@or-sdk/auth 0.21.2-auth.0

package/src/Auth.ts

@@ -0,0 +1,772 @@
+import axios from 'axios';
+import { Settings } from '@or-sdk/settings';
+import { SdkApi } from '@or-sdk/sdk-api';
+import {
+  AuthConfig,
+  AuthResponse,
+  Domain, HeadersObj, MultiUserLoginUserArgs,
+  MultiUserResponse, MultiUserUpdateTwoFactorArgs, MultiUserUploadIconArgs,
+  MultiUserUploadIconResponse, SaveUserArgs, SignInArgs,
+  User,
+} from './types';
+import { generateFingerPrint, NoRightsError } from './utils';
+import { isNode } from 'browser-or-node';
+import Cookie from 'universal-cookie';
+import _ from 'lodash';
+
+const defaultCookiePollingInterval = 500; // 0.5 second
+const defaultExpireInShort = 3600000; // 1 hour
+const defaultExpireInLong = 30758400000;
+
+/**
+ * OneReach Auth service client
+ *  ## Installation:
+ * ```
+ * $ npm i @or-sdk/auth
+ * ```
+ */
+export class Auth {
+  private readonly discoveryUrl?: string;
+  private readonly sdkUrl?: string;
+  private readonly cookieDomain?: string;
+  private readonly cookie: Cookie;
+  private readonly userCookieName: string;
+  private readonly allowGuestLogin: boolean;
+  private readonly allowIframe?: boolean;
+  private readonly deprecatedCookieName: string;
+  private readonly deprecatedUserExpireCookieName: string;
+  private readonly deprecatedDomain: Domain;
+  private readonly multiUserCookieName?: string;
+  private readonly userExpireCookieName: string;
+  private readonly cookiePollingInterval: number;
+  private readonly expireInShort: number;
+  private readonly expireInLong: number;
+  private loggedIn = false;
+  private monitorCookieTimeout?: ReturnType<typeof setTimeout>;
+
+  /**
+   * ```typescript
+   * import { Auth } from '@or-sdk/auth'
+   * const auth = new Auth({
+   *   discoveryUrl: 'http://example.nlu/endpoint',
+   *   cookieDomain: '.domain.onereach.ai',
+   *   allowGuestLogin: false,
+   *   userCookieName: 'user-cookie-name',
+   *   userExpireCookieName: 'user-expire-cookie-name',
+   *   cookiePrefix: 'cookie-prefix',
+   *   multiUserCookieName: 'multi-user-cookie-name',
+   *   cookiePollingInterval: 500,
+   *   expireInShort: 3600000,
+   *   expireInLong: 30758400000,
+   *   allowIframe: false,
+   * });
+   * ```
+   */
+  constructor(params: AuthConfig) {
+    const {
+      discoveryUrl, sdkUrl, cookieDomain, allowGuestLogin, userCookieName, userExpireCookieName, cookiePrefix,
+      multiUserCookieName, cookiePollingInterval, expireInShort, expireInLong, allowIframe,
+    } = params;
+
+    this.discoveryUrl = discoveryUrl;
+    this.sdkUrl = sdkUrl;
+
+    this.cookie = new Cookie();
+
+    this.cookieDomain = cookieDomain;
+    this.allowGuestLogin = Boolean(allowGuestLogin);
+    this.allowIframe = allowIframe;
+
+    // should be used for feature migration only. Should be deleted after all feature migrations happened!
