@ogcio/sag-client 0.7.0 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -5
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +10 -0
- package/dist/auth.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/react/index.d.ts +1 -1
- package/dist/react/index.d.ts.map +1 -1
- package/dist/react/index.js +1 -1
- package/dist/react/index.js.map +1 -1
- package/dist/react/use-gateway-download.js +1 -1
- package/dist/react/use-gateway-download.js.map +1 -1
- package/dist/react/use-onboarding-guard.d.ts +27 -4
- package/dist/react/use-onboarding-guard.d.ts.map +1 -1
- package/dist/react/use-onboarding-guard.js +43 -9
- package/dist/react/use-onboarding-guard.js.map +1 -1
- package/dist/react/use-public-servant-guard.d.ts +54 -12
- package/dist/react/use-public-servant-guard.d.ts.map +1 -1
- package/dist/react/use-public-servant-guard.js +59 -12
- package/dist/react/use-public-servant-guard.js.map +1 -1
- package/dist/roles.d.ts +8 -0
- package/dist/roles.d.ts.map +1 -1
- package/dist/roles.js +19 -0
- package/dist/roles.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -181,9 +181,14 @@ import {
|
|
|
181
181
|
CONNECTOR_MYGOVID,
|
|
182
182
|
CONNECTOR_ENTRAID,
|
|
183
183
|
ALLOWED_SIGNIN_METHODS,
|
|
184
|
-
DEFAULT_PUBLIC_SERVANT_ROLES,
|
|
185
|
-
ORG_ROLE_ADMIN,
|
|
186
|
-
ORG_ROLE_MEMBER,
|
|
184
|
+
DEFAULT_PUBLIC_SERVANT_ROLES, // ["Organisation Admin", "Organisation Member"]
|
|
185
|
+
ORG_ROLE_ADMIN, // "Organisation Admin"
|
|
186
|
+
ORG_ROLE_MEMBER, // "Organisation Member"
|
|
187
|
+
// Govie service-specific PS role names (mirror the Logto seeder):
|
|
188
|
+
PROFILE_PUBLIC_SERVANT_ROLE_NAME, // "Profile Public Servant"
|
|
189
|
+
MESSAGING_PUBLIC_SERVANT_ROLE_NAME, // "Messaging Public Servant"
|
|
190
|
+
DASHBOARD_PUBLIC_SERVANT_ROLE_NAME, // "Dashboard Public Servant"
|
|
191
|
+
UPLOAD_PUBLIC_SERVANT_ROLE_NAME, // "File Upload Public Servant"
|
|
187
192
|
} from "@ogcio/sag-client"
|
|
188
193
|
|
|
189
194
|
// After checking auth:
|
|
@@ -195,8 +200,8 @@ if (status.authenticated) {
|
|
|
195
200
|
const citizen = isCitizen(organization_roles, DEFAULT_PUBLIC_SERVANT_ROLES)
|
|
196
201
|
const publicServant = isPublicServant(organization_roles, DEFAULT_PUBLIC_SERVANT_ROLES)
|
|
197
202
|
|
|
198
|
-
// Or use
|
|
199
|
-
const isMessagingPS = isPublicServant(organization_roles, [
|
|
203
|
+
// Or use the canonical service role names for admin/cross-service checks:
|
|
204
|
+
const isMessagingPS = isPublicServant(organization_roles, [MESSAGING_PUBLIC_SERVANT_ROLE_NAME])
|
|
200
205
|
|
|
201
206
|
const inactive = isInactivePublicServant(organization_roles)
|
|
202
207
|
const onboarded = isCitizenOnboarded(roles)
|
package/dist/auth.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,cAAc,EACf,MAAM,SAAS,CAAA;AAEhB;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAC7B,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,UAAU,CAAC,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EACV,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,cAAc,EACf,MAAM,SAAS,CAAA;AAEhB;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAC7B,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,UAAU,CAAC,CAgBrB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,SAAS,EAAE,OAAO,CAAA;CAAE,CAAC,CAUjC;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAKzE;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAc7B;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,OAAO,CAAC,CAYlB;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAexB;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,OAAO,CAAC,CAUlB;AAiBD;;;;;;GAMG;AACH,wBAAgB,MAAM,CACpB,UAAU,EAAE,MAAM,EAClB,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,aAAa,GACtB,IAAI,CAQN;AAED;;GAEG;AACH,wBAAgB,OAAO,CACrB,UAAU,EAAE,MAAM,EAClB,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,cAAc,GACvB,IAAI,CAMN"}
|
package/dist/auth.js
CHANGED
|
@@ -19,8 +19,11 @@ export async function checkAuth(gatewayUrl, appName) {
|
|
|
19
19
|
const url = appName
|
|
20
20
|
? `${gatewayUrl}/auth/status?app=${encodeURIComponent(appName)}`
|
|
21
21
|
: `${gatewayUrl}/auth/status`;
|
|
22
|
+
// `cache: "no-store"` — auth status reflects mutable session state and must
|
|
23
|
+
// never be served stale from the browser/CDN cache (AB#38950).
|
|
22
24
|
const res = await fetch(url, {
|
|
23
25
|
credentials: "include",
|
|
26
|
+
cache: "no-store",
|
|
24
27
|
});
|
|
25
28
|
return (await res.json());
|
|
26
29
|
}
|
|
@@ -62,8 +65,11 @@ export async function invalidateSession(gatewayUrl) {
|
|
|
62
65
|
export async function fetchOrganizations(gatewayUrl) {
|
|
63
66
|
var _a;
|
|
64
67
|
try {
|
|
68
|
+
// `cache: "no-store"` — organization membership is session state that can
|
|
69
|
+
// change (e.g. after onboarding); never serve a cached list (AB#38950).
|
|
65
70
|
const res = await fetch(`${gatewayUrl}/auth/organizations`, {
|
|
66
71
|
credentials: "include",
|
|
72
|
+
cache: "no-store",
|
|
67
73
|
});
|
|
68
74
|
if (!res.ok)
|
|
69
75
|
return [];
|
|
@@ -98,8 +104,12 @@ export async function selectOrganization(gatewayUrl, organizationId) {
|
|
|
98
104
|
export async function getSelectedOrganization(gatewayUrl) {
|
|
99
105
|
var _a;
|
|
100
106
|
try {
|
|
107
|
+
// `cache: "no-store"` — the selected org changes when the user switches
|
|
108
|
+
// department; a cached read replays the stale (often initial null) value
|
|
109
|
+
// after a reload, which silently reverts org switches (AB#38950).
|
|
101
110
|
const res = await fetch(`${gatewayUrl}/auth/selected-organization`, {
|
|
102
111
|
credentials: "include",
|
|
112
|
+
cache: "no-store",
|
|
103
113
|
});
|
|
104
114
|
if (!res.ok)
|
|
105
115
|
return null;
|
package/dist/auth.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,UAAkB,EAClB,OAAgB;IAEhB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,OAAO;YACjB,CAAC,CAAC,GAAG,UAAU,oBAAoB,kBAAkB,CAAC,OAAO,CAAC,EAAE;YAChE,CAAC,CAAC,GAAG,UAAU,cAAc,CAAA;QAC/B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,WAAW,EAAE,SAAS;
|
|
1
|
+
{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,UAAkB,EAClB,OAAgB;IAEhB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,OAAO;YACjB,CAAC,CAAC,GAAG,UAAU,oBAAoB,kBAAkB,CAAC,OAAO,CAAC,EAAE;YAChE,CAAC,CAAC,GAAG,UAAU,cAAc,CAAA;QAC/B,4EAA4E;QAC5E,+DAA+D;QAC/D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,WAAW,EAAE,SAAS;YACtB,KAAK,EAAE,UAAU;SAClB,CAAC,CAAA;QACF,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAe,CAAA;IACzC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAA;QAC3C,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAA;IACjC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,cAAc,EAAE;YACnD,WAAW,EAAE,SAAS;SACvB,CAAC,CAAA;QACF,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAwB,CAAA;QACtD,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,EAAE,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAA;IAC3D,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,CAAA;IAC7B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,UAAkB;IACxD,MAAM,KAAK,CAAC,GAAG,UAAU,0BAA0B,EAAE;QACnD,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,SAAS;KACvB,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,UAAkB;;IAElB,IAAI,CAAC;QACH,0EAA0E;QAC1E,wEAAwE;QACxE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,qBAAqB,EAAE;YAC1D,WAAW,EAAE,SAAS;YACtB,KAAK,EAAE,UAAU;SAClB,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAA;QACtB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2C,CAAA;QACzE,OAAO,MAAA,IAAI,CAAC,aAAa,mCAAI,EAAE,CAAA;IACjC,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,UAAkB,EAClB,cAAsB;IAEtB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,2BAA2B,EAAE;YAChE,MAAM,EAAE,MAAM;YACd,WAAW,EAAE,SAAS;YACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC;SACzC,CAAC,CAAA;QACF,OAAO,GAAG,CAAC,EAAE,CAAA;IACf,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,UAAkB;;IAElB,IAAI,CAAC;QACH,wEAAwE;QACxE,yEAAyE;QACzE,kEAAkE;QAClE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,6BAA6B,EAAE;YAClE,WAAW,EAAE,SAAS;YACtB,KAAK,EAAE,UAAU;SAClB,CAAC,CAAA;QACF,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAA;QACxB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuC,CAAA;QACrE,OAAO,MAAA,IAAI,CAAC,cAAc,mCAAI,IAAI,CAAA;IACpC,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,6BAA6B,EAAE;YAClE,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE,SAAS;SACvB,CAAC,CAAA;QACF,OAAO,GAAG,CAAC,EAAE,CAAA;IACf,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAA;IAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACpB,IAAI,CAAC,MAAM,GAAG,GAAG,CAAA;IACjB,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;IAC/B,IAAI,CAAC,MAAM,EAAE,CAAA;AACf,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,MAAM,CACpB,UAAkB,EAClB,GAAW,EACX,OAAuB;IAEvB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;IAC3C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;QAAE,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;IAClE,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW;QAAE,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,WAAW,CAAC,CAAA;IACxE,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW;QAAE,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,WAAW,CAAC,CAAA;IACxE,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;QAAE,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;IAClE,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW;QAAE,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,WAAW,CAAC,CAAA;IACxE,YAAY,CAAC,GAAG,UAAU,iBAAiB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;AACjE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CACrB,UAAkB,EAClB,GAAW,EACX,OAAwB;IAExB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;IAC3C,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,qBAAqB,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,uBAAuB,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAA;IACpE,CAAC;IACD,YAAY,CAAC,GAAG,UAAU,kBAAkB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;AAClE,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -4,7 +4,7 @@ export { createGatewayFetcher, createGatewayMutator } from "./fetcher";
