@or-sdk/authorizer 0.24.17 → 0.24.18

package/src/OAuthCollection/OAuthCollection.ts

@@ -0,0 +1,348 @@
+import { Token, List, makeList } from '@or-sdk/base';
+import { KeyValueStorage } from '@or-sdk/key-value-storage';
+import { Providers } from '@or-sdk/providers';
+import { OAuth } from '../OAuth/OAuth';
+
+import {
+  CreateOAuthInCollectionConfig,
+  CreateOAuthResult,
+  OAuthCollectionConfig,
+  OAuthApp,
+  OAuthCollectionInitConfig,
+  OAuthDynamicCollection,
+  OAuthService,
+} from '../OAuth/types';
+
+export class OAuthCollection {
+  private readonly token: Token;
+  private readonly providers: Providers;
+  private readonly discoveryUrl: string;
+  private readonly accountId: string | undefined;
+  private readonly sdkUrl: string | undefined;
+  private readonly eventManagerUrl: string | undefined;
+  private readonly providersAccountId: string | undefined;
+  private readonly crossAccount: boolean;
+  private keyValueCollection: string;
+  private keyValueStorage: KeyValueStorage;
+  private serviceName: string;
+
+  constructor(params: OAuthCollectionConfig) {
+    const {
+      token,
+      discoveryUrl,
+      accountId,
+      serviceName,
+      keyValueCollection,
+      eventManagerUrl,
+      providersAccountId,
+      sdkUrl,
+      crossAccount = true,
+    } = params;
+
+    this.token = token;
+    this.sdkUrl = sdkUrl;
+    this.accountId = accountId;
+    this.crossAccount = crossAccount;
+    this.discoveryUrl = discoveryUrl;
+    this.serviceName = serviceName || '';
+    this.eventManagerUrl = eventManagerUrl;
+    this.providersAccountId = providersAccountId;
+    this.keyValueCollection = keyValueCollection || serviceName || '';
+
+    this.keyValueStorage = new KeyValueStorage({
+      token,
+      discoveryUrl,
+      accountId: crossAccount ? accountId : undefined,
+      sdkUrl,
+    });
+
+    this.providers = new Providers({
+      token,
+      discoveryUrl,
+      eventManagerUrl,
+      providersAccountId,
+    });
+  }
+
+
+  /**
+   * Allows to explicitly (re)initialize collection parameters
+   */
+  public init(params: OAuthCollectionInitConfig): void {
+    const { serviceName, keyValueCollection } = params;
+
+    this.serviceName = serviceName || this.serviceName;
+    this.keyValueCollection = keyValueCollection || this.keyValueCollection || this.serviceName;
+
+    if (!this.serviceName) {
+      throw new Error('No service name provided.');
+    }
+  }
+
+
+  /**
+   * Returns array of auth keys from this collection
+   */
+  public async listAuthorizations(dynamicCollection?: string): Promise<List<string>> {
+    const { items: records } = await this.keyValueStorage.listKeys(
+      this.keyValueCollection
+    );
+
+    const pattern = dynamicCollection ? `::oauth-collection::${dynamicCollection}` : '::oauth::';
+
+    return makeList<string>(records.map((record) => record.key)
+      .filter(key => key.includes(pattern)));
+  }
+
+  /**
+   * Returns array of OAuth applications for this service
+   */
+  public async listOAuthApps(): Promise<List<OAuthApp>> {
+    const appsStorageRecord = await this.keyValueStorage.getValueByKey(
+      this.keyValueCollection,
+      '__authorizer_apps'
+    );
+
+    if (!appsStorageRecord.value) {
+      return makeList<OAuthApp>([]);
+    }
+
+    const appsRecords = appsStorageRecord.value as Array<{
+      label: string;
+      value: Omit<OAuthApp, 'name'>;
+    }>;
+
+    return makeList<OAuthApp>(appsRecords.map((record) => ({
+      name: record.label,
+      ...record.value,
+    })));
+  }
+
+
+  /**
+   * Returns OAuth instance for given key
+   */
+  public async getAuthorization(key: string, dynamicCollection?: string): Promise<OAuth> {
+    if (!this.serviceName) throw new Error('No service name provided.');
+    let authName = undefined;
+