+    this.deprecatedCookieName = userCookieName || 'user';
+    this.deprecatedUserExpireCookieName = userExpireCookieName || 'user_expire';
+    this.deprecatedDomain = { domain: '.onereach.ai' };
+
+    this.userCookieName = cookiePrefix ? cookiePrefix : `${userCookieName}_new`;
+    this.multiUserCookieName = multiUserCookieName;
+    this.userExpireCookieName = `${this.userCookieName}_expire`;
+
+    this.cookiePollingInterval = cookiePollingInterval || defaultCookiePollingInterval;
+    this.expireInShort = expireInShort ? +expireInShort : defaultExpireInShort;
+    this.expireInLong = expireInLong ? +expireInLong : defaultExpireInLong;
+  }
+
+  public get domain(): Domain {
+    return this.cookieDomain ? { domain: this.cookieDomain } : {};
+  }
+
+  private get _getUser(): User | null {
+    return this.cookie.get(this.userCookieName) || null;
+  }
+
+  /**
+   * Get user expire
+   * ```typescript
+   * const result = instance.getUserExpire();
+   * ```
+   */
+  public getUserExpire(cookieName?: string): number {
+    const expireCookie = this.cookie.get(cookieName || this.userExpireCookieName);
+    return expireCookie ? parseInt(expireCookie, 10) : this.expireInShort;
+  }
+
+  private _getNextExpiration(expireIn: number): Date {
+    return new Date(Date.now() + expireIn);
+  }
+
+  /**
+   * Stop cookie monitor
+   * ```typescript
+   * instance.stopCookieMonitor();
+   * ```
+   */
+  public stopCookieMonitor(): void {
+    if (window) {
+      clearTimeout(Number(this.monitorCookieTimeout));
+    }
+  }
+
+  /**
+   * Start cookie monitor
+   * ```typescript
+   * instance.monitorCookie(logoutCallback, loginCallback);
+   * ```
+   */
+  public monitorCookie(logoutCallback?: () => void, loginCallback?: (user: User) => void): void {
+    // just in case monitorCookie called multiple times in a row
+    // we only need one running constantly
+    this.stopCookieMonitor();
+    this.monitorCookieTimeout = setTimeout(() => {
+      const user = this._getUser;
+      if (user) {
+        if (!this.loggedIn) {
+          this.loggedIn = true;
+        }
+        if (_.isFunction(loginCallback)) { loginCallback(user); }
+      } else if (this.loggedIn) {
+        this.loggedIn = false;
+        if (_.isFunction(logoutCallback)) { logoutCallback(); }
+      }
+
+      this.monitorCookie(logoutCallback, loginCallback);
+    }, this.cookiePollingInterval);
+  }
+
+  private _saveCookies(user: User, expireIn: number): void {
+    const nextExpiration = this._getNextExpiration(expireIn);
+    this.cookie.set(this.userCookieName, user, {
+      path: '/',
+      expires: nextExpiration,
+      secure: true,
+      sameSite: this.allowIframe ? 'none' : 'lax',
+      ...this.domain,
+    });
+    this.cookie.set(this.userExpireCookieName, expireIn, {
+      path: '/',
+      expires: nextExpiration,
+      secure: true,
+      sameSite: this.allowIframe ? 'none' : 'lax',
+      ...this.domain,
+    });
+    // Should be deleted after migration
+    this.cookie.set(this.deprecatedCookieName, user, {
+      path: '/',
+      expires: nextExpiration,
+      ...this.domain,
+    });
+    this.cookie.set(this.deprecatedUserExpireCookieName, expireIn, {
+      path: '/',
+      expires: nextExpiration,
+      ...this.domain,
+    });
+  }
+
+  /**
+   * Save multi-user
+   * ```typescript
+   * instance.saveMultiUser(user, expiration);
+   * ```
+   */
+  public saveMultiUser(user: User, expiration: number): void {
+    this.cookie.set(this.multiUserCookieName!, user, {
+      path: '/',
+      expires: this._getNextExpiration(expiration),
+      secure: true,
+      ...this.domain,
+    });
+  }
+
+  /**
+   * Update cookie expiration
+   * ```typescript
+   * instance.updateCookieExpiration();
+   * ```
+   */
+  public updateCookieExpiration(): void {
+    const user = this._getUser;
+    const expire = this.getUserExpire();
+    if (user) {
+      this._saveCookies(user, expire);
+    }
+    const multiUser = this.cookie.get(this.multiUserCookieName!);
+    if (multiUser) {
+      this.saveMultiUser(multiUser, expire);
+    }
+  }
+
+  private _validateGuest(role: string, allowGuestLoginOverride = false): void {
+    if (!(this.allowGuestLogin || allowGuestLoginOverride) && _.toLower(role) === 'guest') {
+      throw new NoRightsError('Authorization for guests is not allowed');
+    }
+  }
+
+  /**
+   * Save user
+   * ```typescript
+   * await instance.saveUser({
+   *   long: true,
+   *   user: user
+   * });
+   * ```
+   */
+  public async saveUser({ long, user }: SaveUserArgs): Promise<void> {
+    const key = long ? 'cookieExpirationLong' : 'cookieExpirationShort';
+    const settingsApi = new Settings({
+      token: user.token!,
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    let cookieExpirationDuration;
