npm - @webiny/api-core - Versions diffs - 0.0.0-unstable.61c048f412 - Mend

@webiny/api-core 0.0.0-unstable.61c048f412

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1214) hide show

package/graphql/users/user.gql.js ADDED Viewed

@@ -0,0 +1,185 @@
+import { ErrorResponse, ListErrorResponse, ListResponse, NotFoundResponse, Response } from "@webiny/handler-graphql/responses.js";
+import { GraphQLSchemaPlugin } from "@webiny/handler-graphql/plugins/GraphQLSchemaPlugin.js";
+import { GetUserUseCase } from "../../features/users/GetUser/index.js";
+import NotAuthorizedResponse from "../security/NotAuthorizedResponse.js";
+import { ListUsersUseCase } from "../../features/users/ListUsers/index.js";
+const emptyResolver = () => ({});
+export const createUsersGraphQL = () => {
+  return [new GraphQLSchemaPlugin({
+    typeDefs: /* GraphQL */`
+                type AdminUsersQuery {
+                    _empty: String
+                }
+                type AdminUsersMutation {
+                    _empty: String
+                }
+                extend type Query {
+                    adminUsers: AdminUsersQuery
+                }
+                extend type Mutation {
+                    adminUsers: AdminUsersMutation
+                }
+                type AdminUsersCreatedBy {
+                    id: ID
+                    displayName: String
+                }
+                type AdminUsersError {
+                    code: String
+                    message: String
+                    data: JSON
+                    stack: String
+                }
+                type AdminUsersBooleanResponse {
+                    data: Boolean
+                    error: AdminUsersError
+                }
+            `,
+    resolvers: {
+      Query: {
+        adminUsers: emptyResolver
+      },
+      Mutation: {
+        adminUsers: emptyResolver
+      }
+    }
+  }), new GraphQLSchemaPlugin({
+    typeDefs: /* GraphQL */`
+                type AdminUser {
+                    id: ID!
+                    displayName: String!
+                    email: String!
+                    roles: [SecurityRole]
+                    firstName: String
+                    lastName: String
+                    avatar: JSON
+                    external: Boolean
+                    createdOn: DateTime
+                }
+                type AdminUsersResponse {
+                    data: AdminUser
+                    error: AdminUsersError
+                }
+                type AdminUsersListResponse {
+                    data: [AdminUser]
+                    error: AdminUsersError
+                }
+                input AdminUsersGetUserWhereInput {
+                    id: ID
+                    email: String
+                }
+                extend type AdminUsersQuery {
+                    getUser(where: AdminUsersGetUserWhereInput): AdminUsersResponse
+                    getCurrentUser: AdminUsersResponse
+                    listUsers: AdminUsersListResponse
+                }
+            `,
+    resolvers: {
+      AdminUser: {
+        roles(user, _, context) {
+          if (!user.roles) {
+            return null;
+          }
+          return context.security.listRoles({
+            where: {
+              id_in: user.roles
+            }
+          });
+        }
+      },
+      AdminUsersQuery: {
+        getUser: async (_, {
+          where
+        }, context) => {
+          const getUser = context.container.resolve(GetUserUseCase);
+          const userResult = await getUser.execute({
+            id: where.id,
+            email: where.email
+          });
+          if (userResult.isFail()) {
+            const error = userResult.error;
+            if (error.code === "AdminUser/NotFound") {
+              return new NotFoundResponse(`User "${JSON.stringify(where)}" was not found!`);
+            }
+            return new ErrorResponse({
+              message: error.message,
+              code: error.code,
+              data: error.data
+            });
+          }
+          return new Response(userResult.value);
+        },
+        getCurrentUser: async (_, __, context) => {
+          const identity = context.security.getIdentity();
+          if (!identity.isAdmin()) {
+            throw new NotAuthorizedResponse();
+          }
+          // Current user might not have permissions to execute `getUser` (this method can load any user in the system),
+          // but loading your own user record should be allowed. For that reason, let's temporarily disable authorization.
+          const getUser = context.container.resolve(GetUserUseCase);
+          const userResponse = await context.security.withoutAuthorization(async () => {
+            // Get user record using the identity ID.
+            return await getUser.execute({
+              id: identity.id
+            });
+          });
+          if (userResponse.isFail()) {
+            const error = userResponse.error;
+            if (error.code === "AdminUser/NotFound") {
+              return new NotFoundResponse(`User with ID ${identity.id} was not found!`);
+            }
+            return new ErrorResponse({
+              message: error.message,
+              code: error.code,
+              data: error.data
+            });
+          }
+          return new Response(userResponse.value);
+        },
+        listUsers: async (_, __, context) => {
+          const listUsers = context.container.resolve(ListUsersUseCase);
+          const users = await listUsers.execute();
+          if (users.isFail()) {
+            return new ListErrorResponse(users.error);
+          }
+          return new ListResponse(users.value);
+        }
+      }
+    }
+  }), new GraphQLSchemaPlugin({
+    typeDefs: /* GraphQL */`
+                extend type AdminUser {
+                    teams: [SecurityTeam]
+                }
+            `,
+    resolvers: {
+      AdminUser: {
+        teams(user, _, context) {
+          const hasTeams = Array.isArray(user.teams) && user.teams.length > 0;
+          if (!hasTeams) {
+            return [];
+          }
+          return context.security.listTeams({
+            where: {
+              id_in: user.teams
+            }
+          });
+        }
+      }
+    }
+  })].filter(Boolean);
+};
+//# sourceMappingURL=user.gql.js.map