+    if (dynamicCollection) {
+      const { value } = await this.keyValueStorage.getValueByKey(
+        '__authorizer_dynamic_collections',
+        dynamicCollection
+      );
+
+      if (!value) {
+        throw new Error('Cynamic collection name is invalid');
+      }
+
+      const collection = value as OAuthDynamicCollection;
+      if (collection.service !== this.serviceName) {
+        throw new Error('Dynamic Collection and is related to other service than SDK Service Name');
+      }
+
+      authName = key;
+      key = collection.authorizations[key];
+
+    } else {
+      const { value } = await this.keyValueStorage.getValueByKey(
+        this.keyValueCollection,
+        encodeURIComponent(key)
+      );
+
+      if (!value) {
+        throw new Error('This authorization does not exist');
+      }
+    }
+
+    if (!key.includes('::oauth')) throw new Error('The OAuth authorization key should contain "oauth" type specifier.');
+
+    return new OAuth({
+      authName,
+      authKey: key,
+      dynamicCollection,
+      discoveryUrl: this.discoveryUrl,
+      eventManagerUrl: this.eventManagerUrl,
+      keyValueCollection: this.keyValueCollection,
+      providersAccountId: this.providersAccountId,
+      sdkUrl: this.sdkUrl,
+      serviceName: this.serviceName,
+      token: this.token,
+    });
+  }
+
+
+  /**
+   * Creates a new auth record in current collection with the given config.
+   * @returns Object with OAuth instance connected to created auth and authorizerUrl
+   *          to redirect the user to for completing authorization
+   *
+   * ```typescript
+   *  const {
+   *    authorizeUrl, // redirect user to this url for completing authorization
+   *    instance      // new instance
+   *  } = await oAuthCollectionInstance.createAuthorization({
+   *   authName: 'my-auth-name',
+   *   appId: 'my-app-id',
+   *
+   *   // Optional params
+   *   sdkUrl: 'sdkapi.staging.api.onereach.ai'      // SDK API url. If passed, won't be fetched from discovery.
+   *   eventManagerUrl: 'em.staging.api.onereach.ai' // Event Manager url. If passed, won't be fetched from discovery.
+   *   providersAccountId: 'providers-account-id-v4' // Account ID of provider account. If passed, won't be fetched from discovery.
+   *   keyValueCollection: 'custom_collection_name'  // Pass this if you using custom name for key-value collection
+   *                                                 // that differs from serviceName.
+   *   destinationAccount: 'CUSTOM' or 'PROVIDER'    // Allows to save authorization data to custom account.
+   *   customAccountId: 'custom-account-uuid-v4'     // Account ID for destinationAccount == "CUSTOM".
+   *   useNextProvider: boolean (default: false)     // Use authorizer-next redirect endpoint.
+   *   userScope: 'user:read'                        // Scopes for Slack service.
+   *   useNonce: true                                // Allows to use Nonce to avoid repetition attacks.
+   * });
+   *
+   * // if you want to use returned instance, you must call a method
+   *    that returns a promise that will be resolved when the user completes authorization process
+   * // if not, you can omit this step
+   * try {
+   *   await instance.waitForCompletion()
+   * } catch (e) {
+   *   // will be called if the user does not complete authorization within 5 minutes
+   * }
+   * ```
+   */
+  public async createAuthorization(
+    params: CreateOAuthInCollectionConfig,
+  ): Promise<CreateOAuthResult> {
+    if (!this.serviceName) throw new Error('No service name provided.');
+    return await OAuth.create({
+      ...params,
+      accountId: this.accountId,
+      crossAccount: this.crossAccount,
+      discoveryUrl: this.discoveryUrl,
+      eventManagerUrl: this.eventManagerUrl,
+      keyValueCollection: this.keyValueCollection,
