ag-common 0.0.88 → 0.0.92

package/dist/api/helpers/openApiHelpers.d.ts

@@ -1,13 +1,13 @@
 import { aws_certificatemanager as certmgr, aws_route53 as route53 } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
-import { ILambdaPermissions } from '../types';
+import { ILambdaConfigs } from '../types';
 export declare const openApiImpl: (p: {
     schema: any;
     stack: Construct;
     NODE_ENV: string;
     baseUrl: string;
     endpointsBase: string;
-    lambdaPermissions: ILambdaPermissions;
+    lambdaConfig: ILambdaConfigs;
     certificate: certmgr.ICertificate;
     hostedZone: route53.IHostedZone;
     shortStackName: string;

package/dist/api/helpers/openApiHelpers.js

@@ -34,17 +34,17 @@ const setUpApiGw = ({ stack, NODE_ENV, baseUrl, certificate, hostedZone, shortSt
     });
     return api;
 };
-const setupLambda = ({ lambdaPermissions, pathV, verb, seenPermissions, }) => {
+const setupLambda = ({ lambdaConfig, pathV, verb, seenPermissions, }) => {
     var _a, _b, _c, _d;
     const pathCompute = pathV + '/' + verb;
-    const lp = lambdaPermissions === null || lambdaPermissions === void 0 ? void 0 : lambdaPermissions[pathCompute];
+    const lp = lambdaConfig === null || lambdaConfig === void 0 ? void 0 : lambdaConfig[pathCompute];
     if (lp) {
         seenPermissions[pathCompute] = true;
     }
     else {
         seenPermissions[pathCompute] = false;
     }
-    const def = lambdaPermissions === null || lambdaPermissions === void 0 ? void 0 : lambdaPermissions.default;
+    const def = lambdaConfig === null || lambdaConfig === void 0 ? void 0 : lambdaConfig.default;
     if (def) {
         seenPermissions.default = true;
     }
@@ -52,13 +52,14 @@ const setupLambda = ({ lambdaPermissions, pathV, verb, seenPermissions, }) => {
     const readTables = (0, distinctBy_1.distinctBy)([...(((_a = def === null || def === void 0 ? void 0 : def.dynamo) === null || _a === void 0 ? void 0 : _a.reads) || []), ...(((_b = lp === null || lp === void 0 ? void 0 : lp.dynamo) === null || _b === void 0 ? void 0 : _b.reads) || [])], (s) => s.shortName);
     const writeTables = (0, distinctBy_1.distinctBy)([...(((_c = def === null || def === void 0 ? void 0 : def.dynamo) === null || _c === void 0 ? void 0 : _c.writes) || []), ...(((_d = lp === null || lp === void 0 ? void 0 : lp.dynamo) === null || _d === void 0 ? void 0 : _d.writes) || [])], (s) => s.shortName);
     const policies = [...(def.policies || []), ...((lp === null || lp === void 0 ? void 0 : lp.policies) || [])].filter(__1.notEmpty);
+    const layers = [...(def.layers || []), ...((lp === null || lp === void 0 ? void 0 : lp.layers) || [])].filter(__1.notEmpty);
     const env = Object.assign(Object.assign({}, (def.env || {})), ((lp === null || lp === void 0 ? void 0 : lp.env) || {}));
     const tables = [...readTables, ...writeTables];
     const environment = env;
     Object.values(tables).forEach((v) => {
         environment[v.shortName] = v.table.tableName;
     });
-    return { environment, readTables, writeTables, policies };
+    return { environment, readTables, writeTables, policies, layers };
 };
 const addApiPaths = (api, pathList, apiRoots) => {
     let pathBuild = '';
@@ -83,7 +84,7 @@ const openApiImpl = (p) => {
     if (!p.schema) {
         throw new Error('no openapi schema found');
     }
-    const { stack, NODE_ENV, endpointsBase, lambdaPermissions } = p;
+    const { stack, NODE_ENV, endpointsBase, lambdaConfig } = p;
     const paths = getPaths(p.schema);
     const api = setUpApiGw(p);
     const apiRoots = {};
@@ -91,8 +92,8 @@ const openApiImpl = (p) => {
     paths.forEach(({ fullPath, verbs, pathList }) => {
         const apiPath = addApiPaths(api, pathList, apiRoots);
         verbs.forEach((verb) => {
-            const { environment, readTables, writeTables, policies } = setupLambda({
-                lambdaPermissions,
+            const { environment, readTables, writeTables, policies, layers } = setupLambda({
+                lambdaConfig,
                 pathV: fullPath,
                 verb,
                 seenPermissions,
@@ -113,6 +114,7 @@ const openApiImpl = (p) => {
                 },
                 reservedConcurrentExecutions: 5,
                 logRetention: aws_cdk_lib_1.aws_logs.RetentionDays.FIVE_DAYS,
+                layers,
             });
             readTables.forEach((t) => t.table.grantReadData(lambdaV));
             writeTables.forEach((t) => t.table.grantReadWriteData(lambdaV));
@@ -121,7 +123,7 @@ const openApiImpl = (p) => {
             apiPath.addMethod(verb.toUpperCase(), new aws_cdk_lib_1.aws_apigateway.LambdaIntegration(lambdaV, {}));
         });
     });
-    Object.keys(lambdaPermissions).forEach((k) => {
+    Object.keys(lambdaConfig).forEach((k) => {
         if (!seenPermissions[k] || seenPermissions[k] === false) {
             (0, log_1.warn)(`unused permissions for '${k}', did you mean one of these paths?=`, Object.entries(seenPermissions)
                 .filter(([, b]) => !b)

