@openstax/ts-utils 1.1.27 → 1.1.29

package/dist/esm/routing.d.ts

@@ -0,0 +1,107 @@
+import { Track } from './profile';
+export declare type QueryParams = Record<string, string | undefined | string[] | null>;
+export declare type RouteParams = {
+    [key: string]: string;
+};
+export declare type AnyRoute<R> = R extends Route<infer N, infer P, infer Sa, infer Sr, infer Ri, infer Ro> ? Route<N, P, Sa, Sr, Ri, Ro> : never;
+export declare type AnySpecificRoute<R, Sa, Ri, Ro> = R extends Route<infer N, infer P, Sa, infer Sr, Ri, Ro> & infer E ? Route<N, P, Sa, Sr, Ri, Ro> & E : never;
+export declare type OutputForRoute<R> = R extends Route<any, any, any, any, any, infer Ro> ? Ro : never;
+export declare type ParamsForRoute<R> = R extends Route<any, infer P, any, any, any, any> ? P : never;
+export declare type RequestServicesForRoute<R> = R extends Route<any, any, any, infer Sr, any, any> ? Sr : never;
+export declare type ParamsForRouteOrEmpty<R> = ParamsForRoute<R> extends undefined ? {} : Exclude<ParamsForRoute<R>, undefined>;
+export declare type RouteMatchRecord<R> = R extends AnyRoute<R> ? {
+    route: R;
+    params: ParamsForRoute<R>;
+} : never;
+export declare type PayloadForRoute<R> = RequestServicesForRoute<R> extends {
+    payload: any;
+} ? RequestServicesForRoute<R>['payload'] : undefined;
+declare type RequestServiceProvider<Sa, Sr, Ri> = (app: Sa) => <R>(middleware: {
+    request: Ri;
+    profile: Track;
+}, match: RouteMatchRecord<R>) => Sr;
+declare type RouteHandler<P, Sr, Ro> = (params: P, request: Sr) => Ro;
+declare type Route<N extends string, P extends RouteParams | undefined, Sa, Sr, Ri, Ro> = (Sr extends undefined ? {
+    requestServiceProvider?: RequestServiceProvider<Sa, Sr, Ri> | undefined;
+} : {
+    requestServiceProvider: RequestServiceProvider<Sa, Sr, Ri>;
+}) & {
+    name: N;
+    path: string;
+    handler: (params: P, request: Sr) => Ro;
+};
+declare type CreateRouteConfig<Sa, Sr, Ri, N extends string, Ex> = (Sr extends undefined ? {
+    requestServiceProvider?: RequestServiceProvider<Sa, Sr, Ri> | undefined;
+} : {
+    requestServiceProvider: RequestServiceProvider<Sa, Sr, Ri>;
+}) & {
+    name: N;
+    path: string;
+} & Ex;
+export interface CreateRoute<Sa, Ri, Ex> {
+    <N extends string, Ro, Sr extends unknown | undefined = undefined, P extends RouteParams | undefined = undefined>(config: CreateRouteConfig<Sa, Sr, Ri, N, Ex> & {
+        handler: RouteHandler<P, Sr, Ro>;
+    }): Route<N, P, Sa, Sr, Ri, Ro> & Ex;
+    <N extends string, Ro, Sr extends unknown | undefined, P extends RouteParams | undefined = undefined>(config: CreateRouteConfig<Sa, Sr, Ri, N, Ex>, handler: RouteHandler<P, Sr, Ro>): Route<N, P, Sa, Sr, Ri, Ro> & Ex;
+}
+export declare const makeCreateRoute: <Sa, Ri, Ex = {}>() => CreateRoute<Sa, Ri, Ex>;
+export declare const makeRenderRouteUrl: <Ru extends {
