@xpert-ai/plugin-sdk 3.9.0-beta.1 → 3.9.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/index.cjs.js +33 -0
- package/index.esm.js +29 -1
- package/package.json +1 -1
- package/src/index.d.ts +1 -0
- package/src/lib/core/permissions/account-binding.d.ts +36 -0
- package/src/lib/core/permissions/auth-login.d.ts +8 -0
- package/src/lib/core/permissions/bound-identity-login.d.ts +25 -0
- package/src/lib/core/permissions/index.d.ts +8 -1
- package/src/lib/core/permissions/sso-binding.d.ts +33 -0
- package/src/lib/sso/index.d.ts +3 -0
- package/src/lib/sso/strategy.decorator.d.ts +2 -0
- package/src/lib/sso/strategy.interface.d.ts +15 -0
- package/src/lib/sso/strategy.registry.d.ts +6 -0
package/CHANGELOG.md
CHANGED
package/index.cjs.js
CHANGED
|
@@ -1090,6 +1090,18 @@ function getRequiredPermissionOperation(method, permissionType) {
|
|
|
1090
1090
|
* Internal system token used by core to expose the handoff queue bridge.
|
|
1091
1091
|
*/ const HANDOFF_QUEUE_SERVICE_TOKEN = 'XPERT_HANDOFF_QUEUE_SERVICE';
|
|
1092
1092
|
|
|
1093
|
+
/**
|
|
1094
|
+
* System token for resolving account binding permission service from plugin context.
|
|
1095
|
+
*/ const ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_ACCOUNT_BINDING_PERMISSION_SERVICE';
|
|
1096
|
+
|
|
1097
|
+
/**
|
|
1098
|
+
* System token for resolving bound identity login permission service from plugin context.
|
|
1099
|
+
*/ const BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE';
|
|
1100
|
+
|
|
1101
|
+
/**
|
|
1102
|
+
* System token for resolving the pending SSO binding challenge service from plugin context.
|
|
1103
|
+
*/ const SSO_BINDING_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_SSO_BINDING_PERMISSION_SERVICE';
|
|
1104
|
+
|
|
1093
1105
|
/**
|
|
1094
1106
|
* System token for resolving user permission service from plugin context.
|
|
1095
1107
|
*/ const USER_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_USER_PERMISSION_SERVICE';
|
|
@@ -2865,6 +2877,22 @@ exports.FileUploadTargetRegistry = __decorate([
|
|
|
2865
2877
|
])
|
|
2866
2878
|
], exports.FileUploadTargetRegistry);
|
|
2867
2879
|
|
|
2880
|
+
const SSO_PROVIDER = 'SSO_PROVIDER';
|
|
2881
|
+
const SSOProviderStrategyKey = (provider)=>common.applyDecorators(common.SetMetadata(SSO_PROVIDER, provider), common.SetMetadata(STRATEGY_META_KEY, SSO_PROVIDER));
|
|
2882
|
+
|
|
2883
|
+
exports.SSOProviderRegistry = class SSOProviderRegistry extends BaseStrategyRegistry {
|
|
2884
|
+
constructor(discoveryService, reflector){
|
|
2885
|
+
super(SSO_PROVIDER, discoveryService, reflector);
|
|
2886
|
+
}
|
|
2887
|
+
};
|
|
2888
|
+
exports.SSOProviderRegistry = __decorate([
|
|
2889
|
+
common.Injectable(),
|
|
2890
|
+
__metadata("design:paramtypes", [
|
|
2891
|
+
core.DiscoveryService,
|
|
2892
|
+
core.Reflector
|
|
2893
|
+
])
|
|
2894
|
+
], exports.SSOProviderRegistry);
|
|
2895
|
+
|
|
2868
2896
|
const SANDBOX_SHELL_TIMEOUT_LIMITS_SEC = {
|