|
|
|
4
4
|
export type { OnboardingRedirectParams, WrongLoginMethodParams, } from "./onboarding";
|
|
5
5
|
export { buildOnboardingRedirectUrl, buildWrongLoginMethodRedirect, CLEAR_SESSION_PATH, ONBOARDING_PATH, ONBOARDING_SOURCE_PARAM, WRONG_LOGIN_METHOD_PATH, WRONG_LOGIN_RETURN_URL_PARAM, } from "./onboarding";
|
|
6
6
|
export { withEntraID, withMyGovId, withOtp } from "./presets";
|
|
7
|
-
export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DEFAULT_PUBLIC_SERVANT_ROLES, INACTIVE_PS_ORG_ROLE, isCitizen, isCitizenOnboarded, isInactivePublicServant, isPublicServant, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, ROLE_NAME_ONBOARDED_CITIZEN, } from "./roles";
|
|
7
|
+
export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DASHBOARD_PUBLIC_SERVANT_ROLE_NAME, DEFAULT_PUBLIC_SERVANT_ROLES, INACTIVE_PS_ORG_ROLE, isCitizen, isCitizenOnboarded, isInactivePublicServant, isPublicServant, MESSAGING_PUBLIC_SERVANT_ROLE_NAME, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, PROFILE_PUBLIC_SERVANT_ROLE_NAME, ROLE_NAME_ONBOARDED_CITIZEN, UPLOAD_PUBLIC_SERVANT_ROLE_NAME, } from "./roles";
|
|
8
8
|
export type { ActorType, AuthClaims, AuthStatus, AuthUser, GatewayFetchOptions, GatewayMutationOptions, MutationMethod, OrganizationInfo, SagClientConfig, SignInOptions, SignOutOptions, UseAuthResult, } from "./types";
|
|
9
9
|
export { ACTOR_TYPE_HEADER, ORGANIZATION_ID_HEADER, SagFetchError, } from "./types";
|
|
10
10
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,EACN,OAAO,GACR,MAAM,QAAQ,CAAA;AACf,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAGpC,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AACtE,YAAY,EACV,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,cAAc,CAAA;AAErB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAG7D,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,4BAA4B,EAC5B,oBAAoB,EACpB,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,cAAc,EACd,eAAe,EACf,2BAA2B,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,EACN,OAAO,GACR,MAAM,QAAQ,CAAA;AACf,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAGpC,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AACtE,YAAY,EACV,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,cAAc,CAAA;AAGrB,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,cAAc,CAAA;AAErB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAG7D,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,kCAAkC,EAClC,4BAA4B,EAC5B,oBAAoB,EACpB,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,kCAAkC,EAClC,cAAc,EACd,eAAe,EACf,gCAAgC,EAChC,2BAA2B,EAC3B,+BAA+B,GAChC,MAAM,SAAS,CAAA;AAGhB,YAAY,EACV,SAAS,EACT,UAAU,EACV,UAAU,EACV,QAAQ,EACR,mBAAmB,EACnB,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,cAAc,EACd,aAAa,GACd,MAAM,SAAS,CAAA;AAChB,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,aAAa,GACd,MAAM,SAAS,CAAA"}
|
package/dist/index.js
CHANGED
|
@@ -9,6 +9,6 @@ export { buildOnboardingRedirectUrl, buildWrongLoginMethodRedirect, CLEAR_SESSIO
|
|
|
9
9
|
// ── Sign-in presets ─────────────────────────────────────────
|
|
10
10
|
export { withEntraID, withMyGovId, withOtp } from "./presets";
|
|
11
11
|
// ── Role detection utilities ────────────────────────────────
|
|
12
|
-
export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DEFAULT_PUBLIC_SERVANT_ROLES, INACTIVE_PS_ORG_ROLE, isCitizen, isCitizenOnboarded, isInactivePublicServant, isPublicServant, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, ROLE_NAME_ONBOARDED_CITIZEN, } from "./roles";
|
|
12
|
+
export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DASHBOARD_PUBLIC_SERVANT_ROLE_NAME, DEFAULT_PUBLIC_SERVANT_ROLES, INACTIVE_PS_ORG_ROLE, isCitizen, isCitizenOnboarded, isInactivePublicServant, isPublicServant, MESSAGING_PUBLIC_SERVANT_ROLE_NAME, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, PROFILE_PUBLIC_SERVANT_ROLE_NAME, ROLE_NAME_ONBOARDED_CITIZEN, UPLOAD_PUBLIC_SERVANT_ROLE_NAME, } from "./roles";
|
|
13
13
|
export { ACTOR_TYPE_HEADER, ORGANIZATION_ID_HEADER, SagFetchError, } from "./types";
|
|
14
14
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAEhE,gEAAgE;AAChE,OAAO,EACL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,EACN,OAAO,GACR,MAAM,QAAQ,CAAA;AACf,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAEpC,+DAA+D;AAC/D,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AAMtE,+DAA+D;AAC/D,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,cAAc,CAAA;AACrB,+DAA+D;AAC/D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAE7D,+DAA+D;AAC/D,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,4BAA4B,EAC5B,oBAAoB,EACpB,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,cAAc,EACd,eAAe,EACf,2BAA2B,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAEhE,gEAAgE;AAChE,OAAO,EACL,SAAS,EACT,WAAW,EACX,yBAAyB,EACzB,kBAAkB,EAClB,uBAAuB,EACvB,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,EACN,OAAO,GACR,MAAM,QAAQ,CAAA;AACf,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAEpC,+DAA+D;AAC/D,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AAMtE,+DAA+D;AAC/D,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,cAAc,CAAA;AACrB,+DAA+D;AAC/D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAE7D,+DAA+D;AAC/D,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,kCAAkC,EAClC,4BAA4B,EAC5B,oBAAoB,EACpB,SAAS,EACT,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,kCAAkC,EAClC,cAAc,EACd,eAAe,EACf,gCAAgC,EAChC,2BAA2B,EAC3B,+BAA+B,GAChC,MAAM,SAAS,CAAA;AAiBhB,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,aAAa,GACd,MAAM,SAAS,CAAA"}
|
package/dist/react/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export { buildOnboardingRedirectUrl, buildWrongLoginMethodRedirect, CLEAR_SESSION_PATH, ONBOARDING_PATH, ONBOARDING_SOURCE_PARAM, WRONG_LOGIN_METHOD_PATH, WRONG_LOGIN_RETURN_URL_PARAM, } from "../onboarding";
|
|
2
|
-
export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DEFAULT_PUBLIC_SERVANT_ROLES, isCitizen, isCitizenByRole, isCitizenOnboarded, isInactivePublicServant, isPublicServant, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, ROLE_NAME_CITIZEN, ROLE_NAME_ONBOARDED_CITIZEN, } from "../roles";
|
|
2
|
+
export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DASHBOARD_PUBLIC_SERVANT_ROLE_NAME, DEFAULT_PUBLIC_SERVANT_ROLES, isCitizen, isCitizenByRole, isCitizenOnboarded, isInactivePublicServant, isPublicServant, MESSAGING_PUBLIC_SERVANT_ROLE_NAME, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, PROFILE_PUBLIC_SERVANT_ROLE_NAME, ROLE_NAME_CITIZEN, ROLE_NAME_ONBOARDED_CITIZEN, UPLOAD_PUBLIC_SERVANT_ROLE_NAME, } from "../roles";
|
|
3
3
|
export type { ActorType, AuthClaims, GatewayFetchOptions, GatewayMutationOptions, MutationMethod, OrganizationInfo, SignInOptions, UseAuthResult, } from "../types";
|
|
4
4
|
export { ACTOR_TYPE_HEADER, ORGANIZATION_ID_HEADER, SagFetchError, } from "../types";
|
|
5
5
|
export { SagClientProvider, useSagClient } from "./provider";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,eAAe,CAAA;AAEtB,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,4BAA4B,EAC5B,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,2BAA2B,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,eAAe,CAAA;AAEtB,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,kCAAkC,EAClC,4BAA4B,EAC5B,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,kCAAkC,EAClC,cAAc,EACd,eAAe,EACf,gCAAgC,EAChC,iBAAiB,EACjB,2BAA2B,EAC3B,+BAA+B,GAChC,MAAM,UAAU,CAAA;AAEjB,YAAY,EACV,SAAS,EACT,UAAU,EACV,mBAAmB,EACnB,sBAAsB,EACtB,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,aAAa,GACd,MAAM,UAAU,CAAA;AACjB,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,aAAa,GACd,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAE5D,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,YAAY,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAA;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AACrD,YAAY,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAA;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAC3D,YAAY,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAA;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAC3D,YAAY,EACV,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,wBAAwB,CAAA;AAE/B,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAC3D,YAAY,EACV,4BAA4B,EAC5B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAA;AAEnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA"}
