npm - @oxyhq/core - Versions diffs - 1.11.9 → 1.11.11 - Mend

@oxyhq/core 1.11.9 → 1.11.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

package/dist/cjs/.tsbuildinfo +1 -1
package/dist/cjs/AuthManager.js +158 -1
package/dist/cjs/HttpService.js +13 -0
package/dist/cjs/OxyServices.base.js +21 -0
package/dist/cjs/crypto/keyManager.js +4 -6
package/dist/cjs/crypto/polyfill.js +56 -12
package/dist/cjs/crypto/signatureService.js +7 -4
package/dist/cjs/mixins/OxyServices.fedcm.js +9 -4
package/dist/cjs/mixins/OxyServices.managedAccounts.js +117 -0
package/dist/cjs/mixins/OxyServices.popup.js +9 -5
package/dist/cjs/mixins/OxyServices.utility.js +81 -2
package/dist/cjs/mixins/index.js +2 -0
package/dist/esm/.tsbuildinfo +1 -1
package/dist/esm/AuthManager.js +158 -1
package/dist/esm/HttpService.js +13 -0
package/dist/esm/OxyServices.base.js +21 -0
package/dist/esm/crypto/keyManager.js +4 -6
package/dist/esm/crypto/polyfill.js +23 -12
package/dist/esm/crypto/signatureService.js +7 -4
package/dist/esm/mixins/OxyServices.fedcm.js +9 -4
package/dist/esm/mixins/OxyServices.managedAccounts.js +114 -0
package/dist/esm/mixins/OxyServices.popup.js +9 -5
package/dist/esm/mixins/OxyServices.utility.js +81 -2
package/dist/esm/mixins/index.js +2 -0
package/dist/types/.tsbuildinfo +1 -1
package/dist/types/AuthManager.d.ts +21 -0
package/dist/types/HttpService.d.ts +3 -0
package/dist/types/OxyServices.base.d.ts +17 -0
package/dist/types/index.d.ts +1 -0
package/dist/types/mixins/OxyServices.analytics.d.ts +2 -0
package/dist/types/mixins/OxyServices.assets.d.ts +2 -0
package/dist/types/mixins/OxyServices.auth.d.ts +2 -0
package/dist/types/mixins/OxyServices.developer.d.ts +2 -0
package/dist/types/mixins/OxyServices.devices.d.ts +2 -0
package/dist/types/mixins/OxyServices.features.d.ts +5 -1
package/dist/types/mixins/OxyServices.fedcm.d.ts +3 -0
package/dist/types/mixins/OxyServices.karma.d.ts +2 -0
package/dist/types/mixins/OxyServices.language.d.ts +2 -0
package/dist/types/mixins/OxyServices.location.d.ts +2 -0
package/dist/types/mixins/OxyServices.managedAccounts.d.ts +125 -0
package/dist/types/mixins/OxyServices.payment.d.ts +2 -0
package/dist/types/mixins/OxyServices.popup.d.ts +4 -0
package/dist/types/mixins/OxyServices.privacy.d.ts +2 -0
package/dist/types/mixins/OxyServices.redirect.d.ts +2 -0
package/dist/types/mixins/OxyServices.security.d.ts +2 -0
package/dist/types/mixins/OxyServices.topics.d.ts +2 -0
package/dist/types/mixins/OxyServices.user.d.ts +2 -0
package/dist/types/mixins/OxyServices.utility.d.ts +22 -0
package/dist/types/models/interfaces.d.ts +2 -0
package/package.json +1 -1
package/src/AuthManager.ts +186 -4
package/src/HttpService.ts +17 -0
package/src/OxyServices.base.ts +23 -0
package/src/crypto/keyManager.ts +4 -6
package/src/crypto/polyfill.ts +23 -12
package/src/crypto/signatureService.ts +7 -4
package/src/index.ts +1 -0
package/src/mixins/OxyServices.fedcm.ts +11 -4
package/src/mixins/OxyServices.managedAccounts.ts +147 -0
package/src/mixins/OxyServices.popup.ts +11 -5
package/src/mixins/OxyServices.utility.ts +103 -2
package/src/mixins/index.ts +2 -0
package/src/models/interfaces.ts +3 -0

