@or-sdk/authorizer 0.25.0-beta.990.0 → 0.25.0

package/src/OAuth/utils/createOAuthHelper.ts

@@ -0,0 +1,374 @@
+import { KeyValueStorage } from '@or-sdk/key-value-storage';
+import { Providers } from '@or-sdk/providers';
+import { EVENT_MANAGER_SERVICE_KEY } from '@or-sdk/event-manager';
+import { Discovery } from '@or-sdk/discovery';
+
+import { v4 as uuidv4 } from 'uuid';
+
+import {
+  OAuthApp,
+  CreateOAuthConfig,
+  ServiceDefinitionConfig,
+  OAuthDynamicCollection,
+  LocalService,
+} from './../types';
+
+import {
+  SERVICE_PROVIDER_PATH,
+  OAUTH_REDIRECT_PROVIDER_PATH,
+  NEXT_OAUTH_REDIRECT_PROVIDER_PATH,
+  PREDEFINED_APP,
+  TEMPORARY_DATA_EXPIRATION_TIME,
+} from './../../constants';
+
+import { formatScope } from './../utils/formatScope';
+import { ServiceDefinition } from './../utils/ServiceDefinition';
+import { createAuthKey, createDynamicKey } from './../utils/createAuthKey';
+
+export default class OAuthCreator {
+  private params: CreateOAuthConfig;
+  private app: OAuthApp | undefined;
+  private authKey = '';
+  private service: ServiceDefinition | undefined;
+  private readonly keyValueStorage: KeyValueStorage;
+  private readonly providers: Providers;
+
+  constructor(params: CreateOAuthConfig) {
+    this.params = params;
+
+    this.validateInput();
+
+    this.keyValueStorage = new KeyValueStorage({
+      accountId: params.crossAccount ? params.accountId : undefined,
+      sdkUrl: params.sdkUrl,
+      token: params.token,
+    });
+
+    this.providers = new Providers({
+      token: params.token,
+      eventManagerUrl: params.eventManagerUrl,
+      providersAccountId: params.providersAccountId,
+    });
+  }
+
+  public async getOAuthParams() {
+    if (this.params.authKey) {
+      await this.resolveReauthParams();
+    }
+
+    await this.resolveDiscoveryParams();
+
+    const res = await this.getAppAndService();
+
+    this.service = res.serviceDefinition;
+    this.app = res.currentApp;
+
+
+    this.getAuthKey();
+
+    const { redirectProviderUrl, redirectPath } = await this.saveTempData();
+
+    const authorizeUrl = this.formAuthUrl(redirectPath, redirectProviderUrl);
+
+    if (this.params.dynamicCollection) {
+      this.saveToDynamicCollection;
+    }
+
+    return {
+      oAuthParams: {
+        accountId: this.params.crossAccount ? this.params.accountId : undefined,
+        authKey: this.params.useNextProvider ? ('::' + this.authKey.split('::').slice(1, 3).join('::')) : this.authKey,
+        authName: this.params.authName,
+        discoveryUrl: this.params.discoveryUrl,
+        dynamicCollection: this.params.dynamicCollection,
+        eventManagerUrl: this.params.eventManagerUrl,
+        providersAccountId: this.params.providersAccountId,
+        serviceName: this.params.serviceName,
+        token: this.params.token,
+      },
+      authorizeUrl,
+    };
+  }
+
+  private validateInput() {
+    const {
+      accountId,
+      crossAccount = true,
+      destinationAccount = 'CURRENT',
+      eventManagerUrl,
+      providersAccountId,
+      sdkUrl,
+    } = this.params;
+
+    if (!this.params.authKey) {
+      if (!this.params.appId) {
+        throw new Error('Application ID is missing');
+      } else if (!this.params.authName) {
+        throw new Error('Authorization name is missing');
+      }
+    }
+
+    if (!this.params.serviceName) {
+      throw new Error('Service name is missing');
+    } else if (!this.params.token) {
+      throw new Error('Authorization token is missing');
+    }
+
+    if (!sdkUrl || !eventManagerUrl || !providersAccountId || !accountId) {
+      if (!this.params.discoveryUrl) {
+        throw new Error('Discovery URL is missing.');
+      }
+    }
+
+    this.params.destinationAccount = destinationAccount;
+    this.params.crossAccount = crossAccount;
+    this.params.keyValueCollection =
