@openstax/ts-utils 1.34.0 → 1.35.0

package/dist/cjs/routing/validators/zod.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.zodPayloadValidator = void 0;
+/* spell-checker: ignore treeify */
+const zod_1 = require("zod");
+const errors_1 = require("../../errors");
+const zodPayloadValidator = (validator) => (input) => {
+    const result = validator.safeParse(input);
+    if (result.success) {
+        return true;
+    }
+    throw new errors_1.ValidationError((0, zod_1.treeifyError)(result.error));
+};
+exports.zodPayloadValidator = zodPayloadValidator;

package/dist/cjs/services/accountsGateway/index.d.ts

@@ -0,0 +1,92 @@
+import { ConfigProviderForConfig } from '../../config';
+import { GenericFetch } from '../../fetch';
+import { JsonCompatibleStruct } from '../../routing';
+import { ApiUser, ConsentPreferences } from '../authProvider';
+import { Logger } from '../logger';
+export type Config = {
+    accountsBase: string;
+    accountsAuthToken: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+    fetch: GenericFetch;
+}
+export type FindUserPayload = ({
+    external_id: string;
+} | {
+    uuid: string;
+}) & {
+    sso?: string;
+};
+export type FindOrCreateUserPayload = {
+    external_id: string;
+    email?: string;
+    already_verified?: boolean;
+    first_name?: string;
+    last_name?: string;
+    full_name?: string;
+    salesforce_contact_id?: string;
+    faculty_status?: string;
+    role?: string;
+    school_type?: string;
+    is_test?: boolean;
+    sso?: string;
+};
+export type FindOrCreateUserResponse = {
+    id: number;
+    uuid: string;
+    external_ids: string[];
+    is_test: boolean;
+    sso: string;
+};
+export type FindUserResponse = (FindOrCreateUserResponse & {
+    external_ids: string[];
+}) | undefined;
+export type LinkUserPayload = {
+    userId: number;
+    externalId: string;
+};
+export type LinkUserResponse = {
+    user_id: number;
+    external_id: string;
+};
+export type SearchUsersPayload = {
+    q: string;
+    order_by?: string;
+};
+export type SearchUsersResponse = {
+    items: Array<ApiUser & {
+        external_ids: string[];
+    } & JsonCompatibleStruct>;
+    total_count: number;
+};
+export type UpdateUserPayload = ConsentPreferences;
+export type MappedUserInfo<T> = {
+    data: T;
+    fullName: string;
+    platformUserId?: string;
+    uuid: string;
+};
+export declare const accountsGateway: <C extends string = "accounts">(initializer: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }) => ({ logger }: {
+    logger: Logger;
+}) => {
+    findOrCreateUser: (body: FindOrCreateUserPayload) => Promise<FindOrCreateUserResponse>;
+    findUser: (body: FindUserPayload) => Promise<FindUserResponse>;
+    getUser: (token: string) => Promise<ApiUser & JsonCompatibleStruct>;
+    linkUser: (body: LinkUserPayload) => Promise<LinkUserResponse>;
+    mapUserUuids: <T>(userUuidsMap: {
+        [uuid: string]: T;
+    }, platformId?: string) => Promise<{
+        data: T;
+        fullName: string;
+        platformUserId: string | undefined;
+        uuid: string;
+    }[]>;
+    searchUsers: (payload: SearchUsersPayload) => Promise<SearchUsersResponse>;
+    updateUser: (token: string, body: UpdateUserPayload) => Promise<ApiUser & JsonCompatibleStruct>;
+    getUserMap: <R>(userUuids: Set<string>, mapper: ((user: ApiUser) => R)) => Promise<Map<string, R>>;
+    mapUserData: <T, R>(input: T[], getUserUuid: (item: T) => string, mapper: ((user: ApiUser | undefined, item: T) => R)) => Promise<R[]>;
+    mapUsersData: <T, R_1>(input: T[], getUserUuids: (item: T) => string[], mapper: ((users: Map<string, ApiUser | undefined>, item: T) => R_1)) => Promise<R_1[]>;
+};
+export type AccountsGateway = ReturnType<ReturnType<ReturnType<typeof accountsGateway>>>;
+export {};

