aws-service-stack 0.18.373 → 0.18.375
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/controller/controller-api.d.ts +1 -4
- package/dist/controller/controller-api.js +2 -16
- package/dist/controller/controller-api.js.map +1 -1
- package/dist/controller/controller-role.d.ts +20 -23
- package/dist/controller/controller-role.js +122 -39
- package/dist/controller/controller-role.js.map +1 -1
- package/dist/function/cognito/cognito.function.d.ts +11 -1
- package/dist/function/cognito/cognito.function.js +23 -0
- package/dist/function/cognito/cognito.function.js.map +1 -1
- package/dist/function/cognito/index.d.ts +3 -1
- package/dist/function/cognito/index.js +2 -0
- package/dist/function/cognito/index.js.map +1 -1
- package/dist/function/index.d.ts +2 -0
- package/dist/utils/data.util.d.ts +20 -0
- package/dist/utils/data.util.js +73 -0
- package/dist/utils/data.util.js.map +1 -0
- package/dist/utils/date.util.d.ts +13 -0
- package/dist/utils/date.util.js +35 -0
- package/dist/utils/date.util.js.map +1 -1
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.js +1 -0
- package/dist/utils/index.js.map +1 -1
- package/package.json +31 -31
|
@@ -15,10 +15,7 @@ export declare abstract class ControllerApi<R extends BaseEntity, T extends Crud
|
|
|
15
15
|
processCrudRequestPre(req: HttpRequest): Promise<HttpRequest>;
|
|
16
16
|
processCrudRequestPost(request: HttpRequest, response: R | List<R>): Promise<R | List<R>>;
|
|
17
17
|
protected handleList(methode: HttpMethod, path: string, request: HttpRequest): Promise<any>;
|
|
18
|
-
protected handlePermission(req: HttpRequest, path: string): Promise<
|
|
19
|
-
groupName: string;
|
|
20
|
-
description?: string;
|
|
21
|
-
}>;
|
|
18
|
+
protected handlePermission(req: HttpRequest, path: string): Promise<any>;
|
|
22
19
|
protected handleUpdate(entityId: string, requestBody: any, requestedUser?: CognitoUser): Promise<R>;
|
|
23
20
|
protected handleDelete(entityId: string, requestedUser?: CognitoUser): Promise<boolean>;
|
|
24
21
|
protected handleFetch(entityId: string, requestedUser?: CognitoUser): Promise<R>;
|
|
@@ -33,7 +33,7 @@ class ControllerApi {
|
|
|
33
33
|
const policy = (0, index_1.findMatchedPolicy)(req.methode, event?.requestContext?.resourcePath, this.config.ENDPOINT_POLICY);
|
|
34
34
|
if (this.config.PERMISSION_MAP && this.roleController) {
|
|
35
35
|
const resource = this.getResource();
|
|
36
|
-
await this.roleController.checkRbacAccess(req, resource, this.config.PERMISSION_MAP.scopeMap);
|
|
36
|
+
await this.roleController.checkRbacAccess(req, resource, this.config.PERMISSION_MAP.scopeMap, this.adminGroupNames);
|
|
37
37
|
}
|
|
38
38
|
else {
|
|
39
39
|
this.checkPermission(policy?.access, req.requestType);
|
|
@@ -94,21 +94,7 @@ class ControllerApi {
|
|
|
94
94
|
}
|
|
95
95
|
}
|
|
96
96
|
async handlePermission(req, path) {
|
|
97
|
-
|
|
98
|
-
(0, string_util_1.trimSpecialChar)(path) === (0, string_util_1.trimSpecialChar)(this.config.PERMISSION_MAP?.rolePath) + "/add-group")
|
|
99
|
-
return this.roleController.addRole(this.config.PERMISSION_MAP?.userPoolId, req.body.groupName, req.body.description);
|
|
100
|
-
if (req.methode === "POST" &&
|
|
101
|
-
(0, string_util_1.trimSpecialChar)(path) === (0, string_util_1.trimSpecialChar)(this.config.PERMISSION_MAP?.rolePath) + "/add-user-group")
|
|
102
|
-
return this.roleController.assignRole(this.config.PERMISSION_MAP?.userPoolId, req.identity.username, req.body.groupName);
|
|
103
|
-
if (req.methode === "GET")
|
|
104
|
-
return this.roleController.listPermissions();
|
|
105
|
-
if (req.methode === "POST")
|
|
106
|
-
return this.roleController.addPermission(req.body);
|
|
107
|
-
if (req.methode === "PATCH")
|
|
108
|
-
return this.roleController.updatePermission(req.entityId, req.body);
|
|
109
|
-
if (req.methode === "DELETE")
|
|
110
|
-
return this.roleController.deletePermission(req.entityId);
|
|
111
|
-
throw new exception_1.ErrorHttp({ code: 400, error: "BadRequest" }, "[CORE] unsupported method");
|
|
97
|
+
return this.roleController.handlePermissionRequest(req, path, this.config.PERMISSION_MAP, this.adminGroupNames);
|
|
112
98
|
}
|
|
113
99
|
async handleUpdate(entityId, requestBody, requestedUser) {
|
|
114
100
|
if (!entityId)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"controller-api.js","sourceRoot":"","sources":["../../src/controller/controller-api.ts"],"names":[],"mappings":";;;AAAA,oCAgBkB;AAElB,4CAA2D;AAE3D,sDAAuD;AAEvD,uDAAmD;AAEnD,MAAsB,aAAa;IACd,OAAO,CAAI;IACpB,MAAM,CAAe;IACrB,eAAe,CAAW;IAE5B,cAAc,CAAiB;IAEvC,YAAsB,WAAc,EAAE,MAAoB;QACxD,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC;QAE3B,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC;QACjD,CAAC;QAED,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,+CAA+C;IACrC,WAAW;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAA2B;QAClD,IAAI,CAAC;YACH,IAAI,GAAG,GAAG,IAAA,wBAAgB,EAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;YAExD,MAAM,MAAM,GAA+B,IAAA,yBAAiB,EAC1D,GAAG,CAAC,OAAO,EACX,KAAK,EAAE,cAAc,EAAE,YAAY,EACnC,IAAI,CAAC,MAAM,CAAC,eAAe,CAC5B,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAChG,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;YACxD,CAAC;YAED,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAElD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrE,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7D,GAAG,CAAC,KAAK,CACP,UAAU,GAAG,CAAC,QAAQ,CAAC,MAAM,aAAa,GAAG,CAAC,QAAQ,CAAC,OAAO,YAAY,GAAG,CAAC,QAAQ,CAAC,GAAG,eAAe,GAAG,CAAC,QAAQ,CAAC,OAAO,cAAc,GAAG,CAAC,QAAQ,CAAC,QAAQ,iBAAiB,GAAG,CAAC,WAAW,EAAE,CACnM,CAAC;YACJ,CAAC;YAED,0BAA0B;YAC1B,yCAAyC;YACzC,6CAA6C;YAC7C,SAAS;YAET,GAAG,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;YAE5C,IAAI,QAAQ,GAAQ,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAEvD,IAAI,QAAQ;gBAAE,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;;gBACrE,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;YAEvE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;gBACtB,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YAExE,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,IAAA,4BAAgB,EAAC,GAAG,CAAC,CAAC;YACpC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAA,yBAAiB,EAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,SAAS,CAAC,MAAoB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAgB;QAC1C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,OAAoB,EAAE,QAAqB;QACtE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAES,KAAK,CAAC,UAAU,CAAC,OAAmB,EAAE,IAAY,EAAE,OAAoB;QAChF,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1F,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,SAAS,EAAE,CAAC;YACtG,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,eAAe,EAAE,CAAC;YAC5G,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,IACE,OAAO,KAAK,KAAK;YACjB,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,2BAA2B,EAC9F,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,EAAE,CAAC;YACpG,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,IAAY;QAC7D,IACE,GAAG,CAAC,OAAO,KAAK,MAAM;YACtB,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,QAAQ,CAAC,GAAG,YAAY;YAE9F,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAChC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,UAAU,EACtC,GAAG,CAAC,IAAI,CAAC,SAAS,EAClB,GAAG,CAAC,IAAI,CAAC,WAAW,CACrB,CAAC;QAEJ,IACE,GAAG,CAAC,OAAO,KAAK,MAAM;YACtB,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,QAAQ,CAAC,GAAG,iBAAiB;YAEnG,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CACnC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,UAAU,EACtC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EACrB,GAAG,CAAC,IAAI,CAAC,SAAS,CACnB,CAAC;QAEJ,IAAI,GAAG,CAAC,OAAO,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC;QACxE,IAAI,GAAG,CAAC,OAAO,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/E,IAAI,GAAG,CAAC,OAAO,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACjG,IAAI,GAAG,CAAC,OAAO,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAExF,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;IACvF,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,WAAgB,EAAE,aAA2B;QAC1F,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7C,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,IAAI,IAAI,CAAC;QAEnE,yBAAyB;QACzB,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,aAA2B;QACxE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,gDAAgD,CAAC,CAAC;QAE5G,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtD,CAAC;IAES,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,aAA2B;QACvE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEpE,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,2BAA2B,QAAQ,YAAY,CAAC,CAAC;IACzG,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,MAAW,EAAE,aAA2B;QACtF,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QAEzG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,0CAA0C,CAAC,CAAC;QACvG,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QACzG,CAAC;QAED,MAAM,CAAC,EAAE,GAAG,QAAQ,CAAC;QAErB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,MAAS,EAAE,WAAwB;QAClE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,iBAAiB;QACjB,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;QACzD,IAAI,SAAS,GAAG,OAAO,CAAC;QACxB,IAAI,QAAgB,CAAC;QAErB,mCAAmC;QACnC,IAAI,WAAW,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;YACzC,QAAQ,GAAG,aAAa,CAAC;QAC3B,CAAC;aAAM,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YAExC,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,WAAW,CAAC,QAAQ,EAAE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;YAE1F,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;YAChC,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC;QAClC,CAAC;QAED,iDAAiD;QACjD,OAAO,MAAM,CAAC,aAAa,CAAC;QAC5B,OAAO,MAAM,CAAC,OAAO,CAAC;QAEtB,cAAc;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACrE,CAAC;IAIS,mBAAmB,CAAC,IAAY;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YACtE,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;YAC7C,OAAO,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG;YACnB,QAAQ;YACR,GAAG,QAAQ,SAAS;YACpB,GAAG,QAAQ,OAAO;YAClB,GAAG,QAAQ,eAAe;YAC1B,GAAG,QAAQ,2BAA2B;SACvC,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC,CAAC;QAEnE,OAAO,WAAW,IAAI,aAAa,CAAC;IACtC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,aAAa,GAAG,OAAO,KAAK,OAAO,CAAC;QAC1C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,aAAa,IAAI,cAAc,CAAC;IACzC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,cAAc,GAAG,OAAO,KAAK,QAAQ,CAAC;QAC5C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,cAAc,IAAI,cAAc,CAAC;IAC1C,CAAC;IAES,cAAc,CAAC,OAAmB,EAAE,IAAY;QACxD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,MAAM,WAAW,GAAG,OAAO,KAAK,MAAM,CAAC;QACvC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,YAAY,CAAC,OAAmB,EAAE,IAAY;QACtD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAgB;QAC/C,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,EAAE,cAAc,EAAE,YAAY,CAAC;QAErD,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAE1C,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1G,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClG,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChG,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxG,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9F,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QAE1F,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,QAAa,EAAE,cAA8B;QAClE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAA,oBAAY,EAAC,QAAQ,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,QAAQ,CAAC,KAAK,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;YAC9F,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,IAAA,oBAAY,EAAC,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,yDAAyD;IACjD,kBAAkB,CAAC,WAAwB;QACjD,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,KAAK,CAAC;YACtB,KAAK,mBAAW,CAAC,IAAI;gBACnB,OAAO,cAAM,CAAC,IAAI,CAAC;YACrB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB,KAAK,mBAAW,CAAC,MAAM;gBACrB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB;gBACE,OAAO,cAAM,CAAC,MAAM,CAAC;QACzB,CAAC;IACH,CAAC;IAED,iEAAiE;IACzD,eAAe,CAAC,aAAuB,EAAE,WAAwB;QACvE,MAAM,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAEhE,mGAAmG;QACnG,MAAM,aAAa,GACjB,aAAa,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAC1C,CAAC,WAAW,KAAK,mBAAW,CAAC,IAAI,IAAI,aAAa,CAAC,QAAQ,CAAC,cAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAE7E,IAAI,aAAa;YAAE,OAAO;QAE1B,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,kBAAkB,EAAE,CACvF,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,OAAY,EAAE,OAAgB,EAAE,SAAiB;QACrE,IAAI,OAAO,IAAI,CAAC,SAAS;YAAE,OAAO;QAClC,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,IAAI,SAAS,CAAC;QACtE,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC;QACpD,OAAO,OAAO,CAAC,aAAa,CAAC;IAC/B,CAAC;IAEO,WAAW,CAAC,WAAgB;QAClC,IAAI,CAAC,WAAW;YAAE,OAAO,EAAO,CAAC;QACjC,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACjF,CAAC;IAEO,eAAe,CAAC,MAAW,EAAE,WAAgB;QACnD,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC;YACH,IAAA,0BAAkB,EAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,IAAA,oBAAY,EAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;CACF;AA3YD,sCA2YC","sourcesContent":["import {\n Access,\n APIResponse,\n BaseEntity,\n createApiResponse,\n EndpointPolicy,\n findMatchedPolicy,\n formatErrors,\n HttpMethod,\n HttpRequest,\n List,\n parseHttpRequest,\n removeFields,\n RequestType,\n ResponseFields,\n validateWithSchema,\n} from \"../index\";\nimport { APIGatewayProxyEvent } from \"aws-lambda\";\nimport { errorHandlerHttp, ErrorHttp } from \"../exception\";\nimport { CognitoUser, EntityConfig } from \"@chinggis/types\";\nimport { trimSpecialChar } from \"../utils/string.util\";\nimport { CrudService } from \"../service\";\nimport { ControllerRole } from \"./controller-role\";\n\nexport abstract class ControllerApi<R extends BaseEntity, T extends CrudService<R>> {\n protected readonly service: T;\n protected config: EntityConfig;\n protected adminGroupNames: string[];\n\n private roleController: ControllerRole;\n\n protected constructor(baseService: T, config: EntityConfig) {\n this.service = baseService;\n\n if (!config) return;\n\n this.config = config;\n\n if (config.ADMIN_GROUP_NAME) {\n this.adminGroupNames = config.ADMIN_GROUP_NAME;\n }\n\n if (config.PERMISSION_MAP) {\n this.roleController = new ControllerRole(config.PERMISSION_MAP.roleTable);\n }\n\n this.service.setConfig(config);\n }\n\n /** Return constructor-defined resource name */\n protected getResource(): string {\n return this.config.BASE_PATH.replace(\"/\", \"\");\n }\n\n async resolveCrudRequest(event: APIGatewayProxyEvent): Promise<APIResponse> {\n try {\n let req = parseHttpRequest(event, this.adminGroupNames);\n\n const policy: EndpointPolicy | undefined = findMatchedPolicy(\n req.methode,\n event?.requestContext?.resourcePath,\n this.config.ENDPOINT_POLICY,\n );\n\n if (this.config.PERMISSION_MAP && this.roleController) {\n const resource = this.getResource();\n await this.roleController.checkRbacAccess(req, resource, this.config.PERMISSION_MAP.scopeMap);\n } else {\n this.checkPermission(policy?.access, req.requestType);\n }\n\n this.validateRequest(policy?.validator, req.body);\n\n if (req.identity) {\n log.debug(\"groups: \" + JSON.stringify(req.identity.groups, null, 2));\n log.debug(`claims:${JSON.stringify(req.identity, null, 2)}`);\n log.debug(\n `groups:${req.identity.groups}, isAdmin:${req.identity.isAdmin}, userId:${req.identity.sub}, profileId:${req.identity.profile}, username:${req.identity.username}, requestType:${req.requestType}`,\n );\n }\n\n // if (req.isAdmin) {\n // delete req.filter[\"profileId\"];\n // delete req.filter[\"ownerParentId\"];\n // }\n\n req = await this.processCrudRequestPre(req);\n\n let response: any = await this.handleCrudByMethod(req);\n\n if (response) response = await this.processCrudRequestPost(req, response);\n else response = await this.processCrudRequest(req); // Custom Endpoints\n\n if (!policy?.response) {\n return createApiResponse(200, response);\n }\n\n const filteredResponse = this.filterResponse(response, policy.response);\n\n return createApiResponse(200, filteredResponse);\n } catch (err) {\n const error = errorHandlerHttp(err);\n log.error(error);\n return createApiResponse(error.statusCode, error.content);\n }\n }\n\n setConfig(config: EntityConfig): void {\n this.config = config;\n }\n\n async processCrudRequestPre(req: HttpRequest): Promise<HttpRequest> {\n return req;\n }\n\n async processCrudRequestPost(request: HttpRequest, response: R | List<R>): Promise<R | List<R>> {\n return response;\n }\n\n protected async handleList(methode: HttpMethod, path: string, request: HttpRequest): Promise<any> {\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH)) {\n return await this.service.find(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search\") {\n return this.service.search(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query\") {\n return this.service.searchQuery(request?.filter);\n }\n\n if (\n methode === \"GET\" &&\n trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query/total-count\"\n ) {\n return this.service.searchQueryTotalCount(request?.filter);\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/scan\") {\n return await this.service.scan(request?.filter || {});\n }\n }\n\n protected async handlePermission(req: HttpRequest, path: string) {\n if (\n req.methode === \"POST\" &&\n trimSpecialChar(path) === trimSpecialChar(this.config.PERMISSION_MAP?.rolePath) + \"/add-group\"\n )\n return this.roleController.addRole(\n this.config.PERMISSION_MAP?.userPoolId,\n req.body.groupName,\n req.body.description,\n );\n\n if (\n req.methode === \"POST\" &&\n trimSpecialChar(path) === trimSpecialChar(this.config.PERMISSION_MAP?.rolePath) + \"/add-user-group\"\n )\n return this.roleController.assignRole(\n this.config.PERMISSION_MAP?.userPoolId,\n req.identity.username,\n req.body.groupName,\n );\n\n if (req.methode === \"GET\") return this.roleController.listPermissions();\n if (req.methode === \"POST\") return this.roleController.addPermission(req.body);\n if (req.methode === \"PATCH\") return this.roleController.updatePermission(req.entityId, req.body);\n if (req.methode === \"DELETE\") return this.roleController.deletePermission(req.entityId);\n\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] unsupported method\");\n }\n\n protected async handleUpdate(entityId: string, requestBody: any, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PATCH resource without id field\");\n\n const entity = this.parseEntity(requestBody);\n\n if (Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No fields to update\");\n }\n\n const fieldName = this.config.DYNAMO_DB?.MAP?.partitionKey ?? \"id\";\n\n // id change is forbidden\n if (entity[fieldName]) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot modify the id field\");\n }\n\n entity[fieldName] = entityId;\n return this.service.update(entity, requestedUser);\n }\n\n protected async handleDelete(entityId: string, requestedUser?: CognitoUser): Promise<boolean> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot delete resource without id field\");\n\n return this.service.remove(entityId, requestedUser);\n }\n\n protected async handleFetch(entityId: string, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot fetch resource without id field\");\n\n const result = await this.service.findById(entityId, requestedUser);\n\n if (result) return result;\n\n throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `[CORE] Resource with ID ${entityId} not found`);\n }\n\n protected async handleReplace(entityId: string, entity: any, requestedUser?: CognitoUser) {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n\n if (!Object.keys(entity).length) {\n throw new ErrorHttp({ code: 400, error: \"Bad Request\" }, \"[CORE] No entity provided for PUT update\");\n }\n\n if (!entityId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n }\n\n entity.id = entityId;\n\n return this.service.update(entity, requestedUser);\n }\n\n protected async handlePostCreate(entity: R, cognitoUser: CognitoUser) {\n if (!entity || Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No entity payload provided\");\n }\n\n if (!entity.ownerId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No ownerId provided\");\n }\n\n // Initialize IDs\n const { ownerId, ownerParentId: inputParentId } = entity;\n let profileId = ownerId;\n let parentId: string;\n\n // Determine parentId and profileId\n if (cognitoUser.isAdmin && inputParentId) {\n parentId = inputParentId;\n } else if (cognitoUser.isParent) {\n console.log(\"is parent becomming true\");\n\n parentId = cognitoUser.profile;\n } else {\n console.log(\"is parent not becomming true\");\n console.log(\"the value of isParent: \", cognitoUser.isParent, typeof cognitoUser.isParent);\n\n parentId = cognitoUser.parentId;\n profileId = cognitoUser.profile;\n }\n\n // Remove fields that shouldn't be saved directly\n delete entity.ownerParentId;\n delete entity.ownerId;\n\n // Save entity\n return this.service.save(entity, profileId, parentId, cognitoUser);\n }\n\n protected abstract processCrudRequest(event: HttpRequest): Promise<any>;\n\n protected isPermissionRequest(path: string): boolean {\n if (this.config.PERMISSION_MAP && this.roleController) {\n const rolePath = trimSpecialChar(this.config.PERMISSION_MAP.rolePath);\n const normalizedPath = trimSpecialChar(path);\n return normalizedPath.includes(rolePath);\n }\n\n return false;\n }\n\n protected isListRequest(methode: HttpMethod, path: string): boolean {\n const basePath = trimSpecialChar(this.config.BASE_PATH);\n\n const allowedPaths = [\n basePath,\n `${basePath}/search`,\n `${basePath}/scan`,\n `${basePath}/search/query`,\n `${basePath}/search/query/total-count`,\n ];\n\n const isMethodGet = methode === \"GET\";\n const isAllowedPath = allowedPaths.includes(trimSpecialChar(path));\n\n return isMethodGet && isAllowedPath;\n }\n\n protected isUpdateRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodPatch = methode === \"PATCH\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodPatch && isExpectedPath;\n }\n\n protected isDeleteRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodDelete = methode === \"DELETE\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodDelete && isExpectedPath;\n }\n\n protected isFetchRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"GET\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPostRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}`;\n const isMethodGet = methode === \"POST\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPutRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"PUT\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n private async handleCrudByMethod(req: HttpRequest): Promise<any> {\n const path = req.event?.requestContext?.resourcePath;\n\n const entity = this.parseEntity(req.body);\n\n if (this.isPermissionRequest(path)) return this.handlePermission(req, path);\n if (this.isUpdateRequest(req.methode, path)) return this.handleUpdate(req.entityId, entity, req.identity);\n if (this.isDeleteRequest(req.methode, path)) return this.handleDelete(req.entityId, req.identity);\n if (this.isFetchRequest(req.methode, path)) return this.handleFetch(req.entityId, req.identity);\n if (this.isPutRequest(req.methode, path)) return this.handleReplace(req.entityId, entity, req.identity);\n if (this.isPostRequest(req.methode, path)) return this.handlePostCreate(entity, req.identity);\n if (this.isListRequest(req.methode, path)) return this.handleList(req.methode, path, req);\n\n return null;\n }\n\n private filterResponse(response: any, responsePolicy: ResponseFields): any {\n if (Array.isArray(response)) {\n return removeFields(response, responsePolicy.include, responsePolicy.exclude);\n }\n\n if (response?.items && Array.isArray(response.items)) {\n response.items = removeFields(response.items, responsePolicy.include, responsePolicy.exclude);\n return response;\n }\n\n return removeFields([response], responsePolicy.include, responsePolicy.exclude)[0];\n }\n\n /** Map RequestType to Access for permission checking */\n private