+    try {
+      cookieExpirationDuration = await settingsApi.getMergedSettings({ key });
+    } catch (error) {
+      // eslint-disable-next-line no-console
+      console.log('Unable to fetch settingCookiesExpire from user Settings: ', error);
+    }
+
+    if (!cookieExpirationDuration) {
+      cookieExpirationDuration = long ? this.expireInLong : this.expireInShort;
+    }
+
+    this._saveCookies(user, cookieExpirationDuration);
+  }
+
+  /**
+   * Sign in
+   * ```typescript
+   * const user = await instance.signIn({
+   *   credentials: {
+   *     username: 'username',
+   *     password: 'password'
+   *   },
+   *   long: true,
+   *   captchaToken: 'captchaToken'
+   * });
+   * ```
+   */
+  public async signIn({
+    credentials,
+    long,
+    allowGuestLogin = false,
+    captchaToken,
+    isCaptchaV2Checkbox,
+    verificationCode,
+    userToken,
+    rememberTwoFactor,
+  }: SignInArgs): Promise<User> {
+    const fingerPrint = await generateFingerPrint();
+
+    const options = {
+      ...credentials,
+      captchaToken,
+      isCaptchaV2Checkbox,
+      verificationCode,
+      fingerPrint,
+      rememberTwoFactor,
+      ... userToken ? { userToken } : {},
+    };
+
+    const sdkApi = new SdkApi({
+      token: '',
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    const user = await sdkApi.makeRequest<AuthResponse>({
+      method: 'POST',
+      route: '/auth/token',
+      data: options,
+    });
+
+    this._validateGuest(user.role!, allowGuestLogin);
+
+    if (!user.twoFactorCheck && !user.captchaCheck) {
+      if (user.tokenType === 'multi-user') {
+        this.saveMultiUser(user, long ? this.expireInLong : this.expireInShort);
+      } else {
+        await this.saveUser({
+          long,
+          user,
+        });
+      }
+    }
+
+    return user;
+  }
+
+  private _checkDeprecatedCookies(): void {
+    const user = this.cookie.get(this.deprecatedCookieName);
+    if (user) {
+      const deprecatedUserExpireValue = this.getUserExpire(this.deprecatedUserExpireCookieName);
+      const nextExpiration = this._getNextExpiration(deprecatedUserExpireValue);
+      this.cookie.set(this.userCookieName, user, {
+        path: '/',
+        expires: nextExpiration,
+        secure: true,
+        ...this.domain,
+      });
+      this.cookie.set(this.userExpireCookieName, deprecatedUserExpireValue, {
+        path: '/',
+        expires: nextExpiration,
+        secure: true,
+        ...this.domain,
+      });
+    }
+  }
+
+  private async _validateToken(token: string, allowGuestLogin = false): Promise<User> {
+    const sdkApi = new SdkApi({
+      token,
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    const user = await sdkApi.makeRequest<User>({
+      method: 'GET',
+      route: '/auth/token',
+    });
+
+    this._validateGuest(user.role, allowGuestLogin);
+
+    return user;
+  }
+
+  /**
+   * Sign in with token
+   * ```typescript
+   * const user = await instance.signInWithToken({
+   *   token: 'token'
+   * });
+   * ```
+   */
+  public async signInWithToken(
+    token: string | { token: string; allowGuestLogin?: boolean; shouldNotSaveCookies?: boolean; },
+    allowGuestLogin = false,
+    shouldNotSaveCookies = false
+  ): Promise<User> {
+    let userInfo = {};
+    if (_.isObject(token)) {
+      allowGuestLogin = _.get(token, 'allowGuestLogin', false);
+      shouldNotSaveCookies = _.get(token, 'shouldNotSaveCookies', false);
+      userInfo = _.get(token, 'userInfo', {});
+      token = token.token;
+    }
+
+    if (!token) {
+      return Promise.reject(new Error('No token given'));
+    }
+
+    this._checkDeprecatedCookies();
+
+    const user = await this._validateToken(token, allowGuestLogin);
+
+    _.assign(user, { token });
+
+    const allow = _.get(user, 'allow', false);
+    if (!allow) {
+      throw Error('Invalid Token');
+    }
+
+    if (!shouldNotSaveCookies) {
+      this._saveCookies({
+        ...userInfo,
+        ...user,
+      }, this.getUserExpire());
+    }
+
+    return user;
+  }
+
+  public get multiUserHeaders(): HeadersObj {
+    const { token = '' } = this.cookie.get(this.multiUserCookieName!) || {};
+    return { headers: { Authorization: token } };
+  }
+
+  /**
+   * Remove cookies
+   * ```typescript
+   * instance.removeCookies();
+   * ```
+   */
+  public removeCookies(): void {
+    this.cookie.remove(this.userExpireCookieName, {
+      path: '/',
+      ...this.domain,
+    });
+    this.cookie.remove(this.userCookieName, {
+      path: '/',
+      ...this.domain,
+    });
+    this.cookie.remove(this.multiUserCookieName!, {
+      path: '/',
+      ...this.domain,
+    });
+    // should be removed after feature migration only.
