@or-sdk/authorizer 0.25.0-beta.647.0 → 0.25.0

package/src/OAuth/OAuth.ts

@@ -1,9 +1,7 @@
 import { KeyValueStorage } from '@or-sdk/key-value-storage';
-import { EventManager } from '@or-sdk/event-manager';
+import { Providers } from '@or-sdk/providers';
 import { timeout } from '@or-sdk/base';
 
-import { v4 as uuidv4 } from 'uuid';
-
 import {
   OAuthConfig,
   OAuthData,
@@ -11,54 +9,116 @@ import {
   CreateOAuthConfig,
   CreateOAuthResult,
   ServiceDefinitionConfig,
+  OAuthDynamicCollection,
+  OAuthInitData,
+  StepContext,
 } from './types';
 
 import {
   SERVICE_PROVIDER_PATH,
   OAUTH_REDIRECT_PROVIDER_PATH,
-  PREDEFINED_APP,
-  TEMPORARY_DATA_EXPIRATION_TIME,
   AuthStatus,
 } from '../constants';
 
-import { formatScope } from './utils/formatScope';
 import { isExpired } from './utils/isExpired';
 import { ServiceDefinition } from './utils/ServiceDefinition';
-import { createAuthKey } from './utils/createAuthKey';
+import OAuthCreator from './utils/createOAuthHelper';
 
 export class OAuth {
   private status = AuthStatus.READY;
 
-  private readonly authKey: string;
-  private readonly serviceName: string;
-  private readonly keyValueCollection: string;
+  private authKey: string;
+  private serviceName: string;
+  private keyValueCollection: string;
+  private dynamicCollection: string | undefined;
+  private authName: string | undefined;
   private readonly keyValueStorage: KeyValueStorage;
-  private readonly eventManager: EventManager;
+  private readonly providers: Providers;
 
   constructor(params: OAuthConfig) {
-    const { token, discoveryUrl, authKey, serviceName, keyValueCollection } =
-      params;
+    const {
+      accountId,
+      authKey,
+      authName,
+      discoveryUrl,
+      eventManagerUrl,
+      keyValueCollection,
+      providersAccountId,
+      dynamicCollection,
+      serviceName,
+      token,
+    } = params;
+
+    if (!(authKey && serviceName)) {
+      throw new Error('Invalit OAuth params passed.');
+    }
+
+    if (!discoveryUrl && !(eventManagerUrl && providersAccountId)) {
+      throw new Error('OAuth require Discovery URL or both Event Manager URL and Providers Account ID');
+    }
+
+    if (dynamicCollection && !authName) {
+      throw new Error('Dynamic authorization require Authorization name.');
+    }
 
     this.authKey = authKey;
+    this.authName = authName;
     this.serviceName = serviceName;
+    this.dynamicCollection = dynamicCollection;
     this.keyValueCollection = keyValueCollection || serviceName;
 
     this.keyValueStorage = new KeyValueStorage({
       token,
       discoveryUrl,
+      accountId,
     });
 
-    this.eventManager = new EventManager({
+    this.providers = new Providers({
       token,
       discoveryUrl,
-      requestAccountId: true,
-      requestProvidersAccountId: true,
+      eventManagerUrl,
+      providersAccountId,
     });
   }
 