package/dist/cjs/services/accountsGateway/index.js

@@ -0,0 +1,138 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.accountsGateway = void 0;
+const lodash_1 = require("lodash");
+const query_string_1 = __importDefault(require("query-string"));
+const config_1 = require("../../config");
+const guards_1 = require("../../guards");
+const helpers_1 = require("../../misc/helpers");
+const routing_1 = require("../../routing");
+const logger_1 = require("../logger");
+class ApiError extends Error {
+    constructor(message, status) {
+        super(message);
+        this.status = status;
+    }
+}
+const accountsGateway = (initializer) => (configProvider) => {
+    const config = configProvider[(0, guards_1.ifDefined)(initializer.configSpace, 'accounts')];
+    const accountsBase = (0, helpers_1.once)(() => (0, config_1.resolveConfigValue)(config.accountsBase));
+    const accountsAuthToken = (0, helpers_1.once)(() => (0, config_1.resolveConfigValue)(config.accountsAuthToken));
+    return ({ logger }) => {
+        const request = async (method, path, options, statuses = [200, 201]) => {
+            const host = (await accountsBase()).replace(/\/+$/, '');
+            const url = `${host}/api/${path}`;
+            const config = {
+                headers: {
+                    Authorization: `Bearer ${options.token || await accountsAuthToken()}`,
+                },
+                method,
+            };
+            if (options.body) {
+                config.body = JSON.stringify(options.body);
+            }
+            const response = await initializer.fetch(url, config);
+            if (!statuses.includes(response.status)) {
+                throw new ApiError(`Received unexpected status code ${response.status} for Accounts API call: ${method} ${url}`, response.status);
+            }
+            return response.json();
+        };
+        const findOrCreateUser = async (body) => request(routing_1.METHOD.POST, 'user/find-or-create', { body });
+        const findUser = async (body) => {
+            try {
+                return await request(routing_1.METHOD.POST, 'user/find', { body });
+            }
+            catch (error) {
+                if (error instanceof ApiError && error.status === 404) {
+                    return undefined;
+                }
+                else {
+                    throw error;
+                }
+            }
+        };
+        const getUser = async (token) => request(routing_1.METHOD.GET, 'user', { token });
+        const linkUser = async (body) => request(routing_1.METHOD.POST, 'user/external-ids', {
+            body: {
+                external_id: body.externalId,
+                user_id: body.userId,
+            }
+        });
+        const searchUsers = async (payload) => request(routing_1.METHOD.GET, `users?${query_string_1.default.stringify(payload)}`, {});
+        const updateUser = async (token, body) => request(routing_1.METHOD.PUT, 'user', { body, token });
+        const getPlatformUserId = (externalIds, platformId) => {
+            for (const externalId of externalIds) {
+                const [userPlatformId, userId] = externalId.split('/', 2);
+                if (userPlatformId === platformId) {
+                    return userId;
+                }
+            }
+        };
+        /*
+         * If a platformId is given, returns an array where
+         * the first element is the user id from the platform
+         * and the second is the value from the map
+         * Otherwise, returns an array where
+         * the first element is the user's full_name
+         * and the second is the value from the map
+         */
+        const mapUserUuids = async (userUuidsMap, platformId) => {
+            const results = await mapUserData(Object.entries(userUuidsMap), ([id]) => id, (user, [, data]) => {
+                if (!user)
+                    return undefined;
+                const platformUserId = platformId ? getPlatformUserId(user.external_ids, platformId) : undefined;
+                if (platformId && !platformUserId) {
+                    logger.logEvent(logger_1.Level.Warn, {
+                        message: 'Accounts user has no external_id matching the given platformId',
+                        accountsUuid: user.uuid,
+                        platformId,
+                    });
+                }
+                if (!user.full_name) {
+                    logger.logEvent(logger_1.Level.Warn, {
+                        message: 'Accounts user has no full_name',
+                        accountsUuid: user.uuid,
+                    });
+                }
+                return { data, fullName: user.full_name, platformUserId, uuid: user.uuid };
+            });
+            return results.filter(guards_1.isDefined);
+        };
+        const getUserMap = async (userUuids, mapper) => {
+            if (userUuids.size === 0)
+                return new Map();
+            const chunked = (0, lodash_1.chunk)([...userUuids], 10);
+            const results = await Promise.all(chunked.map(async (inputChunk) => {
+                const { items } = await searchUsers({ q: inputChunk.map(userUuid => `uuid:${userUuid}`).join(' ')
+                });
+                const accountsUuids = items.map((user) => user.uuid);
+                if (!(0, lodash_1.isEqual)(accountsUuids.sort(), inputChunk.sort())) {
+                    logger.logEvent(logger_1.Level.Warn, {
+                        message: 'Unexpected Accounts user search results',
+                        uuids: inputChunk,
+                        accountsUuids,
+                    });
+                }
+                return items;
+            }));
+            return new Map(results.flat(1).map(user => [user.uuid, mapper(user)]));
+        };
+        const mapUserData = async (input, getUserUuid, mapper) => {
+            const userMap = await getUserMap(new Set(input.flatMap(getUserUuid)), user => user);
+            return input.map(item => mapper(userMap.get(getUserUuid(item)), item));
+        };
+        const mapUsersData = async (input, getUserUuids, mapper) => {
+            const userMap = await getUserMap(new Set(input.flatMap(getUserUuids)), user => user);
+            return input.map(item => {
+                const userUuids = getUserUuids(item);
+                const itemUserMap = new Map(userUuids.map(uuid => [uuid, userMap.get(uuid)]));
+                return mapper(itemUserMap, item);
+            });
+        };
+        return { findOrCreateUser, findUser, getUser, linkUser, mapUserUuids, searchUsers, updateUser, getUserMap, mapUserData, mapUsersData };
+    };
+};
+exports.accountsGateway = accountsGateway;

