@twin.org/api-auth-entity-storage-service 0.0.3-next.8 → 0.9.0-next.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/es/entities/authenticationAuditEntry.js +101 -0
- package/dist/es/entities/authenticationAuditEntry.js.map +1 -0
- package/dist/es/entities/authenticationRateEntry.js +37 -0
- package/dist/es/entities/authenticationRateEntry.js.map +1 -0
- package/dist/es/entities/authenticationUser.js +17 -1
- package/dist/es/entities/authenticationUser.js.map +1 -1
- package/dist/es/index.js +11 -1
- package/dist/es/index.js.map +1 -1
- package/dist/es/models/IAuthHeaderProcessorConstructorOptions.js.map +1 -1
- package/dist/es/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js.map +1 -1
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js +4 -0
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js +2 -0
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js +2 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js +2 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js +0 -2
- package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js.map +1 -1
- package/dist/es/models/IEntityStorageAuthenticationServiceConstructorOptions.js.map +1 -1
- package/dist/es/processors/authHeaderProcessor.js +83 -18
- package/dist/es/processors/authHeaderProcessor.js.map +1 -1
- package/dist/es/restEntryPoints.js +17 -0
- package/dist/es/restEntryPoints.js.map +1 -1
- package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js +362 -0
- package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js.map +1 -0
- package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js +174 -0
- package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js.map +1 -0
- package/dist/es/routes/entityStorageAuthenticationRoutes.js +20 -21
- package/dist/es/routes/entityStorageAuthenticationRoutes.js.map +1 -1
- package/dist/es/schema.js +4 -0
- package/dist/es/schema.js.map +1 -1
- package/dist/es/services/entityStorageAuthenticationAdminService.js +164 -58
- package/dist/es/services/entityStorageAuthenticationAdminService.js.map +1 -1
- package/dist/es/services/entityStorageAuthenticationAuditService.js +179 -0
- package/dist/es/services/entityStorageAuthenticationAuditService.js.map +1 -0
- package/dist/es/services/entityStorageAuthenticationRateService.js +213 -0
- package/dist/es/services/entityStorageAuthenticationRateService.js.map +1 -0
- package/dist/es/services/entityStorageAuthenticationService.js +200 -19
- package/dist/es/services/entityStorageAuthenticationService.js.map +1 -1
- package/dist/es/utils/passwordHelper.js +45 -16
- package/dist/es/utils/passwordHelper.js.map +1 -1
- package/dist/es/utils/tokenHelper.js +57 -25
- package/dist/es/utils/tokenHelper.js.map +1 -1
- package/dist/types/entities/authenticationAuditEntry.d.ts +49 -0
- package/dist/types/entities/authenticationRateEntry.d.ts +17 -0
- package/dist/types/entities/authenticationUser.d.ts +8 -0
- package/dist/types/index.d.ts +11 -1
- package/dist/types/models/IAuthHeaderProcessorConstructorOptions.d.ts +10 -0
- package/dist/types/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.d.ts +5 -0
- package/dist/types/models/IEntityStorageAuthenticationAuditServiceConfig.d.ts +9 -0
- package/dist/types/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.d.ts +15 -0
- package/dist/types/models/IEntityStorageAuthenticationRateServiceConfig.d.ts +10 -0
- package/dist/types/models/IEntityStorageAuthenticationRateServiceConstructorOptions.d.ts +25 -0
- package/dist/types/models/IEntityStorageAuthenticationServiceConfig.d.ts +22 -1
- package/dist/types/models/IEntityStorageAuthenticationServiceConstructorOptions.d.ts +13 -3
- package/dist/types/processors/authHeaderProcessor.d.ts +4 -2
- package/dist/types/restEntryPoints.d.ts +3 -0
- package/dist/types/routes/entityStorageAuthenticationAdminRoutes.d.ts +61 -0
- package/dist/types/routes/entityStorageAuthenticationAuditRoutes.d.ts +29 -0
- package/dist/types/services/entityStorageAuthenticationAdminService.d.ts +26 -9
- package/dist/types/services/entityStorageAuthenticationAuditService.d.ts +53 -0
- package/dist/types/services/entityStorageAuthenticationRateService.d.ts +60 -0
- package/dist/types/services/entityStorageAuthenticationService.d.ts +11 -6
- package/dist/types/utils/passwordHelper.d.ts +13 -5
- package/dist/types/utils/tokenHelper.d.ts +10 -4
- package/docs/changelog.md +863 -69
- package/docs/examples.md +178 -1
- package/docs/reference/classes/AuthHeaderProcessor.md +15 -11
- package/docs/reference/classes/AuthenticationAuditEntry.md +101 -0
- package/docs/reference/classes/AuthenticationRateEntry.md +37 -0
- package/docs/reference/classes/AuthenticationUser.md +21 -5
- package/docs/reference/classes/EntityStorageAuthenticationAdminService.md +80 -20
- package/docs/reference/classes/EntityStorageAuthenticationAuditService.md +157 -0
- package/docs/reference/classes/EntityStorageAuthenticationRateService.md +227 -0
- package/docs/reference/classes/EntityStorageAuthenticationService.md +39 -19
- package/docs/reference/classes/PasswordHelper.md +37 -12
- package/docs/reference/classes/TokenHelper.md +49 -13
- package/docs/reference/functions/authenticationAdminCreateUser.md +31 -0
- package/docs/reference/functions/authenticationAdminGetUser.md +31 -0
- package/docs/reference/functions/authenticationAdminGetUserByIdentity.md +31 -0
- package/docs/reference/functions/authenticationAdminRemoveUser.md +31 -0
- package/docs/reference/functions/authenticationAdminUpdateUser.md +31 -0
- package/docs/reference/functions/authenticationAdminUpdateUserPassword.md +31 -0
- package/docs/reference/functions/authenticationAuditCreate.md +31 -0
- package/docs/reference/functions/authenticationAuditQuery.md +31 -0
- package/docs/reference/functions/generateRestRoutesAuthenticationAdmin.md +25 -0
- package/docs/reference/functions/generateRestRoutesAuthenticationAudit.md +25 -0
- package/docs/reference/index.md +20 -0
- package/docs/reference/interfaces/IAuthHeaderProcessorConfig.md +4 -4
- package/docs/reference/interfaces/IAuthHeaderProcessorConstructorOptions.md +32 -4
- package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConfig.md +2 -2
- package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConstructorOptions.md +18 -4
- package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConfig.md +11 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConstructorOptions.md +25 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConfig.md +17 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConstructorOptions.md +53 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConfig.md +61 -5
- package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md +38 -10
