npm - @oneuptime/common - Versions diffs - 10.2.1 → 10.2.2 - Mend

@oneuptime/common 10.2.1 → 10.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/build/dist/Models/DatabaseModels/ProjectOidc.js ADDED Viewed

@@ -0,0 +1,727 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import Project from "./Project";
+import Team from "./Team";
+import User from "./User";
+import BaseModel from "./DatabaseBaseModel/DatabaseBaseModel";
+import Route from "../../Types/API/Route";
+import URL from "../../Types/API/URL";
+import { PlanType } from "../../Types/Billing/SubscriptionPlan";
+import ColumnAccessControl from "../../Types/Database/AccessControl/ColumnAccessControl";
+import TableAccessControl from "../../Types/Database/AccessControl/TableAccessControl";
+import TableBillingAccessControl from "../../Types/Database/AccessControl/TableBillingAccessControl";
+import ColumnLength from "../../Types/Database/ColumnLength";
+import ColumnType from "../../Types/Database/ColumnType";
+import CrudApiEndpoint from "../../Types/Database/CrudApiEndpoint";
+import TableColumn from "../../Types/Database/TableColumn";
+import TableColumnType from "../../Types/Database/TableColumnType";
+import TableMetadata from "../../Types/Database/TableMetadata";
+import TenantColumn from "../../Types/Database/TenantColumn";
+import UniqueColumnBy from "../../Types/Database/UniqueColumnBy";
+import IconProp from "../../Types/Icon/IconProp";
+import ObjectID from "../../Types/ObjectID";
+import Permission from "../../Types/Permission";
+import { Column, Entity, Index, JoinColumn, JoinTable, ManyToMany, ManyToOne, } from "typeorm";
+let ProjectOIDC = class ProjectOIDC extends BaseModel {
+    constructor() {
+        super(...arguments);
+        this.project = undefined;
+        this.projectId = undefined;
+        this.name = undefined;
+        this.description = undefined;
+        this.discoveryURL = undefined;
+        this.issuerURL = undefined;
+        this.clientId = undefined;
+        this.clientSecret = undefined;
+        this.scopes = undefined;
+        this.emailClaimName = undefined;
+        this.nameClaimName = undefined;
+        this.teams = undefined; // teams that teammember should be added to when they sign into OIDC for the first time.
+        this.createdByUser = undefined;
+        this.createdByUserId = undefined;
+        this.deletedByUser = undefined;
+        this.deletedByUserId = undefined;
+        this.isEnabled = undefined;
+        this.isTested = undefined;
+    }
+};
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectUser,
+            Permission.Public,
+            Permission.UnAuthorizedSsoUser,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [],
+    }),
+    TableColumn({
+        manyToOneRelationColumn: "projectId",
+        type: TableColumnType.Entity,
+        modelType: Project,
+        title: "Project",
+        description: "Relation to Project Resource in which this object belongs",
+        example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
+    }),
+    ManyToOne(() => {
+        return Project;
+    }, {
+        eager: false,
+        nullable: true,
+        onDelete: "CASCADE",
+        orphanedRowAction: "nullify",
+    }),
+    JoinColumn({ name: "projectId" }),
+    __metadata("design:type", Project)
+], ProjectOIDC.prototype, "project", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectUser,
+            Permission.Public,
+            Permission.UnAuthorizedSsoUser,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [],
+    }),
+    Index(),
+    TableColumn({
+        type: TableColumnType.ObjectID,
+        required: true,
+        canReadOnRelationQuery: true,
+        title: "Project ID",
+        description: "ID of your OneUptime Project in which this object belongs",
+        example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
+    }),
+    Column({
+        type: ColumnType.ObjectID,
+        nullable: false,
+        transformer: ObjectID.getDatabaseTransformer(),
+    }),
+    __metadata("design:type", ObjectID)
+], ProjectOIDC.prototype, "projectId", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectUser,
+            Permission.Public,
+            Permission.UnAuthorizedSsoUser,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: true,
+        type: TableColumnType.ShortText,
+        canReadOnRelationQuery: true,
+        title: "Name",
+        description: "Any friendly name of this object",
+        example: "Okta OIDC Integration",
+    }),
+    Column({
+        nullable: false,
+        type: ColumnType.ShortText,
+        length: ColumnLength.ShortText,
+    }),
+    UniqueColumnBy("projectId"),
+    __metadata("design:type", String)
+], ProjectOIDC.prototype, "name", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectUser,