|
2869
2897
|
min: 1,
|
|
2870
2898
|
max: 3600
|
|
@@ -3892,6 +3920,7 @@ exports.ViewExtensionProviderRegistry = __decorate([
|
|
|
3892
3920
|
|
|
3893
3921
|
const VIEW_EXTENSION_CACHE_SERVICE_TOKEN = 'XPERT_PLUGIN_VIEW_EXTENSION_CACHE_SERVICE';
|
|
3894
3922
|
|
|
3923
|
+
exports.ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN = ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN;
|
|
3895
3924
|
exports.AGENT_CHAT_DISPATCH_MESSAGE_TYPE = AGENT_CHAT_DISPATCH_MESSAGE_TYPE;
|
|
3896
3925
|
exports.AGENT_MIDDLEWARE_STRATEGY = AGENT_MIDDLEWARE_STRATEGY;
|
|
3897
3926
|
exports.AIModelProviderNotFoundException = AIModelProviderNotFoundException;
|
|
@@ -3901,6 +3930,7 @@ exports.ANALYTICS_PERMISSION_SERVICE_TOKEN = ANALYTICS_PERMISSION_SERVICE_TOKEN;
|
|
|
3901
3930
|
exports.AdapterDataSourceStrategy = AdapterDataSourceStrategy;
|
|
3902
3931
|
exports.AgentMiddlewareStrategy = AgentMiddlewareStrategy;
|
|
3903
3932
|
exports.AiModelNotFoundException = AiModelNotFoundException;
|
|
3933
|
+
exports.BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN = BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN;
|
|
3904
3934
|
exports.BaseHTTPQueryRunner = BaseHTTPQueryRunner;
|
|
3905
3935
|
exports.BaseQueryRunner = BaseQueryRunner;
|
|
3906
3936
|
exports.BaseSQLQueryRunner = BaseSQLQueryRunner;
|
|
@@ -3974,6 +4004,9 @@ exports.RetrieverStrategy = RetrieverStrategy;
|
|
|
3974
4004
|
exports.SANDBOX_PROVIDER = SANDBOX_PROVIDER;
|
|
3975
4005
|
exports.SANDBOX_SHELL_TIMEOUT_LIMITS_SEC = SANDBOX_SHELL_TIMEOUT_LIMITS_SEC;
|
|
3976
4006
|
exports.SKILL_SOURCE_PROVIDER = SKILL_SOURCE_PROVIDER;
|
|
4007
|
+
exports.SSOProviderStrategyKey = SSOProviderStrategyKey;
|
|
4008
|
+
exports.SSO_BINDING_PERMISSION_SERVICE_TOKEN = SSO_BINDING_PERMISSION_SERVICE_TOKEN;
|
|
4009
|
+
exports.SSO_PROVIDER = SSO_PROVIDER;
|
|
3977
4010
|
exports.STRATEGY_META_KEY = STRATEGY_META_KEY;
|
|
3978
4011
|
exports.SandboxProviderStrategy = SandboxProviderStrategy;
|
|
3979
4012
|
exports.SkillSourceProviderStrategy = SkillSourceProviderStrategy;
|
package/index.esm.js
CHANGED
|
@@ -1069,6 +1069,18 @@ function getRequiredPermissionOperation(method, permissionType) {
|
|
|
1069
1069
|
* Internal system token used by core to expose the handoff queue bridge.
|
|
1070
1070
|
*/ const HANDOFF_QUEUE_SERVICE_TOKEN = 'XPERT_HANDOFF_QUEUE_SERVICE';
|
|
1071
1071
|
|
|
1072
|
+
/**
|
|
1073
|
+
* System token for resolving account binding permission service from plugin context.
|
|
1074
|
+
*/ const ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_ACCOUNT_BINDING_PERMISSION_SERVICE';
|
|
1075
|
+
|
|
1076
|
+
/**
|
|
1077
|
+
* System token for resolving bound identity login permission service from plugin context.
|
|
1078
|
+
*/ const BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE';
|
|
1079
|
+
|
|
1080
|
+
/**
|
|
1081
|
+
* System token for resolving the pending SSO binding challenge service from plugin context.
