@ttoss/cloud-auth 0.12.20 → 0.12.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/LICENSE +21 -674
  2. package/dist/esm/index.js +299 -0
  3. package/dist/index.d.mts +45 -0
  4. package/dist/index.d.ts +45 -0
  5. package/dist/index.js +335 -0
  6. package/package.json +5 -5
  7. package/src/config.ts +0 -1
  8. package/src/index.ts +0 -2
  9. package/src/template.ts +0 -387
package/dist/index.js ADDED
@@ -0,0 +1,335 @@
1
+ /** Powered by @ttoss/config. https://ttoss.dev/docs/modules/packages/config/ */
2
+ "use strict";
3
+
4
+ var __defProp = Object.defineProperty;
5
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
6
+ var __getOwnPropNames = Object.getOwnPropertyNames;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
8
+ var __export = (target, all) => {
9
+ for (var name in all) __defProp(target, name, {
10
+ get: all[name],
11
+ enumerable: true
12
+ });
13
+ };
14
+ var __copyProps = (to, from, except, desc) => {
15
+ if (from && typeof from === "object" || typeof from === "function") {
16
+ for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, {
17
+ get: () => from[key],
18
+ enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
19
+ });
20
+ }
21
+ return to;
22
+ };
23
+ var __toCommonJS = mod => __copyProps(__defProp({}, "__esModule", {
24
+ value: true
25
+ }), mod);
26
+
27
+ // src/index.ts
28
+ var src_exports = {};
29
+ __export(src_exports, {
30
+ PASSWORD_MINIMUM_LENGTH: () => PASSWORD_MINIMUM_LENGTH,
31
+ createAuthTemplate: () => createAuthTemplate
32
+ });
33
+ module.exports = __toCommonJS(src_exports);
34
+
35
+ // src/config.ts
36
+ var PASSWORD_MINIMUM_LENGTH = 8;
37
+
38
+ // src/template.ts
39
+ var CognitoUserPoolLogicalId = "CognitoUserPool";
40
+ var CognitoUserPoolClientLogicalId = "CognitoUserPoolClient";
41
+ var CognitoIdentityPoolLogicalId = "CognitoIdentityPool";
42
+ var IdentityPoolAuthenticatedIAMRoleLogicalId = "IdentityPoolAuthenticatedIAMRole";
43
+ var IdentityPoolUnauthenticatedIAMRoleLogicalId = "IdentityPoolUnauthenticatedIAMRole";
44
+ var DenyStatement = {
45
+ Effect: "Deny",
46
+ Action: ["*"],
47
+ Resource: ["*"]
48
+ };
49
+ var defaultPrincipalTags = {
50
+ appClientId: "aud",
51
+ userId: "sub"
52
+ };
53
+ var createAuthTemplate = ({
54
+ autoVerifiedAttributes = ["email"],
55
+ identityPool,
56
+ schema,
57
+ usernameAttributes = ["email"]
58
+ } = {}) => {
59
+ const AutoVerifiedAttributes = Array.isArray(autoVerifiedAttributes) && autoVerifiedAttributes.length > 0 ? autoVerifiedAttributes : [];
60
+ const template = {
61
+ AWSTemplateFormatVersion: "2010-09-09",
62
+ Resources: {
63
+ [CognitoUserPoolLogicalId]: {
64
+ /**
65
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
66
+ */
67
+ Type: "AWS::Cognito::UserPool",
68
+ Properties: {
69
+ AutoVerifiedAttributes,
70
+ Policies: {
71
+ PasswordPolicy: {
72
+ MinimumLength: PASSWORD_MINIMUM_LENGTH,
73
+ RequireLowercase: false,
74
+ RequireNumbers: false,