+            Permission.Public,
+            Permission.UnAuthorizedSsoUser,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: true,
+        type: TableColumnType.LongText,
+        canReadOnRelationQuery: true,
+        example: "Single Sign-On via OpenID Connect with company identity provider",
+    }),
+    Column({
+        nullable: false,
+        type: ColumnType.LongText,
+    }),
+    __metadata("design:type", String)
+], ProjectOIDC.prototype, "description", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: true,
+        type: TableColumnType.LongURL,
+        canReadOnRelationQuery: true,
+        description: "OIDC discovery URL (typically ends in /.well-known/openid-configuration). Used to discover authorization, token, JWKS and userinfo endpoints.",
+        example: "https://accounts.google.com/.well-known/openid-configuration",
+    }),
+    Column({
+        nullable: false,
+        type: ColumnType.LongURL,
+        transformer: URL.getDatabaseTransformer(),
+    }),
+    __metadata("design:type", URL)
+], ProjectOIDC.prototype, "discoveryURL", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: true,
+        type: TableColumnType.LongURL,
+        canReadOnRelationQuery: true,
+        description: "Expected OIDC issuer URL. Must match the 'iss' claim in the ID token returned by the identity provider.",
+        example: "https://accounts.google.com",
+    }),
+    Column({
+        nullable: false,
+        type: ColumnType.LongURL,
+        transformer: URL.getDatabaseTransformer(),
+    }),
+    __metadata("design:type", URL)
+], ProjectOIDC.prototype, "issuerURL", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: true,
+        type: TableColumnType.ShortText,
+        canReadOnRelationQuery: true,
+        description: "OIDC client ID issued by the identity provider.",
+        example: "1234567890-abcdefgh.apps.googleusercontent.com",
+    }),
+    Column({
+        nullable: false,
+        type: ColumnType.ShortText,
+        length: ColumnLength.ShortText,
+    }),
+    __metadata("design:type", String)
+], ProjectOIDC.prototype, "clientId", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: true,
+        type: TableColumnType.LongText,
+        title: "Client Secret",
+        description: "OIDC client secret issued by the identity provider. Stored encrypted at rest.",
+        encrypted: true,
+    }),
+    Column({
+        nullable: false,
+        type: ColumnType.LongText,
+    }),
+    __metadata("design:type", String)
+], ProjectOIDC.prototype, "clientSecret", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: true,
+        type: TableColumnType.ShortText,
+        canReadOnRelationQuery: true,
+        description: "Space-separated list of OIDC scopes to request. Must include 'openid'.",
+        example: "openid email profile",
+    }),
+    Column({
+        nullable: false,
+        type: ColumnType.ShortText,
+        length: ColumnLength.ShortText,
+    }),
+    __metadata("design:type", String)
+], ProjectOIDC.prototype, "scopes", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: true,
+        type: TableColumnType.ShortText,
+        canReadOnRelationQuery: true,
+        description: "Claim name in the ID token (or userinfo response) that contains the user's email address.",
+        example: "email",
+    }),
+    Column({
+        nullable: false,
+        type: ColumnType.ShortText,
+        length: ColumnLength.ShortText,
+    }),
+    __metadata("design:type", String)
+], ProjectOIDC.prototype, "emailClaimName", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: true,
+        type: TableColumnType.ShortText,
+        canReadOnRelationQuery: true,
+        description: "Claim name in the ID token (or userinfo response) that contains the user's display name.",
+        example: "name",
+    }),
+    Column({
+        nullable: false,
+        type: ColumnType.ShortText,
+        length: ColumnLength.ShortText,
+    }),
+    __metadata("design:type", String)
+], ProjectOIDC.prototype, "nameClaimName", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        required: false,
+        type: TableColumnType.EntityArray,
+        modelType: Team,
+        example: [{ id: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e" }],
+    }),
+    ManyToMany(() => {
+        return Team;
+    }, { eager: false }),
+    JoinTable({
+        name: "ProjectOidcTeam",
+        inverseJoinColumn: {
+            name: "teamId",
+            referencedColumnName: "_id",
+        },
+        joinColumn: {
+            name: "projectOidcId",
+            referencedColumnName: "_id",
+        },
+    }),
+    __metadata("design:type", Array)
+], ProjectOIDC.prototype, "teams", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [],
+    }),
+    TableColumn({
