idea-aws 3.6.2 → 3.7.2

package/dist/src/attachments.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Attachments = void 0;
+const dynamoDB_1 = require("./dynamoDB");
+const s3_1 = require("./s3");
+// declare libs as global vars to be reused in warm starts by the Lambda function
+let ideaWarmStart_ddb = null;
+let ideaWarmStart_s3 = null;
+/**
+ * A custom class that takes advantage of DynamoDB and S3 to easily manage attachments.
+ */
+class Attachments {
+    constructor() {
+        /**
+         * The bucket where from to retrieve the attachments. Fallback to IDEA's default one.
+         */
+        this.S3_ATTACHMENTS_BUCKET = process.env['S3_ATTACHMENTS_BUCKET'] || 'idea-attachments';
+        this.IUID_ATTACHMENTS_PREFIX = process.env['IUID_ATTACHMENTS_PREFIX'] || 'ATT';
+        if (!ideaWarmStart_ddb)
+            ideaWarmStart_ddb = new dynamoDB_1.DynamoDB();
+        this.dynamo = ideaWarmStart_ddb;
+        if (!ideaWarmStart_s3)
+            ideaWarmStart_s3 = new s3_1.S3();
+        this.s3 = ideaWarmStart_s3;
+    }
+    /**
+     * Get a signedURL to put an attachment.
+     */
+    async put(project, teamId) {
+        const attachmentIdPrefix = this.IUID_ATTACHMENTS_PREFIX.concat('_').concat(project).concat('_').concat(teamId);
+        const attachmentId = await this.dynamo.IUNID(attachmentIdPrefix);
+        const signedURL = this.s3.signedURLPut(this.S3_ATTACHMENTS_BUCKET, attachmentId);
+        signedURL.id = attachmentId;
+        return signedURL;
+    }
+    /**
+     * Get a signedURL to retrieve an attachment.
+     */
+    get(attachmentId) {
+        const signedURL = this.s3.signedURLGet(this.S3_ATTACHMENTS_BUCKET, attachmentId);
+        signedURL.id = attachmentId;
+        return signedURL;
+    }
+}
+exports.Attachments = Attachments;

package/dist/{cognito.d.ts → src/cognito.d.ts}

@@ -1,5 +1,5 @@
 import { CognitoIdentityServiceProvider } from 'aws-sdk';
-import { User } from 'idea-toolbox';
+import { CognitoUser } from 'idea-toolbox';
 /**
  * A wrapper for AWS Cognito.
  */
@@ -15,16 +15,21 @@ export declare class Cognito {
      * Get the attributes of the user, from the authorizer claims.
      * @param claims authorizer claims
      * @return user's data
+     * @deprecated use IdeaX.CognitoUser instead
      */
-    getUserByClaims(claims: any): CognitoUserData;
+    getUserByClaims(claims: any): CognitoUserGeneric;
+    /**
+     * Map the complex structure returned by Cognito for a user's attributes in a simple key-value object.
+     */
+    private mapCognitoUserAsPlainObject;
     /**
      * Identify a user by its email address, returning its attributes.
      */
-    getUserByEmail(email: string, cognitoUserPoolId: string): Promise<CognitoUserData>;
+    getUserByEmail(email: string, cognitoUserPoolId: string): Promise<CognitoUserGeneric>;
     /**
      * Identify a user by its userId (sub), returning its attributes.
      */
-    getUserBySub(sub: string, cognitoUserPoolId: string): Promise<CognitoUserData>;
+    getUserBySub(sub: string, cognitoUserPoolId: string): Promise<CognitoUserGeneric>;
     /**
      * Create a new user (by its email) in the pool specified.
      * @return userId of the new user
@@ -65,24 +70,24 @@ export declare class Cognito {
     /**
      * List the groups of the user pool.
      */
-    listGroups(cognitoUserPoolId: string): Promise<CognitoGroupData[]>;
+    listGroups(cognitoUserPoolId: string): Promise<CognitoGroup[]>;
     /**
      * List the users part of a group in the user pool.
      */
-    listUsersInGroup(group: string, cognitoUserPoolId: string): Promise<User[]>;
+    listUsersInGroup(group: string, cognitoUserPoolId: string): Promise<CognitoUser[]>;
     /**
      * Add a user (by email) to a group in the user pool.
      */
-    addUserToGroup(email: string, group: string, cognitoUserPoolId: string): Promise<User>;
+    addUserToGroup(email: string, group: string, cognitoUserPoolId: string): Promise<void>;
     /**
      * Remove a user (by email) from a group in the user pool.
      */
-    removeUserFromGroup(email: string, group: string, cognitoUserPoolId: string): Promise<User>;
+    removeUserFromGroup(email: string, group: string, cognitoUserPoolId: string): Promise<void>;
 }
 /**
- * The attributes of a Cognito user.
+ * The attributes of a generic Cognito user of which we don't know the custom attributes.
  */
-export interface CognitoUserData {
+export interface CognitoUserGeneric {
     /**
      * The user id (sub).
      */
@@ -112,7 +117,7 @@ export interface CreateUserOptions {
 /**
  * The attributes of a Cognito group.
  */
-export interface CognitoGroupData {
+export interface CognitoGroup {
     /**
      * The name (and id) of the group.
      */

