@or-sdk/authorizer 0.10.0

package/src/OAuth/OAuth.ts

@@ -0,0 +1,480 @@
+import { KeyValueStorage } from '@or-sdk/key-value-storage';
+import { EventManager } from '@or-sdk/event-manager';
+import { timeout } from '@or-sdk/base';
+
+import { v4 as uuidv4 } from 'uuid';
+
+import {
+  OAuthConfig,
+  OAuthData,
+  OAuthApp,
+  CreateOAuthConfig,
+  CreateOAuthResult,
+  ServiceDefinitionConfig,
+} from './types';
+
+import {
+  SERVICE_PROVIDER_PATH,
+  OAUTH_REDIRECT_PROVIDER_PATH,
+  PREDEFINED_APP,
+  TEMPORARY_DATA_EXPIRATION_TIME,
+  AuthStatus,
+} from '../constants';
+
+import { formatScope } from './utils/formatScope';
+import { isExpired } from './utils/isExpired';
+import { ServiceDefinition } from './utils/ServiceDefinition';
+import { createAuthKey } from './utils/createAuthKey';
+
+/**
+ * OneReach Authorizer service client
+ *  ## Installation:
+ * ```
+ * $ npm i @or-sdk/authorizer
+ * ```
+ */
+export class OAuth {
+  private status = AuthStatus.READY;
+
+  private readonly authKey: string;
+  private readonly serviceName: string;
+  private readonly keyValueCollection: string;
+  private readonly keyValueStorage: KeyValueStorage;
+  private readonly eventManager: EventManager;
+
+  /**
+   * Connects to existing authorization
+   *
+   * ```typescript
+   * import { OAuth } from '@or-sdk/authorizer'
+   * const oAuthInstance = new OAuth({
+   *   token: 'my-account-token-string',
+   *   discoveryUrl: 'discovery.example.onereach.ai',
+   *   serviceName: '__authorization_service_test_service',
+   *   authKey: '637ac446-1021-475f-9992-3ce7f3ddb637::oauth::someAuth::__authorization_service_test_service::02bf4366-f987-49ea-90a6-0d346e13c3c1',
+   *   keyValueCollection: 'custom_collection_name' // Pass this if you using custom name for key-value collection that differs from serviceName
+   * });
+   * ```
+   */
+  constructor(params: OAuthConfig) {
+    const { token, discoveryUrl, authKey, serviceName, keyValueCollection } =
+      params;
+
+    this.authKey = authKey;
+    this.serviceName = serviceName;
+    this.keyValueCollection = keyValueCollection || serviceName;
+
+    this.keyValueStorage = new KeyValueStorage({
+      token,
+      discoveryUrl,
+    });
+
+    this.eventManager = new EventManager({
+      token,
+      discoveryUrl,
+      requestAccountId: true,
+      requestProvidersAccountId: true,
+    });
+  }
+
+  /**
+   * Creates a new auth record in specified collection with the given config.