|
package/dist/react/index.js
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
// ── Re-export onboarding helpers for convenience ────────────
|
|
3
3
|
export { buildOnboardingRedirectUrl, buildWrongLoginMethodRedirect, CLEAR_SESSION_PATH, ONBOARDING_PATH, ONBOARDING_SOURCE_PARAM, WRONG_LOGIN_METHOD_PATH, WRONG_LOGIN_RETURN_URL_PARAM, } from "../onboarding";
|
|
4
4
|
// ── Re-export role detection utilities for convenience ──────
|
|
5
|
-
export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DEFAULT_PUBLIC_SERVANT_ROLES, isCitizen, isCitizenByRole, isCitizenOnboarded, isInactivePublicServant, isPublicServant, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, ROLE_NAME_CITIZEN, ROLE_NAME_ONBOARDED_CITIZEN, } from "../roles";
|
|
5
|
+
export { ALLOWED_SIGNIN_METHODS, CONNECTOR_ENTRAID, CONNECTOR_MYGOVID, DASHBOARD_PUBLIC_SERVANT_ROLE_NAME, DEFAULT_PUBLIC_SERVANT_ROLES, isCitizen, isCitizenByRole, isCitizenOnboarded, isInactivePublicServant, isPublicServant, MESSAGING_PUBLIC_SERVANT_ROLE_NAME, ORG_ROLE_ADMIN, ORG_ROLE_MEMBER, PROFILE_PUBLIC_SERVANT_ROLE_NAME, ROLE_NAME_CITIZEN, ROLE_NAME_ONBOARDED_CITIZEN, UPLOAD_PUBLIC_SERVANT_ROLE_NAME, } from "../roles";
|
|
6
6
|
export { ACTOR_TYPE_HEADER, ORGANIZATION_ID_HEADER, SagFetchError, } from "../types";
|
|
7
7
|
export { SagClientProvider, useSagClient } from "./provider";
|
|
8
8
|
// ── Sign-in presets ──────────────────────────────────────────
|
package/dist/react/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAEhE,+DAA+D;AAC/D,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,eAAe,CAAA;AACtB,+DAA+D;AAC/D,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,4BAA4B,EAC5B,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,2BAA2B,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAEhE,+DAA+D;AAC/D,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC7B,kBAAkB,EAClB,eAAe,EACf,uBAAuB,EACvB,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,eAAe,CAAA;AACtB,+DAA+D;AAC/D,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,kCAAkC,EAClC,4BAA4B,EAC5B,SAAS,EACT,eAAe,EACf,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,EACf,kCAAkC,EAClC,cAAc,EACd,eAAe,EACf,gCAAgC,EAChC,iBAAiB,EACjB,2BAA2B,EAC3B,+BAA+B,GAChC,MAAM,UAAU,CAAA;AAYjB,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,aAAa,GACd,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAC5D,gEAAgE;AAChE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAC9D,gEAAgE;AAChE,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAEpC,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAErD,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAE3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAK3D,gEAAgE;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAK3D,gEAAgE;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"use-gateway-download.js","sourceRoot":"","sources":["../../src/react/use-gateway-download.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AAChC,OAAO,EAAE,iBAAiB,EAAkB,aAAa,EAAE,MAAM,UAAU,CAAA;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAczC;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAmC;IAEnC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAA;IAC7B,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IACzD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAuB,IAAI,CAAC,CAAA;IAE9D,MAAM,QAAQ,GAAG,WAAW,CAC1B,KAAK,EAAE,IAAY,EAAE,QAAgB,EAAE,EAAE;;QACvC,gBAAgB,CAAC,IAAI,CAAC,CAAA;QACtB,QAAQ,CAAC,IAAI,CAAC,CAAA;QAEd,MAAM,YAAY,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,mCAAI,KAAK,CAAA;QAEnD,8DAA8D;QAC9D,2CAA2C;QAC3C,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QAEzE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,EAAE,CAAA;YACzC,MAAM,OAAO,GAA2B;gBACtC,eAAe,EAAE,MAAM,CAAC,OAAO;aAChC,CAAA;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;gBACvB,OAAO,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,SAAS,CAAA;YAChD,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,WAAW,EAAE,SAAS;gBACtB,OAAO;aACR,CAAC,CAAA;YAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,EAAE,CAAA;gBACf,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;gBACzC,MAAM,IAAI,aAAa,CACrB,+CAA+C,EAC/C,GAAG,CACJ,CAAA;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,EAAE,CAAA;gBACf,IAAI,OAAO,GAAG,uBAAuB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAA;gBAC7E,IAAI,IAAwB,CAAA;gBAC5B,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAA;oBACD,IAAI,IAAI,CAAC,OAAO;wBAAE,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;yBACnC,IAAI,IAAI,CAAC,KAAK;wBAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAA;oBACzC,IAAI,IAAI,CAAC,IAAI;wBAAE,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;gBACjC,CAAC;gBAAC,WAAM,CAAC;oBACP,gBAAgB;gBAClB,CAAC;gBACD,MAAM,IAAI,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;YACzD,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;YAClC,MAAM,SAAS,GAAG,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;YAE3C,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,SAAS,CAAA;YAClC,CAAC;iBAAM,CAAC;gBACN,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;gBAC1C,MAAM,CAAC,IAAI,GAAG,SAAS,CAAA;gBACvB,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAA;gBAC1B,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,MAAM,CAAA;gBAC7B,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;gBACjC,MAAM,CAAC,KAAK,EAAE,CAAA;gBAEd,UAAU,CAAC,GAAG,EAAE;oBACd,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;oBAC9B,
|
|
1
|
+
{"version":3,"file":"use-gateway-download.js","sourceRoot":"","sources":["../../src/react/use-gateway-download.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AAChC,OAAO,EAAE,iBAAiB,EAAkB,aAAa,EAAE,MAAM,UAAU,CAAA;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAczC;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAmC;IAEnC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAA;IAC7B,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IACzD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAuB,IAAI,CAAC,CAAA;IAE9D,MAAM,QAAQ,GAAG,WAAW,CAC1B,KAAK,EAAE,IAAY,EAAE,QAAgB,EAAE,EAAE;;QACvC,gBAAgB,CAAC,IAAI,CAAC,CAAA;QACtB,QAAQ,CAAC,IAAI,CAAC,CAAA;QAEd,MAAM,YAAY,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,mCAAI,KAAK,CAAA;QAEnD,8DAA8D;QAC9D,2CAA2C;QAC3C,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QAEzE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,EAAE,CAAA;YACzC,MAAM,OAAO,GAA2B;gBACtC,eAAe,EAAE,MAAM,CAAC,OAAO;aAChC,CAAA;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,CAAC;gBACvB,OAAO,CAAC,iBAAiB,CAAC,GAAG,OAAO,CAAC,SAAS,CAAA;YAChD,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,WAAW,EAAE,SAAS;gBACtB,OAAO;aACR,CAAC,CAAA;YAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,EAAE,CAAA;gBACf,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;gBACzC,MAAM,IAAI,aAAa,CACrB,+CAA+C,EAC/C,GAAG,CACJ,CAAA;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,EAAE,CAAA;gBACf,IAAI,OAAO,GAAG,uBAAuB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAA;gBAC7E,IAAI,IAAwB,CAAA;gBAC5B,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAA;oBACD,IAAI,IAAI,CAAC,OAAO;wBAAE,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;yBACnC,IAAI,IAAI,CAAC,KAAK;wBAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAA;oBACzC,IAAI,IAAI,CAAC,IAAI;wBAAE,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;gBACjC,CAAC;gBAAC,WAAM,CAAC;oBACP,gBAAgB;gBAClB,CAAC;gBACD,MAAM,IAAI,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;YACzD,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;YAClC,MAAM,SAAS,GAAG,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;YAE3C,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,SAAS,CAAA;YAClC,CAAC;iBAAM,CAAC;gBACN,MAAM,MAAM,GAAG,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;gBAC1C,MAAM,CAAC,IAAI,GAAG,SAAS,CAAA;gBACvB,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAA;gBAC1B,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,MAAM,CAAA;gBAC7B,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;gBACjC,MAAM,CAAC,KAAK,EAAE,CAAA;gBAEd,UAAU,CAAC,GAAG,EAAE;oBACd,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;oBAC9B,MAAM,CAAC,MAAM,EAAE,CAAA;gBACjB,CAAC,EAAE,GAAG,CAAC,CAAA;YACT,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,EAAE,CAAA;YACf,MAAM,QAAQ,GACZ,GAAG,YAAY,aAAa;gBAC1B,CAAC,CAAC,GAAG;gBACL,CAAC,CAAC,IAAI,aAAa,CACf,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,EACtD,CAAC,CACF,CAAA;YACP,QAAQ,CAAC,QAAQ,CAAC,CAAA;YAClB,MAAM,QAAQ,CAAA;QAChB,CAAC;gBAAS,CAAC;YACT,gBAAgB,CAAC,KAAK,CAAC,CAAA;QACzB,CAAC;IACH,CAAC,EACD,CAAC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,CAAC,CACpD,CAAA;IAED,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,KAAK,EAAE,CAAA;AAC3C,CAAC"}
|
|
@@ -13,12 +13,29 @@ export interface UseOnboardingGuardOptions {
|
|
|
13
13
|
* of any kind) are redirected here immediately, before any other check.
|
|
14
14
|
*
|
|
15
15
|
* Use for citizen-only apps that have a companion admin app.