getUserAccessLevel(requestType: RequestType): Access {\n switch (requestType) {\n case RequestType.ADMIN:\n return Access.ADMIN;\n case RequestType.USER:\n return Access.USER;\n case RequestType.GUEST:\n return Access.PUBLIC;\n case RequestType.SYSTEM:\n return Access.SYSTEM;\n default:\n return Access.PUBLIC;\n }\n }\n\n /** Check if the user has permission for the current operation */\n private checkPermission(allowedAccess: Access[], requestType: RequestType) {\n const currentAccessLevel = this.getUserAccessLevel(requestType);\n\n // This means USER can access OWNER-level permissions, but the service will verify actual ownership\n const hasPermission =\n allowedAccess.includes(currentAccessLevel) ||\n (requestType === RequestType.USER && allowedAccess.includes(Access.OWNER));\n\n if (hasPermission) return;\n\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Access denied. Required: ${allowedAccess.join(\", \")}, Current: ${currentAccessLevel}`,\n );\n }\n\n private setUserFilter(request: any, isAdmin: boolean, profileId: string) {\n if (isAdmin && !profileId) return;\n const ownerIdFieldName = this.config.OWNER_ID_FIELD_NAME || \"ownerId\";\n request.filterAndSort[ownerIdFieldName] = profileId;\n return request.filterAndSort;\n }\n\n private parseEntity(requestBody: any): R {\n if (!requestBody) return {} as R;\n return typeof requestBody === \"string\" ? JSON.parse(requestBody) : requestBody;\n }\n\n private validateRequest(schema: any, requestBody: any) {\n if (!schema) return;\n\n try {\n validateWithSchema(schema, requestBody);\n } catch (error) {\n const formattedErrors = formatErrors(error);\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, formattedErrors);\n }\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"controller-api.js","sourceRoot":"","sources":["../../src/controller/controller-api.ts"],"names":[],"mappings":";;;AAAA,oCAgBkB;AAElB,4CAA2D;AAE3D,sDAAuD;AAEvD,uDAAmD;AAEnD,MAAsB,aAAa;IACd,OAAO,CAAI;IACpB,MAAM,CAAe;IACrB,eAAe,CAAW;IAE5B,cAAc,CAAiB;IAEvC,YAAsB,WAAc,EAAE,MAAoB;QACxD,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC;QAE3B,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC;QACjD,CAAC;QAED,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,+CAA+C;IACrC,WAAW;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAA2B;QAClD,IAAI,CAAC;YACH,IAAI,GAAG,GAAG,IAAA,wBAAgB,EAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;YAExD,MAAM,MAAM,GAA+B,IAAA,yBAAiB,EAC1D,GAAG,CAAC,OAAO,EACX,KAAK,EAAE,cAAc,EAAE,YAAY,EACnC,IAAI,CAAC,MAAM,CAAC,eAAe,CAC5B,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CACvC,GAAG,EACH,QAAQ,EACR,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,EACnC,IAAI,CAAC,eAAe,CACrB,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;YACxD,CAAC;YAED,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAElD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrE,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7D,GAAG,CAAC,KAAK,CACP,UAAU,GAAG,CAAC,QAAQ,CAAC,MAAM,aAAa,GAAG,CAAC,QAAQ,CAAC,OAAO,YAAY,GAAG,CAAC,QAAQ,CAAC,GAAG,eAAe,GAAG,CAAC,QAAQ,CAAC,OAAO,cAAc,GAAG,CAAC,QAAQ,CAAC,QAAQ,iBAAiB,GAAG,CAAC,WAAW,EAAE,CACnM,CAAC;YACJ,CAAC;YAED,0BAA0B;YAC1B,yCAAyC;YACzC,6CAA6C;YAC7C,SAAS;YAET,GAAG,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;YAE5C,IAAI,QAAQ,GAAQ,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAEvD,IAAI,QAAQ;gBAAE,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;;gBACrE,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;YAEvE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;gBACtB,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YAExE,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,IAAA,4BAAgB,EAAC,GAAG,CAAC,CAAC;YACpC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAA,yBAAiB,EAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,SAAS,CAAC,MAAoB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAgB;QAC1C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,OAAoB,EAAE,QAAqB;QACtE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAES,KAAK,CAAC,UAAU,CAAC,OAAmB,EAAE,IAAY,EAAE,OAAoB;QAChF,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1F,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,SAAS,EAAE,CAAC;YACtG,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,eAAe,EAAE,CAAC;YAC5G,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,IACE,OAAO,KAAK,KAAK;YACjB,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,2BAA2B,EAC9F,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,EAAE,CAAC;YACpG,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,IAAY;QAC7D,OAAO,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAClH,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,WAAgB,EAAE,aAA2B;QAC1F,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7C,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,IAAI,IAAI,CAAC;QAEnE,yBAAyB;QACzB,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,aAA2B;QACxE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,gDAAgD,CAAC,CAAC;QAE5G,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtD,CAAC;IAES,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,aAA2B;QACvE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEpE,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,2BAA2B,QAAQ,YAAY,CAAC,CAAC;IACzG,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,MAAW,EAAE,aAA2B;QACtF,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QAEzG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,0CAA0C,CAAC,CAAC;QACvG,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QACzG,CAAC;QAED,MAAM,CAAC,EAAE,GAAG,QAAQ,CAAC;QAErB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,MAAS,EAAE,WAAwB;QAClE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,iBAAiB;QACjB,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;QACzD,IAAI,SAAS,GAAG,OAAO,CAAC;QACxB,IAAI,QAAgB,CAAC;QAErB,mCAAmC;QACnC,IAAI,WAAW,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;YACzC,QAAQ,GAAG,aAAa,CAAC;QAC3B,CAAC;aAAM,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YAExC,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,WAAW,CAAC,QAAQ,EAAE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;YAE1F,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;YAChC,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC;QAClC,CAAC;QAED,iDAAiD;QACjD,OAAO,MAAM,CAAC,aAAa,CAAC;QAC5B,OAAO,MAAM,CAAC,OAAO,CAAC;QAEtB,cAAc;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACrE,CAAC;IAIS,mBAAmB,CAAC,IAAY;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YACtE,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;YAC7C,OAAO,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG;YACnB,QAAQ;YACR,GAAG,QAAQ,SAAS;YACpB,GAAG,QAAQ,OAAO;YAClB,GAAG,QAAQ,eAAe;YAC1B,GAAG,QAAQ,2BAA2B;SACvC,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC,CAAC;QAEnE,OAAO,WAAW,IAAI,aAAa,CAAC;IACtC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,aAAa,GAAG,OAAO,KAAK,OAAO,CAAC;QAC1C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,aAAa,IAAI,cAAc,CAAC;IACzC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,cAAc,GAAG,OAAO,KAAK,QAAQ,CAAC;QAC5C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,cAAc,IAAI,cAAc,CAAC;IAC1C,CAAC;IAES,cAAc,CAAC,OAAmB,EAAE,IAAY;QACxD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,MAAM,WAAW,GAAG,OAAO,KAAK,MAAM,CAAC;QACvC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,YAAY,CAAC,OAAmB,EAAE,IAAY;QACtD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAgB;QAC/C,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,EAAE,cAAc,EAAE,YAAY,CAAC;QAErD,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAE1C,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1G,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClG,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChG,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxG,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9F,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QAE1F,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,QAAa,EAAE,cAA8B;QAClE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAA,oBAAY,EAAC,QAAQ,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,QAAQ,CAAC,KAAK,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;YAC9F,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,IAAA,oBAAY,EAAC,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,yDAAyD;IACjD,kBAAkB,CAAC,WAAwB;QACjD,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,KAAK,CAAC;YACtB,KAAK,mBAAW,CAAC,IAAI;gBACnB,OAAO,cAAM,CAAC,IAAI,CAAC;YACrB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB,KAAK,mBAAW,CAAC,MAAM;gBACrB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB;gBACE,OAAO,cAAM,CAAC,MAAM,CAAC;QACzB,CAAC;IACH,CAAC;IAED,iEAAiE;IACzD,eAAe,CAAC,aAAuB,EAAE,WAAwB;QACvE,MAAM,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAEhE,mGAAmG;QACnG,MAAM,aAAa,GACjB,aAAa,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAC1C,CAAC,WAAW,KAAK,mBAAW,CAAC,IAAI,IAAI,aAAa,CAAC,QAAQ,CAAC,cAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAE7E,IAAI,aAAa;YAAE,OAAO;QAE1B,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,kBAAkB,EAAE,CACvF,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,OAAY,EAAE,OAAgB,EAAE,SAAiB;QACrE,IAAI,OAAO,IAAI,CAAC,SAAS;YAAE,OAAO;QAClC,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,IAAI,SAAS,CAAC;QACtE,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC;QACpD,OAAO,OAAO,CAAC,aAAa,CAAC;IAC/B,CAAC;IAEO,WAAW,CAAC,WAAgB;QAClC,IAAI,CAAC,WAAW;YAAE,OAAO,EAAO,CAAC;QACjC,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACjF,CAAC;IAEO,eAAe,CAAC,MAAW,EAAE,WAAgB;QACnD,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC;YACH,IAAA,0BAAkB,EAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,IAAA,oBAAY,EAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;CACF;AAvXD,sCAuXC","sourcesContent":["import {\n Access,\n APIResponse,\n BaseEntity,\n createApiResponse,\n EndpointPolicy,\n findMatchedPolicy,\n formatErrors,\n HttpMethod,\n HttpRequest,\n List,\n parseHttpRequest,\n removeFields,\n RequestType,\n ResponseFields,\n validateWithSchema,\n} from \"../index\";\nimport { APIGatewayProxyEvent } from \"aws-lambda\";\nimport { errorHandlerHttp, ErrorHttp } from \"../exception\";\nimport { CognitoUser, EntityConfig } from \"@chinggis/types\";\nimport { trimSpecialChar } from \"../utils/string.util\";\nimport { CrudService } from \"../service\";\nimport { ControllerRole } from \"./controller-role\";\n\nexport abstract class ControllerApi<R extends BaseEntity, T extends CrudService<R>> {\n protected readonly service: T;\n protected config: EntityConfig;\n protected adminGroupNames: string[];\n\n private roleController: ControllerRole;\n\n protected constructor(baseService: T, config: EntityConfig) {\n this.service = baseService;\n\n if (!config) return;\n\n this.config = config;\n\n if (config.ADMIN_GROUP_NAME) {\n this.adminGroupNames = config.ADMIN_GROUP_NAME;\n }\n\n if (config.PERMISSION_MAP) {\n this.roleController = new ControllerRole(config.PERMISSION_MAP.roleTable);\n }\n\n this.service.setConfig(config);\n }\n\n /** Return constructor-defined resource name */\n protected getResource(): string {\n return this.config.BASE_PATH.replace(\"/\", \"\");\n }\n\n async resolveCrudRequest(event: APIGatewayProxyEvent): Promise<APIResponse> {\n try {\n let req = parseHttpRequest(event, this.adminGroupNames);\n\n const policy: EndpointPolicy | undefined = findMatchedPolicy(\n req.methode,\n event?.requestContext?.resourcePath,\n this.config.ENDPOINT_POLICY,\n );\n\n if (this.config.PERMISSION_MAP && this.roleController) {\n const resource = this.getResource();\n await this.roleController.checkRbacAccess(\n req,\n resource,\n this.config.PERMISSION_MAP.scopeMap,\n this.adminGroupNames,\n );\n } else {\n this.checkPermission(policy?.access, req.requestType);\n }\n\n this.validateRequest(policy?.validator, req.body);\n\n if (req.identity) {\n log.debug(\"groups: \" + JSON.stringify(req.identity.groups, null, 2));\n log.debug(`claims:${JSON.stringify(req.identity, null, 2)}`);\n log.debug(\n `groups:${req.identity.groups}, isAdmin:${req.identity.isAdmin}, userId:${req.identity.sub}, profileId:${req.identity.profile}, username:${req.identity.username}, requestType:${req.requestType}`,\n );\n }\n\n // if (req.isAdmin) {\n // delete req.filter[\"profileId\"];\n // delete req.filter[\"ownerParentId\"];\n // }\n\n req = await this.processCrudRequestPre(req);\n\n let response: any = await this.handleCrudByMethod(req);\n\n if (response) response = await this.processCrudRequestPost(req, response);\n else response = await this.processCrudRequest(req); // Custom Endpoints\n\n if (!policy?.response) {\n return createApiResponse(200, response);\n }\n\n const filteredResponse = this.filterResponse(response, policy.response);\n\n return createApiResponse(200, filteredResponse);\n } catch (err) {\n const error = errorHandlerHttp(err);\n log.error(error);\n return createApiResponse(error.statusCode, error.content);\n }\n }\n\n setConfig(config: EntityConfig): void {\n this.config = config;\n }\n\n async processCrudRequestPre(req: HttpRequest): Promise<HttpRequest> {\n return req;\n }\n\n async processCrudRequestPost(request: HttpRequest, response: R | List<R>): Promise<R | List<R>> {\n return response;\n }\n\n protected async handleList(methode: HttpMethod, path: string, request: HttpRequest): Promise<any> {\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH)) {\n return await this.service.find(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search\") {\n return this.service.search(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query\") {\n return this.service.searchQuery(request?.filter);\n }\n\n if (\n methode === \"GET\" &&\n trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query/total-count\"\n ) {\n return this.service.searchQueryTotalCount(request?.filter);\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/scan\") {\n return await this.service.scan(request?.filter || {});\n }\n }\n\n protected async handlePermission(req: HttpRequest, path: string) {\n return this.roleController.handlePermissionRequest(req, path, this.config.PERMISSION_MAP, this.adminGroupNames);\n }\n\n protected async handleUpdate(entityId: string, requestBody: any, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PATCH resource without id field\");\n\n const entity = this.parseEntity(requestBody);\n\n if (Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No fields to update\");\n }\n\n const fieldName = this.config.DYNAMO_DB?.MAP?.partitionKey ?? \"id\";\n\n // id change is forbidden\n if (entity[fieldName]) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot modify the id field\");\n }\n\n entity[fieldName] = entityId;\n return this.service.update(entity, requestedUser);\n }\n\n protected async handleDelete(entityId: string, requestedUser?: CognitoUser): Promise<boolean> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot delete resource without id field\");\n\n return this.service.remove(entityId, requestedUser);\n }\n\n protected async handleFetch(entityId: string, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot fetch resource without id field\");\n\n const result = await this.service.findById(entityId, requestedUser);\n\n if (result) return result;\n\n throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `[CORE] Resource with ID ${entityId} not found`);\n }\n\n protected async handleReplace(entityId: string, entity: any, requestedUser?: CognitoUser) {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n\n if (!Object.keys(entity).length) {\n throw new ErrorHttp({ code: 400, error: \"Bad Request\" }, \"[CORE] No entity provided for PUT update\");\n }\n\n if (!entityId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n }\n\n entity.id = entityId;\n\n return this.service.update(entity, requestedUser);\n }\n\n protected async handlePostCreate(entity: R, cognitoUser: CognitoUser) {\n if (!entity || Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No entity payload provided\");\n }\n\n if (!entity.ownerId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No ownerId provided\");\n }\n\n // Initialize IDs\n const { ownerId, ownerParentId: inputParentId } = entity;\n let profileId = ownerId;\n let parentId: string;\n\n // Determine parentId and profileId\n if (cognitoUser.isAdmin && inputParentId) {\n parentId = inputParentId;\n } else if (cognitoUser.isParent) {\n console.log(\"is parent becomming true\");\n\n parentId = cognitoUser.profile;\n } else {\n console.log(\"is parent not becomming true\");\n console.log(\"the value of isParent: \", cognitoUser.isParent, typeof cognitoUser.isParent);\n\n parentId = cognitoUser.parentId;\n profileId = cognitoUser.profile;\n }\n\n // Remove fields that shouldn't be saved directly\n delete entity.ownerParentId;\n delete entity.ownerId;\n\n // Save entity\n return this.service.save(entity, profileId, parentId, cognitoUser);\n }\n\n protected abstract processCrudRequest(event: HttpRequest): Promise<any>;\n\n protected isPermissionRequest(path: string): boolean {\n if (this.config.PERMISSION_MAP && this.roleController) {\n const rolePath = trimSpecialChar(this.config.PERMISSION_MAP.rolePath);\n const normalizedPath = trimSpecialChar(path);\n return normalizedPath.includes(rolePath);\n }\n\n return false;\n }\n\n protected isListRequest(methode: HttpMethod, path: string): boolean {\n const basePath = trimSpecialChar(this.config.BASE_PATH);\n\n const allowedPaths = [\n basePath,\n `${basePath}/search`,\n `${basePath}/scan`,\n `${basePath}/search/query`,\n `${basePath}/search/query/total-count`,\n ];\n\n const isMethodGet = methode === \"GET\";\n const isAllowedPath = allowedPaths.includes(trimSpecialChar(path));\n\n return isMethodGet && isAllowedPath;\n }\n\n protected isUpdateRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodPatch = methode === \"PATCH\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodPatch && isExpectedPath;\n }\n\n protected isDeleteRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodDelete = methode === \"DELETE\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodDelete && isExpectedPath;\n }\n\n protected isFetchRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"GET\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPostRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}`;\n const isMethodGet = methode === \"POST\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPutRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"PUT\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n private async handleCrudByMethod(req: HttpRequest): Promise<any> {\n const path = req.event?.requestContext?.resourcePath;\n\n const entity = this.parseEntity(req.body);\n\n if (this.isPermissionRequest(path)) return this.handlePermission(req, path);\n if (this.isUpdateRequest(req.methode, path)) return this.handleUpdate(req.entityId, entity, req.identity);\n if (this.isDeleteRequest(req.methode, path)) return this.handleDelete(req.entityId, req.identity);\n if (this.isFetchRequest(req.methode, path)) return this.handleFetch(req.entityId, req.identity);\n if (this.isPutRequest(req.methode, path)) return this.handleReplace(req.entityId, entity, req.identity);\n if (this.isPostRequest(req.methode, path)) return this.handlePostCreate(entity, req.identity);\n if (this.isListRequest(req.methode, path)) return this.handleList(req.methode, path, req);\n\n return null;\n }\n\n private filterResponse(response: any, responsePolicy: ResponseFields): any {\n if (Array.isArray(response)) {\n return removeFields(response, responsePolicy.include, responsePolicy.exclude);\n }\n\n if (response?.items && Array.isArray(response.items)) {\n response.items = removeFields(response.items, responsePolicy.include, responsePolicy.exclude);\n return response;\n }\n\n return removeFields([response], responsePolicy.include, responsePolicy.exclude)[0];\n }\n\n /** Map RequestType to Access for permission checking */\n private getUserAccessLevel(requestType: RequestType): Access {\n switch (requestType) {\n case RequestType.ADMIN:\n return Access.ADMIN;\n case RequestType.USER:\n return Access.USER;\n case RequestType.GUEST:\n return Access.PUBLIC;\n case RequestType.SYSTEM:\n return Access.SYSTEM;\n default:\n return Access.PUBLIC;\n }\n }\n\n /** Check if the user has permission for the current operation */\n private checkPermission(allowedAccess: Access[], requestType: RequestType) {\n const currentAccessLevel = this.getUserAccessLevel(requestType);\n\n // This means USER can access OWNER-level permissions, but the service will verify actual ownership\n const hasPermission =\n allowedAccess.includes(currentAccessLevel) ||\n (requestType === RequestType.USER && allowedAccess.includes(Access.OWNER));\n\n if (hasPermission) return;\n\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Access denied. Required: ${allowedAccess.join(\", \")}, Current: ${currentAccessLevel}`,\n );\n }\n\n private setUserFilter(request: any, isAdmin: boolean, profileId: string) {\n if (isAdmin && !profileId) return;\n const ownerIdFieldName = this.config.OWNER_ID_FIELD_NAME || \"ownerId\";\n request.filterAndSort[ownerIdFieldName] = profileId;\n return request.filterAndSort;\n }\n\n private parseEntity(requestBody: any): R {\n if (!requestBody) return {} as R;\n return typeof requestBody === \"string\" ? JSON.parse(requestBody) : requestBody;\n }\n\n private validateRequest(schema: any, requestBody: any) {\n if (!schema) return;\n\n try {\n validateWithSchema(schema, requestBody);\n } catch (error) {\n const formattedErrors = formatErrors(error);\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, formattedErrors);\n }\n }\n}\n"]}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Permission } from "../model/role.model";
|
|
2
|
-
import { ScopeMap } from "../model/base.model";
|
|
2
|
+
import { PermissionMap, ScopeMap } from "../model/base.model";
|
|
3
3
|
import { HttpRequest } from "../utils/http/http.util";
|
|
4
4
|
import { PermissionService } from "../service/permission.service";
|
|
5
5
|
/**
|
|
@@ -12,6 +12,7 @@ import { PermissionService } from "../service/permission.service";
|
|
|
12
12
|
*/
|
|
13
13
|
export declare class ControllerRole {
|
|
14
14
|
protected readonly permissionService: PermissionService;
|
|
15
|
+
private readonly subRoutes;
|
|
15
16
|
constructor(roleTableName: string);
|
|
16
17
|
addPermission(input: {
|
|
17
18
|
role: string;
|
|
@@ -27,30 +28,26 @@ export declare class ControllerRole {
|
|
|
27
28
|
groupName: string;
|
|
28
29
|
description?: string;
|
|
29
30
|
}>;
|
|
30
|
-
|
|
31
|
+
removeRole(userPoolId: string, groupName: string): Promise<{
|
|
32
|
+
groupName: string;
|
|
33
|
+
}>;
|
|
34
|
+
assignRole(userPoolId: string, username: string, groupName: string): Promise<{
|
|
35
|
+
groupName: string;
|
|
36
|
+
username: string;
|
|
37
|
+
}>;
|
|
38
|
+
unassignRole(userPoolId: string, username: string, groupName: string): Promise<{
|
|
39
|
+
groupName: string;
|
|
40
|
+
username: string;
|
|
41
|
+
}>;
|
|
31
42
|
hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean>;
|
|
32
43
|
getPermissionByKey(permissionKey: string): Promise<Permission | null>;
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
* @param req The parsed HTTP request
|
|
40
|
-
* @param resource The resource name (e.g. "property")
|
|
41
|
-
* @param scopeMap The scope configuration from EntityConfig
|
|
42
|
-
*/
|
|
43
|
-
checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap): Promise<void>;
|
|
44
|
-
/** Extract user role from JWT groups. */
|
|
45
|
-
private extractRole;
|
|
46
|
-
/** Resolve and validate the scope query param against the ScopeMap. */
|
|
44
|
+
handlePermissionRequest(req: HttpRequest, path: string, permissionMap: PermissionMap, adminGroups: string[]): Promise<any>;
|
|
45
|
+
checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap, adminGroups?: string[]): Promise<void>;
|
|
46
|
+
checkAdminPermission(cognitoGroups: string[], adminGroups: string[]): boolean;
|
|
47
|
+
private isAdmin;
|
|
48
|
+
private validate;
|
|
49
|
+
private extractRoles;
|
|
47
50
|
private resolveScope;
|
|
48
|
-
/**
|
|
49
|
-
* Apply scope-based data filter from identity claims.
