@ttoss/cloud-auth 0.12.20 → 0.12.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/LICENSE +21 -674
  2. package/dist/esm/index.js +299 -0
  3. package/dist/index.d.mts +45 -0
  4. package/dist/index.d.ts +45 -0
  5. package/dist/index.js +335 -0
  6. package/package.json +5 -5
  7. package/src/config.ts +0 -1
  8. package/src/index.ts +0 -2
  9. package/src/template.ts +0 -387
package/dist/esm/index.js ADDED
@@ -0,0 +1,299 @@
1
+ /** Powered by @ttoss/config. https://ttoss.dev/docs/modules/packages/config/ */
2
+
3
+ // src/config.ts
4
+ var PASSWORD_MINIMUM_LENGTH = 8;
5
+
6
+ // src/template.ts
7
+ var CognitoUserPoolLogicalId = "CognitoUserPool";
8
+ var CognitoUserPoolClientLogicalId = "CognitoUserPoolClient";
9
+ var CognitoIdentityPoolLogicalId = "CognitoIdentityPool";
10
+ var IdentityPoolAuthenticatedIAMRoleLogicalId = "IdentityPoolAuthenticatedIAMRole";
11
+ var IdentityPoolUnauthenticatedIAMRoleLogicalId = "IdentityPoolUnauthenticatedIAMRole";
12
+ var DenyStatement = {
13
+ Effect: "Deny",
14
+ Action: ["*"],
15
+ Resource: ["*"]
16
+ };
17
+ var defaultPrincipalTags = {
18
+ appClientId: "aud",
19
+ userId: "sub"
20
+ };
21
+ var createAuthTemplate = ({
22
+ autoVerifiedAttributes = ["email"],
23
+ identityPool,
24
+ schema,
25
+ usernameAttributes = ["email"]
26
+ } = {}) => {
27
+ const AutoVerifiedAttributes = Array.isArray(autoVerifiedAttributes) && autoVerifiedAttributes.length > 0 ? autoVerifiedAttributes : [];
28
+ const template = {
29
+ AWSTemplateFormatVersion: "2010-09-09",
30
+ Resources: {
31
+ [CognitoUserPoolLogicalId]: {
32
+ /**
33
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
34
+ */
35
+ Type: "AWS::Cognito::UserPool",
36
+ Properties: {
37
+ AutoVerifiedAttributes,
38
+ Policies: {
39
+ PasswordPolicy: {
40
+ MinimumLength: PASSWORD_MINIMUM_LENGTH,
41
+ RequireLowercase: false,
42
+ RequireNumbers: false,
43
+ RequireSymbols: false,
44
+ RequireUppercase: false,
45
+ TemporaryPasswordValidityDays: 30
46
+ }
47
+ },
48
+ UsernameAttributes: usernameAttributes,
49
+ UsernameConfiguration: {
50
+ CaseSensitive: false
51
+ },
52
+ UserPoolName: {
53
+ Ref: "AWS::StackName"
54
+ }
55
+ }
56
+ },
57
+ [CognitoUserPoolClientLogicalId]: {
58
+ /**
59
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html
60
+ */
61
+ Type: "AWS::Cognito::UserPoolClient",
62
+ Properties: {
63
+ SupportedIdentityProviders: ["COGNITO"],
64
+ UserPoolId: {
65
+ Ref: "CognitoUserPool"
66
+ }
67
+ }
68
+ }
69
+ },
70
+ Outputs: {
71
+ Region: {
72
+ Description: "You use this value on Amplify Auth `region`.",
73
+ Value: {
74
+ Ref: "AWS::Region"
75
+ },
76
+ Export: {
77
+ Name: {
78
+ "Fn::Join": [":", [{
79
+ Ref: "AWS::StackName"
80
+ }, "Region"]]
81
+ }
82
+ }
83
+ },
84
+ UserPoolId: {
85
+ Description: "You use this value on Amplify Auth `userPoolId`.",
86
+ Value: {
87
+ Ref: CognitoUserPoolLogicalId
88
+ },
89
+ Export: {
90
+ Name: {
91
+ "Fn::Join": [":", [{
92
+ Ref: "AWS::StackName"
93
+ }, "UserPoolId"]]
94
+ }
95
+ }
96
+ },
97
+ AppClientId: {
98
+ Description: "You use this value on Amplify Auth `userPoolWebClientId`.",
99
+ Value: {
100
+ Ref: CognitoUserPoolClientLogicalId
