@platform-mesh/portal-server-lib 0.0.0 → 0.5.2

package/dist/portal-options/service-providers/models/welcome-node-config.js

@@ -0,0 +1,35 @@
+export const welcomeNodeConfig = {
+    rawServiceProviders: [
+        {
+            name: 'platform-mesh-system',
+            displayName: '',
+            creationTimestamp: '',
+            contentConfiguration: [
+                {
+                    name: 'platform-mesh-system',
+                    creationTimestamp: '',
+                    luigiConfigFragment: {
+                        data: {
+                            nodes: [
+                                {
+                                    entityType: 'global',
+                                    pathSegment: 'welcome',
+                                    hideFromNav: true,
+                                    hideSideNav: true,
+                                    showBreadcrumbs: false,
+                                    order: 1,
+                                    url: '/assets/platform-mesh-portal-ui-wc.js#welcome-view',
+                                    webcomponent: {
+                                        selfRegistered: true,
+                                    },
+                                    context: { kcpPath: 'root:orgs' },
+                                },
+                            ],
+                        },
+                    },
+                },
+            ],
+        },
+    ],
+};
+//# sourceMappingURL=welcome-node-config.js.map

package/dist/portal-options/service-providers/models/welcome-node-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"welcome-node-config.js","sourceRoot":"","sources":["../../../../src/portal-options/service-providers/models/welcome-node-config.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,iBAAiB,GAA4B;IACxD,mBAAmB,EAAE;QACnB;YACE,IAAI,EAAE,sBAAsB;YAC5B,WAAW,EAAE,EAAE;YACf,iBAAiB,EAAE,EAAE;YACrB,oBAAoB,EAAE;gBACpB;oBACE,IAAI,EAAE,sBAAsB;oBAC5B,iBAAiB,EAAE,EAAE;oBACrB,mBAAmB,EAAE;wBACnB,IAAI,EAAE;4BACJ,KAAK,EAAE;gCACL;oCACE,UAAU,EAAE,QAAQ;oCACpB,WAAW,EAAE,SAAS;oCACtB,WAAW,EAAE,IAAI;oCACjB,WAAW,EAAE,IAAI;oCACjB,eAAe,EAAE,KAAK;oCACtB,KAAK,EAAE,CAAC;oCACR,GAAG,EAAE,oDAAoD;oCACzD,YAAY,EAAE;wCACZ,cAAc,EAAE,IAAI;qCACrB;oCACD,OAAO,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE;iCAClC;6BACF;yBACF;qBACF;iBACF;aACF;SACF;KACF;CACF,CAAC"}

package/dist/portal-options/services/iam-graphql.service.d.ts

@@ -0,0 +1,7 @@
+import { PMRequestContextProvider } from '../pm-request-context-provider.js';
+import type { Request, Response } from 'express';
+export declare class IAMGraphQlService {
+    private requestContextProvider;
+    constructor(requestContextProvider: PMRequestContextProvider);
+    addUser(token: string, request: Request, response: Response): Promise<void>;
+}

package/dist/portal-options/services/iam-graphql.service.js

@@ -0,0 +1,40 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { PMRequestContextProvider } from '../pm-request-context-provider.js';
+import { MUTATION_LOGIN } from './queries.js';
+import { Injectable } from '@nestjs/common';
+import { GraphQLClient } from 'graphql-request';
+let IAMGraphQlService = class IAMGraphQlService {
+    requestContextProvider;
+    constructor(requestContextProvider) {
+        this.requestContextProvider = requestContextProvider;
+    }
+    async addUser(token, request, response) {
+        const requestContext = await this.requestContextProvider.getContextValues(request, response);
+        const iamUrl = requestContext.iamServiceApiUrl;
+        const client = new GraphQLClient(iamUrl, {
+            headers: {
+                Authorization: `Bearer ${token}`,
+            },
+        });
+        try {
+            await client.request(MUTATION_LOGIN);
+        }
+        catch (e) {
+            console.error(e);
+        }
+    }
+};
+IAMGraphQlService = __decorate([
+    Injectable(),
+    __metadata("design:paramtypes", [PMRequestContextProvider])
+], IAMGraphQlService);
+export { IAMGraphQlService };
+//# sourceMappingURL=iam-graphql.service.js.map