+      this.params.keyValueCollection || this.params.serviceName;
+  }
+
+  private async resolveDiscoveryParams() {
+    const { accountId, eventManagerUrl, providersAccountId } = this.params;
+    if (accountId && eventManagerUrl && providersAccountId) {
+      return;
+    }
+
+    const discovery = new Discovery({
+      token: this.params.token,
+      discoveryUrl: this.params.discoveryUrl,
+    });
+
+    if (!accountId) {
+      this.params.accountId = await discovery.getCurrentAccountId().catch(() => {
+        throw new Error('Could not request current account ID');
+      });
+    }
+
+    if (!eventManagerUrl) {
+      this.params.eventManagerUrl = await discovery.getServiceUrl(EVENT_MANAGER_SERVICE_KEY).catch(() => {
+        throw new Error('Could not request current Event Manager URL');
+      });
+    }
+
+    if (!providersAccountId) {
+      this.params.providersAccountId = await discovery.getProvidersAccountId().catch(() => {
+        throw new Error('Could not request provider`s account ID');
+      });
+    }
+  }
+
+  private async getAppAndService() {
+
+    const services = await this.providers.makeRequest<{
+      [key: string]: ServiceDefinitionConfig;
+    }>({
+      method: 'GET',
+      route: SERVICE_PROVIDER_PATH,
+      params: {
+        type: 'list',
+      },
+    }).catch(() => { throw new Error('Could not request services list'); });
+
+    const localServices = await this.keyValueStorage.listKeys(
+      '__authorization_service_predefined_services_local',
+      undefined,
+      true
+    ) as unknown as Record<string, LocalService[]>;
+
+    localServices.items.forEach(el => (services[el.key] = el.value));
+
+    const currentServiceData = services[this.params.serviceName];
+    if (!currentServiceData) {
+      throw new Error('Service name is incorrect');
+    }
+
+    const apps = await this.keyValueStorage.getValueByKey(
+      this.params.keyValueCollection as string,
+      '__authorizer_apps'
+    );
+
+    if (!apps || !apps.value) {
+      throw new Error('Apps are missing in service collection');
+    }
+
+    // eslint-disable-next-line
+    const currentApp = (apps.value as any).find(
+      (app: { label: string; value: OAuthApp; }) => app.value.appId === this.params.appId
+    ).value;
+
+    return {
+      currentApp,
+      serviceDefinition: new ServiceDefinition(
+        currentServiceData,
+        currentApp.authLinkParams,
+        currentApp.environment
+      ),
+    };
+  }
+
+  private async resolveReauthParams() {
+    const old_auth_record = await this.keyValueStorage.getValueByKey(
+      this.params.keyValueCollection as string,
+      this.params.authKey as string
+    );
+
+    const old_auth: Record<string, string> = old_auth_record.value as unknown as Record<string, string>;
+
+    if (!old_auth) {
+      throw new Error('Could not reauthorize non-existing authorization');
+    }
+
+    if (old_auth.isRemote) {
+      throw new Error('Reauthorization of remote authorizations is not implemented.');
+    }
+
+    this.params.appId = old_auth.appId;
+    this.params.scope = old_auth.scope as unknown as string[];
+    this.params.authName = old_auth.authName;
+  }
+
+  private getAuthKey() {
+    const id = uuidv4();
+
+    if (this.params.authKey) {
+      if (this.params.authKey[0] === ':') {
+        this.params.useNextProvider = true;
+        this.authKey = id + this.params.authKey;
+
+      } else {
+        this.params.useNextProvider = false;
+        this.authKey = this.params.authKey;
+      }
+
+    } else {
+      const keyAccountId = this.params.destinationAccount === 'CURRENT' ? this.params.accountId :
+        this.params.destinationAccount === 'PROVIDER' ? this.params.providersAccountId :
+          this.params.destinationAccount === 'CUSTOM' ? this.params.customAccountId : null;
+
+      this.authKey = this.params.dynamicCollection ?
