ag-common 0.0.3 → 0.0.4

package/dist/api/helpers/index.d.ts

@@ -1,3 +1,5 @@
 export * from './api';
 export * from './dynamoInfra';
 export * from './openApiHelpers';
+export * from './validateOpenApi';
+export * from './validations';

package/dist/api/helpers/index.js

@@ -13,3 +13,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./api"), exports);
 __exportStar(require("./dynamoInfra"), exports);
 __exportStar(require("./openApiHelpers"), exports);
+__exportStar(require("./validateOpenApi"), exports);
+__exportStar(require("./validations"), exports);

package/dist/api/helpers/validateOpenApi.d.ts

@@ -0,0 +1,14 @@
+import { APIGatewayEvent, APIGatewayProxyResult } from 'aws-lambda';
+import { User } from 'analytica.click';
+export declare type NextType<T> = ({ event, body, params, userProfile, }: {
+    params: Record<string, string>;
+    event: APIGatewayEvent;
+    body: T;
+    userProfile?: User;
+}) => Promise<APIGatewayProxyResult>;
+export declare function validateOpenApi<T>({ event, next, authorized, schema, }: {
+    schema: any;
+    event: APIGatewayEvent;
+    next: NextType<T>;
+    authorized?: true | false | 'optional';
+}): Promise<APIGatewayProxyResult>;

package/dist/api/helpers/validateOpenApi.js

@@ -0,0 +1,114 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateOpenApi = void 0;
+const openapi_request_validator_1 = __importDefault(require("openapi-request-validator"));
+const validations_1 = require("./validations");
+const log_1 = require("../../common/helpers/log");
+const object_1 = require("../../common/helpers/object");
+const api_1 = require("./api");
+//
+const getOperation = ({ path, method, resource, schema, }) => {
+    var _a;
+    const resourcePath = Object.keys(schema.paths).find((rp) => rp === resource);
+    if (!resourcePath) {
+        throw new Error('incorrect path');
+    }
+    const operation = (_a = schema.paths[resourcePath]) === null || _a === void 0 ? void 0 : _a[method];
+    if (!operation) {
+        const msg = `no operation found for ${method}/${path}`;
+        (0, log_1.warn)(`${msg} ${Object.keys(schema.paths)}`);
+        throw new Error(msg);
+    }
+    /*
+     var path=  '/events/12345/topics/2216026039415263/like'
+     var resourcePath ='/events/{eventCode}/topics/{topicId}/like'
+     */
+    const re = new RegExp(resourcePath
+        .replace(/\//gim, `\\/`)
+        .replace(/\{(.+?)\}/gim, '(?<$1>[^\\\\]+)'), 'i').exec(path);
+    const pathParams = (re === null || re === void 0 ? void 0 : re.groups) && JSON.parse(JSON.stringify(re === null || re === void 0 ? void 0 : re.groups));
+    return { operation, pathParams };
+};
+function validateOpenApi({ event, next, authorized, schema, }) {
+    var _a, _b, _c, _d;
+    return __awaiter(this, void 0, void 0, function* () {
+        const request = {
+            method: event.httpMethod,
+            path: event.path,
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            params: undefined,
+            query: event.queryStringParameters,
+            body: event.body && JSON.parse(event.body),
+            headers: (0, object_1.objectKeysToLowerCase)(event === null || event === void 0 ? void 0 : event.headers),
+        };
+        const method = event.requestContext.httpMethod.toLowerCase();
+        const pathParameters = event.pathParameters || {};
+        const queryStringParameters = event.queryStringParameters || {};
+        //
+        const opm = getOperation({
+            path: event.path,
+            method,
+            resource: event.resource,
+            schema,
+        });
+        if (!(opm === null || opm === void 0 ? void 0 : opm.operation)) {
+            const msg = `no request handler found! for ${method} ${event.path} - cant validate`;
+            (0, log_1.error)(msg);
+            return (0, api_1.returnCode)(400, msg);
+        }
+        if (!opm.operation.requestBody && !opm.operation.parameters) {
+            if (!!event.body || Object.keys(pathParameters).length > 0) {
+                (0, log_1.warn)(`bad req, unexpected params`);
+                return (0, api_1.returnCode)(400, 'bad data');
+            }
+            // no validation necessary
+        }
+        else {
+            try {
+                request.params = opm.pathParams;
+                (0, log_1.info)('req=', JSON.stringify(request, null, 2));
+                const resp = new openapi_request_validator_1.default(Object.assign(Object.assign({}, opm.operation), { schemas: schema.components.schemas })).validateRequest(request);
+                if (resp) {
+                    (0, log_1.warn)('bad request');
+                    (0, log_1.warn)('opm=', JSON.stringify(opm, null, 2));
+                    (0, log_1.warn)('resp=', JSON.stringify(resp, null, 2));
+                    return (0, api_1.returnCode)(400, `error:${(_b = (_a = resp === null || resp === void 0 ? void 0 : resp.errors) === null || _a === void 0 ? void 0 : _a[0]) === null || _b === void 0 ? void 0 : _b.message}`);
+                }
+                (0, log_1.debug)(`validated request:`, event.path);
+            }
+            catch (e) {
+                (0, log_1.error)('e=', e, JSON.stringify(opm));
+            }
+        }
+        let userProfile;
+        let error;
+        const authHeader = ((_c = event.headers) === null || _c === void 0 ? void 0 : _c.Authorization) || ((_d = event.headers) === null || _d === void 0 ? void 0 : _d.authorization);
+        if (authorized === true || (authorized === 'optional' && authHeader)) {
+            ({ error, userProfile } = yield (0, validations_1.getAndValidateToken)(authHeader));
+            if (error) {
+                return error;
+            }
+        }
+        const params = Object.assign(Object.assign({}, (pathParameters || {})), (queryStringParameters || {}));
+        const res = yield next({
+            params,
+            event,
+            body: (event.body && JSON.parse(event.body)),
+            userProfile,
+        });
+        return res;
+    });
+}
+exports.validateOpenApi = validateOpenApi;

