@openstax/ts-utils 1.3.1 → 1.4.1

package/dist/cjs/config/envConfig.d.ts

@@ -21,4 +21,4 @@ export declare const ENV_BUILD_CONFIGS: string[];
  *
  * @example const config = { configValue: envConfig('environment_variable_name') };
  */
-export declare const envConfig: (name: string, type?: 'build' | 'runtime', defaultValue?: string | undefined) => ConfigValueProvider<string>;
+export declare const envConfig: (name: string, type?: 'build' | 'runtime', defaultValue?: ConfigValueProvider<string> | undefined) => ConfigValueProvider<string>;

package/dist/cjs/services/launchParams/index.d.ts

@@ -0,0 +1,2 @@
+export { createLaunchSigner } from './signer';
+export { createLaunchVerifier } from './verifier';

package/dist/cjs/services/launchParams/index.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createLaunchVerifier = exports.createLaunchSigner = void 0;
+var signer_1 = require("./signer");
+Object.defineProperty(exports, "createLaunchSigner", { enumerable: true, get: function () { return signer_1.createLaunchSigner; } });
+var verifier_1 = require("./verifier");
+Object.defineProperty(exports, "createLaunchVerifier", { enumerable: true, get: function () { return verifier_1.createLaunchVerifier; } });

package/dist/cjs/services/launchParams/signer.d.ts

@@ -0,0 +1,27 @@
+import { JWK } from 'node-jose';
+import { ConfigProviderForConfig } from '../../config';
+declare type Config = {
+    alg: string;
+    expiresIn: string;
+    iss: string;
+    privateKey: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+}
+/**
+ * Creates a class that can sign launch params
+ */
+export declare const createLaunchSigner: <C extends string = "launch">({ configSpace }: Initializer<C>) => (configProvider: { [key in C]: {
+    alg: import("../../config").ConfigValueProvider<string>;
+    expiresIn: import("../../config").ConfigValueProvider<string>;
+    iss: import("../../config").ConfigValueProvider<string>;
+    privateKey: import("../../config").ConfigValueProvider<string>;
+}; }) => {
+    jwks: () => Promise<{
+        keys: JWK.RawKey[];
+    }>;
+    sign: (subject: string) => Promise<string>;
+};
+export declare type LaunchSigner = ReturnType<ReturnType<typeof createLaunchSigner>>;
+export {};

package/dist/cjs/services/launchParams/signer.js

@@ -0,0 +1,45 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createLaunchSigner = void 0;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const node_jose_1 = require("node-jose");
+const __1 = require("../..");
+const config_1 = require("../../config");
+const guards_1 = require("../../guards");
+const SUPPORTED_ALGORITHMS = [
+    'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'PS256', 'PS384', 'PS512'
+];
+const assertAlg = (alg) => {
+    if ((SUPPORTED_ALGORITHMS).includes(alg)) {
+        return alg;
+    }
+    throw new Error(`"${alg}" is not a valid algorithm`);
+};
+/**
+ * Creates a class that can sign launch params
+ */
+const createLaunchSigner = ({ configSpace }) => (configProvider) => {
+    const config = configProvider[(0, guards_1.ifDefined)(configSpace, 'launch')];
+    const getAlg = (0, __1.once)(async () => assertAlg(await (0, config_1.resolveConfigValue)(config.alg)));
+    const getExpiresIn = (0, __1.once)(() => (0, config_1.resolveConfigValue)(config.expiresIn));
+    const getIss = (0, __1.once)(() => (0, config_1.resolveConfigValue)(config.iss));
+    const getPrivateKey = (0, __1.once)(() => (0, config_1.resolveConfigValue)(config.privateKey));
+    const getKeyStore = (0, __1.once)(async () => {
+        const keystore = node_jose_1.JWK.createKeyStore();
+        await keystore.add(await getPrivateKey(), 'pem');
+        return keystore;
+    });
+    const jwks = async () => (await getKeyStore()).toJSON(false);
+    const sign = async (subject) => {
+        const alg = await getAlg();
+        const expiresIn = await getExpiresIn();
+        const iss = await getIss();
+        const header = { alg, iss };
+        return jsonwebtoken_1.default.sign({}, await getPrivateKey(), { algorithm: alg, expiresIn, header, issuer: iss, subject });
+    };
+    return { jwks, sign };
+};
+exports.createLaunchSigner = createLaunchSigner;

package/dist/cjs/services/launchParams/verifier.d.ts

@@ -0,0 +1,21 @@
+import type { JWK } from 'node-jose';
+import { ConfigProviderForConfig } from '../../config';
+declare type Config = {
+    trustedDomain: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+    fetcher?: (uri: string) => Promise<{
+        keys: JWK.RawKey[];
+    }>;
+}
+/**
+ * Creates a class that can verify launch params
+ */
+export declare const createLaunchVerifier: <C extends string = "launch">({ configSpace, fetcher }: Initializer<C>) => (configProvider: { [key in C]: {
+    trustedDomain: import("../../config").ConfigValueProvider<string>;
+}; }) => {
+    verify: (token: string) => Promise<string>;
+};
+export declare type LaunchVerifier = ReturnType<ReturnType<typeof createLaunchVerifier>>;
+export {};

