agentlang 0.10.8 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +60 -0
- package/out/api/http.d.ts.map +1 -1
- package/out/api/http.js +64 -39
- package/out/api/http.js.map +1 -1
- package/out/cli/main.d.ts +1 -1
- package/out/cli/main.d.ts.map +1 -1
- package/out/cli/main.js +7 -3
- package/out/cli/main.js.map +1 -1
- package/out/extension/main.cjs +250 -250
- package/out/extension/main.cjs.map +2 -2
- package/out/language/main.cjs +504 -504
- package/out/language/main.cjs.map +3 -3
- package/out/runtime/auth/cognito.d.ts.map +1 -1
- package/out/runtime/auth/cognito.js +129 -64
- package/out/runtime/auth/cognito.js.map +1 -1
- package/out/runtime/defs.d.ts +22 -9
- package/out/runtime/defs.d.ts.map +1 -1
- package/out/runtime/defs.js +44 -9
- package/out/runtime/defs.js.map +1 -1
- package/out/runtime/document-retriever.d.ts +24 -0
- package/out/runtime/document-retriever.d.ts.map +1 -0
- package/out/runtime/document-retriever.js +258 -0
- package/out/runtime/document-retriever.js.map +1 -0
- package/out/runtime/errors/coded-error.d.ts +8 -0
- package/out/runtime/errors/coded-error.d.ts.map +1 -0
- package/out/runtime/errors/coded-error.js +13 -0
- package/out/runtime/errors/coded-error.js.map +1 -0
- package/out/runtime/errors/http-error.d.ts +25 -0
- package/out/runtime/errors/http-error.d.ts.map +1 -0
- package/out/runtime/errors/http-error.js +169 -0
- package/out/runtime/errors/http-error.js.map +1 -0
- package/out/runtime/excel-resolver.d.ts +4 -0
- package/out/runtime/excel-resolver.d.ts.map +1 -0
- package/out/runtime/excel-resolver.js +96 -0
- package/out/runtime/excel-resolver.js.map +1 -0
- package/out/runtime/excel.d.ts +25 -0
- package/out/runtime/excel.d.ts.map +1 -0
- package/out/runtime/excel.js +127 -0
- package/out/runtime/excel.js.map +1 -0
- package/out/runtime/exec-graph-cache.d.ts +5 -0
- package/out/runtime/exec-graph-cache.d.ts.map +1 -0
- package/out/runtime/exec-graph-cache.js +9 -0
- package/out/runtime/exec-graph-cache.js.map +1 -0
- package/out/runtime/exec-graph.d.ts.map +1 -1
- package/out/runtime/exec-graph.js +2 -1
- package/out/runtime/exec-graph.js.map +1 -1
- package/out/runtime/interpreter.d.ts.map +1 -1
- package/out/runtime/interpreter.js +30 -27
- package/out/runtime/interpreter.js.map +1 -1
- package/out/runtime/loader.d.ts.map +1 -1
- package/out/runtime/loader.js +5 -1
- package/out/runtime/loader.js.map +1 -1
- package/out/runtime/logger.d.ts +6 -0
- package/out/runtime/logger.d.ts.map +1 -1
- package/out/runtime/logger.js +21 -0
- package/out/runtime/logger.js.map +1 -1
- package/out/runtime/module.d.ts.map +1 -1
- package/out/runtime/module.js +14 -13
- package/out/runtime/module.js.map +1 -1
- package/out/runtime/modules/ai.d.ts +2 -1
- package/out/runtime/modules/ai.d.ts.map +1 -1
- package/out/runtime/modules/ai.js +7 -2
- package/out/runtime/modules/ai.js.map +1 -1
- package/out/runtime/modules/auth.d.ts.map +1 -1
- package/out/runtime/modules/auth.js +44 -16
- package/out/runtime/modules/auth.js.map +1 -1
- package/out/runtime/modules/core.d.ts +6 -0
- package/out/runtime/modules/core.d.ts.map +1 -1
- package/out/runtime/modules/core.js +20 -0
- package/out/runtime/modules/core.js.map +1 -1
- package/out/runtime/resolvers/sqldb/database.d.ts.map +1 -1
- package/out/runtime/resolvers/sqldb/database.js +76 -39
- package/out/runtime/resolvers/sqldb/database.js.map +1 -1
- package/out/runtime/resolvers/sqldb/db-errors.d.ts +6 -0
- package/out/runtime/resolvers/sqldb/db-errors.d.ts.map +1 -0
- package/out/runtime/resolvers/sqldb/db-errors.js +100 -0
- package/out/runtime/resolvers/sqldb/db-errors.js.map +1 -0
- package/out/runtime/resolvers/vector/lancedb-store.d.ts +16 -0
- package/out/runtime/resolvers/vector/lancedb-store.d.ts.map +1 -0
- package/out/runtime/resolvers/vector/lancedb-store.js +159 -0
- package/out/runtime/resolvers/vector/lancedb-store.js.map +1 -0
- package/out/runtime/resolvers/vector/types.d.ts +32 -0
- package/out/runtime/resolvers/vector/types.d.ts.map +1 -0
- package/out/runtime/resolvers/vector/types.js +2 -0
- package/out/runtime/resolvers/vector/types.js.map +1 -0
- package/out/runtime/state.d.ts +3 -0
- package/out/runtime/state.d.ts.map +1 -1
- package/out/runtime/state.js +7 -0
- package/out/runtime/state.js.map +1 -1
- package/out/setupClassic.d.ts +98 -0
- package/out/setupClassic.d.ts.map +1 -0
- package/out/setupClassic.js +38 -0
- package/out/setupClassic.js.map +1 -0
- package/out/setupCommon.d.ts +2 -0
- package/out/setupCommon.d.ts.map +1 -0
- package/out/setupCommon.js +33 -0
- package/out/setupCommon.js.map +1 -0
- package/out/setupExtended.d.ts +40 -0
- package/out/setupExtended.d.ts.map +1 -0