+   * @returns Object with OAuth instance connected to created auth and authorizerUrl to redirect the user to for completing authorization
+   *
+   * ```typescript
+   *  const {
+   *    authorizeUrl, // redirect user to this url for completing authorization
+   *    instance      // new instance
+   *  } = await OAuth.create({
+   *   token: 'my-account-token-string',
+   *   discoveryUrl: 'discovery.example.onereach.ai',
+   *   serviceName: '__authorization_service_test_service',
+   *   authName: 'my-auth-name',
+   *   appId: 'my-app-id',
+   *   keyValueCollection: 'custom_collection_name' // Pass this if you using custom name for key-value collection that differs from serviceName
+   * });
+   *
+   * // if you want to use returned instance, you must call a method that returns a promise that will be resolved when the user completes authorization process
+   * // if not, you can omit this step
+   * try {
+   *   await instance.waitForCompletion()
+   * } catch (e) {
+   *   // will be called if the user does not complete authorization within 5 minutes
+   * }
+   * ```
+   */
+  static async create(
+    params: CreateOAuthConfig
+  ): Promise<CreateOAuthResult> {
+    if (
+      !(
+        params.serviceName &&
+        params.authName &&
+        params.discoveryUrl &&
+        params.token &&
+        params.appId
+      )
+    ) {
+      throw new Error('Invalid config passed');
+    }
+
+    const { serviceName, authName, discoveryUrl, token, appId, scope } = params;
+
+    const keyValueCollection = params.keyValueCollection || serviceName;
+
+    const keyValueStorage = new KeyValueStorage({
+      token,
+      discoveryUrl,
+    });
+
+    const eventManager = new EventManager({
+      token,
+      discoveryUrl,
+      requestAccountId: true,
+      requestProvidersAccountId: true,
+    });
+
+    await eventManager.init();
+
+    const serviceDefinitionProviderRoute = `http/${eventManager.providersAccountId}${SERVICE_PROVIDER_PATH}`;
+
+    const services = await eventManager.makeRequest<{
+      [key: string]: ServiceDefinitionConfig;
+    }>({
+      method: 'GET',
+      route: serviceDefinitionProviderRoute,
+      params: {
+        type: 'list',
+      },
+    });
+
+    const currentServiceData = services[serviceName];
+
+    const apps = await keyValueStorage.getValueByKey(
+      keyValueCollection,
+      '__authorizer_apps'
+    );
+
+    const currentApp: OAuthApp = (apps.value as any).find(
+      (app: { label: string; value: OAuthApp; }) => app.value.appId === appId
+    ).value;
+
+    const serviceDefinition = new ServiceDefinition(
+      currentServiceData,
+      currentApp.authLinkParams,
+      currentApp.environment
+    );
+
+    const id = uuidv4();
+    const authKey = createAuthKey(id, authName, keyValueCollection, eventManager.currentAccountId);
+
+    const additionalBodyData = {};
+    const additionalHeaders = {};
+
+    const emUrl = eventManager.serviceUrl;
+    const redirectProviderUrl = `${emUrl}/http/${eventManager.providersAccountId}${OAUTH_REDIRECT_PROVIDER_PATH}`;
+
+    const authConfigs: any = {
+      ...additionalBodyData,
+      grant_type: 'authorization_code',
+      redirect_uri: redirectProviderUrl,
+      appId,
+    };
+
+    if (scope) {
+      const formattedScope = formatScope(scope, serviceDefinition.scopeType);
+      authConfigs.scope = formattedScope;
+    }
+
+    const configs = {
+      [serviceDefinition.requestDataType]: authConfigs,
+    };
+
+    const tempAuthData = {
+      expiresInDefaultValue: serviceDefinition.expiresInDefaultValue,
+      urlToExchangeToken: serviceDefinition.exchangeTokenUri,
+      refreshUri: serviceDefinition.refreshUri,
+      additionalHeaders,
+      configs,
+      isCustomApp: appId !== PREDEFINED_APP,
+      requestDataType: serviceDefinition.requestDataType,
+      service: keyValueCollection,
+      serviceConfigName: serviceName,