package/dist/src/cognito.js

@@ -0,0 +1,251 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Cognito = void 0;
+const aws_sdk_1 = require("aws-sdk");
+const idea_toolbox_1 = require("idea-toolbox");
+// declare libs as global vars to be reused in warm starts by the Lambda function
+let ideaWarmStart_cognito = null;
+/**
+ * A wrapper for AWS Cognito.
+ */
+class Cognito {
+    constructor() {
+        if (!ideaWarmStart_cognito)
+            ideaWarmStart_cognito = new aws_sdk_1.CognitoIdentityServiceProvider({ apiVersion: '2016-04-18' });
+        this.cognito = ideaWarmStart_cognito;
+    }
+    /**
+     * Change the region in which to find the user pool.
+     * Default: the runner's (e.g. Lambda function) region.
+     */
+    setRegion(region) {
+        // there is no quick way to change the region without re-creating the object
+        ideaWarmStart_cognito = new aws_sdk_1.CognitoIdentityServiceProvider({ apiVersion: this.cognito.config.apiVersion, region });
+        this.cognito = ideaWarmStart_cognito;
+    }
+    /**
+     * Get the attributes of the user, from the authorizer claims.
+     * @param claims authorizer claims
+     * @return user's data
+     * @deprecated use IdeaX.CognitoUser instead
+     */
+    getUserByClaims(claims) {
+        if (!claims)
+            return null;
+        const user = {};
+        // add any additional cognito attribute available in cognito
+        for (const p in claims)
+            if (p.startsWith('cognito:'))
+                user[p.slice(8)] = claims[p];
+        // map the important attributes with reserved names
+        user.userId = claims.sub;
+        user.email = claims.email;
+        return user;
+    }
+    /**
+     * Map the complex structure returned by Cognito for a user's attributes in a simple key-value object.
+     */
+    mapCognitoUserAsPlainObject(user) {
+        const userAttributes = {};
+        user.UserAttributes.forEach((a) => (userAttributes[a.Name] = a.Value));
+        return userAttributes;
+    }
+    /**
+     * Identify a user by its email address, returning its attributes.
+     */
+    async getUserByEmail(email, cognitoUserPoolId) {
+        const user = await this.cognito.adminGetUser({ UserPoolId: cognitoUserPoolId, Username: email }).promise();
+        if (!user)
+            throw new Error('User not found');
+        return this.mapCognitoUserAsPlainObject(user);
+    }
+    /**
+     * Identify a user by its userId (sub), returning its attributes.
+     */
+    async getUserBySub(sub, cognitoUserPoolId) {
+        // as of today, there is no a direct way to find a user by its sub: we need to run a query against the users base
+        const usersList = await this.cognito
+            .listUsers({ UserPoolId: cognitoUserPoolId, Filter: `sub = "${sub}"`, Limit: 1 })
+            .promise();
+        const user = usersList?.Users[0];
+        if (!user)
+            throw new Error('User not found');
+        return this.mapCognitoUserAsPlainObject(user);
+    }
+    /**
+     * Create a new user (by its email) in the pool specified.
+     * @return userId of the new user
+     */
+    async createUser(email, cognitoUserPoolId, options = {}) {
+        if ((0, idea_toolbox_1.isEmpty)(email, 'email'))
+            throw new Error('INVALID_EMAIL');