- package/docs/reference/variables/restEntryPoints.md +2 -0
- package/docs/reference/variables/tagsAuthenticationAdmin.md +5 -0
- package/docs/reference/variables/tagsAuthenticationAudit.md +5 -0
- package/locales/en.json +23 -6
- package/package.json +17 -16
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokenHelper.js","sourceRoot":"","sources":["../../../src/utils/tokenHelper.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAEvD,OAAO,EAAwB,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AACpF,OAAO,EACN,YAAY,EACZ,WAAW,EAIX,GAAG,EACH,MAAM,eAAe,CAAC;AAEvB;;GAEG;AACH,MAAM,OAAO,WAAW;IACvB;;OAEG;IACI,MAAM,CAAU,UAAU,iBAAiC;IAElE;;;;;;;;;OASG;IACI,MAAM,CAAC,KAAK,CAAC,WAAW,CAC9B,cAA+B,EAC/B,cAAsB,EACtB,YAAoB,EACpB,oBAAwC,EACxC,QAA4B,EAC5B,UAAkB;QAKlB,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,UAAU,GAAG,EAAE,CAAC;QAEnC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,gBAAgB,CACrC,EAAE,GAAG,EAAE,OAAO,EAAE,EAChB;YACC,GAAG,EAAE,YAAY;YACjB,GAAG,EAAE,oBAAoB;YACzB,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,UAAU,GAAG,UAAU;SAC5B,EACD,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,CACzB,oBAAoB,CAAC,SAAS,CAAC,cAAc,EAAE,cAAc,EAAE,MAAM,EAAE,OAAO,CAAC,CAChF,CAAC;QAEF,OAAO;YACN,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,CAAC,UAAU,GAAG,UAAU,CAAC,GAAG,IAAI;SACxC,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACI,MAAM,CAAC,KAAK,CAAC,MAAM,CACzB,cAA+B,EAC/B,cAAsB,EACtB,KAAyB;QAKzB,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE,CAC7D,oBAAoB,CAAC,WAAW,CAAC,cAAc,EAAE,cAAc,EAAE,CAAC,CAAC,CACnE,CAAC;QAEF,wFAAwF;QACxF,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAAC;QAC9E,CAAC;aAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,4BAA4B,CAAC,CAAC;QACnF,CAAC;aAAM,IACN,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;YAC/B,OAAO,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAClD,CAAC;YACF,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAChE,CAAC;QAED,OAAO;YACN,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;SACxB,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,uBAAuB,CACpC,OAAsB,EACtB,UAAmB;QAOnB,MAAM,UAAU,GAAG,OAAO,EAAE,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;QACxD,MAAM,aAAa,GAAG,OAAO,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAEpD,MAAM,WAAW,GAAG,YAAY,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YACjC,OAAO;gBACN,KAAK,EAAE,WAAW;gBAClB,QAAQ,EAAE,eAAe;aACzB,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;YACrE,MAAM,OAAO,GAAG,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;YAC/E,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC9B,IAAI,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC5B,MAAM,iBAAiB,GAAG,MAAM;yBAC9B,KAAK,CAAC,GAAG,CAAC;yBACV,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;yBAClB,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;oBACtC,IAAI,EAAE,CAAC,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC;wBACvC,OAAO;4BACN,KAAK,EAAE,iBAAiB,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE;4BAC5D,QAAQ,EAAE,QAAQ;yBAClB,CAAC;oBACH,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { Is, UnauthorizedError } from \"@twin.org/core\";\nimport { nameof } from \"@twin.org/nameof\";\nimport { type IVaultConnector, VaultConnectorHelper } from \"@twin.org/vault-models\";\nimport {\n\tHeaderHelper,\n\tHeaderTypes,\n\ttype IHttpHeaders,\n\ttype IJwtHeader,\n\ttype IJwtPayload,\n\tJwt\n} from \"@twin.org/web\";\n\n/**\n * Helper class for token operations.\n */\nexport class TokenHelper {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<TokenHelper>();\n\n\t/**\n\t * Create a new token.\n\t * @param vaultConnector The vault connector.\n\t * @param signingKeyName The signing key name.\n\t * @param userIdentity The subject for the token.\n\t * @param organizationIdentity The organization for the token.\n\t * @param tenantId The tenant id for the token.\n\t * @param ttlMinutes The time to live for the token in minutes.\n\t * @returns The new token and its expiry date.\n\t */\n\tpublic static async createToken(\n\t\tvaultConnector: IVaultConnector,\n\t\tsigningKeyName: string,\n\t\tuserIdentity: string,\n\t\torganizationIdentity: string | undefined,\n\t\ttenantId: string | undefined,\n\t\tttlMinutes: number\n\t): Promise<{\n\t\ttoken: string;\n\t\texpiry: number;\n\t}> {\n\t\tconst nowSeconds = Math.trunc(Date.now() / 1000);\n\t\tconst ttlSeconds = ttlMinutes * 60;\n\n\t\tconst jwt = await Jwt.encodeWithSigner(\n\t\t\t{ alg: \"EdDSA\" },\n\t\t\t{\n\t\t\t\tsub: userIdentity,\n\t\t\t\torg: organizationIdentity,\n\t\t\t\ttid: tenantId,\n\t\t\t\texp: nowSeconds + ttlSeconds\n\t\t\t},\n\t\t\tasync (header, payload) =>\n\t\t\t\tVaultConnectorHelper.jwtSigner(vaultConnector, signingKeyName, header, payload)\n\t\t);\n\n\t\treturn {\n\t\t\ttoken: jwt,\n\t\t\texpiry: (nowSeconds + ttlSeconds) * 1000\n\t\t};\n\t}\n\n\t/**\n\t * Verify the token.\n\t * @param vaultConnector The vault connector.\n\t * @param signingKeyName The signing key name.\n\t * @param token The token to verify.\n\t * @returns The verified details.\n\t * @throws UnauthorizedError if the token is missing, invalid or expired.\n\t */\n\tpublic static async verify(\n\t\tvaultConnector: IVaultConnector,\n\t\tsigningKeyName: string,\n\t\ttoken: string | undefined\n\t): Promise<{\n\t\theader: IJwtHeader;\n\t\tpayload: IJwtPayload;\n\t}> {\n\t\tif (!Is.stringValue(token)) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"missing\");\n\t\t}\n\n\t\tconst decoded = await Jwt.verifyWithVerifier(token, async t =>\n\t\t\tVaultConnectorHelper.jwtVerifier(vaultConnector, signingKeyName, t)\n\t\t);\n\n\t\t// If some of the header/payload data is not properly populated then it is unauthorized.\n\t\tif (!Is.stringValue(decoded.payload.sub)) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"payloadMissingSubject\");\n\t\t} else if (!Is.stringValue(decoded.payload.org)) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"payloadMissingOrganization\");\n\t\t} else if (\n\t\t\t!Is.empty(decoded.payload?.exp) &&\n\t\t\tdecoded.payload.exp < Math.trunc(Date.now() / 1000)\n\t\t) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"expired\");\n\t\t}\n\n\t\treturn {\n\t\t\theader: decoded.header,\n\t\t\tpayload: decoded.payload\n\t\t};\n\t}\n\n\t/**\n\t * Extract the auth token from the headers, either from the authorization header or the cookie header.\n\t * @param headers The headers to extract the token from.\n\t * @param cookieName The name of the cookie to extract the token from.\n\t * @returns The token if found.\n\t */\n\tpublic static extractTokenFromHeaders(\n\t\theaders?: IHttpHeaders,\n\t\tcookieName?: string\n\t):\n\t\t| {\n\t\t\t\ttoken: string;\n\t\t\t\tlocation: \"authorization\" | \"cookie\";\n\t\t }\n\t\t| undefined {\n\t\tconst authHeader = headers?.