+        createDynamicKey(id, this.params.dynamicCollection, this.params.serviceName, keyAccountId || null) :
+        createAuthKey(id, this.params.authName, this.params.keyValueCollection as string, keyAccountId || null);
+
+    }
+  }
+
+  private async saveTempData() {
+    const redirectPath = this.params.useNextProvider ? NEXT_OAUTH_REDIRECT_PROVIDER_PATH : OAUTH_REDIRECT_PROVIDER_PATH;
+    const redirectProviderUrl = `${this.params.eventManagerUrl}/http/${this.params.providersAccountId}${redirectPath}`;
+    const serviceDefinition = this.service as ServiceDefinition;
+
+    // eslint-disable-next-line
+    const authConfigs: any = {
+      ...(this.params.additionalBodyData || {}),
+      grant_type: 'authorization_code',
+      redirect_uri: redirectProviderUrl,
+      appId: this.params.appId,
+    };
+
+    if (this.params.scope) {
+      authConfigs.scope = this.params.authKey ?
+        this.params.scope :
+        formatScope(this.params.scope, serviceDefinition.scopeType);
+    }
+
+    const configs = {
+      [serviceDefinition.requestDataType]: authConfigs,
+    };
+
+    const tempAuthData = {
+      accountId: this.params.accountId,
+      additionalHeaders: this.params.additionalHeaders || {},
+      configs,
+      displayServiceName: serviceDefinition.displayServiceName,
+      expiresInDefaultValue: serviceDefinition.expiresInDefaultValue,
+      isCustomApp: this.params.appId !== PREDEFINED_APP,
+      name: this.params.authName,
+      refreshUri: serviceDefinition.refreshUri,
+      requestDataType: serviceDefinition.requestDataType,
+      service: this.params.keyValueCollection,
+      serviceConfigName: this.params.serviceName,
+      storeAccount: this.params.destinationAccount,
+      storeCustomAccountId: this.params.destinationAccount === 'CUSTOM' ? this.params.customAccountId : undefined,
+      urlToExchangeToken: serviceDefinition.exchangeTokenUri,
+    };
+
+    const authDataExpire = Date.now() + TEMPORARY_DATA_EXPIRATION_TIME;
+    await this.keyValueStorage.setValueByKey(
+      '__authorizer_temp-uuid',
+      this.authKey.split('::')[0],
+      tempAuthData,
+      authDataExpire
+    );
+    return {
+      redirectPath,
+      redirectProviderUrl,
+    };
+  }
+
+  private formAuthUrl(redirectPath: string, redirectProviderUrl: string) {
+    const serviceDefinition = this.service as ServiceDefinition;
+    const currentApp = this.app as OAuthApp;
+
+    const authUrl = new URL(serviceDefinition.authorizeUri);
+    const additionalParams: { [key: string]: string; } = JSON.parse(
+      serviceDefinition.authRequestAdditionalParams
+    );
+
+    Object.entries(additionalParams.queryParams).forEach(([key, value]) => {
+      authUrl.searchParams.append(key, value);
+    });
+    authUrl.searchParams.append('response_type', 'code');
+    authUrl.searchParams.append('client_id', currentApp.clientId);
+    authUrl.searchParams.append('redirect_uri', redirectProviderUrl);
+    authUrl.searchParams.append('state', this.authKey);
+
+    if (this.params.scope) {
+
+      authUrl.searchParams.append(
+        'scope',
+        this.params.authKey ?
+          this.params.scope as unknown as string :
+          formatScope(this.params.scope, serviceDefinition.scopeType)
+      );
+    }
+
+    if (this.params.userScope) {
+      authUrl.searchParams.append('user_scope', this.params.userScope);
+    }
+
+    if (this.params.useNonce) {
+      authUrl.searchParams.append('nonce', uuidv4());
+    }
+
+    return authUrl.href;
+  }
+
+  private async saveToDynamicCollection() {
+    const { value } = await this.keyValueStorage.getValueByKey(
+      '__authorizer_dynamic_collections',
+      this.params.dynamicCollection as string
+    );
+
+    const collection = (value || {
+      name: this.params.dynamicCollection,
+      type: 'oauth',
+      service: this.params.serviceName,
+      serviceConfigName: this.params.serviceName,
+      authorizations: {},
+    }) as OAuthDynamicCollection;
+
+    if (collection.authorizations[this.params.authName]) {
+      await this.keyValueStorage.deleteKey(
+        this.params.serviceName,
+        collection.authorizations[this.params.authName]
+      );
+    }
+
+    collection.authorizations[this.params.authName] = this.authKey;
+
+    await this.keyValueStorage.setValueByKey(
+      '__authorizer_dynamic_collections',
+      this.params.dynamicCollection as string,
+      collection
+    );
+  }
+}