|
|
50
|
-
* Clears ALL scope-controlled filter fields first (block injection),
|
|
51
|
-
* then sets only the matched scope's claim value.
|
|
52
|
-
*/
|
|
53
51
|
private applyScopeFilter;
|
|
54
|
-
|
|
55
|
-
private removeScopeFilter;
|
|
52
|
+
private clearScopeFilters;
|
|
56
53
|
}
|
|
@@ -1,9 +1,45 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.ControllerRole = void 0;
|
|
4
|
+
const zod_1 = require("zod");
|
|
4
5
|
const exception_1 = require("../exception");
|
|
5
6
|
const permission_service_1 = require("../service/permission.service");
|
|
6
7
|
const cognito_1 = require("../function/cognito");
|
|
8
|
+
const validation_util_1 = require("../utils/validation.util");
|
|
9
|
+
const string_util_1 = require("../utils/string.util");
|
|
10
|
+
// ---------------------------------------------------------------------------
|
|
11
|
+
// DTO Schemas
|
|
12
|
+
// ---------------------------------------------------------------------------
|
|
13
|
+
const MethodSchema = zod_1.z.object({
|
|
14
|
+
GET: zod_1.z.boolean().optional(),
|
|
15
|
+
POST: zod_1.z.boolean().optional(),
|
|
16
|
+
PATCH: zod_1.z.boolean().optional(),
|
|
17
|
+
PUT: zod_1.z.boolean().optional(),
|
|
18
|
+
DELETE: zod_1.z.boolean().optional(),
|
|
19
|
+
});
|
|
20
|
+
const AddPermissionDto = zod_1.z.object({
|
|
21
|
+
role: zod_1.z.string().min(1, "Role is required"),
|
|
22
|
+
resource: zod_1.z.string().min(1, "Resource is required"),
|
|
23
|
+
scope: zod_1.z.string().min(1, "Scope is required"),
|
|
24
|
+
method: MethodSchema,
|
|
25
|
+
});
|
|
26
|
+
const UpdatePermissionDto = zod_1.z.object({
|
|
27
|
+
role: zod_1.z.string().min(1, "Role is required").optional(),
|
|
28
|
+
resource: zod_1.z.string().min(1, "Resource is required").optional(),
|
|
29
|
+
scope: zod_1.z.string().min(1, "Scope is required").optional(),
|
|
30
|
+
method: MethodSchema.optional(),
|
|
31
|
+
});
|
|
32
|
+
const IdParamDto = zod_1.z.string().min(1, "Id is required");
|
|
33
|
+
const GroupDto = zod_1.z.object({
|
|
34
|
+
userPoolId: zod_1.z.string().min(1, "UserPoolId is required"),
|
|
35
|
+
groupName: zod_1.z.string().min(1, "GroupName is required"),
|
|
36
|
+
description: zod_1.z.string().optional(),
|
|
37
|
+
});
|
|
38
|
+
const UserGroupDto = zod_1.z.object({
|
|
39
|
+
userPoolId: zod_1.z.string().min(1, "UserPoolId is required"),
|
|
40
|
+
username: zod_1.z.string().min(1, "Username is required"),
|
|
41
|
+
groupName: zod_1.z.string().min(1, "GroupName is required"),
|
|
42
|
+
});
|
|
7
43
|
/**
|
|
8
44
|
* ControllerRole — centralized Permission CRUD + RBAC access enforcement.
|
|
9
45
|
*
|
|
@@ -14,24 +50,33 @@ const cognito_1 = require("../function/cognito");
|
|
|
14
50
|
*/
|
|
15
51
|
class ControllerRole {
|
|
16
52
|
permissionService;
|
|
53
|
+
subRoutes = {
|
|
54
|
+
"/add-group": (pm, body) => this.addRole(pm.userPoolId, body.groupName, body.description),
|
|
55
|
+
"/add-user-group": (pm, body) => this.assignRole(pm.userPoolId, body.username, body.groupName),
|
|
56
|
+
"/remove-group": (pm, body) => this.removeRole(pm.userPoolId, body.groupName),
|
|
57
|
+
"/remove-user-group": (pm, body) => this.unassignRole(pm.userPoolId, body.username, body.groupName),
|
|
58
|
+
};
|
|
17
59
|
constructor(roleTableName) {
|
|
18
60
|
this.permissionService = new permission_service_1.PermissionService(roleTableName);
|
|
19
61
|
}
|
|
20
62
|
// ---------------------------------------------------------------------------
|
|
21
|
-
// CRUD
|
|
63
|
+
// Permission CRUD
|
|
22
64
|
// ---------------------------------------------------------------------------
|
|
23
65
|
async addPermission(input) {
|
|
66
|
+
this.validate(AddPermissionDto, input);
|
|
24
67
|
return this.permissionService.createPermission(input);
|
|
25
68
|
}
|
|
26
69
|
async updatePermission(id, updates) {
|
|
70
|
+
this.validate(IdParamDto, id);
|
|
71
|
+
this.validate(UpdatePermissionDto, updates);
|
|
27
72
|
return this.permissionService.updatePermission(id, updates);
|
|
28
73
|
}
|
|
29
74
|
async deletePermission(id) {
|
|
75
|
+
this.validate(IdParamDto, id);
|
|
30
76
|
return this.permissionService.deletePermission(id);
|
|
31
77
|
}
|
|
32
78
|
async getPermission(id) {
|
|
33
|
-
|
|
34
|
-
throw new exception_1.ErrorHttp({ code: 400, error: "BadRequest" }, "Permission id is required");
|
|
79
|
+
this.validate(IdParamDto, id);
|
|
35
80
|
return this.permissionService.getPermissionById(id);
|
|
36
81
|
}
|
|
37
82
|
async listPermissions() {
|
|
@@ -41,11 +86,21 @@ class ControllerRole {
|
|
|
41
86
|
// Role (Cognito group)
|
|
42
87
|
// ---------------------------------------------------------------------------
|
|
43
88
|
async addRole(userPoolId, groupName, description) {
|
|
89
|
+
this.validate(GroupDto, { userPoolId, groupName, description });
|
|
44
90
|
return (0, cognito_1.createGroup)(userPoolId, groupName, description);
|
|
45
91
|
}
|
|
92
|
+
async removeRole(userPoolId, groupName) {
|
|
93
|
+
this.validate(GroupDto, { userPoolId, groupName });
|
|
94
|
+
return (0, cognito_1.deleteGroup)(userPoolId, groupName);
|
|
95
|
+
}
|
|
46
96
|
async assignRole(userPoolId, username, groupName) {
|
|
97
|
+
this.validate(UserGroupDto, { userPoolId, username, groupName });
|
|
47
98
|
return (0, cognito_1.addUserToGroup)(userPoolId, username, groupName);
|
|
48
99
|
}
|
|
100
|
+
async unassignRole(userPoolId, username, groupName) {
|
|
101
|
+
this.validate(UserGroupDto, { userPoolId, username, groupName });
|
|
102
|
+
return (0, cognito_1.removeUserFromGroup)(userPoolId, username, groupName);
|
|
103
|
+
}
|
|
49
104
|
// ---------------------------------------------------------------------------
|
|
50
105
|
// Permission check
|
|
51
106
|
// ---------------------------------------------------------------------------
|
|
@@ -56,42 +111,80 @@ class ControllerRole {
|
|
|
56
111
|
return this.permissionService.getPermissionByKey(permissionKey);
|
|
57
112
|
}
|
|
58
113
|
// ---------------------------------------------------------------------------
|
|
114
|
+
// Permission request handler (routes from ControllerApi)
|
|
115
|
+
// ---------------------------------------------------------------------------
|
|
116
|
+
async handlePermissionRequest(req, path, permissionMap, adminGroups) {
|
|
117
|
+
this.checkAdminPermission(req.identity.groups, adminGroups);
|
|
118
|
+
if (req.methode === "POST") {
|
|
119
|
+
const normalizedPath = (0, string_util_1.trimSpecialChar)(path);
|
|
120
|
+
const rolePath = (0, string_util_1.trimSpecialChar)(permissionMap.rolePath ?? "");
|
|
121
|
+
for (const [suffix, handler] of Object.entries(this.subRoutes)) {
|
|
122
|
+
if (normalizedPath === `${rolePath}${suffix}`) {
|
|
123
|
+
return handler(permissionMap, req.body);
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
return this.addPermission(req.body);
|
|
127
|
+
}
|
|
128
|
+
switch (req.methode) {
|
|
129
|
+
case "GET":
|
|
130
|
+
return this.listPermissions();
|
|
131
|
+
case "PATCH":
|
|
132
|
+
return this.updatePermission(req.entityId, req.body);
|
|
133
|
+
case "DELETE":
|
|
134
|
+
return this.deletePermission(req.entityId);
|
|
135
|
+
default:
|
|
136
|
+
throw new exception_1.ErrorHttp({ code: 400, error: "BadRequest" }, "[CORE] unsupported method");
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
// ---------------------------------------------------------------------------
|
|
59
140
|
// RBAC access enforcement (used by ControllerApi)
|
|
60
141
|
// ---------------------------------------------------------------------------
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
async checkRbacAccess(req, resource, scopeMap) {
|
|
72
|
-
const role = this.extractRole(req);
|
|
142
|
+
async checkRbacAccess(req, resource, scopeMap, adminGroups) {
|
|
143
|
+
const roles = this.extractRoles(req);
|
|
144
|
+
console.log("req", req.identity);
|
|
145
|
+
console.log("roles", roles);
|
|
146
|
+
if (!roles.length) {
|
|
147
|
+
throw new exception_1.ErrorHttp({ code: 403, error: "PermissionDenied" }, "Permission denied: Role Not Found");
|
|
148
|
+
}
|
|
149
|
+
if (adminGroups?.length && this.isAdmin(roles, adminGroups)) {
|
|
150
|
+
return;
|
|
151
|
+
}
|
|
73
152
|
const scope = this.resolveScope(req, scopeMap);
|
|
74
153
|
const method = req.methode.toUpperCase();
|
|
75
|
-
|
|
154
|
+
for (const role of roles) {
|
|
76
155
|
const allowed = await this.permissionService.hasPermission(role, resource, scope, method);
|
|
77
|
-
if (
|
|
78
|
-
|
|
79
|
-
|
|
156
|
+
if (allowed) {
|
|
157
|
+
this.applyScopeFilter(req, scope, scopeMap);
|
|
158
|
+
return;
|
|
80
159
|
}
|
|
81
|
-
this.applyScopeFilter(req, scope, scopeMap);
|
|
82
160
|
}
|
|
83
|
-
|
|
84
|
-
|
|
161
|
+
const key = `${roles.join(",")}#${resource}#${scope}`;
|
|
162
|
+
throw new exception_1.ErrorHttp({ code: 403, error: "PermissionDenied" }, `Permission denied: roles=${roles.join(",")} "${key}.${method}"`);
|
|
163
|
+
}
|
|
164
|
+
checkAdminPermission(cognitoGroups, adminGroups) {
|
|
165
|
+
if (!this.isAdmin(cognitoGroups, adminGroups)) {
|
|
166
|
+
throw new exception_1.ErrorHttp({ code: 403, error: "Permission Denied" }, "[CORE] Permission Denied");
|
|
85
167
|
}
|
|
168
|
+
return true;
|
|
86
169
|
}
|
|
87
170
|
// ---------------------------------------------------------------------------
|
|
88
|
-
//
|
|
171
|
+
// Private helpers
|
|
89
172
|
// ---------------------------------------------------------------------------
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
173
|
+
isAdmin(cognitoGroups, adminGroups) {
|
|
174
|
+
return cognitoGroups?.some((group) => adminGroups.includes(group)) ?? false;
|
|
175
|
+
}
|
|
176
|
+
validate(schema, data) {
|
|
177
|
+
try {
|
|
178
|
+
return (0, validation_util_1.validateWithSchema)(schema, data);
|
|
179
|
+
}
|
|
180
|
+
catch (error) {
|
|
181
|
+
const formattedErrors = (0, validation_util_1.formatErrors)(error);
|
|
182
|
+
throw new exception_1.ErrorHttp({ code: 400, error: "BadRequest" }, formattedErrors);
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
extractRoles(req) {
|
|
186
|
+
return req.identity?.groups ?? [];
|
|
93
187
|
}
|
|
94
|
-
/** Resolve and validate the scope query param against the ScopeMap. */
|
|
95
188
|
resolveScope(req, scopeMap) {
|
|
96
189
|
const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;
|
|
97
190
|
if (!scope)
|
|
@@ -102,17 +195,10 @@ class ControllerRole {
|
|
|
102
195
|
}
|
|
103
196
|
return scope;
|
|
104
197
|
}
|
|
105
|
-
/**
|
|
106
|
-
* Apply scope-based data filter from identity claims.
|
|
107
|
-
* Clears ALL scope-controlled filter fields first (block injection),
|
|
108
|
-
* then sets only the matched scope's claim value.
