@optimizely-opal/opal-tool-ocp-sdk 0.0.0-beta.10 → 0.0.0-beta.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -9
- package/dist/function/ToolFunction.d.ts +7 -4
- package/dist/function/ToolFunction.d.ts.map +1 -1
- package/dist/function/ToolFunction.js +10 -39
- package/dist/function/ToolFunction.js.map +1 -1
- package/dist/function/ToolFunction.test.js +196 -177
- package/dist/function/ToolFunction.test.js.map +1 -1
- package/dist/index.d.ts +0 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +0 -1
- package/dist/index.js.map +1 -1
- package/dist/service/Service.d.ts +7 -7
- package/dist/service/Service.d.ts.map +1 -1
- package/dist/service/Service.js +16 -22
- package/dist/service/Service.js.map +1 -1
- package/dist/service/Service.test.js +3 -8
- package/dist/service/Service.test.js.map +1 -1
- package/dist/types/Models.d.ts +5 -5
- package/dist/types/Models.d.ts.map +1 -1
- package/dist/types/Models.js +9 -9
- package/dist/types/Models.js.map +1 -1
- package/package.json +3 -5
- package/src/function/ToolFunction.test.ts +214 -194
- package/src/function/ToolFunction.ts +11 -45
- package/src/index.ts +0 -1
- package/src/service/Service.test.ts +3 -8
- package/src/service/Service.ts +17 -22
- package/src/types/Models.ts +4 -4
- package/dist/auth/TokenVerifier.d.ts +0 -31
- package/dist/auth/TokenVerifier.d.ts.map +0 -1
- package/dist/auth/TokenVerifier.js +0 -127
- package/dist/auth/TokenVerifier.js.map +0 -1
- package/dist/auth/TokenVerifier.test.d.ts +0 -2
- package/dist/auth/TokenVerifier.test.d.ts.map +0 -1
- package/dist/auth/TokenVerifier.test.js +0 -114
- package/dist/auth/TokenVerifier.test.js.map +0 -1
- package/src/auth/TokenVerifier.test.ts +0 -152
- package/src/auth/TokenVerifier.ts +0 -145
|
@@ -1,145 +0,0 @@
|
|
|
1
|
-
import { jwtVerify, createRemoteJWKSet } from 'jose';
|
|
2
|
-
import { logger } from '@zaiusinc/app-sdk';
|
|
3
|
-
|
|
4
|
-
/**
|
|
5
|
-
* Default JWKS cache expiration time in milliseconds (1 hour)
|
|
6
|
-
*/
|
|
7
|
-
const DEFAULT_JWKS_EXPIRES_IN = 60 * 60 * 1000;
|
|
8
|
-
|
|
9
|
-
/**
|
|
10
|
-
* Default clock skew tolerance in seconds
|
|
11
|
-
*/
|
|
12
|
-
const DEFAULT_LEEWAY = 30;
|
|
13
|
-
|
|
14
|
-
/**
|
|
15
|
-
* Expected JWT audience for token validation
|
|
16
|
-
*/
|
|
17
|
-
const AUDIENCE = 'api://default';
|
|
18
|
-
|
|
19
|
-
/**
|
|
20
|
-
* Prep Base URL for Optimizely OAuth2 endpoints
|
|
21
|
-
*/
|
|
22
|
-
const PREP_BASE_URL = 'https://prep.login.optimizely.com/oauth2/default';
|
|
23
|
-
|
|
24
|
-
/**
|
|
25
|
-
* Prod Base URL for Optimizely OAuth2 endpoints
|
|
26
|
-
*/
|
|
27
|
-
const PROD_BASE_URL = 'https://login.optimizely.com/oauth2/default';
|
|
28
|
-
|
|
29
|
-
interface DiscoveryDocument {
|
|
30
|
-
issuer: string;
|
|
31
|
-
jwks_uri: string;
|
|
32
|
-
[key: string]: any;
|
|
33
|
-
}
|
|
34
|
-
|
|
35
|
-
export class TokenVerifier {
|
|
36
|
-
private static instance: TokenVerifier | null = null;
|
|
37
|
-
private jwksUri?: string;
|
|
38
|
-
private issuer?: string;
|
|
39
|
-
private jwks?: ReturnType<typeof createRemoteJWKSet>;
|
|
40
|
-
private initialized: boolean = false;
|
|
41
|
-
|
|
42
|
-
/**
|
|
43
|
-
* Verify the provided Optimizely JWT token string
|
|
44
|
-
* @param token JWT token string to verify
|
|
45
|
-
* @returns boolean true if verification successful, false otherwise
|
|
46
|
-
* @throws Error if token is null, empty, or verifier is not properly configured
|
|
47
|
-
*/
|
|
48
|
-
public async verify(token: string | undefined): Promise<boolean> {
|
|
49
|
-
if (!token || token.trim().length === 0) {
|
|
50
|
-
throw new Error('Token cannot be null or empty');
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
return this.verifyToken(token);
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
