npm - @openstax/ts-utils - Versions diffs - 1.1.3 → 1.1.4 - Mend

@openstax/ts-utils 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.ts +4 -0
package/dist/index.js +53 -1
package/dist/services/authProvider/browser.d.ts +52 -2
package/dist/services/authProvider/browser.js +121 -19
package/dist/tsconfig.withoutspecs.tsbuildinfo +1 -1
package/package.json +3 -1
package/dist/tsconfig.tsbuildinfo +0 -1

package/dist/index.d.ts CHANGED Viewed

@@ -10,6 +10,10 @@ declare type HashCompoundValue = Array<HashValue> | {
 };
 export declare const hashValue: (value: HashValue) => string;
 export declare const once: <F extends (...args: any[]) => any>(fn: F) => F;
+export declare const partitionSequence: <T, P>(getPartition: (thing: T, previous?: P | undefined) => {
+    matches?: boolean | undefined;
+    value: P;
+}, sequence: T[]) => [P, T[]][];
 export declare const memoize: <F extends (...args: any[]) => any>(fn: F) => F;
 export declare const roundToPrecision: (num: number, places: number) => number;
 export declare const getCommonProperties: <T1 extends {}, T2 extends {}>(thing1: T1, thing2: T2) => (keyof T1 & keyof T2)[];

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,11 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.tuple = exports.merge = exports.getCommonProperties = exports.roundToPrecision = exports.memoize = exports.once = exports.hashValue = exports.mapFind = exports.fnIf = exports.putKeyValue = exports.getKeyValueOr = exports.getKeyValue = void 0;
+exports.tuple = exports.merge = exports.getCommonProperties = exports.roundToPrecision = exports.memoize = exports.partitionSequence = exports.once = exports.hashValue = exports.mapFind = exports.fnIf = exports.putKeyValue = exports.getKeyValueOr = exports.getKeyValue = void 0;
 const crypto_1 = require("crypto");
+const deep_equal_1 = __importDefault(require("deep-equal"));
 const guards_1 = require("./guards");
 /*
  * there was a reason i made these instead of using lodash/fp but i forget what it was. i think maybe
@@ -72,6 +76,54 @@ const once = (fn) => {
     return ((...args) => result || (result = fn(...args)));
 };
 exports.once = once;
+/*
+ * partitions a sequence based on a partition function returning {value: any; matches?: boolean}
+ *  - if the function returns `matches` explicitly then adjacent matching elements will
+ *    be grouped and the predicate value in the result will be from the last item in the group
+ *  - if the function returns only a value then matching will be evaluated based on the deep
+ *    equality of the value with its neighbors
+ *
+ * this is different from lodash/partition and lodash/groupBy because:
+ *  - it preserves the order of the items, items will only be grouped if they are already adjacent
+ *  - there can be any number of groups
+ *  - it tells you the partition value
+ *  - the partition value can be reduced, if you care (so you can like, partition on sequential values)
+ *
+ *  simple predicate:
+ *    returns: [[0, [1,2]], [1, [3,4,5]]]
+ *    partitionSequence((n: number) => ({value: Math.floor(n / 3)}), [1,2,3,4,5])
+ *
+ *  mutating partition:
+ *    returns: [
+ *      [{min: 1,max: 3}, [1,2,3]],
+ *      [{min: 5,max: 6}, [5,6]],
+ *      [{min: 8,max: 8}, [8]],
+ *    ]
+ *    partitionSequence(
+ *      (n: number, p?: {min: number; max: number}) =>
+ *        p && p.max + 1 === n
+ *          ? {value: {...p, max: n}, matches: true}
+ *          : {value: {min: n, max: n}, matches: false}
+ *      , [1,2,3,5,6,8]
+ *    )
+ */
+const partitionSequence = (getPartition, sequence) => {
+    const appendItem = (result, item) => {
+        const current = result[result.length - 1];
+        const itemPartition = getPartition(item, current === null || current === void 0 ? void 0 : current[0]);
+        if (current && ((itemPartition.matches === undefined && (0, deep_equal_1.default)(current[0], itemPartition.value))
+            || itemPartition.matches)) {
+            current[0] = itemPartition.value;
+            current[1].push(item);
+        }
+        else {
+            result.push([itemPartition.value, [item]]);
+        }
+        return result;
+    };
+    return sequence.reduce(appendItem, []);
+};
+exports.partitionSequence = partitionSequence;
 /*
  * memoizes a function with any number of arguments
  */