package/dist/api/helpers/validations.d.ts

@@ -1,7 +1,11 @@
 import { error } from '../../common/helpers/log';
 import { User } from '../../ui/helpers/jwt';
 import { APIGatewayProxyResult } from '../types';
-export declare const getAndValidateToken: ({ tokenRaw, COGNITO_USER_POOL_ID, }: {
+export declare const getAndValidateToken: ({ tokenRaw, jwksRegion, COGNITO_USER_POOL_ID, }: {
+    /**
+     * default ap-southeast-2
+     */
+    jwksRegion?: string | undefined;
     tokenRaw?: string | undefined;
     COGNITO_USER_POOL_ID: string;
 }) => Promise<{

package/dist/api/helpers/validations.js

@@ -19,9 +19,7 @@ const jsonwebtoken_1 = require("jsonwebtoken");
 const log_1 = require("../../common/helpers/log");
 const api_1 = require("./api");
 let jwksClient;
-const jwtVerify = ({ COGNITO_USER_POOL_ID, token, }) => __awaiter(void 0, void 0, void 0, function* () {
-    const jwksUri = `https://cognito-idp.ap-southeast-2.amazonaws.com/${COGNITO_USER_POOL_ID}/.well-known/jwks.json`;
-    const issuer = `https://cognito-idp.ap-southeast-2.amazonaws.com/${COGNITO_USER_POOL_ID}`;
+const jwtVerify = ({ token, jwksUri, issuer, }) => __awaiter(void 0, void 0, void 0, function* () {
     return new Promise((resolve, reject) => {
         (0, jsonwebtoken_1.verify)(token, (header, callback) => {
             if (!jwksClient) {
@@ -60,22 +58,39 @@ const jwtVerify = ({ COGNITO_USER_POOL_ID, token, }) => __awaiter(void 0, void 0
         });
     });
 });
-const getAndValidateToken = ({ tokenRaw, COGNITO_USER_POOL_ID, }) => __awaiter(void 0, void 0, void 0, function* () {
+const getAndValidateToken = ({ tokenRaw, jwksRegion = 'ap-southeast-2', COGNITO_USER_POOL_ID, }) => __awaiter(void 0, void 0, void 0, function* () {
     var _a, _b;
+    const jwksUri = `https://cognito-idp.${jwksRegion}.amazonaws.com/${COGNITO_USER_POOL_ID}/.well-known/jwks.json`;
+    const issuer = `https://cognito-idp.${jwksRegion}.amazonaws.com/${COGNITO_USER_POOL_ID}`;
     let token = '';
     try {
         if (!tokenRaw) {
-            (0, log_1.error)('no auth headers');
+            const m = 'no auth headers, auth failed';
+            (0, log_1.error)(m);
             return {
-                error: (0, api_1.returnCode)(403, 'auth failed'),
+                error: (0, api_1.returnCode)(403, m),
             };
         }
         token = tokenRaw.substring(tokenRaw.indexOf(' ') + 1);
+        if (!token) {
+            const m = 'auth error: no token';
+            (0, log_1.error)(m);
+            return {
+                error: (0, api_1.returnCode)(403, m),
+            };
+        }
         let subject;
         try {
-            yield jwtVerify({ token, COGNITO_USER_POOL_ID });
+            yield jwtVerify({ token, jwksUri, issuer });
             const decoded = (0, jsonwebtoken_1.decode)(token);
             (0, log_1.debug)(`decoded=${JSON.stringify(decoded, null, 2)}`);
+            if (!decoded.email) {
+                const m = 'auth error, no email';
+                (0, log_1.error)(m);
+                return {
+                    error: (0, api_1.returnCode)(403, m),
+                };
+            }
             subject = decoded === null || decoded === void 0 ? void 0 : decoded.sub;
             if (!subject) {
                 const mess = 'user should have responded with subject (sub) field';
@@ -96,12 +111,6 @@ const getAndValidateToken = ({ tokenRaw, COGNITO_USER_POOL_ID, }) => __awaiter(v
                 picture,
                 updatedAt: parseInt(`${decoded.auth_time}000`, 10),
             };
-            if (!userProfile || !token || !userProfile.userId) {
-                (0, log_1.error)('auth fail');
-                return {
-                    error: (0, api_1.returnCode)(403, 'auth fail'),
-                };
-            }
             return { token, userProfile };
         }
         catch (e) {
@@ -114,9 +123,10 @@ const getAndValidateToken = ({ tokenRaw, COGNITO_USER_POOL_ID, }) => __awaiter(v
         }
     }
     catch (e) {
-        (0, log_1.error)('auth error', e);
+        const m = 'auth error:' + JSON.stringify(e, null, 2);
+        (0, log_1.error)(m);
         return {
-            error: (0, api_1.returnCode)(403, 'auth fail'),
+            error: (0, api_1.returnCode)(403, m),
         };
     }
 });