|
|
109
|
-
*/
|
|
110
198
|
applyScopeFilter(req, scope, scopeMap) {
|
|
111
199
|
if (!req.filter)
|
|
112
200
|
req.filter = {};
|
|
113
|
-
|
|
114
|
-
delete req.filter[entry.filterField];
|
|
115
|
-
}
|
|
201
|
+
this.clearScopeFilters(req, scopeMap);
|
|
116
202
|
const mapping = scopeMap.get(scope);
|
|
117
203
|
if (!mapping)
|
|
118
204
|
return;
|
|
@@ -124,10 +210,7 @@ class ControllerRole {
|
|
|
124
210
|
req.filter[mapping.filterField] = claimValue;
|
|
125
211
|
delete req.filter?.scope;
|
|
126
212
|
}
|
|
127
|
-
|
|
128
|
-
removeScopeFilter(req, scopeMap) {
|
|
129
|
-
if (!req.filter)
|
|
130
|
-
req.filter = {};
|
|
213
|
+
clearScopeFilters(req, scopeMap) {
|
|
131
214
|
for (const [, entry] of scopeMap) {
|
|
132
215
|
delete req.filter[entry.filterField];
|
|
133
216
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"controller-role.js","sourceRoot":"","sources":["../../src/controller/controller-role.ts"],"names":[],"mappings":";;;AAAA,4CAAyC;AAIzC,sEAAkE;AAClE,iDAAkE;AAElE;;;;;;;GAOG;AACH,MAAa,cAAc;IACN,iBAAiB,CAAoB;IAExD,YAAY,aAAqB;QAC/B,IAAI,CAAC,iBAAiB,GAAG,IAAI,sCAAiB,CAAC,aAAa,CAAC,CAAC;IAChE,CAAC;IAED,8EAA8E;IAC9E,OAAO;IACP,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,KAKnB;QACC,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,EAAU,EACV,OAA4E;QAE5E,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAC9F,OAAO,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,iBAAiB,CAAC,eAAe,EAAE,CAAC;IAClD,CAAC;IAED,8EAA8E;IAC9E,uBAAuB;IACvB,8EAA8E;IAE9E,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,SAAiB,EAAE,WAAoB;QACvE,OAAO,IAAA,qBAAW,EAAC,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;QACtE,OAAO,IAAA,wBAAc,EAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;QAC/E,OAAO,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,aAAqB;QAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAClE,CAAC;IAED,8EAA8E;IAC9E,kDAAkD;IAClD,8EAA8E;IAE9E;;;;;;;;;OASG;IACH,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,QAAgB,EAAE,QAAkB;QAC1E,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAEzC,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAE1F,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC3C,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,2BAA2B,IAAI,KAAK,GAAG,IAAI,MAAM,GAAG,CACrD,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,sCAAsC,CAAC,CAAC;QACxG,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,mDAAmD;IACnD,8EAA8E;IAE9E,yCAAyC;IACjC,WAAW,CAAC,GAAgB;QAClC,OAAO,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACnC,CAAC;IAED,uEAAuE;IAC/D,YAAY,CAAC,GAAgB,EAAE,QAAkB;QACvD,MAAM,KAAK,GAAG,GAAG,CAAC,qBAAqB,EAAE,KAAK,IAAI,GAAG,CAAC,qBAAqB,EAAE,KAAK,CAAC;QAEnF,IAAI,CAAC,KAAK;YAAE,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAM,CAAC;QAEjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,kBAAkB,KAAK,eAAe,OAAO,EAAE,CAAC,CAAC;QAC3G,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACK,gBAAgB,CAAC,GAAgB,EAAE,KAAa,EAAE,QAAkB;QAC1E,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO;YAAE,OAAO;QAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,GAAG,KAAK,CAAC;QACvD,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEpF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,kBAAkB,QAAQ,gBAAgB,KAAK,GAAG,CAAC,CAAC;QACpH,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,UAAU,CAAC;QAC7C,OAAO,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC;IAC3B,CAAC;IAED,+FAA+F;IACvF,iBAAiB,CAAC,GAAgB,EAAE,QAAkB;QAC5D,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;CACF;AA9JD,wCA8JC","sourcesContent":["import { ErrorHttp } from \"../exception\";\nimport { Permission } from \"../model/role.model\";\nimport { ScopeMap } from \"../model/base.model\";\nimport { HttpRequest } from \"../utils/http/http.util\";\nimport { PermissionService } from \"../service/permission.service\";\nimport { createGroup, addUserToGroup } from \"../function/cognito\";\n\n/**\n * ControllerRole — centralized Permission CRUD + RBAC access enforcement.\n *\n * All caching and DB orchestration lives in PermissionService.\n *\n * Scope validation, scope filtering, and permission checks are centralized here\n * so that ControllerApi (and any other consumer) delegates without duplicating logic.\n */\nexport class ControllerRole {\n protected readonly permissionService: PermissionService;\n\n constructor(roleTableName: string) {\n this.permissionService = new PermissionService(roleTableName);\n }\n\n // ---------------------------------------------------------------------------\n // CRUD\n // ---------------------------------------------------------------------------\n\n async addPermission(input: {\n role: string;\n resource: string;\n scope: string;\n method: Permission[\"method\"];\n }): Promise<Permission> {\n return this.permissionService.createPermission(input);\n }\n\n async updatePermission(\n id: string,\n updates: Partial<Pick<Permission, \"role\" | \"resource\" | \"scope\" | \"method\">>,\n ): Promise<Permission> {\n return this.permissionService.updatePermission(id, updates);\n }\n\n async deletePermission(id: string): Promise<boolean> {\n return this.permissionService.deletePermission(id);\n }\n\n async getPermission(id: string): Promise<Permission | null> {\n if (!id) throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Permission id is required\");\n return this.permissionService.getPermissionById(id);\n }\n\n async listPermissions(): Promise<Permission[]> {\n return this.permissionService.listPermissions();\n }\n\n // ---------------------------------------------------------------------------\n // Role (Cognito group)\n // ---------------------------------------------------------------------------\n\n async addRole(userPoolId: string, groupName: string, description?: string) {\n return createGroup(userPoolId, groupName, description);\n }\n\n async assignRole(userPoolId: string, username: string, groupName: string): Promise<void> {\n return addUserToGroup(userPoolId, username, groupName);\n }\n\n // ---------------------------------------------------------------------------\n // Permission check\n // ---------------------------------------------------------------------------\n\n async hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean> {\n return this.permissionService.hasPermission(role, resource, scope, method);\n }\n\n async getPermissionByKey(permissionKey: string): Promise<Permission | null> {\n return this.permissionService.getPermissionByKey(permissionKey);\n }\n\n // ---------------------------------------------------------------------------\n // RBAC access enforcement (used by ControllerApi)\n // ---------------------------------------------------------------------------\n\n /**\n * Centralized RBAC check: validates scope, checks permission via DB, applies scope filter.\n *\n * Only runs when both `role` and `scope` are present in the request.\n * When either is absent, scope filters are cleared to block user injection.\n *\n * @param req The parsed HTTP request\n * @param resource The resource name (e.g. \"property\")\n * @param scopeMap The scope configuration from EntityConfig\n */\n async checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap): Promise<void> {\n const role = this.extractRole(req);\n const scope = this.resolveScope(req, scopeMap);\n const method = req.methode.toUpperCase();\n\n if (role) {\n const allowed = await this.permissionService.hasPermission(role, resource, scope, method);\n\n if (!allowed) {\n const key = `${role}#${resource}#${scope}`;\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Permission denied: role=${role} \"${key}.${method}\"`,\n );\n }\n\n this.applyScopeFilter(req, scope, scopeMap);\n } else {\n throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, `Permission denied: Role Not Found \" `);\n }\n }\n\n // ---------------------------------------------------------------------------\n // Scope helpers (private — single source of truth)\n // ---------------------------------------------------------------------------\n\n /** Extract user role from JWT groups. */\n private extractRole(req: HttpRequest): string | undefined {\n return req.identity?.groups?.[0];\n }\n\n /** Resolve and validate the scope query param against the ScopeMap. */\n private resolveScope(req: HttpRequest, scopeMap: ScopeMap): string {\n const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;\n\n if (!scope) return scopeMap.keys().next().value!;\n\n if (!scopeMap.has(scope)) {\n const allowed = Array.from(scopeMap.keys()).join(\", \");\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, `Invalid scope \"${scope}\". Allowed: ${allowed}`);\n }\n\n return scope;\n }\n\n /**\n * Apply scope-based data filter from identity claims.\n * Clears ALL scope-controlled filter fields first (block injection),\n * then sets only the matched scope's claim value.\n */\n private applyScopeFilter(req: HttpRequest, scope: string, scopeMap: ScopeMap): void {\n if (!req.filter) req.filter = {};\n\n for (const [, entry] of scopeMap) {\n delete req.filter[entry.filterField];\n }\n\n const mapping = scopeMap.get(scope);\n if (!mapping) return;\n\n const claimKey = mapping.claimKey ?? \"custom:\" + scope;\n const claimValue = req.identity?.[claimKey] || req.identity?.attributes?.[claimKey];\n\n if (!claimValue) {\n throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, `Missing claim \"${claimKey}\" for scope \"${scope}\"`);\n }\n\n req.filter[mapping.filterField] = claimValue;\n delete req.filter?.scope;\n }\n\n /** Clear all scope-controlled filter fields — prevents user injection when no RBAC applies. */\n private removeScopeFilter(req: HttpRequest, scopeMap: ScopeMap): void {\n if (!req.filter) req.filter = {};\n\n for (const [, entry] of scopeMap) {\n delete req.filter[entry.filterField];\n }\n delete req.filter[\"scope\"];\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"controller-role.js","sourceRoot":"","sources":["../../src/controller/controller-role.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,4CAAyC;AAIzC,sEAAkE;AAClE,iDAAoG;AACpG,8DAA4E;AAC5E,sDAAuD;AAEvD,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,GAAG,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC3B,IAAI,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC7B,GAAG,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC3B,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,kBAAkB,CAAC;IAC3C,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC;IACnD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,mBAAmB,CAAC;IAC7C,MAAM,EAAE,YAAY;CACrB,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE;IACtD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC,CAAC,QAAQ,EAAE;IAC9D,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC,QAAQ,EAAE;IACxD,MAAM,EAAE,YAAY,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;AAEvD,MAAM,QAAQ,GAAG,OAAC,CAAC,MAAM,CAAC;IACxB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACvD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;IACrD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACvD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC;IACnD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;CACtD,CAAC,CAAC;AAQH;;;;;;;GAOG;AACH,MAAa,cAAc;IACN,iBAAiB,CAAoB;IAEvC,SAAS,GAAiC;QACzD,YAAY,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC;QACzF,iBAAiB,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;QAC9F,eAAe,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC;QAC7E,oBAAoB,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;KACpG,CAAC;IAEF,YAAY,aAAqB;QAC/B,IAAI,CAAC,iBAAiB,GAAG,IAAI,sCAAiB,CAAC,aAAa,CAAC,CAAC;IAChE,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,KAKnB;QACC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,EAAU,EACV,OAA4E;QAE5E,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC9B,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,iBAAiB,CAAC,eAAe,EAAE,CAAC;IAClD,CAAC;IAED,8EAA8E;IAC9E,uBAAuB;IACvB,8EAA8E;IAE9E,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,SAAiB,EAAE,WAAoB;QACvE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;QAChE,OAAO,IAAA,qBAAW,EAAC,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,SAAiB;QACpD,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QACnD,OAAO,IAAA,qBAAW,EAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;QACtE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;QACjE,OAAO,IAAA,wBAAc,EAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;QACxE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;QACjE,OAAO,IAAA,6BAAmB,EAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC9D,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;QAC/E,OAAO,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,aAAqB;QAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAClE,CAAC;IAED,8EAA8E;IAC9E,yDAAyD;IACzD,8EAA8E;IAE9E,KAAK,CAAC,uBAAuB,CAC3B,GAAgB,EAChB,IAAY,EACZ,aAA4B,EAC5B,WAAqB;QAErB,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAE5D,IAAI,GAAG,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC3B,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,aAAa,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;YAE/D,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/D,IAAI,cAAc,KAAK,GAAG,QAAQ,GAAG,MAAM,EAAE,EAAE,CAAC;oBAC9C,OAAO,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC;QAED,QAAQ,GAAG,CAAC,OAAO,EAAE,CAAC;YACpB,KAAK,KAAK;gBACR,OAAO,IAAI,CAAC,eAAe,EAAE,CAAC;YAChC,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACvD,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC7C;gBACE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,kDAAkD;IAClD,8EAA8E;IAE9E,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,QAAgB,EAAE,QAAkB,EAAE,WAAsB;QAClG,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEhC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAC,KAAK,CAAC,CAAA;QAG1B,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,mCAAmC,CAAC,CAAC;QACrG,CAAC;QAED,IAAI,WAAW,EAAE,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAEzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1F,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;gBAC5C,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;QACtD,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,IAAI,MAAM,GAAG,CACjE,CAAC;IACJ,CAAC;IAED,oBAAoB,CAAC,aAAuB,EAAE,WAAqB;QACjE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,0BAA0B,CAAC,CAAC;QAC7F,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAEtE,OAAO,CAAC,aAAmC,EAAE,WAAqB;QACxE,OAAO,aAAa,EAAE,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC;IAC9E,CAAC;IAEO,QAAQ,CAAsB,MAAS,EAAE,IAAa;QAC5D,IAAI,CAAC;YACH,OAAO,IAAA,oCAAkB,EAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,IAAA,8BAAY,EAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,GAAgB;QACnC,OAAO,GAAG,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAC;IACpC,CAAC;IAEO,YAAY,CAAC,GAAgB,EAAE,QAAkB;QACvD,MAAM,KAAK,GAAG,GAAG,CAAC,qBAAqB,EAAE,KAAK,IAAI,GAAG,CAAC,qBAAqB,EAAE,KAAK,CAAC;QAEnF,IAAI,CAAC,KAAK;YAAE,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAM,CAAC;QAEjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,kBAAkB,KAAK,eAAe,OAAO,EAAE,CAAC,CAAC;QAC3G,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,gBAAgB,CAAC,GAAgB,EAAE,KAAa,EAAE,QAAkB;QAC1E,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAEtC,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO;YAAE,OAAO;QAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,GAAG,KAAK,CAAC;QACvD,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEpF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,kBAAkB,QAAQ,gBAAgB,KAAK,GAAG,CAAC,CAAC;QACpH,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,UAAU,CAAC;QAC7C,OAAO,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC;IAC3B,CAAC;IAEO,iBAAiB,CAAC,GAAgB,EAAE,QAAkB;QAC5D,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;CACF;AAnOD,wCAmOC","sourcesContent":["import { z } from \"zod\";\nimport { ErrorHttp } from \"../exception\";\nimport { Permission } from \"../model/role.model\";\nimport { PermissionMap, ScopeMap } from \"../model/base.model\";\nimport { HttpRequest } from \"../utils/http/http.util\";\nimport { PermissionService } from \"../service/permission.service\";\nimport { createGroup, deleteGroup, addUserToGroup, removeUserFromGroup } from \"../function/cognito\";\nimport { validateWithSchema, formatErrors } from \"../utils/validation.util\";\nimport { trimSpecialChar } from \"../utils/string.util\";\n\n// ---------------------------------------------------------------------------\n// DTO Schemas\n// ---------------------------------------------------------------------------\n\nconst MethodSchema = z.object({\n GET: z.boolean().optional(),\n POST: z.boolean().optional(),\n PATCH: z.boolean().optional(),\n PUT: z.boolean().optional(),\n DELETE: z.boolean().optional(),\n});\n\nconst AddPermissionDto = z.object({\n role: z.string().min(1, \"Role is required\"),\n resource: z.string().min(1, \"Resource is required\"),\n scope: z.string().min(1, \"Scope is required\"),\n method: MethodSchema,\n});\n\nconst UpdatePermissionDto = z.object({\n role: z.string().min(1, \"Role is required\").optional(),\n resource: z.string().min(1, \"Resource is required\").optional(),\n scope: z.string().min(1, \"Scope is required\").optional(),\n method: MethodSchema.optional(),\n});\n\nconst IdParamDto = z.string().min(1, \"Id is required\");\n\nconst GroupDto = z.object({\n userPoolId: z.string().min(1, \"UserPoolId is required\"),\n groupName: z.string().min(1, \"GroupName is required\"),\n description: z.string().optional(),\n});\n\nconst UserGroupDto = z.object({\n userPoolId: z.string().min(1, \"UserPoolId is required\"),\n username: z.string().min(1, \"Username is required\"),\n groupName: z.string().min(1, \"GroupName is required\"),\n});\n\n// ---------------------------------------------------------------------------\n// Route map for permission sub-paths (POST only)\n// ---------------------------------------------------------------------------\n\ntype RouteHandler = (permissionMap: PermissionMap, body: any) => Promise<any>;\n\n/**\n * ControllerRole — centralized Permission CRUD + RBAC access enforcement.\n *\n * All caching and DB orchestration lives in PermissionService.\n *\n * Scope validation, scope filtering, and permission checks are centralized here\n * so that ControllerApi (and any other consumer) delegates without duplicating logic.