package/dist/services/authProvider/browser.d.ts CHANGED Viewed

@@ -6,12 +6,62 @@ declare type Config = {
 };
 interface Initializer<C> {
     configSpace?: C;
+    window: Window;
+}
+export declare type EventHandler = (e: {
+    data: any;
+    origin: string;
+    source: Pick<Window, 'postMessage'>;
+}) => void;
+export interface Window {
     fetch: GenericFetch;
+    top: {} | null;
+    parent: Pick<Window, 'postMessage'> | null;
+    location: {
+        search: string;
+    };
+    document: {
+        referrer: string;
+    };
+    postMessage: (data: any, origin: string) => void;
+    addEventListener: (event: 'message', callback: EventHandler) => void;
+    removeEventListener: (event: 'message', callback: EventHandler) => void;
 }
-export declare const browserAuthProvider: <C extends string = "auth">(initializer: Initializer<C>) => (configProvider: { [key in C]: {
+export declare const browserAuthProvider: <C extends string = "auth">({ window, configSpace }: Initializer<C>) => (configProvider: { [key in C]: {
     accountsUrl: import("../../config").ConfigValueProvider<string>;
-}; }) => (queryString?: string) => {
+}; }) => {
+    /**
+     * adds auth parameters to the url. this is only safe to use when using javascript to navigate
+     * within the current window, eg `window.location = 'https://my.otherservice.com';` anchors
+     * should use getAuthorizedLinkUrl for their href.
+     *
+     * result unreliable unless `getUser` is resolved first.
+     */
+    getAuthorizedUrl: (urlString: string) => string;
+    /**
+     * all link href-s must be rendered with auth tokens so that they work when opened in a new tab
+     *
+     * result unreliable unless `getUser` is resolved first.
+     */
+    getAuthorizedLinkUrl: (urlString: string) => string;
+    /**
+     * gets an authorized url for an iframe src. sets params on the url and saves its
+     * origin to trust releasing user identity to it
+     *
+     * result unreliable unless `getUser` is resolved first.
+     */
+    getAuthorizedEmbedUrl: (urlString: string) => string;
+    /**
+     * gets second argument for `fetch` that has authentication token or cookie
+     *
+     * result unreliable unless `getUser` is resolved first.
+     */
     getAuthorizedFetchConfig: () => FetchConfig;
+    /**
+     * loads current user identity. does not reflect changes in identity after being called the first time.
+     *
+     * result unreliable unless `getUser` is resolved first.
+     */
     getUser: () => Promise<User | undefined>;
 };
 export {};