+      name: authName,
+      displayServiceName: serviceDefinition.displayServiceName,
+      accountId: eventManager.currentAccountId,
+    };
+
+    const authDataExpire = Date.now() + TEMPORARY_DATA_EXPIRATION_TIME;
+    await keyValueStorage.setValueByKey(
+      '__authorizer_temp-uuid',
+      id,
+      tempAuthData,
+      authDataExpire
+    );
+
+    const authUrl = new URL(serviceDefinition.authorizeUri);
+    const additionalParams: { [key: string]: string; } = JSON.parse(
+      serviceDefinition.authRequestAdditionalParams
+    );
+
+    Object.entries(additionalParams.queryParams).forEach(([key, value]) => {
+      authUrl.searchParams.append(key, value);
+    });
+    authUrl.searchParams.append('response_type', 'code');
+    authUrl.searchParams.append('client_id', currentApp.clientId);
+    authUrl.searchParams.append('redirect_uri', redirectProviderUrl);
+    authUrl.searchParams.append('state', authKey);
+
+    if (scope) {
+      const formattedScope = formatScope(scope, serviceDefinition.scopeType);
+      authUrl.searchParams.append('scope', formattedScope);
+    }
+
+    const authorizeUrl = authUrl.href;
+
+    const newOAuth = new OAuth({
+      serviceName,
+      authKey,
+      discoveryUrl,
+      token,
+    });
+
+    newOAuth.status = AuthStatus.PENDING;
+
+    return {
+      instance: newOAuth,
+      authorizeUrl,
+    };
+  }
+
+  private async getOAuthAppById(appId: string): Promise<OAuthApp | undefined> {
+    const appsStorageRecord = await this.keyValueStorage.getValueByKey(
+      this.keyValueCollection,
+      '__authorizer_apps'
+    );
+
+    const appsRecords = appsStorageRecord.value as Array<{
+      label: string;
+      value: Omit<OAuthApp, 'name'>;
+    }>;
+
+    const currentApp = appsRecords.find(app => app.value.appId === appId);
+
+    if (!currentApp) {
+      return;
+    }
+
+    return {
+      name: currentApp.label,
+      ...currentApp.value,
+    };
+  }
+
+  private async getServiceDefinition(currentApp: OAuthApp): Promise<ServiceDefinition> {
+    await this.eventManager.init();
+
+    const serviceDefinitionProviderRoute = `http/${this.eventManager.providersAccountId}${SERVICE_PROVIDER_PATH}`;
+
+    const services = await this.eventManager.makeRequest<{
+      [key: string]: ServiceDefinitionConfig;
+    }>({
+      method: 'GET',
+      route: serviceDefinitionProviderRoute,
+      params: {
+        type: 'list',
+      },
+    });
+
+    const currentServiceData = services[this.serviceName];
+
+    return new ServiceDefinition(
+      currentServiceData,
+      currentApp.authLinkParams,
+      currentApp.environment
+    );
+  }
+
+  /**
+   * Returns a promise that will be resolved after the user completes the authorization process
+   *
+   * ```typescript
+   * instance.waitForCompletion()
+   *   .then(() => {
+   *     // will be called after the user completes the authorization process
+   *   })
+   *   .catch(() => {
+   *     // will be called if the user does not complete authorization within 5 minutes
+   *   })
+   * ```
+   */
+  public async waitForCompletion(): Promise<void> {
+    if (this.status === AuthStatus.PENDING) {
+      let pollInterval = 3;
+      const step = 1;
+      const pollTimeout = 300; // 5 minutes
+
+      let spentTime = 0;
+      let isFinished = false;
+
+      while (spentTime < pollTimeout) {
+        const record = await this.keyValueStorage.getValueByKey(
+          this.keyValueCollection,
+          this.authKey
+        );
+
+        if (record.value) {
+          isFinished = true;
+          break;
+        }
+
+        await timeout(pollInterval);
+        spentTime += pollInterval;
+        pollInterval += step;
+      }
+
+      if (!isFinished) {
+        this.status = AuthStatus.ERROR;
+        throw new Error(
+          'Authorization was not completed within the allowed time'
+        );