+      providersAccountId: this.providersAccountId,
+      sdkUrl: this.sdkUrl,
+      serviceName: this.serviceName,
+      token: this.token,
+    });
+  }
+
+
+  /**
+   * Returns a list of predefined OAuth Services
+   */
+  public async listPredefinedServices(): Promise<Record<string, unknown>[]> {
+
+    const globalServices = await this.providers.makeRequest({
+      method: 'GET',
+      route: 'authorizer/services/list',
+      params: {
+        type: 'list',
+      },
+    }) as Record<string, unknown>;
+
+
+    const globalServicesList = Object.keys(globalServices).map(record => {
+      const label = record.split('__authorization_service_')[1]
+        .replace(/_/g, ' ');
+
+      const value = globalServices[record];
+
+      return {
+        label,
+        value,
+      };
+    }) as Record<string, unknown>[];
+
+
+    const localServices = await this.keyValueStorage.listKeys(
+      '__authorization_service_predefined_services_local',
+      undefined,
+      true
+    ) as unknown as Record<string, Record<string, string>[]>;
+
+
+    const localServicesList = localServices.items.map(el => {
+      const label = el.key
+        .split('__authorization_service_')[1]
+        .replace(/_/g, ' ') + ' (local)';
+
+      const value = el.value;
+      return {
+        label,
+        value,
+      };
+    });
+
+    return [...globalServicesList, ...localServicesList];
+  }
+
+
+  /**
+   * Defines a Local service
+   */
+  public async defineService(params: Omit<OAuthService, 'serviceName'>): Promise<void> {
+    if (!this.serviceName) throw new Error('No service name provided.');
+    const newService = {
+      ...params,
+      serviceName: this.serviceName,
+    } as OAuthService;
+
+    this.keyValueStorage.setValueByKey(
+      '__authorization_service_predefined_services_local',
+      this.serviceName,
+      newService
+    );
+  }
+
+
+  /**
+   * Creates a Dynamic OAuth collection
+   */
+  public async createDynamicCollection(dynamicCollectionName: string): Promise<void> {
+    if (!this.serviceName) throw new Error('No service name provided.');
+    if (!dynamicCollectionName) throw new Error('Dynamic collection name is empty or invalid');
+    const { value } = await this.keyValueStorage.getValueByKey(
+      '__authorizer_dynamic_collections',
+      dynamicCollectionName
+    );
+    const collection = value as OAuthDynamicCollection;
+
+    if (!value) {
+      await this.keyValueStorage.setValueByKey('__authorizer_dynamic_collections', dynamicCollectionName, {
+        name: dynamicCollectionName,
+        type: 'oauth',
+        service: this.keyValueCollection,
+        serviceConfigName: this.serviceName,
+        authorizations: {},
+      });
+    } else if (collection.type === 'oauth' && collection.service === this.serviceName) {
+      throw new Error('Same collection already exists');
+    } else {
+      throw new Error('Different collection exists with this name');
+    }
+  }
+
+  /**
+   * Deletes a Dynamic OAuth collection
+   */
+  public async deleteDynamicCollection(dynamicCollectionName: string): Promise<void> {
+    if (!dynamicCollectionName) throw new Error('Dynamic collection name is empty or invalid');
+    const { value } = await this.keyValueStorage.getValueByKey(
+      '__authorizer_dynamic_collections',
+      dynamicCollectionName
+    );
+    const collection = value as OAuthDynamicCollection;
+
+    await Promise.all(
+      Object.keys(collection.authorizations)
+        .map(authName => {
+          return this.keyValueStorage.deleteKey(
+            collection.service,
+            encodeURIComponent(collection.authorizations[authName])
+          );
+        })
+    ).catch(() => {});
+
+    await this.keyValueStorage.deleteKey('__authorizer_dynamic_collections', dynamicCollectionName);
+  }
+}

