npm - @plusscommunities/pluss-core-aws - Versions diffs - 2.0.6-auth.0 → 2.0.6-beta.0 - Mend

@plusscommunities/pluss-core-aws 2.0.6-auth.0 → 2.0.6-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/db/auth/getSiteUserTypes.js +3 -3
package/helper/audience/getAudience.js +9 -0
package/helper/auth/getSessionUser.js +60 -87
package/helper/getUserPreviewFromReq.js +22 -0
package/helper/users/getUserTypesByPermission.js +18 -0
package/helper/users/getUsersByPermission.js +23 -0
package/package.json +1 -6
package/helper/auth/context/AuthenticationContext.js +0 -50
package/helper/auth/context/AuthenticationStrategy.js +0 -20
package/helper/auth/context/auth0/Strategy.js +0 -12
package/helper/auth/context/auth0/functions/decodeAccessToken.js +0 -45
package/helper/auth/context/auth0/functions/getSessionUser.js +0 -21
package/helper/auth/context/boltonclarke/Strategy.js +0 -10
package/helper/auth/context/cognito/Strategy.js +0 -12
package/helper/auth/context/cognito/functions/getSessionUser.js +0 -76

package/db/auth/getSiteUserTypes.js CHANGED Viewed

@@ -1,6 +1,6 @@
 const indexQuery = require("../common/indexQuery");
-module.exports = (site) => {
+module.exports = async (site) => {
   return new Promise((resolve, reject) => {
     const query = {
       IndexName: "UserTypesSiteIndex",
@@ -11,8 +11,8 @@ module.exports = (site) => {
     };
     indexQuery("usertypes", query)
-      .then((gweg) => {
-        resolve(gweg.Items);
+      .then((res) => {
+        resolve(res.Items);
       })
       .catch((error) => {
         reject(error);

package/helper/audience/getAudience.js CHANGED Viewed

@@ -148,6 +148,15 @@ const getEventMatches = async (users, audienceTypeSelection) => {
   });
 };
+/**
+ * Retrieves the audience based on the specified criteria.
+ *
+ * @param {string} site - The site to retrieve the audience from.
+ * @param {string} audienceType - The type of audience to retrieve.
+ * @param {string | Array} audienceTypeSelection - The selection criteria for the audience.
+ * @param {boolean} [preview=true] - Indicates whether to retrieve a preview of the users in the audience.
+ * @returns {Array} - The audience that matches the specified criteria.
+ */
 module.exports = async (
   site,
   audienceType,