+  /**
+   * Changes the target authorization of instance
+   */
+  public async init(params: OAuthInitData) {
+    this.serviceName = params.serviceName || this.serviceName;
+    this.authKey = params.authKey || this.authKey;
+    this.authName = params.authName || this.authName;
+    this.keyValueCollection = params.keyValueCollection || this.keyValueCollection;
+    this.dynamicCollection = params.dynamicCollection || this.dynamicCollection;
+
+    if (this.dynamicCollection && ! this.authName) {
+      throw new Error('Dynamic collection requires an authName to initialize');
+    }
+
+    if (params.authName && this.dynamicCollection) {
+      const collection = await this.keyValueStorage.getValueByKey(
+        '__authorizer_dynamic_collections',
+        this.dynamicCollection
+      ).then(res => res.value) as OAuthDynamicCollection;
+
+      if (!collection) {
+        throw new Error('Dynamic collection is invalid');
+      }
+
+      this.authKey = collection.authorizations[this.authName as string];
+    }
+
+    this.status = await this.keyValueStorage.getValueByKey(
+      this.keyValueCollection,
+      this.authKey
+    ).then(res => res.value ? AuthStatus.READY : AuthStatus.PENDING)
+      .catch(e => { throw new Error('Could not request authorization: ' + e.message); });
+  }
+
   /**
    * Creates a new auth record in specified collection with the given config.
-   * @returns Object with OAuth instance connected to created auth and authorizerUrl to redirect the user to for completing authorization
+   * @returns Object with OAuth instance connected to created auth and authorizerUrl
+   *            to redirect the user to for completing authorization
    *
    * ```typescript
    *  const {
@@ -66,14 +126,32 @@ export class OAuth {
    *    instance      // new instance
    *  } = await OAuth.create({
    *   token: 'my-account-token-string',
-   *   discoveryUrl: 'discovery.example.onereach.ai',
+   *   discoveryUrl: 'https://discovery.qa.api.onereach.ai/',
    *   serviceName: '__authorization_service_test_service',
    *   authName: 'my-auth-name',
    *   appId: 'my-app-id',
-   *   keyValueCollection: 'custom_collection_name' // Pass this if you using custom name for key-value collection that differs from serviceName
+   *
+   *   // Optional params
+   *   sdkUrl: 'https://sdkapi.qa.api.onereach.ai'     // SDK API url. If passed, won't be fetched from discovery.
+   *   eventManagerUrl: 'https://em.qa.api.onereach.ai'// Event Manager url. If passed, won't be fetched from discovery.
+   *   providersAccountId: 'providers-account-id'      // ID of provider account.
+   *                                                   //   If passed, won't be fetched from discovery.
+   *   keyValueCollection: 'custom_collection_name'    // Pass this if you using custom name for key-value collection
+   *                                                   //   that differs from serviceName.
+   *   destinationAccount: 'CUSTOM' or 'PROVIDER'      // Allows to save authorization data to custom account.
+   *   customAccountId: 'custom-account-uuid-v4'       // Account ID for destinationAccount == "CUSTOM".
+   *   accountId: 'current-account-ID'                 // Account ID of current account (see crossAccount).
+   *   crossAccount: boolean (default: true)           // Treat accountId as custom account ID (SUPER-ADMIN only).
+   *                                                   //   If crossAccount=false, account ID is treated
+   *                                                   //   as current account ID.
+   *   useNextProvider: boolean (default: false)       // Use authorizer-next redirect endpoint.
+   *   userScope: 'user:read'                          // Scopes for Slack service.
+   *   useNonce: true                                  // Allows to use Nonce to avoid repetition attacks.
+   *   authKey: 'old::auth::key'                       // If passed, will reauthorize an existing authorization.
    * });
    *
-   * // if you want to use returned instance, you must call a method that returns a promise that will be resolved when the user completes authorization process
+   * // if you want to use returned instance, you must call a method that returns a promise
+   * // that will be resolved when the user completes authorization process
    * // if not, you can omit this step
    * try {
    *   await instance.waitForCompletion()
@@ -85,139 +163,10 @@ export class OAuth {
   static async create(
     params: CreateOAuthConfig
   ): Promise<CreateOAuthResult> {
-    if (
-      !(
-        params.serviceName &&
-        params.authName &&
-        params.discoveryUrl &&
-        params.token &&
-        params.appId
-      )
-    ) {
-      throw new Error('Invalid config passed');
-    }
-
-    const { serviceName, authName, discoveryUrl, token, appId, scope } = params;
-
-    const keyValueCollection = params.keyValueCollection || serviceName;
-
-    const keyValueStorage = new KeyValueStorage({
-      token,
-      discoveryUrl,
-    });
-
-    const eventManager = new EventManager({
-      token,
-      discoveryUrl,
-      requestAccountId: true,
-      requestProvidersAccountId: true,
-    });
-
-    await eventManager.init();
-
-    const serviceDefinitionProviderRoute = `http/${eventManager.providersAccountId}${SERVICE_PROVIDER_PATH}`;
-
-    const services = await eventManager.makeRequest<{
-      [key: string]: ServiceDefinitionConfig;
-    }>({
-      method: 'GET',
-      route: serviceDefinitionProviderRoute,
-      params: {
-        type: 'list',
-      },
-    });
-
-    const currentServiceData = services[serviceName];
-
-    const apps = await keyValueStorage.getValueByKey(
-      keyValueCollection,
-      '__authorizer_apps'
-    );
 