private static getInstance(): TokenVerifier {
|
|
57
|
-
if (!TokenVerifier.instance) {
|
|
58
|
-
TokenVerifier.instance = new TokenVerifier();
|
|
59
|
-
}
|
|
60
|
-
return TokenVerifier.instance;
|
|
61
|
-
}
|
|
62
|
-
|
|
63
|
-
/**
|
|
64
|
-
* Get singleton instance of TokenVerifier and ensure it's initialized
|
|
65
|
-
* @returns Promise<TokenVerifier> - initialized singleton instance
|
|
66
|
-
*/
|
|
67
|
-
public static async getInitializedInstance(): Promise<TokenVerifier> {
|
|
68
|
-
const instance = TokenVerifier.getInstance();
|
|
69
|
-
if (!instance.initialized) {
|
|
70
|
-
await instance.initialize();
|
|
71
|
-
}
|
|
72
|
-
return instance;
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
/**
|
|
76
|
-
* Initialize the TokenVerifier with discovery document from well-known endpoint
|
|
77
|
-
*/
|
|
78
|
-
private async initialize(): Promise<void> {
|
|
79
|
-
if (this.initialized) {
|
|
80
|
-
return;
|
|
81
|
-
}
|
|
82
|
-
|
|
83
|
-
try {
|
|
84
|
-
// Use prep URL when environment variable is set to 'staging', otherwise use prod
|
|
85
|
-
const environment = process.env.environment || 'production';
|
|
86
|
-
const baseUrl = environment === 'staging' ? PREP_BASE_URL : PROD_BASE_URL;
|
|
87
|
-
const discoveryDocument = await this.fetchDiscoveryDocument(baseUrl);
|
|
88
|
-
this.issuer = discoveryDocument.issuer;
|
|
89
|
-
this.jwksUri = discoveryDocument.jwks_uri;
|
|
90
|
-
this.jwks = createRemoteJWKSet(new URL(this.jwksUri), {
|
|
91
|
-
cacheMaxAge: DEFAULT_JWKS_EXPIRES_IN,
|
|
92
|
-
cooldownDuration: DEFAULT_JWKS_EXPIRES_IN
|
|
93
|
-
});
|
|
94
|
-
this.initialized = true;
|
|
95
|
-
logger.info(`TokenVerifier initialized with issuer: ${this.issuer} (environment: ${environment})`);
|
|
96
|
-
} catch (error) {
|
|
97
|
-
logger.error('Failed to initialize TokenVerifier', error);
|
|
98
|
-
// Re-throw the original error to preserve specific error messages for tests
|
|
99
|
-
throw error;
|
|
100
|
-
}
|
|
101
|
-
}
|
|
102
|
-
|
|
103
|
-
/**
|
|
104
|
-
* Fetch discovery document from well-known endpoint
|
|
105
|
-
*/
|
|
106
|
-
private async fetchDiscoveryDocument(baseUrl: string): Promise<DiscoveryDocument> {
|
|
107
|
-
const wellKnownUrl = `${baseUrl}/.well-known/oauth-authorization-server`;
|
|
108
|
-
|
|
109
|
-
const response = await fetch(wellKnownUrl);
|
|
110
|
-
if (!response.ok) {
|
|
111
|
-
throw new Error(`Failed to fetch discovery document: ${response.status} ${response.statusText}`);
|
|
112
|
-
}
|
|
113
|
-
const discoveryDocument = await response.json() as DiscoveryDocument;
|
|
114
|
-
if (!discoveryDocument.issuer || !discoveryDocument.jwks_uri) {
|
|
115
|
-
throw new Error('Invalid discovery document: missing issuer or jwks_uri');
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
return discoveryDocument;
|
|
119
|
-
}
|
|
120
|
-
|
|
121
|
-
private async verifyToken(token: string): Promise<boolean> {
|
|
122
|
-
if (!this.initialized) {
|
|
123
|
-
throw new Error('TokenVerifier not initialized. Call initialize() first.');
|
|
124
|
-
}
|
|
125
|
-
|
|
126
|
-
if (!this.jwks || !this.issuer) {
|
|
127
|
-
throw new Error('TokenVerifier not properly configured.');
|
|
128
|
-
}
|
|
129
|
-
|
|
130
|
-
try {
|
|
131
|
-
await jwtVerify(token, this.jwks, {
|
|
132
|
-
issuer: this.issuer,
|
|
133
|
-
audience: AUDIENCE,
|
|
134
|
-
clockTolerance: DEFAULT_LEEWAY,
|
|
135
|
-
});
|
|
136
|
-
return true;
|
|
137
|
-
} catch (error) {
|
|
138
|
-
logger.error('Token verification failed:', error);
|
|
139
|
-
return false;
|
|
140
|
-
}
|
|
141
|
-
}
|
|
142
|
-
|
|
143
|
-
}
|
|
144
|
-
|
|
145
|
-
export const getTokenVerifier = async (): Promise<TokenVerifier> => TokenVerifier.getInitializedInstance();
|