+    path: string;
+}>() => <R extends Ru>(route: R, params: ParamsForRoute<R>, query?: QueryParams) => string;
+export declare const renderAnyRouteUrl: <R extends any>(route: R, params: ParamsForRoute<R>, query?: QueryParams) => string;
+declare type RequestPathExtractor<Ri> = (request: Ri) => string;
+declare type RequestRouteMatcher<Ri, R> = (request: Ri, route: R) => boolean;
+declare type RequestResponder<Sa, Ri, Ro> = {
+    (services: Sa): (request: Ri) => Ro | undefined;
+    <RoF>(services: Sa, responseMiddleware: (app: Sa) => (response: Ro | undefined, request: {
+        request: Ri;
+        profile: Track;
+    }) => RoF): (request: Ri) => RoF;
+};
+export declare const makeGetRequestResponder: <Sa, Ru, Ri, Ro>() => ({ routes, pathExtractor, routeMatcher, errorHandler }: {
+    routes: () => AnySpecificRoute<Ru, Sa, Ri, Ro>[];
+    pathExtractor: RequestPathExtractor<Ri>;
+    routeMatcher?: RequestRouteMatcher<Ri, AnySpecificRoute<Ru, Sa, Ri, Ro>> | undefined;
+    errorHandler?: ((e: Error) => Ro) | undefined;
+}) => RequestResponder<Sa, Ri, Ro>;
+export declare type HttpHeaders = {
+    [key: string]: string | undefined | string[];
+};
+export declare type JsonCompatibleValue = string | number | null | undefined | boolean;
+export declare type JsonCompatibleArray = Array<JsonCompatibleValue | JsonCompatibleStruct | JsonCompatibleStruct>;
+export declare type JsonCompatibleStruct = {
+    [key: string]: JsonCompatibleStruct | JsonCompatibleValue | JsonCompatibleArray;
+};
+export declare type ApiResponse<S extends number, T> = {
+    isBase64Encoded?: boolean;
+    statusCode: S;
+    data: T;
+    body: string;
+    headers?: {
+        [key: string]: string;
+    };
+};
+export declare const apiJsonResponse: <S extends number, T extends JsonCompatibleStruct>(statusCode: S, data: T, headers?: HttpHeaders | undefined) => ApiResponse<S, T>;
+export declare const apiTextResponse: <S extends number>(statusCode: S, data: string, headers?: HttpHeaders | undefined) => ApiResponse<S, string>;
+export declare const apiHtmlResponse: <S extends number>(statusCode: S, data: string, headers?: HttpHeaders | undefined) => ApiResponse<S, string>;
+export declare enum METHOD {
+    GET = "GET",
+    HEAD = "HEAD",
+    POST = "POST",
+    PUT = "PUT",
+    PATCH = "PATCH",
+    DELETE = "DELETE",
+    OPTIONS = "OPTIONS"
+}
+export declare const getHeader: (headers: HttpHeaders, name: string) => string | undefined;
+export declare const getRequestBody: (request: {
+    headers: HttpHeaders;
+    body?: string | undefined;
+}) => any;
+export declare const unsafePayloadValidator: <T>() => (input: any) => input is T;
+export declare const requestPayloadProvider: <T>(validator: (input: any) => input is T) => () => <M extends {
+    request: Parameters<typeof getRequestBody>[0];
+}>(requestServices: M) => M & {
+    payload: T;
+};
+export {};