package/dist/cjs/services/apiGateway/index.d.ts

@@ -0,0 +1,68 @@
+import { Headers } from 'node-fetch';
+import { ConfigProviderForConfig } from '../../config';
+import { ConfigForFetch, GenericFetch, Response } from '../../fetch';
+import { AnyRoute, ApiResponse, OutputForRoute, ParamsForRoute, PayloadForRoute, QueryParams } from '../../routing';
+import { UnwrapPromise } from '../../types';
+import { Logger } from '../logger';
+export type TResponsePayload<R> = R extends ApiResponse<any, infer P> ? P : never;
+export type TResponseStatus<R> = R extends ApiResponse<infer S, any> ? S : never;
+export type RouteClient<R> = {
+    (config: {
+        fetchConfig?: any;
+        query?: QueryParams;
+    } & (ParamsForRoute<R> extends undefined ? {} : {
+        params: ParamsForRoute<R>;
+    }) & (PayloadForRoute<R> extends undefined ? {} : {
+        payload: PayloadForRoute<R>;
+    })): Promise<UnsafeApiClientResponse<UnwrapPromise<OutputForRoute<R>>>>;
+    renderUrl: (config: {
+        query?: QueryParams;
+    } & (ParamsForRoute<R> extends undefined ? {} : {
+        params: ParamsForRoute<R>;
+    })) => Promise<string>;
+};
+export interface AcceptStatus<Ro> {
+    <S extends TResponseStatus<Ro>[]>(...args: S): Promise<ApiClientResponse<Extract<Ro, Record<'statusCode', S[number]>>>>;
+    <S extends number[]>(...args: S): Promise<ApiClientResponse<any>>;
+}
+export type UnsafeApiClientResponse<Ro> = {
+    headers: Headers;
+    load: () => Promise<any>;
+    status: number;
+    acceptStatus: AcceptStatus<Ro>;
+};
+export type ApiClientResponse<Ro> = Ro extends any ? {
+    headers: Headers;
+    status: TResponseStatus<Ro>;
+    load: () => Promise<TResponsePayload<Ro>>;
+} : never;
+export type ExpandRoute<T> = T extends ((...args: infer A) => infer R) & {
+    renderUrl: (...args: infer Ar) => Promise<string>;
+} ? ((...args: A) => R) & {
+    renderUrl: (...args: Ar) => Promise<string>;
+} : never;
+export type MapRoutesToClient<Ru> = [Ru] extends [AnyRoute<Ru>] ? {
+    [N in Ru['name']]: ExpandRoute<RouteClient<Extract<Ru, Record<'name', N>>>>;
+} : never;
+export type MapRoutesToConfig<Ru> = [Ru] extends [AnyRoute<Ru>] ? {
+    [_N in Ru['name']]: {
+        path: string;
+        method: string;
+    };
+} : never;
+/** Pulls the content out of a response based on the content type */
+export declare const loadResponse: (response: Response) => () => Promise<any>;
+export interface MakeApiGateway<F> {
+    <Ru>(config: ConfigProviderForConfig<{
+        apiBase: string;
+    }>, routes: MapRoutesToConfig<Ru>, app?: {
+        authProvider?: {
+            getAuthorizedFetchConfig: () => Promise<ConfigForFetch<F>>;
+        };
+        logger?: Logger;
+        launchToken?: string;
+    }): MapRoutesToClient<Ru>;
+}
+export declare const createApiGateway: <F extends GenericFetch>(initializer: {
+    fetch: F;
+}) => MakeApiGateway<F>;