package/dist/portal-options/services/iam-graphql.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iam-graphql.service.js","sourceRoot":"","sources":["../../../src/portal-options/services/iam-graphql.service.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,mCAAmC,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGzC,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IACR;IAApB,YAAoB,sBAAgD;QAAhD,2BAAsB,GAAtB,sBAAsB,CAA0B;IAAG,CAAC;IAExE,KAAK,CAAC,OAAO,CACX,KAAa,EACb,OAAgB,EAChB,QAAkB;QAElB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,gBAAgB,CACvE,OAAO,EACP,QAAQ,CACT,CAAC;QACF,MAAM,MAAM,GAAG,cAAc,CAAC,gBAAgB,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,MAAM,EAAE;YACvC,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;aACjC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;CACF,CAAA;AAzBY,iBAAiB;IAD7B,UAAU,EAAE;qCAEiC,wBAAwB;GADzD,iBAAiB,CAyB7B"}

package/dist/portal-options/services/kcp-k8s.service.d.ts

@@ -0,0 +1,11 @@
+import { CustomObjectsApi } from '@kubernetes/client-node';
+export declare class KcpKubernetesService {
+    private readonly k8sApi;
+    private readonly baseUrl;
+    constructor();
+    getKcpK8sApiClient(): CustomObjectsApi;
+    private buildWorkspacePath;
+    getKcpVirtualWorkspaceUrl(organization: string, account: string): URL;
+    getKcpWorkspaceUrl(organization: string, account: string): URL;
+    getKcpWorkspacePublicUrl(organization: string, account: string): string;
+}

package/dist/portal-options/services/kcp-k8s.service.js

@@ -0,0 +1,60 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { CustomObjectsApi, KubeConfig } from '@kubernetes/client-node';
+import { Injectable } from '@nestjs/common';
+let KcpKubernetesService = class KcpKubernetesService {
+    k8sApi;
+    baseUrl;
+    constructor() {
+        const kubeConfigKcp = process.env['KUBECONFIG_KCP'];
+        const kc = new KubeConfig();
+        kc.loadFromFile(kubeConfigKcp);
+        kc.addUser({
+            name: 'oidc',
+        });
+        kc.addContext({
+            name: 'oidc',
+            user: 'oidc',
+            cluster: kc.getCurrentCluster()?.name || '',
+        });
+        kc.setCurrentContext('oidc');
+        this.baseUrl = new URL(kc.getCurrentCluster()?.server || '');
+        this.k8sApi = kc.makeApiClient(CustomObjectsApi);
+    }
+    getKcpK8sApiClient() {
+        return this.k8sApi;
+    }
+    buildWorkspacePath(organization, account) {
+        let path = `root:orgs:${organization}`;
+        if (account) {
+            path += `:${account}`;
+        }
+        return path;
+    }
+    getKcpVirtualWorkspaceUrl(organization, account) {
+        const path = this.buildWorkspacePath(organization, account);
+        return new URL(`${this.baseUrl.origin}/services/contentconfigurations/clusters/${path}`);
+    }
+    getKcpWorkspaceUrl(organization, account) {
+        const path = this.buildWorkspacePath(organization, account);
+        return new URL(`${this.baseUrl.origin}/clusters/${path}`);
+    }
+    getKcpWorkspacePublicUrl(organization, account) {
+        const path = this.buildWorkspacePath(organization, account);
+        const baseDomain = process.env['BASE_DOMAINS_DEFAULT'];
+        return `https://kcp.api.${baseDomain}/clusters/${path}`;
+    }
+};
+KcpKubernetesService = __decorate([
+    Injectable(),
+    __metadata("design:paramtypes", [])
+], KcpKubernetesService);
+export { KcpKubernetesService };
+//# sourceMappingURL=kcp-k8s.service.js.map

package/dist/portal-options/services/kcp-k8s.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kcp-k8s.service.js","sourceRoot":"","sources":["../../../src/portal-options/services/kcp-k8s.service.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAGrC,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IACd,MAAM,CAAmB;IACzB,OAAO,CAAM;IAE9B;QACE,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACpD,MAAM,EAAE,GAAG,IAAI,UAAU,EAAE,CAAC;QAC5B,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAE/B,EAAE,CAAC,OAAO,CAAC;YACT,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QACH,EAAE,CAAC,UAAU,CAAC;YACZ,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,EAAE,CAAC,iBAAiB,EAAE,EAAE,IAAI,IAAI,EAAE;SAC5C,CAAC,CAAC;QACH,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,iBAAiB,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IACnD,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEO,kBAAkB,CAAC,YAAoB,EAAE,OAAgB;QAC/D,IAAI,IAAI,GAAG,aAAa,YAAY,EAAE,CAAC;QACvC,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;QACxB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yBAAyB,CAAC,YAAoB,EAAE,OAAe;QAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CACZ,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,4CAA4C,IAAI,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,kBAAkB,CAAC,YAAoB,EAAE,OAAe;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,aAAa,IAAI,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,wBAAwB,CAAC,YAAoB,EAAE,OAAe;QAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACvD,OAAO,mBAAmB,UAAU,aAAa,IAAI,EAAE,CAAC;IAC1D,CAAC;CACF,CAAA;AAnDY,oBAAoB;IADhC,UAAU,EAAE;;GACA,oBAAoB,CAmDhC"}

