@opentdf/sdk 0.13.0-beta.126 → 0.13.0-beta.128
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/index.js +8 -2
- package/dist/cjs/src/platform/authorization/entity-identifiers.js +88 -0
- package/dist/types/src/index.d.ts +1 -0
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/platform/authorization/entity-identifiers.d.ts +41 -0
- package/dist/types/src/platform/authorization/entity-identifiers.d.ts.map +1 -0
- package/dist/web/src/index.js +2 -1
- package/dist/web/src/platform/authorization/entity-identifiers.js +81 -0
- package/package.json +1 -1
- package/src/index.ts +7 -0
- package/src/platform/authorization/entity-identifiers.ts +102 -0
package/dist/cjs/src/index.js
CHANGED
|
@@ -36,7 +36,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
36
36
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
37
37
|
};
|
|
38
38
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
-
exports.ConfigurationError = exports.AttributeNotFoundError = exports.AttributeValidationError = exports.NetworkError = exports.DecryptError = exports.InvalidFileError = exports.IntegrityError = exports.PermissionDeniedError = exports.TdfError = exports.PlatformClient = exports.tdfSpecVersion = exports.clientType = exports.version = exports.attributeValueExists = exports.attributeExists = exports.validateAttributes = exports.listAttributes = exports.attributeFQNsAsValues = exports.externalJwtTokenProvider = exports.refreshTokenProvider = exports.clientCredentialsTokenProvider = exports.authProviderInterceptor = exports.authTokenDPoPInterceptor = exports.authTokenInterceptor = exports.AuthProviders = exports.withHeaders = exports.HttpRequest = void 0;
|
|
39
|
+
exports.ConfigurationError = exports.AttributeNotFoundError = exports.AttributeValidationError = exports.NetworkError = exports.DecryptError = exports.InvalidFileError = exports.IntegrityError = exports.PermissionDeniedError = exports.TdfError = exports.PlatformClient = exports.tdfSpecVersion = exports.clientType = exports.version = exports.attributeValueExists = exports.attributeExists = exports.validateAttributes = exports.listAttributes = exports.withRequestToken = exports.forToken = exports.forUserName = exports.forClientId = exports.forEmail = exports.attributeFQNsAsValues = exports.externalJwtTokenProvider = exports.refreshTokenProvider = exports.clientCredentialsTokenProvider = exports.authProviderInterceptor = exports.authTokenDPoPInterceptor = exports.authTokenInterceptor = exports.AuthProviders = exports.withHeaders = exports.HttpRequest = void 0;
|
|
40
40
|
var auth_js_1 = require("./auth/auth.js");
|
|
41
41
|
Object.defineProperty(exports, "HttpRequest", { enumerable: true, get: function () { return auth_js_1.HttpRequest; } });
|
|
42
42
|
Object.defineProperty(exports, "withHeaders", { enumerable: true, get: function () { return auth_js_1.withHeaders; } });
|
|
@@ -51,6 +51,12 @@ Object.defineProperty(exports, "refreshTokenProvider", { enumerable: true, get:
|
|
|
51
51
|
Object.defineProperty(exports, "externalJwtTokenProvider", { enumerable: true, get: function () { return token_providers_js_1.externalJwtTokenProvider; } });
|
|
52
52
|
var api_js_1 = require("./policy/api.js");
|
|
53
53
|
Object.defineProperty(exports, "attributeFQNsAsValues", { enumerable: true, get: function () { return api_js_1.attributeFQNsAsValues; } });
|
|
54
|
+
var entity_identifiers_js_1 = require("./platform/authorization/entity-identifiers.js");
|
|
55
|
+