package/helper/auth/getSessionUser.js CHANGED Viewed

@@ -1,90 +1,63 @@
-// const https = require("https");
-// const jose = require("node-jose");
-// const { app_client_id, keys_url } = require("../../../config");
-// const isUserDisabled = require("./isUserDisabled");
-const { log } = require("..");
-const AuthenticationContext = require("./context/AuthenticationContext");
+const https = require("https");
+const jose = require("node-jose");
+const { getConfig } = require("../../config");
 module.exports = async (token) => {
-  const logId = log("getSessionUser", "Start", true);
-  const userId = await AuthenticationContext.getSessionUser(token);
-  log("getSessionUser", "Result", userId, logId);
-  return userId;
-  // return new Promise((resolve, reject) => {
-  //   if (!token) {
-  //     return resolve(null);
-  //   }
-  //   var sections = token.split(".");
-  //   // get the kid from the headers prior to verification
-  //   var header = jose.util.base64url.decode(sections[0]);
-  //   header = JSON.parse(header);
-  //   var kid = header.kid;
-  //   // download the public keys
-  //   https.get(keys_url, async (response) => {
-  //     if (response.statusCode == 200) {
-  //       response.on("data", async (body) => {
-  //         var keys = JSON.parse(body)["keys"];
-  //         // search for the kid in the downloaded public keys
-  //         var key_index = -1;
-  //         for (var i = 0; i < keys.length; i++) {
-  //           if (kid == keys[i].kid) {
-  //             key_index = i;
-  //             break;
-  //           }
-  //         }
-  //         if (key_index == -1) {
-  //           reject();
-  //           return;
-  //         }
-  //         // construct the public key
-  //         jose.JWK.asKey(keys[key_index])
-  //           .then(async (result) => {
-  //             // verify the signature
-  //             jose.JWS.createVerify(result)
-  //               .verify(token)
-  //               .then(async (result2) => {
-  //                 // now we can use the claims
-  //                 var claims = JSON.parse(result2.payload);
-  //                 // additionally we can verify the token expiration
-  //                 var current_ts = Math.floor(new Date() / 1000);
-  //                 if (current_ts > claims.exp) {
-  //                   console.log("Token is expired");
-  //                   reject("Token is expired");
-  //                   return;
-  //                 }
-  //                 /*  --=- Optional audience stuff we dont use.
-  //                                   // and the Audience (use claims.client_id if verifying an access token)
-  //                                   if (claims.aud != app_client_id) {
-  //                                       console.log('Token was not issued for this audience')
-  //                                       return;
-  //                                   }
-  //                                    */
-  //                 const isDisabled = await isUserDisabled(claims.username);
-  //                 if (isDisabled) {
-  //                   console.log("User is disabled");
-  //                   reject("User is disabled");
-  //                   return;
-  //                 }
-  //                 resolve(claims.username);
-  //               })
-  //               .catch(async (error) => {
-  //                 console.log("Signature verification failed", error);
-  //                 reject("Signature verification failed");
-  //               });
-  //           })
-  //           .catch(async (error) => {
-  //             console.log("failed JWK.asKey", error);
-  //             reject(error);
-  //           });
-  //       });
-  //     } else {
-  //       console.log("failed on response", response);
-  //       reject(response);
-  //     }
-  //   });
-  // });
+  return new Promise((resolve, reject) => {
+    var sections = token.split(".");
+    // get the kid from the headers prior to verification
+    var header = jose.util.base64url.decode(sections[0]);
+    header = JSON.parse(header);
+    var kid = header.kid;
+    // download the public keys
+    https.get(getConfig().keys_url, function (response) {
+      if (response.statusCode == 200) {
+        response.on("data", function (body) {
+          var keys = JSON.parse(body)["keys"];
+          // search for the kid in the downloaded public keys
+          var key_index = -1;
+          for (var i = 0; i < keys.length; i++) {
+            if (kid == keys[i].kid) {
+              key_index = i;
+              break;
+            }
+          }
+          if (key_index == -1) {
+            reject();
+            return;
+          }
+          // construct the public key
+          jose.JWK.asKey(keys[key_index])
+            .then(function (result) {
+              // verify the signature
+              jose.JWS.createVerify(result)
+                .verify(token)
+                .then(function (result2) {
+                  // now we can use the claims
+                  var claims = JSON.parse(result2.payload);
+                  // additionally we can verify the token expiration
+                  var current_ts = Math.floor(new Date() / 1000);
+                  if (current_ts > claims.exp) {
+                    console.log("Token is expired");
+                    reject("Token is expired");
+                    return;
+                  }
+                  resolve(claims.username);
+                })
+                .catch(function (error) {
+                  console.log("Signature verification failed", error);
+                  reject("Signature verification failed");
+                });
+            })
+            .catch(function (error) {
+              console.log("failed JWK.asKey", error);
+              reject(error);
+            });
+        });
+      } else {
+        console.log("failed on response", response);
+        reject(response);
+      }
+    });
+  });
 };

package/helper/getUserPreviewFromReq.js ADDED Viewed

@@ -0,0 +1,22 @@
+const getSessionUserFromReqAuthKey = require("./auth/getSessionUserFromReqAuthKey");
+const getUserPreview = require("./getUserPreview");
+module.exports = async (req, includeType, inlcudeSite, options) => {
+  return new Promise((resolve, reject) => {
+    getSessionUserFromReqAuthKey(req)
+      .then((uid) => {
+        getUserPreview(uid, includeType, inlcudeSite, options)
+          .then((user) => {
+            resolve(user);
+          })
+          .catch((error) => {
+            console.log("failed to get user preview", uid);
+            reject(error);
+          });
+      })
+      .catch((error) => {
+        console.log("failed to get session user", authkey);
+        reject(error);
+      });
+  });
+};

package/helper/users/getUserTypesByPermission.js ADDED Viewed

@@ -0,0 +1,18 @@
+const getSiteUserTypes = require("../../db/auth/getSiteUserTypes");
+/**
+ * Retrieves user types based on the specified site and permissions.
+ *
+ * @param {string} site - The site to retrieve user types from.
+ * @param {string[]} permissions - The permissions to filter user types by.
+ * @returns {Object[]} - An array of filtered user types.
+ */
+const getUserTypesByPermission = async (site, permissions) => {
+  const siteUserTypes = await getSiteUserTypes(site);
+  const filteredUserTypes = siteUserTypes.filter((userType) =>
+    userType.Permissions.some((permission) => permissions.includes(permission))
+  );
+  return filteredUserTypes;
+};
+module.exports = getUserTypesByPermission;

package/helper/users/getUsersByPermission.js ADDED Viewed

@@ -0,0 +1,23 @@
+import getUserTypesByPermission from "./getUserTypesByPermission";
+import getAudience from "../audience/getAudience";
+/**
+ * Retrieves users by permission.
+ *
+ * @param {string} site - The site to retrieve users from.
+ * @param {Array<string>} permissions - The permissions to filter users by.
+ * @returns {Promise<Array<object>>} - A promise that resolves to an array of users matching the given permissions.
+ */
+const getUsersByPermission = async (site, permissions) => {
+  const userTypes = await getUserTypesByPermission(site, permissions);
+  const audienceMatches = userTypes.map((ut) => {
+    return {
+      AudienceType: "UserType",
+      AudienceTypeSelection: ut.typeName,
+    };
+  });
+  const audience = await getAudience(site, "Custom", audienceMatches);
+  return audience;
+};
+module.exports = getUsersByPermission;

