npm - @nsshunt/stsdatamanagement - Versions diffs - 1.10.5 → 1.11.2 - Mend

@nsshunt/stsdatamanagement 1.10.5 → 1.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/blcauth.js CHANGED Viewed

@@ -1,5 +1,6 @@
 const { status: { status } } = require('@nsshunt/stsutils');
 const bcrypt = require('bcryptjs');
+const { STSResourceNotFoundError, STSDatabaseAccessError, STSResourceMalformedError } = require('./dberrors');
 class BLCAuth
 {
@@ -24,32 +25,35 @@ class BLCAuth
 		try
 		{
 			let userid = BLCAuth.USER_ID_PREFIX + email;
-			let existingUser = await this.#accessLayer.getLatestResource(userid);
-			if (existingUser.status === 200) {
-				return { status: status.conflict, error: 'User already exists.', detail: { message: 'User already exists.' }};
-			}
-			const hashedPassword = await bcrypt.hash(password, saltRounds);
-			let user = {
-				id: userid
-				,name: name
-				,email: email
-				,hash: hashedPassword
-				,roles: roles
-			};
-			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, user.id, user);
-			let payload =
-			{
-				id: userid
-				,name: name
-				,email: email
-				,roles: roles
-			}
+			if (await this.#ResourceExists('User', userid)) {
+				return {
+					status: status.conflict,
+					error: 'User already exists.',
+					detail: { message: `User already exists: [${userid}]` }
+				};
+			} else {
+				const hashedPassword = await bcrypt.hash(password, saltRounds);
+				let user = {
+					id: userid
+					,name: name
+					,email: email
+					,hash: hashedPassword
+					,roles: roles
+				};
-			return { status: status.success, detail: payload };
+				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, user.id, user);
+				let payload =
+				{
+					id: userid
+					,name: name
+					,email: email
+					,roles: roles
+				}
+				return { status: status.success, detail: payload };
+			}
 		} catch (error)
 		{
 			console.error(error);
@@ -63,20 +67,23 @@ class BLCAuth
 		{
 			const { name, permissions } = rolePermissions;
 			let roleId = BLCAuth.ROLE_ID_PREFIX + name;
-			let existingRole = await this.#accessLayer.getLatestResource(roleId);
-			if (existingRole.status === 200) {
-				return { status: status.conflict, error: 'Role already exists.', detail: { message: 'Role already exists.' }};
-			}
-			let roleResource = {
-				id: roleId,
-				name: name,
-				permissions: permissions
-			}
+			if (await this.#ResourceExists('Role', roleId)) {
+				return {
+					status: status.conflict,
+					error: 'Role already exists.',
+					detail: { message: `Role already exists: [${roleId}]` }
+				};
+			} else {
+				let roleResource = {
+					id: roleId,
+					name: name,
+					permissions: permissions
+				}
-			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, roleId, roleResource);
+				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, roleId, roleResource);
-			return { status: status.success, detail: roleResource };
+				return { status: status.success, detail: roleResource };
+			}
 		} catch (error)
 		{
 			console.error(error);
@@ -84,28 +91,62 @@ class BLCAuth
 		}
 	}
+	async #GetResource(resource, resourceId) {
+		let resourceRaw = null;
+		try {
+			resourceRaw = await this.#accessLayer.getLatestResource(resourceId);
+		} catch (error) {
+			throw new STSDatabaseAccessError(resource, resourceId, error);
+		}
+		if (resourceRaw.status !== 200) {
+			throw new STSResourceNotFoundError(resource, resourceId);
+		}
+		try {
+			return JSON.parse(resourceRaw.detail.resdesc);
+		} catch (error) {
+			throw new STSResourceMalformedError(resource, resourceId, resourceRaw.detail.resdesc, error);
+		}
+	}
+	async #ResourceExists(resource, resourceId) {
+		try {
+			await this.#GetResource(resource, resourceId);
+			return true;
+		} catch (error) {
+			if (error instanceof STSResourceNotFoundError) {
+				return false;
+			} else {
+				throw error;
+			}
+		}
+	}
+	async GetUser(email) {
+		return this.#GetResource('User', BLCAuth.USER_ID_PREFIX + email);
+	}
+	async GetRole(role) {
+		return this.#GetResource('Role', BLCAuth.ROLE_ID_PREFIX + role);
+	}
+	async GetApplication(application) {