Object.defineProperty(exports, "forEmail", { enumerable: true, get: function () { return entity_identifiers_js_1.forEmail; } });
|
|
56
|
+
Object.defineProperty(exports, "forClientId", { enumerable: true, get: function () { return entity_identifiers_js_1.forClientId; } });
|
|
57
|
+
Object.defineProperty(exports, "forUserName", { enumerable: true, get: function () { return entity_identifiers_js_1.forUserName; } });
|
|
58
|
+
Object.defineProperty(exports, "forToken", { enumerable: true, get: function () { return entity_identifiers_js_1.forToken; } });
|
|
59
|
+
Object.defineProperty(exports, "withRequestToken", { enumerable: true, get: function () { return entity_identifiers_js_1.withRequestToken; } });
|
|
54
60
|
var discovery_js_1 = require("./policy/discovery.js");
|
|
55
61
|
Object.defineProperty(exports, "listAttributes", { enumerable: true, get: function () { return discovery_js_1.listAttributes; } });
|
|
56
62
|
Object.defineProperty(exports, "validateAttributes", { enumerable: true, get: function () { return discovery_js_1.validateAttributes; } });
|
|
@@ -75,4 +81,4 @@ Object.defineProperty(exports, "AttributeNotFoundError", { enumerable: true, get
|
|
|
75
81
|
Object.defineProperty(exports, "ConfigurationError", { enumerable: true, get: function () { return errors_js_1.ConfigurationError; } });
|
|
76
82
|
__exportStar(require("./seekable.js"), exports);
|
|
77
83
|
__exportStar(require("../tdf3/src/models/index.js"), exports);
|
|
78
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
84
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMENBQThGO0FBQWpELHNHQUFBLFdBQVcsT0FBQTtBQUFFLHNHQUFBLFdBQVcsT0FBQTtBQUNyRSxxRUFBcUQ7QUFDckQsMERBU2dDO0FBUjlCLHVIQUFBLG9CQUFvQixPQUFBO0FBQ3BCLDJIQUFBLHdCQUF3QixPQUFBO0FBQ3hCLDBIQUFBLHVCQUF1QixPQUFBO0FBT3pCLGdFQU9tQztBQU5qQyxvSUFBQSw4QkFBOEIsT0FBQTtBQUM5QiwwSEFBQSxvQkFBb0IsT0FBQTtBQUNwQiw4SEFBQSx3QkFBd0IsT0FBQTtBQUsxQiwwQ0FBd0Q7QUFBL0MsK0dBQUEscUJBQXFCLE9BQUE7QUFDOUIsd0ZBTXdEO0FBTHRELGlIQUFBLFFBQVEsT0FBQTtBQUNSLG9IQUFBLFdBQVcsT0FBQTtBQUNYLG9IQUFBLFdBQVcsT0FBQTtBQUNYLGlIQUFBLFFBQVEsT0FBQTtBQUNSLHlIQUFBLGdCQUFnQixPQUFBO0FBRWxCLHNEQUsrQjtBQUo3Qiw4R0FBQSxjQUFjLE9BQUE7QUFDZCxrSEFBQSxrQkFBa0IsT0FBQTtBQUNsQiwrR0FBQSxlQUFlLE9BQUE7QUFDZixvSEFBQSxvQkFBb0IsT0FBQTtBQUV0QiwyQ0FBbUU7QUFBMUQscUdBQUEsT0FBTyxPQUFBO0FBQUUsd0dBQUEsVUFBVSxPQUFBO0FBQUUsNEdBQUEsY0FBYyxPQUFBO0FBQzVDLDZDQUFrRztBQUF6Riw2R0FBQSxjQUFjLE9BQUE7QUFDdkIsK0NBQTZCO0FBQzdCLHlDQVVxQjtBQVRuQixxR0FBQSxRQUFRLE9BQUE7QUFDUixrSEFBQSxxQkFBcUIsT0FBQTtBQUNyQiwyR0FBQSxjQUFjLE9BQUE7QUFDZCw2R0FBQSxnQkFBZ0IsT0FBQTtBQUNoQix5R0FBQSxZQUFZLE9BQUE7QUFDWix5R0FBQSxZQUFZLE9BQUE7QUFDWixxSEFBQSx3QkFBd0IsT0FBQTtBQUN4QixtSEFBQSxzQkFBc0IsT0FBQTtBQUN0QiwrR0FBQSxrQkFBa0IsT0FBQTtBQUVwQixnREFBOEI7QUFDOUIsOERBQTRDIn0=
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.forEmail = forEmail;
|
|
4
|
+
exports.forClientId = forClientId;
|
|
5
|
+
exports.forUserName = forUserName;
|
|
6
|
+
exports.forToken = forToken;
|
|
7
|
+
exports.withRequestToken = withRequestToken;
|
|
8
|
+
const protobuf_1 = require("@bufbuild/protobuf");
|
|
9
|
+
const wkt_1 = require("@bufbuild/protobuf/wkt");
|
|
10
|
+
const authorization_pb_js_1 = require("./v2/authorization_pb.js");
|
|
11
|
+
const entity_pb_js_1 = require("../entity/entity_pb.js");
|
|
12
|
+
/**
|
|
13
|
+
* Convenience constructors for {@link EntityIdentifier}, mirroring the Go SDK
|
|
14
|
+
* helpers (`ForEmail`, `ForClientID`, etc.).
|
|
15
|
+
*
|
|
16
|
+
* Each function builds a complete `EntityIdentifier` so callers avoid deeply
|
|
17
|
+
* nested object literals.