|
|
1082
|
+
*/ const SSO_BINDING_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_SSO_BINDING_PERMISSION_SERVICE';
|
|
1083
|
+
|
|
1072
1084
|
/**
|
|
1073
1085
|
* System token for resolving user permission service from plugin context.
|
|
1074
1086
|
*/ const USER_PERMISSION_SERVICE_TOKEN = 'XPERT_PLUGIN_USER_PERMISSION_SERVICE';
|
|
@@ -2844,6 +2856,22 @@ FileUploadTargetRegistry = __decorate([
|
|
|
2844
2856
|
])
|
|
2845
2857
|
], FileUploadTargetRegistry);
|
|
2846
2858
|
|
|
2859
|
+
const SSO_PROVIDER = 'SSO_PROVIDER';
|
|
2860
|
+
const SSOProviderStrategyKey = (provider)=>applyDecorators(SetMetadata(SSO_PROVIDER, provider), SetMetadata(STRATEGY_META_KEY, SSO_PROVIDER));
|
|
2861
|
+
|
|
2862
|
+
let SSOProviderRegistry = class SSOProviderRegistry extends BaseStrategyRegistry {
|
|
2863
|
+
constructor(discoveryService, reflector){
|
|
2864
|
+
super(SSO_PROVIDER, discoveryService, reflector);
|
|
2865
|
+
}
|
|
2866
|
+
};
|
|
2867
|
+
SSOProviderRegistry = __decorate([
|
|
2868
|
+
Injectable(),
|
|
2869
|
+
__metadata("design:paramtypes", [
|
|
2870
|
+
DiscoveryService,
|
|
2871
|
+
Reflector
|
|
2872
|
+
])
|
|
2873
|
+
], SSOProviderRegistry);
|
|
2874
|
+
|
|
2847
2875
|
const SANDBOX_SHELL_TIMEOUT_LIMITS_SEC = {
|
|
2848
2876
|
min: 1,
|
|
2849
2877
|
max: 3600
|
|
@@ -3871,4 +3899,4 @@ ViewExtensionProviderRegistry = __decorate([
|
|
|
3871
3899
|
|
|
3872
3900
|
const VIEW_EXTENSION_CACHE_SERVICE_TOKEN = 'XPERT_PLUGIN_VIEW_EXTENSION_CACHE_SERVICE';
|
|
3873
3901
|
|
|
3874
|
-
export { AGENT_CHAT_DISPATCH_MESSAGE_TYPE, AGENT_MIDDLEWARE_STRATEGY, AIModelProviderNotFoundException, AIModelProviderRegistry, AIModelProviderStrategy, AI_MODEL_PROVIDER, ANALYTICS_PERMISSION_SERVICE_TOKEN, AdapterDataSourceStrategy, AgentMiddlewareRegistry, AgentMiddlewareStrategy, AiModelNotFoundException, BaseHTTPQueryRunner, BaseQueryRunner, BaseSQLQueryRunner, BaseSandbox, BaseStrategyRegistry, BaseTool, BaseToolset, BuiltinToolset, CHAT_CHANNEL, CHAT_CHANNEL_TEXT_LIMITS, CancelConversationCommand, ChatChannel, ChatChannelRegistry, ChatOAICompatReasoningModel, CommonParameterRules, CreateModelClientCommand, CredentialsValidateFailedError, DATASOURCE_STRATEGY, DBCreateTableMode, DBProtocolEnum, DBSyntaxEnum, DBTableAction, DBTableDataAction, DEFAULT_EXECUTION_CONFIG, DEFAULT_SANDBOX_EXECUTION_MAX_OUTPUT_BYTES, DEFAULT_SANDBOX_FILE_OPERATION_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_SEC, DEFAULT_SANDBOX_FILE_SEARCH_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_SEC, DEFAULT_SANDBOX_SHELL_EXECUTION_OPTIONS, DEFAULT_SANDBOX_SHELL_TIMEOUT_MS, DEFAULT_SANDBOX_SHELL_TIMEOUT_SEC, DOCUMENT_SOURCE_STRATEGY, DOCUMENT_TRANSFORMER_STRATEGY, DataSourceStrategy, DataSourceStrategyRegistry, DocumentSourceRegistry, DocumentSourceStrategy, DocumentTransformerRegistry, DocumentTransformerStrategy, FILE_STORAGE_PROVIDER, FILE_UPLOAD_TARGET_STRATEGY, FileStorageProvider, FileStorageProviderRegistry, FileUploadTargetRegistry, FileUploadTargetStrategy, GLOBAL_ORGANIZATION_SCOPE, HANDOFF_PERMISSION_SERVICE_TOKEN, HANDOFF_PROCESSOR_STRATEGY, HANDOFF_QUEUE_SERVICE_TOKEN, HandoffProcessorRegistry, HandoffProcessorStrategy, IMAGE_UNDERSTANDING_STRATEGY, INTEGRATION_PERMISSION_SERVICE_TOKEN, INTEGRATION_STRATEGY, ImageUnderstandingRegistry, ImageUnderstandingStrategy, IntegrationStrategyKey, IntegrationStrategyRegistry, JUMP_TO_TARGETS, JsonSchemaValidator, KNOWLEDGE_STRATEGY, KnowledgeStrategyKey, KnowledgeStrategyRegistry, LLMUsage, LargeLanguageModel, ModelProvider, ORGANIZATION_METADATA_KEY, OpenAICompatibleReranker, PERMISSION_OPERATION_METADATA_KEY, PLUGIN_CONFIG_RESOLVER_TOKEN, PLUGIN_METADATA, PLUGIN_METADATA_KEY, PROVIDE_AI_MODEL_LLM, PROVIDE_AI_MODEL_MODERATION, PROVIDE_AI_MODEL_RERANK, PROVIDE_AI_MODEL_SPEECH2TEXT, PROVIDE_AI_MODEL_TEXT_EMBEDDING, PROVIDE_AI_MODEL_TTS, RETRIEVER_STRATEGY, RequestContext, RequestContextMiddleware, RequirePermissionOperation, RerankModel, RetrieverRegistry, RetrieverStrategy, SANDBOX_PROVIDER, SANDBOX_SHELL_TIMEOUT_LIMITS_SEC, SKILL_SOURCE_PROVIDER, STRATEGY_META_KEY, SandboxProviderRegistry, SandboxProviderStrategy, SkillSourceProviderRegistry, SkillSourceProviderStrategy, Speech2TextChatModel, SpeechToTextModel, StrategyBus, TEXT_SPLITTER_STRATEGY, TOOLSET_STRATEGY, TextEmbeddingModelManager, TextSplitterRegistry, TextSplitterStrategy, TextToSpeechModel, ToolsetRegistry, ToolsetStrategy, USER_PERMISSION_SERVICE_TOKEN, VECTOR_STORE_STRATEGY, VIEW_EXTENSION_CACHE_SERVICE_TOKEN, VIEW_EXTENSION_PROVIDER, VectorStoreRegistry, VectorStoreStrategy, ViewExtensionProvider, ViewExtensionProviderRegistry, WORKFLOW_NODE_STRATEGY, WORKFLOW_TRIGGER_STRATEGY, WorkflowNodeRegistry, WorkflowNodeStrategy, WorkflowTriggerRegistry, WorkflowTriggerStrategy, WrapWorkflowNodeExecutionCommand, XpFileSystem, XpertServerPlugin, als, appendSandboxMessage, buildSandboxTimeoutMessage, calcTokenUsage, chunkText, countTokensSafe, createI18nInstance, createPluginLogger, defineAgentMessageType, defineChannelMessageType, downloadRemoteFile, formatSandboxTimeout, getErrorMessage, getModelContextSize, getPermissionOperationMetadata, getPositionList, getPositionMap, getRequestContext, getRequiredPermissionOperation, isRemoteFile, isSandboxBackend, isStructuredMessageType, loadYamlFile, mergeCredentials, mergeParentChildChunks, normalizeContextSize, resolveSandboxBackend, resolveSandboxExecutionOptions, runWithRequestContext, secondsToMilliseconds, sumTokenUsage };