- package/out/setupExtended.js +67 -0
- package/out/setupExtended.js.map +1 -0
- package/package.json +19 -18
- package/src/api/http.ts +71 -37
- package/src/cli/main.ts +12 -4
- package/src/runtime/auth/cognito.ts +187 -65
- package/src/runtime/defs.ts +51 -18
- package/src/runtime/errors/coded-error.ts +18 -0
- package/src/runtime/errors/http-error.ts +197 -0
- package/src/runtime/exec-graph-cache.ts +12 -0
- package/src/runtime/exec-graph.ts +2 -2
- package/src/runtime/interpreter.ts +73 -28
- package/src/runtime/loader.ts +5 -0
- package/src/runtime/logger.ts +27 -0
- package/src/runtime/module.ts +45 -13
- package/src/runtime/modules/ai.ts +11 -2
- package/src/runtime/modules/auth.ts +45 -18
- package/src/runtime/modules/core.ts +26 -0
- package/src/runtime/resolvers/sqldb/database.ts +88 -37
- package/src/runtime/resolvers/sqldb/db-errors.ts +113 -0
- package/src/runtime/state.ts +7 -0
- package/src/xlsx.d.ts +17 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cognito.d.ts","sourceRoot":"","sources":["../../../src/runtime/auth/cognito.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,kBAAkB,EAElB,aAAa,EACb,cAAc,EACd,WAAW,EACX,cAAc,EACd,QAAQ,EACT,MAAM,gBAAgB,CAAC;AAYxB,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"cognito.d.ts","sourceRoot":"","sources":["../../../src/runtime/auth/cognito.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,kBAAkB,EAElB,aAAa,EACb,cAAc,EACd,WAAW,EACX,cAAc,EACd,QAAQ,EACT,MAAM,gBAAgB,CAAC;AAYxB,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAmVhD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,KAAK,GAAG,MAAM,CA0B1D;AAED,qBAAa,WAAY,YAAW,aAAa;IAC/C,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IACxC,QAAQ,EAAE,GAAG,CAAC;gBACF,MAAM,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC;IAUxC,eAAe,IAAI,MAAM;IAIzB,aAAa,IAAI,MAAM;IAIvB,OAAO,CAAC,WAAW;IAQb,MAAM,CACV,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,EACzC,GAAG,EAAE,WAAW,EAChB,EAAE,EAAE,cAAc,GACjB,OAAO,CAAC,IAAI,CAAC;IAyEV,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBxF,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBvE,4BAA4B,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC;IAqClF,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBlE,qBAAqB,CACzB,QAAQ,EAAE,MAAM,EAChB,gBAAgB,EAAE,MAAM,EACxB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,IAAI,CAAC;IAqBV,KAAK,CACT,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,WAAW,EAChB,EAAE,EAAE,aAAa,GAChB,OAAO,CAAC,IAAI,CAAC;IAwLV,MAAM,CAAC,WAAW,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,EAAE,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAsDtF,cAAc,CAClB,WAAW,EAAE,WAAW,EACxB,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,WAAW,GACf,OAAO,CAAC,OAAO,CAAC;IAuCnB,OAAO,CAAC,aAAa;IAOf,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6CzC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IA2E5D,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;IA2ElE,YAAY,CAAC,kBAAkB,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IAwEhF,UAAU,CACd,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,SAAS,EACtC,IAAI,EAAE,MAAM,GAAG,SAAS,EACxB,GAAG,EAAE,WAAW,EAChB,EAAE,EAAE,kBAAkB,GACrB,OAAO,CAAC,IAAI,CAAC;IAkGV,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IA0DjE,gBAAgB,CACpB,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,WAAW,GAChB,OAAO,CAAC,IAAI,CAAC;IA2CV,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,EAAE,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAwGhF,OAAO,CAAC,gBAAgB;IAiBlB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAuB3D,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAuB5D,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;CAsBlE"}
|
|
@@ -4,6 +4,7 @@ import { sleepMilliseconds, generateUrlSafePassword } from '../util.js';
|
|
|
4
4
|
import { CognitoJwtVerifier } from 'aws-jwt-verify';
|
|
5
5
|
import { isNodeEnv } from '../../utils/runtime.js';
|
|
6
6
|
import { UnauthorisedError, UserNotFoundError, UserNotConfirmedError, PasswordResetRequiredError, TooManyRequestsError, InvalidParameterError, ExpiredCodeError, CodeMismatchError, BadRequestError, } from '../defs.js';
|
|
7
|
+
import { createCodedError } from '../errors/coded-error.js';
|
|
7
8
|
let fromEnv = undefined;
|
|
8
9
|
let CognitoIdentityProviderClient = undefined;
|
|
9
10
|
let SignUpCommand = undefined;
|
|
@@ -71,117 +72,157 @@ function handleCognitoError(err, context) {
|
|
|
71
72
|
switch (err.name) {
|
|
72
73
|
case 'UserNotFoundException':
|
|
73
74
|
logger.debug(`User not found in context: ${context}`);
|
|
74
|
-
throw new UserNotFoundError('User account not found. Please check your email or sign up.'