package/dist/esm/routing.js

@@ -0,0 +1,208 @@
+import * as pathToRegexp from 'path-to-regexp';
+import queryString from 'query-string';
+import { assertErrorInstanceOf } from './assertions';
+import { InvalidRequestError } from './errors';
+import { isPlainObject } from './guards';
+import { createProfile } from './profile';
+import { mapFind, memoize } from '.';
+/*
+ * route definition helper. the only required params of the route are the name, path, and handler. other params
+ * can be added to the type and then later used in the routeMatcher. when defining the `createRoute` method, only
+ * the request input format is defined, the result format is derived from the routes.
+ *
+ * eg:
+ *   export const createRoute = makeCreateRoute<AppServices, ApiRouteRequest, {
+ *     method: METHOD;
+ *   }>();
+ *
+ * eg when defining requestServiceProvider in line, the types have a hard time, it helps to put in another argument:
+ *   export const exampleRoute = createRoute({name: 'exampleRoute', method: METHOD.GET, path: '/api/example/:key',
+ *     requestServiceProvider: requestServiceProvider({
+ *       cookieAuthMiddleware,
+ *       documentStoreMiddleware,
+ *     }},
+ *     async(params: {key: string}, services) => {
+ *       const result = await services.myDocumentStore.getItem(params.key);
+ *
+ *       if (!result) {
+ *         throw new NotFoundError('requested item not found');
+ *       }
+ *
+ *       return apiJsonResponse(200, result);
+ *     }
+ *   );
+ *
+ * eg when using a pre-existing provider variable the types work better:
+ *   export const exampleRoute = createRoute({name: 'exampleRoute', method: METHOD.GET, path: '/api/example/:key',
+ *     requestServiceProvider,
+ *     handler: async(params: {key: string}, services) => {
+ *       const result = await services.myDocumentStore.getItem(params.key);
+ *
+ *       if (!result) {
+ *         throw new NotFoundError('requested item not found');
+ *       }
+ *
+ *       return apiJsonResponse(200, result);
+ *     }
+ *   });
+ */
+export const makeCreateRoute = () => (...args) => {
+    return (args.length === 1
+        ? args[0]
+        : { ...args[0], handler: args[1] });
+};
+/* begin reverse routing utils */
+export const makeRenderRouteUrl = () => (route, params, query = {}) => {
+    const getPathForParams = pathToRegexp.compile(route.path, { encode: encodeURIComponent });
+    const search = queryString.stringify(query);
+    const path = getPathForParams(params) + (search ? `?${search}` : '');
+    return path;
+};
+export const renderAnyRouteUrl = makeRenderRouteUrl();
+const bindRoute = (services, appBinder, pathExtractor, matcher) => (route) => {
+    const getParamsFromPath = pathToRegexp.match(route.path, { decode: decodeURIComponent });
+    const boundServiceProvider = route.requestServiceProvider && appBinder(services, route.requestServiceProvider);
+    return (request, profile) => {
+        const path = pathExtractor(request);
+        const match = getParamsFromPath(path);
+        if ((!matcher || matcher(request, route)) && match) {
+            return profile.track(route.name, routeProfile => () => route.handler(match.params, boundServiceProvider ? boundServiceProvider({ request, profile: routeProfile }, { route, params: match.params }) : undefined));
+        }
+    };
+};
+/*
+ * here among other things we're specifying a generic response format that the response and error handling middleware can use,
+ * if any routes have responses that don't adhere to this it'll complain about it.
+ *
+ * eg:
+ *   export const getRequestResponder = makeGetRequestResponder<AppServices, TRoutes, ApiRouteRequest, Promise<ApiRouteResponse>>()({
+ *     routes: apiRoutes, // the route definitions
+ *     pathExtractor, // how to get the path out of the request format
+ *     routeMatcher, // logic for matching route (if there is any in addition to the path matching)
+ *     errorHandler, // any special error handling
+ *   });
+ *
+ * eg an lambda entrypoint:
+ *   export const handler: (request: APIGatewayProxyEventV2) => Promise<ApiRouteResponse> =
+ *     getRequestResponder(
+ *       lambdaServices, // the AppServices for this entrypoint
+ *       lambdaMiddleware // environment specific response middleware (like cors)
+ *     );
+ */
+export const makeGetRequestResponder = () => ({ routes, pathExtractor, routeMatcher, errorHandler }) => (services, responseMiddleware) => {
+    const appBinderImpl = (app, middleware) => middleware(app, appBinder);
+    const appBinder = memoize(appBinderImpl);
+    const boundRoutes = routes().map(bindRoute(services, appBinder, pathExtractor, routeMatcher));
+    const boundResponseMiddleware = responseMiddleware ? responseMiddleware(services) : undefined;
+    // *note* this opaque promise guard is less generic than i hoped so
+    //   i'm leaving it here instead of the guards file.
+    //
+    // its less than ideal because it enforces that the handlers return
+    // the same type as the parent promise, usually a handler can be either a