|
|
3902
|
+
export { ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN, AGENT_CHAT_DISPATCH_MESSAGE_TYPE, AGENT_MIDDLEWARE_STRATEGY, AIModelProviderNotFoundException, AIModelProviderRegistry, AIModelProviderStrategy, AI_MODEL_PROVIDER, ANALYTICS_PERMISSION_SERVICE_TOKEN, AdapterDataSourceStrategy, AgentMiddlewareRegistry, AgentMiddlewareStrategy, AiModelNotFoundException, BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN, BaseHTTPQueryRunner, BaseQueryRunner, BaseSQLQueryRunner, BaseSandbox, BaseStrategyRegistry, BaseTool, BaseToolset, BuiltinToolset, CHAT_CHANNEL, CHAT_CHANNEL_TEXT_LIMITS, CancelConversationCommand, ChatChannel, ChatChannelRegistry, ChatOAICompatReasoningModel, CommonParameterRules, CreateModelClientCommand, CredentialsValidateFailedError, DATASOURCE_STRATEGY, DBCreateTableMode, DBProtocolEnum, DBSyntaxEnum, DBTableAction, DBTableDataAction, DEFAULT_EXECUTION_CONFIG, DEFAULT_SANDBOX_EXECUTION_MAX_OUTPUT_BYTES, DEFAULT_SANDBOX_FILE_OPERATION_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_OPERATION_TIMEOUT_SEC, DEFAULT_SANDBOX_FILE_SEARCH_EXECUTION_OPTIONS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_MS, DEFAULT_SANDBOX_FILE_SEARCH_TIMEOUT_SEC, DEFAULT_SANDBOX_SHELL_EXECUTION_OPTIONS, DEFAULT_SANDBOX_SHELL_TIMEOUT_MS, DEFAULT_SANDBOX_SHELL_TIMEOUT_SEC, DOCUMENT_SOURCE_STRATEGY, DOCUMENT_TRANSFORMER_STRATEGY, DataSourceStrategy, DataSourceStrategyRegistry, DocumentSourceRegistry, DocumentSourceStrategy, DocumentTransformerRegistry, DocumentTransformerStrategy, FILE_STORAGE_PROVIDER, FILE_UPLOAD_TARGET_STRATEGY, FileStorageProvider, FileStorageProviderRegistry, FileUploadTargetRegistry, FileUploadTargetStrategy, GLOBAL_ORGANIZATION_SCOPE, HANDOFF_PERMISSION_SERVICE_TOKEN, HANDOFF_PROCESSOR_STRATEGY, HANDOFF_QUEUE_SERVICE_TOKEN, HandoffProcessorRegistry, HandoffProcessorStrategy, IMAGE_UNDERSTANDING_STRATEGY, INTEGRATION_PERMISSION_SERVICE_TOKEN, INTEGRATION_STRATEGY, ImageUnderstandingRegistry, ImageUnderstandingStrategy, IntegrationStrategyKey, IntegrationStrategyRegistry, JUMP_TO_TARGETS, JsonSchemaValidator, KNOWLEDGE_STRATEGY, KnowledgeStrategyKey, KnowledgeStrategyRegistry, LLMUsage, LargeLanguageModel, ModelProvider, ORGANIZATION_METADATA_KEY, OpenAICompatibleReranker, PERMISSION_OPERATION_METADATA_KEY, PLUGIN_CONFIG_RESOLVER_TOKEN, PLUGIN_METADATA, PLUGIN_METADATA_KEY, PROVIDE_AI_MODEL_LLM, PROVIDE_AI_MODEL_MODERATION, PROVIDE_AI_MODEL_RERANK, PROVIDE_AI_MODEL_SPEECH2TEXT, PROVIDE_AI_MODEL_TEXT_EMBEDDING, PROVIDE_AI_MODEL_TTS, RETRIEVER_STRATEGY, RequestContext, RequestContextMiddleware, RequirePermissionOperation, RerankModel, RetrieverRegistry, RetrieverStrategy, SANDBOX_PROVIDER, SANDBOX_SHELL_TIMEOUT_LIMITS_SEC, SKILL_SOURCE_PROVIDER, SSOProviderRegistry, SSOProviderStrategyKey, SSO_BINDING_PERMISSION_SERVICE_TOKEN, SSO_PROVIDER, STRATEGY_META_KEY, SandboxProviderRegistry, SandboxProviderStrategy, SkillSourceProviderRegistry, SkillSourceProviderStrategy, Speech2TextChatModel, SpeechToTextModel, StrategyBus, TEXT_SPLITTER_STRATEGY, TOOLSET_STRATEGY, TextEmbeddingModelManager, TextSplitterRegistry, TextSplitterStrategy, TextToSpeechModel, ToolsetRegistry, ToolsetStrategy, USER_PERMISSION_SERVICE_TOKEN, VECTOR_STORE_STRATEGY, VIEW_EXTENSION_CACHE_SERVICE_TOKEN, VIEW_EXTENSION_PROVIDER, VectorStoreRegistry, VectorStoreStrategy, ViewExtensionProvider, ViewExtensionProviderRegistry, WORKFLOW_NODE_STRATEGY, WORKFLOW_TRIGGER_STRATEGY, WorkflowNodeRegistry, WorkflowNodeStrategy, WorkflowTriggerRegistry, WorkflowTriggerStrategy, WrapWorkflowNodeExecutionCommand, XpFileSystem, XpertServerPlugin, als, appendSandboxMessage, buildSandboxTimeoutMessage, calcTokenUsage, chunkText, countTokensSafe, createI18nInstance, createPluginLogger, defineAgentMessageType, defineChannelMessageType, downloadRemoteFile, formatSandboxTimeout, getErrorMessage, getModelContextSize, getPermissionOperationMetadata, getPositionList, getPositionMap, getRequestContext, getRequiredPermissionOperation, isRemoteFile, isSandboxBackend, isStructuredMessageType, loadYamlFile, mergeCredentials, mergeParentChildChunks, normalizeContextSize, resolveSandboxBackend, resolveSandboxExecutionOptions, runWithRequestContext, secondsToMilliseconds, sumTokenUsage };
|
package/package.json
CHANGED
package/src/index.d.ts
CHANGED
|
@@ -15,5 +15,6 @@ export * from './lib/agent/index';
|
|
|
15
15
|
export * from './lib/channel/index';
|
|
16
16
|
export * from './lib/file/index';
|
|
17
17
|
export * from './lib/strategy';
|
|
18
|
+
export * from './lib/sso/index';
|
|
18
19
|
export * from './lib/sandbox/index';
|
|
19
20
|
export * from './lib/view-extension/index';
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import type { IUser } from '@xpert-ai/contracts';
|
|
2
|
+
import type { BasePermission } from './general';
|
|
3
|
+
export type AccountBindingPermissionOperation = 'read' | 'write' | 'delete';
|
|
4
|
+
/**
|
|
5
|
+
* Account Binding Permission
|
|
6
|
+
* Example: { type: 'account_binding', operations: ['write'], providers: ['feishu'] }
|
|
7
|
+
*/
|
|
8
|
+
export interface AccountBindingPermission extends BasePermission {
|
|
9
|
+
type: 'account_binding';
|
|
10
|
+
operations?: AccountBindingPermissionOperation[];
|
|
11
|
+
providers?: string[];
|
|
12
|
+
scope?: string[];
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* System token for resolving account binding permission service from plugin context.
