npm - @openstax/ts-utils - Versions diffs - 1.44.4 → 1.46.0 - Mend

@openstax/ts-utils 1.44.4 → 1.46.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/dist/esm/index.d.ts CHANGED Viewed

@@ -2,4 +2,3 @@ export * from './misc/hashValue.js';
 export * from './misc/helpers.js';
 export * from './misc/merge.js';
 export * from './misc/partitionSequence.js';
-export * from './misc/timingSafeCompareStrings.js';

package/dist/esm/index.js CHANGED Viewed

@@ -2,4 +2,3 @@ export * from './misc/hashValue.js';
 export * from './misc/helpers.js';
 export * from './misc/merge.js';
 export * from './misc/partitionSequence.js';
-export * from './misc/timingSafeCompareStrings.js';

package/dist/esm/services/accountsGateway/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { ConfigProviderForConfig } from '../../config/index.js';
 import { GenericFetch } from '../../fetch/index.js';
 import { JsonCompatibleStruct } from '../../routing/index.js';
-import { ApiUser } from '../authProvider/index.js';
+import { ApiUser, ExternalId } from '../authProvider/index.js';
 import { Logger } from '../logger/index.js';
 export type Config = {
     accountsBase: string;
@@ -36,12 +36,12 @@ export type FindOrCreateUserPayload = {
 export type FindOrCreateUserResponse = {
     id: number;
     uuid: string;
-    external_ids: string[];
+    external_ids: ExternalId[];
     is_test: boolean;
     sso: string;
 };
 export type FindUserResponse = (FindOrCreateUserResponse & {
-    external_ids: string[];
+    external_ids: ExternalId[];
 }) | undefined;
 export type LinkUserPayload = {
     userId: number;
@@ -59,7 +59,7 @@ export type SearchUsersPayload = {
 };
 export type SearchUsersResponse = {
     items: Array<ApiUser & {
-        external_ids: string[];
+        external_ids: ExternalId[];
     } & JsonCompatibleStruct>;
     total_count: number;
 };
@@ -72,6 +72,10 @@ export type MappedUserInfo<T> = {
     platformUserId?: string;
     uuid: string;
 };
+/**
+ * Normalize an external_id to always return the string representation.
+ */
+export declare const normalizeExternalId: (externalId: ExternalId) => string;
 export declare const accountsGateway: <C extends string = "accounts">(initializer: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }) => ({ logger }: {
     logger: Logger;
 }) => {

package/dist/esm/services/accountsGateway/index.js CHANGED Viewed

@@ -11,6 +11,12 @@ class ApiError extends Error {
         this.status = status;
     }
 }
+/**
+ * Normalize an external_id to always return the string representation.
+ */
+export const normalizeExternalId = (externalId) => {
+    return typeof externalId === 'string' ? externalId : externalId.external_id;
+};
 export const accountsGateway = (initializer) => (configProvider) => {
     const config = configProvider[ifDefined(initializer.configSpace, 'accounts')];
     const accountsBase = once(() => resolveConfigValue(config.accountsBase));
@@ -59,7 +65,8 @@ export const accountsGateway = (initializer) => (configProvider) => {
         const searchUsers = async (payload) => request(METHOD.GET, `users?${queryString.stringify(payload)}`, {});
         const updateUser = async (token, body) => request(METHOD.PUT, 'user', { body, token });
         const getPlatformUserId = (externalIds, platformId) => {
-            for (const externalId of externalIds) {
+            const normalizedIds = externalIds.map(normalizeExternalId);
+            for (const externalId of normalizedIds) {
                 const [userPlatformId, userId] = externalId.split('/', 2);
                 if (userPlatformId === platformId) {
                     return userId;

package/dist/esm/services/authProvider/index.d.ts CHANGED Viewed

@@ -11,6 +11,11 @@ export type TokenUser = {
     name: string;
     uuid: string;
 };
+export type ExternalId = string | {
+    external_id: string;
+    user_id?: number;
+    role: string;
+};
 export type ApiUser = TokenUser & {
     id: number;
     first_name: string;
@@ -27,7 +32,7 @@ export type ApiUser = TokenUser & {
         name: string;
         roles: string[];
     }>;
-    external_ids: string[];
+    external_ids: ExternalId[];
     faculty_status: string;
     is_admin: boolean;
     is_not_gdpr_location: boolean;