|
|
16
|
-
*
|
|
17
|
-
*
|
|
16
|
+
*
|
|
17
|
+
* The default "is PS" check (when `publicServantRoles` is unset) treats any
|
|
18
|
+
* user with `organization_roles.length > 0` as a PS. This is convenient but
|
|
19
|
+
* pairs badly with companion admin apps that gate access on a specific role
|
|
20
|
+
* (via `usePublicServantGuard({ publicServantRoles: […] })`) — users whose
|
|
21
|
+
* org roles belong to a different service ping-pong between the two apps.
|
|
22
|
+
* Set `publicServantRoles` to the same list the admin app accepts to keep
|
|
23
|
+
* the definitions in sync.
|
|
18
24
|
*
|
|
19
25
|
* @example publicServantRedirectUrl: "https://admin.example.com"
|
|
20
26
|
*/
|
|
21
27
|
publicServantRedirectUrl?: string;
|
|
28
|
+
/**
|
|
29
|
+
* Role names that identify a public servant for the purpose of the
|
|
30
|
+
* `publicServantRedirectUrl` redirect. When set, only users whose
|
|
31
|
+
* `organization_roles` include one of these role names (or who are flagged
|
|
32
|
+
* as an inactive PS) are redirected to the admin app — keeping behaviour
|
|
33
|
+
* symmetric with `usePublicServantGuard({ publicServantRoles })`.
|
|
34
|
+
*
|
|
35
|
+
* When omitted, the legacy behaviour applies: anyone with any
|
|
36
|
+
* `organization_roles` entry is treated as a PS.
|
|
37
|
+
*/
|
|
38
|
+
publicServantRoles?: string[];
|
|
22
39
|
/**
|
|
23
40
|
* Logto `directSignIn` connector to use when the user comes back
|
|
24
41
|
* from onboarding (e.g. CONNECTOR_MYGOVID). Optional.
|
|
@@ -59,8 +76,14 @@ export interface UseOnboardingGuardResult {
|
|
|
59
76
|
* **Behaviour (in order):**
|
|
60
77
|
*
|
|
61
78
|
* 1. If the user is not authenticated → resolved (let sign-in render).
|
|
62
|
-
* 2. If `publicServantRedirectUrl` is set and the user
|
|
63
|
-
*
|
|
79
|
+
* 2. If `publicServantRedirectUrl` is set and the user is classified as a
|
|
80
|
+
* public servant → redirect to `publicServantRedirectUrl`, debounced by
|
|
81
|
+
* `debounceMs` so a misconfigured companion admin app that bounces the
|
|
82
|
+
* user back here cannot trigger a rapid redirect loop.
|
|
83
|
+
* The classification uses `publicServantRoles` when provided (so the
|
|
84
|
+
* citizen app and its companion admin app share one definition); when
|
|
85
|
+
* omitted, any user with `organization_roles.length > 0` is treated as
|
|
86
|
+
* a PS.
|
|
64
87
|
* 3. If the user is a PS and no redirect is configured →
|
|
65
88
|
* resolved (pass-through for PS on non-citizen-locked apps).
|
|
66
89
|
* 4. If the user signed in with a wrong method → redirect to the
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"use-onboarding-guard.d.ts","sourceRoot":"","sources":["../../src/react/use-onboarding-guard.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"use-onboarding-guard.d.ts","sourceRoot":"","sources":["../../src/react/use-onboarding-guard.ts"],"names":[],"mappings":"AAwBA,iDAAiD;AACjD,MAAM,WAAW,yBAAyB;IACxC,qEAAqE;IACrE,UAAU,EAAE,MAAM,CAAA;IAElB;;;;OAIG;IACH,UAAU,EAAE,MAAM,CAAA;IAElB;;;;;;;;;;;;;;;OAeG;IACH,wBAAwB,CAAC,EAAE,MAAM,CAAA;IAEjC;;;;;;;;;OASG;IACH,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;IAE7B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAElB;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,4CAA4C;AAC5C,MAAM,WAAW,wBAAwB;IACvC;;;;;;;;;;;OAWG;IACH,QAAQ,EAAE,OAAO,CAAA;CAClB;AAID;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0DG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,yBAAyB,GACjC,wBAAwB,CAoJ1B"}
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
"use client";
|
|
2
2
|
import { useEffect, useRef, useState } from "react";
|
|
3
3
|
import { buildOnboardingRedirectUrl, buildWrongLoginMethodRedirect, } from "../onboarding";
|
|
4
|
-
import { ALLOWED_SIGNIN_METHODS, isCitizenOnboarded } from "../roles";
|
|
4
|
+
import { ALLOWED_SIGNIN_METHODS, isCitizenOnboarded, isInactivePublicServant, isPublicServant, } from "../roles";
|
|
5
5
|
import { useSagClient } from "./provider";
|
|
6
6
|
import { useAuth } from "./use-auth";
|
|
7
7
|
// ── Constants ───────────────────────────────────────────────
|
|
8
8
|
const ONBOARDING_STORAGE_KEY = "sag_onboarding_ts";
|
|
9
|
+
const PUBLIC_SERVANT_STORAGE_KEY = "sag_ps_redirect_ts";
|
|
9
10
|
const DEFAULT_DEBOUNCE_MS = 30000; // 30 seconds
|
|
10
11
|
// ── Hook ────────────────────────────────────────────────────
|
|
11
12
|
/**
|
|
@@ -18,8 +19,14 @@ const DEFAULT_DEBOUNCE_MS = 30000; // 30 seconds
|
|
|
18
19
|
* **Behaviour (in order):**
|
|
19
20
|
*
|
|
20
21
|
* 1. If the user is not authenticated → resolved (let sign-in render).
|
|
21
|
-
* 2. If `publicServantRedirectUrl` is set and the user
|
|
22
|
-
*
|
|
22
|
+
* 2. If `publicServantRedirectUrl` is set and the user is classified as a
|
|
23
|
+
* public servant → redirect to `publicServantRedirectUrl`, debounced by
|
|
24
|
+
* `debounceMs` so a misconfigured companion admin app that bounces the
|
|
25
|
+
* user back here cannot trigger a rapid redirect loop.
|
|
26
|
+
* The classification uses `publicServantRoles` when provided (so the
|
|
27
|
+
* citizen app and its companion admin app share one definition); when
|
|
28
|
+
* omitted, any user with `organization_roles.length > 0` is treated as
|
|
29
|
+
* a PS.
|
|
23
30
|
* 3. If the user is a PS and no redirect is configured →
|
|
24
31
|
* resolved (pass-through for PS on non-citizen-locked apps).
|
|
25
32
|
* 4. If the user signed in with a wrong method → redirect to the
|
|
@@ -62,13 +69,14 @@ const DEFAULT_DEBOUNCE_MS = 30000; // 30 seconds
|
|
|
62
69
|
* ```
|
|
63
70
|
*/
|
|
64
71
|
export function useOnboardingGuard(options) {
|
|
65
|
-
const { profileUrl, appBaseUrl, publicServantRedirectUrl, connector, debounceMs = DEFAULT_DEBOUNCE_MS, } = options;
|
|
72
|
+
const { profileUrl, appBaseUrl, publicServantRedirectUrl, publicServantRoles, connector, debounceMs = DEFAULT_DEBOUNCE_MS, } = options;
|
|
66
73
|
const client = useSagClient();
|
|
67
74
|
const { user, claims, loading, invalidateSession } = useAuth();
|
|
68
75
|
const [resolved, setResolved] = useState(false);
|
|
69
76
|
const [debounceRetryTick, setDebounceRetryTick] = useState(0);
|
|
70
77
|
const redirectingRef = useRef(false);
|
|
71
78
|
useEffect(() => {
|
|
79
|
+
var _a;
|
|
72
80
|
// Re-run after debounce timer fires (see setDebounceRetryTick below).
|
|
73
81
|
void debounceRetryTick;
|
|
74
82
|
if (loading)
|
|
@@ -80,21 +88,46 @@ export function useOnboardingGuard(options) {
|
|
|
80
88
|
setResolved(true);
|
|
81
89
|
return;
|
|
82
90
|
}
|
|
83
|
-
//
|
|
84
|
-
//
|
|
85
|
-
//
|
|
86
|
-
|
|
91
|
+
// Classify the user. When `publicServantRoles` is provided the check is
|
|
92
|
+
// role-scoped (mirroring `usePublicServantGuard`), so the citizen app and
|
|
93
|
+
// its companion admin app agree on who counts as a PS — this is what
|
|
94
|
+
// breaks the cross-app redirect loop. Otherwise fall back to the legacy
|
|
95
|
+
// "any org membership = PS" heuristic.
|
|
96
|
+
const orgRoles = (_a = claims.organization_roles) !== null && _a !== void 0 ? _a : [];
|
|
97
|
+
const isAPublicServant = publicServantRoles
|
|
98
|
+
? isPublicServant(orgRoles, publicServantRoles) ||
|
|
99
|
+
isInactivePublicServant(orgRoles)
|
|
100
|
+
: orgRoles.length > 0;
|
|
87
101
|
// 2. Not a citizen (public servant of any kind)
|
|
88
|
-
if (
|
|
102
|
+
if (isAPublicServant) {
|
|
89
103
|
if (publicServantRedirectUrl) {
|
|
104
|
+
// Debounce the cross-app redirect. If the companion admin app does not
|
|
105
|
+
// recognise this user as a public servant (e.g. their org role is for
|
|
106
|
+
// a different service) it may redirect them straight back, which would
|
|
107
|
+
// otherwise create an infinite loop. Stay unresolved during the window
|
|
108
|
+
// — the caller renders the loading state and retries after `debounceMs`.