\n */\nexport class ControllerRole {\n protected readonly permissionService: PermissionService;\n\n private readonly subRoutes: Record<string, RouteHandler> = {\n \"/add-group\": (pm, body) => this.addRole(pm.userPoolId, body.groupName, body.description),\n \"/add-user-group\": (pm, body) => this.assignRole(pm.userPoolId, body.username, body.groupName),\n \"/remove-group\": (pm, body) => this.removeRole(pm.userPoolId, body.groupName),\n \"/remove-user-group\": (pm, body) => this.unassignRole(pm.userPoolId, body.username, body.groupName),\n };\n\n constructor(roleTableName: string) {\n this.permissionService = new PermissionService(roleTableName);\n }\n\n // ---------------------------------------------------------------------------\n // Permission CRUD\n // ---------------------------------------------------------------------------\n\n async addPermission(input: {\n role: string;\n resource: string;\n scope: string;\n method: Permission[\"method\"];\n }): Promise<Permission> {\n this.validate(AddPermissionDto, input);\n return this.permissionService.createPermission(input);\n }\n\n async updatePermission(\n id: string,\n updates: Partial<Pick<Permission, \"role\" | \"resource\" | \"scope\" | \"method\">>,\n ): Promise<Permission> {\n this.validate(IdParamDto, id);\n this.validate(UpdatePermissionDto, updates);\n return this.permissionService.updatePermission(id, updates);\n }\n\n async deletePermission(id: string): Promise<boolean> {\n this.validate(IdParamDto, id);\n return this.permissionService.deletePermission(id);\n }\n\n async getPermission(id: string): Promise<Permission | null> {\n this.validate(IdParamDto, id);\n return this.permissionService.getPermissionById(id);\n }\n\n async listPermissions(): Promise<Permission[]> {\n return this.permissionService.listPermissions();\n }\n\n // ---------------------------------------------------------------------------\n // Role (Cognito group)\n // ---------------------------------------------------------------------------\n\n async addRole(userPoolId: string, groupName: string, description?: string) {\n this.validate(GroupDto, { userPoolId, groupName, description });\n return createGroup(userPoolId, groupName, description);\n }\n\n async removeRole(userPoolId: string, groupName: string) {\n this.validate(GroupDto, { userPoolId, groupName });\n return deleteGroup(userPoolId, groupName);\n }\n\n async assignRole(userPoolId: string, username: string, groupName: string) {\n this.validate(UserGroupDto, { userPoolId, username, groupName });\n return addUserToGroup(userPoolId, username, groupName);\n }\n\n async unassignRole(userPoolId: string, username: string, groupName: string) {\n this.validate(UserGroupDto, { userPoolId, username, groupName });\n return removeUserFromGroup(userPoolId, username, groupName);\n }\n\n // ---------------------------------------------------------------------------\n // Permission check\n // ---------------------------------------------------------------------------\n\n async hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean> {\n return this.permissionService.hasPermission(role, resource, scope, method);\n }\n\n async getPermissionByKey(permissionKey: string): Promise<Permission | null> {\n return this.permissionService.getPermissionByKey(permissionKey);\n }\n\n // ---------------------------------------------------------------------------\n // Permission request handler (routes from ControllerApi)\n // ---------------------------------------------------------------------------\n\n async handlePermissionRequest(\n req: HttpRequest,\n path: string,\n permissionMap: PermissionMap,\n adminGroups: string[],\n ): Promise<any> {\n this.checkAdminPermission(req.identity.groups, adminGroups);\n\n if (req.methode === \"POST\") {\n const normalizedPath = trimSpecialChar(path);\n const rolePath = trimSpecialChar(permissionMap.rolePath ?? \"\");\n\n for (const [suffix, handler] of Object.entries(this.subRoutes)) {\n if (normalizedPath === `${rolePath}${suffix}`) {\n return handler(permissionMap, req.body);\n }\n }\n\n return this.addPermission(req.body);\n }\n\n switch (req.methode) {\n case \"GET\":\n return this.listPermissions();\n case \"PATCH\":\n return this.updatePermission(req.entityId, req.body);\n case \"DELETE\":\n return this.deletePermission(req.entityId);\n default:\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] unsupported method\");\n }\n }\n\n // ---------------------------------------------------------------------------\n // RBAC access enforcement (used by ControllerApi)\n // ---------------------------------------------------------------------------\n\n async checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap, adminGroups?: string[]): Promise<void> {\n const roles = this.extractRoles(req);\n console.log(\"req\",req.identity);\n \n console.log(\"roles\",roles)\n\n\n if (!roles.length) {\n throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, \"Permission denied: Role Not Found\");\n }\n\n if (adminGroups?.length && this.isAdmin(roles, adminGroups)) {\n return;\n }\n\n const scope = this.resolveScope(req, scopeMap);\n const method = req.methode.toUpperCase();\n\n for (const role of roles) {\n const allowed = await this.permissionService.hasPermission(role, resource, scope, method);\n if (allowed) {\n this.applyScopeFilter(req, scope, scopeMap);\n return;\n }\n }\n\n const key = `${roles.join(\",\")}#${resource}#${scope}`;\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Permission denied: roles=${roles.join(\",\")} \"${key}.${method}\"`,\n );\n }\n\n checkAdminPermission(cognitoGroups: string[], adminGroups: string[]) {\n if (!this.isAdmin(cognitoGroups, adminGroups)) {\n throw new ErrorHttp({ code: 403, error: \"Permission Denied\" }, \"[CORE] Permission Denied\");\n }\n return true;\n }\n\n // ---------------------------------------------------------------------------\n // Private helpers\n // ---------------------------------------------------------------------------\n\n private isAdmin(cognitoGroups: string[] | undefined, adminGroups: string[]): boolean {\n return cognitoGroups?.some((group) => adminGroups.includes(group)) ?? false;\n }\n\n private validate<T extends z.ZodType>(schema: T, data: unknown): z.infer<T> {\n try {\n return validateWithSchema(schema, data);\n } catch (error) {\n const formattedErrors = formatErrors(error);\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, formattedErrors);\n }\n }\n\n private extractRoles(req: HttpRequest): string[] {\n return req.identity?.groups ?? [];\n }\n\n private resolveScope(req: HttpRequest, scopeMap: ScopeMap): string {\n const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;\n\n if (!scope) return scopeMap.keys().next().value!;\n\n if (!scopeMap.has(scope)) {\n const allowed = Array.from(scopeMap.keys()).join(\", \");\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, `Invalid scope \"${scope}\". Allowed: ${allowed}`);\n }\n\n return scope;\n }\n\n private applyScopeFilter(req: HttpRequest, scope: string, scopeMap: ScopeMap): void {\n if (!req.filter) req.filter = {};\n\n this.clearScopeFilters(req, scopeMap);\n\n const mapping = scopeMap.get(scope);\n if (!mapping) return;\n\n const claimKey = mapping.claimKey ?? \"custom:\" + scope;\n const claimValue = req.identity?.[claimKey] || req.identity?.attributes?.[claimKey];\n\n if (!claimValue) {\n throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, `Missing claim \"${claimKey}\" for scope \"${scope}\"`);\n }\n\n req.filter[mapping.filterField] = claimValue;\n delete req.filter?.scope;\n }\n\n private clearScopeFilters(req: HttpRequest, scopeMap: ScopeMap): void {\n for (const [, entry] of scopeMap) {\n delete req.filter[entry.filterField];\n }\n delete req.filter[\"scope\"];\n }\n}\n"]}
|
|
@@ -29,4 +29,14 @@ export declare function createGroup(userPoolId: string, groupName: string, descr
|
|
|
29
29
|
groupName: string;
|
|
30
30
|
description?: string;
|
|
31
31
|
}>;
|
|
32
|
-
export declare function addUserToGroup(userPoolId: string, username: string, groupName: string): Promise<
|
|
32
|
+
export declare function addUserToGroup(userPoolId: string, username: string, groupName: string): Promise<{
|
|
33
|
+
groupName: string;
|
|
34
|
+
username: string;
|
|
35
|
+
}>;
|
|
36
|
+
export declare function deleteGroup(userPoolId: string, groupName: string): Promise<{
|
|
37
|
+
groupName: string;
|
|
38
|
+
}>;
|
|
39
|
+
export declare function removeUserFromGroup(userPoolId: string, username: string, groupName: string): Promise<{
|
|
40
|
+
groupName: string;
|
|
41
|
+
username: string;
|
|
42
|
+
}>;
|
|
@@ -50,6 +50,8 @@ exports.persistCustomValue = persistCustomValue;
|
|
|
50
50
|
exports.findAll = findAll;
|
|
51
51
|
exports.createGroup = createGroup;
|
|
52
52
|
exports.addUserToGroup = addUserToGroup;
|
|
53
|
+
exports.deleteGroup = deleteGroup;
|
|
54
|
+
exports.removeUserFromGroup = removeUserFromGroup;
|
|
53
55
|
const client_cognito_identity_provider_1 = require("@aws-sdk/client-cognito-identity-provider");
|
|
54
56
|
const cognito_user_model_1 = require("../../model/cognito-user.model");
|
|
55
57
|
function mapCognitoAttributes(attributes) {
|
|
@@ -364,5 +366,26 @@ async function addUserToGroup(userPoolId, username, groupName) {
|
|
|
364
366
|
GroupName: groupName,
|
|
365
367
|
});
|
|
366
368
|
await cognitoClient.send(command);
|
|
369
|
+
return {
|
|
370
|
+
username: username,
|
|
371
|
+
groupName: groupName,
|
|
372
|
+
};
|
|
373
|
+
}
|
|
374
|
+
async function deleteGroup(userPoolId, groupName) {
|
|
375
|
+
const command = new client_cognito_identity_provider_1.DeleteGroupCommand({
|
|
376
|
+
UserPoolId: userPoolId,
|
|
377
|
+
GroupName: groupName,
|
|
378
|
+
});
|
|
379
|
+
await cognitoClient.send(command);
|
|
380
|
+
return { groupName };
|
|
381
|
+
}
|
|
382
|
+
async function removeUserFromGroup(userPoolId, username, groupName) {
|
|
383
|
+
const command = new client_cognito_identity_provider_1.AdminRemoveUserFromGroupCommand({
|
|
384
|
+
UserPoolId: userPoolId,
|
|
385
|
+
Username: username,
|
|
386
|
+
GroupName: groupName,
|
|
387
|
+
});
|
|
388
|
+
await cognitoClient.send(command);
|
|
389
|
+
return { username, groupName };
|
|
367
390
|
}
|
|
368
391
|
//# sourceMappingURL=cognito.function.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cognito.function.js","sourceRoot":"","sources":["../../../src/function/cognito/cognito.function.ts"],"names":[],"mappings":";AAAA,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BtB,8CAkDC;AAED,8CAyDC;AAED,8CAIC;AAED,gDAIC;AAED,8CAOC;AAED,wCAuBC;AAED,oDAuCC;AAED,kDAUC;AAED,kDAcC;AAKD,wDAQC;AAMD,oCAcC;AAMD,wCAmBC;AAGD,gDAeC;AAED,0BA+CC;AAED,kCAiBC;AAED,wCAQC;AArZD,gGAYmD;AACnD,uEAA0F;AAE1F,SAAS,oBAAoB,CAAC,UAA4B;IACxD,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,UAAU,IAAI,EAAE,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,aAAa,GAAG,IAAI,gEAA6B,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;AAErF,KAAK,UAAU,iBAAiB,CACrC,UAAkB,EAClB,IAAiB,EACjB,QAAiB;IAEjB,MAAM,cAAc,GAAoB,EAAE,CAAC;IAE3C,IAAI,IAAI,CAAC,KAAK;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1E,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,YAAY;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IAC/F,IAAI,IAAI,CAAC,SAAS;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACvF,IAAI,IAAI,CAAC,UAAU;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAC1F,IAAI,IAAI,CAAC,MAAM;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,IAAI,IAAI,CAAC,QAAQ;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnF,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,SAAS;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACtF,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,kBAAkB;QACzB,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,0BAA0B,EAAE,KAAK,EAAE,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAC5F,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,QAAQ;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEnF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC;YACnE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,mEAAgC,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,cAAc;KAC/B,CAAC,CACH,CAAC;IAEF,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,EAAE,2BAA2B,EAAE,GAAG,wDAAa,2CAA2C,GAAC,CAAC;QAClG,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,2BAA2B,CAAC;YAC9B,UAAU,EAAE,UAAU;YACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,IAAI;SAChB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,cAAc,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,UAAkB,EAClB,IAAiB,EACjB,QAAiB;IAEjB,MAAM,cAAc,GAAoB;QACtC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;QACpC,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE;QACzC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE;QACnD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE;QACrD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE;QACrD,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE,EAAE;QAC5C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE;QAChD,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE;QAClD,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE,EAAE;QACxD,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,IAAI,CAAC,kBAAkB,IAAI,EAAE,EAAE;QACpE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE;KACjD,CAAC;IAEF,wBAAwB;IACxB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC;YACnE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC;QACzC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,cAAc;QAC9B,iBAAiB,EAAE,QAAQ;QAC3B,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,EAAE,gDAAgD;KACnG,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAE9D,OAAO;QACL,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ;QAClD,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;QAC7B,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE,UAA+B;QAC1D,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,OAAO;QAC/B,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE;QACvD,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE;QAC7D,SAAS,EAAE,6BAAQ,CAAC,EAAE;KACvB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,UAAU,EAAE,QAAQ;IAC1D,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE3F,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,UAAU,EAAE,QAAQ;IAC3D,MAAM,OAAO,GAAG,IAAI,0DAAuB,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE5F,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,UAAkB,EAAE,QAAgB;IAC1E,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC;QACzC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,OAAO,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,UAAkB,EAAE,QAAgB;IACvE,MAAM,OAAO,GAAG,IAAI,sDAAmB,CAAC;QACtC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE5D,OAAO;QACL,QAAQ;QACR,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;QAC7B,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,QAAQ,CAAC,UAA+B;QACpD,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,SAAS,EAAE,QAAQ,CAAC,cAAc,EAAE,WAAW,EAAE;QACjD,SAAS,EAAE,QAAQ,CAAC,oBAAoB,EAAE,WAAW,EAAE;QACvD,SAAS,EAAE,6BAAQ,CAAC,EAAE;KACvB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,UAAkB,EAClB,aAAqB,EACrB,cAAsB;IAEtB,MAAM,OAAO,GAAG,IAAI,mDAAgB,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,MAAM,EAAE,GAAG,aAAa,OAAO,cAAc,GAAG;KACjD,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,gBAAgB,GAAkB,EAAE,CAAC;QAE3C,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,gBAAgB,CAAC;QAElD,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEpD,gBAAgB,CAAC,IAAI,CAAC;gBACpB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,SAAS,EAAE,KAAK,CAAC,UAAU;gBAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;gBAC7B,UAAU,EAAE,KAAK;gBACjB,UAAU,EAAE,IAAI,CAAC,UAA+B;gBAChD,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,EAAE;gBAC7C,SAAS,EAAE,IAAI,CAAC,oBAAoB,EAAE,WAAW,EAAE;gBACnD,SAAS,EAAE,6BAAQ,CAAC,EAAE;aACvB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,mBAAmB,CAAC,UAAkB,EAAE,KAAa,EAAE,SAAiB;IAC5F,+BAA+B;IAC/B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,iCAAiC;IACnF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC;IAElD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,mBAAmB,KAAK,YAAY,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,UAAkB,EAClB,WAAmB,EACnB,SAAiB;IAEjB,sCAAsC;IACtC,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,iCAAiC;IACnF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,WAAW,CAAC,CAAC;IAE/D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,0BAA0B,WAAW,YAAY,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AACD;;;GAGG;AACI,KAAK,UAAU,sBAAsB,CAC1C,UAAkB,EAClB,QAAgB,EAChB,SAAiB;IAEjB,qBAAqB;IACrB,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACxD,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,YAAY,CAAC,UAAkB,EAAE,IAAiB,EAAE,SAAiB;IACzF,0CAA0C;IAC1C,MAAM,kBAAkB,CAAC,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,SAAS,CAAC,CAAC;IAE1E,iCAAiC;IACjC,MAAM,aAAa,GAAG;QACpB,GAAG,IAAI,CAAC,UAAU;QAClB,kBAAkB,EAAE,SAAS;KAC9B,CAAC;IAEF,OAAO;QACL,GAAG,IAAI;QACP,UAAU,EAAE,aAAa;KAC1B,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,cAAc,CAClC,UAAkB,EAClB,IAAiB,EACjB,eAAuB,EACvB,UAAe;IAEf,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,eAAe,EAAE,CAAC;IAEvG,0CAA0C;IAC1C,MAAM,kBAAkB,CAAC,UAAU,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC,CAAC;IAExE,iCAAiC;IACjC,OAAO;QACL,GAAG,IAAI;QACP,UAAU,EAAE;YACV,GAAG,IAAI,CAAC,UAAU;YAClB,CAAC,QAAQ,CAAC,EAAE,UAAU;SACvB;KACF,CAAC;AACJ,CAAC;AAED,gDAAgD;AACzC,KAAK,UAAU,kBAAkB,CACtC,UAAkB,EAClB,IAAiB,EACjB,eAAuB,EACvB,UAAe;IAEf,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,eAAe,EAAE,CAAC;IAEvG,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,mEAAgC,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;KAChE,CAAC,CACH,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,OAAO,CAAC,UAAkB,EAAE,OAAe,CAAC,EAAE,OAAe,EAAE;IACnF,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,UAAU;QACtB,KAAK,EAAE,IAAI;QACX,eAAe,EAAE,SAA+B;KACjD,CAAC;IAEF,0BAA0B;IAC1B,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,KAAK,GAAkB,EAAE,CAAC;IAE9B,OAAO,WAAW,IAAI,IAAI,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,mDAAgB,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAQ,CAAC;QAE5D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,KAAK;gBACH,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE;oBAC7B,MAAM,KAAK,GAA2B,EAAE,CAAC;oBACzC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;wBACnC,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK;4BAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;oBACjD,CAAC;oBAED,OAAO;wBACL,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,GAAG,EAAE,KAAK,CAAC,GAAG;wBACd,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,WAAW,EAAE,KAAK,CAAC,YAAY;wBAC/B,SAAS,EAAE,KAAK,CAAC,UAAU;wBAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;wBAC7B,UAAU,EAAE,KAAK;wBACjB,UAAU,EAAE,CAAC,CAAC,UAA+B;wBAC7C,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,SAAS,EAAE,CAAC,CAAC,cAAc,EAAE,WAAW,EAAE;wBAC1C,SAAS,EAAE,CAAC,CAAC,oBAAoB,EAAE,WAAW,EAAE;wBAChD,SAAS,EAAE,IAAI;qBACD,CAAC;gBACnB,CAAC,CAAC,IAAI,EAAE,CAAC;QACb,CAAC;QAED,MAAM,CAAC,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClD,IAAI,CAAC,MAAM,CAAC,eAAe;YAAE,MAAM;QAEnC,WAAW,EAAE,CAAC;IAChB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,SAAiB,EACjB,WAAoB;IAEpB,MAAM,OAAO,GAAG,IAAI,qDAAkB,CAAC;QACrC,UAAU,EAAE,UAAU;QACtB,SAAS,EAAE,SAAS;QACpB,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEnD,OAAO;QACL,SAAS,EAAE,QAAQ,CAAC,KAAK,EAAE,SAAS;QACpC,WAAW,EAAE,QAAQ,CAAC,KAAK,EAAE,WAAW;KACzC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;IAC1F,MAAM,OAAO,GAAG,IAAI,6DAA0B,CAAC;QAC7C,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,SAAS;KACrB,CAAC,CAAC;IAEH,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC","sourcesContent":["// cognito.function.ts\n\nimport {\n AdminCreateUserCommand,\n AdminGetUserCommand,\n AdminDeleteUserCommand,\n AdminUpdateUserAttributesCommand,\n CreateGroupCommand,\n AdminAddUserToGroupCommand,\n AttributeType,\n CognitoIdentityProviderClient,\n ListUsersCommand,\n AdminEnableUserCommand,\n AdminDisableUserCommand,\n} from \"@aws-sdk/client-cognito-identity-provider\";\nimport { CognitoUser, CognitoUserStatus, TokenUse } from \"../../model/cognito-user.model\";\n\nfunction mapCognitoAttributes(attributes?: AttributeType[]): Record<string, string> {\n const result: Record<string, string> = {};\n for (const attr of attributes || []) {\n if (attr.Name && attr.Value) {\n result[attr.Name] = attr.Value;\n }\n }\n return result;\n}\n\nconst cognitoClient = new CognitoIdentityProviderClient({ region: process.env.AWS_REGION });\n\nexport async function updateCognitoUser(\n userPoolId: string,\n user: CognitoUser,\n password?: string,\n): Promise<CognitoUser> {\n const userAttributes: AttributeType[] = [];\n\n if (user.email) userAttributes.push({ Name: \"email\", Value: user.email });\n if (user.profile) userAttributes.push({ Name: \"profile\", Value: user.profile });\n if (user.phone_number) userAttributes.push({ Name: \"phone_number\", Value: user.phone_number });\n if (user.givenName) userAttributes.push({ Name: \"given_name\", Value: user.givenName });\n if (user.familyName) userAttributes.push({ Name: \"family_name\", Value: user.familyName });\n if (user.gender) userAttributes.push({ Name: \"gender\", Value: user.gender });\n if (user.nickname) userAttributes.push({ Name: \"nickname\", Value: user.nickname });\n if (user.address) userAttributes.push({ Name: \"address\", Value: user.address });\n if (user.birthdate) userAttributes.push({ Name: \"birthdate\", Value: user.birthdate });\n if (user.picture) userAttributes.push({ Name: \"picture\", Value: user.picture });\n if (user.preferred_username)\n userAttributes.push({ Name: \"preff.preferred_username\", Value: user.preferred_username });\n if (user.website) userAttributes.push({ Name: \"website\", Value: user.website });\n if (user.zoneinfo) userAttributes.push({ Name: \"zoneinfo\", Value: user.zoneinfo });\n\n if (user.attributes) {\n for (const [key, value] of Object.entries(user.attributes)) {\n const attrName = key.startsWith(\"custom:\") ? key : `custom:${key}`;\n userAttributes.push({ Name: attrName, Value: String(value) });\n }\n }\n\n await cognitoClient.send(\n new AdminUpdateUserAttributesCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: userAttributes,\n }),\n );\n\n if (password) {\n const { AdminSetUserPasswordCommand } = await import(\"@aws-sdk/client-cognito-identity-provider\");\n await cognitoClient.send(\n new AdminSetUserPasswordCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n Password: password,\n Permanent: true,\n }),\n );\n }\n\n return await getCognitoUser(userPoolId, user.username);\n}\n\nexport async function createCognitoUser(\n userPoolId: string,\n user: CognitoUser,\n password?: string,\n): Promise<CognitoUser> {\n const userAttributes: AttributeType[] = [\n { Name: \"email\", Value: user.email },\n { Name: \"email_verified\", Value: \"true\" },\n { Name: \"profile\", Value: user.profile ?? \"\" },\n { Name: \"given_name\", Value: user.givenName ?? \"\" },\n { Name: \"family_name\", Value: user.familyName ?? \"\" },\n { Name: \"middle_name\", Value: user.middleName ?? \"\" },\n { Name: \"gender\", Value: user.gender ?? \"\" },\n { Name: \"nickname\", Value: user.nickname ?? \"\" },\n { Name: \"address\", Value: user.address ?? \"\" },\n { Name: \"birthdate\", Value: user.birthdate ?? \"\" },\n { Name: \"picture\", Value: user.picture ?? \"\" },\n { Name: \"phone_number\", Value: user.phone_number ?? \"\" },\n { Name: \"phone_number_verified\", Value: user.phone_number_verified ? \"true\" : \"false\" },\n { Name: \"preferred_username\", Value: user.preferred_username ?? \"\" },\n { Name: \"website\", Value: user.website ?? \"\" },\n { Name: \"zoneinfo\", Value: user.zoneinfo ?? \"\" },\n ];\n\n // Add custom attributes\n if (user.attributes) {\n for (const [key, value] of Object.entries(user.attributes)) {\n const attrName = key.startsWith(\"custom:\") ? key : `custom:${key}`;\n userAttributes.push({ Name: attrName, Value: value });\n }\n }\n\n const command = new AdminCreateUserCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: userAttributes,\n TemporaryPassword: password,\n MessageAction: password ? \"SUPPRESS\" : undefined, // Don't send welcome email if password provided\n });\n\n const response = await cognitoClient.send(command);\n const attrs = mapCognitoAttributes(response.User?.Attributes);\n\n return {\n username: response.User?.Username || user.username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: response.User?.UserStatus as CognitoUserStatus,\n enabled: response.User?.Enabled,\n createdAt: response.User?.UserCreateDate?.toISOString(),\n updatedAt: response.User?.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n };\n}\n\nexport async function enableCognitoUser(userPoolId, username) {\n const command = new AdminEnableUserCommand({ UserPoolId: userPoolId, Username: username });\n\n return cognitoClient.send(command);\n}\n\nexport async function disableCognitoUser(userPoolId, username) {\n const command = new AdminDisableUserCommand({ UserPoolId: userPoolId, Username: username });\n\n return cognitoClient.send(command);\n}\n\nexport async function deleteCognitoUser(userPoolId: string, username: string): Promise<any> {\n const command = new AdminDeleteUserCommand({\n UserPoolId: userPoolId,\n Username: username,\n });\n\n return await cognitoClient.send(command);\n}\n\nexport async function getCognitoUser(userPoolId: string, username: string): Promise<CognitoUser> {\n const command = new AdminGetUserCommand({\n UserPoolId: userPoolId,\n Username: username,\n });\n\n const response = await cognitoClient.send(command);\n const attrs = mapCognitoAttributes(response.UserAttributes);\n\n return {\n username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: response.UserStatus as CognitoUserStatus,\n enabled: response.Enabled,\n createdAt: response.UserCreateDate?.toISOString(),\n updatedAt: response.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n };\n}\n\nexport async function listUsersByAttribute(\n userPoolId: string,\n attributeName: string,\n attributeValue: string,\n): Promise<CognitoUser[]> {\n const command = new ListUsersCommand({\n UserPoolId: userPoolId,\n Filter: `${attributeName} = \"${attributeValue}\"`,\n });\n\n try {\n const response = await cognitoClient.send(command);\n const cognitoUsersList: CognitoUser[] = [];\n\n if (response.Users.length === 0) cognitoUsersList;\n\n for (const user of response.Users) {\n const attrs = mapCognitoAttributes(user.Attributes);\n\n cognitoUsersList.push({\n username: user.Username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: user.UserStatus as CognitoUserStatus,\n enabled: user.Enabled,\n createdAt: user.UserCreateDate?.toISOString(),\n updatedAt: user.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n });\n }\n\n return cognitoUsersList;\n } catch (err) {\n console.error(\"Error listing users:\", err);\n }\n}\n\nexport async function setProfileIdByEmail(userPoolId: string, email: string, profileId: string): Promise<CognitoUser> {\n // Find the user by email first\n const users = await findAll(userPoolId, 1, 1000); // Get all users to find by email\n const user = users.find((u) => u.email === email);\n\n if (!user) {\n throw new Error(`User with email ${email} not found`);\n }\n\n return setProfileId(userPoolId, user, profileId);\n}\n\nexport async function setProfileIdByPhone(\n userPoolId: string,\n phoneNumber: string,\n profileId: string,\n): Promise<CognitoUser> {\n // Find the user by phone number first\n const users = await findAll(userPoolId, 1, 1000); // Get all users to find by phone\n const user = users.find((u) => u.phone_number === phoneNumber);\n\n if (!user) {\n throw new Error(`User with phone number ${phoneNumber} not found`);\n }\n\n return setProfileId(userPoolId, user, profileId);\n}\n/**\n * Sets a profileId as a Cognito custom attribute.\n * Returns a **new CognitoUser object** with the attribute updated.\n */\nexport async function setProfileIdByUsername(\n userPoolId: string,\n username: string,\n profileId: string,\n): Promise<CognitoUser> {\n // Get the user first\n const user = await getCognitoUser(userPoolId, username);\n return setProfileId(userPoolId, user, profileId);\n}\n\n/**\n * Sets a profileId as a Cognito custom attribute.\n * Saves the changes to the Cognito user pool and returns the updated CognitoUser object.\n */\nexport async function setProfileId(userPoolId: string, user: CognitoUser, profileId: string): Promise<CognitoUser> {\n // Persist the custom attribute to Cognito\n await persistCustomValue(userPoolId, user, \"custom:profileId\", profileId);\n\n // Return the updated user object\n const newAttributes = {\n ...user.attributes,\n \"custom:profileId\": profileId,\n };\n\n return {\n ...user,\n attributes: newAttributes,\n };\n}\n\n/**\n * Sets a custom attribute on a CognitoUser object.\n * Saves the changes to the Cognito user pool and returns the updated CognitoUser object.\n */\nexport async function setCustomValue(\n userPoolId: string,\n user: CognitoUser,\n customFieldName: string,\n fieldValue: any,\n): Promise<CognitoUser> {\n const attrName = customFieldName.startsWith(\"custom:\") ? customFieldName : `custom:${customFieldName}`;\n\n // Persist the custom attribute to Cognito\n await persistCustomValue(userPoolId, user, customFieldName, fieldValue);\n\n // Return the updated user object\n return {\n ...user,\n attributes: {\n ...user.attributes,\n [attrName]: fieldValue,\n },\n };\n}\n\n// Optional: Persist custom attribute to Cognito\nexport async function persistCustomValue(\n userPoolId: string,\n user: CognitoUser,\n customFieldName: string,\n fieldValue: any,\n): Promise<void> {\n const attrName = customFieldName.startsWith(\"custom:\") ? customFieldName : `custom:${customFieldName}`;\n\n await cognitoClient.send(\n new AdminUpdateUserAttributesCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: [{ Name: attrName, Value: String(fieldValue) }],\n }),\n );\n}\n\nexport async function findAll(userPoolId: string, page: number = 1, size: number = 50): Promise<CognitoUser[]> {\n const params = {\n UserPoolId: userPoolId,\n Limit: size,\n PaginationToken: undefined as string | undefined,\n };\n\n // simple pagination logic\n let currentPage = 1;\n let users: CognitoUser[] = [];\n\n while (currentPage <= page) {\n const command = new ListUsersCommand(params);\n const response = (await cognitoClient.send(command)) as any;\n\n if (currentPage === page) {\n users =\n response.Users?.map((u: any) => {\n const attrs: Record<string, string> = {};\n for (const a of u.Attributes || []) {\n if (a.Name && a.Value) attrs[a.Name] = a.Value;\n }\n\n return {\n username: u.Username,\n sub: attrs.sub,\n email: attrs.email,\n phoneNumber: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: u.UserStatus as CognitoUserStatus,\n enabled: u.Enabled,\n createdAt: u.UserCreateDate?.toISOString(),\n updatedAt: u.UserLastModifiedDate?.toISOString(),\n token_use: \"id\",\n } as CognitoUser;\n }) || [];\n }\n\n params.PaginationToken = response.PaginationToken;\n if (!params.PaginationToken) break;\n\n currentPage++;\n }\n\n return users;\n}\n\nexport async function createGroup(\n userPoolId: string,\n groupName: string,\n description?: string,\n): Promise<{ groupName: string; description?: string }> {\n const command = new CreateGroupCommand({\n UserPoolId: userPoolId,\n GroupName: groupName,\n Description: description,\n });\n\n const response = await cognitoClient.send(command);\n\n return {\n groupName: response.Group?.GroupName,\n description: response.Group?.Description,\n };\n}\n\nexport async function addUserToGroup(userPoolId: string, username: string, groupName: string): Promise<void> {\n const command = new AdminAddUserToGroupCommand({\n UserPoolId: userPoolId,\n Username: username,\n GroupName: groupName,\n });\n\n await cognitoClient.send(command);\n}\n"]}
|
|
1
|
+
{"version":3,"file":"cognito.function.js","sourceRoot":"","sources":["../../../src/function/cognito/cognito.function.ts"],"names":[],"mappings":";AAAA,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BtB,8CAkDC;AAED,8CAyDC;AAED,8CAIC;AAED,gDAIC;AAED,8CAOC;AAED,wCAuBC;AAED,oDAuCC;AAED,kDAUC;AAED,kDAcC;AAKD,wDAQC;AAMD,oCAcC;AAMD,wCAmBC;AAGD,gDAeC;AAED,0BA+CC;AAED,kCAiBC;AAED,wCAiBC;AAED,kCAYC;AAED,kDAcC;AA9bD,gGAcmD;AACnD,uEAA0F;AAE1F,SAAS,oBAAoB,CAAC,UAA4B;IACxD,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,UAAU,IAAI,EAAE,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,aAAa,GAAG,IAAI,gEAA6B,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;AAErF,KAAK,UAAU,iBAAiB,CACrC,UAAkB,EAClB,IAAiB,EACjB,QAAiB;IAEjB,MAAM,cAAc,GAAoB,EAAE,CAAC;IAE3C,IAAI,IAAI,CAAC,KAAK;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1E,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,YAAY;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IAC/F,IAAI,IAAI,CAAC,SAAS;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACvF,IAAI,IAAI,CAAC,UAAU;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAC1F,IAAI,IAAI,CAAC,MAAM;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,IAAI,IAAI,CAAC,QAAQ;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnF,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,SAAS;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACtF,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,kBAAkB;QACzB,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,0BAA0B,EAAE,KAAK,EAAE,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAC5F,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,QAAQ;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEnF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC;YACnE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,mEAAgC,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,cAAc;KAC/B,CAAC,CACH,CAAC;IAEF,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,EAAE,2BAA2B,EAAE,GAAG,wDAAa,2CAA2C,GAAC,CAAC;QAClG,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,2BAA2B,CAAC;YAC9B,UAAU,EAAE,UAAU;YACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,IAAI;SAChB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,cAAc,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,UAAkB,EAClB,IAAiB,EACjB,QAAiB;IAEjB,MAAM,cAAc,GAAoB;QACtC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;QACpC,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE;QACzC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE;QACnD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE;QACrD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE;QACrD,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE,EAAE;QAC5C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE;QAChD,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE;QAClD,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE,EAAE;QACxD,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,IAAI,CAAC,kBAAkB,IAAI,EAAE,EAAE;QACpE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE;KACjD,CAAC;IAEF,wBAAwB;IACxB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC;YACnE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC;QACzC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,cAAc;QAC9B,iBAAiB,EAAE,QAAQ;QAC3B,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,EAAE,gDAAgD;KACnG,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAE9D,OAAO;QACL,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ;QAClD,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;QAC7B,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE,UAA+B;QAC1D,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,OAAO;QAC/B,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE;QACvD,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE;QAC7D,SAAS,EAAE,6BAAQ,CAAC,EAAE;KACvB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,UAAU,EAAE,QAAQ;IAC1D,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE3F,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,UAAU,EAAE,QAAQ;IAC3D,MAAM,OAAO,GAAG,IAAI,0DAAuB,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE5F,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,UAAkB,EAAE,QAAgB;IAC1E,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC;QACzC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,OAAO,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,UAAkB,EAAE,QAAgB;IACvE,MAAM,OAAO,GAAG,IAAI,sDAAmB,CAAC;QACtC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE5D,OAAO;QACL,QAAQ;QACR,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;QAC7B,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,QAAQ,CAAC,UAA+B;QACpD,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,SAAS,EAAE,QAAQ,CAAC,cAAc,EAAE,WAAW,EAAE;QACjD,SAAS,EAAE,QAAQ,CAAC,oBAAoB,EAAE,WAAW,EAAE;QACvD,SAAS,EAAE,6BAAQ,CAAC,EAAE;KACvB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,UAAkB,EAClB,aAAqB,EACrB,cAAsB;IAEtB,MAAM,OAAO,GAAG,IAAI,mDAAgB,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,MAAM,EAAE,GAAG,aAAa,OAAO,cAAc,GAAG;KACjD,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,gBAAgB,GAAkB,EAAE,CAAC;QAE3C,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,gBAAgB,CAAC;QAElD,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEpD,gBAAgB,CAAC,IAAI,CAAC;gBACpB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,SAAS,EAAE,KAAK,CAAC,UAAU;gBAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;gBAC7B,UAAU,EAAE,KAAK;gBACjB,UAAU,EAAE,IAAI,CAAC,UAA+B;gBAChD,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,EAAE;gBAC7C,SAAS,EAAE,IAAI,CAAC,oBAAoB,EAAE,WAAW,EAAE;gBACnD,SAAS,EAAE,6BAAQ,CAAC,EAAE;aACvB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,mBAAmB,CAAC,UAAkB,EAAE,KAAa,EAAE,SAAiB;IAC5F,+BAA+B;IAC/B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,iCAAiC;IACnF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC;IAElD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,mBAAmB,KAAK,YAAY,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,UAAkB,EAClB,WAAmB,EACnB,SAAiB;IAEjB,sCAAsC;IACtC,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,iCAAiC;IACnF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,WAAW,CAAC,CAAC;IAE/D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,0BAA0B,WAAW,YAAY,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AACD;;;GAGG;AACI,KAAK,UAAU,sBAAsB,CAC1C,UAAkB,EAClB,QAAgB,EAChB,SAAiB;IAEjB,qBAAqB;IACrB,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACxD,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,YAAY,CAAC,UAAkB,EAAE,IAAiB,EAAE,SAAiB;IACzF,0CAA0C;IAC1C,MAAM,kBAAkB,CAAC,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,SAAS,CAAC,CAAC;IAE1E,iCAAiC;IACjC,MAAM,aAAa,GAAG;QACpB,GAAG,IAAI,CAAC,UAAU;QAClB,kBAAkB,EAAE,SAAS;KAC9B,CAAC;IAEF,OAAO;QACL,GAAG,IAAI;QACP,UAAU,EAAE,aAAa;KAC1B,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,cAAc,CAClC,UAAkB,EAClB,IAAiB,EACjB,eAAuB,EACvB,UAAe;IAEf,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,eAAe,EAAE,CAAC;IAEvG,0CAA0C;IAC1C,MAAM,kBAAkB,CAAC,UAAU,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC,CAAC;IAExE,iCAAiC;IACjC,OAAO;QACL,GAAG,IAAI;QACP,UAAU,EAAE;YACV,GAAG,IAAI,CAAC,UAAU;YAClB,CAAC,QAAQ,CAAC,EAAE,UAAU;SACvB;KACF,CAAC;AACJ,CAAC;AAED,gDAAgD;AACzC,KAAK,UAAU,kBAAkB,CACtC,UAAkB,EAClB,IAAiB,EACjB,eAAuB,EACvB,UAAe;IAEf,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,eAAe,EAAE,CAAC;IAEvG,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,mEAAgC,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;KAChE,CAAC,CACH,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,OAAO,CAAC,UAAkB,EAAE,OAAe,CAAC,EAAE,OAAe,EAAE;IACnF,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,UAAU;QACtB,KAAK,EAAE,IAAI;QACX,eAAe,EAAE,SAA+B;KACjD,CAAC;IAEF,0BAA0B;IAC1B,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,KAAK,GAAkB,EAAE,CAAC;IAE9B,OAAO,WAAW,IAAI,IAAI,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,mDAAgB,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAQ,CAAC;QAE5D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,KAAK;gBACH,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE;oBAC7B,MAAM,KAAK,GAA2B,EAAE,CAAC;oBACzC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;wBACnC,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK;4BAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;oBACjD,CAAC;oBAED,OAAO;wBACL,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,GAAG,EAAE,KAAK,CAAC,GAAG;wBACd,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,WAAW,EAAE,KAAK,CAAC,YAAY;wBAC/B,SAAS,EAAE,KAAK,CAAC,UAAU;wBAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;wBAC7B,UAAU,EAAE,KAAK;wBACjB,UAAU,EAAE,CAAC,CAAC,UAA+B;wBAC7C,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,SAAS,EAAE,CAAC,CAAC,cAAc,EAAE,WAAW,EAAE;wBAC1C,SAAS,EAAE,CAAC,CAAC,oBAAoB,EAAE,WAAW,EAAE;wBAChD,SAAS,EAAE,IAAI;qBACD,CAAC;gBACnB,CAAC,CAAC,IAAI,EAAE,CAAC;QACb,CAAC;QAED,MAAM,CAAC,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClD,IAAI,CAAC,MAAM,CAAC,eAAe;YAAE,MAAM;QAEnC,WAAW,EAAE,CAAC;IAChB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,SAAiB,EACjB,WAAoB;IAEpB,MAAM,OAAO,GAAG,IAAI,qDAAkB,CAAC;QACrC,UAAU,EAAE,UAAU;QACtB,SAAS,EAAE,SAAS;QACpB,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEnD,OAAO;QACL,SAAS,EAAE,QAAQ,CAAC,KAAK,EAAE,SAAS;QACpC,WAAW,EAAE,QAAQ,CAAC,KAAK,EAAE,WAAW;KACzC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,UAAkB,EAClB,QAAgB,EAChB,SAAiB;IAEjB,MAAM,OAAO,GAAG,IAAI,6DAA0B,CAAC;QAC7C,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,SAAS;KACrB,CAAC,CAAC;IAEH,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAElC,OAAO;QACL,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,SAAS;KACrB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,SAAiB;IAEjB,MAAM,OAAO,GAAG,IAAI,qDAAkB,CAAC;QACrC,UAAU,EAAE,UAAU;QACtB,SAAS,EAAE,SAAS;KACrB,CAAC,CAAC;IAEH,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAElC,OAAO,EAAE,SAAS,EAAE,CAAC;AACvB,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,UAAkB,EAClB,QAAgB,EAChB,SAAiB;IAEjB,MAAM,OAAO,GAAG,IAAI,kEAA+B,CAAC;QAClD,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,SAAS;KACrB,CAAC,CAAC;IAEH,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAElC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC","sourcesContent":["// cognito.function.ts\n\nimport {\n AdminCreateUserCommand,\n AdminGetUserCommand,\n AdminDeleteUserCommand,\n AdminUpdateUserAttributesCommand,\n CreateGroupCommand,\n DeleteGroupCommand,\n AdminAddUserToGroupCommand,\n AdminRemoveUserFromGroupCommand,\n AttributeType,\n CognitoIdentityProviderClient,\n ListUsersCommand,\n AdminEnableUserCommand,\n AdminDisableUserCommand,\n} from \"@aws-sdk/client-cognito-identity-provider\";\nimport { CognitoUser, CognitoUserStatus, TokenUse } from \"../../model/cognito-user.model\";\n\nfunction mapCognitoAttributes(attributes?: AttributeType[]): Record<string, string> {\n const result: Record<string, string> = {};\n for (const attr of attributes || []) {\n if (attr.Name && attr.Value) {\n result[attr.Name] = attr.Value;\n }\n }\n return result;\n}\n\nconst cognitoClient = new CognitoIdentityProviderClient({ region: process.env.AWS_REGION });\n\nexport async function updateCognitoUser(\n userPoolId: string,\n user: CognitoUser,\n password?: string,\n): Promise<CognitoUser> {\n const userAttributes: AttributeType[] = [];\n\n if (user.email) userAttributes.push({ Name: \"email\", Value: user.email });\n if (user.profile) userAttributes.push({ Name: \"profile\", Value: user.profile });\n if (user.phone_number) userAttributes.push({ Name: \"phone_number\", Value: user.phone_number });\n if (user.givenName) userAttributes.push({ Name: \"given_name\", Value: user.givenName });\n if (user.familyName) userAttributes.push({ Name: \"family_name\", Value: user.familyName });\n if (user.gender) userAttributes.push({ Name: \"gender\", Value: user.gender });\n if (user.nickname) userAttributes.push({ Name: \"nickname\", Value: user.nickname });\n if (user.address) userAttributes.push({ Name: \"address\", Value: user.address });\n if (user.birthdate) userAttributes.push({ Name: \"birthdate\", Value: user.birthdate });\n if (user.picture) userAttributes.push({ Name: \"picture\", Value: user.picture });\n if (user.preferred_username)\n userAttributes.push({ Name: \"preff.preferred_username\", Value: user.preferred_username });\n if (user.website) userAttributes.push({ Name: \"website\", Value: user.website });\n if (user.zoneinfo) userAttributes.push({ Name: \"zoneinfo\", Value: user.zoneinfo });\n\n if (user.attributes) {\n for (const [key, value] of Object.entries(user.attributes)) {\n const attrName = key.startsWith(\"custom:\") ? key : `custom:${key}`;\n userAttributes.push({ Name: attrName, Value: String(value) });\n }\n }\n\n await cognitoClient.send(\n new AdminUpdateUserAttributesCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: userAttributes,\n }),\n );\n\n if (password) {\n const { AdminSetUserPasswordCommand } = await import(\"@aws-sdk/client-cognito-identity-provider\");\n await cognitoClient.send(\n new AdminSetUserPasswordCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n Password: password,\n Permanent: true,\n }),\n );\n }\n\n return await getCognitoUser(userPoolId, user.username);\n}\n\nexport async function createCognitoUser(\n userPoolId: string,\n user: CognitoUser,\n password?: string,\n): Promise<CognitoUser> {\n const userAttributes: AttributeType[] = [\n { Name: \"email\", Value: user.email },\n { Name: \"email_verified\", Value: \"true\" },\n { Name: \"profile\", Value: user.profile ?? \"\" },\n { Name: \"given_name\", Value: user.givenName ?? \"\" },\n { Name: \"family_name\", Value: user.familyName ?? \"\" },\n { Name: \"middle_name\", Value: user.middleName ?? \"\" },\n { Name: \"gender\", Value: user.gender ?? \"\" },\n { Name: \"nickname\", Value: user.nickname ?? \"\" },\n { Name: \"address\", Value: user.address ?? \"\" },\n { Name: \"birthdate\", Value: user.birthdate ?? \"\" },\n { Name: \"picture\", Value: user.picture ?? \"\" },\n { Name: \"phone_number\", Value: user.phone_number ?? \"\" },\n { Name: \"phone_number_verified\", Value: user.phone_number_verified ? \"true\" : \"false\" },\n { Name: \"preferred_username\", Value: user.preferred_username ?? \"\" },\n { Name: \"website\", Value: user.website ?? \"\" },\n { Name: \"zoneinfo\", Value: user.zoneinfo ?? \"\" },\n ];\n\n // Add custom attributes\n if (user.attributes) {\n for (const [key, value] of Object.entries(user.attributes)) {\n const attrName = key.startsWith(\"custom:\") ? key : `custom:${key}`;\n userAttributes.push({ Name: attrName, Value: value });\n }\n }\n\n const command = new AdminCreateUserCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: userAttributes,\n TemporaryPassword: password,\n MessageAction: password ? \"SUPPRESS\" : undefined, // Don't send welcome email if password provided\n });\n\n const response = await cognitoClient.send(command);\n const attrs = mapCognitoAttributes(response.User?.Attributes);\n\n return {\n username: response.User?.Username || user.username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: response.User?.UserStatus as CognitoUserStatus,\n enabled: response.User?.Enabled,\n createdAt: response.User?.UserCreateDate?.toISOString(),\n updatedAt: response.User?.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n };\n}\n\nexport async function enableCognitoUser(userPoolId, username) {\n const command = new AdminEnableUserCommand({ UserPoolId: userPoolId, Username: username });\n\n return cognitoClient.send(command);\n}\n\nexport async function disableCognitoUser(userPoolId, username) {\n const command = new AdminDisableUserCommand({ UserPoolId: userPoolId, Username: username });\n\n return cognitoClient.send(command);\n}\n\nexport async function deleteCognitoUser(userPoolId: string, username: string): Promise<any> {\n const command = new AdminDeleteUserCommand({\n UserPoolId: userPoolId,\n Username: username,\n });\n\n return await cognitoClient.send(command);\n}\n\nexport async function getCognitoUser(userPoolId: string, username: string): Promise<CognitoUser> {\n const command = new AdminGetUserCommand({\n UserPoolId: userPoolId,\n Username: username,\n });\n\n const response = await cognitoClient.send(command);\n const attrs = mapCognitoAttributes(response.UserAttributes);\n\n return {\n username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: response.UserStatus as CognitoUserStatus,\n enabled: response.Enabled,\n createdAt: response.UserCreateDate?.toISOString(),\n updatedAt: response.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n };\n}\n\nexport async function listUsersByAttribute(\n userPoolId: string,\n attributeName: string,\n attributeValue: string,\n): Promise<CognitoUser[]> {\n const command = new ListUsersCommand({\n UserPoolId: userPoolId,\n Filter: `${attributeName} = \"${attributeValue}\"`,\n });\n\n try {\n const response = await cognitoClient.send(command);\n const cognitoUsersList: CognitoUser[] = [];\n\n if (response.Users.length === 0) cognitoUsersList;\n\n for (const user of response.Users) {\n const attrs = mapCognitoAttributes(user.Attributes);\n\n cognitoUsersList.push({\n username: user.Username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: user.UserStatus as CognitoUserStatus,\n enabled: user.Enabled,\n createdAt: user.UserCreateDate?.toISOString(),\n updatedAt: user.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n });\n }\n\n return cognitoUsersList;\n } catch (err) {\n console.error(\"Error listing users:\", err);\n }\n}\n\nexport async function setProfileIdByEmail(userPoolId: string, email: string, profileId: string): Promise<CognitoUser> {\n // Find the user by email first\n const users = await findAll(userPoolId, 1, 1000); // Get all users to find by email\n const user = users.find((u) => u.email === email);\n\n if (!user) {\n throw new Error(`User with email ${email} not found`);\n }\n\n return setProfileId(userPoolId, user, profileId);\n}\n\nexport async function setProfileIdByPhone(\n userPoolId: string,\n phoneNumber: string,\n profileId: string,\n): Promise<CognitoUser> {\n // Find the user by phone number first\n const users = await findAll(userPoolId, 1, 1000); // Get all users to find by phone\n const user = users.find((u) => u.phone_number === phoneNumber);\n\n if (!user) {\n throw new Error(`User with phone number ${phoneNumber} not found`);\n }\n\n return setProfileId(userPoolId, user, profileId);\n}\n/**\n * Sets a profileId as a Cognito custom attribute.\n * Returns a **new CognitoUser object** with the attribute updated.\n */\nexport async function setProfileIdByUsername(\n userPoolId: string,\n username: string,\n profileId: string,\n): Promise<CognitoUser> {\n // Get the user first\n const user = await getCognitoUser(userPoolId, username);\n return setProfileId(userPoolId, user, profileId);\n}\n\n/**\n * Sets a profileId as a Cognito custom attribute.\n * Saves the changes to the Cognito user pool and returns the updated CognitoUser object.\n */\nexport async function setProfileId(userPoolId: string, user: CognitoUser, profileId: string): Promise<CognitoUser> {\n // Persist the custom attribute to Cognito\n await persistCustomValue(userPoolId, user, \"custom:profileId\", profileId);\n\n // Return the updated user object\n const newAttributes = {\n ...user.attributes,\n \"custom:profileId\": profileId,\n };\n\n return {\n ...user,\n attributes: newAttributes,\n };\n}\n\n/**\n * Sets a custom attribute on a CognitoUser object.\n * Saves the changes to the Cognito user pool and returns the updated CognitoUser object.\n */\nexport async function setCustomValue(\n userPoolId: string,\n user: CognitoUser,\n customFieldName: string,\n fieldValue: any,\n): Promise<CognitoUser> {\n const attrName = customFieldName.startsWith(\"custom:\") ? customFieldName : `custom:${customFieldName}`;\n\n // Persist the custom attribute to Cognito\n await persistCustomValue(userPoolId, user, customFieldName, fieldValue);\n\n // Return the updated user object\n return {\n ...user,\n attributes: {\n ...user.attributes,\n [attrName]: fieldValue,\n },\n };\n}\n\n// Optional: Persist custom attribute to Cognito\nexport async function persistCustomValue(\n userPoolId: string,\n user: CognitoUser,\n customFieldName: string,\n fieldValue: any,\n): Promise<void> {\n const attrName = customFieldName.startsWith(\"custom:\") ? customFieldName : `custom:${customFieldName}`;\n\n await cognitoClient.send(\n new AdminUpdateUserAttributesCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: [{ Name: attrName, Value: String(fieldValue) }],\n }),\n );\n}\n\nexport async function findAll(userPoolId: string, page: number = 1, size: number = 50): Promise<CognitoUser[]> {\n const params = {\n UserPoolId: userPoolId,\n Limit: size,\n PaginationToken: undefined as string | undefined,\n };\n\n // simple pagination logic\n let currentPage = 1;\n let users: CognitoUser[] = [];\n\n while (currentPage <= page) {\n const command = new ListUsersCommand(params);\n const response = (await cognitoClient.send(command)) as any;\n\n if (currentPage === page) {\n users =\n response.Users?.map((u: any) => {\n const attrs: Record<string, string> = {};\n for (const a of u.Attributes || []) {\n if (a.Name && a.Value) attrs[a.Name] = a.Value;\n }\n\n return {\n username: u.Username,\n sub: attrs.sub,\n email: attrs.email,\n phoneNumber: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: u.UserStatus as CognitoUserStatus,\n enabled: u.Enabled,\n createdAt: u.UserCreateDate?.toISOString(),\n updatedAt: u.UserLastModifiedDate?.toISOString(),\n token_use: \"id\",\n } as CognitoUser;\n }) || [];\n }\n\n params.PaginationToken = response.PaginationToken;\n if (!params.PaginationToken) break;\n\n currentPage++;\n }\n\n return users;\n}\n\nexport async function createGroup(\n userPoolId: string,\n groupName: string,\n description?: string,\n): Promise<{ groupName: string; description?: string }> {\n const command = new CreateGroupCommand({\n UserPoolId: userPoolId,\n GroupName: groupName,\n Description: description,\n });\n\n const response = await cognitoClient.send(command);\n\n return {\n groupName: response.Group?.GroupName,\n description: response.Group?.Description,\n };\n}\n\nexport async function addUserToGroup(\n userPoolId: string,\n username: string,\n groupName: string,\n): Promise<{ groupName: string; username: string }> {\n const command = new AdminAddUserToGroupCommand({\n UserPoolId: userPoolId,\n Username: username,\n GroupName: groupName,\n });\n\n await cognitoClient.send(command);\n\n return {\n username: username,\n groupName: groupName,\n };\n}\n\nexport async function deleteGroup(\n userPoolId: string,\n groupName: string,\n): Promise<{ groupName: string }> {\n const command = new DeleteGroupCommand({\n UserPoolId: userPoolId,\n GroupName: groupName,\n });\n\n await cognitoClient.send(command);\n\n return { groupName };\n}\n\nexport async function removeUserFromGroup(\n userPoolId: string,\n username: string,\n groupName: string,\n): Promise<{ groupName: string; username: string }> {\n const command = new AdminRemoveUserFromGroupCommand({\n UserPoolId: userPoolId,\n Username: username,\n GroupName: groupName,\n });\n\n await cognitoClient.send(command);\n\n return { username, groupName };\n}\n"]}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export * from "./cognito.function";
|
|
2
|
-
import { createCognitoUser, findAll, getCognitoUser, persistCustomValue, listUsersByAttribute, setCustomValue, setProfileId, setProfileIdByEmail, setProfileIdByPhone, setProfileIdByUsername, updateCognitoUser, deleteCognitoUser, disableCognitoUser, enableCognitoUser, createGroup, addUserToGroup } from "./cognito.function";
|
|
2
|
+
import { createCognitoUser, findAll, getCognitoUser, persistCustomValue, listUsersByAttribute, setCustomValue, setProfileId, setProfileIdByEmail, setProfileIdByPhone, setProfileIdByUsername, updateCognitoUser, deleteCognitoUser, disableCognitoUser, enableCognitoUser, createGroup, deleteGroup, addUserToGroup, removeUserFromGroup } from "./cognito.function";
|
|
3
3
|
export declare const cognito: {
|
|
4
4
|
create: typeof createCognitoUser;
|
|
5
5
|
get: typeof getCognitoUser;
|
|
@@ -16,6 +16,8 @@ export declare const cognito: {
|
|
|
16
16
|
disable: typeof disableCognitoUser;
|
|
17
17
|
enable: typeof enableCognitoUser;
|
|
18
18
|
createGroup: typeof createGroup;
|
|
19
|
+
deleteGroup: typeof deleteGroup;
|
|
19
20
|
addUserToGroup: typeof addUserToGroup;
|
|
21
|
+
removeUserFromGroup: typeof removeUserFromGroup;
|
|
20
22
|
};
|
|
21
23
|
export type CognitoApi = typeof cognito;
|
|
@@ -33,6 +33,8 @@ exports.cognito = {
|
|
|
33
33
|
disable: cognito_function_1.disableCognitoUser,
|
|
34
34
|
enable: cognito_function_1.enableCognitoUser,
|
|
35
35
|
createGroup: cognito_function_1.createGroup,
|
|
36
|
+
deleteGroup: cognito_function_1.deleteGroup,
|
|
36
37
|
addUserToGroup: cognito_function_1.addUserToGroup,
|
|
38
|
+
removeUserFromGroup: cognito_function_1.removeUserFromGroup,
|
|
37
39
|
};
|
|
38
40
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/function/cognito/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,qDAAmC;AAEnC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/function/cognito/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,qDAAmC;AAEnC,yDAmB4B;AAEf,QAAA,OAAO,GAAG;IACrB,MAAM,EAAE,oCAAiB;IACzB,GAAG,EAAE,iCAAc;IACnB,eAAe,EAAE,uCAAoB;IACrC,OAAO,EAAP,0BAAO;IACP,MAAM,EAAE,oCAAiB;IACzB,MAAM,EAAE,oCAAiB;IACzB,mBAAmB,EAAnB,sCAAmB;IACnB,mBAAmB,EAAnB,sCAAmB;IACnB,sBAAsB,EAAtB,yCAAsB;IACtB,YAAY,EAAZ,+BAAY;IACZ,cAAc,EAAd,iCAAc;IACd,kBAAkB,EAAlB,qCAAkB;IAClB,OAAO,EAAE,qCAAkB;IAC3B,MAAM,EAAE,oCAAiB;IACzB,WAAW,EAAX,8BAAW;IACX,WAAW,EAAX,8BAAW;IACX,cAAc,EAAd,iCAAc;IACd,mBAAmB,EAAnB,sCAAmB;CACpB,CAAC","sourcesContent":["export * from \"./cognito.function\";\n\nimport {\n createCognitoUser,\n findAll,\n getCognitoUser,\n persistCustomValue,\n listUsersByAttribute,\n setCustomValue,\n setProfileId,\n setProfileIdByEmail,\n setProfileIdByPhone,\n setProfileIdByUsername,\n updateCognitoUser,\n deleteCognitoUser,\n disableCognitoUser,\n enableCognitoUser,\n createGroup,\n deleteGroup,\n addUserToGroup,\n removeUserFromGroup,\n} from \"./cognito.function\";\n\nexport const cognito = {\n create: createCognitoUser,\n get: getCognitoUser,\n listByAttribute: listUsersByAttribute,\n findAll,\n update: updateCognitoUser,\n delete: deleteCognitoUser,\n setProfileIdByEmail,\n setProfileIdByPhone,\n setProfileIdByUsername,\n setProfileId,\n setCustomValue,\n persistCustomValue,\n disable: disableCognitoUser,\n enable: enableCognitoUser,\n createGroup,\n deleteGroup,\n addUserToGroup,\n removeUserFromGroup,\n};\n\nexport type CognitoApi = typeof cognito;\n"]}
|
package/dist/function/index.d.ts
CHANGED
|
@@ -15,7 +15,9 @@ export declare const aws: {
|
|
|
15
15
|
disable: typeof import("./cognito").disableCognitoUser;
|
|
16
16
|
enable: typeof import("./cognito").enableCognitoUser;
|
|
17
17
|
createGroup: typeof import("./cognito").createGroup;
|
|
18
|
+
deleteGroup: typeof import("./cognito").deleteGroup;
|
|
18
19
|
addUserToGroup: typeof import("./cognito").addUserToGroup;
|
|
20
|
+
removeUserFromGroup: typeof import("./cognito").removeUserFromGroup;
|
|
19
21
|
};
|
|
20
22
|
s3: {
|
|
21
23
|
createBucket: typeof import("./s3").createBucket;
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { z, ZodType } from "zod";
|
|
2
|
+
type InvalidConfig = boolean | string[];
|
|
3
|
+
/**
|
|
4
|
+
* EntityBuilder generates mock objects from a Zod schema.
|
|
5
|
+
* - Can produce fully valid objects
|
|
6
|
+
* - Can produce random invalid objects (at least one field invalid)
|
|
7
|
+
* - Can produce targeted invalid objects (specific fields)
|
|
8
|
+
* - Arrays are autofilled with multiple elements if `arrayLength` > 1
|
|
9
|
+
*/
|
|
10
|
+
export declare class EntityBuilder<T extends ZodType<any, any, any>> {
|
|
11
|
+
private readonly schema;
|
|
12
|
+
private readonly invalid;
|
|
13
|
+
private readonly arrayLength;
|
|
14
|
+
private seed;
|
|
15
|
+
constructor(schema: T, invalid?: InvalidConfig, arrayLength?: number);
|
|
16
|
+
build(): z.infer<T>;
|
|
17
|
+
private buildFromZod;
|
|
18
|
+
private shouldInvalidate;
|
|
19
|
+
}
|
|
20
|
+
export {};
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.EntityBuilder = void 0;
|
|
4
|
+
const zod_1 = require("zod");
|
|
5
|
+
/**
|
|
6
|
+
* EntityBuilder generates mock objects from a Zod schema.