package/dist/portal-options/services/queries.d.ts

@@ -0,0 +1 @@
+export declare const MUTATION_LOGIN: string;

package/dist/portal-options/services/queries.js

@@ -0,0 +1,7 @@
+import { gql } from 'graphql-request';
+export const MUTATION_LOGIN = gql `
+  mutation {
+    login
+  }
+`;
+//# sourceMappingURL=queries.js.map

package/dist/portal-options/services/queries.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../src/portal-options/services/queries.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAEtC,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,CAAA;;;;CAIhC,CAAC"}

package/dist/portal-options/utils/domain.d.ts

@@ -0,0 +1,3 @@
+import type { Request } from 'express';
+export declare const getOrganization: (request: Request) => string;
+export declare const getDiscoveryEndpoint: (request: Request) => string;

package/dist/portal-options/utils/domain.js

@@ -0,0 +1,11 @@
+export const getOrganization = (request) => {
+    const subDomain = request.hostname.split('.')[0];
+    const clientId = process.env['OIDC_CLIENT_ID_DEFAULT'];
+    const baseDomain = process.env['BASE_DOMAINS_DEFAULT'];
+    return request.hostname !== baseDomain ? subDomain : clientId;
+};
+export const getDiscoveryEndpoint = (request) => {
+    const clientId = getOrganization(request);
+    return process.env[`DISCOVERY_ENDPOINT`]?.replace('${org-name}', clientId);
+};
+//# sourceMappingURL=domain.js.map

package/dist/portal-options/utils/domain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"domain.js","sourceRoot":"","sources":["../../../src/portal-options/utils/domain.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAgB,EAAU,EAAE;IAC1D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACvD,OAAO,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;AAChE,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,OAAgB,EAAU,EAAE;IAC/D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,OAAO,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;AAC7E,CAAC,CAAC"}

package/eslint.config.mjs

@@ -0,0 +1,27 @@
+// @ts-check
+import tsPlugin from 'typescript-eslint';
+
+export default tsPlugin.config(
+  ...tsPlugin.configs.recommended,
+  {
+    ignores: ['dist'],
+  },
+  {
+    languageOptions: {
+      parserOptions: {
+        projectService: true,
+        tsconfigRootDir: import.meta.dirname,
+      },
+    },
+  },
+  {
+    files: ['**/*.ts'],
+    rules: {
+      '@typescript-eslint/no-explicit-any': 'off',
+    },
+  },
+  {
+    files: ['**/*.{js,mjs,cjs}'],
+    extends: [tsPlugin.configs.disableTypeChecked],
+  },
+);

package/jest.config.ts

@@ -0,0 +1,42 @@
+/* eslint-disable @typescript-eslint/no-require-imports */
+import baseConfig from './base.jest.config.js';
+
+export default {
+  ...baseConfig,
+  rootDir: 'src',
+  testRegex: '.spec.ts$',
+  collectCoverage: true,
+  reporters: ['default'],
+  coverageThreshold: {
+    global: {
+      branches: 75,
+      functions: 90,
+      lines: 90,
+      statements: -12,
+    },
+  },
+  coveragePathIgnorePatterns: ['/node_modules/', '/integration-tests/'],
+  coverageDirectory: '../test-run-reports/coverage/unit',
+  transformIgnorePatterns: [
+    '/node_modules/(?!(@openmfp/portal-server-lib|graphql-request)/)',
+  ],
+  transform: {
+    '^.+\\.(t|j)s$': [
+      'ts-jest',
+      {
+        tsconfig: 'tsconfig.test.json',
+        useESM: true,
+      },
+    ],
+  },
+  testEnvironment: 'node',
+  passWithNoTests: true,
+  roots: ['<rootDir>'],
+  moduleNameMapper: {
+    '^@openmfp/portal-lib(|/.*)$': '<rootDir>/libs/portal-lib/src/$1',
+    '^(\\.{1,2}/.*)\\.js$': '$1',
+  },
+  preset: 'ts-jest/presets/default-esm',
+  extensionsToTreatAsEsm: ['.ts'],
+  moduleFileExtensions: ['js', 'json', 'ts'],
+};