|
|
109
|
+
const lastPsTs = Number(sessionStorage.getItem(PUBLIC_SERVANT_STORAGE_KEY) || "0");
|
|
110
|
+
const elapsedPs = Date.now() - lastPsTs;
|
|
111
|
+
if (elapsedPs < debounceMs) {
|
|
112
|
+
setResolved(false);
|
|
113
|
+
const timer = setTimeout(() => {
|
|
114
|
+
redirectingRef.current = false;
|
|
115
|
+
setDebounceRetryTick((tick) => tick + 1);
|
|
116
|
+
}, debounceMs - elapsedPs);
|
|
117
|
+
return () => clearTimeout(timer);
|
|
118
|
+
}
|
|
90
119
|
redirectingRef.current = true;
|
|
120
|
+
sessionStorage.setItem(PUBLIC_SERVANT_STORAGE_KEY, String(Date.now()));
|
|
91
121
|
window.location.href = publicServantRedirectUrl;
|
|
92
122
|
return;
|
|
93
123
|
}
|
|
94
124
|
// No redirect configured — let them through
|
|
125
|
+
sessionStorage.removeItem(PUBLIC_SERVANT_STORAGE_KEY);
|
|
95
126
|
setResolved(true);
|
|
96
127
|
return;
|
|
97
128
|
}
|
|
129
|
+
// Citizen path — any prior PS redirect bookkeeping is stale.
|
|
130
|
+
sessionStorage.removeItem(PUBLIC_SERVANT_STORAGE_KEY);
|
|
98
131
|
// 3. Wrong login method — checked for ALL citizens (including onboarded)
|
|
99
132
|
const signinMethod = claims.signinMethod;
|
|
100
133
|
if (signinMethod &&
|
|
@@ -151,6 +184,7 @@ export function useOnboardingGuard(options) {
|
|
|
151
184
|
profileUrl,
|
|
152
185
|
appBaseUrl,
|
|
153
186
|
publicServantRedirectUrl,
|
|
187
|
+
publicServantRoles,
|
|
154
188
|
connector,
|
|
155
189
|
debounceMs,
|
|
156
190
|
client.gatewayUrl,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"use-onboarding-guard.js","sourceRoot":"","sources":["../../src/react/use-onboarding-guard.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AACnD,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,GAC9B,MAAM,eAAe,CAAA;AACtB,OAAO,
|
|
1
|
+
{"version":3,"file":"use-onboarding-guard.js","sourceRoot":"","sources":["../../src/react/use-onboarding-guard.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AACnD,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,GAC9B,MAAM,eAAe,CAAA;AACtB,OAAO,EACL,sBAAsB,EACtB,kBAAkB,EAClB,uBAAuB,EACvB,eAAe,GAChB,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAEpC,+DAA+D;AAE/D,MAAM,sBAAsB,GAAG,mBAAmB,CAAA;AAClD,MAAM,0BAA0B,GAAG,oBAAoB,CAAA;AACvD,MAAM,mBAAmB,GAAG,KAAM,CAAA,CAAC,aAAa;AA+EhD,+DAA+D;AAE/D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0DG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAkC;IAElC,MAAM,EACJ,UAAU,EACV,UAAU,EACV,wBAAwB,EACxB,kBAAkB,EAClB,SAAS,EACT,UAAU,GAAG,mBAAmB,GACjC,GAAG,OAAO,CAAA;IAEX,MAAM,MAAM,GAAG,YAAY,EAAE,CAAA;IAC7B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,GAAG,OAAO,EAAE,CAAA;IAE9D,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IAC/C,MAAM,CAAC,iBAAiB,EAAE,oBAAoB,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;IAE7D,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;IAEpC,SAAS,CAAC,GAAG,EAAE;;QACb,sEAAsE;QACtE,KAAK,iBAAiB,CAAA;QAEtB,IAAI,OAAO;YAAE,OAAM;QACnB,IAAI,cAAc,CAAC,OAAO;YAAE,OAAM;QAElC,0CAA0C;QAC1C,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACrB,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,wEAAwE;QACxE,0EAA0E;QAC1E,qEAAqE;QACrE,wEAAwE;QACxE,uCAAuC;QACvC,MAAM,QAAQ,GAAG,MAAA,MAAM,CAAC,kBAAkB,mCAAI,EAAE,CAAA;QAChD,MAAM,gBAAgB,GAAG,kBAAkB;YACzC,CAAC,CAAC,eAAe,CAAC,QAAQ,EAAE,kBAAkB,CAAC;gBAC7C,uBAAuB,CAAC,QAAQ,CAAC;YACnC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAA;QAEvB,gDAAgD;QAChD,IAAI,gBAAgB,EAAE,CAAC;YACrB,IAAI,wBAAwB,EAAE,CAAC;gBAC7B,uEAAuE;gBACvE,sEAAsE;gBACtE,uEAAuE;gBACvE,uEAAuE;gBACvE,yEAAyE;gBACzE,MAAM,QAAQ,GAAG,MAAM,CACrB,cAAc,CAAC,OAAO,CAAC,0BAA0B,CAAC,IAAI,GAAG,CAC1D,CAAA;gBACD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAA;gBACvC,IAAI,SAAS,GAAG,UAAU,EAAE,CAAC;oBAC3B,WAAW,CAAC,KAAK,CAAC,CAAA;oBAClB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;wBAC5B,cAAc,CAAC,OAAO,GAAG,KAAK,CAAA;wBAC9B,oBAAoB,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,CAAA;oBAC1C,CAAC,EAAE,UAAU,GAAG,SAAS,CAAC,CAAA;oBAC1B,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;gBAClC,CAAC;gBACD,cAAc,CAAC,OAAO,GAAG,IAAI,CAAA;gBAC7B,cAAc,CAAC,OAAO,CAAC,0BAA0B,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;gBACtE,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,wBAAwB,CAAA;gBAC/C,OAAM;YACR,CAAC;YACD,4CAA4C;YAC5C,cAAc,CAAC,UAAU,CAAC,0BAA0B,CAAC,CAAA;YACrD,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,6DAA6D;QAC7D,cAAc,CAAC,UAAU,CAAC,0BAA0B,CAAC,CAAA;QAErD,yEAAyE;QACzE,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAA;QACxC,IACE,YAAY;YACZ,CAAE,sBAA4C,CAAC,QAAQ,CAAC,YAAY,CAAC,EACrE,CAAC;YACD,cAAc,CAAC,OAAO,GAAG,IAAI,CAAA;YAC7B,cAAc,CAAC,OAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;YAClE,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,6BAA6B,CAAC;gBACnD,UAAU;gBACV,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI;aACjC,CAAC,CAAA;YACF,OAAM;QACR,CAAC;QAED,oEAAoE;QACpE,IAAI,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACrC,cAAc,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAA;YACjD,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,yEAAyE;QACzE,sEAAsE;QACtE,+DAA+D;QAC/D,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,sBAAsB,CAAC,IAAI,GAAG,CAAC,CAAA;QAC5E,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAA;QACnC,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;YACzB,WAAW,CAAC,KAAK,CAAC,CAAA;YAClB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,cAAc,CAAC,OAAO,GAAG,KAAK,CAAA;gBAC9B,oBAAoB,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,CAAA;YAC1C,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,CAAA;YACxB,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAA;QAClC,CAAC;QAED,8DAA8D;QAC9D,cAAc,CAAC,OAAO,GAAG,IAAI,CAAA;QAC7B,cAAc,CAAC,OAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;QAElE,0EAA0E;QAC1E,+DAA+D;QAC/D,8CAA8C;QAC9C,MAAM,GAAG,GAAG,0BAA0B,CAAC;YACrC,UAAU;YACV,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE;YAC1F,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,UAAU;YACV,SAAS;SACV,CAAC,CAAA;QAEF,iBAAiB,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;YAC5B,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAA;QAC5B,CAAC,CAAC,CAAA;IACJ,CAAC,EAAE;QACD,OAAO;QACP,IAAI;QACJ,MAAM;QACN,iBAAiB;QACjB,UAAU;QACV,UAAU;QACV,wBAAwB;QACxB,kBAAkB;QAClB,SAAS;QACT,UAAU;QACV,MAAM,CAAC,UAAU;QACjB,MAAM,CAAC,OAAO;QACd,iBAAiB;KAClB,CAAC,CAAA;IAEF,OAAO,EAAE,QAAQ,EAAE,CAAA;AACrB,CAAC"}
|
|
@@ -13,9 +13,28 @@ export interface UsePublicServantGuardOptions {
|
|
|
13
13
|
*/
|
|
14
14
|
inactiveRedirectUrl?: string;
|
|
15
15
|
/**
|
|
16
|
-
* URL to redirect
|
|
17
|
-
*
|
|
18
|
-
*
|
|
16
|
+
* URL to redirect *true citizens* — authenticated users with zero
|
|
17
|
+
* `organization_roles` — to. Use this on admin apps that want to
|
|
18
|
+
* nudge real citizens back to their citizen-facing companion app
|
|
19
|
+
* without bouncing users who simply hold an org role for a different
|
|
20
|
+
* service (those see `authorized=false` and the caller renders e.g.
|
|
21
|
+
* a NotAuthorized panel).
|
|
22
|
+
*
|
|
23
|
+
* When set, `unauthorizedRedirectUrl` is ignored.
|
|
24
|
+
*
|
|
25
|
+
* @example citizenRedirectUrl: "https://citizen-app.example.com"
|
|
26
|
+
*/
|
|
27
|
+
citizenRedirectUrl?: string;
|
|
28
|
+
/**
|
|
29
|
+
* URL to redirect any non-public-servant user to — both true citizens
|
|
30
|
+
* *and* org members holding only roles for a different service.