package/dist/cjs/services/apiGateway/index.js

@@ -0,0 +1,118 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createApiGateway = exports.loadResponse = void 0;
+const pathToRegexp = __importStar(require("path-to-regexp"));
+const query_string_1 = __importDefault(require("query-string"));
+const uuid_1 = require("uuid");
+const __1 = require("../..");
+const config_1 = require("../../config");
+const errors_1 = require("../../errors");
+const fetchStatusRetry_1 = require("../../fetch/fetchStatusRetry");
+const logger_1 = require("../logger");
+/** Pulls the content out of a response based on the content type */
+const loadResponse = (response) => () => {
+    const [contentType] = (response.headers.get('content-type') || '').split(';');
+    switch (contentType) {
+        case 'text/plain':
+            return response.text();
+        case 'application/json':
+            return response.json();
+        default:
+            throw new Error(`unknown content type ${contentType}`);
+    }
+};
+exports.loadResponse = loadResponse;
+const makeRouteClient = (initializer, config, route, app) => {
+    /* TODO this duplicates code with makeRenderRouteUrl, reuse that */
+    const renderUrl = async ({ params, query }) => {
+        const apiBase = await (0, config_1.resolveConfigValue)(config.apiBase);
+        const getPathForParams = pathToRegexp.compile(route.path, { encode: encodeURIComponent });
+        const search = query && query_string_1.default.stringify(query);
+        return apiBase.replace(/\/+$/, '') + getPathForParams(params || {}) + (search ? `?${search}` : '');
+    };
+    const routeClient = async ({ params, payload, query, fetchConfig }) => {
+        var _a, _b;
+        const { fetch } = initializer;
+        const url = await renderUrl({ params, query });
+        const body = payload ? JSON.stringify(payload) : undefined;
+        const baseOptions = (0, __1.merge)((await ((_a = app === null || app === void 0 ? void 0 : app.authProvider) === null || _a === void 0 ? void 0 : _a.getAuthorizedFetchConfig())) || {}, fetchConfig || {});
+        const requestId = (0, uuid_1.v4)();
+        const requestLogger = (_b = app === null || app === void 0 ? void 0 : app.logger) === null || _b === void 0 ? void 0 : _b.createSubContext();
+        requestLogger === null || requestLogger === void 0 ? void 0 : requestLogger.setContext({ requestId, url, timeStamp: new Date().getTime() });
+        const fetcher = (0, fetchStatusRetry_1.fetchStatusRetry)(fetch, { retries: 1, status: [502], logger: requestLogger });
+        requestLogger === null || requestLogger === void 0 ? void 0 : requestLogger.log('Request Initiated', logger_1.Level.Info);
+        return fetcher(url, (0, __1.merge)(baseOptions, {
+            method: route.method,
+            body,
+            headers: {
+                ...fetchConfig === null || fetchConfig === void 0 ? void 0 : fetchConfig.headers,
+                ...(body ? { 'content-type': 'application/json' } : {}),
+                'x-request-id': requestId,
+                ...((app === null || app === void 0 ? void 0 : app.launchToken) ? {
+                    'x-launch-token': app.launchToken,
+                } : {}),
+            }
+        })).then(response => {
+            if (response.status === 401) {
+                throw new errors_1.UnauthorizedError();
+            }
+            if (response.status === 440) {
+                throw new errors_1.SessionExpiredError();
+            }
+            return {
+                status: response.status,
+                acceptStatus: async (...status) => {
+                    if (!status.includes(response.status)) {
+                        throw new Error(`unexpected HTTP ${response.status} response from api: ${await response.text()}`);
+                    }
+                    return { status: response.status, headers: response.headers, load: (0, exports.loadResponse)(response) };
+                },
+                headers: response.headers,
+                load: (0, exports.loadResponse)(response),
+            };
+        });
+    };
+    routeClient.renderUrl = renderUrl;
+    return routeClient;
+};
+const createApiGateway = (initializer) => (config, routes, app) => {
+    return Object.fromEntries(Object.entries(routes)
+        .map(([key, routeConfig]) => ([key, makeRouteClient(initializer, config, routeConfig, app)])));
+};
+exports.createApiGateway = createApiGateway;