101
+ },
102
+ Export: {
103
+ Name: {
104
+ "Fn::Join": [":", [{
105
+ Ref: "AWS::StackName"
106
+ }, "AppClientId"]]
107
+ }
108
+ }
109
+ }
110
+ }
111
+ };
112
+ if (schema) {
113
+ const Schema = schema.map(attribute => {
114
+ let NumberAttributeConstraints = void 0;
115
+ if (attribute.numberAttributeConstraints) {
116
+ NumberAttributeConstraints = {
117
+ MaxValue: attribute.numberAttributeConstraints?.maxValue,
118
+ MinValue: attribute.numberAttributeConstraints?.minValue
119
+ };
120
+ }
121
+ let StringAttributeConstraints = void 0;
122
+ if (attribute.stringAttributeConstraints) {
123
+ StringAttributeConstraints = {
124
+ MaxLength: attribute.stringAttributeConstraints?.maxLength,
125
+ MinLength: attribute.stringAttributeConstraints?.minLength
126
+ };
127
+ }
128
+ return {
129
+ AttributeDataType: attribute.attributeDataType,
130
+ DeveloperOnlyAttribute: attribute.developerOnlyAttribute,
131
+ Mutable: attribute.mutable,
132
+ Name: attribute.name,
133
+ NumberAttributeConstraints,
134
+ Required: attribute.required,
135
+ StringAttributeConstraints
136
+ };
137
+ });
138
+ template.Resources[CognitoUserPoolLogicalId].Properties.Schema = Schema;
139
+ }
140
+ if (identityPool?.enabled) {
141
+ template.Resources[CognitoIdentityPoolLogicalId] = {
142
+ /**
143
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html
144
+ */
145
+ Type: "AWS::Cognito::IdentityPool",
146
+ Properties: {
147
+ AllowUnauthenticatedIdentities: identityPool.allowUnauthenticatedIdentities || false,
148
+ CognitoIdentityProviders: [{
149
+ ClientId: {
150
+ Ref: CognitoUserPoolClientLogicalId
151
+ },
152
+ ProviderName: {
153
+ "Fn::GetAtt": [CognitoUserPoolLogicalId, "ProviderName"]
154
+ }
155
+ }]
156
+ }
157
+ };
158
+ if (identityPool.name) {
159
+ template.Resources[CognitoIdentityPoolLogicalId].Properties.IdentityPoolName = identityPool.name;
160
+ }
161
+ template.Resources.CognitoIdentityPoolRoleAttachment = {
162
+ /**
163
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html
164
+ */
165
+ Type: "AWS::Cognito::IdentityPoolRoleAttachment",
166
+ Properties: {
167
+ IdentityPoolId: {
168
+ Ref: CognitoIdentityPoolLogicalId
169
+ },
170
+ Roles: {}
171
+ }
172
+ };
173
+ if (!identityPool.authenticatedRoleArn) {
174
+ template.Resources[IdentityPoolAuthenticatedIAMRoleLogicalId] = {
175
+ Type: "AWS::IAM::Role",
176
+ Properties: {
177
+ AssumeRolePolicyDocument: {
178
+ Version: "2012-10-17",
179
+ Statement: [{
180
+ Effect: "Allow",
181
+ Principal: {
182
+ Federated: "cognito-identity.amazonaws.com"
183
+ },
184
+ Action: ["sts:AssumeRoleWithWebIdentity", "sts:TagSession"],
185
+ Condition: {
186
+ StringEquals: {
187
+ "cognito-identity.amazonaws.com:aud": {
188
+ Ref: CognitoIdentityPoolLogicalId
189
+ }
190
+ },
191
+ "ForAnyValue:StringLike": {
192
+ "cognito-identity.amazonaws.com:amr": "authenticated"
193
+ }
194
+ }
195
+ }]
196
+ },
197
+ Policies: identityPool.authenticatedPolicies || [{
198
+ PolicyName: "IdentityPoolAuthenticatedIAMRolePolicyName",
199
+ PolicyDocument: {
200
+ Version: "2012-10-17",
201
+ Statement: [DenyStatement]
202
+ }
203
+ }]
204