package/graphql/users/user.gql.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["ErrorResponse","ListErrorResponse","ListResponse","NotFoundResponse","Response","GraphQLSchemaPlugin","GetUserUseCase","NotAuthorizedResponse","ListUsersUseCase","emptyResolver","createUsersGraphQL","typeDefs","resolvers","Query","adminUsers","Mutation","AdminUser","roles","user","_","context","security","listRoles","where","id_in","AdminUsersQuery","getUser","container","resolve","userResult","execute","id","email","isFail","error","code","JSON","stringify","message","data","value","getCurrentUser","__","identity","getIdentity","isAdmin","userResponse","withoutAuthorization","listUsers","users","teams","hasTeams","Array","isArray","length","listTeams","filter","Boolean"],"sources":["user.gql.ts"],"sourcesContent":["import {\n ErrorResponse,\n ListErrorResponse,\n ListResponse,\n NotFoundResponse,\n Response\n} from \"@webiny/handler-graphql/responses.js\";\nimport { GraphQLSchemaPlugin } from \"@webiny/handler-graphql/plugins/GraphQLSchemaPlugin.js\";\nimport type { ApiCoreContext } from \"~/types/core.js\";\nimport { AdminUser } from \"~/types/users.js\";\nimport { GetUserUseCase } from \"~/features/users/GetUser/index.js\";\nimport NotAuthorizedResponse from \"~/graphql/security/NotAuthorizedResponse.js\";\nimport { ListUsersUseCase } from \"~/features/users/ListUsers/index.js\";\n\nconst emptyResolver = () => ({});\n\nexport const createUsersGraphQL = () => {\n return [\n new GraphQLSchemaPlugin<ApiCoreContext>({\n typeDefs: /* GraphQL */ `\n type AdminUsersQuery {\n _empty: String\n }\n\n type AdminUsersMutation {\n _empty: String\n }\n\n extend type Query {\n adminUsers: AdminUsersQuery\n }\n\n extend type Mutation {\n adminUsers: AdminUsersMutation\n }\n\n type AdminUsersCreatedBy {\n id: ID\n displayName: String\n }\n\n type AdminUsersError {\n code: String\n message: String\n data: JSON\n stack: String\n }\n\n type AdminUsersBooleanResponse {\n data: Boolean\n error: AdminUsersError\n }\n `,\n resolvers: {\n Query: {\n adminUsers: emptyResolver\n },\n Mutation: {\n adminUsers: emptyResolver\n }\n }\n }),\n new GraphQLSchemaPlugin<ApiCoreContext>({\n typeDefs: /* GraphQL */ `\n type AdminUser {\n id: ID!\n displayName: String!\n email: String!\n\n roles: [SecurityRole]\n firstName: String\n lastName: String\n avatar: JSON\n external: Boolean\n createdOn: DateTime\n }\n\n type AdminUsersResponse {\n data: AdminUser\n error: AdminUsersError\n }\n\n type AdminUsersListResponse {\n data: [AdminUser]\n error: AdminUsersError\n }\n\n input AdminUsersGetUserWhereInput {\n id: ID\n email: String\n }\n\n extend type AdminUsersQuery {\n getUser(where: AdminUsersGetUserWhereInput): AdminUsersResponse\n getCurrentUser: AdminUsersResponse\n listUsers: AdminUsersListResponse\n }\n `,\n resolvers: {\n AdminUser: {\n roles(user: AdminUser, _, context) {\n if (!user.roles) {\n return null;\n }\n\n return context.security.listRoles({ where: { id_in: user.roles } });\n }\n },\n AdminUsersQuery: {\n getUser: async (_, { where }: any, context) => {\n const getUser = context.container.resolve(GetUserUseCase);\n\n const userResult = await getUser.execute({\n id: where.id,\n email: where.email\n });\n\n if (userResult.isFail()) {\n const error = userResult.error;\n if (error.code === \"AdminUser/NotFound\") {\n return new NotFoundResponse(\n `User \"${JSON.stringify(where)}\" was not found!`\n );\n }\n\n return new ErrorResponse({\n message: error.message,\n code: error.code,\n data: error.data\n });\n }\n\n return new Response(userResult.value);\n },\n getCurrentUser: async (_, __, context) => {\n const identity = context.security.getIdentity();\n\n if (!identity.isAdmin()) {\n throw new NotAuthorizedResponse();\n }\n\n // Current user might not have permissions to execute `getUser` (this method can load any user in the system),\n // but loading your own user record should be allowed. For that reason, let's temporarily disable authorization.\n\n const getUser = context.container.resolve(GetUserUseCase);\n\n const userResponse = await context.security.withoutAuthorization(\n async () => {\n // Get user record using the identity ID.\n return await getUser.execute({ id: identity.id });\n }\n );\n\n if (userResponse.isFail()) {\n const error = userResponse.error;\n if (error.code === \"AdminUser/NotFound\") {\n return new NotFoundResponse(\n `User with ID ${identity.id} was not found!`\n );\n }\n\n return new ErrorResponse({\n message: error.message,\n code: error.code,\n data: error.data\n });\n }\n\n return new Response(userResponse.value);\n },\n listUsers: async (_, __, context) => {\n const listUsers = context.container.resolve(ListUsersUseCase);\n const users = await listUsers.execute();\n\n if (users.isFail()) {\n return new ListErrorResponse(users.error);\n }\n\n return new ListResponse(users.value);\n }\n }\n }\n }),\n new GraphQLSchemaPlugin<ApiCoreContext>({\n typeDefs: /* GraphQL */ `\n extend type AdminUser {\n teams: [SecurityTeam]\n }\n `,\n resolvers: {\n AdminUser: {\n teams(user: AdminUser, _, context) {\n const hasTeams = Array.isArray(user.teams) && user.teams.length > 0;\n if (!hasTeams) {\n return [];\n }\n\n return context.security.listTeams({ where: { id_in: user.teams } });\n }\n }\n }\n })\n ].filter(Boolean);\n};\n"],"mappings":"AAAA,SACIA,aAAa,EACbC,iBAAiB,EACjBC,YAAY,EACZC,gBAAgB,EAChBC,QAAQ,QACL,sCAAsC;AAC7C,SAASC,mBAAmB,QAAQ,wDAAwD;AAG5F,SAASC,cAAc;AACvB,OAAOC,qBAAqB;AAC5B,SAASC,gBAAgB;AAEzB,MAAMC,aAAa,GAAGA,CAAA,MAAO,CAAC,CAAC,CAAC;AAEhC,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,OAAO,CACH,IAAIL,mBAAmB,CAAiB;IACpCM,QAAQ,EAAE,aAAc;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;IACDC,SAAS,EAAE;MACPC,KAAK,EAAE;QACHC,UAAU,EAAEL;MAChB,CAAC;MACDM,QAAQ,EAAE;QACND,UAAU,EAAEL;MAChB;IACJ;EACJ,CAAC,CAAC,EACF,IAAIJ,mBAAmB,CAAiB;IACpCM,QAAQ,EAAE,aAAc;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;IACDC,SAAS,EAAE;MACPI,SAAS,EAAE;QACPC,KAAKA,CAACC,IAAe,EAAEC,CAAC,EAAEC,OAAO,EAAE;UAC/B,IAAI,CAACF,IAAI,CAACD,KAAK,EAAE;YACb,OAAO,IAAI;UACf;UAEA,OAAOG,OAAO,CAACC,QAAQ,CAACC,SAAS,CAAC;YAAEC,KAAK,EAAE;cAAEC,KAAK,EAAEN,IAAI,CAACD;YAAM;UAAE,CAAC,CAAC;QACvE;MACJ,CAAC;MACDQ,eAAe,EAAE;QACbC,OAAO,EAAE,MAAAA,CAAOP,CAAC,EAAE;UAAEI;QAAW,CAAC,EAAEH,OAAO,KAAK;UAC3C,MAAMM,OAAO,GAAGN,OAAO,CAACO,SAAS,CAACC,OAAO,CAACtB,cAAc,CAAC;UAEzD,MAAMuB,UAAU,GAAG,MAAMH,OAAO,CAACI,OAAO,CAAC;YACrCC,EAAE,EAAER,KAAK,CAACQ,EAAE;YACZC,KAAK,EAAET,KAAK,CAACS;UACjB,CAAC,CAAC;UAEF,IAAIH,UAAU,CAACI,MAAM,CAAC,CAAC,EAAE;YACrB,MAAMC,KAAK,GAAGL,UAAU,CAACK,KAAK;YAC9B,IAAIA,KAAK,CAACC,IAAI,KAAK,oBAAoB,EAAE;cACrC,OAAO,IAAIhC,gBAAgB,CACvB,SAASiC,IAAI,CAACC,SAAS,CAACd,KAAK,CAAC,kBAClC,CAAC;YACL;YAEA,OAAO,IAAIvB,aAAa,CAAC;cACrBsC,OAAO,EAAEJ,KAAK,CAACI,OAAO;cACtBH,IAAI,EAAED,KAAK,CAACC,IAAI;cAChBI,IAAI,EAAEL,KAAK,CAACK;YAChB,CAAC,CAAC;UACN;UAEA,OAAO,IAAInC,QAAQ,CAACyB,UAAU,CAACW,KAAK,CAAC;QACzC,CAAC;QACDC,cAAc,EAAE,MAAAA,CAAOtB,CAAC,EAAEuB,EAAE,EAAEtB,OAAO,KAAK;UACtC,MAAMuB,QAAQ,GAAGvB,OAAO,CAACC,QAAQ,CAACuB,WAAW,CAAC,CAAC;UAE/C,IAAI,CAACD,QAAQ,CAACE,OAAO,CAAC,CAAC,EAAE;YACrB,MAAM,IAAItC,qBAAqB,CAAC,CAAC;UACrC;;UAEA;UACA;;UAEA,MAAMmB,OAAO,GAAGN,OAAO,CAACO,SAAS,CAACC,OAAO,CAACtB,cAAc,CAAC;UAEzD,MAAMwC,YAAY,GAAG,MAAM1B,OAAO,CAACC,QAAQ,CAAC0B,oBAAoB,CAC5D,YAAY;YACR;YACA,OAAO,MAAMrB,OAAO,CAACI,OAAO,CAAC;cAAEC,EAAE,EAAEY,QAAQ,CAACZ;YAAG,CAAC,CAAC;UACrD,CACJ,CAAC;UAED,IAAIe,YAAY,CAACb,MAAM,CAAC,CAAC,EAAE;YACvB,MAAMC,KAAK,GAAGY,YAAY,CAACZ,KAAK;YAChC,IAAIA,KAAK,CAACC,IAAI,KAAK,oBAAoB,EAAE;cACrC,OAAO,IAAIhC,gBAAgB,CACvB,gBAAgBwC,QAAQ,CAACZ,EAAE,iBAC/B,CAAC;YACL;YAEA,OAAO,IAAI/B,aAAa,CAAC;cACrBsC,OAAO,EAAEJ,KAAK,CAACI,OAAO;cACtBH,IAAI,EAAED,KAAK,CAACC,IAAI;cAChBI,IAAI,EAAEL,KAAK,CAACK;YAChB,CAAC,CAAC;UACN;UAEA,OAAO,IAAInC,QAAQ,CAAC0C,YAAY,CAACN,KAAK,CAAC;QAC3C,CAAC;QACDQ,SAAS,EAAE,MAAAA,CAAO7B,CAAC,EAAEuB,EAAE,EAAEtB,OAAO,KAAK;UACjC,MAAM4B,SAAS,GAAG5B,OAAO,CAACO,SAAS,CAACC,OAAO,CAACpB,gBAAgB,CAAC;UAC7D,MAAMyC,KAAK,GAAG,MAAMD,SAAS,CAAClB,OAAO,CAAC,CAAC;UAEvC,IAAImB,KAAK,CAAChB,MAAM,CAAC,CAAC,EAAE;YAChB,OAAO,IAAIhC,iBAAiB,CAACgD,KAAK,CAACf,KAAK,CAAC;UAC7C;UAEA,OAAO,IAAIhC,YAAY,CAAC+C,KAAK,CAACT,KAAK,CAAC;QACxC;MACJ;IACJ;EACJ,CAAC,CAAC,EACF,IAAInC,mBAAmB,CAAiB;IACpCM,QAAQ,EAAE,aAAc;AACpC;AACA;AACA;AACA,aAAa;IACDC,SAAS,EAAE;MACPI,SAAS,EAAE;QACPkC,KAAKA,CAAChC,IAAe,EAAEC,CAAC,EAAEC,OAAO,EAAE;UAC/B,MAAM+B,QAAQ,GAAGC,KAAK,CAACC,OAAO,CAACnC,IAAI,CAACgC,KAAK,CAAC,IAAIhC,IAAI,CAACgC,KAAK,CAACI,MAAM,GAAG,CAAC;UACnE,IAAI,CAACH,QAAQ,EAAE;YACX,OAAO,EAAE;UACb;UAEA,OAAO/B,OAAO,CAACC,QAAQ,CAACkC,SAAS,CAAC;YAAEhC,KAAK,EAAE;cAAEC,KAAK,EAAEN,IAAI,CAACgC;YAAM;UAAE,CAAC,CAAC;QACvE;MACJ;IACJ;EACJ,CAAC,CAAC,CACL,CAACM,MAAM,CAACC,OAAO,CAAC;AACrB,CAAC","ignoreList":[]}