75
+ RequireSymbols: false,
76
+ RequireUppercase: false,
77
+ TemporaryPasswordValidityDays: 30
78
+ }
79
+ },
80
+ UsernameAttributes: usernameAttributes,
81
+ UsernameConfiguration: {
82
+ CaseSensitive: false
83
+ },
84
+ UserPoolName: {
85
+ Ref: "AWS::StackName"
86
+ }
87
+ }
88
+ },
89
+ [CognitoUserPoolClientLogicalId]: {
90
+ /**
91
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html
92
+ */
93
+ Type: "AWS::Cognito::UserPoolClient",
94
+ Properties: {
95
+ SupportedIdentityProviders: ["COGNITO"],
96
+ UserPoolId: {
97
+ Ref: "CognitoUserPool"
98
+ }
99
+ }
100
+ }
101
+ },
102
+ Outputs: {
103
+ Region: {
104
+ Description: "You use this value on Amplify Auth `region`.",
105
+ Value: {
106
+ Ref: "AWS::Region"
107
+ },
108
+ Export: {
109
+ Name: {
110
+ "Fn::Join": [":", [{
111
+ Ref: "AWS::StackName"
112
+ }, "Region"]]
113
+ }
114
+ }
115
+ },
116
+ UserPoolId: {
117
+ Description: "You use this value on Amplify Auth `userPoolId`.",
118
+ Value: {
119
+ Ref: CognitoUserPoolLogicalId
120
+ },
121
+ Export: {
122
+ Name: {
123
+ "Fn::Join": [":", [{
124
+ Ref: "AWS::StackName"
125
+ }, "UserPoolId"]]
126
+ }
127
+ }
128
+ },
129
+ AppClientId: {
130
+ Description: "You use this value on Amplify Auth `userPoolWebClientId`.",
131
+ Value: {
132
+ Ref: CognitoUserPoolClientLogicalId
133
+ },
134
+ Export: {
135
+ Name: {
136
+ "Fn::Join": [":", [{
137
+ Ref: "AWS::StackName"
138
+ }, "AppClientId"]]
139
+ }
140
+ }
141
+ }
142
+ }
143
+ };
144
+ if (schema) {
145
+ const Schema = schema.map(attribute => {
146
+ let NumberAttributeConstraints = void 0;
147
+ if (attribute.numberAttributeConstraints) {
148
+ NumberAttributeConstraints = {
149
+ MaxValue: attribute.numberAttributeConstraints?.maxValue,
150
+ MinValue: attribute.numberAttributeConstraints?.minValue
151
+ };
152
+ }
153
+ let StringAttributeConstraints = void 0;
154
+ if (attribute.stringAttributeConstraints) {
155
+ StringAttributeConstraints = {
156
+ MaxLength: attribute.stringAttributeConstraints?.maxLength,
157
+ MinLength: attribute.stringAttributeConstraints?.minLength
158
+ };
159
+ }
160
+ return {
161
+ AttributeDataType: attribute.attributeDataType,
162
+ DeveloperOnlyAttribute: attribute.developerOnlyAttribute,
163
+ Mutable: attribute.mutable,
164
+ Name: attribute.name,
165
+ NumberAttributeConstraints,
166
+ Required: attribute.required,
167
+ StringAttributeConstraints
168
+ };
169
+ });
170
+ template.Resources[CognitoUserPoolLogicalId].Properties.Schema = Schema;
171
+ }
172
+ if (identityPool?.enabled) {
173
+ template.Resources[CognitoIdentityPoolLogicalId] = {
174
+ /**
175
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html
176
+ */
177
+ Type: "AWS::Cognito::IdentityPool",
178
+ Properties: {
179
+ AllowUnauthenticatedIdentities: identityPool.allowUnauthenticatedIdentities || false,
180
+ CognitoIdentityProviders: [{
181
+ ClientId: {
182
+ Ref: CognitoUserPoolClientLogicalId