-    const currentApp: OAuthApp = (apps.value as any).find(
-      (app: { label: string; value: OAuthApp; }) => app.value.appId === appId
-    ).value;
+    const { authorizeUrl, oAuthParams } = await (new OAuthCreator(params)).getOAuthParams();
 
-    const serviceDefinition = new ServiceDefinition(
-      currentServiceData,
-      currentApp.authLinkParams,
-      currentApp.environment
-    );
-
-    const id = uuidv4();
-    const authKey = createAuthKey(id, authName, keyValueCollection, eventManager.currentAccountId);
-
-    const additionalBodyData = {};
-    const additionalHeaders = {};
-
-    const emUrl = eventManager.serviceUrl;
-    const redirectProviderUrl = `${emUrl}/http/${eventManager.providersAccountId}${OAUTH_REDIRECT_PROVIDER_PATH}`;
-
-    const authConfigs: any = {
-      ...additionalBodyData,
-      grant_type: 'authorization_code',
-      redirect_uri: redirectProviderUrl,
-      appId,
-    };
-
-    if (scope) {
-      const formattedScope = formatScope(scope, serviceDefinition.scopeType);
-      authConfigs.scope = formattedScope;
-    }
-
-    const configs = {
-      [serviceDefinition.requestDataType]: authConfigs,
-    };
-
-    const tempAuthData = {
-      expiresInDefaultValue: serviceDefinition.expiresInDefaultValue,
-      urlToExchangeToken: serviceDefinition.exchangeTokenUri,
-      refreshUri: serviceDefinition.refreshUri,
-      additionalHeaders,
-      configs,
-      isCustomApp: appId !== PREDEFINED_APP,
-      requestDataType: serviceDefinition.requestDataType,
-      service: keyValueCollection,
-      serviceConfigName: serviceName,
-      name: authName,
-      displayServiceName: serviceDefinition.displayServiceName,
-      accountId: eventManager.currentAccountId,
-    };
-
-    const authDataExpire = Date.now() + TEMPORARY_DATA_EXPIRATION_TIME;
-    await keyValueStorage.setValueByKey(
-      '__authorizer_temp-uuid',
-      id,
-      tempAuthData,
-      authDataExpire
-    );
-
-    const authUrl = new URL(serviceDefinition.authorizeUri);
-    const additionalParams: { [key: string]: string; } = JSON.parse(
-      serviceDefinition.authRequestAdditionalParams
-    );
-
-    Object.entries(additionalParams.queryParams).forEach(([key, value]) => {
-      authUrl.searchParams.append(key, value);
-    });
-    authUrl.searchParams.append('response_type', 'code');
-    authUrl.searchParams.append('client_id', currentApp.clientId);
-    authUrl.searchParams.append('redirect_uri', redirectProviderUrl);
-    authUrl.searchParams.append('state', authKey);
-
-    if (scope) {
-      const formattedScope = formatScope(scope, serviceDefinition.scopeType);
-      authUrl.searchParams.append('scope', formattedScope);
-    }
-
-    const authorizeUrl = authUrl.href;
-
-    const newOAuth = new OAuth({
-      serviceName,
-      authKey,
-      discoveryUrl,
-      token,
-    });
+    const newOAuth = new OAuth(oAuthParams);
 
     newOAuth.status = AuthStatus.PENDING;
 
@@ -251,15 +200,12 @@ export class OAuth {
   }
 
   private async getServiceDefinition(currentApp: OAuthApp): Promise<ServiceDefinition> {
-    await this.eventManager.init();
-
-    const serviceDefinitionProviderRoute = `http/${this.eventManager.providersAccountId}${SERVICE_PROVIDER_PATH}`;
 