[HeaderTypes.Authorization];\n\t\tconst cookiesHeader = headers?.[HeaderTypes.Cookie];\n\n\t\tconst bearerToken = HeaderHelper.extractBearer(authHeader);\n\t\tif (Is.stringValue(bearerToken)) {\n\t\t\treturn {\n\t\t\t\ttoken: bearerToken,\n\t\t\t\tlocation: \"authorization\"\n\t\t\t};\n\t\t} else if (Is.notEmpty(cookiesHeader) && Is.stringValue(cookieName)) {\n\t\t\tconst cookies = Is.arrayValue(cookiesHeader) ? cookiesHeader : [cookiesHeader];\n\t\t\tfor (const cookie of cookies) {\n\t\t\t\tif (Is.stringValue(cookie)) {\n\t\t\t\t\tconst accessTokenCookie = cookie\n\t\t\t\t\t\t.split(\";\")\n\t\t\t\t\t\t.map(c => c.trim())\n\t\t\t\t\t\t.find(c => c.startsWith(cookieName));\n\t\t\t\t\tif (Is.stringValue(accessTokenCookie)) {\n\t\t\t\t\t\treturn {\n\t\t\t\t\t\t\ttoken: accessTokenCookie.slice(cookieName.length + 1).trim(),\n\t\t\t\t\t\t\tlocation: \"cookie\"\n\t\t\t\t\t\t};\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n}\n"]}
|
|
1
|
+
{"version":3,"file":"tokenHelper.js","sourceRoot":"","sources":["../../../src/utils/tokenHelper.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAE/D,OAAO,EAAwB,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AACpF,OAAO,EACN,YAAY,EACZ,YAAY,EACZ,WAAW,EAIX,GAAG,EACH,MAAM,eAAe,CAAC;AAEvB;;GAEG;AACH,MAAM,OAAO,WAAW;IACvB;;OAEG;IACI,MAAM,CAAU,UAAU,iBAAiC;IAElE;;;;;;;;;;;;OAYG;IACI,MAAM,CAAC,KAAK,CAAC,WAAW,CAC9B,cAA+B,EAC/B,MAAc,EACd,cAAsB,EACtB,YAAoB,EACpB,oBAAwC,EACxC,QAA4B,EAC5B,UAAkB,EAClB,KAAc,EACd,eAAwB;QAKxB,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,UAAU,GAAG,EAAE,CAAC;QACnC,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,cAAc,EAAE,CAAC;QAEnD,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,gBAAgB,CACrC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,EACrC;YACC,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,YAAY;YACjB,GAAG,EAAE,oBAAoB;YACzB,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,UAAU,GAAG,UAAU;YAC5B,KAAK;YACL,IAAI,EAAE,eAAe;SACrB,EACD,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,CACzB,oBAAoB,CAAC,SAAS,CAAC,cAAc,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,CAC9E,CAAC;QAEF,OAAO;YACN,KAAK,EAAE,GAAG;YACV,MAAM,EAAE,CAAC,UAAU,GAAG,UAAU,CAAC,GAAG,IAAI;SACxC,CAAC;IACH,CAAC;IAED;;;;;;;;;;OAUG;IACI,MAAM,CAAC,KAAK,CAAC,MAAM,CACzB,cAA+B,EAC/B,MAAc,EACd,cAAsB,EACtB,KAAyB,EACzB,cAAyB,EACzB,UAKsB;QAKtB,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,YAAY,GAAG,GAAG,MAAM,IAAI,cAAc,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE,CAC7D,oBAAoB,CAAC,WAAW,CAAC,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC,CACjE,CAAC;QAEF,wFAAwF;QACxF,IAAI,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,cAAc,EAAE,CAAC;YAC3C,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;QAC5E,CAAC;aAAM,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,KAAK,MAAM,EAAE,CAAC;YAC3C,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAAC;QAC9E,CAAC;aAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAAC;QAC9E,CAAC;aAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,4BAA4B,CAAC,CAAC;QACnF,CAAC;aAAM,IACN,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC;YAC/B,OAAO,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAClD,CAAC;YACF,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC/C,MAAM,YAAY,GAAG,MAAM,UAAU,CACpC,OAAO,CAAC,OAAO,CAAC,GAAG,EACnB,OAAO,CAAC,OAAO,CAAC,GAAG,EACnB,GAAG,EACH,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CACpC,CAAC;YACF,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpC,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;YACxE,CAAC;iBAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBACnD,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,yBAAyB,CAAC,CAAC;YAChF,CAAC;iBAAM,IAAI,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;YAC1E,CAAC;QACF,CAAC;QAED,IAAI,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC;gBACxD,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC;gBAClC,CAAC,CAAC,EAAE,CAAC;YAEN,KAAK,MAAM,aAAa,IAAI,cAAc,EAAE,CAAC;gBAC5C,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBAC1C,MAAM,IAAI,iBAAiB,CAAC,WAAW,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAC;gBAC3E,CAAC;YACF,CAAC;QACF,CAAC;QAED,OAAO;YACN,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;SACxB,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,uBAAuB,CACpC,OAAsB,EACtB,UAAmB;QAOnB,MAAM,UAAU,GAAG,OAAO,EAAE,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;QACxD,MAAM,aAAa,GAAG,OAAO,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAEpD,MAAM,WAAW,GAAG,YAAY,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YACjC,OAAO;gBACN,KAAK,EAAE,WAAW;gBAClB,QAAQ,EAAE,eAAe;aACzB,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;YACrE,MAAM,KAAK,GAAG,YAAY,CAAC,oBAAoB,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;YAC3E,IAAI,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3B,OAAO;oBACN,KAAK,EAAE,KAAK;oBACZ,QAAQ,EAAE,QAAQ;iBAClB,CAAC;YACH,CAAC;QACF,CAAC;IACF,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { Coerce, Is, UnauthorizedError } from \"@twin.org/core\";\nimport { nameof } from \"@twin.org/nameof\";\nimport { type IVaultConnector, VaultConnectorHelper } from \"@twin.org/vault-models\";\nimport {\n\tCookieHelper,\n\tHeaderHelper,\n\tHeaderTypes,\n\ttype IHttpHeaders,\n\ttype IJwtHeader,\n\ttype IJwtPayload,\n\tJwt\n} from \"@twin.org/web\";\n\n/**\n * Helper class for token operations.\n */\nexport class TokenHelper {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<TokenHelper>();\n\n\t/**\n\t * Create a new token.\n\t * @param vaultConnector The vault connector.\n\t * @param nodeId The node identifier, embedded as the JWT issuer claim.\n\t * @param signingKeyName The signing key name, embedded as the JWT key identifier.\n\t * @param userIdentity The subject for the token.\n\t * @param organizationIdentity The organization for the token.\n\t * @param tenantId The tenant id for the token.\n\t * @param ttlMinutes The time to live for the token in minutes.\n\t * @param scope The scopes for the token.\n\t * @param passwordVersion The user's current password version counter, embedded in the token so that a password change invalidates existing tokens.\n\t * @returns The new token and its expiry date.