package/src/OAuthCollection/index.ts

@@ -0,0 +1,3 @@
+export { OAuthCollection } from './OAuthCollection';
+
+export * from '../OAuth/types';

package/src/Token/TokenCollection.ts

@@ -1,78 +1,305 @@
-import { Token } from '@or-sdk/base';
+import { makeList, List } from '@or-sdk/base';
+import { Providers } from '@or-sdk/providers';
 import { KeyValueStorage } from '@or-sdk/key-value-storage';
-import { TokenAuth } from './TokenAuth';
+import { v4 as uuidv4 } from 'uuid';
+import { createAuthKey, createDynamicKey } from './utils/createAuthKey';
 
 import {
   TokenCollectionConfig,
   CreateTokenAuthInCollectionConfig,
+  TokenAuthData,
+  TokenDynamicCollection,
 } from './types';
 
 export class TokenCollection {
-  private readonly serviceName: string;
+  private serviceName: string;
   private readonly keyValueStorage: KeyValueStorage;
-  private readonly localToken: Token;
-  private readonly localDiscoveryUrl: string;
+  private readonly providers: Providers;
 
   constructor(params: TokenCollectionConfig) {
-    const { token, discoveryUrl, serviceName } = params;
+    const { token, discoveryUrl, serviceName, accountId } = params;
 
-    this.localToken = token;
-    this.localDiscoveryUrl = discoveryUrl;
-    this.serviceName = serviceName;
+    this.serviceName = serviceName || '';
     this.keyValueStorage = new KeyValueStorage({
       token,
       discoveryUrl,
+      accountId,
+    });
+
+    this.providers = new Providers({
+      token,
+      discoveryUrl,
     });
   }
 
+
+  /**
+   * Allows to explicitly (re-)set authorization service name
+   */
+  public init(serviceName: string) {
+    if (!serviceName) throw new Error('Servide name is required.');
+
+    this.serviceName = serviceName;
+  }
+
+
   /**
    * Returns array of auth keys from this collection
    */
-  public async listAuthorizations(): Promise<string[]> {
-    const { items: records } = await this.keyValueStorage.listKeys(this.serviceName);
+  public async listAuthorizations(dynamicCollectionName?: string): Promise<List<string>> {
+    const { items: records } = await this.keyValueStorage.listKeys(this.serviceName, '', false);
+
+    const pattern = dynamicCollectionName ? `::token-collection::${dynamicCollectionName}` : '::token::';
 
-    return records.map((record) => record.key);
+    return makeList<string>(records.map((record) => record.key).filter(key => key.includes(pattern)));
   }
 
   /**
    * Returns TokenAuth instance for given key
    */
-  public async getAuthorization(key: string): Promise<TokenAuth> {
-    const record = await this.keyValueStorage.getValueByKey(this.serviceName, key);
+  public async getAuthorization(key: string, dynamicCollectionName: string): Promise<TokenAuthData> {
+    if (!this.serviceName) throw new Error('Service name is not defined.');
+
+    if (dynamicCollectionName) {
+      const { value } = await this.keyValueStorage.getValueByKey(
+        '__authorizer_dynamic_collections',
+        dynamicCollectionName
+      );
+      const collection = value as TokenDynamicCollection;
+      if (!collection) throw new Error('Dynamic collection name is invalid');
+
+      key = collection.authorizations[key];
+    }
+    if (!key.includes('::token')) throw new Error('The Token authorization key should contain "token" type specifier.');
+
+
+    const record = await this.keyValueStorage.getValueByKey(this.serviceName, encodeURIComponent(key));
     if (!record.value) {
       throw new Error('Authorization does not exist');
     }
 
-    return new TokenAuth({
-      serviceName: this.serviceName,
-      authKey: key,
-      discoveryUrl: this.localDiscoveryUrl,
-      token: this.localToken,
-    });
+    const authData = record.value as Omit<TokenAuthData, 'key'>;
+
+    if (!(authData.auth_name || authData._auth_name) || !(authData.date_created || authData._date_created)) {
+      throw new Error('Authorization is invalid.');
+    }
+
+    return {
+      ...authData,
+      key,
+    } as TokenAuthData;
   }
 