package/nest-cli.json

@@ -0,0 +1,6 @@
+{
+  "type": "library",
+  "root": ".",
+  "collection": "@nestjs/schematics",
+  "sourceRoot": "src"
+}

package/package.json

@@ -1,4 +1,87 @@
 {
   "name": "@platform-mesh/portal-server-lib",
-  "version": "0.0.0"
-}
+  "version": "0.5.2",
+  "author": "Platform Mesh",
+  "license": "Apache-2.0",
+  "repository": {
+    "url": "git+https://github.com/platform-mesh/portal-server-lib.git"
+  },
+  "description": "This library helps you to set up the backend application using @openmfp/portal-server-lib by providing the set of the required implementations \nin the scope of the Platform Mesh functionalities.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    "./portal-options": {
+      "import": "./dist/portal-options/index.js",
+      "types": "./dist/portal-options/index.d.ts"
+    },
+    "./services": {
+      "import": "./dist/services/index.js",
+      "types": "./dist/services/index.d.ts"
+    },
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "scripts": {
+    "build": "nest build",
+    "build:watch": "mkdirp dist && nodemon --ignore dist --ext js,yml,yaml,ts,html,css,scss,json,md --exec \"rimraf dist && npm run build && yalc publish --push --sig\"",
+    "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\" \"libs/**/*.ts\"",
+    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:cov": "jest --coverage",
+    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand"
+  },
+  "peerDependencies": {
+    "@nestjs/axios": ">=3.0.0",
+    "@nestjs/common": ">=10.0.0",
+    "@nestjs/core": ">=10.0.0",
+    "@nestjs/platform-express": ">=10.0.0",
+    "@nestjs/serve-static": ">=4.0.0",
+    "@openmfp/portal-server-lib": "0.161.0",
+    "axios": ">=1.7.7",
+    "cookie-parser": "1.4.7",
+    "express": "5.1.0",
+    "rxjs": ">=7.8.1",
+    "graphql-request": "7.3.1",
+    "@kubernetes/client-node": "1.4.0"
+  },
+  "dependencies": {
+    "@nestjs/axios": ">=3.0.0",
+    "@nestjs/common": ">=10.0.0",
+    "@nestjs/serve-static": ">=4.0.0",
+    "@openmfp/portal-server-lib": "0.162.8",
+    "axios": ">=1.7.7",
+    "express": "5.1.0",
+    "rxjs": ">=7.8.1"
+  },
+  "devDependencies": {
+    "@eslint/js": "9.38.0",
+    "@nestjs/cli": "^11.0.0",
+    "@nestjs/testing": "^11.0.0",
+    "@openmfp/config-prettier": "0.9.1",
+    "@types/jest": "30.0.0",
+    "@types/node": "24.9.2",
+    "@types/supertest": "6.0.3",
+    "eslint": "9.38.0",
+    "eslint-config-prettier": "10.1.8",
+    "globals": "16.4.0",
+    "jest": "30.1.3",
+    "jest-junit": "16.0.0",
+    "jest-mock-extended": "4.0.0",
+    "mkdirp": "3.0.1",
+    "nock": "14.0.10",
+    "nodemon": "3.1.10",
+    "prettier": "3.6.2",
+    "rimraf": "6.0.1",
+    "supertest": "7.1.4",
+    "ts-jest": "29.4.4",
+    "ts-loader": "9.5.4",
+    "ts-node": "10.9.2",
+    "tsconfig-paths": "4.2.0",
+    "typescript": "5.9.2",
+    "typescript-eslint": "^8.0.0"
+  },
+  "type": "module"
+}

package/renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>platform-mesh/.github:renovate-config"
+  ]
+}

package/src/index.ts

@@ -0,0 +1 @@
+export const EMPTY = true;