|
|
31
|
+
*
|
|
32
|
+
* @deprecated Prefer `citizenRedirectUrl`. The blanket redirect
|
|
33
|
+
* produced by this option pairs badly with companion citizen apps
|
|
34
|
+
* whose `useOnboardingGuard` classifies the same user as a PS and
|
|
35
|
+
* redirects them right back — see the cross-app loop documented in
|
|
36
|
+
* `useOnboardingGuard`. Kept for back-compat; ignored when
|
|
37
|
+
* `citizenRedirectUrl` is set.
|
|
19
38
|
*/
|
|
20
39
|
unauthorizedRedirectUrl?: string;
|
|
21
40
|
}
|
|
@@ -44,25 +63,48 @@ export interface UsePublicServantGuardResult {
|
|
|
44
63
|
* Must be used within a `SagClientProvider`. Internally calls
|
|
45
64
|
* `useAuth()` for auth state.
|
|
46
65
|
*
|
|
47
|
-
* **Behaviour:**
|
|
66
|
+
* **Behaviour (in order):**
|
|
48
67
|
*
|
|
49
|
-
* 1. If the user is not authenticated
|
|
68
|
+
* 1. If the user is not authenticated:
|
|
69
|
+
* - With `citizenRedirectUrl` (new mode) → resolved, `authorized: false`.
|
|
70
|
+
* The caller is expected to drive the sign-in flow (e.g. via an
|
|
71
|
+
* `AuthenticatedShell` that calls `signIn()` when `!user`).
|
|
72
|
+
* - With `unauthorizedRedirectUrl` only (legacy) → redirect.
|
|
73
|
+
* - Otherwise → resolved, `authorized: false`.
|
|
50
74
|
* 2. If the user is an inactive public servant and `inactiveRedirectUrl`
|
|
51
|
-
* is set
|
|
52
|
-
* 3. If the user is an active public servant
|
|
53
|
-
* 4. If the user is
|
|
54
|
-
* is set
|
|
75
|
+
* is set → redirect. Otherwise resolved with `isInactive: true`.
|
|
76
|
+
* 3. If the user is an active public servant → resolved, authorized.
|
|
77
|
+
* 4. If the user is a *true citizen* (zero `organization_roles`) and
|
|
78
|
+
* `citizenRedirectUrl` is set → redirect.
|
|
79
|
+
* 5. Otherwise (org member but no matching role, or no redirect
|
|
80
|
+
* configured) → resolved with `authorized: false`.
|
|
81
|
+
*
|
|
82
|
+
* The split in step 4 vs 5 is what prevents cross-app redirect loops
|
|
83
|
+
* with the companion citizen app's `useOnboardingGuard`: an org member
|
|
84
|
+
* for a *different* service won't be bounced back to a citizen app that
|
|
85
|
+
* would only redirect them straight here again.
|
|
55
86
|
*
|
|
56
87
|
* @example
|
|
57
88
|
* ```tsx
|
|
58
89
|
* function AdminShell({ children }) {
|
|
90
|
+
* const { user } = useAuth()
|
|
59
91
|
* const { resolved, authorized } = usePublicServantGuard({
|
|
60
|
-
*
|
|
92
|
+
* publicServantRoles: ["My Service Public Servant"],
|
|
93
|
+
* citizenRedirectUrl: "https://citizen-app.example.com",
|
|
61
94
|
* })
|
|
62
95
|
*
|
|
63
96
|
* if (!resolved) return <Loading />
|
|
64
|
-
* if (!authorized)
|
|
65
|
-
*
|
|
97
|
+
* if (!authorized) {
|
|
98
|
+
* // `forbidden={Boolean(user)}` keeps the sign-in flow for
|
|
99
|
+
* // unauthenticated visitors while showing NotAuthorized for
|
|
100
|
+
* // wrong-role PS users (true citizens were redirected above).
|
|
101
|
+
* return (
|
|
102
|
+
* <AuthenticatedShell forbidden={Boolean(user)}>
|
|
103
|
+
* <NotAuthorized />
|
|
104
|
+
* </AuthenticatedShell>
|
|
105
|
+
* )
|
|
106
|
+
* }
|
|
107
|
+
* return <AuthenticatedShell>{children}</AuthenticatedShell>
|
|
66
108
|
* }
|
|
67
109
|
* ```
|
|
68
110
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"use-public-servant-guard.d.ts","sourceRoot":"","sources":["../../src/react/use-public-servant-guard.ts"],"names":[],"mappings":"AAYA,oDAAoD;AACpD,MAAM,WAAW,4BAA4B;IAC3C;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;IAE7B;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAE5B
|
|
1
|
+
{"version":3,"file":"use-public-servant-guard.d.ts","sourceRoot":"","sources":["../../src/react/use-public-servant-guard.ts"],"names":[],"mappings":"AAYA,oDAAoD;AACpD,MAAM,WAAW,4BAA4B;IAC3C;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;IAE7B;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAE5B;;;;;;;;;;;OAWG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAE3B;;;;;;;;;;OAUG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAA;CACjC;AAED,+CAA+C;AAC/C,MAAM,WAAW,2BAA2B;IAC1C;;;;;OAKG;IACH,QAAQ,EAAE,OAAO,CAAA;IAEjB;;;OAGG;IACH,UAAU,EAAE,OAAO,CAAA;IAEnB;;OAEG;IACH,UAAU,EAAE,OAAO,CAAA;CACpB;AAID;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,GAAE,4BAAiC,GACzC,2BAA2B,CAqF7B"}
|
|
@@ -9,30 +9,53 @@ import { useAuth } from "./use-auth";
|
|
|
9
9
|
* Must be used within a `SagClientProvider`. Internally calls
|
|
10
10
|
* `useAuth()` for auth state.
|
|
11
11
|
*
|
|
12
|
-
* **Behaviour:**
|
|
12
|
+
* **Behaviour (in order):**
|
|
13
13
|
*
|
|
14
|
-
* 1. If the user is not authenticated
|
|
14
|
+
* 1. If the user is not authenticated:
|
|
15
|
+
* - With `citizenRedirectUrl` (new mode) → resolved, `authorized: false`.
|
|
16
|
+
* The caller is expected to drive the sign-in flow (e.g. via an
|
|
17
|
+
* `AuthenticatedShell` that calls `signIn()` when `!user`).
|
|
18
|
+
* - With `unauthorizedRedirectUrl` only (legacy) → redirect.
|
|
19
|
+
* - Otherwise → resolved, `authorized: false`.
|
|
15
20
|
* 2. If the user is an inactive public servant and `inactiveRedirectUrl`
|
|
16
|
-
* is set
|
|
17
|
-
* 3. If the user is an active public servant
|
|
18
|
-
* 4. If the user is
|
|
19
|
-
* is set
|
|
21
|
+
* is set → redirect. Otherwise resolved with `isInactive: true`.
|
|
22
|
+
* 3. If the user is an active public servant → resolved, authorized.
|
|
23
|
+
* 4. If the user is a *true citizen* (zero `organization_roles`) and
|
|
24
|
+
* `citizenRedirectUrl` is set → redirect.
|
|
25
|
+
* 5. Otherwise (org member but no matching role, or no redirect
|
|
26
|
+
* configured) → resolved with `authorized: false`.
|
|
27
|
+
*
|
|
28
|
+
* The split in step 4 vs 5 is what prevents cross-app redirect loops
|
|
29
|
+
* with the companion citizen app's `useOnboardingGuard`: an org member
|
|
30
|
+
* for a *different* service won't be bounced back to a citizen app that
|
|
31
|
+
* would only redirect them straight here again.
|
|
20
32
|
*
|
|
21
33
|
* @example
|
|
22
34
|
* ```tsx
|
|
23
35
|
* function AdminShell({ children }) {
|
|
36
|
+
* const { user } = useAuth()
|
|
24
37
|
* const { resolved, authorized } = usePublicServantGuard({
|
|
25
|
-
*
|
|
38
|
+
* publicServantRoles: ["My Service Public Servant"],
|
|
39
|
+
* citizenRedirectUrl: "https://citizen-app.example.com",
|
|
26
40
|
* })
|
|
27
41
|
*
|
|
28
42
|
* if (!resolved) return <Loading />
|
|
29
|
-
* if (!authorized)
|
|
30
|
-
*
|
|
43
|
+
* if (!authorized) {
|
|
44
|
+
* // `forbidden={Boolean(user)}` keeps the sign-in flow for
|
|
45
|
+
* // unauthenticated visitors while showing NotAuthorized for
|
|
46
|
+
* // wrong-role PS users (true citizens were redirected above).
|
|
47
|
+
* return (
|
|
48
|
+
* <AuthenticatedShell forbidden={Boolean(user)}>
|
|
49
|
+
* <NotAuthorized />
|
|
50
|
+
* </AuthenticatedShell>
|
|
51
|
+
* )
|
|
52
|
+
* }
|
|
53
|
+
* return <AuthenticatedShell>{children}</AuthenticatedShell>
|
|
31
54
|
* }
|
|
32
55
|
* ```
|
|
33
56
|
*/
|
|
34
57
|
export function usePublicServantGuard(options = {}) {
|
|
35
|
-
const { publicServantRoles = [...DEFAULT_PUBLIC_SERVANT_ROLES], inactiveRedirectUrl, unauthorizedRedirectUrl, } = options;
|
|
58
|
+
const { publicServantRoles = [...DEFAULT_PUBLIC_SERVANT_ROLES], inactiveRedirectUrl, citizenRedirectUrl, unauthorizedRedirectUrl, } = options;
|
|
36
59
|
const { user, claims, loading } = useAuth();
|
|
37
60
|
const [resolved, setResolved] = useState(false);
|
|
38
61
|
const [authorized, setAuthorized] = useState(false);
|
|
@@ -41,8 +64,13 @@ export function usePublicServantGuard(options = {}) {
|
|
|
41
64
|
var _a;
|
|
42
65
|
if (loading)
|
|
43
66
|
return;
|
|
67
|
+
// 1. Unauthenticated.
