitions';
+import { DecodedTokenContent, IAMTokenManagerService } from '../tokenManager';
+export declare class IAMAuthorizationService<AuthorizationPoint extends BaseAuthorizationPoint<unknown> = BaseAuthorizationPoint<unknown>, Data extends DomainEntityServiceDefaultData<Partial<AuthorizationPoint>> = DomainEntityServiceDefaultData<Partial<AuthorizationPoint>>, TokenManager extends IAMTokenManagerService<object> = IAMTokenManagerService<object>> extends DomainEntityService<AuthorizationPoint, DataEntityService<AuthorizationPoint>, Data, Record<string, DataEntityService<Partial<AuthorizationPoint>>> | undefined> {
+    protected dataAuthorizationPointsService: DataEntityService<AuthorizationPoint>;
     protected defaultMethods: string[];
-    protected additionalPersistanceEntityServices?: Record<string, PersistanceEntityService<Partial<AuthorizationPoint>>> | undefined;
-    constructor(persistanceAuthorizationPointsService: PersistanceEntityService<AuthorizationPoint>, defaultMethods?: string[], additionalPersistanceEntityServices?: Record<string, PersistanceEntityService<Partial<AuthorizationPoint>>> | undefined);
-    static checkAccess(authorizationPoints: {
-        [id: number]: BaseAuthorizationPoint<unknown>;
-    }, inputData: GenericObject, user: AuthorizationUser<unknown>): {
-        hasAccess: boolean;
-        inputDataToBeMutated: GenericObject;
-    };
+    protected logger: LoggerService;
+    protected additionalDataEntityServices?: GenericObject<DataEntityService<Partial<AuthorizationPoint>>> | undefined;
+    protected tokenManager?: TokenManager | undefined;
+    constructor(dataAuthorizationPointsService: DataEntityService<AuthorizationPoint>, defaultMethods: string[] | undefined, logger: LoggerService, additionalDataEntityServices?: GenericObject<DataEntityService<Partial<AuthorizationPoint>>> | undefined, tokenManager?: TokenManager | undefined);
+    authorizeApiKey(data: AuthorizeApiKeyData, options: AuthorizeApiKeyOptions): Promise<{
+        valid: boolean;
+    }>;
+    authorizeBearer<UserTokenEnityFields = unknown>(data: {
+        authToken?: string;
+        refreshToken?: string;
+    }, options?: {
+        identifierDataField?: string;
+    }): Promise<{
+        newAuthToken?: string;
+        tokenContent?: DecodedTokenContent<UserTokenEnityFields>;
+        valid: boolean;
+    }>;
+    checkAccessWithStorage(): Promise<void>;
+    static checkAccess<InputData = GenericObject>(inputData: InputData, user: AuthorizationUser<unknown>, options: AuthorizationStaticCheckAccessOptions): AuthorizationStaticCheckAccessResult;
     static getValuesForTesting(valueToTest: unknown): unknown[];
-    mapAuthorizationPoints(moduleName: string, additionalServicesOptions?: DomainBaseOptionsForAdditionalServicesFull): Promise<AuthorizationData<unknown>>;
     static matchInputValues(input: GenericObject, values: GenericObject): GenericObject;
+    static processOutputData(authorizationPoints: {
+        [id: number]: BaseAuthorizationPoint<unknown>;
+    }, outputData: GenericObject): {
+        outputDataToBeMutated: GenericObject;
+    };
     static testValue(valueToTest: unknown, valueToTestAgainst: unknown): boolean;
 }