+ }
205
+ };
206
+ template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = {
207
+ "Fn::GetAtt": [IdentityPoolAuthenticatedIAMRoleLogicalId, "Arn"]
208
+ };
209
+ } else {
210
+ template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = identityPool.authenticatedRoleArn;
211
+ }
212
+ if (!identityPool.unauthenticatedRoleArn) {
213
+ template.Resources[IdentityPoolUnauthenticatedIAMRoleLogicalId] = {
214
+ Type: "AWS::IAM::Role",
215
+ Properties: {
216
+ AssumeRolePolicyDocument: {
217
+ Version: "2012-10-17",
218
+ Statement: [{
219
+ Effect: "Allow",
220
+ Principal: {
221
+ Federated: "cognito-identity.amazonaws.com"
222
+ },
223
+ Action: "sts:AssumeRoleWithWebIdentity",
224
+ Condition: {
225
+ StringEquals: {
226
+ "cognito-identity.amazonaws.com:aud": {
227
+ Ref: CognitoIdentityPoolLogicalId
228
+ }
229
+ },
230
+ "ForAnyValue:StringLike": {
231
+ "cognito-identity.amazonaws.com:amr": "unauthenticated"
232
+ }
233
+ }
234
+ }]
235
+ },
236
+ Policies: identityPool.authenticatedPolicies || [{
237
+ PolicyName: "IdentityPoolUnauthenticatedIAMRolePolicyName",
238
+ PolicyDocument: {
239
+ Version: "2012-10-17",
240
+ Statement: [DenyStatement]
241
+ }
242
+ }]
243
+ }
244
+ };
245
+ template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = {
246
+ "Fn::GetAtt": [IdentityPoolUnauthenticatedIAMRoleLogicalId, "Arn"]
247
+ };
248
+ } else {
249
+ template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = identityPool.unauthenticatedRoleArn;
250
+ }
251
+ if (identityPool.principalTags || identityPool.principalTags === void 0) {
252
+ const PrincipalTags = (() => {
253
+ if (typeof identityPool.principalTags === "boolean") {
254
+ return defaultPrincipalTags;
255
+ }
256
+ if (identityPool.principalTags === void 0) {
257
+ return defaultPrincipalTags;
258
+ }
259
+ return identityPool.principalTags;
260
+ })();
261
+ template.Resources.CognitoIdentityPoolPrincipalTag = {
262
+ Type: "AWS::Cognito::IdentityPoolPrincipalTag",
263
+ Properties: {
264
+ IdentityPoolId: {
265
+ Ref: CognitoIdentityPoolLogicalId
266
+ },
267
+ IdentityProviderName: {
268
+ "Fn::GetAtt": [CognitoUserPoolLogicalId, "ProviderName"]
269
+ },
270
+ PrincipalTags,
271
+ UseDefaults: false
272
+ }
273
+ };
274
+ }
275
+ if (!template.Outputs) {
276
+ template.Outputs = {};
277
+ }
278
+ template.Outputs.IdentityPoolId = {
279
+ Description: "You use this value on Amplify Auth `identityPoolId`.",
280
+ Value: {
281
+ Ref: CognitoIdentityPoolLogicalId
282
+ },
283
+ Export: {
284
+ Name: {
285
+ "Fn::Join": [":", [{
286
+ Ref: "AWS::StackName"
287
+ }, "CognitoIdentityPoolId"]]
288
+ }
289
+ }
290
+ };
291
+ }
292
+ return template;
293
+ };
294
+ createAuthTemplate.CognitoUserPoolLogicalId = CognitoUserPoolLogicalId;
295
+ createAuthTemplate.CognitoUserPoolClientLogicalId = CognitoUserPoolClientLogicalId;
296
+ createAuthTemplate.CognitoIdentityPoolLogicalId = CognitoIdentityPoolLogicalId;
297
+ createAuthTemplate.IdentityPoolAuthenticatedIAMRoleLogicalId = IdentityPoolAuthenticatedIAMRoleLogicalId;
298
+ createAuthTemplate.IdentityPoolUnauthenticatedIAMRoleLogicalId = IdentityPoolUnauthenticatedIAMRoleLogicalId;
