@openstax/ts-utils 1.3.2 → 1.4.1

package/dist/esm/config/envConfig.d.ts

@@ -21,4 +21,4 @@ export declare const ENV_BUILD_CONFIGS: string[];
  *
  * @example const config = { configValue: envConfig('environment_variable_name') };
  */
-export declare const envConfig: (name: string, type?: 'build' | 'runtime', defaultValue?: string | undefined) => ConfigValueProvider<string>;
+export declare const envConfig: (name: string, type?: 'build' | 'runtime', defaultValue?: ConfigValueProvider<string> | undefined) => ConfigValueProvider<string>;

package/dist/esm/services/launchParams/index.d.ts

@@ -0,0 +1,2 @@
+export { createLaunchSigner } from './signer';
+export { createLaunchVerifier } from './verifier';

package/dist/esm/services/launchParams/index.js

@@ -0,0 +1,2 @@
+export { createLaunchSigner } from './signer';
+export { createLaunchVerifier } from './verifier';

package/dist/esm/services/launchParams/signer.d.ts

@@ -0,0 +1,27 @@
+import { JWK } from 'node-jose';
+import { ConfigProviderForConfig } from '../../config';
+declare type Config = {
+    alg: string;
+    expiresIn: string;
+    iss: string;
+    privateKey: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+}
+/**
+ * Creates a class that can sign launch params
+ */
+export declare const createLaunchSigner: <C extends string = "launch">({ configSpace }: Initializer<C>) => (configProvider: { [key in C]: {
+    alg: import("../../config").ConfigValueProvider<string>;
+    expiresIn: import("../../config").ConfigValueProvider<string>;
+    iss: import("../../config").ConfigValueProvider<string>;
+    privateKey: import("../../config").ConfigValueProvider<string>;
+}; }) => {
+    jwks: () => Promise<{
+        keys: JWK.RawKey[];
+    }>;
+    sign: (subject: string) => Promise<string>;
+};
+export declare type LaunchSigner = ReturnType<ReturnType<typeof createLaunchSigner>>;
+export {};

package/dist/esm/services/launchParams/signer.js

@@ -0,0 +1,38 @@
+import jwt from 'jsonwebtoken';
+import { JWK } from 'node-jose';
+import { once } from '../..';
+import { resolveConfigValue } from '../../config';
+import { ifDefined } from '../../guards';
+const SUPPORTED_ALGORITHMS = [
+    'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'PS256', 'PS384', 'PS512'
+];
+const assertAlg = (alg) => {
+    if ((SUPPORTED_ALGORITHMS).includes(alg)) {
+        return alg;
+    }
+    throw new Error(`"${alg}" is not a valid algorithm`);
+};
+/**
+ * Creates a class that can sign launch params
+ */
+export const createLaunchSigner = ({ configSpace }) => (configProvider) => {
+    const config = configProvider[ifDefined(configSpace, 'launch')];
+    const getAlg = once(async () => assertAlg(await resolveConfigValue(config.alg)));
+    const getExpiresIn = once(() => resolveConfigValue(config.expiresIn));
+    const getIss = once(() => resolveConfigValue(config.iss));
+    const getPrivateKey = once(() => resolveConfigValue(config.privateKey));
+    const getKeyStore = once(async () => {
+        const keystore = JWK.createKeyStore();
+        await keystore.add(await getPrivateKey(), 'pem');
+        return keystore;
+    });
+    const jwks = async () => (await getKeyStore()).toJSON(false);
+    const sign = async (subject) => {
+        const alg = await getAlg();
+        const expiresIn = await getExpiresIn();
+        const iss = await getIss();
+        const header = { alg, iss };
+        return jwt.sign({}, await getPrivateKey(), { algorithm: alg, expiresIn, header, issuer: iss, subject });
+    };
+    return { jwks, sign };
+};

package/dist/esm/services/launchParams/verifier.d.ts

@@ -0,0 +1,21 @@
+import type { JWK } from 'node-jose';
+import { ConfigProviderForConfig } from '../../config';
+declare type Config = {
+    trustedDomain: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+    fetcher?: (uri: string) => Promise<{
+        keys: JWK.RawKey[];
+    }>;
+}
+/**
+ * Creates a class that can verify launch params
+ */
+export declare const createLaunchVerifier: <C extends string = "launch">({ configSpace, fetcher }: Initializer<C>) => (configProvider: { [key in C]: {
+    trustedDomain: import("../../config").ConfigValueProvider<string>;
+}; }) => {
+    verify: (token: string) => Promise<string>;
+};
+export declare type LaunchVerifier = ReturnType<ReturnType<typeof createLaunchVerifier>>;
+export {};

package/dist/esm/services/launchParams/verifier.js

@@ -0,0 +1,51 @@
+import jwt from 'jsonwebtoken';
+import { JwksClient } from 'jwks-rsa';
+import { memoize } from '../..';
+import { resolveConfigValue } from '../../config';
+import { ifDefined } from '../../guards';
+/**
+ * Creates a class that can verify launch params
+ */
+export const createLaunchVerifier = ({ configSpace, fetcher }) => (configProvider) => {
+    const config = configProvider[ifDefined(configSpace, 'launch')];
+    const getJwksClient = memoize((jwksUri) => new JwksClient({ fetcher, jwksUri }));
+    const getJwksKey = memoize(async (jwksUri, kid) => {
+        const client = getJwksClient(jwksUri);
+        const key = await client.getSigningKey(kid);
+        return key.getPublicKey();
+    });
+    const getKey = async (header, callback) => {
+        // The JWT spec allows iss in the header as a copy of the iss claim, but we require it
+        if (!header.iss) {
+            return callback(new Error('JWT header missing iss claim'));
+        }
+        const { iss, kid } = header;
+        try {
+            const jwksUrl = new URL('/.well-known/jwks.json', iss);
+            const launchDomain = jwksUrl.hostname;
+            const trustedDomain = await resolveConfigValue(config.trustedDomain);
+            if (launchDomain !== trustedDomain && !launchDomain.endsWith(`.${trustedDomain}`)) {
+                return callback(new Error(`Untrusted launch domain: "${launchDomain}"`));
+            }
+            callback(null, await getJwksKey(jwksUrl.toString(), kid));
+        }
+        catch (error) {
+            callback(error);
+        }
+    };
+    const verify = (token) => new Promise((resolve, reject) => jwt.verify(token, getKey, {}, (err, payload) => {
+        if (err) {
+            reject(err);
+        }
+        else if (typeof payload !== 'object') {
+            reject(new Error('received JWT token with unexpected non-JSON payload'));
+        }
+        else if (!payload.sub) {
+            reject(new Error('JWT payload missing sub claim'));
+        }
+        else {
+            resolve(payload.sub);
+        }
+    }));
+    return { verify };
+};

package/dist/esm/services/searchProvider/memorySearchTheBadWay.js

@@ -33,8 +33,11 @@ export const memorySearchTheBadWay = ({ loadAllDocumentsTheBadWay }) => {
                             }
                             : (x) => x;
                         const hasMatch = coerceArray(field.value).map(coerceValue).some(v => docValues.includes(v));
-                        return !((mustMatch === MatchType.Must && !hasMatch) || (mustMatch === MatchType.MustNot && hasMatch));
+                        if ((mustMatch === MatchType.Must && !hasMatch) || (mustMatch === MatchType.MustNot && hasMatch)) {
+                            return false;
+                        }
                     }
+                    return true;
                 };
                 if (options.query !== undefined) {
                     for (const field of options.fields) {