\n\t */\n\tpublic static async createToken(\n\t\tvaultConnector: IVaultConnector,\n\t\tnodeId: string,\n\t\tsigningKeyName: string,\n\t\tuserIdentity: string,\n\t\torganizationIdentity: string | undefined,\n\t\ttenantId: string | undefined,\n\t\tttlMinutes: number,\n\t\tscope?: string,\n\t\tpasswordVersion?: number\n\t): Promise<{\n\t\ttoken: string;\n\t\texpiry: number;\n\t}> {\n\t\tconst nowSeconds = Math.trunc(Date.now() / 1000);\n\t\tconst ttlSeconds = ttlMinutes * 60;\n\t\tconst vaultKeyName = `${nodeId}/${signingKeyName}`;\n\n\t\tconst jwt = await Jwt.encodeWithSigner(\n\t\t\t{ alg: \"EdDSA\", kid: signingKeyName },\n\t\t\t{\n\t\t\t\tiss: nodeId,\n\t\t\t\tsub: userIdentity,\n\t\t\t\torg: organizationIdentity,\n\t\t\t\ttid: tenantId,\n\t\t\t\texp: nowSeconds + ttlSeconds,\n\t\t\t\tscope,\n\t\t\t\tpver: passwordVersion\n\t\t\t},\n\t\t\tasync (header, payload) =>\n\t\t\t\tVaultConnectorHelper.jwtSigner(vaultConnector, vaultKeyName, header, payload)\n\t\t);\n\n\t\treturn {\n\t\t\ttoken: jwt,\n\t\t\texpiry: (nowSeconds + ttlSeconds) * 1000\n\t\t};\n\t}\n\n\t/**\n\t * Verify the token.\n\t * @param vaultConnector The vault connector.\n\t * @param nodeId The node identifier, expected to match the JWT issuer claim.\n\t * @param signingKeyName The signing key name, expected to match the JWT key identifier.\n\t * @param token The token to verify.\n\t * @param requiredScopes The required scopes.\n\t * @param verifyUser A function to verify the user identity and organization. The password version counter embedded in the token (pver claim) is passed so callers can detect if the password has changed since the token was issued.\n\t * @returns The verified details.\n\t * @throws UnauthorizedError if the token is missing, invalid or expired.\n\t */\n\tpublic static async verify(\n\t\tvaultConnector: IVaultConnector,\n\t\tnodeId: string,\n\t\tsigningKeyName: string,\n\t\ttoken: string | undefined,\n\t\trequiredScopes?: string[],\n\t\tverifyUser?: (\n\t\t\tsub: string,\n\t\t\torg: string,\n\t\t\ttid: string | undefined,\n\t\t\tpasswordVersion: number | undefined\n\t\t) => Promise<string[]>\n\t): Promise<{\n\t\theader: IJwtHeader;\n\t\tpayload: IJwtPayload;\n\t}> {\n\t\tif (!Is.stringValue(token)) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"missing\");\n\t\t}\n\n\t\tconst vaultKeyName = `${nodeId}/${signingKeyName}`;\n\t\tconst decoded = await Jwt.verifyWithVerifier(token, async t =>\n\t\t\tVaultConnectorHelper.jwtVerifier(vaultConnector, vaultKeyName, t)\n\t\t);\n\n\t\t// If some of the header/payload data is not properly populated then it is unauthorized.\n\t\tif (decoded.header.kid !== signingKeyName) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"headerKeyIdMismatch\");\n\t\t} else if (decoded.payload.iss !== nodeId) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"payloadIssuerMismatch\");\n\t\t} else if (!Is.stringValue(decoded.payload.sub)) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"payloadMissingSubject\");\n\t\t} else if (!Is.stringValue(decoded.payload.org)) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"payloadMissingOrganization\");\n\t\t} else if (\n\t\t\t!Is.empty(decoded.payload?.exp) &&\n\t\t\tdecoded.payload.exp < Math.trunc(Date.now() / 1000)\n\t\t) {\n\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"expired\");\n\t\t}\n\n\t\tif (Is.function(verifyUser)) {\n\t\t\tconst tid = Coerce.string(decoded.payload.tid);\n\t\t\tconst userVerified = await verifyUser(\n\t\t\t\tdecoded.payload.sub,\n\t\t\t\tdecoded.payload.org,\n\t\t\t\ttid,\n\t\t\t\tCoerce.integer(decoded.payload.pver)\n\t\t\t);\n\t\t\tif (!userVerified.includes(\"user\")) {\n\t\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"userNotVerified\");\n\t\t\t} else if (!userVerified.includes(\"organization\")) {\n\t\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"organizationNotVerified\");\n\t\t\t} else if (Is.stringValue(tid) && !userVerified.includes(\"tenant\")) {\n\t\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"tenantNotVerified\");\n\t\t\t}\n\t\t}\n\n\t\tif (Is.arrayValue(requiredScopes)) {\n\t\t\tconst tokenScopes = Is.stringValue(decoded.payload.scope)\n\t\t\t\t? decoded.payload.scope.split(\",\")\n\t\t\t\t: [];\n\n\t\t\tfor (const requiredScope of requiredScopes) {\n\t\t\t\tif (!tokenScopes.includes(requiredScope)) {\n\t\t\t\t\tthrow new UnauthorizedError(TokenHelper.CLASS_NAME, \"insufficientScopes\");\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn {\n\t\t\theader: decoded.header,\n\t\t\tpayload: decoded.payload\n\t\t};\n\t}\n\n\t/**\n\t * Extract the auth token from the headers, either from the authorization header or the cookie header.\n\t * @param headers The headers to extract the token from.\n\t * @param cookieName The name of the cookie to extract the token from.\n\t * @returns The token if found.\n\t */\n\tpublic static extractTokenFromHeaders(\n\t\theaders?: IHttpHeaders,\n\t\tcookieName?: string\n\t):\n\t\t| {\n\t\t\t\ttoken: string;\n\t\t\t\tlocation: \"authorization\" | \"cookie\";\n\t\t }\n\t\t| undefined {\n\t\tconst authHeader = headers?.[HeaderTypes.Authorization];\n\t\tconst cookiesHeader = headers?.[HeaderTypes.Cookie];\n\n\t\tconst bearerToken = HeaderHelper.extractBearer(authHeader);\n\t\tif (Is.stringValue(bearerToken)) {\n\t\t\treturn {\n\t\t\t\ttoken: bearerToken,\n\t\t\t\tlocation: \"authorization\"\n\t\t\t};\n\t\t} else if (Is.notEmpty(cookiesHeader) && Is.stringValue(cookieName)) {\n\t\t\tconst value = CookieHelper.getCookieFromHeaders(cookiesHeader, cookieName);\n\t\t\tif (Is.stringValue(value)) {\n\t\t\t\treturn {\n\t\t\t\t\ttoken: value,\n\t\t\t\t\tlocation: \"cookie\"\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\t}\n}\n"]}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Class defining the storage for authentication audit entries.
|
|
3
|
+
*/
|
|
4
|
+
export declare class AuthenticationAuditEntry {
|
|
5
|
+
/**
|
|
6
|
+
* The unique identifier for the audit entry.
|
|
7
|
+
*/
|
|
8
|
+
id: string;
|
|
9
|
+
/**
|
|
10
|
+
* The timestamp of the audit entry in ISO 8601 format.
|
|
11
|
+
*/
|
|
12
|
+
dateCreated: string;
|
|
13
|
+
/**
|
|
14
|
+
* The audit event that occurred.
|
|
15
|
+
*/
|
|
16
|
+
event: string;
|
|
17
|
+
/**
|
|
18
|
+
* The actor identifier, could be e-mail, username, or other unique identifier.
|
|
19
|
+
*/
|
|
20
|
+
actorId?: string;
|
|
21
|
+
/**
|
|
22
|
+
* The node identifier associated with the audit entry, if applicable.
|
|
23
|
+
*/
|
|
24
|
+
nodeId?: string;
|
|
25
|
+
/**
|
|
26
|
+
* The organization identifier associated with the audit entry, if applicable.
|
|
27
|
+
*/
|
|
28
|
+
organizationId?: string;
|
|
29
|
+
/**
|
|
30
|
+
* The tenant identifier associated with the audit entry, if applicable.
|
|
31
|
+
*/
|
|
32
|
+
tenantId?: string;
|
|
33
|
+
/**
|
|
34
|
+
* The hashed IP addresses of the client.
|
|
35
|
+
*/
|
|
36
|
+
ipAddressHashes?: string[];
|
|
37
|
+
/**
|
|
38
|
+
* The user agent string of the client.
|
|
39
|
+
*/
|
|
40
|
+
userAgent?: string;
|
|
41
|
+
/**
|
|
42
|
+
* The correlation ID for request tracing.