|
|
16
|
+
*/
|
|
17
|
+
export declare const ACCOUNT_BINDING_PERMISSION_SERVICE_TOKEN = "XPERT_PLUGIN_ACCOUNT_BINDING_PERMISSION_SERVICE";
|
|
18
|
+
export interface BindCurrentUserInput {
|
|
19
|
+
provider: string;
|
|
20
|
+
subjectId: string;
|
|
21
|
+
profile?: Record<string, any>;
|
|
22
|
+
}
|
|
23
|
+
export interface ResolveBoundUserInput {
|
|
24
|
+
provider: string;
|
|
25
|
+
subjectId: string;
|
|
26
|
+
tenantId?: string;
|
|
27
|
+
}
|
|
28
|
+
export interface BoundIdentityRef {
|
|
29
|
+
provider: string;
|
|
30
|
+
subjectId: string;
|
|
31
|
+
}
|
|
32
|
+
export interface AccountBindingPermissionService {
|
|
33
|
+
bindCurrentUser(input: BindCurrentUserInput): Promise<BoundIdentityRef>;
|
|
34
|
+
resolveBoundUser<TUser = IUser>(input: ResolveBoundUserInput): Promise<TUser | null>;
|
|
35
|
+
unbindCurrentUser(provider: string): Promise<void>;
|
|
36
|
+
}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import type { IssuedAuthTokens } from './auth-login';
|
|
2
|
+
import type { BasePermission } from './general';
|
|
3
|
+
export type BoundIdentityLoginPermissionOperation = 'create';
|
|
4
|
+
/**
|
|
5
|
+
* Bound identity login permission
|
|
6
|
+
* Example: { type: 'bound_identity_login', operations: ['create'], providers: ['lark'] }
|
|
7
|
+
*/
|
|
8
|
+
export interface BoundIdentityLoginPermission extends BasePermission {
|
|
9
|
+
type: 'bound_identity_login';
|
|
10
|
+
operations?: BoundIdentityLoginPermissionOperation[];
|
|
11
|
+
providers?: string[];
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* System token for resolving bound identity login permission service from plugin context.
|
|
15
|
+
*/
|
|
16
|
+
export declare const BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE_TOKEN = "XPERT_PLUGIN_BOUND_IDENTITY_LOGIN_PERMISSION_SERVICE";
|
|
17
|
+
export interface BoundIdentityLoginInput {
|
|
18
|
+
provider: string;
|
|
19
|
+
subjectId: string;
|
|
20
|
+
tenantId: string;
|
|
21
|
+
organizationId?: string | null;
|
|
22
|
+
}
|
|
23
|
+
export interface BoundIdentityLoginPermissionService {
|
|
24
|
+
loginWithBoundIdentity(input: BoundIdentityLoginInput): Promise<IssuedAuthTokens | null>;
|
|
25
|
+
}
|
|
@@ -9,15 +9,22 @@ export * from './general';
|
|
|
9
9
|
export * from './analytics';
|
|
10
10
|
export * from './operation';
|
|
11
11
|
export * from './handoff';
|
|
12
|
+
export * from './account-binding';
|
|
13
|
+
export * from './auth-login';
|
|
14
|
+
export * from './bound-identity-login';
|
|
15
|
+
export * from './sso-binding';
|
|
12
16
|
export * from './user';
|
|
13
17
|
import type { FileSystemPermission, IntegrationPermission, KnowledgePermission, LLMPermission, VectorStorePermission } from './general';
|
|
14
18
|
import type { AnalyticsPermission } from './analytics';
|
|
19
|
+
import type { AccountBindingPermission } from './account-binding';
|
|
20
|
+
import type { BoundIdentityLoginPermission } from './bound-identity-login';
|
|
15
21
|
import type { HandoffPermission } from './handoff';
|
|
22
|
+
import type { SsoBindingPermission } from './sso-binding';
|
|
16
23
|
import type { UserPermission } from './user';
|
|
17
24
|
/**
|
|