package/dist/esm/services/httpMessage/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { createHttpMessageSigner } from './signer.js';
2	+ export { createHttpMessageVerifier } from './verifier.js';

package/dist/esm/services/httpMessage/index.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { createHttpMessageSigner } from './signer.js';
2	+ export { createHttpMessageVerifier } from './verifier.js';

package/dist/esm/services/httpMessage/signer.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { ConfigProviderForConfig } from '../../config/index.js';
+import { KeyStore } from '../keyStore/index.js';
+type Config = {
+    iss: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+}
+export declare const createHttpMessageSigner: <C extends string = "signer">({ configSpace }: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }, services: {
+    keyStore: KeyStore;
+}) => {
+    signRequest: (method: string, url: string, bodyString: string) => Promise<Record<string, string>>;
+};
+export type HttpMessageSigner = ReturnType<ReturnType<typeof createHttpMessageSigner>>;
+export {};

package/dist/esm/services/httpMessage/signer.js ADDED Viewed

@@ -0,0 +1,38 @@
+/* spell-checker: ignore httpbis meunier keyid */
+import { createHash } from 'crypto';
+import { createSigner, httpbis } from 'http-message-signatures';
+import { resolveConfigValue } from '../../config/index.js';
+import { once } from '../../misc/helpers.js';
+export const createHttpMessageSigner = ({ configSpace }) => (configProvider, services) => {
+    const config = configProvider[configSpace !== null && configSpace !== void 0 ? configSpace : 'signer'];
+    const getIss = once(async () => (await resolveConfigValue(config.iss)).replace(/\/+$/, ''));
+    const getKey = once(() => services.keyStore.getPrivateKey());
+    const getSigner = once(async () => {
+        const { pem } = await getKey();
+        return createSigner(pem, 'rsa-v1_5-sha256');
+    });
+    return {
+        signRequest: async (method, url, bodyString) => {
+            const { kid } = await getKey();
+            const digest = createHash('sha256').update(bodyString).digest('base64');
+            const key = await getSigner();
+            const signed = await httpbis.signMessage({
+                key,
+                // draft-meunier-http-message-signatures-directory requires signature-agent
+                // to be a covered component alongside the standard RFC 9421 derived components
+                fields: ['@method', '@target-uri', 'content-digest', 'signature-agent'],
+                params: ['keyid', 'alg'],
+                paramValues: { keyid: kid, alg: 'rsa-v1_5-sha256' },
+            }, {
+                method,
+                url,
+                headers: {
+                    // RFC 8941 byte sequence: sha-256=:base64value:
+                    'Content-Digest': `sha-256=:${digest}:`,
+                    'Signature-Agent': `${await getIss()}/.well-known/jwks.json`,
+                },
+            });
+            return signed.headers;
+        },
+    };
+};

package/dist/esm/services/keyStore/index.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { JWK } from 'node-jose';
+import { ConfigProviderForConfig } from '../../config/index.js';
+type Config = {
+    privateKey: string;
+};
+export type PrivateKey = {
+    kid: string;
+    pem: string;
+};
+export declare const createKeyStore: (config: ConfigProviderForConfig<Config>) => {
+    getPrivateKey: () => Promise<{
+        kid: string;
+        pem: string;
+    }>;
+    jwks: () => Promise<{
+        keys: JWK.RawKey[];
+    }>;
+};
+export type KeyStore = ReturnType<typeof createKeyStore>;
+export {};