|
|
43
|
+
*/
|
|
44
|
+
correlationId?: string;
|
|
45
|
+
/**
|
|
46
|
+
* Additional data related to the audit entry, such as IP address, user agent, etc.
|
|
47
|
+
*/
|
|
48
|
+
data?: unknown;
|
|
49
|
+
}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Class defining the storage for authentication rate entries.
|
|
3
|
+
*/
|
|
4
|
+
export declare class AuthenticationRateEntry {
|
|
5
|
+
/**
|
|
6
|
+
* The id for the rate entry.
|
|
7
|
+
*/
|
|
8
|
+
id: string;
|
|
9
|
+
/**
|
|
10
|
+
* Array of ISO date strings representing timestamps of failed attempts.
|
|
11
|
+
*/
|
|
12
|
+
timestamps: string[];
|
|
13
|
+
/**
|
|
14
|
+
* Last modification time in ISO date format.
|
|
15
|
+
*/
|
|
16
|
+
dateModified: string;
|
|
17
|
+
}
|
|
@@ -22,4 +22,12 @@ export declare class AuthenticationUser {
|
|
|
22
22
|
* The users organization.
|
|
23
23
|
*/
|
|
24
24
|
organization: string;
|
|
25
|
+
/**
|
|
26
|
+
* The scope assigned to the user, comma separated.
|
|
27
|
+
*/
|
|
28
|
+
scope: string;
|
|
29
|
+
/**
|
|
30
|
+
* The password version counter, incremented on every password change to invalidate existing tokens.
|
|
31
|
+
*/
|
|
32
|
+
passwordVersion?: number;
|
|
25
33
|
}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -1,15 +1,25 @@
|
|
|
1
|
+
export * from "./entities/authenticationAuditEntry.js";
|
|
2
|
+
export * from "./entities/authenticationRateEntry.js";
|
|
1
3
|
export * from "./entities/authenticationUser.js";
|
|
2
4
|
export * from "./models/IAuthHeaderProcessorConfig.js";
|
|
3
5
|
export * from "./models/IAuthHeaderProcessorConstructorOptions.js";
|
|
4
6
|
export * from "./models/IEntityStorageAuthenticationAdminServiceConfig.js";
|
|
5
7
|
export * from "./models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js";
|
|
8
|
+
export * from "./models/IEntityStorageAuthenticationAuditServiceConfig.js";
|
|
9
|
+
export * from "./models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js";
|
|
10
|
+
export * from "./models/IEntityStorageAuthenticationRateServiceConfig.js";
|
|
11
|
+
export * from "./models/IEntityStorageAuthenticationRateServiceConstructorOptions.js";
|
|
6
12
|
export * from "./models/IEntityStorageAuthenticationServiceConfig.js";
|
|
7
13
|
export * from "./models/IEntityStorageAuthenticationServiceConstructorOptions.js";
|
|
8
14
|
export * from "./processors/authHeaderProcessor.js";
|
|
9
15
|
export * from "./restEntryPoints.js";
|
|
16
|
+
export * from "./routes/entityStorageAuthenticationAdminRoutes.js";
|
|
17
|
+
export * from "./routes/entityStorageAuthenticationAuditRoutes.js";
|
|
10
18
|
export * from "./routes/entityStorageAuthenticationRoutes.js";
|
|
11
19
|
export * from "./schema.js";
|
|
12
20
|
export * from "./services/entityStorageAuthenticationAdminService.js";
|
|
21
|
+
export * from "./services/entityStorageAuthenticationAuditService.js";
|
|
22
|
+
export * from "./services/entityStorageAuthenticationRateService.js";
|
|
13
23
|
export * from "./services/entityStorageAuthenticationService.js";
|
|
14
|
-
export * from "./utils/passwordHelper.js";
|
|
15
24
|
export * from "./utils/tokenHelper.js";
|
|
25
|
+
export * from "./utils/passwordHelper.js";
|
|
@@ -3,11 +3,21 @@ import type { IAuthHeaderProcessorConfig } from "./IAuthHeaderProcessorConfig.js
|
|
|
3
3
|
* Options for the AuthHeaderProcessor constructor.
|
|
4
4
|
*/
|
|
5
5
|
export interface IAuthHeaderProcessorConstructorOptions {
|
|
6
|
+
/**
|
|
7
|
+
* The entity storage for users.
|
|
8
|
+
* @default authentication-user
|
|
9
|
+
*/
|
|
10
|
+
userEntityStorageType?: string;
|
|
6
11
|
/**
|
|
7
12
|
* The vault for the private keys.
|
|
8
13
|
* @default vault
|
|
9
14
|
*/
|
|
10
15
|
vaultConnectorType?: string;
|
|
16
|
+
/**
|
|
17
|
+
* The component to retrieve tenant information.
|
|
18
|
+
* @default tenant-admin
|
|
19
|
+
*/
|
|
20
|
+
tenantAdminComponentType?: string;
|
|
11
21
|
/**
|
|
12
22
|
* The configuration for the processor.
|
|
13
23
|
*/
|
|
@@ -8,6 +8,11 @@ export interface IEntityStorageAuthenticationAdminServiceConstructorOptions {
|
|
|
8
8
|
* @default authentication-user
|
|
9
9
|
*/
|
|
10
10
|
userEntityStorageType?: string;
|
|
11
|
+
/**
|
|
12
|
+
* The audit service.
|
|
13
|
+
* @default authentication-audit
|
|
14
|
+
*/
|
|
15
|
+
authenticationAuditServiceType?: string;
|
|
11
16
|
/**
|
|
12
17
|
* The configuration for the authentication.
|
|
13
18
|
*/
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Config for the EntityStorageAuthenticationAuditService constructor.
|
|
3
|
+
*/
|
|
4
|
+
export interface IEntityStorageAuthenticationAuditServiceConfig {
|
|
5
|
+
/**
|
|
6
|
+
* The server-side salt for hashing IP addresses in audit logs, if configured.
|
|
7
|
+
*/
|
|
8
|
+
ipHashSalt?: string;
|
|
9
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { IEntityStorageAuthenticationAuditServiceConfig } from "./IEntityStorageAuthenticationAuditServiceConfig.js";
|
|
2
|
+
/**
|
|
3
|
+
* Options for the EntityStorageAuthenticationAuditService constructor.
|
|
4
|
+
*/
|
|
5
|
+
export interface IEntityStorageAuthenticationAuditServiceConstructorOptions {
|
|
6
|
+
/**
|
|
7
|
+
* The entity storage for the audit entries.
|
|
8
|
+
* @default authentication-audit-entry
|
|
9
|
+
*/
|
|
10
|
+
authenticationAuditEntryStorageType?: string;
|
|
11
|
+
/**
|
|
12
|
+
* The configuration for the authentication audit service.
|
|
13
|
+
*/
|
|
14
|
+
config?: IEntityStorageAuthenticationAuditServiceConfig;
|
|
15
|
+
}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import type { IEntityStorageAuthenticationRateServiceConfig } from "./IEntityStorageAuthenticationRateServiceConfig.js";
|
|
2
|
+
/**
|
|
3
|
+
* Options for the EntityStorageAuthenticationRateService constructor.
|
|
4
|
+
*/
|
|
5
|
+
export interface IEntityStorageAuthenticationRateServiceConstructorOptions {
|
|
6
|
+
/**
|
|
7
|
+
* The entity storage for authentication rate entries.
|
|
8
|
+
* @default authentication-rate-entry
|
|
9
|
+
*/
|
|
10
|
+
authenticationRateEntryStorageType?: string;
|
|
11
|
+
/**
|
|
12
|
+
* The task scheduler component type.