|
|
18
|
+
*
|
|
19
|
+
* @example
|
|
20
|
+
* ```ts
|
|
21
|
+
* // Before
|
|
22
|
+
* const eid = create(EntityIdentifierSchema, {
|
|
23
|
+
* identifier: {
|
|
24
|
+
* case: 'entityChain',
|
|
25
|
+
* value: create(EntityChainSchema, {
|
|
26
|
+
* entities: [create(EntitySchema, {
|
|
27
|
+
* entityType: { case: 'emailAddress', value: 'jen@example.com' },
|
|
28
|
+
* category: Entity_Category.SUBJECT,
|
|
29
|
+
* })],
|
|
30
|
+
* }),
|
|
31
|
+
* },
|
|
32
|
+
* });
|
|
33
|
+
*
|
|
34
|
+
* // After
|
|
35
|
+
* const eid = forEmail('jen@example.com');
|
|
36
|
+
* ```
|
|
37
|
+
*/
|
|
38
|
+
/** Returns an EntityIdentifier for a subject identified by email address. */
|
|
39
|
+
function forEmail(email) {
|
|
40
|
+
return fromEntity((0, protobuf_1.create)(entity_pb_js_1.EntitySchema, {
|
|
41
|
+
entityType: { case: 'emailAddress', value: email },
|
|
42
|
+
category: entity_pb_js_1.Entity_Category.SUBJECT,
|
|
43
|
+
}));
|
|
44
|
+
}
|
|
45
|
+
/** Returns an EntityIdentifier for a subject identified by client ID. */
|
|
46
|
+
function forClientId(clientId) {
|
|
47
|
+
return fromEntity((0, protobuf_1.create)(entity_pb_js_1.EntitySchema, {
|
|
48
|
+
entityType: { case: 'clientId', value: clientId },
|
|
49
|
+
category: entity_pb_js_1.Entity_Category.SUBJECT,
|
|
50
|
+
}));
|
|
51
|
+
}
|
|
52
|
+
/** Returns an EntityIdentifier for a subject identified by username. */
|
|
53
|
+
function forUserName(userName) {
|
|
54
|
+
return fromEntity((0, protobuf_1.create)(entity_pb_js_1.EntitySchema, {
|
|
55
|
+
entityType: { case: 'userName', value: userName },
|
|
56
|
+
category: entity_pb_js_1.Entity_Category.SUBJECT,
|
|
57
|
+
}));
|
|
58
|
+
}
|
|
59
|
+
/** Returns an EntityIdentifier that resolves the entity from the given JWT. */
|
|
60
|
+
function forToken(jwt) {
|
|
61
|
+
return (0, protobuf_1.create)(authorization_pb_js_1.EntityIdentifierSchema, {
|
|
62
|
+
identifier: {
|
|
63
|
+
case: 'token',
|
|
64
|
+
value: (0, protobuf_1.create)(entity_pb_js_1.TokenSchema, { jwt }),
|
|
65
|
+
},
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Returns an EntityIdentifier that instructs the authorization service to
|
|
70
|
+
* derive the entity from the request's Authorization header token.
|
|
71
|
+
*/
|
|
72
|
+
function withRequestToken() {
|
|
73
|
+
return (0, protobuf_1.create)(authorization_pb_js_1.EntityIdentifierSchema, {
|
|
74
|
+
identifier: {
|
|
75
|
+
case: 'withRequestToken',
|
|
76
|
+
value: (0, protobuf_1.create)(wkt_1.BoolValueSchema, { value: true }),
|
|
77
|
+
},
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
function fromEntity(entity) {
|
|
81
|
+
return (0, protobuf_1.create)(authorization_pb_js_1.EntityIdentifierSchema, {
|
|
82
|
+
identifier: {
|
|
83
|
+
case: 'entityChain',
|
|
84
|
+
value: (0, protobuf_1.create)(entity_pb_js_1.EntityChainSchema, { entities: [entity] }),
|
|
85
|
+
},
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW50aXR5LWlkZW50aWZpZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vc3JjL3BsYXRmb3JtL2F1dGhvcml6YXRpb24vZW50aXR5LWlkZW50aWZpZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBMENBLDRCQU9DO0FBR0Qsa0NBT0M7QUFHRCxrQ0FPQztBQUdELDRCQU9DO0FBTUQsNENBT0M7QUE1RkQsaURBQTRDO0FBQzVDLGdEQUF5RDtBQUN6RCxrRUFHa0M7QUFDbEMseURBTWdDO0FBRWhDOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBeUJHO0FBRUgsNkVBQTZFO0FBQzdFLFNBQWdCLFFBQVEsQ0FBQyxLQUFhO0lBQ3BDLE9BQU8sVUFBVSxDQUNmLElBQUEsaUJBQU0sRUFBQywyQkFBWSxFQUFFO1FBQ25CLFVBQVUsRUFBRSxFQUFFLElBQUksRUFBRSxjQUFjLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRTtRQUNsRCxRQUFRLEVBQUUsOEJBQWUsQ0FBQyxPQUFPO0tBQ2xDLENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQztBQUVELHlFQUF5RTtBQUN6RSxTQUFnQixXQUFXLENBQUMsUUFBZ0I7SUFDMUMsT0FBTyxVQUFVLENBQ2YsSUFBQSxpQkFBTSxFQUFDLDJCQUFZLEVBQUU7UUFDbkIsVUFBVSxFQUFFLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUsUUFBUSxFQUFFO1FBQ2pELFFBQVEsRUFBRSw4QkFBZSxDQUFDLE9BQU87S0FDbEMsQ0FBQyxDQUNILENBQUM7QUFDSixDQUFDO0FBRUQsd0VBQXdFO0FBQ3hFLFNBQWdCLFdBQVcsQ0FBQyxRQUFnQjtJQUMxQyxPQUFPLFVBQVUsQ0FDZixJQUFBLGlCQUFNLEVBQUMsMkJBQVksRUFBRTtRQUNuQixVQUFVLEVBQUUsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLEtBQUssRUFBRSxRQUFRLEVBQUU7UUFDakQsUUFBUSxFQUFFLDhCQUFlLENBQUMsT0FBTztLQUNsQyxDQUFDLENBQ0gsQ0FBQztBQUNKLENBQUM7QUFFRCwrRUFBK0U7QUFDL0UsU0FBZ0IsUUFBUSxDQUFDLEdBQVc7SUFDbEMsT0FBTyxJQUFBLGlCQUFNLEVBQUMsNENBQXNCLEVBQUU7UUFDcEMsVUFBVSxFQUFFO1lBQ1YsSUFBSSxFQUFFLE9BQU87WUFDYixLQUFLLEVBQUUsSUFBQSxpQkFBTSxFQUFDLDBCQUFXLEVBQUUsRUFBRSxHQUFHLEVBQUUsQ0FBQztTQUNwQztLQUNGLENBQUMsQ0FBQztBQUNMLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxTQUFnQixnQkFBZ0I7SUFDOUIsT0FBTyxJQUFBLGlCQUFNLEVBQUMsNENBQXNCLEVBQUU7UUFDcEMsVUFBVSxFQUFFO1lBQ1YsSUFBSSxFQUFFLGtCQUFrQjtZQUN4QixLQUFLLEVBQUUsSUFBQSxpQkFBTSxFQUFDLHFCQUFlLEVBQUUsRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLENBQUM7U0FDaEQ7S0FDRixDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsU0FBUyxVQUFVLENBQUMsTUFBYztJQUNoQyxPQUFPLElBQUEsaUJBQU0sRUFBQyw0Q0FBc0IsRUFBRTtRQUNwQyxVQUFVLEVBQUU7WUFDVixJQUFJLEVBQUUsYUFBYTtZQUNuQixLQUFLLEVBQUUsSUFBQSxpQkFBTSxFQUFDLGdDQUFpQixFQUFFLEVBQUUsUUFBUSxFQUFFLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztTQUN6RDtLQUNGLENBQUMsQ0FBQztBQUNMLENBQUMifQ==
|
|
@@ -3,6 +3,7 @@ export * as AuthProviders from './auth/providers.js';
|
|
|
3
3
|
export { authTokenInterceptor, authTokenDPoPInterceptor, authProviderInterceptor, type AuthConfig, type DPoPInterceptor, type DPoPInterceptorOptions, type Interceptor, type TokenProvider, } from './auth/interceptors.js';
|
|
4
4
|
export { clientCredentialsTokenProvider, refreshTokenProvider, externalJwtTokenProvider, type ClientCredentialsTokenProviderOptions, type RefreshTokenProviderOptions, type ExternalJwtTokenProviderOptions, } from './auth/token-providers.js';
|
|
5
5
|
export { attributeFQNsAsValues } from './policy/api.js';
|
|
6
|
+
export { forEmail, forClientId, forUserName, forToken, withRequestToken, } from './platform/authorization/entity-identifiers.js';
|
|
6
7
|
export { listAttributes, validateAttributes, attributeExists, attributeValueExists, } from './policy/discovery.js';
|
|
7
8
|
export { version, clientType, tdfSpecVersion } from './version.js';
|
|
8
9
|
export { PlatformClient, type PlatformClientOptions, type PlatformServices } from './platform.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC9F,OAAO,KAAK,aAAa,MAAM,qBAAqB,CAAC;AACrD,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,EACvB,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,aAAa,GACnB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,8BAA8B,EAC9B,oBAAoB,EACpB,wBAAwB,EACxB,KAAK,qCAAqC,EAC1C,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,GACrC,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,eAAe,EACf,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAClG,cAAc,cAAc,CAAC;AAC7B,OAAO,EACL,QAAQ,EACR,qBAAqB,EACrB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,wBAAwB,EACxB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,cAAc,eAAe,CAAC;AAC9B,cAAc,6BAA6B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC9F,OAAO,KAAK,aAAa,MAAM,qBAAqB,CAAC;AACrD,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,EACvB,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,aAAa,GACnB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,8BAA8B,EAC9B,oBAAoB,EACpB,wBAAwB,EACxB,KAAK,qCAAqC,EAC1C,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,GACrC,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,QAAQ,EACR,WAAW,EACX,WAAW,EACX,QAAQ,EACR,gBAAgB,GACjB,MAAM,gDAAgD,CAAC;AACxD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,eAAe,EACf,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAClG,cAAc,cAAc,CAAC;AAC7B,OAAO,EACL,QAAQ,EACR,qBAAqB,EACrB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,wBAAwB,EACxB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,cAAc,eAAe,CAAC;AAC9B,cAAc,6BAA6B,CAAC"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { type EntityIdentifier } from './v2/authorization_pb.js';
|
|
2
|
+
/**
|
|
3
|
+
* Convenience constructors for {@link EntityIdentifier}, mirroring the Go SDK
|
|
4
|
+
* helpers (`ForEmail`, `ForClientID`, etc.).