18
25
|
* Union type for all permissions
|
|
19
26
|
*/
|
|
20
|
-
export type Permission = LLMPermission | VectorStorePermission | KnowledgePermission | FileSystemPermission | IntegrationPermission | AnalyticsPermission | UserPermission | HandoffPermission;
|
|
27
|
+
export type Permission = LLMPermission | VectorStorePermission | KnowledgePermission | FileSystemPermission | IntegrationPermission | AnalyticsPermission | AccountBindingPermission | BoundIdentityLoginPermission | SsoBindingPermission | UserPermission | HandoffPermission;
|
|
21
28
|
/**
|
|
22
29
|
* Permissions array type
|
|
23
30
|
*/
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import type { BasePermission } from './general';
|
|
2
|
+
export type SsoBindingPermissionOperation = 'create';
|
|
3
|
+
/**
|
|
4
|
+
* SSO Binding Permission
|
|
5
|
+
* Example: { type: 'sso_binding', operations: ['create'], providers: ['lark'] }
|
|
6
|
+
*/
|
|
7
|
+
export interface SsoBindingPermission extends BasePermission {
|
|
8
|
+
type: 'sso_binding';
|
|
9
|
+
operations?: SsoBindingPermissionOperation[];
|
|
10
|
+
providers?: string[];
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* System token for resolving the pending SSO binding challenge service from plugin context.
|
|
14
|
+
*/
|
|
15
|
+
export declare const SSO_BINDING_PERMISSION_SERVICE_TOKEN = "XPERT_PLUGIN_SSO_BINDING_PERMISSION_SERVICE";
|
|
16
|
+
export type PendingSsoBindingFlow = 'anonymous_bind' | 'current_user_confirm';
|
|
17
|
+
export interface CreatePendingBindingInput {
|
|
18
|
+
provider: string;
|
|
19
|
+
subjectId: string;
|
|
20
|
+
tenantId: string;
|
|
21
|
+
organizationId?: string | null;
|
|
22
|
+
displayName?: string | null;
|
|
23
|
+
avatarUrl?: string | null;
|
|
24
|
+
profile?: Record<string, any> | null;
|
|
25
|
+
returnTo?: string | null;
|
|
26
|
+
flow?: PendingSsoBindingFlow;
|
|
27
|
+
}
|
|
28
|
+
export interface CreatedPendingBindingRef {
|
|
29
|
+
ticket: string;
|
|
30
|
+
}
|
|
31
|
+
export interface SsoBindingPermissionService {
|
|
32
|
+
createPendingBinding(input: CreatePendingBindingInput): Promise<CreatedPendingBindingRef>;
|
|
33
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export interface ISSOProviderDescriptor {
|
|
2
|
+
provider: string;
|
|
3
|
+
displayName: string;
|
|
4
|
+
icon: string;
|
|
5
|
+
order: number;
|
|
6
|
+
startUrl: string;
|
|
7
|
+
}
|
|
8
|
+
export interface ISSOProviderContext {
|
|
9
|
+
tenantId: string;
|
|
10
|
+
organizationId?: string | null;
|
|
11
|
+
requestBaseUrl: string;
|
|
12
|
+
}
|
|
13
|
+
export interface ISSOProviderStrategy {
|
|
14
|
+
describe(context: ISSOProviderContext): ISSOProviderDescriptor | null | Promise<ISSOProviderDescriptor | null>;
|
|
15
|
+
}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { DiscoveryService, Reflector } from '@nestjs/core';
|
|
2
|
+
import { BaseStrategyRegistry } from '../strategy';
|
|
3
|
+
import { ISSOProviderStrategy } from './strategy.interface';
|
|
4
|
+
export declare class SSOProviderRegistry extends BaseStrategyRegistry<ISSOProviderStrategy> {
|
|
5
|
+
constructor(discoveryService: DiscoveryService, reflector: Reflector);
|
|
6
|
+
}
|