+    this.cookie.remove(this.deprecatedCookieName, {
+      path: '/',
+      ...this.domain,
+    });
+    this.cookie.remove(this.deprecatedUserExpireCookieName, {
+      path: '/',
+      ...this.domain,
+    });
+    this.cookie.remove(this.deprecatedCookieName, {
+      path: '/',
+      ...this.domain,
+    });
+    this.cookie.remove(this.deprecatedUserExpireCookieName, {
+      path: '/',
+      ...this.domain,
+    });
+  }
+
+  /**
+   * Sign out
+   * ```typescript
+   * await instance.signOut('token');
+   * ```
+   */
+  public async signOut(token: string): Promise<void> {
+    // TODO add {secure : true}
+    try {
+      const promises = [];
+      if (token) {
+        const sdkApi = new SdkApi({
+          token,
+          discoveryUrl: this.discoveryUrl,
+          sdkUrl: this.sdkUrl,
+        });
+
+        promises.push(sdkApi.makeRequest<void>({
+          method: 'DELETE',
+          route: '/auth/fingerprint-token',
+        }));
+      }
+      if (this.multiUserHeaders.headers.Authorization) {
+
+        const sdkApi = new SdkApi({
+          token: this.multiUserHeaders.headers.Authorization,
+          discoveryUrl: this.discoveryUrl,
+          sdkUrl: this.sdkUrl,
+        });
+
+        promises.push(sdkApi.makeRequest<void>({
+          method: 'DELETE',
+          route: '/multi-user/fingerprint-token',
+        }));
+      }
+      await Promise.all(promises);
+    } catch (error) {
+      // eslint-disable-next-line no-console
+      console.log('Logout failed: ', error);
+    }
+    this.removeCookies();
+  }
+
+  /**
+   * Validate user
+   * ```typescript
+   * const user = await instance.validateUser();
+   * ```
+   */
+  public async validateUser(allowGuestLogin = false): Promise<User> {
+    this._checkDeprecatedCookies();
+    const userParams = this._getUser;
+
+    if (!userParams) {
+      return Promise.reject(new Error('No cached user params are available'));
+    }
+
+    const user = await this._validateToken(userParams.token!, allowGuestLogin);
+
+    if (!user.identityProvider && userParams.identityProvider) {
+      user.identityProvider = userParams.identityProvider;
+    }
+    _.assign(user, { token: userParams.token });
+
+    const allow = _.get(user, 'allow', false);
+    if (!allow) {
+      throw Error('Invalid Token');
+    }
+
+    return user;
+  }
+
+  /**
+   * Check existence of a user cookie
+   * ```typescript
+   * const result = instance.hasUserParams();
+   * ```
+   */
+  public hasUserParams(): boolean {
+    return Boolean(this._getUser);
+  }
+
+  /**
+   * Get users list of a multi-user
+   * ```typescript
+   * const result = await instance.multiUserGetUsersList();
+   * ```
+   */
+  public async multiUserGetUsersList(): Promise<any> {
+    if (!this.multiUserHeaders.headers.Authorization) return false;
+
+    const sdkApi = new SdkApi({
+      token: this.multiUserHeaders.headers.Authorization,
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    return sdkApi.makeRequest<any>({
+      method: 'GET',
+      route: '/multi-user/list-users',
+    });
+  }
+
+  /**
+   * Log in user of a multi-user
+   * ```typescript
+   * const result = await instance.multiUserLoginUser({
+   *  accountId: 'account-id',
+   *  id: 'id',
+   *  long: true
+   * });
+   * ```
+   */
+  public async multiUserLoginUser({ accountId, id, long }: MultiUserLoginUserArgs): Promise<User> {
+    const sdkApi = new SdkApi({
+      token: this.multiUserHeaders.headers.Authorization,
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    const user = await sdkApi.makeRequest<User>({
+      method: 'POST',
+      route: '/multi-user/user-token',
+      data: {
+        accountId,
+        id,
+      },
+    });
+
+    await this.saveUser({
+      long,
+      user,
+    });
+
+    return user;
+  }
+
+  /**
+   * Get username for lock screen
+   * ```typescript
+   * const username = await instance.getUserNameForLockScreen(user);
+   * ```
+   */
+  public async getUserNameForLockScreen(user: User): Promise<string> {
+    const multiUserCookie = this.cookie.get(this.multiUserCookieName!) || {};
+    if (multiUserCookie.username) return multiUserCookie.username;
+
+    const { multiUserId, username, token } = user;
+    if (multiUserId) {
+      const sdkApi = new SdkApi({
+        token: token!,
+        discoveryUrl: this.discoveryUrl,