package/dist/services/authProvider/browser.js CHANGED Viewed

@@ -4,27 +4,129 @@ exports.browserAuthProvider = void 0;
 const __1 = require("../..");
 const config_1 = require("../../config");
 const guards_1 = require("../../guards");
-const browserAuthProvider = (initializer) => (configProvider) => {
-    const config = configProvider[(0, guards_1.ifDefined)(initializer.configSpace, 'auth')];
+var PostMessageTypes;
+(function (PostMessageTypes) {
+    PostMessageTypes["ReceiveUser"] = "receive-user";
+    PostMessageTypes["RequestUser"] = "request-user";
+})(PostMessageTypes || (PostMessageTypes = {}));
+const browserAuthProvider = ({ window, configSpace }) => (configProvider) => {
+    const config = configProvider[(0, guards_1.ifDefined)(configSpace, 'auth')];
     const accountsUrl = (0, config_1.resolveConfigValue)(config.accountsUrl);
-    return (queryString = '') => {
-        const token = new URLSearchParams(queryString).get('auth');
-        // *note* that this does not actually prevent cookies from being sent on same-origin
-        // requests, i'm not sure if its possible to stop browsers from sending cookies in
-        // that case
-        const getAuthorizedFetchConfig = () => token ? {
-            headers: { Authorization: `Bearer ${token}` },
-        } : {
-            credentials: 'include',
-        };
-        const getUser = (0, __1.once)(async () => {
-            return initializer.fetch((await accountsUrl).replace(/\/+$/, '') + '/accounts/api/user', getAuthorizedFetchConfig())
-                .then(response => response.status === 200 ? response.json() : undefined);
-        });
-        return {
-            getAuthorizedFetchConfig,
-            getUser
+    const queryString = window.location.search;
+    const queryKey = 'auth';
+    const embeddedQueryValue = 'embedded';
+    const authQuery = new URLSearchParams(queryString).get(queryKey);
+    const referrer = window.document.referrer ? new URL(window.document.referrer) : undefined;
+    const isEmbedded = window.top && window.top !== window;
+    const trustedParent = isEmbedded && referrer && referrer.hostname.match(/^(openstax\.org|((.*)(\.openstax\.org|local|localhost)))$/) ? referrer : undefined;
+    const trustedEmbeds = new Set();
+    let userData = {
+        token: [null, embeddedQueryValue].includes(authQuery) ? null : authQuery
+    };
+    window.addEventListener('message', event => {
+        if (event.data.type === PostMessageTypes.RequestUser && trustedEmbeds.has(event.origin)) {
+            getUser().then(() => {
+                event.source.postMessage({ type: PostMessageTypes.ReceiveUser, userData }, event.origin);
+            });
+        }
+    });
+    const getAuthorizedEmbedUrl = (urlString) => {
+        const url = new URL(urlString);
+        trustedEmbeds.add(url.origin);
+        url.searchParams.set(queryKey, embeddedQueryValue);
+        return url.href;
+    };
+    const getAuthorizedLinkUrl = (urlString) => {
+        const url = new URL(urlString);
+        if (userData.token) {
+            url.searchParams.set(queryKey, userData.token);
+        }
+        return url.href;
+    };
+    const getAuthorizedUrl = (urlString) => {
+        const url = new URL(urlString);
+        if (authQuery) {
+            url.searchParams.set(queryKey, authQuery);
+        }
+        return url.href;
+    };
+    // *note* that this does not actually prevent cookies from being sent on same-origin
+    // requests, i'm not sure if its possible to stop browsers from sending cookies in
+    // that case
+    const getAuthorizedFetchConfig = () => userData.token ? {
+        headers: { Authorization: `Bearer ${userData.token}` },
+    } : {
+        credentials: 'include',
+    };
+    /*
+     * requests user identity from parent window via postMessage
+     */
+    const getParentWindowUser = () => new Promise((resolve, reject) => {
+        if (!window.parent || !trustedParent) {
+            return reject(new Error('parent window is undefined or not trusted'));
+        }
+        const handler = (event) => {
+            if (event.data.type === PostMessageTypes.ReceiveUser && event.origin === trustedParent.origin) {
+                clearTimeout(timeout);
+                window.removeEventListener('message', handler);
+                resolve(event.data.userData);
+            }
         };
+        window.addEventListener('message', handler);
+        window.parent.postMessage({ type: PostMessageTypes.RequestUser }, trustedParent.origin);
+        const timeout = setTimeout(() => {
+            window.removeEventListener('message', handler);
+            reject(new Error('loading user identity timed out'));
+        }, 100);
+    });
+    /*
+     * requests user identity from accounts api using given token or cookie
+     */
+    const getFetchUser = async () => {
+        return await window.fetch((await accountsUrl).replace(/\/+$/, '') + '/accounts/api/user', getAuthorizedFetchConfig())
+            .then(response => response.status === 200 ? response.json() : undefined)
+            .then(user => ({ ...userData, user }));
+    };
+    const getUser = (0, __1.once)(async () => {
+        userData = authQuery === embeddedQueryValue
+            ? await getParentWindowUser()
+            : await getFetchUser();
+        return userData.user;
+    });
+    return {
+        /**
+         * adds auth parameters to the url. this is only safe to use when using javascript to navigate
+         * within the current window, eg `window.location = 'https://my.otherservice.com';` anchors
+         * should use getAuthorizedLinkUrl for their href.
+         *
+         * result unreliable unless `getUser` is resolved first.
+         */
+        getAuthorizedUrl,
+        /**
+         * all link href-s must be rendered with auth tokens so that they work when opened in a new tab
+         *
+         * result unreliable unless `getUser` is resolved first.
+         */
+        getAuthorizedLinkUrl,
+        /**
+         * gets an authorized url for an iframe src. sets params on the url and saves its
+         * origin to trust releasing user identity to it
+         *
+         * result unreliable unless `getUser` is resolved first.
+         */
+        getAuthorizedEmbedUrl,
+        /**
+         * gets second argument for `fetch` that has authentication token or cookie
+         *
+         * result unreliable unless `getUser` is resolved first.
+         */
+        getAuthorizedFetchConfig,
+        /**
+         * loads current user identity. does not reflect changes in identity after being called the first time.
+         *
+         * result unreliable unless `getUser` is resolved first.
+         */
+        getUser
     };
 };
 exports.browserAuthProvider = browserAuthProvider;