183
+ },
184
+ ProviderName: {
185
+ "Fn::GetAtt": [CognitoUserPoolLogicalId, "ProviderName"]
186
+ }
187
+ }]
188
+ }
189
+ };
190
+ if (identityPool.name) {
191
+ template.Resources[CognitoIdentityPoolLogicalId].Properties.IdentityPoolName = identityPool.name;
192
+ }
193
+ template.Resources.CognitoIdentityPoolRoleAttachment = {
194
+ /**
195
+ * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html
196
+ */
197
+ Type: "AWS::Cognito::IdentityPoolRoleAttachment",
198
+ Properties: {
199
+ IdentityPoolId: {
200
+ Ref: CognitoIdentityPoolLogicalId
201
+ },
202
+ Roles: {}
203
+ }
204
+ };
205
+ if (!identityPool.authenticatedRoleArn) {
206
+ template.Resources[IdentityPoolAuthenticatedIAMRoleLogicalId] = {
207
+ Type: "AWS::IAM::Role",
208
+ Properties: {
209
+ AssumeRolePolicyDocument: {
210
+ Version: "2012-10-17",
211
+ Statement: [{
212
+ Effect: "Allow",
213
+ Principal: {
214
+ Federated: "cognito-identity.amazonaws.com"
215
+ },
216
+ Action: ["sts:AssumeRoleWithWebIdentity", "sts:TagSession"],
217
+ Condition: {
218
+ StringEquals: {
219
+ "cognito-identity.amazonaws.com:aud": {
220
+ Ref: CognitoIdentityPoolLogicalId
221
+ }
222
+ },
223
+ "ForAnyValue:StringLike": {
224
+ "cognito-identity.amazonaws.com:amr": "authenticated"
225
+ }
226
+ }
227
+ }]
228
+ },
229
+ Policies: identityPool.authenticatedPolicies || [{
230
+ PolicyName: "IdentityPoolAuthenticatedIAMRolePolicyName",
231
+ PolicyDocument: {
232
+ Version: "2012-10-17",
233
+ Statement: [DenyStatement]
234
+ }
235
+ }]
236
+ }
237
+ };
238
+ template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = {
239
+ "Fn::GetAtt": [IdentityPoolAuthenticatedIAMRoleLogicalId, "Arn"]
240
+ };
241
+ } else {
242
+ template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = identityPool.authenticatedRoleArn;
243
+ }
244
+ if (!identityPool.unauthenticatedRoleArn) {
245
+ template.Resources[IdentityPoolUnauthenticatedIAMRoleLogicalId] = {
246
+ Type: "AWS::IAM::Role",
247
+ Properties: {
248
+ AssumeRolePolicyDocument: {
249
+ Version: "2012-10-17",
250
+ Statement: [{
251
+ Effect: "Allow",
252
+ Principal: {
253
+ Federated: "cognito-identity.amazonaws.com"
254
+ },
255
+ Action: "sts:AssumeRoleWithWebIdentity",
256
+ Condition: {
257
+ StringEquals: {
258
+ "cognito-identity.amazonaws.com:aud": {
259
+ Ref: CognitoIdentityPoolLogicalId
260
+ }
261
+ },
262
+ "ForAnyValue:StringLike": {
263
+ "cognito-identity.amazonaws.com:amr": "unauthenticated"
264
+ }
265
+ }
266
+ }]
267
+ },
268
+ Policies: identityPool.authenticatedPolicies || [{
269
+ PolicyName: "IdentityPoolUnauthenticatedIAMRolePolicyName",
270
+ PolicyDocument: {
271
+ Version: "2012-10-17",
272
+ Statement: [DenyStatement]
273
+ }
274
+ }]
275
+ }
276
+ };
277
+ template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = {
278
+ "Fn::GetAtt": [IdentityPoolUnauthenticatedIAMRoleLogicalId, "Arn"]
279
+ };
280
+ } else {
281