+    // promise or a non-promise value and the promise figures it out, but those
+    // types are getting complicated quickly here.
+    const isPromise = (thing) => thing instanceof Promise;
+    return (request) => {
+        const { end, ...profile } = createProfile(new Date().toISOString()).start();
+        try {
+            const executor = mapFind(boundRoutes, (route) => route(request, profile));
+            if (executor) {
+                const result = boundResponseMiddleware ?
+                    boundResponseMiddleware(executor(), { request, profile }) : executor();
+                if (isPromise(result) && errorHandler) {
+                    const errorHandlerWithMiddleware = (e) => boundResponseMiddleware ?
+                        boundResponseMiddleware(errorHandler(e), { request, profile }) : errorHandler(e);
+                    return result.catch(errorHandlerWithMiddleware);
+                }
+                else {
+                    return result;
+                }
+            }
+            else if (boundResponseMiddleware) {
+                return boundResponseMiddleware(undefined, { request, profile });
+            }
+        }
+        catch (e) {
+            if (errorHandler && e instanceof Error) {
+                return boundResponseMiddleware ? boundResponseMiddleware(errorHandler(e), { request, profile }) : errorHandler(e);
+            }
+            throw e;
+        }
+        return undefined;
+    };
+};
+export const apiJsonResponse = (statusCode, data, headers) => ({ statusCode, data, body: JSON.stringify(data), headers: { ...headers, 'content-type': 'application/json' } });
+export const apiTextResponse = (statusCode, data, headers) => ({ statusCode, data, body: data, headers: { ...headers, 'content-type': 'text/plain' } });
+export const apiHtmlResponse = (statusCode, data, headers) => ({ statusCode, data, body: data, headers: { ...headers, 'content-type': 'text/html' } });
+export var METHOD;
+(function (METHOD) {
+    METHOD["GET"] = "GET";
+    METHOD["HEAD"] = "HEAD";
+    METHOD["POST"] = "POST";
+    METHOD["PUT"] = "PUT";
+    METHOD["PATCH"] = "PATCH";
+    METHOD["DELETE"] = "DELETE";
+    METHOD["OPTIONS"] = "OPTIONS";
+})(METHOD || (METHOD = {}));
+/* utils and middleware for loading request payload (must follow this pattern for `PayloadForRoute` to work) */
+// use this to support case insensitive header keys
+// note if there are multiple headers of the same value, this only returns the first value
+export const getHeader = (headers, name) => {
+    const key = Object.keys(headers).find(header => header.toLowerCase() === name.toLowerCase());
+    const value = key ? headers[key] : undefined;
+    return value instanceof Array
+        ? value[0]
+        : value;
+};
+export const getRequestBody = (request) => {
+    if (getHeader(request.headers, 'content-type') !== 'application/json') {
+        throw new InvalidRequestError('unknown content type: ' + getHeader(request.headers, 'content-type'));
+    }
+    if (!request.body) {
+        return {};
+    }
+    try {
+        return JSON.parse(request.body);
+    }
+    catch (error) {
+        // Since the body is provided by the user, invalid JSON in the body is an invalid request
+        // We return the message which tells them why the JSON is invalid, but no backtrace
+        throw new InvalidRequestError(assertErrorInstanceOf(error, SyntaxError).message);
+    }
+};
+// stub validator because writing validators is annoying
+export const unsafePayloadValidator = () => (input) => {
+    return isPlainObject(input) && Object.keys(input).length > 0;
+};
+/*
+ * the given validator is a guard, which provides the correct type this helper loads the body, runs the validator, throws if it isn't valid, or returns it as
+ * the correct type if it is valid.
+ *
+ * this accomplishes a few things:
+ *   - establishes type of payload for route body logic
+ *   - validates the payload for route logic
+ *   - establishes type of payload for client logic calling this route
+ *
+ * eg:
+ *   export const exampleRoute = createRoute({name: 'exampleRoute', method: METHOD.POST, path: '/example/:id',
+ *     requestServiceProvider: composeServiceMiddleware(
+ *       requestServiceProvider, // previously compiled middleware can be re-composed if you have something to add
+ *       requestPayloadProvider(validatePayload)
+ *     )},
+ *     async(params: {id: string}, services) => {
+ *       const result = await services.myDocumentStore.putItem({
+ *         ...services.payload,
+ *         id: params.id,
+ *       });
+ *       return apiJsonResponse(201, result);
+ *     }
+ *   );
+ * */
+export const requestPayloadProvider = (validator) => () => (requestServices) => {
+    const payload = getRequestBody(requestServices.request);
+    // for more precise error messages, throw your own InvalidRequestError from your validator function
+    if (!validator(payload)) {
+        throw new InvalidRequestError();
+    }
+    return { ...requestServices, payload };
+};