|
|
75
|
+
throw new UserNotFoundError('User account not found. Please check your email or sign up.', {
|
|
76
|
+
agentlangCode: 'AL_COGNITO_USER_NOT_FOUND_EXCEPTION',
|
|
77
|
+
});
|
|
75
78
|
case 'NotAuthorizedException':
|
|
76
79
|
// Check if this is a password-related error vs other auth issues
|
|
77
80
|
if (err.message && err.message.includes('password')) {
|
|
78
81
|
logger.debug(`Invalid password attempt in context: ${context}`);
|
|
79
|
-
throw new UnauthorisedError('Invalid password. Please try again.'
|
|
82
|
+
throw new UnauthorisedError('Invalid password. Please try again.', {
|
|
83
|
+
agentlangCode: 'AL_COGNITO_INVALID_PASSWORD',
|
|
84
|
+
});
|
|
80
85
|
}
|
|
81
86
|
else if (err.message && err.message.includes('not confirmed')) {
|
|
82
87
|
logger.debug(`User not confirmed in context: ${context}`);
|
|
83
|
-
throw new UserNotConfirmedError(
|
|
88
|
+
throw new UserNotConfirmedError(undefined, {
|
|
89
|
+
agentlangCode: 'AL_COGNITO_NOT_CONFIRMED_MSG',
|
|
90
|
+
});
|
|
84
91
|
}
|
|
85
92
|
else {
|
|
86
93
|
logger.debug(`Authentication failed in context: ${context}`);
|
|
87
|
-
throw new UnauthorisedError('Authentication failed. Please check your credentials.'
|
|
94
|
+
throw new UnauthorisedError('Authentication failed. Please check your credentials.', {
|
|
95
|
+
agentlangCode: 'AL_COGNITO_AUTH_FAILED',
|
|
96
|
+
});
|
|
88
97
|
}
|
|
89
98
|
case 'UserNotConfirmedException':
|
|
90
99
|
logger.debug(`User not confirmed in context: ${context}`);
|
|
91
|
-
throw new UserNotConfirmedError(
|
|
100
|
+
throw new UserNotConfirmedError(undefined, {
|
|
101
|
+
agentlangCode: 'AL_COGNITO_USER_NOT_CONFIRMED_EX',
|
|
102
|
+
});
|
|
92
103
|
case 'PasswordResetRequiredException':
|
|
93
104
|
logger.debug(`Password reset required in context: ${context}`);
|
|
94
|
-
throw new PasswordResetRequiredError(
|
|
105
|
+
throw new PasswordResetRequiredError(undefined, {
|
|
106
|
+
agentlangCode: 'AL_COGNITO_PASSWORD_RESET_REQUIRED_EX',
|
|
107
|
+
});
|
|
95
108
|
case 'TooManyRequestsException':
|
|
96
109
|
logger.warn(`Rate limit exceeded in context: ${context}`);
|
|
97
|
-
throw new TooManyRequestsError();
|
|
110
|
+
throw new TooManyRequestsError(undefined, { agentlangCode: 'AL_COGNITO_TOO_MANY_REQUESTS' });
|
|
98
111
|
case 'TooManyFailedAttemptsException':
|
|
99
112
|
logger.warn(`Too many failed attempts in context: ${context}`);
|
|
100
|
-
throw new TooManyRequestsError('Too many failed login attempts. Please try again later.'
|
|
113
|
+
throw new TooManyRequestsError('Too many failed login attempts. Please try again later.', {
|
|
114
|
+
agentlangCode: 'AL_COGNITO_TOO_MANY_FAILED_ATTEMPTS',
|
|
115
|
+
});
|
|
101
116
|
case 'InvalidParameterException':
|
|
102
117
|
logger.debug(`Invalid parameters in context: ${context}`);
|
|
103
|
-
throw new InvalidParameterError(sanitizeErrorMessage(err.message) || 'Invalid parameters provided');
|
|
118
|
+
throw new InvalidParameterError(sanitizeErrorMessage(err.message) || 'Invalid parameters provided', { agentlangCode: 'AL_COGNITO_INVALID_PARAMETER_EX' });
|
|
104
119
|
case 'ExpiredCodeException':
|
|
105
120
|
logger.debug(`Expired code in context: ${context}`);
|
|
106
|
-
throw new ExpiredCodeError();
|
|
121
|
+
throw new ExpiredCodeError(undefined, { agentlangCode: 'AL_COGNITO_EXPIRED_CODE_EX' });
|
|
107
122
|
case 'CodeMismatchException':
|
|
108
123
|
logger.debug(`Code mismatch in context: ${context}`);
|
|
109
|
-
throw new CodeMismatchError();
|
|
124
|
+
throw new CodeMismatchError(undefined, { agentlangCode: 'AL_COGNITO_CODE_MISMATCH_EX' });
|
|
110
125
|
case 'UsernameExistsException':
|
|
111
126
|
logger.debug(`Username exists in context: ${context}`);
|
|
112
|
-
throw new BadRequestError('An account with this email already exists.'