package/package.json CHANGED Viewed

@@ -1,15 +1,12 @@
 {
   "name": "@plusscommunities/pluss-core-aws",
-  "version": "2.0.6-auth.0",
+  "version": "2.0.6-beta.0",
   "description": "Core extension package for Pluss Communities platform",
   "scripts": {
     "betapatch": "npm version prepatch --preid=beta",
     "patch": "npm version patch",
     "betaupload": "npm i && npm i && npm publish --access public --tag beta",
     "betaupload:p": "npm run betapatch && npm run betaupload",
-    "authpatch": "npm version prepatch --preid=auth",
-    "authupload": "npm i && npm i && npm publish --access public --tag auth",
-    "authupload:p": "npm run authpatch && npm run authupload",
     "upload": "npm i && npm i && npm publish --access public",
     "upload:p": "npm run patch && npm run upload"
   },
@@ -23,8 +20,6 @@
     "expo-server-sdk": "^3.0.1",
     "html-entities": "^2.3.2",
     "https": "^1.0.0",
-    "jsonwebtoken": "^9.0.2",
-    "jwks-rsa": "^3.1.0",
     "lodash": "^4.17.10",
     "moment": "^2.30.1",
     "node-fetch": "^2.2.0",

package/helper/auth/context/AuthenticationContext.js DELETED Viewed

@@ -1,50 +0,0 @@
-const Auth0Strategy = require("./auth0/Strategy");
-const CognitoStrategy = require("./cognito/Strategy");
-const BoltonClarkeStrategy = require("./boltonclarke/Strategy");
-const { getConfig } = require("../../../config");
-class AuthenticationContext {
-  static strategy = null;
-  static initialiseStrategy() {
-    switch (getConfig().authConfig.provider) {
-      case "auth0":
-        AuthenticationContext.strategy = new Auth0Strategy();
-        break;
-      case "boltonclarke":
-        AuthenticationContext.strategy = new BoltonClarkeStrategy();
-        break;
-      case "cognito":
-        AuthenticationContext.strategy = new CognitoStrategy();
-        break;
-      default:
-        throw new Error("Invalid authentication provider specified");
-    }
-  }
-  static getSessionUser = async (token) => {
-    if (!AuthenticationContext.strategy) {
-      AuthenticationContext.initialiseStrategy();
-    }
-    return AuthenticationContext.strategy.getSessionUser(token);
-  };
-  static populateUser = async (token) => {
-    if (!AuthenticationContext.strategy) {
-      AuthenticationContext.initialiseStrategy();
-    }
-    return AuthenticationContext.strategy.populateUser(token);
-  };
-  static updateIdentityAttributes = async (input, userId) => {
-    if (!AuthenticationContext.strategy) {
-      AuthenticationContext.initialiseStrategy();
-    }
-    return AuthenticationContext.strategy.updateIdentityAttributes(
-      input,
-      userId
-    );
-  };
-}
-module.exports = AuthenticationContext;

package/helper/auth/context/AuthenticationStrategy.js DELETED Viewed

@@ -1,20 +0,0 @@
-// Authentication Strategy Interface
-class AuthenticationStrategy {
-  constructor() {}
-  getSessionUser(token) {
-    throw new Error("Method 'getSessionUser()' must be implemented.");
-  }
-  // optional function to populate user data based on a token
-  populateUser(token) {
-    return;
-  }
-  // optional function to save attributes to identity provider
-  updateIdentityAttributes = async (input, userId) => {
-    return;
-  };
-}
-module.exports = AuthenticationStrategy;

package/helper/auth/context/auth0/Strategy.js DELETED Viewed

@@ -1,12 +0,0 @@
-// auth0Strategy.js
-const AuthenticationStrategy = require("../AuthenticationStrategy");
-const getSessionUser = require("./functions/getSessionUser");
-class Auth0Strategy extends AuthenticationStrategy {
-  constructor() {
-    super();
-    this.getSessionUser = getSessionUser;
-  }
-}
-module.exports = Auth0Strategy;