package/dist/api/helpers/validations.d.ts

@@ -0,0 +1,8 @@
+import { APIGatewayProxyResult } from 'aws-lambda';
+import { User } from 'analytica.click';
+import { error } from '../../common/helpers/log';
+export declare const getAndValidateToken: (tokenRaw?: string | undefined) => Promise<{
+    error?: APIGatewayProxyResult | undefined;
+    token?: string | undefined;
+    userProfile?: User | undefined;
+}>;

package/dist/api/helpers/validations.js

@@ -0,0 +1,116 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAndValidateToken = void 0;
+const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
+const jsonwebtoken_1 = require("jsonwebtoken");
+const log_1 = require("../../common/helpers/log");
+const api_1 = require("./api");
+const jwksUri = `https://cognito-idp.ap-southeast-2.amazonaws.com/${process.env.COGNITO_USER_POOL_ID}/.well-known/jwks.json`;
+const issuer = `https://cognito-idp.ap-southeast-2.amazonaws.com/${process.env.COGNITO_USER_POOL_ID}`;
+const jwksClient = (0, jwks_rsa_1.default)({
+    cache: true,
+    rateLimit: true,
+    jwksRequestsPerMinute: 10,
+    jwksUri,
+});
+const jwtVerify = (token) => __awaiter(void 0, void 0, void 0, function* () {
+    return new Promise((resolve, reject) => {
+        (0, jsonwebtoken_1.verify)(token, (header, callback) => {
+            jwksClient.getSigningKey(header.kid, (errorV, key) => {
+                if (errorV) {
+                    reject(errorV);
+                    return;
+                }
+                const signingKey = (key === null || key === void 0 ? void 0 : key.publicKey) || (key === null || key === void 0 ? void 0 : key.rsaPublicKey) || undefined;
+                if (!signingKey) {
+                    callback('no key');
+                }
+                else {
+                    callback(null, signingKey);
+                }
+            });
+        }, {
+            issuer,
+            algorithms: ['RS256'],
+        }, (errorV, decoded) => {
+            if (errorV) {
+                reject(errorV);
+                return;
+            }
+            resolve(decoded);
+        });
+    });
+});
+const getAndValidateToken = (tokenRaw) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a, _b;
+    let token = '';
+    try {
+        if (!tokenRaw) {
+            (0, log_1.error)('no auth headers');
+            return {
+                error: (0, api_1.returnCode)(403, 'auth failed'),
+            };
+        }
+        token = tokenRaw.substr(tokenRaw.indexOf(' ') + 1);
+        let subject;
+        try {
+            yield jwtVerify(token);
+            const decoded = (0, jsonwebtoken_1.decode)(token);
+            (0, log_1.debug)(`decoded=${JSON.stringify(decoded)}`);
+            subject = decoded === null || decoded === void 0 ? void 0 : decoded.sub;
+            if (!subject) {
+                const mess = 'user should have responded with subject (sub) field';
+                (0, log_1.error)(mess);
+                throw new Error(mess);
+            }
+            let { picture } = decoded;
+            if (((_b = (_a = decoded === null || decoded === void 0 ? void 0 : decoded.identities) === null || _a === void 0 ? void 0 : _a[0]) === null || _b === void 0 ? void 0 : _b.providerName) === 'Facebook') {
+                picture = JSON.parse(decoded.picture).data.url;
+            }
+            const userId = decoded.email.toLowerCase();
+            const userProfile = {
+                isAdmin: ['andreigec@hotmail.com', 'andreigec@gmail.com'].includes(userId),
+                idJwt: decoded,
+                userId,
+                nickname: decoded.nickname || decoded['cognito:username'],
+                fullname: decoded.name || decoded['cognito:username'],
+                picture,
+                updatedAt: parseInt(`${decoded.auth_time}000`, 10),
+            };
+            if (!userProfile || !token || !userProfile.userId) {
+                (0, log_1.error)('auth fail');
+                return {
+                    error: (0, api_1.returnCode)(403, 'auth fail'),
+                };
+            }
+            return { token, userProfile };
+        }
+        catch (e) {
+            const ex = e;
+            // expiry is too common to log
+            if (ex.toString().indexOf('jwt expired') !== -1) {
+                (0, log_1.info)(`jwt fail:${e}`);
+            }
+            throw e;
+        }
+    }
+    catch (e) {
+        (0, log_1.error)('auth error', e);
+        return {
+            error: (0, api_1.returnCode)(403, 'auth fail'),
+        };
+    }
+});
+exports.getAndValidateToken = getAndValidateToken;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ag-common",
-  "version": "0.0.3",
+  "version": "0.0.4",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "dependencies": {
@@ -22,7 +22,11 @@
     "react-dom": "*",
     "react-hot-toast": "2.1.1",
     "rimraf": "*",
-    "typescript-styled-plugin": "*"
+    "typescript-styled-plugin": "*",
+    "openapi-request-validator": "9.3.1",
+    "@types/jsonwebtoken": "8.5.6",
+    "jsonwebtoken": "8.5.1",
+    "jwks-rsa": "2.0.5"
   },
   "peerDependencies": {
     "aws-lambda": "1.0.7",