package/dist/esm/services/apiGateway/index.d.ts

@@ -0,0 +1,55 @@
+import { ConfigProviderForConfig } from '../../config';
+import { ConfigForFetch, GenericFetch, Response } from '../../fetch';
+import { AnyRoute, ApiResponse, OutputForRoute, ParamsForRoute, PayloadForRoute, QueryParams } from '../../routing';
+import { UnwrapPromise } from '../../types';
+declare type TResponsePayload<R> = R extends ApiResponse<any, infer P> ? P : never;
+declare type TResponseStatus<R> = R extends ApiResponse<infer S, any> ? S : never;
+declare type RouteClient<R> = {
+    (config: {
+        fetchConfig?: any;
+        query?: QueryParams;
+    } & (ParamsForRoute<R> extends undefined ? {} : {
+        params: ParamsForRoute<R>;
+    }) & (PayloadForRoute<R> extends undefined ? {} : {
+        payload: PayloadForRoute<R>;
+    })): Promise<UnsafeApiClientResponse<UnwrapPromise<OutputForRoute<R>>>>;
+    renderUrl: (config: {
+        query?: QueryParams;
+    } & (ParamsForRoute<R> extends undefined ? {} : {
+        params: ParamsForRoute<R>;
+    })) => Promise<string>;
+};
+interface AcceptStatus<Ro> {
+    <S extends TResponseStatus<Ro>[]>(...args: S): ApiClientResponse<Extract<Ro, Record<'statusCode', S[number]>>>;
+    <S extends number[]>(...args: S): ApiClientResponse<any>;
+}
+declare type UnsafeApiClientResponse<Ro> = {
+    load: () => Promise<any>;
+    status: number;
+    acceptStatus: AcceptStatus<Ro>;
+};
+declare type ApiClientResponse<Ro> = Ro extends any ? {
+    status: TResponseStatus<Ro>;
+    load: () => Promise<TResponsePayload<Ro>>;
+} : never;
+declare type MapRoutesToClient<Ru> = [Ru] extends [AnyRoute<Ru>] ? {
+    [N in Ru['name']]: RouteClient<Extract<Ru, Record<'name', N>>>;
+} : never;
+declare type MapRoutesToConfig<Ru> = [Ru] extends [AnyRoute<Ru>] ? {
+    [N in Ru['name']]: {
+        path: string;
+        method: string;
+    };
+} : never;
+export declare const loadResponse: (response: Response) => () => Promise<any>;
+interface MakeApiGateway<F> {
+    <Ru>(config: ConfigProviderForConfig<{
+        apiBase: string;
+    }>, routes: MapRoutesToConfig<Ru>, authProvider?: {
+        getAuthorizedFetchConfig: () => Promise<ConfigForFetch<F>>;
+    }): MapRoutesToClient<Ru>;
+}
+export declare const createApiGateway: <F extends GenericFetch<import("../../fetch").FetchConfig, Response>>(initializer: {
+    fetch: F;
+}) => MakeApiGateway<F>;
+export {};

package/dist/esm/services/apiGateway/index.js

@@ -0,0 +1,51 @@
+import * as pathToRegexp from 'path-to-regexp';
+import queryString from 'query-string';
+import { merge } from '../..';
+import { resolveConfigValue } from '../../config';
+export const loadResponse = (response) => () => {
+    const [contentType] = (response.headers.get('content-type') || '').split(';');
+    switch (contentType) {
+        case 'text/plain':
+            return response.text();
+        case 'application/json':
+            return response.json();
+        default:
+            throw new Error(`unknown content type ${contentType}`);
+    }
+};
+const makeRouteClient = (initializer, config, route, authProvider) => {
+    const renderUrl = async ({ params, query }) => {
+        const apiBase = await resolveConfigValue(config.apiBase);
+        const getPathForParams = pathToRegexp.compile(route.path, { encode: encodeURIComponent });
+        const search = query && queryString.stringify(query);
+        return apiBase.replace(/\/+$/, '') + getPathForParams(params || {}) + (search ? `?${search}` : '');
+    };
+    const routeClient = async ({ params, payload, query, fetchConfig }) => {
+        const url = await renderUrl({ params, query });
+        const body = payload ? JSON.stringify(payload) : undefined;
+        const baseOptions = merge((await (authProvider === null || authProvider === void 0 ? void 0 : authProvider.getAuthorizedFetchConfig())) || {}, fetchConfig || {});
+        return initializer.fetch(url, merge(baseOptions, {
+            method: route.method,
+            body,
+            headers: {
+                ...fetchConfig === null || fetchConfig === void 0 ? void 0 : fetchConfig.headers,
+                ...(body ? { 'content-type': 'application/json' } : {}),
+            }
+        })).then(response => ({
+            status: response.status,
+            acceptStatus: (...status) => {
+                if (!status.includes(response.status)) {
+                    throw new Error('unexpected response from api');
+                }
+                return { status: response.status, load: loadResponse(response) };
+            },
+            load: loadResponse(response),
+        }));
+    };
+    routeClient.renderUrl = renderUrl;
+    return routeClient;
+};
+export const createApiGateway = (initializer) => (config, routes, authProvider) => {
+    return Object.fromEntries(Object.entries(routes)
+        .map(([key, routeConfig]) => ([key, makeRouteClient(initializer, config, routeConfig, authProvider)])));
+};