package/graphql/wcp/graphql.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { GraphQLSchemaPlugin } from "@webiny/handler-graphql/plugins/index.js";
2	+ export declare const createWcpGraphQL: () => GraphQLSchemaPlugin<import("@webiny/api/types").Context>;

package/graphql/wcp/graphql.js ADDED Viewed

@@ -0,0 +1,88 @@
+import { GraphQLSchemaPlugin } from "@webiny/handler-graphql/plugins/index.js";
+import { ErrorResponse, Response } from "@webiny/handler-graphql/responses.js";
+import { WcpContext } from "../../features/wcp/WcpContext/index.js";
+const emptyResolver = () => ({});
+export const createWcpGraphQL = () => {
+  return new GraphQLSchemaPlugin({
+    typeDefs: /* GraphQL */`
+            type WcpProjectPackageFeaturesFeature {
+                enabled: Boolean
+                options: JSON
+            }
+            type WcpProjectPackageFeatures {
+                seats: WcpProjectPackageFeaturesFeature
+                multiTenancy: WcpProjectPackageFeaturesFeature
+                advancedPublishingWorkflow: WcpProjectPackageFeaturesFeature
+                advancedAccessControlLayer: WcpProjectPackageFeaturesFeature
+                auditLogs: WcpProjectPackageFeaturesFeature
+                recordLocking: WcpProjectPackageFeaturesFeature
+                fileManager: WcpProjectPackageFeaturesFeature
+            }
+            type WcpProjectPackage {
+                features: WcpProjectPackageFeatures
+            }
+            type WcpProject {
+                orgId: ID
+                projectId: ID
+                package: WcpProjectPackage
+            }
+            type WcpError {
+                code: String
+                message: String
+                data: JSON
+                stack: String
+            }
+            type WcpProjectResponse {
+                data: WcpProject
+                error: WcpError
+            }
+            type WcpQuery {
+                getProject: WcpProjectResponse
+            }
+            type WcpMutation {
+                updateProject: WcpProjectResponse
+            }
+            extend type Query {
+                wcp: WcpQuery
+            }
+            extend type Mutation {
+                wcp: WcpMutation
+            }
+        `,
+    resolvers: {
+      Query: {
+        wcp: emptyResolver
+      },
+      WcpQuery: {
+        getProject: async (_, __, context) => {
+          try {
+            const wcpContext = context.container.resolve(WcpContext);
+            const project = wcpContext.getProject();
+            if (!project) {
+              throw Error(`Could not get project!`);
+            }
+            return new Response(project);
+          } catch (e) {
+            return new ErrorResponse({
+              code: "COULD_NOT_GET_PROJECT",
+              message: e.message,
+              data: null,
+              stack: e.stack
+            });
+          }
+        }
+      }
+    }
+  });
+};
+//# sourceMappingURL=graphql.js.map