package/src/portal-options/account-entity-context-provider.service.ts

@@ -0,0 +1,30 @@
+import { Injectable } from '@nestjs/common';
+import { EntityContextProvider } from '@openmfp/portal-server-lib';
+
+@Injectable()
+export class AccountEntityContextProvider implements EntityContextProvider {
+  async getContextValues(
+    _token: string,
+    context?: Record<string, any>,
+  ): Promise<Record<string, any>> {
+    return {
+      id: context['core_platform-mesh_io_account'],
+      policies: [
+        'create',
+        'delete',
+        'get',
+        'list',
+        'update',
+        'watch',
+        'gardener_project_create',
+        'gardener_project_list',
+        'gardener_shoot_create',
+        'gardener_shoot_list',
+        'iamAdmin',
+        'projectAdmin',
+        'projectMember',
+        'providerAdmin',
+      ],
+    };
+  }
+}

package/src/portal-options/auth-callback-provider.spec.ts

@@ -0,0 +1,85 @@
+import { AuthCallbackProvider } from './auth-callback-provider.js';
+import { IAMGraphQlService } from './services/iam-graphql.service.js';
+import { Test, TestingModule } from '@nestjs/testing';
+import type { AuthTokenData } from '@openmfp/portal-server-lib';
+import type { Request, Response } from 'express';
+import { mock } from 'jest-mock-extended';
+
+jest.mock('@kubernetes/client-node', () => {
+  class KubeConfig {
+    loadFromDefault = jest.fn();
+    loadFromFile = jest.fn();
+    getCurrentCluster = jest.fn().mockReturnValue({
+      server: 'https://k8s.example.com/base',
+      name: 'test-cluster',
+    });
+    makeApiClient = jest.fn();
+    addUser = jest.fn();
+    addContext = jest.fn();
+    setCurrentContext = jest.fn();
+  }
+  class CustomObjectsApi {}
+  return { KubeConfig, CustomObjectsApi };
+});
+
+describe('AuthCallbackProvider', () => {
+  let callback: AuthCallbackProvider;
+  let iamServiceMock: IAMGraphQlService;
+
+  beforeEach(async () => {
+    iamServiceMock = mock<IAMGraphQlService>();
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        AuthCallbackProvider,
+        {
+          provide: IAMGraphQlService,
+          useValue: iamServiceMock,
+        },
+      ],
+    }).compile();
+
+    callback = module.get<AuthCallbackProvider>(AuthCallbackProvider);
+  });
+
+  it('should be defined', () => {
+    expect(callback).toBeDefined();
+  });
+
+  it('should create a user', async () => {
+    const req = mock<Request>();
+    const res = mock<Response>();
+
+    await callback.handleSuccess(req, res, {
+      id_token: 'idtoken',
+    } as AuthTokenData);
+
+    expect(iamServiceMock.addUser).toHaveBeenCalledTimes(1);
+    expect(iamServiceMock.addUser).toHaveBeenCalledWith('idtoken', req, res);
+  });
+
+  it('should log error if addUser throws', async () => {
+    const req = mock<Request>();
+    const res = mock<Response>();
+    const error = new Error('boom');
+    (iamServiceMock.addUser as jest.Mock).mockRejectedValueOnce(error);
+
+    const errorSpy = jest
+
+      .spyOn((callback as any).logger, 'error')
+      .mockImplementation(() => undefined as unknown as never);
+
+    await callback.handleSuccess(req, res, {
+      id_token: 'bad',
+    } as AuthTokenData);
+
+    expect(iamServiceMock.addUser).toHaveBeenCalledTimes(1);
+    expect(errorSpy).toHaveBeenCalledWith(error);
+  });
+
+  it('should resolve handleFailure without action', async () => {
+    const req = mock<Request>();
+    const res = mock<Response>();
+
+    await expect(callback.handleFailure(req, res)).resolves.toBeUndefined();
+  });
+});

package/src/portal-options/auth-callback-provider.ts

@@ -0,0 +1,27 @@
+import { IAMGraphQlService } from './services/iam-graphql.service.js';
+import { Injectable, Logger } from '@nestjs/common';
+import { AuthCallback, AuthTokenData } from '@openmfp/portal-server-lib';
+import { Request, Response } from 'express';
+
+@Injectable()
+export class AuthCallbackProvider implements AuthCallback {
+  private logger: Logger = new Logger(AuthCallbackProvider.name);
+
+  constructor(private iamService: IAMGraphQlService) {}
+
+  async handleSuccess(
+    request: Request,
+    response: Response,
+    authTokenResponse: AuthTokenData,
+  ): Promise<void> {
+    try {
+      await this.iamService.addUser(authTokenResponse.id_token, request, response);
+    } catch (e) {
+      this.logger.error(e);
+    }
+  }
+
+  async handleFailure(request: Request, response: Response): Promise<void> {
+    return Promise.resolve();
+  }
+}