|
|
127
|
+
throw new BadRequestError('An account with this email already exists.', {
|
|
128
|
+
agentlangCode: 'AL_COGNITO_USERNAME_EXISTS',
|
|
129
|
+
});
|
|
113
130
|
case 'InvalidPasswordException':
|
|
114
131
|
logger.debug(`Invalid password format in context: ${context}`);
|
|
115
|
-
throw new BadRequestError('Password does not meet requirements. It must be at least 8 characters long and contain uppercase, lowercase, numbers, and special characters.');
|
|
132
|
+
throw new BadRequestError('Password does not meet requirements. It must be at least 8 characters long and contain uppercase, lowercase, numbers, and special characters.', { agentlangCode: 'AL_COGNITO_INVALID_PASSWORD_FORMAT' });
|
|
116
133
|
case 'LimitExceededException':
|
|
117
134
|
logger.warn(`Service limit exceeded in context: ${context}`);
|
|
118
|
-
throw new TooManyRequestsError('Service limit exceeded. Please try again later.'
|
|
135
|
+
throw new TooManyRequestsError('Service limit exceeded. Please try again later.', {
|
|
136
|
+
agentlangCode: 'AL_COGNITO_LIMIT_EXCEEDED',
|
|
137
|
+
});
|
|
119
138
|
case 'InternalErrorException':
|
|
120
139
|
logger.error(`Internal Cognito error in context: ${context}`);
|
|
121
|
-
throw
|
|
140
|
+
throw createCodedError('Authentication service is temporarily unavailable. Please try again later.', 'AL_COGNITO_INTERNAL_ERROR_EX');
|
|
122
141
|
case 'ResourceNotFoundException':
|
|
123
142
|
logger.error(`Resource not found in context: ${context}`);
|
|
124
|
-
throw
|
|
143
|
+
throw createCodedError('Authentication service configuration error. Please contact support.', 'AL_COGNITO_RESOURCE_NOT_FOUND_EX');
|
|
125
144
|
case 'AliasExistsException':
|
|
126
145
|
logger.debug(`Alias exists in context: ${context}`);
|
|
127
|
-
throw new BadRequestError('An account with this email already exists.'
|
|
146
|
+
throw new BadRequestError('An account with this email already exists.', {
|
|
147
|
+
agentlangCode: 'AL_COGNITO_ALIAS_EXISTS',
|
|
148
|
+
});
|
|
128
149
|
case 'InvalidEmailRoleAccessPolicyException':
|
|
129
150
|
logger.error(`Invalid email role access policy in context: ${context}`);
|
|
130
|
-
throw
|
|
151
|
+
throw createCodedError('Email service configuration error. Please contact support.', 'AL_COGNITO_INVALID_EMAIL_ROLE_POLICY');
|
|
131
152
|
case 'UserLambdaValidationException':
|
|
132
153
|
logger.error(`User lambda validation error in context: ${context}`);
|
|
133
|
-
throw new BadRequestError('User validation failed. Please check your input and try again.'
|
|
154
|
+
throw new BadRequestError('User validation failed. Please check your input and try again.', {
|
|
155
|
+
agentlangCode: 'AL_COGNITO_USER_LAMBDA_VALIDATION',
|
|
156
|
+
});
|
|
134
157
|
case 'UnsupportedUserStateException':
|
|
135
158
|
logger.debug(`Unsupported user state in context: ${context}`);
|
|
136
|
-
throw new UserNotConfirmedError('User account is in an unsupported state. Please contact support.');
|
|
159
|
+
throw new UserNotConfirmedError('User account is in an unsupported state. Please contact support.', { agentlangCode: 'AL_COGNITO_UNSUPPORTED_USER_STATE' });
|
|
137
160
|
case 'MFAMethodNotFoundException':
|
|
138
161
|
logger.debug(`MFA method not found in context: ${context}`);
|
|
139
|
-
throw new BadRequestError('MFA method not found. Please set up MFA and try again.'
|
|
162
|
+
throw new BadRequestError('MFA method not found. Please set up MFA and try again.', {
|
|
163
|
+
agentlangCode: 'AL_COGNITO_MFA_NOT_FOUND',
|
|
164
|
+
});
|
|
140
165
|
case 'CodeDeliveryFailureException':
|
|
141
166
|
logger.error(`Code delivery failure in context: ${context}`);
|
|
142
|
-
throw
|
|
167
|
+
throw createCodedError('Unable to deliver verification code. Please try again later.', 'AL_COGNITO_CODE_DELIVERY_FAILURE');
|
|
143
168
|
case 'DuplicateProviderException':
|
|
144
169
|
logger.error(`Duplicate provider in context: ${context}`);
|
|
145
|
-
throw new BadRequestError('Authentication provider already exists.'
|
|
170
|
+
throw new BadRequestError('Authentication provider already exists.', {
|
|
171
|
+
agentlangCode: 'AL_COGNITO_DUPLICATE_PROVIDER',
|
|
172
|
+
});
|
|
146
173
|
case 'EnableSoftwareTokenMFAException':
|
|
147
174
|
logger.debug(`Software token MFA required in context: ${context}`);
|
|
148
|
-
throw new BadRequestError('Software token MFA setup required.'
|
|
175
|
+
throw new BadRequestError('Software token MFA setup required.', {
|
|
176
|
+
agentlangCode: 'AL_COGNITO_ENABLE_SOFTWARE_TOKEN_MFA',
|
|
177
|
+
});
|
|
149
178
|
case 'ForbiddenException':
|
|
150
179
|
logger.warn(`Forbidden access in context: ${context}`);
|
|
151
|
-
throw new UnauthorisedError('Access forbidden. Please check your permissions.'