|
|
44
68
|
if (!user || !claims) {
|
|
45
|
-
|
|
69
|
+
// Legacy back-compat: callers using the deprecated
|
|
70
|
+
// `unauthorizedRedirectUrl` (and not the newer `citizenRedirectUrl`)
|
|
71
|
+
// still get the blanket redirect for any non-authorized state,
|
|
72
|
+
// including pre-sign-in. New callers must drive sign-in themselves.
|
|
73
|
+
if (!citizenRedirectUrl && unauthorizedRedirectUrl) {
|
|
46
74
|
window.location.href = unauthorizedRedirectUrl;
|
|
47
75
|
return;
|
|
48
76
|
}
|
|
@@ -50,6 +78,7 @@ export function usePublicServantGuard(options = {}) {
|
|
|
50
78
|
return;
|
|
51
79
|
}
|
|
52
80
|
const orgRoles = (_a = claims.organization_roles) !== null && _a !== void 0 ? _a : [];
|
|
81
|
+
// 2. Inactive public servant.
|
|
53
82
|
if (isInactivePublicServant(orgRoles)) {
|
|
54
83
|
setIsInactive(true);
|
|
55
84
|
if (inactiveRedirectUrl) {
|
|
@@ -59,12 +88,29 @@ export function usePublicServantGuard(options = {}) {
|
|
|
59
88
|
setResolved(true);
|
|
60
89
|
return;
|
|
61
90
|
}
|
|
91
|
+
// 3. Active matching public servant.
|
|
62
92
|
if (isPublicServant(orgRoles, publicServantRoles)) {
|
|
63
93
|
setAuthorized(true);
|
|
64
94
|
setResolved(true);
|
|
65
95
|
return;
|
|
66
96
|
}
|
|
67
|
-
//
|
|
97
|
+
// 4. True citizen — has no org roles at all. With `citizenRedirectUrl`
|
|
98
|
+
// set, send them to their companion citizen app.
|
|
99
|
+
if (citizenRedirectUrl) {
|
|
100
|
+
if (orgRoles.length === 0) {
|
|
101
|
+
window.location.href = citizenRedirectUrl;
|
|
102
|
+
return;
|
|
103
|
+
}
|
|
104
|
+
// 5. Wrong-role PS — has org roles but none match `publicServantRoles`.
|
|
105
|
+
// Resolve with `authorized=false` so the caller can render e.g.
|
|
106
|
+
// NotAuthorized. Crucially do *not* redirect — the companion
|
|
107
|
+
// citizen app may classify this user as a PS and bounce them right
|
|
108
|
+
// back, producing an infinite loop.
|
|
109
|
+
setResolved(true);
|
|
110
|
+
return;
|
|
111
|
+
}
|
|
112
|
+
// Legacy mode (no `citizenRedirectUrl`): redirect any non-PS user when
|
|
113
|
+
// `unauthorizedRedirectUrl` is set. Prefer the split above in new code.
|
|
68
114
|
if (unauthorizedRedirectUrl) {
|
|
69
115
|
window.location.href = unauthorizedRedirectUrl;
|
|
70
116
|
return;
|
|
@@ -76,6 +122,7 @@ export function usePublicServantGuard(options = {}) {
|
|
|
76
122
|
claims,
|
|
77
123
|
publicServantRoles,
|
|
78
124
|
inactiveRedirectUrl,
|
|
125
|
+
citizenRedirectUrl,
|
|
79
126
|
unauthorizedRedirectUrl,
|
|
80
127
|
]);
|
|
81
128
|
return { resolved, authorized, isInactive };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"use-public-servant-guard.js","sourceRoot":"","sources":["../../src/react/use-public-servant-guard.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AAC3C,OAAO,EACL,4BAA4B,EAC5B,uBAAuB,EACvB,eAAe,GAChB,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;
|
|
1
|
+
{"version":3,"file":"use-public-servant-guard.js","sourceRoot":"","sources":["../../src/react/use-public-servant-guard.ts"],"names":[],"mappings":"AAAA,YAAY,CAAA;AAEZ,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AAC3C,OAAO,EACL,4BAA4B,EAC5B,uBAAuB,EACvB,eAAe,GAChB,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAsEpC,+DAA+D;AAE/D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,MAAM,UAAU,qBAAqB,CACnC,UAAwC,EAAE;IAE1C,MAAM,EACJ,kBAAkB,GAAG,CAAC,GAAG,4BAA4B,CAAC,EACtD,mBAAmB,EACnB,kBAAkB,EAClB,uBAAuB,GACxB,GAAG,OAAO,CAAA;IAEX,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,CAAA;IAE3C,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IAC/C,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IACnD,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IAEnD,SAAS,CAAC,GAAG,EAAE;;QACb,IAAI,OAAO;YAAE,OAAM;QAEnB,sBAAsB;QACtB,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACrB,mDAAmD;YACnD,qEAAqE;YACrE,+DAA+D;YAC/D,oEAAoE;YACpE,IAAI,CAAC,kBAAkB,IAAI,uBAAuB,EAAE,CAAC;gBACnD,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,uBAAuB,CAAA;gBAC9C,OAAM;YACR,CAAC;YACD,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,MAAM,QAAQ,GAAG,MAAA,MAAM,CAAC,kBAAkB,mCAAI,EAAE,CAAA;QAEhD,8BAA8B;QAC9B,IAAI,uBAAuB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,aAAa,CAAC,IAAI,CAAC,CAAA;YACnB,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,mBAAmB,CAAA;gBAC1C,OAAM;YACR,CAAC;YACD,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,qCAAqC;QACrC,IAAI,eAAe,CAAC,QAAQ,EAAE,kBAAkB,CAAC,EAAE,CAAC;YAClD,aAAa,CAAC,IAAI,CAAC,CAAA;YACnB,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,uEAAuE;QACvE,oDAAoD;QACpD,IAAI,kBAAkB,EAAE,CAAC;YACvB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,kBAAkB,CAAA;gBACzC,OAAM;YACR,CAAC;YACD,wEAAwE;YACxE,mEAAmE;YACnE,gEAAgE;YAChE,sEAAsE;YACtE,uCAAuC;YACvC,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QAED,uEAAuE;QACvE,wEAAwE;QACxE,IAAI,uBAAuB,EAAE,CAAC;YAC5B,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,uBAAuB,CAAA;YAC9C,OAAM;QACR,CAAC;QACD,WAAW,CAAC,IAAI,CAAC,CAAA;IACnB,CAAC,EAAE;QACD,OAAO;QACP,IAAI;QACJ,MAAM;QACN,kBAAkB;QAClB,mBAAmB;QACnB,kBAAkB;QAClB,uBAAuB;KACxB,CAAC,CAAA;IAEF,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,CAAA;AAC7C,CAAC"}
|
package/dist/roles.d.ts
CHANGED
|
@@ -44,6 +44,14 @@ export declare const ORG_ROLE_MEMBER = "Organisation Member";
|
|
|
44
44
|
* Admin apps may use a different, service-specific list.
|
|
45
45
|
*/
|
|
46
46
|
export declare const DEFAULT_PUBLIC_SERVANT_ROLES: readonly ["Organisation Admin", "Organisation Member"];
|
|
47
|
+
/** Organisation role name for a Profile-service public servant. */
|
|
48
|
+
export declare const PROFILE_PUBLIC_SERVANT_ROLE_NAME = "Profile Public Servant";
|
|
49
|
+
/** Organisation role name for a Messaging-service public servant. */
|
|
50
|
+
export declare const MESSAGING_PUBLIC_SERVANT_ROLE_NAME = "Messaging Public Servant";
|
|
51
|
+
/** Organisation role name for a Dashboard-service public servant. */
|
|
52
|
+
export declare const DASHBOARD_PUBLIC_SERVANT_ROLE_NAME = "Dashboard Public Servant";
|
|
53
|
+
/** Organisation role name for a File-Upload-service public servant. */
|
|
54
|
+
export declare const UPLOAD_PUBLIC_SERVANT_ROLE_NAME = "File Upload Public Servant";
|
|
47
55
|
/**
|
|
48
56
|
* Check whether the user is an *inactive* public servant.