|
|
5
|
+
*
|
|
6
|
+
* Each function builds a complete `EntityIdentifier` so callers avoid deeply
|
|
7
|
+
* nested object literals.
|
|
8
|
+
*
|
|
9
|
+
* @example
|
|
10
|
+
* ```ts
|
|
11
|
+
* // Before
|
|
12
|
+
* const eid = create(EntityIdentifierSchema, {
|
|
13
|
+
* identifier: {
|
|
14
|
+
* case: 'entityChain',
|
|
15
|
+
* value: create(EntityChainSchema, {
|
|
16
|
+
* entities: [create(EntitySchema, {
|
|
17
|
+
* entityType: { case: 'emailAddress', value: 'jen@example.com' },
|
|
18
|
+
* category: Entity_Category.SUBJECT,
|
|
19
|
+
* })],
|
|
20
|
+
* }),
|
|
21
|
+
* },
|
|
22
|
+
* });
|
|
23
|
+
*
|
|
24
|
+
* // After
|
|
25
|
+
* const eid = forEmail('jen@example.com');
|
|
26
|
+
* ```
|
|
27
|
+
*/
|
|
28
|
+
/** Returns an EntityIdentifier for a subject identified by email address. */
|
|
29
|
+
export declare function forEmail(email: string): EntityIdentifier;
|
|
30
|
+
/** Returns an EntityIdentifier for a subject identified by client ID. */
|
|
31
|
+
export declare function forClientId(clientId: string): EntityIdentifier;
|
|
32
|
+
/** Returns an EntityIdentifier for a subject identified by username. */
|
|
33
|
+
export declare function forUserName(userName: string): EntityIdentifier;
|
|
34
|
+
/** Returns an EntityIdentifier that resolves the entity from the given JWT. */
|
|
35
|
+
export declare function forToken(jwt: string): EntityIdentifier;
|
|
36
|
+
/**
|
|
37
|
+
* Returns an EntityIdentifier that instructs the authorization service to
|
|
38
|
+
* derive the entity from the request's Authorization header token.
|
|
39
|
+
*/
|
|
40
|
+
export declare function withRequestToken(): EntityIdentifier;
|
|
41
|
+
//# sourceMappingURL=entity-identifiers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"entity-identifiers.d.ts","sourceRoot":"","sources":["../../../../../src/platform/authorization/entity-identifiers.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,KAAK,gBAAgB,EAEtB,MAAM,0BAA0B,CAAC;AASlC;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,6EAA6E;AAC7E,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB,CAOxD;AAED,yEAAyE;AACzE,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CAO9D;AAED,wEAAwE;AACxE,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CAO9D;AAED,+EAA+E;AAC/E,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAOtD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,gBAAgB,CAOnD"}
|
package/dist/web/src/index.js
CHANGED
|
@@ -3,6 +3,7 @@ export * as AuthProviders from './auth/providers.js';
|
|
|
3
3
|
export { authTokenInterceptor, authTokenDPoPInterceptor, authProviderInterceptor, } from './auth/interceptors.js';
|
|
4
4
|
export { clientCredentialsTokenProvider, refreshTokenProvider, externalJwtTokenProvider, } from './auth/token-providers.js';
|
|
5
5
|
export { attributeFQNsAsValues } from './policy/api.js';
|
|
6
|
+
export { forEmail, forClientId, forUserName, forToken, withRequestToken, } from './platform/authorization/entity-identifiers.js';
|
|
6
7
|
export { listAttributes, validateAttributes, attributeExists, attributeValueExists, } from './policy/discovery.js';
|
|
7
8
|
export { version, clientType, tdfSpecVersion } from './version.js';
|
|
8
9
|
export { PlatformClient } from './platform.js';
|
|
@@ -10,4 +11,4 @@ export * from './opentdf.js';
|
|
|
10
11
|
export { TdfError, PermissionDeniedError, IntegrityError, InvalidFileError, DecryptError, NetworkError, AttributeValidationError, AttributeNotFoundError, ConfigurationError, } from './errors.js';
|
|
11
12
|
export * from './seekable.js';
|
|
12
13
|
export * from '../tdf3/src/models/index.js';
|
|
13
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
14