package/graphql/wcp/graphql.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["GraphQLSchemaPlugin","ErrorResponse","Response","WcpContext","emptyResolver","createWcpGraphQL","typeDefs","resolvers","Query","wcp","WcpQuery","getProject","_","__","context","wcpContext","container","resolve","project","Error","e","code","message","data","stack"],"sources":["graphql.ts"],"sourcesContent":["import { GraphQLSchemaPlugin } from \"@webiny/handler-graphql/plugins/index.js\";\nimport { ErrorResponse, Response } from \"@webiny/handler-graphql/responses.js\";\nimport { WcpContext } from \"~/features/wcp/WcpContext/index.js\";\n\nconst emptyResolver = () => ({});\n\nexport const createWcpGraphQL = () => {\n return new GraphQLSchemaPlugin({\n typeDefs: /* GraphQL */ `\n type WcpProjectPackageFeaturesFeature {\n enabled: Boolean\n options: JSON\n }\n\n type WcpProjectPackageFeatures {\n seats: WcpProjectPackageFeaturesFeature\n multiTenancy: WcpProjectPackageFeaturesFeature\n advancedPublishingWorkflow: WcpProjectPackageFeaturesFeature\n advancedAccessControlLayer: WcpProjectPackageFeaturesFeature\n auditLogs: WcpProjectPackageFeaturesFeature\n recordLocking: WcpProjectPackageFeaturesFeature\n fileManager: WcpProjectPackageFeaturesFeature\n }\n\n type WcpProjectPackage {\n features: WcpProjectPackageFeatures\n }\n\n type WcpProject {\n orgId: ID\n projectId: ID\n package: WcpProjectPackage\n }\n\n type WcpError {\n code: String\n message: String\n data: JSON\n stack: String\n }\n\n type WcpProjectResponse {\n data: WcpProject\n error: WcpError\n }\n\n type WcpQuery {\n getProject: WcpProjectResponse\n }\n\n type WcpMutation {\n updateProject: WcpProjectResponse\n }\n\n extend type Query {\n wcp: WcpQuery\n }\n\n extend type Mutation {\n wcp: WcpMutation\n }\n `,\n resolvers: {\n Query: {\n wcp: emptyResolver\n },\n WcpQuery: {\n getProject: async (_, __, context) => {\n try {\n const wcpContext = context.container.resolve(WcpContext);\n const project = wcpContext.getProject();\n\n if (!project) {\n throw Error(`Could not get project!`);\n }\n\n return new Response(project);\n } catch (e) {\n return new ErrorResponse({\n code: \"COULD_NOT_GET_PROJECT\",\n message: e.message,\n data: null,\n stack: e.stack\n });\n }\n }\n }\n }\n });\n};\n"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,0CAA0C;AAC9E,SAASC,aAAa,EAAEC,QAAQ,QAAQ,sCAAsC;AAC9E,SAASC,UAAU;AAEnB,MAAMC,aAAa,GAAGA,CAAA,MAAO,CAAC,CAAC,CAAC;AAEhC,OAAO,MAAMC,gBAAgB,GAAGA,CAAA,KAAM;EAClC,OAAO,IAAIL,mBAAmB,CAAC;IAC3BM,QAAQ,EAAE,aAAc;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;IACDC,SAAS,EAAE;MACPC,KAAK,EAAE;QACHC,GAAG,EAAEL;MACT,CAAC;MACDM,QAAQ,EAAE;QACNC,UAAU,EAAE,MAAAA,CAAOC,CAAC,EAAEC,EAAE,EAAEC,OAAO,KAAK;UAClC,IAAI;YACA,MAAMC,UAAU,GAAGD,OAAO,CAACE,SAAS,CAACC,OAAO,CAACd,UAAU,CAAC;YACxD,MAAMe,OAAO,GAAGH,UAAU,CAACJ,UAAU,CAAC,CAAC;YAEvC,IAAI,CAACO,OAAO,EAAE;cACV,MAAMC,KAAK,CAAC,wBAAwB,CAAC;YACzC;YAEA,OAAO,IAAIjB,QAAQ,CAACgB,OAAO,CAAC;UAChC,CAAC,CAAC,OAAOE,CAAC,EAAE;YACR,OAAO,IAAInB,aAAa,CAAC;cACrBoB,IAAI,EAAE,uBAAuB;cAC7BC,OAAO,EAAEF,CAAC,CAACE,OAAO;cAClBC,IAAI,EAAE,IAAI;cACVC,KAAK,EAAEJ,CAAC,CAACI;YACb,CAAC,CAAC;UACN;QACJ;MACJ;IACJ;EACJ,CAAC,CAAC;AACN,CAAC","ignoreList":[]}

package/idp/JwksCache.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { Jwk } from "../features/security/utils/verifyJwtUsingJwk.js";
+import { JwkCache } from "./abstractions.js";
+export declare class JwksCache implements JwkCache.Interface {
+    private cache;
+    getKeys(issuer: string): Promise<Jwk[]>;
+    clearCache(): void;
+}

package/idp/JwksCache.js ADDED Viewed

@@ -0,0 +1,32 @@
+export class JwksCache {
+  cache = new Map();
+  async getKeys(issuer) {
+    // Check cache first
+    const cached = this.cache.get(issuer);
+    if (cached) {
+      return cached.jwks;
+    }
+    // Fetch OIDC configuration
+    const openidUrl = new URL(issuer);
+    const pathname = openidUrl.pathname + "/.well-known/openid-configuration";
+    openidUrl.pathname = pathname.replace(/\/+/g, "/");
+    const oidcConfig = await fetch(openidUrl.toString()).then(res => res.json());
+    // Fetch JWKs from jwks_uri
+    const jwksResponse = await fetch(oidcConfig.jwks_uri).then(res => res.json());
+    const jwks = jwksResponse.keys;
+    // Cache both config and JWKs
+    this.cache.set(issuer, {
+      oidcConfig,
+      jwks
+    });
+    return jwks;
+  }
+  clearCache() {
+    this.cache.clear();
+  }
+}
+//# sourceMappingURL=JwksCache.js.map

package/idp/JwksCache.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["JwksCache","cache","Map","getKeys","issuer","cached","get","jwks","openidUrl","URL","pathname","replace","oidcConfig","fetch","toString","then","res","json","jwksResponse","jwks_uri","keys","set","clearCache","clear"],"sources":["JwksCache.ts"],"sourcesContent":["import type { Jwk } from \"~/features/security/utils/verifyJwtUsingJwk.js\";\nimport { JwkCache } from \"./abstractions.js\";\n\ninterface OidcConfiguration {\n jwks_uri: string;\n [key: string]: any;\n}\n\ninterface CacheEntry {\n oidcConfig: OidcConfiguration;\n jwks: Jwk[];\n}\n\nexport class JwksCache implements JwkCache.Interface {\n private cache = new Map<string, CacheEntry>();\n\n async getKeys(issuer: string): Promise<Jwk[]> {\n // Check cache first\n const cached = this.cache.get(issuer);\n if (cached) {\n return cached.jwks;\n }\n\n // Fetch OIDC configuration\n const openidUrl = new URL(issuer);\n const pathname = openidUrl.pathname + \"/.well-known/openid-configuration\";\n openidUrl.pathname = pathname.replace(/\\/+/g, \"/\");\n\n const oidcConfig = await fetch(openidUrl.toString()).then(\n res => res.json() as Promise<OidcConfiguration>\n );\n\n // Fetch JWKs from jwks_uri\n const jwksResponse = await fetch(oidcConfig.jwks_uri).then(res => res.json());\n const jwks = jwksResponse.keys as Jwk[];\n\n // Cache both config and JWKs\n this.cache.set(issuer, {\n oidcConfig,\n jwks\n });\n\n return jwks;\n }\n\n clearCache(): void {\n this.cache.clear();\n }\n}\n"],"mappings":"AAaA,OAAO,MAAMA,SAAS,CAA+B;EACzCC,KAAK,GAAG,IAAIC,GAAG,CAAqB,CAAC;EAE7C,MAAMC,OAAOA,CAACC,MAAc,EAAkB;IAC1C;IACA,MAAMC,MAAM,GAAG,IAAI,CAACJ,KAAK,CAACK,GAAG,CAACF,MAAM,CAAC;IACrC,IAAIC,MAAM,EAAE;MACR,OAAOA,MAAM,CAACE,IAAI;IACtB;;IAEA;IACA,MAAMC,SAAS,GAAG,IAAIC,GAAG,CAACL,MAAM,CAAC;IACjC,MAAMM,QAAQ,GAAGF,SAAS,CAACE,QAAQ,GAAG,mCAAmC;IACzEF,SAAS,CAACE,QAAQ,GAAGA,QAAQ,CAACC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;IAElD,MAAMC,UAAU,GAAG,MAAMC,KAAK,CAACL,SAAS,CAACM,QAAQ,CAAC,CAAC,CAAC,CAACC,IAAI,CACrDC,GAAG,IAAIA,GAAG,CAACC,IAAI,CAAC,CACpB,CAAC;;IAED;IACA,MAAMC,YAAY,GAAG,MAAML,KAAK,CAACD,UAAU,CAACO,QAAQ,CAAC,CAACJ,IAAI,CAACC,GAAG,IAAIA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;IAC7E,MAAMV,IAAI,GAAGW,YAAY,CAACE,IAAa;;IAEvC;IACA,IAAI,CAACnB,KAAK,CAACoB,GAAG,CAACjB,MAAM,EAAE;MACnBQ,UAAU;MACVL;IACJ,CAAC,CAAC;IAEF,OAAOA,IAAI;EACf;EAEAe,UAAUA,CAAA,EAAS;IACf,IAAI,CAACrB,KAAK,CAACsB,KAAK,CAAC,CAAC;EACtB;AACJ","ignoreList":[]}