|
|
13
|
+
* @default task-scheduler
|
|
14
|
+
*/
|
|
15
|
+
taskSchedulerComponentType?: string;
|
|
16
|
+
/**
|
|
17
|
+
* The platform component type, used to run the periodic cleanup per tenant.
|
|
18
|
+
* @default platform
|
|
19
|
+
*/
|
|
20
|
+
platformComponentType?: string;
|
|
21
|
+
/**
|
|
22
|
+
* The configuration for the authentication rate service.
|
|
23
|
+
*/
|
|
24
|
+
config?: IEntityStorageAuthenticationRateServiceConfig;
|
|
25
|
+
}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { IAuthenticationRateActionConfig } from "@twin.org/api-auth-entity-storage-models";
|
|
1
2
|
/**
|
|
2
3
|
* Configuration for the entity storage authentication service.
|
|
3
4
|
*/
|
|
@@ -9,7 +10,27 @@ export interface IEntityStorageAuthenticationServiceConfig {
|
|
|
9
10
|
signingKeyName?: string;
|
|
10
11
|
/**
|
|
11
12
|
* The default time to live for the JWT.
|
|
12
|
-
* @default
|
|
13
|
+
* @default 60
|
|
13
14
|
*/
|
|
14
15
|
defaultTtlMinutes?: number;
|
|
16
|
+
/**
|
|
17
|
+
* The minimum password length for new password validation.
|
|
18
|
+
* @default 8
|
|
19
|
+
*/
|
|
20
|
+
minPasswordLength?: number;
|
|
21
|
+
/**
|
|
22
|
+
* Optional override for login failure rate limit.
|
|
23
|
+
* @default { maxAttempts: 5, windowMinutes: 15 }
|
|
24
|
+
*/
|
|
25
|
+
loginRateLimit?: IAuthenticationRateActionConfig;
|
|
26
|
+
/**
|
|
27
|
+
* Optional override for password change rate limit.
|
|
28
|
+
* @default { maxAttempts: 5, windowMinutes: 15 }
|
|
29
|
+
*/
|
|
30
|
+
passwordChangeRateLimit?: IAuthenticationRateActionConfig;
|
|
31
|
+
/**
|
|
32
|
+
* Optional override for token refresh rate limit.
|
|
33
|
+
* @default { maxAttempts: 30, windowMinutes: 60 }
|
|
34
|
+
*/
|
|
35
|
+
tokenRefreshRateLimit?: IAuthenticationRateActionConfig;
|
|
15
36
|
}
|
|
@@ -14,10 +14,20 @@ export interface IEntityStorageAuthenticationServiceConstructorOptions {
|
|
|
14
14
|
*/
|
|
15
15
|
vaultConnectorType?: string;
|
|
16
16
|
/**
|
|
17
|
-
* The
|
|
18
|
-
* @default authentication-
|
|
17
|
+
* The audit service.
|
|
18
|
+
* @default authentication-audit
|
|
19
19
|
*/
|
|
20
|
-
|
|
20
|
+
authenticationAuditServiceType?: string;
|
|
21
|
+
/**
|
|
22
|
+
* The rate service.
|
|
23
|
+
* @default authentication-rate
|
|
24
|
+
*/
|
|
25
|
+
authenticationRateServiceType?: string;
|
|
26
|
+
/**
|
|
27
|
+
* The component to retrieve tenant information.
|
|
28
|
+
* @default tenant-admin
|
|
29
|
+
*/
|
|
30
|
+
tenantAdminComponentType?: string;
|
|
21
31
|
/**
|
|
22
32
|
* The configuration for the authentication.
|
|
23
33
|
*/
|
|
@@ -10,7 +10,7 @@ export declare class AuthHeaderProcessor implements IBaseRouteProcessor {
|
|
|
10
10
|
*/
|
|
11
11
|
static readonly CLASS_NAME: string;
|
|
12
12
|
/**
|
|
13
|
-
* Create a new instance of
|
|
13
|
+
* Create a new instance of AuthHeaderProcessor.
|
|
14
14
|
* @param options Options for the processor.
|
|
15
15
|
*/
|
|
16
16
|
constructor(options?: IAuthHeaderProcessorConstructorOptions);
|
|
@@ -22,7 +22,7 @@ export declare class AuthHeaderProcessor implements IBaseRouteProcessor {
|
|
|
22
22
|
/**
|
|
23
23
|
* The service needs to be started when the application is initialized.
|
|
24
24
|
* @param nodeLoggingComponentType The node logging component type.
|
|
25
|
-
* @returns
|
|
25
|
+
* @returns A promise that resolves when the node identity and organization ID have been cached.
|
|
26
26
|
*/
|
|
27
27
|
start(nodeLoggingComponentType?: string): Promise<void>;
|
|
28
28
|
/**
|
|
@@ -32,6 +32,7 @@ export declare class AuthHeaderProcessor implements IBaseRouteProcessor {
|
|
|
32
32
|
* @param route The route to process.
|
|
33
33
|
* @param contextIds The context IDs of the request.
|
|
34
34
|
* @param processorState The state handed through the processors.
|
|
35
|
+
* @returns A promise that resolves when the JWT has been verified and the context populated, or an error response set.
|
|
35
36
|
*/
|
|
36
37
|
pre(request: IHttpServerRequest, response: IHttpResponse, route: IBaseRoute | undefined, contextIds: IContextIds, processorState: {
|
|
37
38
|
[id: string]: unknown;
|
|
@@ -43,6 +44,7 @@ export declare class AuthHeaderProcessor implements IBaseRouteProcessor {
|
|
|
43
44
|
* @param route The route to process.
|
|
44
45
|
* @param contextIds The context IDs of the request.
|
|
45
46
|
* @param processorState The state handed through the processors.
|
|
47
|
+
* @returns A promise that resolves when the Set-Cookie header has been applied to the response if required.
|
|
46
48
|
*/
|
|
47
49
|
post(request: IHttpServerRequest, response: IHttpResponse, route: IBaseRoute | undefined, contextIds: IContextIds, processorState: {
|
|
48
50
|
[id: string]: unknown;
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import type { IAdminUserCreateRequest, IAdminUserGetByIdentityRequest, IAdminUserGetRequest, IAdminUserGetResponse, IAdminUserRemoveRequest, IAdminUserUpdatePasswordRequest, IAdminUserUpdateRequest } from "@twin.org/api-auth-entity-storage-models";
|
|
2
|
+
import type { ICreatedResponse, IHttpRequestContext, INoContentResponse, IRestRoute, ITag } from "@twin.org/api-models";
|
|
3
|
+
/**
|
|
4
|
+
* The tag to associate with the routes.
|
|
5
|
+
*/
|
|
6
|
+
export declare const tagsAuthenticationAdmin: ITag[];
|
|
7
|
+
/**
|
|
8
|
+
* The REST routes for authentication admin.
|
|
9
|
+
* @param baseRouteName Prefix to prepend to the paths.
|
|
10
|
+
* @param componentName The name of the component to use in the routes stored in the ComponentFactory.
|
|
11
|
+
* @returns The generated routes.
|
|
12
|
+
*/
|
|
13
|
+
export declare function generateRestRoutesAuthenticationAdmin(baseRouteName: string, componentName: string): IRestRoute[];
|
|
14
|
+
/**
|
|
15
|
+
* Create a new user.
|
|
16
|
+
* @param httpRequestContext The request context for the API.
|
|
17
|
+
* @param componentName The name of the component to use in the routes.
|
|
18
|
+
* @param request The request.
|
|
19
|
+
* @returns The response object with additional http response properties.