package/dist/cjs/mixins/OxyServices.utility.js CHANGED Viewed

@@ -46,6 +46,41 @@ function OxyServicesUtilityMixin(Base) {
     return class extends Base {
         constructor(...args) {
             super(...args);
+            /** @internal In-memory cache for acting-as verification results (TTL: 5 min) */
+            this._actingAsCache = new Map();
+        }
+        /**
+         * Verify that a user is authorized to act as a managed account.
+         * Results are cached in-memory for 5 minutes to avoid repeated API calls.
+         *
+         * @internal Used by the auth() middleware — not part of the public API
+         */
+        async verifyActingAs(userId, accountId) {
+            const cacheKey = `${userId}:${accountId}`;
+            const now = Date.now();
+            // Check cache
+            const cached = this._actingAsCache.get(cacheKey);
+            if (cached && cached.expiresAt > now) {
+                return cached.result;
+            }
+            // Query the API
+            try {
+                const result = await this.makeRequest('GET', '/managed-accounts/verify', { accountId, userId }, { cache: false, retry: false, timeout: 5000 });
+                // Cache successful result for 5 minutes
+                this._actingAsCache.set(cacheKey, {
+                    result: result && result.authorized ? result : null,
+                    expiresAt: now + 5 * 60 * 1000,
+                });
+                return result && result.authorized ? result : null;
+            }
+            catch {
+                // Cache negative result for 1 minute to avoid hammering on transient errors
+                this._actingAsCache.set(cacheKey, {
+                    result: null,
+                    expiresAt: now + 1 * 60 * 1000,
+                });
+                return null;
+            }
         }
         /**
          * Fetch link metadata
@@ -108,6 +143,45 @@ function OxyServicesUtilityMixin(Base) {
             const oxyInstance = this;
             // Return an async middleware function
             return async (req, res, next) => {
+                // Process X-Acting-As header for managed account identity delegation.
+                // Called after successful authentication, before next(). If the header
+                // is present, verifies authorization and swaps the request identity to
+                // the managed account, preserving the original user for audit trails.
+                const processActingAs = async () => {
+                    const actingAsUserId = req.headers['x-acting-as'];
+                    if (!actingAsUserId)
+                        return true; // No header, proceed normally
+                    const verification = await oxyInstance.verifyActingAs(req.userId, actingAsUserId);
+                    if (!verification) {
+                        const error = {
+                            error: 'ACTING_AS_UNAUTHORIZED',
+                            message: 'Not authorized to act as this account',
+                            code: 'ACTING_AS_UNAUTHORIZED',
+                            status: 403,
+                        };
+                        if (onError) {
+                            onError(error);
+                        }
+                        else {
+                            res.status(403).json(error);
+                        }
+                        return false;
+                    }
+                    // Preserve original user for audit trails
+                    req.originalUser = { id: req.userId, ...req.user };
+                    req.actingAs = { userId: actingAsUserId, role: verification.role };
+                    // Swap user identity to the managed account
+                    req.userId = actingAsUserId;
+                    req.user = { id: actingAsUserId };
+                    // Also set _id for routes that use Pattern B (req.user._id)
+                    if (req.user) {
+                        req.user._id = actingAsUserId;
+                    }
+                    if (debug) {
+                        console.log(`[oxy.auth] Acting as ${actingAsUserId} (role=${verification.role}) original=${req.originalUser.id}`);
+                    }
+                    return true;
+                };
                 try {
                     // Extract token from Authorization header or query params
                     const authHeader = req.headers['authorization'];
@@ -330,7 +404,10 @@ function OxyServicesUtilityMixin(Base) {
                             if (debug) {
                                 console.log(`[oxy.auth] OK user=${userId} session=${decoded.sessionId}`);
                             }
-                            return next();
+                            // Process X-Acting-As header before proceeding
+                            if (await processActingAs())
+                                return next();
+                            return;
                         }
                         catch (validationError) {
                             if (debug) {
@@ -381,7 +458,9 @@ function OxyServicesUtilityMixin(Base) {
                     if (debug) {
                         console.log(`[oxy.auth] OK user=${userId} (no session)`);
                     }
-                    next();
+                    // Process X-Acting-As header before proceeding
+                    if (await processActingAs())
+                        next();
                 }
                 catch (error) {
                     const apiError = oxyInstance.handleError(error);

package/dist/cjs/mixins/index.js CHANGED Viewed

@@ -27,6 +27,7 @@ const OxyServices_security_1 = require("./OxyServices.security");
 const OxyServices_utility_1 = require("./OxyServices.utility");
 const OxyServices_features_1 = require("./OxyServices.features");
 const OxyServices_topics_1 = require("./OxyServices.topics");
+const OxyServices_managedAccounts_1 = require("./OxyServices.managedAccounts");
 /**
  * Mixin pipeline - applied in order from first to last.
  *
@@ -64,6 +65,7 @@ const MIXIN_PIPELINE = [
     OxyServices_security_1.OxyServicesSecurityMixin,
     OxyServices_features_1.OxyServicesFeaturesMixin,
     OxyServices_topics_1.OxyServicesTopicsMixin,
+    OxyServices_managedAccounts_1.OxyServicesManagedAccountsMixin,
     // Utility (last, can use all above)
     OxyServices_utility_1.OxyServicesUtilityMixin,
 ];