+ template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = identityPool.unauthenticatedRoleArn;
282
+ }
283
+ if (identityPool.principalTags || identityPool.principalTags === void 0) {
284
+ const PrincipalTags = (() => {
285
+ if (typeof identityPool.principalTags === "boolean") {
286
+ return defaultPrincipalTags;
287
+ }
288
+ if (identityPool.principalTags === void 0) {
289
+ return defaultPrincipalTags;
290
+ }
291
+ return identityPool.principalTags;
292
+ })();
293
+ template.Resources.CognitoIdentityPoolPrincipalTag = {
294
+ Type: "AWS::Cognito::IdentityPoolPrincipalTag",
295
+ Properties: {
296
+ IdentityPoolId: {
297
+ Ref: CognitoIdentityPoolLogicalId
298
+ },
299
+ IdentityProviderName: {
300
+ "Fn::GetAtt": [CognitoUserPoolLogicalId, "ProviderName"]
301
+ },
302
+ PrincipalTags,
303
+ UseDefaults: false
304
+ }
305
+ };
306
+ }
307
+ if (!template.Outputs) {
308
+ template.Outputs = {};
309
+ }
310
+ template.Outputs.IdentityPoolId = {
311
+ Description: "You use this value on Amplify Auth `identityPoolId`.",
312
+ Value: {
313
+ Ref: CognitoIdentityPoolLogicalId
314
+ },
315
+ Export: {
316
+ Name: {
317
+ "Fn::Join": [":", [{
318
+ Ref: "AWS::StackName"
319
+ }, "CognitoIdentityPoolId"]]
320
+ }
321
+ }
322
+ };
323
+ }
324
+ return template;
325
+ };
326
+ createAuthTemplate.CognitoUserPoolLogicalId = CognitoUserPoolLogicalId;
327
+ createAuthTemplate.CognitoUserPoolClientLogicalId = CognitoUserPoolClientLogicalId;
328
+ createAuthTemplate.CognitoIdentityPoolLogicalId = CognitoIdentityPoolLogicalId;
329
+ createAuthTemplate.IdentityPoolAuthenticatedIAMRoleLogicalId = IdentityPoolAuthenticatedIAMRoleLogicalId;
330
+ createAuthTemplate.IdentityPoolUnauthenticatedIAMRoleLogicalId = IdentityPoolUnauthenticatedIAMRoleLogicalId;
331
+ // Annotate the CommonJS export names for ESM import in node:
332
+ 0 && (module.exports = {
333
+ PASSWORD_MINIMUM_LENGTH,
334
+ createAuthTemplate
335
+ });
package/package.json CHANGED
@@ -1,6 +1,7 @@
1
1
  {
2
2
  "name": "@ttoss/cloud-auth",
3
- "version": "0.12.20",
3
+ "version": "0.12.22",
4
+ "license": "MIT",
4
5
  "repository": {
5
6
  "type": "git",
6
7
  "url": "https://github.com/ttoss/ttoss.git",
@@ -14,19 +15,18 @@
14
15
  }
15
16
  },
16
17
  "files": [
17
- "dist",
18
- "src"
18
+ "dist"
19
19
  ],
20
20
  "sideEffects": false,
21
21
  "dependencies": {
22
- "@ttoss/cloudformation": "^0.10.9"
22
+ "@ttoss/cloudformation": "^0.10.11"
23
23
  },
24
24
  "devDependencies": {
25
25
  "@types/jest": "^29.5.13",
26
26
  "jest": "^29.7.0",
27
27
  "tsup": "^8.3.0",
28
28
  "typescript": "~5.6.2",
29
- "@ttoss/config": "^1.33.0"
29
+ "@ttoss/config": "^1.34.1"
30
30
  },
31
31
  "publishConfig": {
32
32
  "access": "public",
package/src/config.ts DELETED
@@ -1 +0,0 @@
1
- export const PASSWORD_MINIMUM_LENGTH = 8;
package/src/index.ts DELETED
@@ -1,2 +0,0 @@
1
- export * from './config';
2
- export { createAuthTemplate } from './template';