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFzQyxXQUFXLEVBQUUsV0FBVyxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDOUYsT0FBTyxLQUFLLGFBQWEsTUFBTSxxQkFBcUIsQ0FBQztBQUNyRCxPQUFPLEVBQ0wsb0JBQW9CLEVBQ3BCLHdCQUF3QixFQUN4Qix1QkFBdUIsR0FNeEIsTUFBTSx3QkFBd0IsQ0FBQztBQUNoQyxPQUFPLEVBQ0wsOEJBQThCLEVBQzlCLG9CQUFvQixFQUNwQix3QkFBd0IsR0FJekIsTUFBTSwyQkFBMkIsQ0FBQztBQUNuQyxPQUFPLEVBQUUscUJBQXFCLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUN4RCxPQUFPLEVBQ0wsUUFBUSxFQUNSLFdBQVcsRUFDWCxXQUFXLEVBQ1gsUUFBUSxFQUNSLGdCQUFnQixHQUNqQixNQUFNLGdEQUFnRCxDQUFDO0FBQ3hELE9BQU8sRUFDTCxjQUFjLEVBQ2Qsa0JBQWtCLEVBQ2xCLGVBQWUsRUFDZixvQkFBb0IsR0FDckIsTUFBTSx1QkFBdUIsQ0FBQztBQUMvQixPQUFPLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxjQUFjLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDbkUsT0FBTyxFQUFFLGNBQWMsRUFBcUQsTUFBTSxlQUFlLENBQUM7QUFDbEcsY0FBYyxjQUFjLENBQUM7QUFDN0IsT0FBTyxFQUNMLFFBQVEsRUFDUixxQkFBcUIsRUFDckIsY0FBYyxFQUNkLGdCQUFnQixFQUNoQixZQUFZLEVBQ1osWUFBWSxFQUNaLHdCQUF3QixFQUN4QixzQkFBc0IsRUFDdEIsa0JBQWtCLEdBQ25CLE1BQU0sYUFBYSxDQUFDO0FBQ3JCLGNBQWMsZUFBZSxDQUFDO0FBQzlCLGNBQWMsNkJBQTZCLENBQUMifQ==
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { create } from '@bufbuild/protobuf';
|
|
2
|
+
import { BoolValueSchema } from '@bufbuild/protobuf/wkt';
|
|
3
|
+
import { EntityIdentifierSchema, } from './v2/authorization_pb.js';
|
|
4
|
+
import { Entity_Category, EntityChainSchema, EntitySchema, TokenSchema, } from '../entity/entity_pb.js';
|
|
5
|
+
/**
|
|
6
|
+
* Convenience constructors for {@link EntityIdentifier}, mirroring the Go SDK
|
|
7
|
+
* helpers (`ForEmail`, `ForClientID`, etc.).
|
|
8
|
+
*
|
|
9
|
+
* Each function builds a complete `EntityIdentifier` so callers avoid deeply
|
|
10
|
+
* nested object literals.
|
|
11
|
+
*
|
|
12
|
+
* @example
|
|
13
|
+
* ```ts
|
|
14
|
+
* // Before
|
|
15
|
+
* const eid = create(EntityIdentifierSchema, {
|
|
16
|
+
* identifier: {
|
|
17
|
+
* case: 'entityChain',
|
|
18
|
+
* value: create(EntityChainSchema, {
|
|
19
|
+
* entities: [create(EntitySchema, {
|
|
20
|
+
* entityType: { case: 'emailAddress', value: 'jen@example.com' },
|
|
21
|
+
* category: Entity_Category.SUBJECT,
|
|
22
|
+
* })],
|
|
23
|
+
* }),
|
|
24
|
+
* },
|
|
25
|
+
* });
|
|
26
|
+
*
|
|
27
|
+
* // After
|
|
28
|
+
* const eid = forEmail('jen@example.com');
|
|
29
|
+
* ```
|
|
30
|
+
*/
|
|
31
|
+
/** Returns an EntityIdentifier for a subject identified by email address. */
|
|
32
|
+
export function forEmail(email) {
|
|
33
|
+
return fromEntity(create(EntitySchema, {
|
|
34
|
+
entityType: { case: 'emailAddress', value: email },
|
|
35
|
+
category: Entity_Category.SUBJECT,
|
|
36
|
+
}));
|
|
37
|
+
}
|
|
38
|
+
/** Returns an EntityIdentifier for a subject identified by client ID. */
|
|
39
|
+
export function forClientId(clientId) {
|
|
40
|
+
return fromEntity(create(EntitySchema, {
|
|
41
|
+
entityType: { case: 'clientId', value: clientId },
|
|
42
|
+
category: Entity_Category.SUBJECT,
|
|
43
|
+
}));
|
|
44
|
+
}
|
|
45
|
+
/** Returns an EntityIdentifier for a subject identified by username. */
|
|
46
|
+
export function forUserName(userName) {
|
|
47
|
+
return fromEntity(create(EntitySchema, {
|
|
48
|
+
entityType: { case: 'userName', value: userName },
|
|
49
|
+
category: Entity_Category.SUBJECT,
|
|
50
|
+
}));
|
|
51
|
+
}
|
|
52
|
+
/** Returns an EntityIdentifier that resolves the entity from the given JWT. */
|
|
53
|
+
export function forToken(jwt) {
|
|
54
|
+
return create(EntityIdentifierSchema, {
|
|
55
|
+
identifier: {
|
|
56
|
+
case: 'token',
|
|
57
|
+
value: create(TokenSchema, { jwt }),
|
|
58
|
+
},
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Returns an EntityIdentifier that instructs the authorization service to
|
|
63
|
+
* derive the entity from the request's Authorization header token.