|
|
180
|
+
throw new UnauthorisedError('Access forbidden. Please check your permissions.', {
|
|
181
|
+
agentlangCode: 'AL_COGNITO_FORBIDDEN',
|
|
182
|
+
});
|
|
152
183
|
case 'GroupExistsException':
|
|
153
184
|
logger.debug(`Group exists in context: ${context}`);
|
|
154
|
-
throw new BadRequestError('Group already exists.'
|
|
185
|
+
throw new BadRequestError('Group already exists.', {
|
|
186
|
+
agentlangCode: 'AL_COGNITO_GROUP_EXISTS',
|
|
187
|
+
});
|
|
155
188
|
case 'InvalidLambdaResponseException':
|
|
156
189
|
logger.error(`Invalid lambda response in context: ${context}`);
|
|
157
|
-
throw
|
|
190
|
+
throw createCodedError('Authentication service error. Please try again later.', 'AL_COGNITO_INVALID_LAMBDA_RESPONSE');
|
|
158
191
|
case 'InvalidOAuthFlowException':
|
|
159
192
|
logger.error(`Invalid OAuth flow in context: ${context}`);
|
|
160
|
-
throw new BadRequestError('Invalid OAuth flow. Please try again.'
|
|
193
|
+
throw new BadRequestError('Invalid OAuth flow. Please try again.', {
|
|
194
|
+
agentlangCode: 'AL_COGNITO_INVALID_OAUTH_FLOW',
|
|
195
|
+
});
|
|
161
196
|
case 'InvalidSmsRoleAccessPolicyException':
|
|
162
197
|
logger.error(`Invalid SMS role access policy in context: ${context}`);
|
|
163
|
-
throw
|
|
198
|
+
throw createCodedError('SMS service configuration error. Please contact support.', 'AL_COGNITO_INVALID_SMS_ROLE_POLICY');
|
|
164
199
|
case 'InvalidSmsRoleTrustRelationshipException':
|
|
165
200
|
logger.error(`Invalid SMS role trust relationship in context: ${context}`);
|
|
166
|
-
throw
|
|
201
|
+
throw createCodedError('SMS service configuration error. Please contact support.', 'AL_COGNITO_INVALID_SMS_TRUST');
|
|
167
202
|
case 'InvalidUserPoolConfigurationException':
|
|
168
203
|
logger.error(`Invalid user pool configuration in context: ${context}`);
|
|
169
|
-
throw
|
|
204
|
+
throw createCodedError('Authentication service configuration error. Please contact support.', 'AL_COGNITO_INVALID_USER_POOL_CONFIG');
|
|
170
205
|
case 'PreconditionNotMetException':
|
|
171
206
|
logger.debug(`Precondition not met in context: ${context}`);
|
|
172
|
-
throw new BadRequestError('Precondition not met. Please check your request and try again.'
|
|
207
|
+
throw new BadRequestError('Precondition not met. Please check your request and try again.', {
|
|
208
|
+
agentlangCode: 'AL_COGNITO_PRECONDITION_NOT_MET',
|
|
209
|
+
});
|
|
173
210
|
case 'ScopeDoesNotExistException':
|
|
174
211
|
logger.error(`Scope does not exist in context: ${context}`);
|
|
175
|
-
throw new BadRequestError('Invalid scope. Please check your request.'
|
|
212
|
+
throw new BadRequestError('Invalid scope. Please check your request.', {
|
|
213
|
+
agentlangCode: 'AL_COGNITO_SCOPE_MISSING',
|
|
214
|
+
});
|
|
176
215
|
case 'UnexpectedLambdaException':
|
|
177
216
|
logger.error(`Unexpected lambda exception in context: ${context}`);
|
|
178
|
-
throw
|
|
217
|
+
throw createCodedError('Authentication service error. Please try again later.', 'AL_COGNITO_UNEXPECTED_LAMBDA');
|
|
179
218
|
case 'UserImportInProgressException':
|
|
180
219
|
logger.warn(`User import in progress in context: ${context}`);
|
|
181
|
-
throw new TooManyRequestsError('User import in progress. Please try again later.'