+		return this.#GetResource('Application', BLCAuth.APPLICATION_ID_PREFIX + application);
+	}
+	async GetAPI(identifier) {
+		return this.#GetResource('API', BLCAuth.API_ID_PREFIX + identifier);
+	}
 	async GetUserPermissions(email)
 	{
 		try
 		{
-			let userid = BLCAuth.USER_ID_PREFIX + email;
-			let existingUser = await this.#accessLayer.getLatestResource(userid);
-			if (existingUser.status !== 200) {
-				return { status: status.notfound, error: 'User not found.', detail: { message: 'User not found.' }};
-			}
-			let userResource = JSON.parse(existingUser.detail.resdesc);
+			let userResource = await this.GetUser(email);
 			let permissions = [ ];
 			for (let i=0; i < userResource.roles.length; i++) {
 				let role = userResource.roles[i];
-				let roleId = BLCAuth.ROLE_ID_PREFIX + role;
-				let existingRole = await this.#accessLayer.getLatestResource(roleId);
-				if (existingRole.status !== 200) {
-					return { status: status.notfound, error: 'Role not found.', detail: { message: 'Role not found.' }};
-				}
-				let roleResource = JSON.parse(existingRole.detail.resdesc);
+				let roleResource = await this.GetRole(role);
 				for (let j=0; j < roleResource.permissions.length; j++) {
 					let permission = roleResource.permissions[j];
 					if (!permissions.includes(permission)) {
@@ -128,23 +169,25 @@ class BLCAuth
 		{
 			const { clientId } = application;
 			let applicationId = BLCAuth.APPLICATION_ID_PREFIX + clientId;
-			let existingApplication = await this.#accessLayer.getLatestResource(applicationId);
-			if (existingApplication.status === 200) {
-				return { status: status.conflict, error: 'Application already exists.', detail: { message: `Application already exists: [${applicationId}]` }};
-			}
-			let payload =
-			{
-				applicationId: applicationId,
-				...application
+			if (await this.#ResourceExists('Application', applicationId)) {
+				return {
+					status: status.conflict,
+					error: 'Application already exists.',
+					detail: { message: `Application already exists: [${applicationId}]` }
+				};
+			} else {
+				let payload = {
+					applicationId,
+					...application
+				}
+				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, applicationId, payload);
+				// Client Secret is not returned. Seperate function used to display this field.
+				delete payload.clientSecret;
+				return { status: status.success, detail: payload };
 			}
-			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, applicationId, payload);
-			// Client Secret is not returned. Seperate function used to display this field.
-			delete payload.clientSecret;
-			return { status: status.success, detail: payload };
 		} catch (error)
 		{
 			console.error(error);
@@ -152,47 +195,73 @@ class BLCAuth
 		}
 	}
+	#ValidateApplication = async (apiPermissions, app) => {
+		const { clientId, clientName, permissions } = app;
+		let applicationResource = null;
+		try {
+			applicationResource = await this.GetApplication(clientId)
+		} catch (error) {
+			return { status: status.notfound , error: 'Cannot find client application.', detail: { message: error.message }};
+		}
+		if (applicationResource.clientName.localeCompare(clientName) !== 0) {
+			return { status: status.error, error: 'clientName mismatch.', detail: { message: `clientName mismatch: Value: [${clientName}], Expecting: [${applicationResource.clientName}]` }};
+		}
+		for (let j=0; j < permissions.length; j++) {
+			const permission = permissions[j];
+			if (!apiPermissions.includes(permission)) {
+				return { status: status.error, error: 'M2M permission not found within API available permission list.', detail: { message: `Permission not found within API available permission list: [${permission}]` }};
+			}
+		}
+		return null;
+	}
 	async AddAPI(api)
 	{
 		try
 		{
-			const { M2MApplications, permissions, identifier } = api;
+			const { M2MApplications, permissions: apiPermissions, identifier, SPA } = api;
 			let APIidentifier = BLCAuth.API_ID_PREFIX + identifier;
-			let existingAPI = await this.#accessLayer.getLatestResource(APIidentifier);
-			if (existingAPI.status === 200) {