+      }
+    }
+
+    this.status = AuthStatus.READY;
+  }
+
+  /**
+   * Returns authorization data and performs refresh token request if needed
+   *
+   * ```typescript
+   * const authData = await oAuthInstance.getAuthData()
+   * ```
+   */
+  public async getAuthData(): Promise<OAuthData> {
+    if (this.status !== AuthStatus.READY) {
+      throw new Error('This authorization is not ready');
+    }
+
+    const { value } = await this.keyValueStorage.getValueByKey(
+      this.serviceName,
+      this.authKey
+    );
+
+    if (!value) {
+      this.status = AuthStatus.ERROR;
+      throw new Error('Authorization record does not exist');
+    }
+
+    const authData = value as OAuthData;
+
+    if (!authData.expires_in) {
+      return authData;
+    }
+
+    const expired = isExpired(authData.created_at, authData.expires_in);
+
+    if (!expired) {
+      return authData;
+    }
+
+    await this.refresh();
+
+    const { value: refreshedAuthData } =
+      await this.keyValueStorage.getValueByKey(this.serviceName, this.authKey);
+
+    return refreshedAuthData as OAuthData;
+  }
+
+  /**
+   * Perform token request manually
+   */
+  public async refresh(): Promise<void> {
+    const { value } = await this.keyValueStorage.getValueByKey(
+      this.serviceName,
+      this.authKey
+    );
+
+    if (!value) {
+      this.status = AuthStatus.ERROR;
+      throw new Error('Authorization record does not exist');
+    }
+
+    const authData = value as OAuthData;
+
+    const appId = authData.appId;
+
+    const currentApp = await this.getOAuthAppById(appId);
+
+    if (!currentApp) {
+      this.status = AuthStatus.ERROR;
+      throw new Error('The application used for this authorization does not exist');
+    }
+
+    const serviceDefinition = await this.getServiceDefinition(currentApp);
+
+    await this.eventManager.makeRequest({
+      method: 'POST',
+      route: new URL(authData.redirect_uri).pathname,
+      data: {
+        refreshTokenUrl: authData.refreshUri,
+        sendDataType: serviceDefinition.requestDataType,
+        currentUserData: authData,
+        service: this.keyValueCollection,
+        currentAuth: this.authKey,
+      },
+    });
+  }
+
+  /**
+   * Returns a OAuth app which is using in this authorization
+   *
+   * ```typescript
+   * const oAuthApp = await oAuthInstance.getOAuthApp()
+   * ```
+   */
+  public async getOAuthApp(): Promise<OAuthApp> {
+    if (this.status !== AuthStatus.READY) {
+      throw new Error('This authorization is not ready');
+    }
+
+    const { value } = await this.keyValueStorage.getValueByKey(
+      this.serviceName,
+      this.authKey
+    );
+
+    if (!value) {
+      this.status = AuthStatus.ERROR;
+      throw new Error('Authorization record does not exist');
+    }
+
+    const authData = value as OAuthData;
+
+    const appId = authData.appId;
+
+    const currentApp = await this.getOAuthAppById(appId);
+
+    if (!currentApp) {
+      this.status = AuthStatus.ERROR;
+      throw new Error('The application used for this authorization does not exist');
+    }
+
+    return currentApp;
+  }
+
+  /**
+   * Deletes authorization from collection
+   *
+   * ```typescript
+   * await oAuthInstance.delete()
+   * ```
+   */
+  public async delete(): Promise<void> {
+    await this.keyValueStorage.deleteKey(
+      this.serviceName,
+      this.authKey
+    );
+
+    this.status = AuthStatus.DELETED;
+  }
+}

package/src/OAuth/OAuthCollection.ts

@@ -0,0 +1,138 @@
+import { Token } from '@or-sdk/base';
+import { KeyValueStorage } from '@or-sdk/key-value-storage';
+import { OAuth } from './OAuth';
+
+import { OAuthCollectionConfig, CreateOAuthInCollectionConfig, CreateOAuthResult, OAuthApp } from './types';
+
+/**
+ * OneReach Authorizer service client
+ *  ## Installation:
+ * ```
+ * $ npm i @or-sdk/authorizer
+ * ```
+ */
+export class OAuthCollection {