|
|
220
|
+
throw new TooManyRequestsError('User import in progress. Please try again later.', {
|
|
221
|
+
agentlangCode: 'AL_COGNITO_USER_IMPORT_IN_PROGRESS',
|
|
222
|
+
});
|
|
182
223
|
case 'UserPoolTaggingException':
|
|
183
224
|
logger.error(`User pool tagging exception in context: ${context}`);
|
|
184
|
-
throw
|
|
225
|
+
throw createCodedError('Authentication service configuration error. Please contact support.', 'AL_COGNITO_USER_POOL_TAGGING');
|
|
185
226
|
default:
|
|
186
227
|
// For any other errors, throw a generic error with sanitized message
|
|
187
228
|
logger.error(`Unhandled Cognito error: ${err.name}`, {
|
|
@@ -189,7 +230,7 @@ function handleCognitoError(err, context) {
|
|
|
189
230
|
errorCode: err.code,
|
|
190
231
|
context: context,
|
|
191
232
|
});
|
|
192
|
-
throw
|
|
233
|
+
throw createCodedError(`Authentication error: ${sanitizeErrorMessage(err.message) || 'An unexpected error occurred'}`, 'AL_COGNITO_UNHANDLED');
|
|
193
234
|
}
|
|
194
235
|
}
|
|
195
236
|
// Helper function to sanitize error messages to prevent sensitive information exposure
|
|
@@ -260,7 +301,7 @@ export class CognitoAuth {
|
|
|
260
301
|
if (id) {
|
|
261
302
|
return id;
|
|
262
303
|
}
|
|
263
|
-
throw
|
|
304
|
+
throw createCodedError(`${k} is not set`, 'AL_COGNITO_CONFIG_KEY_MISSING');
|
|
264
305
|
}
|
|
265
306
|
async signUp(firstName, lastName, username, password, userData, env, cb) {
|
|
266
307
|
const client = new CognitoIdentityProviderClient({
|
|
@@ -318,7 +359,9 @@ export class CognitoAuth {
|
|
|
318
359
|
username: username,
|
|
319
360
|
statusCode: response.$metadata.httpStatusCode,
|
|
320
361
|
});
|
|
321
|
-
throw new BadRequestError(`Signup failed with status ${response.$metadata.httpStatusCode}
|
|
362
|
+
throw new BadRequestError(`Signup failed with status ${response.$metadata.httpStatusCode}`, {
|
|
363
|
+
agentlangCode: 'AL_COGNITO_SIGNUP_HTTP_STATUS',
|
|
364
|
+
});
|
|
322
365
|
}
|
|
323
366
|
}
|
|
324
367
|
catch (err) {
|
|
@@ -461,11 +504,11 @@ export class CognitoAuth {
|
|
|
461
504
|
},
|
|
462
505
|
mfaRequired: (challengeName, _challengeParameters) => {
|
|
463
506
|
logger.info(`MFA required for user ${username}: ${challengeName}`);
|
|
464
|
-
authError =
|
|
507
|
+
authError = createCodedError('MFA authentication required', 'AL_COGNITO_MFA_REQUIRED');
|
|
465
508
|
},
|
|
466
509
|
newPasswordRequired: (_userAttributes, _requiredAttributes) => {
|
|
467
510
|
logger.info(`New password required for user ${username}`);
|
|
468
|
-
authError = new PasswordResetRequiredError('New password required. Please reset your password.');
|
|
511
|
+
authError = new PasswordResetRequiredError('New password required. Please reset your password.', { agentlangCode: 'AL_COGNITO_NEW_PASSWORD_REQUIRED_CHALLENGE' });
|
|
469
512
|
},
|
|
470
513
|
});
|
|
471
514
|
while (result === undefined && authError === undefined) {
|
|
@@ -513,7 +556,9 @@ export class CognitoAuth {
|
|
|
513
556
|
}
|
|
514
557
|
else {
|
|
515
558
|
logger.error(`Login failed for ${username} - no result received`);
|
|
516
|
-
throw new UnauthorisedError('Login failed. Please try again.'
|
|
559
|
+
throw new UnauthorisedError('Login failed. Please try again.', {
|
|
560
|
+
agentlangCode: 'AL_COGNITO_LOGIN_NO_RESULT_SDK',
|
|
561
|
+
});
|
|
517
562
|
}
|
|
518
563
|
}
|
|
519
564
|
else {
|
|
@@ -546,11 +591,11 @@ export class CognitoAuth {
|
|
|
546
591
|
},
|
|
547
592
|
mfaRequired: (challengeName, _challengeParameters) => {
|
|
548
593
|
logger.info(`MFA required for user ${username}: ${challengeName}`);
|
|
549
|
-
authError =
|
|
594
|
+
authError = createCodedError('MFA authentication required', 'AL_COGNITO_MFA_REQUIRED_LOCAL');
|
|
550
595
|
},
|
|
551
596
|
newPasswordRequired: (_userAttributes, _requiredAttributes) => {
|
|
552
597
|
logger.info(`New password required for user ${username}`);
|
|
553
|
-
authError = new PasswordResetRequiredError('New password required. Please reset your password.');
|
|
598
|
+
authError = new PasswordResetRequiredError('New password required. Please reset your password.', { agentlangCode: 'AL_COGNITO_NEW_PASSWORD_REQUIRED_CHALLENGE_LOCAL' });
|
|
554
599
|
},
|
|
555
600
|
});
|
|
556
601
|
while (result === undefined && authError === undefined) {
|
|
@@ -585,7 +630,9 @@ export class CognitoAuth {
|
|
|
585
630
|
}
|
|
586
631
|
else {
|
|
587
632
|
logger.error(`Login failed for ${username} - no result received`);
|
|
588
|
-
throw new UnauthorisedError('Login failed. Please try again.'
|
|
633
|
+
throw new UnauthorisedError('Login failed. Please try again.', {
|
|
634
|
+
agentlangCode: 'AL_COGNITO_LOGIN_NO_RESULT_LOCAL',
|
|
635
|
+
});
|
|
589
636
|
}
|
|
590
637
|
}
|
|
591
638
|
}
|
|
@@ -682,7 +729,7 @@ export class CognitoAuth {
|
|
|
682
729
|
if (this.userPool) {
|
|
683
730
|
return this.userPool;
|
|
684
731
|
}
|
|
685
|
-
throw
|
|
732
|
+
throw createCodedError('UserPool not initialized', 'AL_COGNITO_USER_POOL_NOT_INIT');
|
|
686
733
|
}
|
|
687
734
|
async verifyToken(token) {
|
|
688
735
|
try {
|
|
@@ -701,24 +748,34 @@ export class CognitoAuth {
|
|
|
701
748
|
});
|
|
702
749
|
// Handle specific token verification errors
|
|
703
750
|
if (err.message && err.message.includes('expired')) {
|
|
704
|
-
throw new UnauthorisedError('Token has expired. Please login again.'