+        sdkUrl: this.sdkUrl,
+      });
+
+      const { username } = await sdkApi.makeRequest<MultiUserResponse>({
+        method: 'GET',
+        route: '/user/multi-user',
+      });
+
+      return username;
+
+    }
+    return username;
+  }
+
+  /**
+   * Get profile for multi-user
+   * ```typescript
+   * const result = await instance.multiUserGetProfile();
+   * ```
+   */
+  public async multiUserGetProfile(): Promise<any> {
+    const sdkApi = new SdkApi({
+      token: this.multiUserHeaders.headers.Authorization,
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    return sdkApi.makeRequest<any>({
+      method: 'GET',
+      route: '/multi-user/profile',
+    });
+  }
+
+  /**
+   * Set profile for multi-user
+   * ```typescript
+   * const knowledgeModels = await instance.multiUserSetProfile(profile);
+   * ```
+   */
+  public async multiUserSetProfile(profile: unknown): Promise<any> {
+    const sdkApi = new SdkApi({
+      token: this.multiUserHeaders.headers.Authorization,
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    return sdkApi.makeRequest<any>({
+      method: 'POST',
+      route: '/multi-user/profile',
+      data: profile,
+    });
+  }
+
+  /**
+   * Validate multi-user token
+   * ```typescript
+   * const result = await instance.validateMultiUserToken();
+   * ```
+   */
+  public async validateMultiUserToken(): Promise<any> {
+    const sdkApi = new SdkApi({
+      token: this.multiUserHeaders.headers.Authorization,
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    return sdkApi.makeRequest<any>({
+      method: 'GET',
+      route: '/multi-user/token',
+    });
+  }
+
+  /**
+   * Upload icon for multi-user
+   * ```typescript
+   * const downloadUrl = await instance.multiUserUploadIcon({
+   *  name: 'name',
+   *  contentType: 'content-type',
+   *  file: file
+   * });
+   * ```
+   */
+  public async multiUserUploadIcon({ name, contentType, cacheControl = 'no-cache', file }: MultiUserUploadIconArgs): Promise<string> {
+    const sdkApi = new SdkApi({
+      token: this.multiUserHeaders.headers.Authorization,
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    const data = await sdkApi.makeRequest<MultiUserUploadIconResponse>({
+      method: 'POST',
+      route: '/multi-user/sign-upload-url',
+      data: {
+        name,
+        contentType,
+        cacheControl,
+      },
+    });
+
+    const FormDataLib = isNode ? require('form-data') : FormData;
+    const formData = new FormDataLib();
+
+    _.forEach(data.uploadParams.fields, (value, key) => {
+      formData.append(key, value);
+    });
+
+    formData.append('cache-control', cacheControl);
+    formData.append('content-type', contentType);
+    formData.append('File', file, name);
+
+    if (isNode) {
+      await new Promise<void>((resolve, reject) => {
+        formData.submit(data.uploadParams.url, (error: any) => {
+          if (error) return reject(error);
+          resolve();
+        });
+      });
+    } else {
+      await axios.post(data.uploadParams.url, formData);
+    }
+
+    return data.downloadUrl;
+  }
+
+  /**
+   * Confirm email change
+   * ```typescript
+   * const result = await instance.confirmEmailChange({ token: 'token' });
+   * ```
+   */
+  public async confirmEmailChange({ token }: { token: string; }): Promise<any> {
+    const sdkApi = new SdkApi({
+      token: '',
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    return sdkApi.makeRequest<any>({
+      method: 'POST',
+      route: '/multi-user/change-email-finish',
+      data: {
+        token,
+      },
+    });
+  }
+
+  /**
+   * Update 2fa for multi-user
+   * ```typescript
+   * const result = await instance.multiUserUpdateTwoFactor({
+   *  secret: 'secret',
+   *  enabled: true,
+   *  codes: codes,
+   *  verificationCode: 'verification-code'
+   * });
+   * ```
+   */
+  public async multiUserUpdateTwoFactor({ secret, enabled, codes, verificationCode }: MultiUserUpdateTwoFactorArgs): Promise<any> {
+    const sdkApi = new SdkApi({
+      token: this.multiUserHeaders.headers.Authorization,
+      discoveryUrl: this.discoveryUrl,
+      sdkUrl: this.sdkUrl,
+    });
+
+    return sdkApi.makeRequest<any>({
+      method: 'POST',
+      route: '/multi-user/twofactor',
+      data: {
+        secret,
+        enabled,
+        codes,
+        verificationCode,
+      },
+    });
+  }
+
+}