package/idp/JwtAuthenticator.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { Authenticator } from "../features/security/authentication/Authenticator/abstractions.js";
+import { JwtIdentityProvider } from "./abstractions.js";
+import type { IdentityData } from "../features/security/IdentityContext/Identity.js";
+declare class JwtAuthenticatorImpl implements Authenticator.Interface {
+    private providers;
+    constructor(providers: JwtIdentityProvider.Interface[]);
+    authenticate(token: string): Promise<IdentityData | null>;
+}
+export declare const JwtAuthenticator: typeof JwtAuthenticatorImpl & {
+    __abstraction: import("@webiny/di").Abstraction<import("~/features/security/authentication/Authenticator/abstractions.js").IAuthenticator>;
+};
+export {};

package/idp/JwtAuthenticator.js ADDED Viewed

@@ -0,0 +1,58 @@
+import jwt from "jsonwebtoken";
+import { Authenticator } from "../features/security/authentication/Authenticator/abstractions.js";
+import { JwtIdentityProvider } from "./abstractions.js";
+import { isJwt } from "../features/security/utils/isJwt.js";
+class JwtAuthenticatorImpl {
+  constructor(providers) {
+    this.providers = providers;
+  }
+  async authenticate(token) {
+    if (!isJwt(token)) {
+      return null;
+    }
+    // Decode JWT to get payload
+    const decoded = jwt.decode(token, {
+      complete: true
+    });
+    if (!decoded || typeof decoded === "string") {
+      return null;
+    }
+    if (typeof decoded.payload === "string") {
+      return null;
+    }
+    // TODO: validate expiration claim and exit early if expired
+    for (const provider of this.providers) {
+      // Check if provider is applicable
+      if (provider.isApplicable(decoded.payload)) {
+        // Use provider to get identity
+        const identity = await provider.getIdentity(token, decoded);
+        if (identity) {
+          // We treat all IDP identities as external by default.
+          const isExternal = identity.profile?.external ?? true;
+          return {
+            ...identity,
+            type: identity.type ?? "admin",
+            profile: {
+              ...(identity.profile ?? {}),
+              external: isExternal
+            }
+          };
+        }
+      }
+    }
+    // No applicable provider found
+    return null;
+  }
+}
+export const JwtAuthenticator = Authenticator.createImplementation({
+  implementation: JwtAuthenticatorImpl,
+  dependencies: [[JwtIdentityProvider, {
+    multiple: true
+  }]]
+});
+//# sourceMappingURL=JwtAuthenticator.js.map

package/idp/JwtAuthenticator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["jwt","Authenticator","JwtIdentityProvider","isJwt","JwtAuthenticatorImpl","constructor","providers","authenticate","token","decoded","decode","complete","payload","provider","isApplicable","identity","getIdentity","isExternal","profile","external","type","JwtAuthenticator","createImplementation","implementation","dependencies","multiple"],"sources":["JwtAuthenticator.ts"],"sourcesContent":["import jwt from \"jsonwebtoken\";\nimport { Authenticator } from \"~/features/security/authentication/Authenticator/abstractions.js\";\nimport { IdentityProvider, JwtIdentityProvider } from \"./abstractions.js\";\nimport { isJwt } from \"~/features/security/utils/isJwt.js\";\nimport type { IdentityData } from \"~/features/security/IdentityContext/Identity.js\";\n\nclass JwtAuthenticatorImpl implements Authenticator.Interface {\n constructor(private providers: JwtIdentityProvider.Interface[]) {}\n\n async authenticate(token: string): Promise<IdentityData | null> {\n if (!isJwt(token)) {\n return null;\n }\n\n // Decode JWT to get payload\n const decoded = jwt.decode(token, { complete: true });\n if (!decoded || typeof decoded === \"string\") {\n return null;\n }\n\n if (typeof decoded.payload === \"string\") {\n return null;\n }\n\n // TODO: validate expiration claim and exit early if expired\n\n for (const provider of this.providers) {\n // Check if provider is applicable\n if (provider.isApplicable(decoded.payload as IdentityProvider.JwtPayload)) {\n // Use provider to get identity\n const identity = await provider.getIdentity(\n token,\n decoded as JwtIdentityProvider.Jwt\n );\n\n if (identity) {\n // We treat all IDP identities as external by default.\n const isExternal = identity.profile?.external ?? true;\n return {\n ...identity,\n type: identity.type ?? \"admin\",\n profile: {\n ...(identity.profile ?? {}),\n external: isExternal\n }\n };\n }\n }\n }\n\n // No applicable provider found\n return null;\n }\n}\n\nexport const JwtAuthenticator = Authenticator.createImplementation({\n implementation: JwtAuthenticatorImpl,\n dependencies: [[JwtIdentityProvider, { multiple: true }]]\n});\n"],"mappings":"AAAA,OAAOA,GAAG,MAAM,cAAc;AAC9B,SAASC,aAAa;AACtB,SAA2BC,mBAAmB;AAC9C,SAASC,KAAK;AAGd,MAAMC,oBAAoB,CAAoC;EAC1DC,WAAWA,CAASC,SAA0C,EAAE;IAAA,KAA5CA,SAA0C,GAA1CA,SAA0C;EAAG;EAEjE,MAAMC,YAAYA,CAACC,KAAa,EAAgC;IAC5D,IAAI,CAACL,KAAK,CAACK,KAAK,CAAC,EAAE;MACf,OAAO,IAAI;IACf;;IAEA;IACA,MAAMC,OAAO,GAAGT,GAAG,CAACU,MAAM,CAACF,KAAK,EAAE;MAAEG,QAAQ,EAAE;IAAK,CAAC,CAAC;IACrD,IAAI,CAACF,OAAO,IAAI,OAAOA,OAAO,KAAK,QAAQ,EAAE;MACzC,OAAO,IAAI;IACf;IAEA,IAAI,OAAOA,OAAO,CAACG,OAAO,KAAK,QAAQ,EAAE;MACrC,OAAO,IAAI;IACf;;IAEA;;IAEA,KAAK,MAAMC,QAAQ,IAAI,IAAI,CAACP,SAAS,EAAE;MACnC;MACA,IAAIO,QAAQ,CAACC,YAAY,CAACL,OAAO,CAACG,OAAsC,CAAC,EAAE;QACvE;QACA,MAAMG,QAAQ,GAAG,MAAMF,QAAQ,CAACG,WAAW,CACvCR,KAAK,EACLC,OACJ,CAAC;QAED,IAAIM,QAAQ,EAAE;UACV;UACA,MAAME,UAAU,GAAGF,QAAQ,CAACG,OAAO,EAAEC,QAAQ,IAAI,IAAI;UACrD,OAAO;YACH,GAAGJ,QAAQ;YACXK,IAAI,EAAEL,QAAQ,CAACK,IAAI,IAAI,OAAO;YAC9BF,OAAO,EAAE;cACL,IAAIH,QAAQ,CAACG,OAAO,IAAI,CAAC,CAAC,CAAC;cAC3BC,QAAQ,EAAEF;YACd;UACJ,CAAC;QACL;MACJ;IACJ;;IAEA;IACA,OAAO,IAAI;EACf;AACJ;AAEA,OAAO,MAAMI,gBAAgB,GAAGpB,aAAa,CAACqB,oBAAoB,CAAC;EAC/DC,cAAc,EAAEnB,oBAAoB;EACpCoB,YAAY,EAAE,CAAC,CAACtB,mBAAmB,EAAE;IAAEuB,QAAQ,EAAE;EAAK,CAAC,CAAC;AAC5D,CAAC,CAAC","ignoreList":[]}