|
|
751
|
+
throw new UnauthorisedError('Token has expired. Please login again.', {
|
|
752
|
+
agentlangCode: 'AL_COGNITO_TOKEN_EXPIRED',
|
|
753
|
+
});
|
|
705
754
|
}
|
|
706
755
|
if (err.message && err.message.includes('invalid')) {
|
|
707
|
-
throw new UnauthorisedError('Invalid token format.'
|
|
756
|
+
throw new UnauthorisedError('Invalid token format.', {
|
|
757
|
+
agentlangCode: 'AL_COGNITO_TOKEN_INVALID',
|
|
758
|
+
});
|
|
708
759
|
}
|
|
709
760
|
if (err.message && err.message.includes('not before')) {
|
|
710
|
-
throw new UnauthorisedError('Token is not yet valid.'
|
|
761
|
+
throw new UnauthorisedError('Token is not yet valid.', {
|
|
762
|
+
agentlangCode: 'AL_COGNITO_TOKEN_NOT_YET_VALID',
|
|
763
|
+
});
|
|
711
764
|
}
|
|
712
765
|
if (err.message && err.message.includes('audience')) {
|
|
713
|
-
throw new UnauthorisedError('Token audience mismatch.'
|
|
766
|
+
throw new UnauthorisedError('Token audience mismatch.', {
|
|
767
|
+
agentlangCode: 'AL_COGNITO_TOKEN_AUDIENCE',
|
|
768
|
+
});
|
|
714
769
|
}
|
|
715
|
-
throw new UnauthorisedError(`Token verification failed: ${sanitizeErrorMessage(err.message) || 'Invalid token'}
|
|
770
|
+
throw new UnauthorisedError(`Token verification failed: ${sanitizeErrorMessage(err.message) || 'Invalid token'}`, { agentlangCode: 'AL_COGNITO_TOKEN_VERIFY_FAILED' });
|
|
716
771
|
}
|
|
717
772
|
}
|
|
718
773
|
async getUser(userId, env) {
|
|
719
774
|
const localUser = await findUser(userId, env);
|
|
720
775
|
if (!localUser) {
|
|
721
|
-
throw new UserNotFoundError(`User ${userId} not found in local database
|
|
776
|
+
throw new UserNotFoundError(`User ${userId} not found in local database`, {
|
|
777
|
+
agentlangCode: 'AL_COGNITO_USER_NOT_FOUND_LOCAL_ID',
|
|
778
|
+
});
|
|
722
779
|
}
|
|
723
780
|
const userEmail = localUser.lookup('email');
|
|
724
781
|
const firstName = localUser.lookup('firstName');
|
|
@@ -786,7 +843,9 @@ export class CognitoAuth {
|
|
|
786
843
|
async getUserByEmail(email, env) {
|
|
787
844
|
const localUser = await findUserByEmail(email, env);
|
|
788
845
|
if (!localUser) {
|
|
789
|
-
throw new UserNotFoundError(`User with email ${email} not found in local database
|
|
846
|
+
throw new UserNotFoundError(`User with email ${email} not found in local database`, {
|
|
847
|
+
agentlangCode: 'AL_COGNITO_USER_NOT_FOUND_LOCAL_EMAIL',
|
|
848
|
+
});
|
|
790
849
|
}
|
|
791
850
|
const userId = localUser.lookup('id');
|
|
792
851
|
const firstName = localUser.lookup('firstName');
|
|
@@ -867,7 +926,9 @@ export class CognitoAuth {
|
|
|
867
926
|
});
|
|
868
927
|
const response = await client.send(command);
|
|
869
928
|
if (!response.AuthenticationResult) {
|
|
870
|
-
throw new UnauthorisedError('Token refresh failed'
|
|
929
|
+
throw new UnauthorisedError('Token refresh failed', {
|
|
930
|
+
agentlangCode: 'AL_COGNITO_TOKEN_REFRESH_NO_RESULT',
|
|
931
|
+
});
|
|
871
932
|
}
|
|
872
933
|
const newIdToken = response.AuthenticationResult.IdToken;
|
|
873
934
|
const newAccessToken = response.AuthenticationResult.AccessToken;
|
|
@@ -897,7 +958,9 @@ export class CognitoAuth {
|
|
|
897
958
|
catch (err) {
|
|
898
959
|
logger.error(`Refresh token operation failed: ${err.message}`);
|
|
899
960
|
if (err.name === 'NotAuthorizedException') {
|
|
900
|
-
throw new UnauthorisedError('Invalid or expired refresh token'
|
|
961
|
+
throw new UnauthorisedError('Invalid or expired refresh token', {
|
|
962
|
+
agentlangCode: 'AL_COGNITO_REFRESH_NOT_AUTHORIZED',
|
|
963
|
+
});
|
|
901
964
|
}
|
|
902
965
|
handleCognitoError(err, 'refreshToken');
|
|
903
966
|
throw err; // This line won't be reached due to handleCognitoError throwing
|
|
@@ -970,7 +1033,7 @@ export class CognitoAuth {
|
|
|
970
1033
|
email: email,
|
|
971
1034
|
statusCode: response.$metadata.httpStatusCode,
|
|
972
1035
|
});
|
|
973
|
-