-				return { status: status.conflict, error: 'API already exists.', detail: { message: `API already exists: [${APIidentifier}]` }};
-			}
-			// Validate M2MApplications
-			for (let i=0; i < M2MApplications.length; i++) {
-				const m2mapplication = M2MApplications[i];
-				let appid = BLCAuth.APPLICATION_ID_PREFIX + m2mapplication.clientId;
-				let retVal = await this.#accessLayer.getLatestResource(appid);
-				if (retVal.status !== 200) {
-					return { status: status.notfound , error: 'Cannot find client application.', detail: { message: `Cannot find client application: [${appid}].` }};
-				}
-				let applicationResource = JSON.parse(retVal.detail.resdesc);
-				if (applicationResource.clientName.localeCompare(m2mapplication.clientName) !== 0) {
-					return { status: status.error, error: 'clientName mismatch.', detail: { message: `clientName mismatch: Value: [${m2mapplication.clientName}], Expecting: [${applicationResource.clientName}]` }};
+			if (await this.#ResourceExists('API', APIidentifier)) {
+				return {
+					status: status.conflict,
+					error: 'API already exists.',
+					detail: { message: `API already exists: [${APIidentifier}]` }
+				};
+			} else {
+				// Validate M2MApplications
+				if (M2MApplications) {
+					for (let i=0; i < M2MApplications.length; i++) {
+						let retVal = await this.#ValidateApplication(apiPermissions, M2MApplications[i]);
+						if (retVal !== null) {
+							return retVal;
+						}
+					}
 				}
-				for (let j=0; j < m2mapplication.permissions.length; j++) {
-					const permission = m2mapplication.permissions[j];
-					if (!permissions.includes(permission)) {
-						return { status: status.error, error: 'M2M permission not found within API available permission list.', detail: { message: `M2M permission not found within API available permission list: [${permission}]` }};
+				// Validate SPA
+				if (SPA) {
+					for (let i=0; i < SPA.length; i++) {
+						let retVal = await this.#ValidateApplication(apiPermissions, SPA[i]);
+						if (retVal !== null) {
+							return retVal;
+						}
 					}
 				}
-			}
-			// Client Secret is not returned. Seperate function used to display this field.
-			let payload =
-			{
-				APIidentifier: APIidentifier,
-				...api
-			}
+				// Client Secret is not returned. Separate function used to display this field.
+				let payload =
+				{
+					APIidentifier,
+					...api
+				}
-			await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, APIidentifier, payload);
+				await this.#accessLayer.saveResource(BLCAuth.SYSTEM_USER_ID, APIidentifier, payload);
-			return { status: status.success, detail: payload };
+				return { status: status.success, detail: payload };
+			}
 		} catch (error)
 		{
 			console.error(error);
@@ -200,23 +269,23 @@ class BLCAuth
 		}
 	}
-	async GetApplication(clientId) {
-		let clientIdentifier = BLCAuth.APPLICATION_ID_PREFIX + clientId;
-		let application = await this.#accessLayer.getLatestResource(clientIdentifier);
-		if (application.status !== 200) {
-			return { status: status.notfound, error: 'Application not found.', detail: { message: `Application not found: [${clientId}]` }};
-		}
-		return application;
+	/*
+	// Get all the scopes (permissions) defined for this application (client_id) using this API (audience).
+	// client_secret required for M2M applications. Not required for SPA.
+	async GetScopes(client_id, client_secret, audience) {
 	}
-	async GetAPI(identifier) {
-		let APIidentifier = BLCAuth.API_ID_PREFIX + identifier;
-		let api = await this.#accessLayer.getLatestResource(APIidentifier);
-		if (api.status !== 200) {
-			return { status: status.notfound, error: 'API not found.', detail: { message: `API not found: [${identifier}]` }};
-		}
-		return api;
+	// Get all the scopes that the user (user_id) has previously consented for this application (client_id) using this API (audience).
+	async GetConsentedScopes(user_id, client_id, audience) {
+	}
+	// Update scopes that the user (user_id) has consented for this application (client_id) using this API (audience).
+	async UpdateConsentedScopes(user_id, client_id, audience, scopes) {
 	}
+	*/
 }
 module.exports = { BLCAuth };