package/idp/OidcJwtIdentityProvider.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { IdentityData } from "../features/security/IdentityContext/Identity.js";
+import { JwkCache, JwtIdentityProvider, OidcIdentityProvider } from "./abstractions.js";
+declare class OidcJwtIdentityProviderImpl implements JwtIdentityProvider.Interface {
+    private oidcIdentityProviders;
+    private jwksCache;
+    constructor(oidcIdentityProviders: OidcIdentityProvider.Interface[], jwksCache: JwkCache.Interface);
+    isApplicable(token: JwtIdentityProvider.JwtPayload): boolean;
+    getIdentity(token: string, jwt: JwtIdentityProvider.Jwt): Promise<IdentityData | null>;
+    private getApplicableProvider;
+    private verifyToken;
+}
+export declare const OidcJwtIdentityProvider: typeof OidcJwtIdentityProviderImpl & {
+    __abstraction: import("@webiny/di").Abstraction<import("./abstractions.js").IJwtIdentityProvider>;
+};
+export {};

package/idp/OidcJwtIdentityProvider.js ADDED Viewed

@@ -0,0 +1,90 @@
+import { verifyJwtUsingJwk } from "../features/security/utils/verifyJwtUsingJwk.js";
+import { JwkCache, JwtIdentityProvider, OidcIdentityProvider } from "./abstractions.js";
+class OidcJwtIdentityProviderImpl {
+  constructor(oidcIdentityProviders, jwksCache) {
+    this.oidcIdentityProviders = oidcIdentityProviders;
+    this.jwksCache = jwksCache;
+  }
+  isApplicable(token) {
+    return this.oidcIdentityProviders.some(provider => provider.isApplicable(token));
+  }
+  async getIdentity(token, jwt) {
+    const {
+      header,
+      payload
+    } = jwt;
+    const provider = this.getApplicableProvider(payload);
+    if (!provider) {
+      return null;
+    }
+    const verifiedPayload = await this.verifyToken(provider, token, header);
+    if (!verifiedPayload) {
+      return null;
+    }
+    // Call config.getIdentity to get IdentityData
+    const providerIdentity = await provider.getIdentity(verifiedPayload);
+    const identity = {
+      ...providerIdentity,
+      type: providerIdentity.type ?? "admin"
+    };
+    // Handle default values
+    const context = identity.context ?? {
+      canAccessTenant: true,
+      defaultTenantId: "root"
+    };
+    if (context.canAccessTenant === undefined) {
+      context.canAccessTenant = true;
+    }
+    if (context.defaultTenantId === undefined) {
+      context.defaultTenantId = "root";
+    }
+    identity.context = context;
+    return identity;
+  }
+  getApplicableProvider(payload) {
+    return this.oidcIdentityProviders.find(provider => provider.isApplicable(payload));
+  }
+  async verifyToken(provider, token, header) {
+    // If the implementation specifies a custom verification function, use it.
+    let verifiedPayload;
+    if (typeof provider.verifyToken === "function") {
+      // Use custom verification
+      const result = await provider.verifyToken(token);
+      if (result) {
+        return result;
+      }
+      return null;
+    }
+    // Otherwise, continue with OIDC best practices, using JWKs.
+    // Fetch JWKs from cache
+    const jwks = await this.jwksCache.getKeys(provider.issuer);
+    // Find matching JWK using header.kid
+    const jwk = jwks.find(key => key.kid === header.kid);
+    if (!jwk) {
+      return null;
+    }
+    if (!verifiedPayload) {
+      // Default JWK verification
+      verifiedPayload = await verifyJwtUsingJwk(token, jwk);
+    }
+    // Call verifyTokenClaims if provided
+    if (provider.verifyTokenClaims) {
+      await provider.verifyTokenClaims(verifiedPayload);
+    }
+    return verifiedPayload;
+  }
+}
+export const OidcJwtIdentityProvider = JwtIdentityProvider.createImplementation({
+  implementation: OidcJwtIdentityProviderImpl,
+  dependencies: [[OidcIdentityProvider, {
+    multiple: true
+  }], JwkCache]
+});
+//# sourceMappingURL=OidcJwtIdentityProvider.js.map