package/dist/api/types/index.d.ts

@@ -1,4 +1,4 @@
-import { aws_dynamodb as dynamodb, aws_iam as iam } from 'aws-cdk-lib';
+import { aws_dynamodb as dynamodb, aws_iam as iam, aws_lambda as lambda } from 'aws-cdk-lib';
 import { Key } from './aws';
 export interface DYNAMOKEYS {
     type: string;
@@ -17,17 +17,18 @@ export interface IGeneratedDynamoData {
     table: dynamodb.ITable;
     shortName: string;
 }
-export interface ILambdaPermission {
+export interface ILambdaConfig {
     dynamo?: {
         reads?: IGeneratedDynamoData[];
         writes?: IGeneratedDynamoData[];
     };
     policies?: iam.PolicyStatement[];
     env?: Record<string, string>;
+    layers?: lambda.ILayerVersion[];
 }
-export interface ILambdaPermissions {
-    [pathHyphenVerb: string]: ILambdaPermission & {
-        default?: ILambdaPermission;
+export interface ILambdaConfigs {
+    [pathHyphenVerb: string]: ILambdaConfig & {
+        default?: ILambdaConfig;
     };
 }
 export interface IQueryDynamo {

package/dist/ui/helpers/cognito.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="react" />
 export declare type TOnMessage = (m: string, options?: {
     appearance: 'error' | 'success';
 }) => void;
@@ -12,20 +11,3 @@ export interface ICognitoAuth {
     cognitoRefresh: string;
     vendToken: string;
 }
-export interface ICognitoAuthProviderProps {
-    redirectUrl?: string;
-    location: {
-        pathname: string;
-        hash: string;
-        search: string;
-        origin: string;
-    };
-    goToPageUrl: ({ url, state, login, }: {
-        url: string;
-        state?: any;
-        login: boolean;
-    }) => Promise<void>;
-    children: JSX.Element | JSX.Element[];
-    config: ICognitoAuth;
-    onMessage?: TOnMessage;
-}

package/dist/ui/helpers/routes.d.ts

@@ -1,7 +1,5 @@
-/// <reference types="react" />
 import { TLang } from '../..';
-import { ICognitoAuth, ICognitoAuthProviderProps } from './cognito';
-import { AuthedUserContext } from './jwt';
+import { ICognitoAuth } from './cognito';
 export interface LocationSubset {
     pathname: string;
     hash: string;
@@ -30,7 +28,5 @@ export interface IRequestCommon {
 export interface IStateCommon<TRequest extends IRequestCommon> extends IInitialStateCommon {
     request: TRequest;
     auth: ICognitoAuth;
-    CognitoAuthContext: React.Context<AuthedUserContext>;
-    CognitoAuthProvider: (p: ICognitoAuthProviderProps) => JSX.Element;
     pushPath: (path: string) => Promise<void>;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ag-common",
-  "version": "0.0.88",
+  "version": "0.0.92",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
   "author": "Andrei Gec <@andreigec> (https://gec.dev/)",