package/dist/cjs/services/authProvider/browser.d.ts

@@ -0,0 +1,40 @@
+import { ConfigProviderForConfig } from '../../config';
+import { GenericFetch } from '../../fetch';
+import { UserData } from './utils/embeddedAuthProvider';
+import { ApiUser, AuthProvider } from '.';
+type Config = {
+    accountsBase: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+    window: Window;
+}
+export type EventHandler = (e: {
+    data: any;
+    origin: string;
+    source: Pick<Window, 'postMessage'>;
+}) => void;
+export interface Window {
+    fetch: GenericFetch;
+    parent: Pick<Window, 'postMessage'>;
+    location: {
+        search: string;
+    };
+    document: {
+        referrer: string;
+    };
+    postMessage: (data: any, origin: string) => void;
+    addEventListener: (event: 'message', callback: EventHandler) => void;
+    removeEventListener: (event: 'message', callback: EventHandler) => void;
+}
+export type UpdatableUserFields = Partial<Pick<ApiUser, 'consent_preferences' | 'first_name' | 'last_name'>>;
+export type BrowserAuthProvider = AuthProvider & {
+    getAuthorizedUrl: (urlString: string) => string;
+    getAuthorizedLinkUrl: (urlString: string) => string;
+    getAuthorizedEmbedUrl: (urlString: string, extraParams?: {
+        [key: string]: string;
+    }) => string;
+    updateUser: (updates: UpdatableUserFields) => Promise<UserData<ApiUser>>;
+};
+export declare const browserAuthProvider: <C extends string = "auth">({ window, configSpace }: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }) => BrowserAuthProvider;
+export {};