+        manyToOneRelationColumn: "createdByUserId",
+        type: TableColumnType.Entity,
+        modelType: User,
+        title: "Created by User",
+        description: "Relation to User who created this object (if this object was created by a User)",
+        example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
+    }),
+    ManyToOne(() => {
+        return User;
+    }, {
+        eager: false,
+        nullable: true,
+        onDelete: "SET NULL",
+        orphanedRowAction: "nullify",
+    }),
+    JoinColumn({ name: "createdByUserId" }),
+    __metadata("design:type", User)
+], ProjectOIDC.prototype, "createdByUser", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [],
+    }),
+    TableColumn({
+        type: TableColumnType.ObjectID,
+        title: "Created by User ID",
+        description: "User ID who created this object (if this object was created by a User)",
+        example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
+    }),
+    Column({
+        type: ColumnType.ObjectID,
+        nullable: true,
+        transformer: ObjectID.getDatabaseTransformer(),
+    }),
+    __metadata("design:type", ObjectID)
+], ProjectOIDC.prototype, "createdByUserId", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [],
+    }),
+    TableColumn({
+        manyToOneRelationColumn: "deletedByUserId",
+        type: TableColumnType.Entity,
+        title: "Deleted by User",
+        modelType: User,
+        description: "Relation to User who deleted this object (if this object was deleted by a User)",
+        example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
+    }),
+    ManyToOne(() => {
+        return User;
+    }, {
+        cascade: false,
+        eager: false,
+        nullable: true,
+        onDelete: "SET NULL",
+        orphanedRowAction: "nullify",
+    }),
+    JoinColumn({ name: "deletedByUserId" }),
+    __metadata("design:type", User)
+], ProjectOIDC.prototype, "deletedByUser", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [],
+    }),
+    TableColumn({
+        type: TableColumnType.ObjectID,
+        title: "Deleted by User ID",
+        description: "User ID who deleted this object (if this object was deleted by a User)",
+        example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
+    }),
+    Column({
+        type: ColumnType.ObjectID,
+        nullable: true,
+        transformer: ObjectID.getDatabaseTransformer(),
+    }),
+    __metadata("design:type", ObjectID)
+], ProjectOIDC.prototype, "deletedByUserId", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectUser,
+            Permission.UnAuthorizedSsoUser,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    TableColumn({
+        isDefaultValueColumn: true,
+        type: TableColumnType.Boolean,
+        defaultValue: false,
+        example: true,
+    }),
+    Column({
+        type: ColumnType.Boolean,
+        default: false,
+    }),
+    __metadata("design:type", Boolean)
+], ProjectOIDC.prototype, "isEnabled", void 0);
+__decorate([
+    ColumnAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        update: [],
+    }),
+    TableColumn({
+        isDefaultValueColumn: true,
+        type: TableColumnType.Boolean,
+        defaultValue: false,
+        example: true,
+    }),
+    Column({
+        type: ColumnType.Boolean,
+        default: false,
+    }),
+    __metadata("design:type", Boolean)
+], ProjectOIDC.prototype, "isTested", void 0);
+ProjectOIDC = __decorate([
+    TableBillingAccessControl({
+        create: PlanType.Scale,
+        read: PlanType.Scale,
+        update: PlanType.Scale,
+        delete: PlanType.Scale,
+    }),
+    TenantColumn("projectId"),
+    TableAccessControl({
+        create: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.CreateProjectOIDC,
+        ],
+        read: [
+            Permission.ProjectOwner,
+            Permission.ProjectUser,
+            Permission.UnAuthorizedSsoUser,
+            Permission.ProjectMember,
+            Permission.Viewer,
+            Permission.SettingsManager,
+            Permission.ReadProjectOIDC,
+            Permission.ReadAllProjectResources,
+        ],
+        delete: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.DeleteProjectOIDC,
+        ],
+        update: [
+            Permission.ProjectOwner,
+            Permission.ProjectAdmin,
+            Permission.EditProjectOIDC,
+        ],
+    }),
+    CrudApiEndpoint(new Route("/project-oidc")),
+    TableMetadata({
+        tableName: "ProjectOIDC",
+        singularName: "OIDC",
+        pluralName: "OIDC",
+        icon: IconProp.Lock,
+        tableDescription: "Manage OpenID Connect (OIDC) SSO for your project",
+    }),
+    Entity({
+        name: "ProjectOIDC",
+    })
+], ProjectOIDC);
+export default ProjectOIDC;
+//# sourceMappingURL=ProjectOidc.js.map