package/idp/OidcJwtIdentityProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["verifyJwtUsingJwk","JwkCache","JwtIdentityProvider","OidcIdentityProvider","OidcJwtIdentityProviderImpl","constructor","oidcIdentityProviders","jwksCache","isApplicable","token","some","provider","getIdentity","jwt","header","payload","getApplicableProvider","verifiedPayload","verifyToken","providerIdentity","identity","type","context","canAccessTenant","defaultTenantId","undefined","find","result","jwks","getKeys","issuer","jwk","key","kid","verifyTokenClaims","OidcJwtIdentityProvider","createImplementation","implementation","dependencies","multiple"],"sources":["OidcJwtIdentityProvider.ts"],"sourcesContent":["import { verifyJwtUsingJwk } from \"~/features/security/utils/verifyJwtUsingJwk.js\";\nimport type { IdentityData } from \"~/features/security/IdentityContext/Identity.js\";\nimport { JwkCache, JwtIdentityProvider, OidcIdentityProvider } from \"./abstractions.js\";\n\nclass OidcJwtIdentityProviderImpl implements JwtIdentityProvider.Interface {\n constructor(\n private oidcIdentityProviders: OidcIdentityProvider.Interface[],\n private jwksCache: JwkCache.Interface\n ) {}\n\n isApplicable(token: JwtIdentityProvider.JwtPayload): boolean {\n return this.oidcIdentityProviders.some(provider => provider.isApplicable(token));\n }\n\n async getIdentity(token: string, jwt: JwtIdentityProvider.Jwt): Promise<IdentityData | null> {\n const { header, payload } = jwt;\n\n const provider = this.getApplicableProvider(payload);\n\n if (!provider) {\n return null;\n }\n\n const verifiedPayload = await this.verifyToken(provider, token, header);\n\n if (!verifiedPayload) {\n return null;\n }\n\n // Call config.getIdentity to get IdentityData\n const providerIdentity = await provider.getIdentity(verifiedPayload);\n\n const identity: IdentityData = {\n ...providerIdentity,\n type: providerIdentity.type ?? \"admin\"\n };\n\n // Handle default values\n const context = identity.context ?? { canAccessTenant: true, defaultTenantId: \"root\" };\n if (context.canAccessTenant === undefined) {\n context.canAccessTenant = true;\n }\n if (context.defaultTenantId === undefined) {\n context.defaultTenantId = \"root\";\n }\n\n identity.context = context;\n\n return identity;\n }\n\n private getApplicableProvider(\n payload: JwtIdentityProvider.JwtPayload\n ): OidcIdentityProvider.Interface | undefined {\n return this.oidcIdentityProviders.find(provider => provider.isApplicable(payload));\n }\n\n private async verifyToken(\n provider: OidcIdentityProvider.Interface,\n token: string,\n header: JwtIdentityProvider.JwtHeader\n ) {\n // If the implementation specifies a custom verification function, use it.\n let verifiedPayload: JwtIdentityProvider.JwtPayload | undefined;\n if (typeof provider.verifyToken === \"function\") {\n // Use custom verification\n const result = await provider.verifyToken(token);\n if (result) {\n return result;\n }\n return null;\n }\n\n // Otherwise, continue with OIDC best practices, using JWKs.\n\n // Fetch JWKs from cache\n const jwks = await this.jwksCache.getKeys(provider.issuer);\n\n // Find matching JWK using header.kid\n const jwk = jwks.find(key => key.kid === header.kid);\n if (!jwk) {\n return null;\n }\n\n if (!verifiedPayload) {\n // Default JWK verification\n verifiedPayload = await verifyJwtUsingJwk(token, jwk);\n }\n\n // Call verifyTokenClaims if provided\n if (provider.verifyTokenClaims) {\n await provider.verifyTokenClaims(verifiedPayload);\n }\n\n return verifiedPayload;\n }\n}\n\nexport const OidcJwtIdentityProvider = JwtIdentityProvider.createImplementation({\n implementation: OidcJwtIdentityProviderImpl,\n dependencies: [[OidcIdentityProvider, { multiple: true }], JwkCache]\n});\n"],"mappings":"AAAA,SAASA,iBAAiB;AAE1B,SAASC,QAAQ,EAAEC,mBAAmB,EAAEC,oBAAoB;AAE5D,MAAMC,2BAA2B,CAA0C;EACvEC,WAAWA,CACCC,qBAAuD,EACvDC,SAA6B,EACvC;IAAA,KAFUD,qBAAuD,GAAvDA,qBAAuD;IAAA,KACvDC,SAA6B,GAA7BA,SAA6B;EACtC;EAEHC,YAAYA,CAACC,KAAqC,EAAW;IACzD,OAAO,IAAI,CAACH,qBAAqB,CAACI,IAAI,CAACC,QAAQ,IAAIA,QAAQ,CAACH,YAAY,CAACC,KAAK,CAAC,CAAC;EACpF;EAEA,MAAMG,WAAWA,CAACH,KAAa,EAAEI,GAA4B,EAAgC;IACzF,MAAM;MAAEC,MAAM;MAAEC;IAAQ,CAAC,GAAGF,GAAG;IAE/B,MAAMF,QAAQ,GAAG,IAAI,CAACK,qBAAqB,CAACD,OAAO,CAAC;IAEpD,IAAI,CAACJ,QAAQ,EAAE;MACX,OAAO,IAAI;IACf;IAEA,MAAMM,eAAe,GAAG,MAAM,IAAI,CAACC,WAAW,CAACP,QAAQ,EAAEF,KAAK,EAAEK,MAAM,CAAC;IAEvE,IAAI,CAACG,eAAe,EAAE;MAClB,OAAO,IAAI;IACf;;IAEA;IACA,MAAME,gBAAgB,GAAG,MAAMR,QAAQ,CAACC,WAAW,CAACK,eAAe,CAAC;IAEpE,MAAMG,QAAsB,GAAG;MAC3B,GAAGD,gBAAgB;MACnBE,IAAI,EAAEF,gBAAgB,CAACE,IAAI,IAAI;IACnC,CAAC;;IAED;IACA,MAAMC,OAAO,GAAGF,QAAQ,CAACE,OAAO,IAAI;MAAEC,eAAe,EAAE,IAAI;MAAEC,eAAe,EAAE;IAAO,CAAC;IACtF,IAAIF,OAAO,CAACC,eAAe,KAAKE,SAAS,EAAE;MACvCH,OAAO,CAACC,eAAe,GAAG,IAAI;IAClC;IACA,IAAID,OAAO,CAACE,eAAe,KAAKC,SAAS,EAAE;MACvCH,OAAO,CAACE,eAAe,GAAG,MAAM;IACpC;IAEAJ,QAAQ,CAACE,OAAO,GAAGA,OAAO;IAE1B,OAAOF,QAAQ;EACnB;EAEQJ,qBAAqBA,CACzBD,OAAuC,EACG;IAC1C,OAAO,IAAI,CAACT,qBAAqB,CAACoB,IAAI,CAACf,QAAQ,IAAIA,QAAQ,CAACH,YAAY,CAACO,OAAO,CAAC,CAAC;EACtF;EAEA,MAAcG,WAAWA,CACrBP,QAAwC,EACxCF,KAAa,EACbK,MAAqC,EACvC;IACE;IACA,IAAIG,eAA2D;IAC/D,IAAI,OAAON,QAAQ,CAACO,WAAW,KAAK,UAAU,EAAE;MAC5C;MACA,MAAMS,MAAM,GAAG,MAAMhB,QAAQ,CAACO,WAAW,CAACT,KAAK,CAAC;MAChD,IAAIkB,MAAM,EAAE;QACR,OAAOA,MAAM;MACjB;MACA,OAAO,IAAI;IACf;;IAEA;;IAEA;IACA,MAAMC,IAAI,GAAG,MAAM,IAAI,CAACrB,SAAS,CAACsB,OAAO,CAAClB,QAAQ,CAACmB,MAAM,CAAC;;IAE1D;IACA,MAAMC,GAAG,GAAGH,IAAI,CAACF,IAAI,CAACM,GAAG,IAAIA,GAAG,CAACC,GAAG,KAAKnB,MAAM,CAACmB,GAAG,CAAC;IACpD,IAAI,CAACF,GAAG,EAAE;MACN,OAAO,IAAI;IACf;IAEA,IAAI,CAACd,eAAe,EAAE;MAClB;MACAA,eAAe,GAAG,MAAMjB,iBAAiB,CAACS,KAAK,EAAEsB,GAAG,CAAC;IACzD;;IAEA;IACA,IAAIpB,QAAQ,CAACuB,iBAAiB,EAAE;MAC5B,MAAMvB,QAAQ,CAACuB,iBAAiB,CAACjB,eAAe,CAAC;IACrD;IAEA,OAAOA,eAAe;EAC1B;AACJ;AAEA,OAAO,MAAMkB,uBAAuB,GAAGjC,mBAAmB,CAACkC,oBAAoB,CAAC;EAC5EC,cAAc,EAAEjC,2BAA2B;EAC3CkC,YAAY,EAAE,CAAC,CAACnC,oBAAoB,EAAE;IAAEoC,QAAQ,EAAE;EAAK,CAAC,CAAC,EAAEtC,QAAQ;AACvE,CAAC,CAAC","ignoreList":[]}