-    const services = await this.eventManager.makeRequest<{
+    const services = await this.providers.makeRequest<{
       [key: string]: ServiceDefinitionConfig;
     }>({
       method: 'GET',
-      route: serviceDefinitionProviderRoute,
+      route: SERVICE_PROVIDER_PATH,
       params: {
         type: 'list',
       },
@@ -299,7 +245,7 @@ export class OAuth {
       while (spentTime < pollTimeout) {
         const record = await this.keyValueStorage.getValueByKey(
           this.keyValueCollection,
-          this.authKey
+          encodeURIComponent(this.authKey)
         );
 
         if (record.value) {
@@ -330,14 +276,27 @@ export class OAuth {
    * const authData = await oAuthInstance.getAuthData()
    * ```
    */
-  public async getAuthData(): Promise<OAuthData> {
-    if (this.status !== AuthStatus.READY) {
-      throw new Error('This authorization is not ready');
+  public async getAuthData(stepThis: StepContext): Promise<OAuthData> {
+    if (stepThis) {
+      if (this.authKey === 'inherited') {
+        this.authKey = stepThis.getShared('shared_' + this.keyValueCollection) as string;
+      }
+
+      const ttl = (new Date(stepThis.session.expirationDate).getTime() - Date.now()) + 24 * 60 * 60 * 1000;
+      stepThis.setShared('shared_' + this.keyValueCollection, this.authKey, ttl);
+    }
+
+    if (this.status !== AuthStatus.READY && !await this.keyValueStorage.getValueByKey(
+      this.keyValueCollection,
+      this.authKey)) {
+      throw new Error('This authorization is invalid or not ready');
+    } else {
+      this.status = AuthStatus.READY;
     }
 
     const { value } = await this.keyValueStorage.getValueByKey(
-      this.serviceName,
-      this.authKey
+      this.keyValueCollection,
+      encodeURIComponent(this.authKey)
     );
 
     if (!value) {
@@ -351,16 +310,14 @@ export class OAuth {
       return authData;
     }
 
-    const expired = isExpired(authData.created_at, authData.expires_in);
-
-    if (!expired) {
+    if (!isExpired(authData.created_at, authData.expires_in)) {
       return authData;
     }
 
     await this.refresh();
 
     const { value: refreshedAuthData } =
-      await this.keyValueStorage.getValueByKey(this.serviceName, this.authKey);
+      await this.keyValueStorage.getValueByKey(this.keyValueCollection, encodeURIComponent(this.authKey));
 
     return refreshedAuthData as OAuthData;
   }
@@ -370,8 +327,8 @@ export class OAuth {
    */
   public async refresh(): Promise<void> {
     const { value } = await this.keyValueStorage.getValueByKey(
-      this.serviceName,
-      this.authKey
+      this.keyValueCollection,
+      encodeURIComponent(this.authKey)
     );
 
     if (!value) {
@@ -392,9 +349,9 @@ export class OAuth {
 
     const serviceDefinition = await this.getServiceDefinition(currentApp);
 
-    await this.eventManager.makeRequest({
+    await this.providers.makeRequest({
       method: 'POST',
-      route: new URL(authData.redirect_uri).pathname,
+      route: OAUTH_REDIRECT_PROVIDER_PATH,
       data: {
         refreshTokenUrl: authData.refreshUri,
         sendDataType: serviceDefinition.requestDataType,
@@ -418,8 +375,8 @@ export class OAuth {
     }
 
     const { value } = await this.keyValueStorage.getValueByKey(
-      this.serviceName,
-      this.authKey
+      this.keyValueCollection,
+      encodeURIComponent(this.authKey)
     );
 
     if (!value) {
@@ -450,10 +407,27 @@ export class OAuth {
    */
   public async delete(): Promise<void> {
     await this.keyValueStorage.deleteKey(
-      this.serviceName,
-      this.authKey
+      this.keyValueCollection,
+      encodeURIComponent(this.authKey)
     );
 
+    if (this.dynamicCollection) {
+      const { value } = await this.keyValueStorage.getValueByKey(
+        '__authorizer_dynamic_collections',
+        this.dynamicCollection
+      );
+
+      if (value) {
+        const collection = value as OAuthDynamicCollection;
+        delete collection.authorizations[this.authName as string];
+
+        await this.keyValueStorage.setValueByKey(
+          '__authorizer_dynamic_collections',
+          this.dynamicCollection, collection
+        );
+      }
+    }
+
     this.status = AuthStatus.DELETED;
   }
 }

package/src/OAuth/index.ts

@@ -0,0 +1,3 @@
+export { OAuth } from './OAuth';
+
+export * from './types';