package/src/portal-options/auth-config-provider.spec.ts

@@ -0,0 +1,101 @@
+import { PMAuthConfigProvider } from './auth-config-provider.js';
+import { HttpException } from '@nestjs/common';
+import {
+  DiscoveryService,
+  EnvAuthConfigService,
+} from '@openmfp/portal-server-lib';
+import type { Request } from 'express';
+import { mock } from 'jest-mock-extended';
+
+jest.mock('@kubernetes/client-node', () => {
+  class KubeConfig {
+    loadFromDefault = jest.fn();
+    loadFromFile = jest.fn();
+    getCurrentCluster = jest.fn().mockReturnValue({
+      server: 'https://k8s.example.com/base',
+      name: 'test-cluster',
+    });
+    makeApiClient = jest.fn();
+    addUser = jest.fn();
+    addContext = jest.fn();
+    setCurrentContext = jest.fn();
+  }
+  class CustomObjectsApi {}
+  return { KubeConfig, CustomObjectsApi };
+});
+
+describe('PMAuthConfigProvider', () => {
+  let provider: PMAuthConfigProvider;
+  let discoveryService: jest.Mocked<DiscoveryService>;
+  let envAuthConfigService: jest.Mocked<EnvAuthConfigService>;
+
+  beforeEach(() => {
+    discoveryService = mock<DiscoveryService>();
+    envAuthConfigService = mock<EnvAuthConfigService>();
+    provider = new PMAuthConfigProvider(discoveryService);
+    jest.resetModules();
+    process.env = {
+      AUTH_SERVER_URL_DEFAULT: 'authUrl',
+      TOKEN_URL_DEFAULT: 'tokenUrl',
+      BASE_DOMAINS_DEFAULT: 'example.com',
+      OIDC_CLIENT_ID_DEFAULT: 'client123',
+      OIDC_CLIENT_SECRET_DEFAULT: 'secret123',
+    };
+    provider['getClientSecret'] = jest.fn().mockResolvedValue('secret');
+  });
+
+  it('should delegate to EnvAuthConfigService if available', async () => {
+    const req = { hostname: 'foo.example.com' } as Request;
+    const expected = {
+      idpName: 'idp',
+      baseDomain: 'example.com',
+      oauthServerUrl: 'url',
+      oauthTokenUrl: 'token',
+      clientId: 'cid',
+      clientSecret: 'secret',
+      oidcIssuerUrl: 'issuer',
+    };
+    envAuthConfigService.getAuthConfig.mockResolvedValue(expected);
+
+    const result = await provider.getAuthConfig(req);
+
+    expect(result).toEqual({
+      baseDomain: 'example.com',
+      clientId: 'foo',
+      clientSecret: 'secret',
+      idpName: 'foo',
+      oauthServerUrl: 'authUrl',
+      oauthTokenUrl: 'tokenUrl',
+    });
+  });
+
+  it('should fall back to default configuration if EnvAuthConfigService throws', async () => {
+    const req = { hostname: 'foo.example.com' } as Request;
+    envAuthConfigService.getAuthConfig.mockRejectedValue(new Error('fail'));
+    discoveryService.getOIDC.mockResolvedValue({
+      authorization_endpoint: 'authUrl',
+      token_endpoint: 'tokenUrl',
+      issuer: 'issuer',
+      end_session_endpoint: 'endSessionUrl',
+    });
+
+    const result = await provider.getAuthConfig(req);
+
+    expect(result).toMatchObject({
+      baseDomain: 'example.com',
+      oauthServerUrl: 'authUrl',
+      oauthTokenUrl: 'tokenUrl',
+      clientId: 'foo',
+      clientSecret: 'secret',
+    });
+  });
+
+  it('should throw if default configuration incomplete', async () => {
+    const req = { hostname: 'foo.example.com' } as Request;
+    envAuthConfigService.getAuthConfig.mockRejectedValue(new Error('fail'));
+    discoveryService.getOIDC.mockResolvedValue(null);
+    process.env = {};
+
+    await expect(provider.getAuthConfig(req)).rejects.toThrow(HttpException);
+  });
+});