|
|
64
|
+
*/
|
|
65
|
+
export function withRequestToken() {
|
|
66
|
+
return create(EntityIdentifierSchema, {
|
|
67
|
+
identifier: {
|
|
68
|
+
case: 'withRequestToken',
|
|
69
|
+
value: create(BoolValueSchema, { value: true }),
|
|
70
|
+
},
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
function fromEntity(entity) {
|
|
74
|
+
return create(EntityIdentifierSchema, {
|
|
75
|
+
identifier: {
|
|
76
|
+
case: 'entityChain',
|
|
77
|
+
value: create(EntityChainSchema, { entities: [entity] }),
|
|
78
|
+
},
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW50aXR5LWlkZW50aWZpZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vc3JjL3BsYXRmb3JtL2F1dGhvcml6YXRpb24vZW50aXR5LWlkZW50aWZpZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUM1QyxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDekQsT0FBTyxFQUVMLHNCQUFzQixHQUN2QixNQUFNLDBCQUEwQixDQUFDO0FBQ2xDLE9BQU8sRUFFTCxlQUFlLEVBQ2YsaUJBQWlCLEVBQ2pCLFlBQVksRUFDWixXQUFXLEdBQ1osTUFBTSx3QkFBd0IsQ0FBQztBQUVoQzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXlCRztBQUVILDZFQUE2RTtBQUM3RSxNQUFNLFVBQVUsUUFBUSxDQUFDLEtBQWE7SUFDcEMsT0FBTyxVQUFVLENBQ2YsTUFBTSxDQUFDLFlBQVksRUFBRTtRQUNuQixVQUFVLEVBQUUsRUFBRSxJQUFJLEVBQUUsY0FBYyxFQUFFLEtBQUssRUFBRSxLQUFLLEVBQUU7UUFDbEQsUUFBUSxFQUFFLGVBQWUsQ0FBQyxPQUFPO0tBQ2xDLENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQztBQUVELHlFQUF5RTtBQUN6RSxNQUFNLFVBQVUsV0FBVyxDQUFDLFFBQWdCO0lBQzFDLE9BQU8sVUFBVSxDQUNmLE1BQU0sQ0FBQyxZQUFZLEVBQUU7UUFDbkIsVUFBVSxFQUFFLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUsUUFBUSxFQUFFO1FBQ2pELFFBQVEsRUFBRSxlQUFlLENBQUMsT0FBTztLQUNsQyxDQUFDLENBQ0gsQ0FBQztBQUNKLENBQUM7QUFFRCx3RUFBd0U7QUFDeEUsTUFBTSxVQUFVLFdBQVcsQ0FBQyxRQUFnQjtJQUMxQyxPQUFPLFVBQVUsQ0FDZixNQUFNLENBQUMsWUFBWSxFQUFFO1FBQ25CLFVBQVUsRUFBRSxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRTtRQUNqRCxRQUFRLEVBQUUsZUFBZSxDQUFDLE9BQU87S0FDbEMsQ0FBQyxDQUNILENBQUM7QUFDSixDQUFDO0FBRUQsK0VBQStFO0FBQy9FLE1BQU0sVUFBVSxRQUFRLENBQUMsR0FBVztJQUNsQyxPQUFPLE1BQU0sQ0FBQyxzQkFBc0IsRUFBRTtRQUNwQyxVQUFVLEVBQUU7WUFDVixJQUFJLEVBQUUsT0FBTztZQUNiLEtBQUssRUFBRSxNQUFNLENBQUMsV0FBVyxFQUFFLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDcEM7S0FDRixDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSxVQUFVLGdCQUFnQjtJQUM5QixPQUFPLE1BQU0sQ0FBQyxzQkFBc0IsRUFBRTtRQUNwQyxVQUFVLEVBQUU7WUFDVixJQUFJLEVBQUUsa0JBQWtCO1lBQ3hCLEtBQUssRUFBRSxNQUFNLENBQUMsZUFBZSxFQUFFLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxDQUFDO1NBQ2hEO0tBQ0YsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELFNBQVMsVUFBVSxDQUFDLE1BQWM7SUFDaEMsT0FBTyxNQUFNLENBQUMsc0JBQXNCLEVBQUU7UUFDcEMsVUFBVSxFQUFFO1lBQ1YsSUFBSSxFQUFFLGFBQWE7WUFDbkIsS0FBSyxFQUFFLE1BQU0sQ0FBQyxpQkFBaUIsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7U0FDekQ7S0FDRixDQUFDLENBQUM7QUFDTCxDQUFDIn0=
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -19,6 +19,13 @@ export {
|
|
|
19
19
|
type ExternalJwtTokenProviderOptions,
|
|
20
20
|
} from './auth/token-providers.js';
|
|
21
21
|
export { attributeFQNsAsValues } from './policy/api.js';
|
|
22
|
+
export {
|
|
23
|
+
forEmail,
|
|
24
|
+
forClientId,
|
|
25
|
+
forUserName,
|
|
26
|
+
forToken,
|
|
27
|
+
withRequestToken,
|
|
28
|
+
} from './platform/authorization/entity-identifiers.js';
|
|
22
29
|
export {
|
|
23
30
|
listAttributes,
|
|
24
31
|
validateAttributes,
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
import { create } from '@bufbuild/protobuf';
|
|
2
|
+
import { BoolValueSchema } from '@bufbuild/protobuf/wkt';
|
|
3
|
+
import {
|
|
4
|
+
type EntityIdentifier,
|
|
5
|
+
EntityIdentifierSchema,
|
|
6
|
+
} from './v2/authorization_pb.js';
|
|
7
|
+
import {
|
|
8
|
+
type Entity,
|
|
9
|
+
Entity_Category,
|
|
10
|
+
EntityChainSchema,
|
|
11
|
+
EntitySchema,
|
|
12
|
+
TokenSchema,
|
|
13
|
+
} from '../entity/entity_pb.js';
|
|
14
|
+
|
|
15
|
+
/**
|
|
16
|
+
* Convenience constructors for {@link EntityIdentifier}, mirroring the Go SDK
|
|
17
|
+
* helpers (`ForEmail`, `ForClientID`, etc.).