package/dbaccess.js CHANGED Viewed

@@ -5,5 +5,11 @@ const { PGUtils } = require('./pgutils');
 const { BLCAuth } = require('./blcauth');
 const { DatabaseUtils } = require('./databaseutils');
 const { DataGenerator } = require('./datagenerator');
+const { STSDataManagementError, STSResourceNotFoundError, STSResourceMalformedError, STSDatabaseAccessError } = require('./dberrors');
-module.exports = { PGPoolManager, L1Cache, PGAccessLayer, PGUtils, BLCAuth, DatabaseUtils, DataGenerator };
+module.exports = {
+	// Utilities and Helpers
+	PGPoolManager, L1Cache, PGAccessLayer, PGUtils, BLCAuth, DatabaseUtils, DataGenerator,
+	// Errors
+	STSDataManagementError, STSResourceNotFoundError, STSResourceMalformedError, STSDatabaseAccessError
+};

package/dberrors.js ADDED Viewed

@@ -0,0 +1,57 @@
+const { status: { status } } = require('@nsshunt/stsutils');
+// https://rclayton.silvrback.com/custom-errors-in-node-js
+class STSDataManagementError extends Error {
+	constructor(message) {
+		super(message);
+		// Ensure the name of this error is the same as the class name
+		this.name = this.constructor.name;
+		// This clips the constructor invocation from the stack trace.
+		// It's not absolutely essential, but it does make the stack trace a little nicer.
+		//  @see Node.js reference (bottom)
+		Error.captureStackTrace(this, this.constructor);
+		this.detail = null;
+		this.status = status.error;
+	}
+}
+class STSResourceNotFoundError extends STSDataManagementError {
+	constructor(resource, resourceId) {
+		super(`Resource [${resource}] not found using ID: [${resourceId}]`);
+		this.detail = {
+			resourceId,
+			resource
+		}
+		this.status = status.notfound;
+	}
+}
+class STSResourceMalformedError extends STSDataManagementError {
+	constructor(resource, resourceId, resourceRaw, error) {
+		super(`Resource [${resource}:{resourceId}] is malformed.`);
+		this.detail = {
+			resourceId,
+			resource,
+			resourceRaw,
+			error
+		}
+		this.status = status.error;
+	}
+}
+class STSDatabaseAccessError extends STSDataManagementError {
+	constructor(resource, resourceId, error) {
+		super(`Database access error reading resource: [${resource}:{resourceId}]`);
+		this.detail = {
+			resourceId,
+			resource,
+			error
+		}
+		this.status = status.error;
+	}
+}
+module.exports = { STSDataManagementError, STSResourceNotFoundError, STSResourceMalformedError, STSDatabaseAccessError }

package/package.json CHANGED Viewed

@@ -1,18 +1,18 @@
 {
   "name": "@nsshunt/stsdatamanagement",
-  "version": "1.10.5",
+  "version": "1.11.2",
   "description": "STS Data Management Modules, Utilities and Services",
   "main": "dbaccess.js",
   "dependencies": {
     "@nsshunt/stsconfig": "^1.20.0",
     "@nsshunt/stsinstrumentation": "^6.4.3",
-    "@nsshunt/stsutils": "^1.7.6",
+    "@nsshunt/stsutils": "^1.8.5",
     "axios": "^0.26.0",
     "bcryptjs": "^2.4.3",
     "cli-progress": "^3.10.0",
     "colors": "^1.4.0",
     "debug": "^4.3.4",
-    "ioredis": "^4.28.5",
+    "ioredis": "^5.0.3",
     "pg": "^8.7.3",
     "pg-copy-streams": "^6.0.2",
     "prompts": "^2.4.2",
@@ -31,7 +31,7 @@
     "@babel/eslint-parser": "^7.17.0",
     "@babel/plugin-proposal-class-properties": "^7.16.7",
     "@babel/plugin-proposal-private-methods": "^7.16.11",
-    "eslint": "^8.11.0",
+    "eslint": "^8.12.0",
     "jest": "^27.5.1"
   },
   "scripts": {