|
|
20
|
+
*/
|
|
21
|
+
export declare function authenticationAdminCreateUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserCreateRequest): Promise<ICreatedResponse>;
|
|
22
|
+
/**
|
|
23
|
+
* Update an existing user.
|
|
24
|
+
* @param httpRequestContext The request context for the API.
|
|
25
|
+
* @param componentName The name of the component to use in the routes.
|
|
26
|
+
* @param request The request.
|
|
27
|
+
* @returns The response object with additional http response properties.
|
|
28
|
+
*/
|
|
29
|
+
export declare function authenticationAdminUpdateUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserUpdateRequest): Promise<INoContentResponse>;
|
|
30
|
+
/**
|
|
31
|
+
* Update an existing user password.
|
|
32
|
+
* @param httpRequestContext The request context for the API.
|
|
33
|
+
* @param componentName The name of the component to use in the routes.
|
|
34
|
+
* @param request The request.
|
|
35
|
+
* @returns The response object with additional http response properties.
|
|
36
|
+
*/
|
|
37
|
+
export declare function authenticationAdminUpdateUserPassword(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserUpdatePasswordRequest): Promise<INoContentResponse>;
|
|
38
|
+
/**
|
|
39
|
+
* Get an existing user.
|
|
40
|
+
* @param httpRequestContext The request context for the API.
|
|
41
|
+
* @param componentName The name of the component to use in the routes.
|
|
42
|
+
* @param request The request.
|
|
43
|
+
* @returns The response object with additional http response properties.
|
|
44
|
+
*/
|
|
45
|
+
export declare function authenticationAdminGetUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserGetRequest): Promise<IAdminUserGetResponse>;
|
|
46
|
+
/**
|
|
47
|
+
* Get an existing user by identity.
|
|
48
|
+
* @param httpRequestContext The request context for the API.
|
|
49
|
+
* @param componentName The name of the component to use in the routes.
|
|
50
|
+
* @param request The request.
|
|
51
|
+
* @returns The response object with additional http response properties.
|
|
52
|
+
*/
|
|
53
|
+
export declare function authenticationAdminGetUserByIdentity(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserGetByIdentityRequest): Promise<IAdminUserGetResponse>;
|
|
54
|
+
/**
|
|
55
|
+
* Remove an existing user.
|
|
56
|
+
* @param httpRequestContext The request context for the API.
|
|
57
|
+
* @param componentName The name of the component to use in the routes.
|
|
58
|
+
* @param request The request.
|
|
59
|
+
* @returns The response object with additional http response properties.
|
|
60
|
+
*/
|
|
61
|
+
export declare function authenticationAdminRemoveUser(httpRequestContext: IHttpRequestContext, componentName: string, request: IAdminUserRemoveRequest): Promise<INoContentResponse>;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import type { IAuditCreateRequest, IAuditQueryRequest, IAuditQueryResponse } from "@twin.org/api-auth-entity-storage-models";
|
|
2
|
+
import type { ICreatedResponse, IHttpRequestContext, IRestRoute, ITag } from "@twin.org/api-models";
|
|
3
|
+
/**
|
|
4
|
+
* The tag to associate with the routes.
|
|
5
|
+
*/
|
|
6
|
+
export declare const tagsAuthenticationAudit: ITag[];
|
|
7
|
+
/**
|
|
8
|
+
* The REST routes for authentication audit.
|
|
9
|
+
* @param baseRouteName Prefix to prepend to the paths.
|
|
10
|
+
* @param componentName The name of the component to use in the routes stored in the ComponentFactory.
|
|
11
|
+
* @returns The generated routes.
|
|
12
|
+
*/
|
|
13
|
+
export declare function generateRestRoutesAuthenticationAudit(baseRouteName: string, componentName: string): IRestRoute[];
|
|
14
|
+
/**
|
|
15
|
+
* Create an authentication audit entry.
|
|
16
|
+
* @param httpRequestContext The request context for the API.
|
|
17
|
+
* @param componentName The name of the component to use in the routes.
|
|
18
|
+
* @param request The request.
|
|
19
|
+
* @returns The response object with additional http response properties.
|
|
20
|
+
*/
|
|
21
|
+
export declare function authenticationAuditCreate(httpRequestContext: IHttpRequestContext, componentName: string, request: IAuditCreateRequest): Promise<ICreatedResponse>;
|
|
22
|
+
/**
|
|
23
|
+
* Query authentication audit entries.
|
|
24
|
+
* @param httpRequestContext The request context for the API.
|
|
25
|
+
* @param componentName The name of the component to use in the routes.
|
|
26
|
+
* @param request The request.
|
|
27
|
+
* @returns The response object with additional http response properties.
|
|
28
|
+
*/
|
|
29
|
+
export declare function authenticationAuditQuery(httpRequestContext: IHttpRequestContext, componentName: string, request: IAuditQueryRequest): Promise<IAuditQueryResponse>;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { IAuthenticationAdminComponent } from "@twin.org/api-auth-entity-storage-models";
|
|
1
|
+
import type { IAuthenticationAdminComponent, IAuthenticationUser } from "@twin.org/api-auth-entity-storage-models";
|
|
2
2
|
import type { IEntityStorageAuthenticationAdminServiceConstructorOptions } from "../models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js";
|
|
3
3
|
/**
|
|
4
4
|
* Implementation of the authentication component using entity storage.
|
|
@@ -20,17 +20,34 @@ export declare class EntityStorageAuthenticationAdminService implements IAuthent
|
|
|
20
20
|
className(): string;
|
|
21
21
|
/**
|
|
22
22
|
* Create a login for the user.
|
|
23
|
-
* @param
|
|
24
|
-
* @
|
|
25
|
-
* @param userIdentity The DID to associate with the account.
|
|
26
|
-
* @param organizationIdentity The organization of the user.
|
|
27
|
-
* @returns Nothing.
|
|
23
|
+
* @param user The user to create.
|
|
24
|
+
* @returns A promise that resolves when the user account has been created and the audit entry recorded.
|
|
28
25
|
*/
|
|
29
|
-
create(
|
|
26
|
+
create(user: IAuthenticationUser & {
|
|
27
|
+
password: string;
|
|
28
|
+
}): Promise<void>;
|
|
29
|
+
/**
|
|
30
|
+
* Update a login for the user.
|
|
31
|
+
* @param user The user to update.
|
|
32
|
+
* @returns A promise that resolves when the user account has been updated and the audit entry recorded.
|
|
33
|
+
*/
|
|
34
|
+
update(user: Partial<IAuthenticationUser>): Promise<void>;
|
|
35
|
+
/**
|
|
36
|
+
* Get a user by email.
|
|
37
|
+
* @param email The email address of the user to get.
|
|
38
|
+
* @returns The user details.
|
|
39
|
+
*/
|
|
40
|
+
get(email: string): Promise<IAuthenticationUser>;
|
|
41
|
+
/**
|
|
42
|
+
* Get a user by identity.
|
|
43
|
+
* @param identity The identity of the user to get.
|
|
44
|
+
* @returns The user details.
|
|
45
|
+
*/
|
|
46
|
+
getByIdentity(identity: string): Promise<IAuthenticationUser>;
|
|
30
47
|
/**
|
|
31
48
|
* Remove the current user.
|
|
32
49
|
* @param email The email address of the user to remove.
|
|
33
|
-
* @returns
|
|
50
|
+
* @returns A promise that resolves when the user account has been removed and the audit entry recorded.