throw new BadRequestError(`User invitation failed with status ${response.$metadata.httpStatusCode}
|
|
1036
|
+
throw new BadRequestError(`User invitation failed with status ${response.$metadata.httpStatusCode}`, { agentlangCode: 'AL_COGNITO_INVITE_HTTP_STATUS' });
|
|
974
1037
|
}
|
|
975
1038
|
}
|
|
976
1039
|
catch (err) {
|
|
@@ -997,7 +1060,9 @@ export class CognitoAuth {
|
|
|
997
1060
|
}
|
|
998
1061
|
catch (err) {
|
|
999
1062
|
if (err.name === 'UserNotFoundException') {
|
|
1000
|
-
throw new UserNotFoundError(`User ${email} not found. Cannot resend invitation
|
|
1063
|
+
throw new UserNotFoundError(`User ${email} not found. Cannot resend invitation.`, {
|
|
1064
|
+
agentlangCode: 'AL_COGNITO_RESEND_USER_NOT_FOUND',
|
|
1065
|
+
});
|
|
1001
1066
|
}
|
|
1002
1067
|
throw err;
|
|
1003
1068
|
}
|
|
@@ -1017,7 +1082,7 @@ export class CognitoAuth {
|
|
|
1017
1082
|
email: email,
|
|
1018
1083
|
statusCode: response.$metadata.httpStatusCode,
|
|
1019
1084
|
});
|
|
1020
|
-
throw new BadRequestError(`Failed to resend invitation with status ${response.$metadata.httpStatusCode}
|
|
1085
|
+
throw new BadRequestError(`Failed to resend invitation with status ${response.$metadata.httpStatusCode}`, { agentlangCode: 'AL_COGNITO_RESEND_INVITE_HTTP_STATUS' });
|
|
1021
1086
|
}
|
|
1022
1087
|
}
|
|
1023
1088
|
catch (err) {
|
|
@@ -1060,7 +1125,7 @@ export class CognitoAuth {
|
|
|
1060
1125
|
logger.info(`User invitation accepted successfully for: ${email}`);
|
|
1061
1126
|
}
|
|
1062
1127
|
else {
|
|
1063
|
-
throw
|
|
1128
|
+
throw createCodedError(`Unexpected challenge: ${initResponse.ChallengeName}`, 'AL_COGNITO_UNEXPECTED_CHALLENGE');
|
|
1064
1129
|
}
|
|
1065
1130
|
}
|
|
1066
1131
|
catch (err) {
|
|
@@ -1071,7 +1136,7 @@ export class CognitoAuth {
|
|
|
1071
1136
|
async callback(code, env, cb) {
|
|
1072
1137
|
try {
|
|
1073
1138
|
if (!isNodeEnv) {
|
|
1074
|
-
throw
|
|
1139
|
+
throw createCodedError('Callback authentication is only supported in Node.js environment', 'AL_COGNITO_CALLBACK_NODE_ONLY');
|
|
1075
1140
|
}
|
|
1076
1141
|
const clientId = this.fetchConfig('ClientId');
|
|
1077
1142
|
const region = process.env.AWS_REGION || 'us-east-1';
|
|
@@ -1095,11 +1160,11 @@ export class CognitoAuth {
|
|
|
1095
1160
|
});
|
|
1096
1161
|
if (!response.ok) {
|
|
1097
1162
|
const errorText = await response.text();
|
|
1098
|
-
throw
|
|
1163
|
+
throw createCodedError(`Token exchange failed: ${response.status} ${errorText}`, 'AL_COGNITO_TOKEN_EXCHANGE_FAILED');
|
|
1099
1164
|
}
|
|
1100
1165
|
const tokenData = await response.json();
|
|
1101
1166
|
if (!tokenData.access_token || !tokenData.id_token || !tokenData.refresh_token) {
|
|
1102
|
-
throw
|
|
1167
|
+
throw createCodedError('Missing required tokens in response', 'AL_COGNITO_MISSING_TOKENS');
|
|
1103
1168
|
}
|
|
1104
1169
|
const { access_token: AccessToken, id_token: IdToken, refresh_token: RefreshToken, } = tokenData;
|
|
1105
1170
|
const idTokenPayload = this.decodeJwtPayload(IdToken);
|
|
@@ -1108,7 +1173,7 @@ export class CognitoAuth {
|
|
|
1108
1173
|
const lastName = idTokenPayload['family_name'] || '';
|
|
1109
1174
|
const userGroups = idTokenPayload['cognito:groups'];
|
|
1110
1175
|
if (!userEmail) {
|
|
1111
|
-
throw
|
|
1176
|
+
throw createCodedError('Email not found in ID attributes', 'AL_COGNITO_EMAIL_MISSING_IN_ID');
|
|
1112
1177
|
}
|
|
1113
1178
|
let localUser = await findUserByEmail(userEmail, env);
|
|
1114
1179
|
if (!localUser) {
|
|
@@ -1149,7 +1214,7 @@ export class CognitoAuth {
|
|
|
1149
1214
|
}
|
|
1150
1215
|
catch (err) {
|
|
1151
1216
|
logger.error(`Failed to decode JWT payload: ${err}`);
|
|
1152
|
-
throw
|
|
1217
|
+
throw createCodedError('Invalid JWT token', 'AL_COGNITO_INVALID_JWT_PAYLOAD');
|
|
1153
1218
|
}
|
|
1154
1219
|
}
|
|
1155
1220
|
async deleteUser(email, _env) {
|