+
   /**
    * Creates a new auth record in current collection with the given config.
-   * @returns TokenCollection instance connected to created auth
+   * @returns TokenAuthData object
    *
    * ```typescript
-   * const tokenCollectionInstance = await tokenCollectionInstance.createAuthorization({
+   * const tokenAuthData = await tokenCollectionInstance.createAuthorization({
    *   authName: 'my-auth-name',
    *   credentials: {
    *      token: 'secrettoken'
-   *   }
+   *   },
+   *   dynamicCollection: 'my-dynamic-collection' // Optional
    * });
    * ```
    */
   public async createAuthorization(
     params: CreateTokenAuthInCollectionConfig
-  ): Promise<TokenAuth> {
-    return await TokenAuth.create({
-      discoveryUrl: this.localDiscoveryUrl,
-      token: this.localToken,
-      serviceName: this.serviceName,
-      authName: params.authName,
-      credentials: params.credentials,
-    });
+  ): Promise<TokenAuthData> {
+    const { authName, credentials, dynamicCollection, destinationAccount = 'CURRENT', customAccountId } = params;
+
+    if (!this.serviceName) throw new Error('Service name is not defined.');
+    if (!authName || !credentials) throw new Error('Invalid authorization parameters passed.');
+
+    const id = uuidv4();
+    const authKey = dynamicCollection ? createDynamicKey(id, dynamicCollection) : createAuthKey(id, authName);
+
+    const authData = {
+      ...credentials,
+      auth_name: authName,
+      _date_created: new Date().toISOString(),
+    } as Omit<TokenAuthData, 'key'>;
+
+    if (dynamicCollection) {
+      const { value } = await this.keyValueStorage.getValueByKey('__authorizer_dynamic_collections', dynamicCollection);
+
+      const collection = (value || {
+        name: dynamicCollection,
+        type: 'token',
+        service: this.serviceName,
+        serviceConfigName: this.serviceName,
+        authorizations: {},
+      }) as TokenDynamicCollection;
+
+      if (collection.type !== 'token' || collection.service !== this.serviceName) {
+        throw new Error('Dynamic collection\'s type or service is invalid');
+      }
+
+      collection.authorizations[authName] = authKey;
+      await this.keyValueStorage.setValueByKey('__authorizer_dynamic_collections', dynamicCollection, collection);
+    }
+
+    // Accounts handling
+    if (destinationAccount === 'CURRENT') {
+      await this.keyValueStorage.setValueByKey(this.serviceName, encodeURIComponent(authKey), authData);
+    } else {
+      const localRecord = {
+        auth_name: authData.auth_name,
+        isRemote: true,
+        id,
+      };
+
+      if (destinationAccount === 'CUSTOM' && !customAccountId) {
+        throw new Error('Custom Account ID is required if destinationAccount === "CUSTOM"');
+      }
+
+      await this.providers.makeRequest({
+        route: 'authorizer/redirect',
+        params: {
+          method: 'PUT',
+          data: {
+            authData,
+            id,
+            storeAccount: destinationAccount,
+            storeCustomAccountId: destinationAccount === 'CUSTOM' ? customAccountId : undefined,
+          },
+        },
+      }).catch(() => { throw new Error('Could not save token to the specified account');});
+
+      await this.keyValueStorage.setValueByKey(this.serviceName, encodeURIComponent(authKey), localRecord);
+    }
+
+    return {
+      ...authData,
+      key: authKey,
+    } as TokenAuthData;
+  }
+
+
+  /**
+   * Updates credentials
+   */
+  public async updateAuthorization(
+    tokenAuth: TokenAuthData,
+    newCredentials: Record<string, unknown>
+  ): Promise<TokenAuthData> {
+    if (!this.serviceName) throw new Error('Service name is not defined.');
+    if (!newCredentials) throw new Error('New credentials are empty or invalid');