|
|
49
57
|
*
|
package/dist/roles.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"roles.d.ts","sourceRoot":"","sources":["../src/roles.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,qEAAqE;AACrE,eAAO,MAAM,oBAAoB,4CAA4C,CAAA;AAE7E,iFAAiF;AACjF,eAAO,MAAM,iBAAiB,YAAY,CAAA;AAE1C,iEAAiE;AACjE,eAAO,MAAM,2BAA2B,sBAAsB,CAAA;AAE9D;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,uCAAuC,CAAA;AAErE;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,yBAAyB,CAAA;AAEvD;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,6BAA8B,CAAA;AAQjE,8DAA8D;AAC9D,eAAO,MAAM,cAAc,uBAAuB,CAAA;AAElD,+DAA+D;AAC/D,eAAO,MAAM,eAAe,wBAAwB,CAAA;AAEpD;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,wDAG/B,CAAA;
|
|
1
|
+
{"version":3,"file":"roles.d.ts","sourceRoot":"","sources":["../src/roles.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,qEAAqE;AACrE,eAAO,MAAM,oBAAoB,4CAA4C,CAAA;AAE7E,iFAAiF;AACjF,eAAO,MAAM,iBAAiB,YAAY,CAAA;AAE1C,iEAAiE;AACjE,eAAO,MAAM,2BAA2B,sBAAsB,CAAA;AAE9D;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,uCAAuC,CAAA;AAErE;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,yBAAyB,CAAA;AAEvD;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,6BAA8B,CAAA;AAQjE,8DAA8D;AAC9D,eAAO,MAAM,cAAc,uBAAuB,CAAA;AAElD,+DAA+D;AAC/D,eAAO,MAAM,eAAe,wBAAwB,CAAA;AAEpD;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,wDAG/B,CAAA;AAcV,mEAAmE;AACnE,eAAO,MAAM,gCAAgC,2BAA2B,CAAA;AAExE,qEAAqE;AACrE,eAAO,MAAM,kCAAkC,6BAA6B,CAAA;AAE5E,qEAAqE;AACrE,eAAO,MAAM,kCAAkC,6BAA6B,CAAA;AAE5E,uEAAuE;AACvE,eAAO,MAAM,+BAA+B,+BAA+B,CAAA;AAI3E;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,SAAS,EACrC,eAAe,GAAE,MAA6B,GAC7C,OAAO,CAET;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,SAAS,EACrC,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAMT;AAED;;;;;GAKG;AACH,wBAAgB,SAAS,CACvB,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,SAAS,EACrC,0BAA0B,EAAE,MAAM,EAAE,GACnC,OAAO,CAKT;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,SAAS,EAClC,eAAe,GAAE,MAA0B,EAC3C,iBAAiB,GAAE,MAAoC,GACtD,OAAO,CAKT;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,SAAS,EAClC,iBAAiB,GAAE,MAAoC,GACtD,OAAO,CAET"}
|
package/dist/roles.js
CHANGED
|
@@ -53,6 +53,25 @@ export const DEFAULT_PUBLIC_SERVANT_ROLES = [
|
|
|
53
53
|
ORG_ROLE_ADMIN,
|
|
54
54
|
ORG_ROLE_MEMBER,
|
|
55
55
|
];
|
|
56
|
+
// ── Service-specific public-servant organisation role names ─
|
|
57
|
+
//
|
|
58
|
+
// Single source of truth for the govie service PS role names. The
|
|
59
|
+
// canonical names are defined in the Logto seeder
|
|
60
|
+
// (`logto-utils/.../ogcio-seeder-*.json`); this module mirrors them so
|
|
61
|
+
// applications never need to hand-roll the literal strings.
|
|
62
|
+
//
|
|
63
|
+
// Admin apps pass these to `usePublicServantGuard`'s `publicServantRoles`
|
|
64
|
+
// option; citizen apps pass them to `useOnboardingGuard` so both sides
|
|
65
|
+
// agree on who counts as a public servant for that service (preventing
|
|
66
|
+
// cross-app redirect loops).
|
|
67
|
+
/** Organisation role name for a Profile-service public servant. */
|
|
68
|
+
export const PROFILE_PUBLIC_SERVANT_ROLE_NAME = "Profile Public Servant";
|
|
69
|
+
/** Organisation role name for a Messaging-service public servant. */
|
|
70
|
+
export const MESSAGING_PUBLIC_SERVANT_ROLE_NAME = "Messaging Public Servant";
|
|
71
|
+
/** Organisation role name for a Dashboard-service public servant. */
|
|
72
|
+
export const DASHBOARD_PUBLIC_SERVANT_ROLE_NAME = "Dashboard Public Servant";
|
|
73
|
+
/** Organisation role name for a File-Upload-service public servant. */
|
|
74
|
+
export const UPLOAD_PUBLIC_SERVANT_ROLE_NAME = "File Upload Public Servant";
|
|
56
75
|
// ── Role detection ──────────────────────────────────────────
|
|
57
76
|
/**
|
|
58
77
|
* Check whether the user is an *inactive* public servant.
|
package/dist/roles.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"roles.js","sourceRoot":"","sources":["../src/roles.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,+DAA+D;AAE/D,qEAAqE;AACrE,MAAM,CAAC,MAAM,oBAAoB,GAAG,yCAAyC,CAAA;AAE7E,iFAAiF;AACjF,MAAM,CAAC,MAAM,iBAAiB,GAAG,SAAS,CAAA;AAE1C,iEAAiE;AACjE,MAAM,CAAC,MAAM,2BAA2B,GAAG,mBAAmB,CAAA;AAE9D;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,oCAAoC,CAAA;AAErE;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,sBAAsB,CAAA;AAEvD;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,gBAAgB,CAAU,CAAA;AAEjE,+DAA+D;AAC/D,EAAE;AACF,mEAAmE;AACnE,kEAAkE;AAClE,8DAA8D;AAE9D,8DAA8D;AAC9D,MAAM,CAAC,MAAM,cAAc,GAAG,oBAAoB,CAAA;AAElD,+DAA+D;AAC/D,MAAM,CAAC,MAAM,eAAe,GAAG,qBAAqB,CAAA;AAEpD;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG;IAC1C,cAAc;IACd,eAAe;CACP,CAAA;AAEV,+DAA+D;AAE/D;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAAqC,EACrC,kBAA0B,oBAAoB;;IAE9C,OAAO,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,QAAQ,CAAC,eAAe,CAAC,mCAAI,KAAK,CAAA;AACrD,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAqC,EACrC,aAAuB;IAEvB,IAAI,uBAAuB,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAA;IAChE,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC/B,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACnC,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACrC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,SAAS,CACvB,QAAqC,EACrC,0BAAoC;IAEpC,OAAO,CAAC,CACN,uBAAuB,CAAC,QAAQ,CAAC;QACjC,eAAe,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CACtD,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,eAAe,CAC7B,KAAkC,EAClC,kBAA0B,iBAAiB,EAC3C,oBAA4B,2BAA2B;;IAEvD,OAAO,CACL,MAAA,CAAC,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,eAAe,CAAC,MAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,iBAAiB,CAAC,CAAA,CAAC,mCACxE,KAAK,CACN,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAkC,EAClC,oBAA4B,2BAA2B;;IAEvD,OAAO,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,iBAAiB,CAAC,mCAAI,KAAK,CAAA;AACpD,CAAC"}
|
|
1
|
+
{"version":3,"file":"roles.js","sourceRoot":"","sources":["../src/roles.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,+DAA+D;AAE/D,qEAAqE;AACrE,MAAM,CAAC,MAAM,oBAAoB,GAAG,yCAAyC,CAAA;AAE7E,iFAAiF;AACjF,MAAM,CAAC,MAAM,iBAAiB,GAAG,SAAS,CAAA;AAE1C,iEAAiE;AACjE,MAAM,CAAC,MAAM,2BAA2B,GAAG,mBAAmB,CAAA;AAE9D;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,oCAAoC,CAAA;AAErE;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,sBAAsB,CAAA;AAEvD;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,gBAAgB,CAAU,CAAA;AAEjE,+DAA+D;AAC/D,EAAE;AACF,mEAAmE;AACnE,kEAAkE;AAClE,8DAA8D;AAE9D,8DAA8D;AAC9D,MAAM,CAAC,MAAM,cAAc,GAAG,oBAAoB,CAAA;AAElD,+DAA+D;AAC/D,MAAM,CAAC,MAAM,eAAe,GAAG,qBAAqB,CAAA;AAEpD;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG;IAC1C,cAAc;IACd,eAAe;CACP,CAAA;AAEV,+DAA+D;AAC/D,EAAE;AACF,kEAAkE;AAClE,kDAAkD;AAClD,uEAAuE;AACvE,4DAA4D;AAC5D,EAAE;AACF,0EAA0E;AAC1E,uEAAuE;AACvE,uEAAuE;AACvE,6BAA6B;AAE7B,mEAAmE;AACnE,MAAM,CAAC,MAAM,gCAAgC,GAAG,wBAAwB,CAAA;AAExE,qEAAqE;AACrE,MAAM,CAAC,MAAM,kCAAkC,GAAG,0BAA0B,CAAA;AAE5E,qEAAqE;AACrE,MAAM,CAAC,MAAM,kCAAkC,GAAG,0BAA0B,CAAA;AAE5E,uEAAuE;AACvE,MAAM,CAAC,MAAM,+BAA+B,GAAG,4BAA4B,CAAA;AAE3E,+DAA+D;AAE/D;;;;;;GAMG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAAqC,EACrC,kBAA0B,oBAAoB;;IAE9C,OAAO,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,QAAQ,CAAC,eAAe,CAAC,mCAAI,KAAK,CAAA;AACrD,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAC7B,QAAqC,EACrC,aAAuB;IAEvB,IAAI,uBAAuB,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAA;IAChE,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC/B,MAAM,CAAC,EAAE,IAAI,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACnC,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;IACrC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,SAAS,CACvB,QAAqC,EACrC,0BAAoC;IAEpC,OAAO,CAAC,CACN,uBAAuB,CAAC,QAAQ,CAAC;QACjC,eAAe,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CACtD,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,eAAe,CAC7B,KAAkC,EAClC,kBAA0B,iBAAiB,EAC3C,oBAA4B,2BAA2B;;IAEvD,OAAO,CACL,MAAA,CAAC,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,eAAe,CAAC,MAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,iBAAiB,CAAC,CAAA,CAAC,mCACxE,KAAK,CACN,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAkC,EAClC,oBAA4B,2BAA2B;;IAEvD,OAAO,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,QAAQ,CAAC,iBAAiB,CAAC,mCAAI,KAAK,CAAA;AACpD,CAAC"}
|
package/package.json
CHANGED