299
+ export { PASSWORD_MINIMUM_LENGTH, createAuthTemplate };
package/dist/index.d.mts ADDED
@@ -0,0 +1,45 @@
1
+ import { Policy } from '@ttoss/cloudformation';
2
+
3
+ declare const PASSWORD_MINIMUM_LENGTH = 8;
4
+
5
+ declare const createAuthTemplate: {
6
+ ({ autoVerifiedAttributes, identityPool, schema, usernameAttributes, }?: {
7
+ autoVerifiedAttributes?: Array<"email" | "phone_number"> | null | false;
8
+ identityPool?: {
9
+ enabled?: boolean;
10
+ name?: string;
11
+ allowUnauthenticatedIdentities?: boolean;
12
+ authenticatedRoleArn?: string;
13
+ authenticatedPolicies?: Policy[];
14
+ unauthenticatedRoleArn?: string;
15
+ unauthenticatedPolicies?: Policy[];
16
+ principalTags?: Record<string, string> | boolean;
17
+ };
18
+ /**
19
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html
20
+ */
21
+ schema?: {
22
+ attributeDataType?: "Boolean" | "DateTime" | "Number" | "String";
23
+ developerOnlyAttribute?: boolean;
24
+ mutable?: boolean;
25
+ name?: string;
26
+ numberAttributeConstraints?: {
27
+ maxValue?: string;
28
+ minValue?: string;
29
+ };
30
+ required?: boolean;
31
+ stringAttributeConstraints?: {
32
+ maxLength: string;
33
+ minLength: string;
34
+ };
35
+ }[];
36
+ usernameAttributes?: Array<"email" | "phone_number"> | null;
37
+ }): any;
38
+ CognitoUserPoolLogicalId: string;
39
+ CognitoUserPoolClientLogicalId: string;
40
+ CognitoIdentityPoolLogicalId: string;
41
+ IdentityPoolAuthenticatedIAMRoleLogicalId: string;
42
+ IdentityPoolUnauthenticatedIAMRoleLogicalId: string;
43
+ };
44
+
45
+ export { PASSWORD_MINIMUM_LENGTH, createAuthTemplate };
package/dist/index.d.ts ADDED
@@ -0,0 +1,45 @@
1
+ import { Policy } from '@ttoss/cloudformation';
2
+
3
+ declare const PASSWORD_MINIMUM_LENGTH = 8;
4
+
5
+ declare const createAuthTemplate: {
6
+ ({ autoVerifiedAttributes, identityPool, schema, usernameAttributes, }?: {
7
+ autoVerifiedAttributes?: Array<"email" | "phone_number"> | null | false;
8
+ identityPool?: {
9
+ enabled?: boolean;
10
+ name?: string;
11
+ allowUnauthenticatedIdentities?: boolean;
12
+ authenticatedRoleArn?: string;
13
+ authenticatedPolicies?: Policy[];
14
+ unauthenticatedRoleArn?: string;
15
+ unauthenticatedPolicies?: Policy[];
16
+ principalTags?: Record<string, string> | boolean;
17
+ };
18
+ /**
19
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html
20
+ */
21
+ schema?: {
22
+ attributeDataType?: "Boolean" | "DateTime" | "Number" | "String";
23
+ developerOnlyAttribute?: boolean;
24
+ mutable?: boolean;
25
+ name?: string;
26
+ numberAttributeConstraints?: {
27
+ maxValue?: string;
28
+ minValue?: string;
29
+ };
30
+ required?: boolean;
31
+ stringAttributeConstraints?: {
32
+ maxLength: string;
33
+ minLength: string;
34
+ };
35
+ }[];
36
+ usernameAttributes?: Array<"email" | "phone_number"> | null;
37
+ }): any;
38
+ CognitoUserPoolLogicalId: string;
39
+ CognitoUserPoolClientLogicalId: string;
40
+ CognitoIdentityPoolLogicalId: string;
41
+ IdentityPoolAuthenticatedIAMRoleLogicalId: string;
42
+ IdentityPoolUnauthenticatedIAMRoleLogicalId: string;
43
+ };
44
+
45
+ export { PASSWORD_MINIMUM_LENGTH, createAuthTemplate };