package/dist/esm/services/keyStore/index.js ADDED Viewed

@@ -0,0 +1,23 @@
+import { JWK } from 'node-jose';
+import { resolveConfigValue } from '../../config/index.js';
+import { once } from '../../misc/helpers.js';
+export const createKeyStore = (config) => {
+    const store = once(async () => {
+        const pem = await resolveConfigValue(config.privateKey);
+        const keyStore = JWK.createKeyStore();
+        const { kid } = await keyStore.add(pem, 'pem');
+        const keys = [{ kid, pem }];
+        return { keyStore, keys };
+    });
+    return {
+        // this method only supports one key for now (always returns the first key)
+        getPrivateKey: async () => {
+            const { keys } = await store();
+            return keys[0];
+        },
+        jwks: async () => {
+            const { keyStore } = await store();
+            return keyStore.toJSON(false);
+        },
+    };
+};

package/dist/esm/services/launchParams/signer.d.ts CHANGED Viewed

@@ -1,11 +1,10 @@
-import { JWK } from 'node-jose';
 import { ConfigProviderForConfig } from '../../config/index.js';
 import type { JsonCompatibleStruct } from '../../routing/index.js';
+import { KeyStore } from '../keyStore/index.js';
 type Config = {
     alg: string;
     expiresIn: string;
     iss: string;
-    privateKey: string;
 };
 interface Initializer<C> {
     configSpace?: C;
@@ -13,10 +12,9 @@ interface Initializer<C> {
 /**
  * Creates a class that can sign launch params
  */
-export declare const createLaunchSigner: <C extends string = "launch">({ configSpace }: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }) => {
-    jwks: () => Promise<{
-        keys: JWK.RawKey[];
-    }>;
+export declare const createLaunchSigner: <C extends string = "launch">({ configSpace }: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }, services: {
+    keyStore: KeyStore;
+}) => {
     sign: (data: JsonCompatibleStruct, subject: string, maxExp?: number | null) => Promise<string>;
 };
 export type LaunchSigner = ReturnType<ReturnType<typeof createLaunchSigner>>;

package/dist/esm/services/launchParams/signer.js CHANGED Viewed

@@ -1,6 +1,5 @@
 import jwt from 'jsonwebtoken';
 import ms from 'ms';
-import { JWK } from 'node-jose';
 import { resolveConfigValue } from '../../config/index.js';
 import { ifDefined } from '../../guards/index.js';
 import { once } from '../../index.js';
@@ -16,18 +15,12 @@ const assertAlg = (alg) => {
 /**
  * Creates a class that can sign launch params
  */
-export const createLaunchSigner = ({ configSpace }) => (configProvider) => {
+export const createLaunchSigner = ({ configSpace }) => (configProvider, services) => {
     const config = configProvider[ifDefined(configSpace, 'launch')];
     const getAlg = once(async () => assertAlg(await resolveConfigValue(config.alg)));
     const getExpiresIn = once(() => resolveConfigValue(config.expiresIn));
     const getIss = once(() => resolveConfigValue(config.iss));
-    const getPrivateKey = once(() => resolveConfigValue(config.privateKey));
-    const getKeyStore = once(async () => {
-        const keystore = JWK.createKeyStore();
-        await keystore.add(await getPrivateKey(), 'pem');
-        return keystore;
-    });
-    const jwks = async () => (await getKeyStore()).toJSON(false);
+    const getKey = once(() => services.keyStore.getPrivateKey());
     const getExpiresInWithMax = async (maxExp) => {
         const expiresIn = await getExpiresIn();
         // The ms library used by jsonwebtoken can handle a value in seconds as well as a string like '1d'
@@ -40,12 +33,13 @@ export const createLaunchSigner = ({ configSpace }) => (configProvider) => {
         return Math.min(expiresInSeconds, maxExpSeconds);
     };
     const sign = async (data, subject, maxExp) => {
+        const { kid, pem } = await getKey();
         const alg = await getAlg();
         // expiresIn can be a number of seconds or a string like '1h' or '1d'
         const expiresIn = await getExpiresInWithMax(maxExp);
         const iss = await getIss();
-        const header = { alg, iss };
-        return jwt.sign(data, await getPrivateKey(), { algorithm: alg, expiresIn, header, issuer: iss, subject });
+        const header = { alg, iss, kid };
+        return jwt.sign(data, pem, { algorithm: alg, expiresIn, header, issuer: iss, subject });
     };
-    return { jwks, sign };
+    return { sign };
 };