|
|
34
51
|
*/
|
|
35
52
|
remove(email: string): Promise<void>;
|
|
36
53
|
/**
|
|
@@ -38,7 +55,7 @@ export declare class EntityStorageAuthenticationAdminService implements IAuthent
|
|
|
38
55
|
* @param email The email address of the user to update.
|
|
39
56
|
* @param newPassword The new password for the user.
|
|
40
57
|
* @param currentPassword The current password, optional, if supplied will check against existing.
|
|
41
|
-
* @returns
|
|
58
|
+
* @returns A promise that resolves when the password has been updated.
|
|
42
59
|
*/
|
|
43
60
|
updatePassword(email: string, newPassword: string, currentPassword?: string): Promise<void>;
|
|
44
61
|
}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
import type { AuthAuditEvent, IAuthenticationAuditComponent, IAuthenticationAuditEntry } from "@twin.org/api-auth-entity-storage-models";
|
|
2
|
+
import type { IEntityStorageAuthenticationAuditServiceConstructorOptions } from "../models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js";
|
|
3
|
+
/**
|
|
4
|
+
* Implementation of the authentication audit component using entity storage.
|
|
5
|
+
*/
|
|
6
|
+
export declare class EntityStorageAuthenticationAuditService implements IAuthenticationAuditComponent {
|
|
7
|
+
/**
|
|
8
|
+
* Runtime name for the class.
|
|
9
|
+
*/
|
|
10
|
+
static readonly CLASS_NAME: string;
|
|
11
|
+
/**
|
|
12
|
+
* Create a new instance of EntityStorageAuthenticationAuditService.
|
|
13
|
+
* @param options The dependencies for the identity connector.
|
|
14
|
+
*/
|
|
15
|
+
constructor(options?: IEntityStorageAuthenticationAuditServiceConstructorOptions);
|
|
16
|
+
/**
|
|
17
|
+
* Returns the class name of the component.
|
|
18
|
+
* @returns The class name of the component.
|
|
19
|
+
*/
|
|
20
|
+
className(): string;
|
|
21
|
+
/**
|
|
22
|
+
* Create a new audit entry.
|
|
23
|
+
* @param entry The audit entry to be logged.
|
|
24
|
+
* @returns The unique identifier of the created audit entry.
|
|
25
|
+
*/
|
|
26
|
+
create(entry: Omit<IAuthenticationAuditEntry, "id" | "dateCreated">): Promise<string>;
|
|
27
|
+
/**
|
|
28
|
+
* Query the audit entries.
|
|
29
|
+
* @param options The query options.
|
|
30
|
+
* @param options.actorId The actor identifier to filter the audit entries, optional.
|
|
31
|
+
* @param options.organizationId The organization identifier to filter the audit entries, optional.
|
|
32
|
+
* @param options.tenantId The tenant identifier to filter the audit entries, optional.
|
|
33
|
+
* @param options.nodeId The node identifier to filter the audit entries, optional.
|
|
34
|
+
* @param options.event The audit event to filter the audit entries, optional.
|
|
35
|
+
* @param options.startDate The start date to filter the audit entries, optional.
|
|
36
|
+
* @param options.endDate The end date to filter the audit entries, optional.
|
|
37
|
+
* @param cursor The cursor for pagination.
|
|
38
|
+
* @param limit The maximum number of entries to return.
|
|
39
|
+
* @returns The audit entries.
|
|
40
|
+
*/
|
|
41
|
+
query(options?: {
|
|
42
|
+
actorId?: string;
|
|
43
|
+
organizationId?: string;
|
|
44
|
+
tenantId?: string;
|
|
45
|
+
nodeId?: string;
|
|
46
|
+
event?: AuthAuditEvent | string;
|
|
47
|
+
startDate?: string;
|
|
48
|
+
endDate?: string;
|
|
49
|
+
}, cursor?: string, limit?: number): Promise<{
|
|
50
|
+
entries: IAuthenticationAuditEntry[];
|
|
51
|
+
cursor?: string;
|
|
52
|
+
}>;
|
|
53
|
+
}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
import type { IAuthenticationRateActionConfig, IAuthenticationRateComponent } from "@twin.org/api-auth-entity-storage-models";
|
|
2
|
+
import type { IEntityStorageAuthenticationRateServiceConstructorOptions } from "../models/IEntityStorageAuthenticationRateServiceConstructorOptions.js";
|
|
3
|
+
/**
|
|
4
|
+
* Implementation of the authentication rate component using entity storage.
|
|
5
|
+
*/
|
|
6
|
+
export declare class EntityStorageAuthenticationRateService implements IAuthenticationRateComponent {
|
|
7
|
+
/**
|
|
8
|
+
* Runtime name for the class.
|
|
9
|
+
*/
|
|
10
|
+
static readonly CLASS_NAME: string;
|
|
11
|
+
/**
|
|
12
|
+
* Create a new instance of EntityStorageAuthenticationRateService.
|
|
13
|
+
* @param options The constructor options.
|
|
14
|
+
*/
|
|
15
|
+
constructor(options?: IEntityStorageAuthenticationRateServiceConstructorOptions);
|
|
16
|
+
/**
|
|
17
|
+
* Register or update rate-limit configuration for an action.
|
|
18
|
+
* @param action The action name.
|
|
19
|
+
* @param config The action configuration.
|
|
20
|
+
* @returns A promise that resolves when the action configuration has been stored.
|
|
21
|
+
*/
|
|
22
|
+
registerAction(action: string, config: IAuthenticationRateActionConfig): Promise<void>;
|
|
23
|
+
/**
|
|
24
|
+
* Unregister rate-limit configuration for an action.
|
|
25
|
+
* @param action The action name.
|
|
26
|
+
* @returns A promise that resolves when the action configuration has been removed.
|
|
27
|
+
*/
|
|
28
|
+
unregisterAction(action: string): Promise<void>;
|
|
29
|
+
/**
|
|
30
|
+
* Returns the class name of the component.
|
|
31
|
+
* @returns The class name of the component.
|
|
32
|
+
*/
|
|
33
|
+
className(): string;
|
|
34
|
+
/**
|
|
35
|
+
* The service needs to be started when the application is initialized.
|
|
36
|
+
* @param nodeLoggingComponentType The node logging component type.
|
|
37
|
+
* @returns A promise that resolves when the periodic cleanup task has been registered.
|
|
38
|
+
*/
|
|
39
|
+
start(nodeLoggingComponentType?: string): Promise<void>;
|
|
40
|
+
/**
|
|
41
|
+
* The component needs to be stopped when the node is closed.
|
|
42
|
+
* @param nodeLoggingComponentType The node logging component type.
|
|
43
|
+
* @returns A promise that resolves when the periodic cleanup task has been removed.
|
|
44
|
+
*/
|
|
45
|
+
stop(nodeLoggingComponentType?: string): Promise<void>;
|
|
46
|
+
/**
|
|
47
|
+
* Check the authentication rate for a given action and identifier.
|
|
48
|
+
* @param action The action to be checked.
|
|
49
|
+
* @param identifier The identifier to be checked.
|
|
50
|
+
* @returns The rate entry id.
|
|
51
|
+
*/
|
|
52
|
+
check(action: string, identifier: string): Promise<string>;
|
|
53
|
+
/**
|
|
54
|
+
* Clear the authentication rate entry for the given action and identifier.
|
|
55
|
+
* @param action The action to clear.
|
|
56
|
+
* @param identifier The identifier to clear.
|
|
57
|
+
* @returns A promise that resolves when the rate entry has been removed.
|
|
58
|
+
*/
|
|
59
|
+
clear(action: string, identifier: string): Promise<void>;
|
|
60
|
+
}
|