|
|
7
|
+
* - Can produce fully valid objects
|
|
8
|
+
* - Can produce random invalid objects (at least one field invalid)
|
|
9
|
+
* - Can produce targeted invalid objects (specific fields)
|
|
10
|
+
* - Arrays are autofilled with multiple elements if `arrayLength` > 1
|
|
11
|
+
*/
|
|
12
|
+
class EntityBuilder {
|
|
13
|
+
schema;
|
|
14
|
+
invalid;
|
|
15
|
+
arrayLength;
|
|
16
|
+
seed = 1;
|
|
17
|
+
constructor(schema, invalid = true, arrayLength = 1) {
|
|
18
|
+
this.schema = schema;
|
|
19
|
+
this.invalid = invalid;
|
|
20
|
+
this.arrayLength = arrayLength;
|
|
21
|
+
}
|
|
22
|
+
build() {
|
|
23
|
+
return this.buildFromZod(this.schema, this.invalid);
|
|
24
|
+
}
|
|
25
|
+
buildFromZod(schema, invalidConfig, path = []) {
|
|
26
|
+
// Optional / Nullable unwrap
|
|
27
|
+
if (schema instanceof zod_1.ZodOptional || schema instanceof zod_1.ZodNullable) {
|
|
28
|
+
const inner = schema._def.innerType;
|
|
29
|
+
return this.buildFromZod(inner, invalidConfig, path);
|
|
30
|
+
}
|
|
31
|
+
if (schema instanceof zod_1.ZodString) {
|
|
32
|
+
return this.shouldInvalidate(path, invalidConfig) ? "INVALID" : `valid_${path.join("_")}`;
|
|
33
|
+
}
|
|
34
|
+
if (schema instanceof zod_1.ZodNumber) {
|
|
35
|
+
return this.shouldInvalidate(path, invalidConfig) ? -1 : 1;
|
|
36
|
+
}
|
|
37
|
+
if (schema instanceof zod_1.ZodBoolean) {
|
|
38
|
+
return !this.shouldInvalidate(path, invalidConfig);
|
|
39
|
+
}
|
|
40
|
+
if (schema instanceof zod_1.ZodArray) {
|
|
41
|
+
const elementSchema = schema.element;
|
|
42
|
+
const arr = [];
|
|
43
|
+
for (let i = 0; i < this.arrayLength; i++) {
|
|
44
|
+
arr.push(this.buildFromZod(elementSchema, invalidConfig, path.concat([String(i)])));
|
|
45
|
+
}
|
|
46
|
+
return arr;
|
|
47
|
+
}
|
|
48
|
+
if (schema instanceof zod_1.ZodObject) {
|
|
49
|
+
const obj = {};
|
|
50
|
+
const shape = schema.shape;
|
|
51
|
+
for (const key in shape) {
|
|
52
|
+
obj[key] = this.buildFromZod(shape[key], invalidConfig, path.concat([key]));
|
|
53
|
+
}
|
|
54
|
+
return obj;
|
|
55
|
+
}
|
|
56
|
+
// fallback for unsupported types
|
|
57
|
+
return null;
|
|
58
|
+
}
|
|
59
|
+
shouldInvalidate(path, invalidConfig) {
|
|
60
|
+
if (invalidConfig === false) {
|
|
61
|
+
// random invalid
|
|
62
|
+
const x = Math.sin(this.seed++) * 10000;
|
|
63
|
+
return x - Math.floor(x) > 0.5;
|
|
64
|
+
}
|
|
65
|
+
if (Array.isArray(invalidConfig)) {
|
|
66
|
+
// targeted invalid
|
|
67
|
+
return invalidConfig.includes(path.join("."));
|
|
68
|
+
}
|
|
69
|
+
return false; // valid by default
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
exports.EntityBuilder = EntityBuilder;
|
|
73
|
+
//# sourceMappingURL=data.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"data.util.js","sourceRoot":"","sources":["../../src/utils/data.util.ts"],"names":[],"mappings":";;;AAAA,6BAAkH;AAIlH;;;;;;GAMG;AACH,MAAa,aAAa;IAIL;IACA;IACA;IALX,IAAI,GAAG,CAAC,CAAC;IAEjB,YACmB,MAAS,EACT,UAAyB,IAAI,EAC7B,cAAsB,CAAC;QAFvB,WAAM,GAAN,MAAM,CAAG;QACT,YAAO,GAAP,OAAO,CAAsB;QAC7B,gBAAW,GAAX,WAAW,CAAY;IACvC,CAAC;IAEJ,KAAK;QACH,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAe,CAAC;IACpE,CAAC;IAEO,YAAY,CAAC,MAA8B,EAAE,aAA4B,EAAE,OAAiB,EAAE;QACpG,6BAA6B;QAC7B,IAAI,MAAM,YAAY,iBAAW,IAAI,MAAM,YAAY,iBAAW,EAAE,CAAC;YACnE,MAAM,KAAK,GAAI,MAAc,CAAC,IAAI,CAAC,SAAmC,CAAC;YACvE,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,aAAa,EAAE,IAAI,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,MAAM,YAAY,eAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5F,CAAC;QAED,IAAI,MAAM,YAAY,eAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,MAAM,YAAY,gBAAU,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,MAAM,YAAY,cAAQ,EAAE,CAAC;YAC/B,MAAM,aAAa,GAAI,MAAwB,CAAC,OAAiC,CAAC;YAClF,MAAM,GAAG,GAAG,EAAE,CAAC;YACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC1C,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACtF,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,IAAI,MAAM,YAAY,eAAS,EAAE,CAAC;YAChC,MAAM,GAAG,GAAQ,EAAE,CAAC;YACpB,MAAM,KAAK,GAAI,MAAyB,CAAC,KAAK,CAAC;YAC/C,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;gBACxB,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC9E,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,iCAAiC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,gBAAgB,CAAC,IAAc,EAAE,aAA4B;QACnE,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;YAC5B,iBAAiB;YACjB,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC;YACxC,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QACjC,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YACjC,mBAAmB;YACnB,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,mBAAmB;IACnC,CAAC;CACF;AAlED,sCAkEC","sourcesContent":["import { z, ZodArray, ZodBoolean, ZodNullable, ZodNumber, ZodObject, ZodOptional, ZodString, ZodType } from \"zod\";\n\ntype InvalidConfig = boolean | string[];\n\n/**\n * EntityBuilder generates mock objects from a Zod schema.\n * - Can produce fully valid objects\n * - Can produce random invalid objects (at least one field invalid)\n * - Can produce targeted invalid objects (specific fields)\n * - Arrays are autofilled with multiple elements if `arrayLength` > 1\n */\nexport class EntityBuilder<T extends ZodType<any, any, any>> {\n private seed = 1;\n\n constructor(\n private readonly schema: T,\n private readonly invalid: InvalidConfig = true,\n private readonly arrayLength: number = 1, // default number of elements in arrays\n ) {}\n\n build(): z.infer<T> {\n return this.buildFromZod(this.schema, this.invalid) as z.infer<T>;\n }\n\n private buildFromZod(schema: ZodType<any, any, any>, invalidConfig: InvalidConfig, path: string[] = []): any {\n // Optional / Nullable unwrap\n if (schema instanceof ZodOptional || schema instanceof ZodNullable) {\n const inner = (schema as any)._def.innerType as ZodType<any, any, any>;\n return this.buildFromZod(inner, invalidConfig, path);\n }\n\n if (schema instanceof ZodString) {\n return this.shouldInvalidate(path, invalidConfig) ? \"INVALID\" : `valid_${path.join(\"_\")}`;\n }\n\n if (schema instanceof ZodNumber) {\n return this.shouldInvalidate(path, invalidConfig) ? -1 : 1;\n }\n\n if (schema instanceof ZodBoolean) {\n return !this.shouldInvalidate(path, invalidConfig);\n }\n\n if (schema instanceof ZodArray) {\n const elementSchema = (schema as ZodArray<any>).element as ZodType<any, any, any>;\n const arr = [];\n for (let i = 0; i < this.arrayLength; i++) {\n arr.push(this.buildFromZod(elementSchema, invalidConfig, path.concat([String(i)])));\n }\n return arr;\n }\n\n if (schema instanceof ZodObject) {\n const obj: any = {};\n const shape = (schema as ZodObject<any>).shape;\n for (const key in shape) {\n obj[key] = this.buildFromZod(shape[key], invalidConfig, path.concat([key]));\n }\n return obj;\n }\n\n // fallback for unsupported types\n return null;\n }\n\n private shouldInvalidate(path: string[], invalidConfig: InvalidConfig): boolean {\n if (invalidConfig === false) {\n // random invalid\n const x = Math.sin(this.seed++) * 10000;\n return x - Math.floor(x) > 0.5;\n }\n if (Array.isArray(invalidConfig)) {\n // targeted invalid\n return invalidConfig.includes(path.join(\".\"));\n }\n return false; // valid by default\n }\n}\n"]}
|
|
@@ -3,3 +3,16 @@ export declare function isValidDate(dateStr: string): boolean;
|
|
|
3
3
|
export declare function isSameYearMonth(date1: string | Date | Dayjs, date2: string | Date | Dayjs): boolean;
|
|
4
4
|
export declare function isCurrentMonth(date: string | Date | Dayjs): boolean;
|
|
5
5
|
export declare function isFutureMonth(date: string): boolean;
|
|
6
|
+
export declare function addSecondToDate(date: string | Date | Dayjs): Dayjs;
|
|
7
|
+
/**
|
|
8
|
+
* Returns the oldest date string from a list of date strings.
|
|
9
|
+
* @param dateStrList List of date strings (ISO or other formats supported by dayjs).
|
|
10
|
+
* @returns The oldest date string, or an empty string if the list is empty.
|
|
11
|
+
*/
|
|
12
|
+
export declare function minDateStr(dateStrList: any[]): string;
|
|
13
|
+
/**
|
|
14
|
+
* Returns the newest date string from a list of date strings.
|
|
15
|
+
* @param dateStrList List of date strings (ISO or other formats supported by dayjs).
|
|
16
|
+
* @returns The newest date string, or an empty string if the list is empty.
|
|
17
|
+
*/
|
|
18
|
+
export declare function maxDateStr(dateStrList: any[]): string;
|
package/dist/utils/date.util.js
CHANGED
|
@@ -7,6 +7,9 @@ exports.isValidDate = isValidDate;
|
|
|
7
7
|
exports.isSameYearMonth = isSameYearMonth;
|
|
8
8
|
exports.isCurrentMonth = isCurrentMonth;
|
|
9
9
|
exports.isFutureMonth = isFutureMonth;
|
|
10
|
+
exports.addSecondToDate = addSecondToDate;
|
|
11
|
+
exports.minDateStr = minDateStr;
|
|
12
|
+
exports.maxDateStr = maxDateStr;
|
|
10
13
|
const dayjs_1 = __importDefault(require("dayjs"));
|
|
11
14
|
function isValidDate(dateStr) {
|
|
12
15
|
const d = new Date(dateStr);
|
|
@@ -31,4 +34,36 @@ function isFutureMonth(date) {
|
|
|
31
34
|
// Compare year-month
|
|
32
35
|
return inputYear > currentYear || (inputYear === currentYear && inputMonth > currentMonth);
|
|
33
36
|
}
|
|
37
|
+
function addSecondToDate(date) {
|
|
38
|
+
return (0, dayjs_1.default)(date).add(1, "second");
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Returns the oldest date string from a list of date strings.
|
|
42
|
+
* @param dateStrList List of date strings (ISO or other formats supported by dayjs).
|
|
43
|
+
* @returns The oldest date string, or an empty string if the list is empty.
|
|
44
|
+
*/
|
|
45
|
+
function minDateStr(dateStrList) {
|
|
46
|
+
return minMaxDateStr(dateStrList, false);
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Returns the newest date string from a list of date strings.
|
|
50
|
+
* @param dateStrList List of date strings (ISO or other formats supported by dayjs).
|
|
51
|
+
* @returns The newest date string, or an empty string if the list is empty.
|
|
52
|
+
*/
|
|
53
|
+
function maxDateStr(dateStrList) {
|
|
54
|
+
return minMaxDateStr(dateStrList, true);
|
|
55
|
+
}
|
|
56
|
+
function minMaxDateStr(dateStrList, isMax) {
|
|
57
|
+
if (!dateStrList || dateStrList.length === 0)
|
|
58
|
+
return "";
|
|
59
|
+
const filtered = dateStrList.filter((d) => !!d);
|
|
60
|
+
if (filtered.length === 0)
|
|
61
|
+
return "";
|
|
62
|
+
return filtered.reduce((newestDate, current) => {
|
|
63
|
+
if (isMax)
|
|
64
|
+
return (0, dayjs_1.default)(current).isAfter((0, dayjs_1.default)(newestDate)) ? current : newestDate;
|
|
65
|
+
else
|
|
66
|
+
return (0, dayjs_1.default)(current).isBefore((0, dayjs_1.default)(newestDate)) ? newestDate : current;
|
|
67
|
+
});
|
|
68
|
+
}
|
|
34
69
|
//# sourceMappingURL=date.util.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"date.util.js","sourceRoot":"","sources":["../../src/utils/date.util.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"date.util.js","sourceRoot":"","sources":["../../src/utils/date.util.ts"],"names":[],"mappings":";;;;;AAEA,kCAGC;AAED,0CAIC;AAED,wCAEC;AAED,sCAYC;AAED,0CAEC;AAMD,gCAEC;AAOD,gCAEC;AAlDD,kDAAqC;AAErC,SAAgB,WAAW,CAAC,OAAe;IACzC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,SAAgB,eAAe,CAAC,KAA4B,EAAE,KAA4B;IACxF,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,KAAK,CAAC,CAAC;IACxB,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,KAAK,CAAC,CAAC;IACxB,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;AACzD,CAAC;AAED,SAAgB,cAAc,CAAC,IAA2B;IACxD,OAAO,eAAe,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;AAC3C,CAAC;AAED,SAAgB,aAAa,CAAC,IAAY;IACxC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC;IAEzB,yBAAyB;IACzB,MAAM,SAAS,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IAC1C,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,oBAAoB;IAC7D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACxC,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEtC,qBAAqB;IACrB,OAAO,SAAS,GAAG,WAAW,IAAI,CAAC,SAAS,KAAK,WAAW,IAAI,UAAU,GAAG,YAAY,CAAC,CAAC;AAC7F,CAAC;AAED,SAAgB,eAAe,CAAC,IAA2B;IACzD,OAAO,IAAA,eAAK,EAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;AACtC,CAAC;AACD;;;;GAIG;AACH,SAAgB,UAAU,CAAC,WAAkB;IAC3C,OAAO,aAAa,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED;;;;GAIG;AACH,SAAgB,UAAU,CAAC,WAAkB;IAC3C,OAAO,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,aAAa,CAAC,WAAkB,EAAE,KAAc;IACvD,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAExD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAErC,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE;QAC7C,IAAI,KAAK;YAAE,OAAO,IAAA,eAAK,EAAC,OAAO,CAAC,CAAC,OAAO,CAAC,IAAA,eAAK,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC;;YAC9E,OAAO,IAAA,eAAK,EAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAA,eAAK,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;IAChF,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import dayjs, { Dayjs } from \"dayjs\";\n\nexport function isValidDate(dateStr: string): boolean {\n const d = new Date(dateStr);\n return !Number.isNaN(d.getTime());\n}\n\nexport function isSameYearMonth(date1: string | Date | Dayjs, date2: string | Date | Dayjs): boolean {\n const d1 = dayjs(date1);\n const d2 = dayjs(date2);\n return d1.isSame(d2, \"month\") && d1.isSame(d2, \"year\");\n}\n\nexport function isCurrentMonth(date: string | Date | Dayjs): boolean {\n return isSameYearMonth(date, new Date());\n}\n\nexport function isFutureMonth(date: string): boolean {\n const inputDate = new Date(date);\n const today = new Date();\n\n // Extract year and month\n const inputYear = inputDate.getFullYear();\n const inputMonth = inputDate.getMonth(); // 0-based (0 = Jan)\n const currentYear = today.getFullYear();\n const currentMonth = today.getMonth();\n\n // Compare year-month\n return inputYear > currentYear || (inputYear === currentYear && inputMonth > currentMonth);\n}\n\nexport function addSecondToDate(date: string | Date | Dayjs): Dayjs {\n return dayjs(date).add(1, \"second\");\n}\n/**\n * Returns the oldest date string from a list of date strings.\n * @param dateStrList List of date strings (ISO or other formats supported by dayjs).\n * @returns The oldest date string, or an empty string if the list is empty.\n */\nexport function minDateStr(dateStrList: any[]): string {\n return minMaxDateStr(dateStrList, false);\n}\n\n/**\n * Returns the newest date string from a list of date strings.\n * @param dateStrList List of date strings (ISO or other formats supported by dayjs).\n * @returns The newest date string, or an empty string if the list is empty.\n */\nexport function maxDateStr(dateStrList: any[]): string {\n return minMaxDateStr(dateStrList, true);\n}\n\nfunction minMaxDateStr(dateStrList: any[], isMax: boolean): string {\n if (!dateStrList || dateStrList.length === 0) return \"\";\n\n const filtered = dateStrList.filter((d) => !!d);\n if (filtered.length === 0) return \"\";\n\n return filtered.reduce((newestDate, current) => {\n if (isMax) return dayjs(current).isAfter(dayjs(newestDate)) ? current : newestDate;\n else return dayjs(current).isBefore(dayjs(newestDate)) ? newestDate : current;\n });\n}\n"]}
|
package/dist/utils/index.d.ts
CHANGED
package/dist/utils/index.js
CHANGED
|
@@ -28,5 +28,6 @@ __exportStar(require("./reflection.util"), exports);
|
|
|
28
28
|
__exportStar(require("./validation.util"), exports);
|
|
29
29
|
__exportStar(require("./opensearch/opensearch.parser"), exports);
|
|
30
30
|
__exportStar(require("./opensearch/opensearch.transform"), exports);
|
|
31
|
+
__exportStar(require("./data.util"), exports);
|
|
31
32
|
__exportStar(require("../function/logger"), exports);
|
|
32
33
|
//# sourceMappingURL=index.js.map
|
package/dist/utils/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC;AACjC,sDAAoC;AACpC,+CAA6B;AAC7B,8CAA4B;AAC5B,8CAA4B;AAC5B,mDAAiC;AACjC,6CAA2B;AAC3B,+CAA6B;AAC7B,8CAA4B;AAC5B,qDAAmC;AACnC,oDAAkC;AAClC,oDAAkC;AAClC,iEAA+C;AAC/C,oEAAkD;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC;AACjC,sDAAoC;AACpC,+CAA6B;AAC7B,8CAA4B;AAC5B,8CAA4B;AAC5B,mDAAiC;AACjC,6CAA2B;AAC3B,+CAA6B;AAC7B,8CAA4B;AAC5B,qDAAmC;AACnC,oDAAkC;AAClC,oDAAkC;AAClC,iEAA+C;AAC/C,oEAAkD;AAClD,8CAA4B;AAE5B,qDAAmC","sourcesContent":["export * from \"./http/http.util\";\nexport * from \"./http/http-request\";\nexport * from \"./array.util\";\nexport * from \"./auth.util\";\nexport * from \"./date.util\";\nexport * from \"./dynamodb.utils\";\nexport * from \"./env.util\";\nexport * from \"./error.util\";\nexport * from \"./json.util\";\nexport * from \"./opensearch.utils\";\nexport * from \"./reflection.util\";\nexport * from \"./validation.util\";\nexport * from \"./opensearch/opensearch.parser\";\nexport * from \"./opensearch/opensearch.transform\";\nexport * from \"./data.util\";\n\nexport * from \"../function/logger\";\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "aws-service-stack",
|
|
3
|
-
"version": "0.18.
|
|
3
|
+
"version": "0.18.375",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"author": "chinggis.systems",
|
|
@@ -23,45 +23,45 @@
|
|
|
23
23
|
"tslib": "^2.8.1"
|
|
24
24
|
},
|
|
25
25
|
"peerDependencies": {
|
|
26
|
-
"@aws-sdk/client-api-gateway": "^3.
|
|
27
|
-
"@aws-sdk/client-apigatewaymanagementapi": "^3.
|
|
28
|
-
"@aws-sdk/client-cognito-identity-provider": "^3.
|
|
29
|
-
"@aws-sdk/client-dynamodb": "^3.
|
|
30
|
-
"@aws-sdk/client-lambda": "^3.
|
|
31
|
-
"@aws-sdk/client-pinpoint": "^3.
|
|
32
|
-
"@aws-sdk/client-secrets-manager": "^3.
|
|
33
|
-
"@aws-sdk/client-sqs": "^3.
|
|
34
|
-
"@aws-sdk/credential-provider-node": "^3.
|
|
35
|
-
"@aws-sdk/lib-dynamodb": "^3.
|
|
36
|
-
"@aws-sdk/s3-request-presigner": "^3.
|
|
37
|
-
"@aws-sdk/util-dynamodb": "^3.
|
|
26
|
+
"@aws-sdk/client-api-gateway": "^3.999.0",
|
|
27
|
+
"@aws-sdk/client-apigatewaymanagementapi": "^3.999.0",
|
|
28
|
+
"@aws-sdk/client-cognito-identity-provider": "^3.999.0",
|
|
29
|
+
"@aws-sdk/client-dynamodb": "^3.999.0",
|
|
30
|
+
"@aws-sdk/client-lambda": "^3.999.0",
|
|
31
|
+
"@aws-sdk/client-pinpoint": "^3.999.0",
|
|
32
|
+
"@aws-sdk/client-secrets-manager": "^3.999.0",
|
|
33
|
+
"@aws-sdk/client-sqs": "^3.999.0",
|
|
34
|
+
"@aws-sdk/credential-provider-node": "^3.972.14",
|
|
35
|
+
"@aws-sdk/lib-dynamodb": "^3.999.0",
|
|
36
|
+
"@aws-sdk/s3-request-presigner": "^3.999.0",
|
|
37
|
+
"@aws-sdk/util-dynamodb": "^3.996.1",
|
|
38
38
|
"@opensearch-project/opensearch": "^3.5.1",
|
|
39
|
-
"axios": "^1.
|
|
40
|
-
"dayjs": "^1.11.
|
|
41
|
-
"elastic-builder": "^
|
|
39
|
+
"axios": "^1.13.5",
|
|
40
|
+
"dayjs": "^1.11.19",
|
|
41
|
+
"elastic-builder": "^4.1.0",
|
|
42
42
|
"lodash.truncate": "^4.4.2",
|
|
43
|
-
"nodemailer": "^
|
|
43
|
+
"nodemailer": "^8.0.1",
|
|
44
44
|
"numeral": "^2.0.6",
|
|
45
45
|
"typedi": "0.10.0",
|
|
46
46
|
"yup": "^1.7.1",
|
|
47
|
-
"zod": "^4.
|
|
47
|
+
"zod": "^4.3.6"
|
|
48
48
|
},
|
|
49
49
|
"devDependencies": {
|
|
50
|
-
"@types/aws-lambda": "^8.10.
|
|
51
|
-
"@types/jest": "^
|
|
52
|
-
"eslint": "^
|
|
53
|
-
"@typescript-eslint/eslint-plugin": "^
|
|
54
|
-
"@typescript-eslint/parser": "^
|
|
55
|
-
"jest": "^
|
|
50
|
+
"@types/aws-lambda": "^8.10.161",
|
|
51
|
+
"@types/jest": "^30.0.0",
|
|
52
|
+
"eslint": "^10.0.2",
|
|
53
|
+
"@typescript-eslint/eslint-plugin": "^8.56.1",
|
|
54
|
+
"@typescript-eslint/parser": "^8.56.1",
|
|
55
|
+
"jest": "^30.2.0",
|
|
56
56
|
"jest-transform-stub": "^2.0.0",
|
|
57
|
-
"jsonc-eslint-parser": "^
|
|
58
|
-
"serverless-offline": "^14.
|
|
57
|
+
"jsonc-eslint-parser": "^3.1.0",
|
|
58
|
+
"serverless-offline": "^14.5.0",
|
|
59
59
|
"serverless-stage-manager": "^1.0.5",
|
|
60
|
-
"ts-jest": "^29.
|
|
60
|
+
"ts-jest": "^29.4.6",
|
|
61
61
|
"ts-node": "^10.9.2",
|
|
62
|
-
"tsc-alias": "^1.8.
|
|
63
|
-
"typescript": "^5.
|
|
64
|
-
"prettier": "^3.
|
|
65
|
-
"typescript-transform-paths": "^3.5.
|
|
62
|
+
"tsc-alias": "^1.8.16",
|
|
63
|
+
"typescript": "^5.9.3",
|
|
64
|
+
"prettier": "^3.8.1",
|
|
65
|
+
"typescript-transform-paths": "^3.5.6"
|
|
66
66
|
}
|
|
67
67
|
}
|