package/dist/esm/services/authProvider/browser.d.ts

@@ -0,0 +1,61 @@
+import { ConfigProviderForConfig } from '../../config';
+import { FetchConfig, GenericFetch } from '../../fetch';
+import { User } from '.';
+declare type Config = {
+    accountsUrl: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+    window: Window;
+}
+export declare type EventHandler = (e: {
+    data: any;
+    origin: string;
+    source: Pick<Window, 'postMessage'>;
+}) => void;
+export interface Window {
+    fetch: GenericFetch;
+    top: {} | null;
+    parent: Pick<Window, 'postMessage'> | null;
+    location: {
+        search: string;
+    };
+    document: {
+        referrer: string;
+    };
+    postMessage: (data: any, origin: string) => void;
+    addEventListener: (event: 'message', callback: EventHandler) => void;
+    removeEventListener: (event: 'message', callback: EventHandler) => void;
+}
+export declare const browserAuthProvider: <C extends string = "auth">({ window, configSpace }: Initializer<C>) => (configProvider: { [key in C]: {
+    accountsUrl: import("../../config").ConfigValueProvider<string>;
+}; }) => {
+    /**
+     * adds auth parameters to the url. this is only safe to use when using javascript to navigate
+     * within the current window, eg `window.location = 'https://my.otherservice.com';` anchors
+     * should use getAuthorizedLinkUrl for their href.
+     *
+     * result unreliable unless `getUser` is resolved first.
+     */
+    getAuthorizedUrl: (urlString: string) => string;
+    /**
+     * all link href-s must be rendered with auth tokens so that they work when opened in a new tab
+     *
+     * result unreliable unless `getUser` is resolved first.
+     */
+    getAuthorizedLinkUrl: (urlString: string) => string;
+    /**
+     * gets an authorized url for an iframe src. sets params on the url and saves its
+     * origin to trust releasing user identity to it
+     */
+    getAuthorizedEmbedUrl: (urlString: string) => string;
+    /**
+     * gets second argument for `fetch` that has authentication token or cookie
+     */
+    getAuthorizedFetchConfig: () => Promise<FetchConfig>;
+    /**
+     * loads current user identity. does not reflect changes in identity after being called the first time.
+     */
+    getUser: () => Promise<User | undefined>;
+};
+export {};