+  private readonly serviceName: string;
+  private readonly keyValueCollection: string;
+  private readonly keyValueStorage: KeyValueStorage;
+  private readonly localToken: Token;
+  private readonly localDiscoveryUrl: string;
+
+  /**
+   * Connects to authorization collection
+   *
+   * ```typescript
+   * import { OAuthCollection } from '@or-sdk/authorizer'
+   * const oAuthCollectionInstance = new OAuthCollection({
+   *   token: 'my-account-token-string',
+   *   discoveryUrl: 'discovery.example.onereach.ai',
+   *   serviceName: '__authorization_service_test_service',
+   *   keyValueCollections: 'custom-collection-name' // Pass this if you using custom name for key-value collection that differs from serviceName
+   * });
+   * ```
+   */
+  constructor(params: OAuthCollectionConfig) {
+    const { token, discoveryUrl, serviceName, keyValueCollection } = params;
+
+    this.localToken = token;
+    this.localDiscoveryUrl = discoveryUrl;
+    this.serviceName = serviceName;
+    this.keyValueCollection = keyValueCollection || serviceName;
+    this.keyValueStorage = new KeyValueStorage({
+      token,
+      discoveryUrl,
+    });
+  }
+
+  /**
+   * Returns array of auth keys from this collection
+   */
+  public async listAuthorizations(): Promise<string[]> {
+    const records = await this.keyValueStorage.listKeys(
+      this.keyValueCollection
+    );
+
+    return records.map((record) => record.key);
+  }
+
+  /**
+   * Returns array of OAuth applications for this service
+   */
+  public async listOAuthApps(): Promise<OAuthApp[]> {
+    const appsStorageRecord = await this.keyValueStorage.getValueByKey(
+      this.keyValueCollection,
+      '__authorizer_apps'
+    );
+
+    if (!appsStorageRecord.value) {
+      return [];
+    }
+
+    const appsRecords = appsStorageRecord.value as Array<{
+      label: string;
+      value: Omit<OAuthApp, 'name'>;
+    }>;
+
+    return appsRecords.map((record) => ({
+      name: record.label,
+      ...record.value,
+    }));
+  }
+
+  /**
+   * Returns OAuth instance for given key
+   */
+  public async getAuthorization(key: string): Promise<OAuth> {
+    const record = await this.keyValueStorage.getValueByKey(
+      this.keyValueCollection,
+      key
+    );
+    if (!record.value) {
+      throw new Error('This authorization does not exist');
+    }
+
+    return new OAuth({
+      serviceName: this.serviceName,
+      keyValueCollection: this.keyValueCollection,
+      authKey: key,
+      discoveryUrl: this.localDiscoveryUrl,
+      token: this.localToken,
+    });
+  }
+
+  /**
+   * Creates a new auth record in current collection with the given config.
+   * @returns Object with OAuth instance connected to created auth and authorizerUrl to redirect the user to for completing authorization
+   *
+   * ```typescript
+   *  const {
+   *    authorizeUrl, // redirect user to this url for completing authorization
+   *    instance      // new instance
+   *  } = await oAuthCollectionInstance.createAuthorization({
+   *   authName: 'my-auth-name',
+   *   appId: 'my-app-id',
+   * });
+   *
+   * // if you want to use returned instance, you must call a method that returns a promise that will be resolved when the user completes authorization process
+   * // if not, you can omit this step
+   * try {
+   *   await instance.waitForCompletion()
+   * } catch (e) {
+   *   // will be called if the user does not complete authorization within 5 minutes
+   * }
+   * ```
+   */
+  public async createAuthorization(
+    params: CreateOAuthInCollectionConfig,
+  ): Promise<CreateOAuthResult> {
+    return await OAuth.create({
+      discoveryUrl: this.localDiscoveryUrl,
+      token: this.localToken,
+      appId: params.appId,
+      keyValueCollection: this.keyValueCollection,
+      scope: params.scope,
+      serviceName: this.serviceName,
+      authName: params.authName,
+    });
+  }
+}