|
|
18
|
+
*
|
|
19
|
+
* Each function builds a complete `EntityIdentifier` so callers avoid deeply
|
|
20
|
+
* nested object literals.
|
|
21
|
+
*
|
|
22
|
+
* @example
|
|
23
|
+
* ```ts
|
|
24
|
+
* // Before
|
|
25
|
+
* const eid = create(EntityIdentifierSchema, {
|
|
26
|
+
* identifier: {
|
|
27
|
+
* case: 'entityChain',
|
|
28
|
+
* value: create(EntityChainSchema, {
|
|
29
|
+
* entities: [create(EntitySchema, {
|
|
30
|
+
* entityType: { case: 'emailAddress', value: 'jen@example.com' },
|
|
31
|
+
* category: Entity_Category.SUBJECT,
|
|
32
|
+
* })],
|
|
33
|
+
* }),
|
|
34
|
+
* },
|
|
35
|
+
* });
|
|
36
|
+
*
|
|
37
|
+
* // After
|
|
38
|
+
* const eid = forEmail('jen@example.com');
|
|
39
|
+
* ```
|
|
40
|
+
*/
|
|
41
|
+
|
|
42
|
+
/** Returns an EntityIdentifier for a subject identified by email address. */
|
|
43
|
+
export function forEmail(email: string): EntityIdentifier {
|
|
44
|
+
return fromEntity(
|
|
45
|
+
create(EntitySchema, {
|
|
46
|
+
entityType: { case: 'emailAddress', value: email },
|
|
47
|
+
category: Entity_Category.SUBJECT,
|
|
48
|
+
})
|
|
49
|
+
);
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
/** Returns an EntityIdentifier for a subject identified by client ID. */
|
|
53
|
+
export function forClientId(clientId: string): EntityIdentifier {
|
|
54
|
+
return fromEntity(
|
|
55
|
+
create(EntitySchema, {
|
|
56
|
+
entityType: { case: 'clientId', value: clientId },
|
|
57
|
+
category: Entity_Category.SUBJECT,
|
|
58
|
+
})
|
|
59
|
+
);
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
/** Returns an EntityIdentifier for a subject identified by username. */
|
|
63
|
+
export function forUserName(userName: string): EntityIdentifier {
|
|
64
|
+
return fromEntity(
|
|
65
|
+
create(EntitySchema, {
|
|
66
|
+
entityType: { case: 'userName', value: userName },
|
|
67
|
+
category: Entity_Category.SUBJECT,
|
|
68
|
+
})
|
|
69
|
+
);
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
/** Returns an EntityIdentifier that resolves the entity from the given JWT. */
|
|
73
|
+
export function forToken(jwt: string): EntityIdentifier {
|
|
74
|
+
return create(EntityIdentifierSchema, {
|
|
75
|
+
identifier: {
|
|
76
|
+
case: 'token',
|
|
77
|
+
value: create(TokenSchema, { jwt }),
|
|
78
|
+
},
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
/**
|
|
83
|
+
* Returns an EntityIdentifier that instructs the authorization service to
|
|
84
|
+
* derive the entity from the request's Authorization header token.
|
|
85
|
+
*/
|
|
86
|
+
export function withRequestToken(): EntityIdentifier {
|
|
87
|
+
return create(EntityIdentifierSchema, {
|
|
88
|
+
identifier: {
|
|
89
|
+
case: 'withRequestToken',
|
|
90
|
+
value: create(BoolValueSchema, { value: true }),
|
|
91
|
+
},
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
function fromEntity(entity: Entity): EntityIdentifier {
|
|
96
|
+
return create(EntityIdentifierSchema, {
|
|
97
|
+
identifier: {
|
|
98
|
+
case: 'entityChain',
|
|
99
|
+
value: create(EntityChainSchema, { entities: [entity] }),
|
|
100
|
+
},
|
|
101
|
+
});
|
|
102
|
+
}
|