package/idp/abstractions.d.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import type { JwtPayload as IJwtPayload, JwtHeader as IJwtHeader } from "jsonwebtoken";
+import type { IdentityData as IIdentityData } from "../features/security/IdentityContext/Identity.js";
+import type { Jwk as IJwk } from "../features/security/utils/verifyJwtUsingJwk.js";
+export type IJwt = {
+    header: IJwtHeader;
+    payload: IJwtPayload;
+};
+export type OptionalExternal<T> = Omit<T, "external"> & {
+    external?: boolean;
+};
+export type IProviderIdentityData = Omit<IIdentityData, "type" | "profile"> & {
+    /**
+     * Defaults to `admin` it omitted.
+     */
+    type?: string;
+    profile?: OptionalExternal<NonNullable<IIdentityData["profile"]>>;
+};
+export interface IIdentityProvider {
+    isApplicable(token: string): boolean;
+    getIdentity(token: string): Promise<IProviderIdentityData | null>;
+}
+export declare const IdentityProvider: import("@webiny/di").Abstraction<IIdentityProvider>;
+export declare namespace IdentityProvider {
+    type Interface = IIdentityProvider;
+    type IdentityData = IProviderIdentityData;
+    type JwtPayload = IJwtPayload;
+}
+export interface IJwtIdentityProvider {
+    isApplicable(token: IJwtPayload): boolean;
+    getIdentity(token: string, jwt: IJwt): Promise<IProviderIdentityData | null>;
+}
+export declare const JwtIdentityProvider: import("@webiny/di").Abstraction<IJwtIdentityProvider>;
+export declare namespace JwtIdentityProvider {
+    type Interface = IJwtIdentityProvider;
+    type Jwt = IJwt;
+    type JwtPayload = IJwtPayload;
+    type JwtHeader = IJwtHeader;
+    type IdentityData = IProviderIdentityData;
+}
+export interface IOidcIdentityProvider {
+    issuer: string;
+    clientId: string;
+    isApplicable(token: IJwtPayload): boolean;
+    getIdentity(jwt: IJwtPayload): Promise<IProviderIdentityData>;
+    verifyToken?(token: string): Promise<IJwtPayload | undefined>;
+    verifyTokenClaims?(token: IJwtPayload): Promise<void>;
+}
+export declare const OidcIdentityProvider: import("@webiny/di").Abstraction<IOidcIdentityProvider>;
+export declare namespace OidcIdentityProvider {
+    type Interface = IOidcIdentityProvider;
+    type JwtPayload = IJwtPayload;
+    type IdentityData = IProviderIdentityData;
+}
+interface IJwkCache {
+    getKeys(issuer: string): Promise<IJwk[]>;
+}
+export declare const JwkCache: import("@webiny/di").Abstraction<IJwkCache>;
+export declare namespace JwkCache {
+    type Interface = IJwkCache;
+    type Jwk = IJwk;
+}
+export {};

package/idp/abstractions.js ADDED Viewed

@@ -0,0 +1,13 @@
+import { createAbstraction } from "@webiny/feature/api";
+// Generic Idp Provider
+export const IdentityProvider = createAbstraction("IdentityProvider");
+export const JwtIdentityProvider = createAbstraction("JwtIdentityProvider");
+// OIDC Provider
+export const OidcIdentityProvider = createAbstraction("OidcIdentityProvider");
+export const JwkCache = createAbstraction("JwkCache");
+//# sourceMappingURL=abstractions.js.map

package/idp/abstractions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createAbstraction","IdentityProvider","JwtIdentityProvider","OidcIdentityProvider","JwkCache"],"sources":["abstractions.ts"],"sourcesContent":["import type { JwtPayload as IJwtPayload, JwtHeader as IJwtHeader } from \"jsonwebtoken\";\nimport { createAbstraction } from \"@webiny/feature/api\";\nimport type { IdentityData as IIdentityData } from \"~/features/security/IdentityContext/Identity.js\";\nimport type { Jwk as IJwk } from \"~/features/security/utils/verifyJwtUsingJwk.js\";\n\nexport type IJwt = {\n header: IJwtHeader;\n payload: IJwtPayload;\n};\n\nexport type OptionalExternal<T> = Omit<T, \"external\"> & { external?: boolean };\n\nexport type IProviderIdentityData = Omit<IIdentityData, \"type\" | \"profile\"> & {\n /**\n * Defaults to `admin` it omitted.\n */\n type?: string;\n profile?: OptionalExternal<NonNullable<IIdentityData[\"profile\"]>>;\n};\n\n// Generic Idp Provider\nexport interface IIdentityProvider {\n isApplicable(token: string): boolean;\n getIdentity(token: string): Promise<IProviderIdentityData | null>;\n}\n\nexport const IdentityProvider = createAbstraction<IIdentityProvider>(\"IdentityProvider\");\n\nexport namespace IdentityProvider {\n export type Interface = IIdentityProvider;\n export type IdentityData = IProviderIdentityData;\n export type JwtPayload = IJwtPayload;\n}\n\nexport interface IJwtIdentityProvider {\n isApplicable(token: IJwtPayload): boolean;\n getIdentity(token: string, jwt: IJwt): Promise<IProviderIdentityData | null>;\n}\n\nexport const JwtIdentityProvider = createAbstraction<IJwtIdentityProvider>(\"JwtIdentityProvider\");\n\nexport namespace JwtIdentityProvider {\n export type Interface = IJwtIdentityProvider;\n export type Jwt = IJwt;\n export type JwtPayload = IJwtPayload;\n export type JwtHeader = IJwtHeader;\n export type IdentityData = IProviderIdentityData;\n}\n\n// OIDC Provider\nexport interface IOidcIdentityProvider {\n issuer: string;\n clientId: string;\n isApplicable(token: IJwtPayload): boolean;\n getIdentity(jwt: IJwtPayload): Promise<IProviderIdentityData>;\n verifyToken?(token: string): Promise<IJwtPayload | undefined>;\n verifyTokenClaims?(token: IJwtPayload): Promise<void>;\n}\n\nexport const OidcIdentityProvider =\n createAbstraction<IOidcIdentityProvider>(\"OidcIdentityProvider\");\n\nexport namespace OidcIdentityProvider {\n export type Interface = IOidcIdentityProvider;\n export type JwtPayload = IJwtPayload;\n export type IdentityData = IProviderIdentityData;\n}\n\ninterface IJwkCache {\n getKeys(issuer: string): Promise<IJwk[]>;\n}\n\nexport const JwkCache = createAbstraction<IJwkCache>(\"JwkCache\");\nexport namespace JwkCache {\n export type Interface = IJwkCache;\n export type Jwk = IJwk;\n}\n"],"mappings":"AACA,SAASA,iBAAiB,QAAQ,qBAAqB;;AAmBvD;;AAMA,OAAO,MAAMC,gBAAgB,GAAGD,iBAAiB,CAAoB,kBAAkB,CAAC;AAaxF,OAAO,MAAME,mBAAmB,GAAGF,iBAAiB,CAAuB,qBAAqB,CAAC;;AAUjG;;AAUA,OAAO,MAAMG,oBAAoB,GAC7BH,iBAAiB,CAAwB,sBAAsB,CAAC;AAYpE,OAAO,MAAMI,QAAQ,GAAGJ,iBAAiB,CAAY,UAAU,CAAC","ignoreList":[]}