package/helper/auth/context/auth0/functions/decodeAccessToken.js DELETED Viewed

@@ -1,45 +0,0 @@
-const jwt = require("jsonwebtoken");
-const jwksClient = require("jwks-rsa");
-const { getConfig } = require("../../../../../config");
-// Function to retrieve the signing key from Auth0 JWKS
-const getKey = (header, callback) => {
-  // Initialize JWKS client
-  const client = jwksClient({
-    jwksUri: `https://${getConfig().auth0Config.domain}/.well-known/jwks.json`,
-  });
-  client.getSigningKey(header.kid, (err, key) => {
-    if (err) {
-      callback(err, null);
-    } else {
-      const signingKey = key.publicKey || key.rsaPublicKey;
-      callback(null, signingKey);
-    }
-  });
-};
-// Function to validate the token and extract user information
-const decodeAccessToken = async (token) => {
-  return new Promise((resolve, reject) => {
-    jwt.verify(
-      token,
-      getKey,
-      {
-        audience: getConfig().auth0Config.audience,
-        issuer: `https://${getConfig().auth0Config.domain}/`,
-        algorithms: ["RS256"],
-      },
-      (err, decoded) => {
-        if (err) {
-          reject(err);
-        } else {
-          resolve(decoded); // 'sub' contains the user ID
-        }
-      }
-    );
-  });
-};
-module.exports = decodeAccessToken;

package/helper/auth/context/auth0/functions/getSessionUser.js DELETED Viewed

@@ -1,21 +0,0 @@
-const decodeAccessToken = require("./decodeAccessToken");
-const { getConfig } = require("../../../../../config");
-// Function to validate the token and extract user information
-const getSessionUser = async (token) => {
-  return new Promise((resolve, reject) => {
-    decodeAccessToken(token)
-      .then((claims) => {
-        return resolve(
-          claims[getConfig().auth0Config.residentIdClaim] ||
-            claims[getConfig().auth0Config.staffIdClaim] ||
-            claims[getConfig().auth0Config.userIdClaim]
-        );
-      })
-      .catch((err) => {
-        reject(err);
-      });
-  });
-};
-module.exports = getSessionUser;

package/helper/auth/context/boltonclarke/Strategy.js DELETED Viewed

@@ -1,10 +0,0 @@
-// auth0Strategy.js
-const Auth0Strategy = require("../auth0/Strategy");
-class BoltonClarkeStrategy extends Auth0Strategy {
-  constructor() {
-    super();
-  }
-}
-module.exports = BoltonClarkeStrategy;

package/helper/auth/context/cognito/Strategy.js DELETED Viewed

@@ -1,12 +0,0 @@
-// cognitoStrategy.js
-const AuthenticationStrategy = require("../AuthenticationStrategy");
-const getSessionUser = require("./functions/getSessionUser");
-class CognitoStrategy extends AuthenticationStrategy {
-  constructor() {
-    super();
-    this.getSessionUser = getSessionUser;
-  }
-}
-module.exports = CognitoStrategy;

package/helper/auth/context/cognito/functions/getSessionUser.js DELETED Viewed

@@ -1,76 +0,0 @@
-const https = require("https");
-const jose = require("node-jose");
-const { getConfig } = require("../../../../../config");
-module.exports = async (token) => {
-  return new Promise((resolve, reject) => {
-    if (!token) {
-      return resolve(null);
-    }
-    var sections = token.split(".");
-    // get the kid from the headers prior to verification
-    var header = jose.util.base64url.decode(sections[0]);
-    header = JSON.parse(header);
-    var kid = header.kid;
-    // download the public keys
-    https.get(getConfig().keys_url, async (response) => {
-      if (response.statusCode == 200) {
-        response.on("data", async (body) => {
-          var keys = JSON.parse(body)["keys"];
-          // search for the kid in the downloaded public keys
-          var key_index = -1;
-          for (var i = 0; i < keys.length; i++) {
-            if (kid == keys[i].kid) {
-              key_index = i;
-              break;
-            }
-          }
-          if (key_index == -1) {
-            reject();
-            return;
-          }
-          // construct the public key
-          jose.JWK.asKey(keys[key_index])
-            .then(async (result) => {
-              // verify the signature
-              jose.JWS.createVerify(result)
-                .verify(token)
-                .then(async (result2) => {
-                  // now we can use the claims
-                  var claims = JSON.parse(result2.payload);
-                  // additionally we can verify the token expiration
-                  var current_ts = Math.floor(new Date() / 1000);
-                  if (current_ts > claims.exp) {
-                    console.log("Token is expired");
-                    reject("Token is expired");
-                    return;
-                  }
-                  // const isDisabled = await isUserDisabled(claims.username);
-                  // if (isDisabled) {
-                  //   console.log("User is disabled");
-                  //   reject("User is disabled");
-                  //   return;
-                  // }
-                  resolve(claims.username);
-                })
-                .catch(async (error) => {
-                  console.log("Signature verification failed", error);
-                  reject("Signature verification failed");
-                });
-            })
-            .catch(async (error) => {
-              console.log("failed JWK.asKey", error);
-              reject(error);
-            });
-        });
-      } else {
-        console.log("failed on response", response);
-        reject(response);
-      }
-    });
-  });
-};