package/dist/cjs/services/authProvider/browser.js

@@ -0,0 +1,155 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.browserAuthProvider = void 0;
+const __1 = require("../..");
+const config_1 = require("../../config");
+const guards_1 = require("../../guards");
+const routing_1 = require("../../routing");
+const embeddedAuthProvider_1 = require("./utils/embeddedAuthProvider");
+const isUserData = (0, routing_1.unsafePayloadValidator)();
+const browserAuthProvider = ({ window, configSpace }) => (configProvider) => {
+    const config = configProvider[(0, guards_1.ifDefined)(configSpace, 'auth')];
+    const accountsBase = (0, __1.once)(() => (0, config_1.resolveConfigValue)(config.accountsBase));
+    const queryString = window.location.search;
+    const queryKey = 'auth';
+    const urlSearchParams = new URLSearchParams(queryString);
+    const authQuery = urlSearchParams.get(queryKey);
+    const referrer = window.document.referrer ? new URL(window.document.referrer) : undefined;
+    const isEmbedded = window.parent !== window;
+    const trustedParent = isEmbedded && referrer && referrer.hostname.match(/^(openstax\.org|((.*)(\.openstax\.org|local|localhost)))$/) ? referrer : undefined;
+    const { embeddedQueryKey, embeddedQueryValue, getAuthorizedEmbedUrl } = (0, embeddedAuthProvider_1.embeddedAuthProvider)(() => getUserData(), { authQuery: { key: queryKey, value: authQuery }, window });
+    const embeddedQuery = urlSearchParams.get(embeddedQueryKey);
+    let userData = { token: authQuery };
+    const getAuthToken = async () => {
+        return (await getUserData()).token;
+    };
+    const getAuthorizedLinkUrl = (urlString) => {
+        const url = new URL(urlString);
+        if (userData.token) {
+            url.searchParams.set(queryKey, userData.token);
+        }
+        return url.href;
+    };
+    const getAuthorizedUrl = (urlString) => {
+        const url = new URL(urlString);
+        if (authQuery) {
+            url.searchParams.set(queryKey, authQuery);
+        }
+        else if (embeddedQuery) {
+            url.searchParams.set(queryKey, 'embedded');
+        }
+        if (embeddedQuery) {
+            url.searchParams.set(embeddedQueryKey, embeddedQuery);
+        }
+        return url.href;
+    };
+    // *note* that this does not actually prevent cookies from being sent on same-origin
+    // requests, i'm not sure if its possible to stop browsers from sending cookies in
+    // that case
+    const getAuthorizedFetchConfigFromData = (data) => {
+        const { token } = data;
+        return token ? {
+            headers: { Authorization: `Bearer ${token}` },
+        } : {
+            credentials: 'include',
+        };
+    };
+    const getAuthorizedFetchConfig = async () => {
+        return getAuthorizedFetchConfigFromData(userData.token ? userData : await getUserData());
+    };
+    /*
+     * requests user identity from parent window via postMessage
+     */
+    const getParentWindowUser = () => new Promise((resolve, reject) => {
+        if (!window.parent || !trustedParent) {
+            return reject(new Error('parent window is undefined or not trusted'));
+        }
+        const handler = (event) => {
+            if (event.data.type === embeddedAuthProvider_1.PostMessageTypes.ReceiveUser && event.origin === trustedParent.origin) {
+                clearTimeout(timeout);
+                window.removeEventListener('message', handler);
+                resolve(event.data.userData);
+            }
+        };
+        window.addEventListener('message', handler);
+        window.parent.postMessage({ type: embeddedAuthProvider_1.PostMessageTypes.RequestUser }, trustedParent.origin);
+        const timeout = setTimeout(() => {
+            window.removeEventListener('message', handler);
+            reject(new Error('loading user identity timed out'));
+        }, 5000);
+    });
+    /*
+     * requests user identity from accounts api using given token or cookie
+     */
+    const getFetchUser = async () => {
+        const response = await window.fetch((await accountsBase()).replace(/\/+$/, '') + '/api/user?always_200=true', getAuthorizedFetchConfigFromData(userData));
+        if (response.status === 200) {
+            const body = await response.json();
+            const user = isUserData(body) ? body : undefined;
+            return { ...userData, user };
+        }
+        const message = await response.text();
+        throw new Error(`Error response from Accounts ${response.status}: ${message}`);
+    };
+    const getUserData = (0, __1.once)(async () => {
+        // For backwards compatibility
+        if (authQuery === 'embedded') {
+            return getParentWindowUser();
+        }
+        // getFetchUser() will throw here if authQuery is not set
+        return await (embeddedQuery === embeddedQueryValue ? getParentWindowUser() : getFetchUser());
+    });
+    const getUser = async () => {
+        return (await getUserData()).user;
+    };
+    const updateUser = async (updates) => {
+        const response = await window.fetch((await accountsBase()).replace(/\/+$/, '') + '/api/user', { ...getAuthorizedFetchConfigFromData(userData), method: routing_1.METHOD.PUT, body: JSON.stringify(updates) });
+        if (response.status === 200) {
+            const user = await response.json();
+            if (isUserData(user)) {
+                return { ...userData, user };
+            }
+        }
+        const message = await response.text();
+        throw new Error(`Error response from Accounts ${response.status}: ${message}`);
+    };
+    return {
+        /**
+         * gets the authentication token
+         */
+        getAuthToken,
+        /**
+         * adds auth parameters to the url. this is only safe to use when using javascript to navigate
+         * within the current window, eg `window.location = 'https://my.otherservice.com';` anchors
+         * should use getAuthorizedLinkUrl for their href.
+         *
+         * result unreliable unless `getUser` is resolved first.
+         */
+        getAuthorizedUrl,
+        /**
+         * all link href-s must be rendered with auth tokens so that they work when opened in a new tab
+         *
+         * result unreliable unless `getUser` is resolved first.
+         */
+        getAuthorizedLinkUrl,
+        /**
+         * gets an authorized url for an iframe src. sets params on the url and saves its
+         * origin to trust releasing user identity to it
+         */
+        getAuthorizedEmbedUrl,
+        /**
+         * gets second argument for `fetch` that has authentication token or cookie
+         */
+        getAuthorizedFetchConfig,
+        /**
+         * loads current user identity. does not reflect changes in identity after being called the first time.
+         */
+        getUser,
+        loadUserData: getUser,
+        /**
+         * updates user settings, for example the cookie consent preferences
+         */
+        updateUser,
+    };
+};
+exports.browserAuthProvider = browserAuthProvider;

package/dist/cjs/services/authProvider/decryption.d.ts

@@ -0,0 +1,19 @@
+import type { ConfigProviderForConfig } from '../../config';
+import { GenericFetch } from '../../fetch';
+import { ApiUser, AuthProvider, CookieAuthProvider } from '.';
+type Config = {
+    accountsBase: string;
+    cookieName: string;
+    encryptionPrivateKey: string;
+    signaturePublicKey: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+    fetch: GenericFetch;
+}
+export type DecryptionAuthProvider = AuthProvider & {
+    getTokenExpiration: (tokenString?: string) => Promise<number | null | undefined>;
+    loadUserData: () => Promise<ApiUser | undefined>;
+};
+export declare const decryptionAuthProvider: <C extends string = "decryption">(initializer: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }) => CookieAuthProvider<DecryptionAuthProvider>;
+export {};