package/dist/esm/services/authProvider/browser.js

@@ -0,0 +1,119 @@
+import { once } from '../..';
+import { resolveConfigValue } from '../../config';
+import { ifDefined } from '../../guards';
+import { embeddedAuthProvider, PostMessageTypes } from './utils/embeddedAuthProvider';
+export const browserAuthProvider = ({ window, configSpace }) => (configProvider) => {
+    const config = configProvider[ifDefined(configSpace, 'auth')];
+    const accountsUrl = once(() => resolveConfigValue(config.accountsUrl));
+    const queryString = window.location.search;
+    const queryKey = 'auth';
+    const authQuery = new URLSearchParams(queryString).get(queryKey);
+    const referrer = window.document.referrer ? new URL(window.document.referrer) : undefined;
+    const isEmbedded = window.top && window.top !== window;
+    const trustedParent = isEmbedded && referrer && referrer.hostname.match(/^(openstax\.org|((.*)(\.openstax\.org|local|localhost)))$/) ? referrer : undefined;
+    const { embeddedQueryValue, getAuthorizedEmbedUrl } = embeddedAuthProvider(() => getUserData(), { queryKey, window });
+    let userData = {
+        token: [null, embeddedQueryValue].includes(authQuery) ? null : authQuery
+    };
+    const getAuthorizedLinkUrl = (urlString) => {
+        const url = new URL(urlString);
+        if (userData.token) {
+            url.searchParams.set(queryKey, userData.token);
+        }
+        return url.href;
+    };
+    const getAuthorizedUrl = (urlString) => {
+        const url = new URL(urlString);
+        if (authQuery) {
+            url.searchParams.set(queryKey, authQuery);
+        }
+        return url.href;
+    };
+    // *note* that this does not actually prevent cookies from being sent on same-origin
+    // requests, i'm not sure if its possible to stop browsers from sending cookies in
+    // that case
+    const getAuthorizedFetchConfigFromData = (data) => {
+        const { token } = data;
+        return token ? {
+            headers: { Authorization: `Bearer ${token}` },
+        } : {
+            credentials: 'include',
+        };
+    };
+    const getAuthorizedFetchConfig = async () => {
+        return getAuthorizedFetchConfigFromData(userData.token ? userData : await getUserData());
+    };
+    /*
+     * requests user identity from parent window via postMessage
+     */
+    const getParentWindowUser = () => new Promise((resolve, reject) => {
+        if (!window.parent || !trustedParent) {
+            return reject(new Error('parent window is undefined or not trusted'));
+        }
+        const handler = (event) => {
+            if (event.data.type === PostMessageTypes.ReceiveUser && event.origin === trustedParent.origin) {
+                clearTimeout(timeout);
+                window.removeEventListener('message', handler);
+                resolve(event.data.userData);
+            }
+        };
+        window.addEventListener('message', handler);
+        window.parent.postMessage({ type: PostMessageTypes.RequestUser }, trustedParent.origin);
+        const timeout = setTimeout(() => {
+            window.removeEventListener('message', handler);
+            reject(new Error('loading user identity timed out'));
+        }, 100);
+    });
+    /*
+     * requests user identity from accounts api using given token or cookie
+     */
+    const getFetchUser = async () => {
+        const response = await window.fetch((await accountsUrl()).replace(/\/+$/, '') + '/accounts/api/user', getAuthorizedFetchConfigFromData(userData));
+        if (response.status === 200) {
+            return { ...userData, user: await response.json() };
+        }
+        if (response.status === 403) {
+            return { ...userData, user: undefined };
+        }
+        const message = await response.text();
+        throw new Error(`Error response from Accounts ${response.status}: ${message}`);
+    };
+    const getUserData = once(async () => {
+        userData = authQuery === embeddedQueryValue
+            ? await getParentWindowUser()
+            : await getFetchUser();
+        return userData;
+    });
+    const getUser = async () => {
+        return (await getUserData()).user;
+    };
+    return {
+        /**
+         * adds auth parameters to the url. this is only safe to use when using javascript to navigate
+         * within the current window, eg `window.location = 'https://my.otherservice.com';` anchors
+         * should use getAuthorizedLinkUrl for their href.
+         *
+         * result unreliable unless `getUser` is resolved first.
+         */
+        getAuthorizedUrl,
+        /**
+         * all link href-s must be rendered with auth tokens so that they work when opened in a new tab
+         *
+         * result unreliable unless `getUser` is resolved first.
+         */
+        getAuthorizedLinkUrl,
+        /**
+         * gets an authorized url for an iframe src. sets params on the url and saves its
+         * origin to trust releasing user identity to it
+         */
+        getAuthorizedEmbedUrl,
+        /**
+         * gets second argument for `fetch` that has authentication token or cookie
+         */
+        getAuthorizedFetchConfig,
+        /**
+         * loads current user identity. does not reflect changes in identity after being called the first time.
+         */
+        getUser
+    };
+};

package/dist/esm/services/authProvider/decryption.d.ts

@@ -0,0 +1,16 @@
+import { ConfigProviderForConfig } from '../../config';
+import { CookieAuthProvider } from '.';
+declare type Config = {
+    cookieName: string;
+    encryptionPrivateKey: string;
+    signaturePublicKey: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+}
+export declare const decryptionAuthProvider: <C extends string = "decryption">(initializer: Initializer<C>) => (configProvider: { [key in C]: {
+    cookieName: import("../../config").ConfigValueProvider<string>;
+    encryptionPrivateKey: import("../../config").ConfigValueProvider<string>;
+    signaturePublicKey: import("../../config").ConfigValueProvider<string>;
+}; }) => CookieAuthProvider;
+export {};