+    if (!tokenAuth || !tokenAuth.auth_name || !(tokenAuth.date_created || tokenAuth._date_created)) {
+      throw new Error('Token authorization data is invalid');
+    }
+
+    const updatedData = {
+      ...tokenAuth,
+      ...newCredentials,
+      auth_name: tokenAuth.auth_name,
+      _date_created: tokenAuth._date_created,
+      key: undefined,
+    };
+
+    const response = await this.keyValueStorage.setValueByKey(
+      this.serviceName,
+      encodeURIComponent(tokenAuth.key),
+      updatedData
+    );
+
+    const updatedRecord = response.value as Omit<TokenAuthData, 'key'>;
+    return {
+      ...updatedRecord,
+      key: tokenAuth.key,
+    } as TokenAuthData;
+  }
+
+
+  /**
+   * Deletes authorization from collection
+   */
+  public async deleteAuthorization(key: string): Promise<void> {
+    if (!this.serviceName) throw new Error('Service name is not defined.');
+    if (!key) throw new Error('Key is missing or invalid');
+
+    if (key.includes('::token-collection::')) {
+      const dynamicCollectionName = key.split('::')[2].split(' ')[0];
+      const { value } = await this.keyValueStorage.getValueByKey(
+        '__authorizer_dynamic_collections',
+        dynamicCollectionName
+      );
+
+      const collection = value as TokenDynamicCollection;
+      if (collection) {
+        const authName = Object.keys(collection.authorizations)
+          .find(name => collection.authorizations[name] === key);
+
+        if (authName) {
+          delete collection.authorizations[authName];
+          await this.keyValueStorage.setValueByKey(
+            '__authorizer_dynamic_collections',
+            dynamicCollectionName,
+            collection
+          );
+        }
+      }
+    }
+    await this.keyValueStorage.deleteKey(this.serviceName, encodeURIComponent(key));
+  }
+
+
+  /**
+   * Creates a Dynamic Token collection
+   */
+  public async createDynamicCollection(dynamicCollectionName: string): Promise<void> {
+    if (!dynamicCollectionName) throw new Error('Dynamic collection name is empty or invalid');
+    const { value } = await this.keyValueStorage.getValueByKey(
+      '__authorizer_dynamic_collections',
+      dynamicCollectionName
+    );
+    const collection = value as TokenDynamicCollection;
+
+    if (!value) {
+      await this.keyValueStorage.setValueByKey(
+        '__authorizer_dynamic_collections',
+        dynamicCollectionName,
+        {
+          name: dynamicCollectionName,
+          type: 'token',
+          service: this.serviceName,
+          serviceConfigName: this.serviceName,
+          authorizations: {},
+        });
+    } else if (collection.type === 'oauth' && collection.service === this.serviceName) {
+      throw new Error('Same collection already exists');
+    } else {
+      throw new Error('Different collection exists with this name');
+    }
+  }
+
+
+  /**
+   * Deletes a Dynamic collection
+   */
+  public async deleteDynamicCollection(dynamicCollectionName: string): Promise<void> {
+    if (!dynamicCollectionName) throw new Error('Dynamic collection name is empty or invalid');
+    const { value } = await this.keyValueStorage.getValueByKey(
+      '__authorizer_dynamic_collections',
+      dynamicCollectionName
+    );
+    const collection = value as TokenDynamicCollection;
+
+    await Promise.all(
+      Object.keys(collection.authorizations)
+        .map(authName => {
+          return this.keyValueStorage.deleteKey(
+            collection.service,
+            encodeURIComponent(collection.authorizations[authName])
+          );
+        })
+    ).catch(() => {});
+
+    await this.keyValueStorage.deleteKey(
+      '__authorizer_dynamic_collections',
+      dynamicCollectionName
+    );
   }
 }

package/src/Token/index.ts

@@ -0,0 +1,3 @@
+export { TokenCollection } from './TokenCollection';
+
+export * from './types';