package/dist/cjs/services/launchParams/verifier.js

@@ -0,0 +1,58 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createLaunchVerifier = void 0;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const jwks_rsa_1 = require("jwks-rsa");
+const __1 = require("../..");
+const config_1 = require("../../config");
+const guards_1 = require("../../guards");
+/**
+ * Creates a class that can verify launch params
+ */
+const createLaunchVerifier = ({ configSpace, fetcher }) => (configProvider) => {
+    const config = configProvider[(0, guards_1.ifDefined)(configSpace, 'launch')];
+    const getJwksClient = (0, __1.memoize)((jwksUri) => new jwks_rsa_1.JwksClient({ fetcher, jwksUri }));
+    const getJwksKey = (0, __1.memoize)(async (jwksUri, kid) => {
+        const client = getJwksClient(jwksUri);
+        const key = await client.getSigningKey(kid);
+        return key.getPublicKey();
+    });
+    const getKey = async (header, callback) => {
+        // The JWT spec allows iss in the header as a copy of the iss claim, but we require it
+        if (!header.iss) {
+            return callback(new Error('JWT header missing iss claim'));
+        }
+        const { iss, kid } = header;
+        try {
+            const jwksUrl = new URL('/.well-known/jwks.json', iss);
+            const launchDomain = jwksUrl.hostname;
+            const trustedDomain = await (0, config_1.resolveConfigValue)(config.trustedDomain);
+            if (launchDomain !== trustedDomain && !launchDomain.endsWith(`.${trustedDomain}`)) {
+                return callback(new Error(`Untrusted launch domain: "${launchDomain}"`));
+            }
+            callback(null, await getJwksKey(jwksUrl.toString(), kid));
+        }
+        catch (error) {
+            callback(error);
+        }
+    };
+    const verify = (token) => new Promise((resolve, reject) => jsonwebtoken_1.default.verify(token, getKey, {}, (err, payload) => {
+        if (err) {
+            reject(err);
+        }
+        else if (typeof payload !== 'object') {
+            reject(new Error('received JWT token with unexpected non-JSON payload'));
+        }
+        else if (!payload.sub) {
+            reject(new Error('JWT payload missing sub claim'));
+        }
+        else {
+            resolve(payload.sub);
+        }
+    }));
+    return { verify };
+};
+exports.createLaunchVerifier = createLaunchVerifier;

package/dist/cjs/services/searchProvider/index.d.ts

@@ -1,6 +1,6 @@
-declare type Filter = {
+export declare type Filter = {
     key: string;
-    value: string | string[];
+    value: string | string[] | boolean;
 };
 declare type Field = {
     key: string;
@@ -9,6 +9,9 @@ declare type Field = {
 } | {
     key: string;
     type: 'keyword';
+} | {
+    key: string;
+    type: 'boolean';
 };
 export interface IndexOptions<T> {
     body: T;
@@ -18,6 +21,11 @@ export interface SearchOptions {
     page?: number;
     query: string | undefined;
     fields: Field[];
+    /**
+     * @deprecated use `must` instead
+     */
     filter?: Filter[];
+    must?: Filter[];
+    must_not?: Filter[];
 }
 export {};

package/dist/cjs/services/searchProvider/memorySearchTheBadWay.js

@@ -2,18 +2,46 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.memorySearchTheBadWay = void 0;
 const __1 = require("../..");
+const errors_1 = require("../../errors");
 const guards_1 = require("../../guards");
 const MIN_MATCH = 0.5;
 const MAX_RESULTS = 10;
+var MatchType;
+(function (MatchType) {
+    MatchType[MatchType["Must"] = 0] = "Must";
+    MatchType[MatchType["MustNot"] = 1] = "MustNot";
+})(MatchType || (MatchType = {}));
 const resolveField = (document, field) => field.key.toString().split('.').reduce((result, key) => result[key], document);
 const memorySearchTheBadWay = ({ loadAllDocumentsTheBadWay }) => {
     return {
         ensureIndexCreated: async () => undefined,
         index: async (_options) => undefined,
         search: async (options) => {
+            const getFieldType = (field) => { var _a; return (_a = options.fields.find(f => f.key == field.key)) === null || _a === void 0 ? void 0 : _a.type; };
             const results = (await loadAllDocumentsTheBadWay())
                 .map(document => {
                 let weight = 0;
+                const matchFilters = (filters, mustMatch) => {
+                    for (const field of filters) {
+                        const docValues = (0, __1.coerceArray)(resolveField(document, field));
+                        const coerceValue = getFieldType(field) === 'boolean'
+                            ? (input) => {
+                                if ([true, 'true', '1', 1].includes(input)) {
+                                    return true;
+                                }
+                                if ([false, 'false', '0', 0, ''].includes(input)) {
+                                    return false;
+                                }
+                                throw new errors_1.InvalidRequestError('input is not a valid boolean filter');
+                            }
+                            : (x) => x;
+                        const hasMatch = (0, __1.coerceArray)(field.value).map(coerceValue).some(v => docValues.includes(v));
+                        if ((mustMatch === MatchType.Must && !hasMatch) || (mustMatch === MatchType.MustNot && hasMatch)) {
+                            return false;
+                        }
+                    }
+                    return true;
+                };
                 if (options.query !== undefined) {
                     for (const field of options.fields) {
                         if (field.type !== undefined && field.type !== 'text') {
@@ -33,11 +61,13 @@ const memorySearchTheBadWay = ({ loadAllDocumentsTheBadWay }) => {
                         }
                     }
                 }
-                for (const field of options.filter || []) {
-                    const value = resolveField(document, field);
-                    if (!(0, __1.coerceArray)(field.value).some(v => (0, __1.coerceArray)(value).includes(v))) {
-                        return undefined;
-                    }
+                const { must_not } = options;
+                const must = 'filter' in options ? options.filter : options.must;
+                if ((must === null || must === void 0 ? void 0 : must.length) && !matchFilters(must, MatchType.Must)) {
+                    return undefined;
+                }
+                if ((must_not === null || must_not === void 0 ? void 0 : must_not.length) && !matchFilters(must_not, MatchType.MustNot)) {
+                    return undefined;
                 }
                 return { document, weight };
             })