+        const attributes = [
+            { Name: 'email', Value: email },
+            { Name: 'email_verified', Value: 'true' }
+        ];
+        const params = {
+            UserPoolId: cognitoUserPoolId,
+            Username: email,
+            UserAttributes: attributes
+        };
+        if (options.skipNotification)
+            params.MessageAction = 'SUPPRESS';
+        if (options.temporaryPassword)
+            params.TemporaryPassword = options.temporaryPassword;
+        const result = await this.cognito.adminCreateUser(params).promise();
+        const user = this.mapCognitoUserAsPlainObject(result.User);
+        const userId = user?.sub;
+        if (userId)
+            return userId;
+        else
+            throw new Error('Creation failed');
+    }
+    /**
+     * Resend the password to a user who never logged in.
+     */
+    async resendPassword(email, cognitoUserPoolId, options = {}) {
+        if ((0, idea_toolbox_1.isEmpty)(email, 'email'))
+            throw new Error('Invalid email');
+        const params = {
+            UserPoolId: cognitoUserPoolId,
+            Username: email,
+            MessageAction: 'RESEND'
+        };
+        if (options.temporaryPassword)
+            params.TemporaryPassword = options.temporaryPassword;
+        await this.cognito.adminCreateUser(params).promise();
+    }
+    /**
+     * Delete a user by its email (username), in the pool specified.
+     */
+    async deleteUser(email, cognitoUserPoolId) {
+        if ((0, idea_toolbox_1.isEmpty)(email, 'email'))
+            throw new Error('Invalid email');
+        await this.cognito.adminDeleteUser({ UserPoolId: cognitoUserPoolId, Username: email }).promise();
+    }
+    /**
+     * Sign in a user of a specific pool through username and password.
+     */
+    async signIn(email, password, cognitoUserPoolId, cognitoUserPoolClientId) {
+        const result = await this.cognito
+            .adminInitiateAuth({
+            UserPoolId: cognitoUserPoolId,
+            ClientId: cognitoUserPoolClientId,
+            AuthFlow: 'ADMIN_NO_SRP_AUTH',
+            AuthParameters: { USERNAME: email, PASSWORD: password }
+        })
+            .promise();
+        if (result?.AuthenticationResult)
+            return result.AuthenticationResult;
+        else
+            throw new Error('Sign-in failed');
+    }
+    /**
+     * Given a username and a refresh token (and pool data), refresh the session and return the new tokens.
+     */
+    async refreshSession(email, refreshToken, cognitoUserPoolId, cognitoUserPoolClientId) {
+        const result = await this.cognito
+            .adminInitiateAuth({
+            UserPoolId: cognitoUserPoolId,
+            ClientId: cognitoUserPoolClientId,
+            AuthFlow: 'REFRESH_TOKEN_AUTH',
+            AuthParameters: { USERNAME: email, REFRESH_TOKEN: refreshToken }
+        })
+            .promise();
+        if (result?.AuthenticationResult)
+            return result.AuthenticationResult;
+        else
+            throw new Error('Refresh failed');
+    }
+    /**
+     * Change the email address (== username) associated to a user.
+     */
+    async updateEmail(email, newEmail, cognitoUserPoolId) {
+        if ((0, idea_toolbox_1.isEmpty)(newEmail, 'email'))
+            throw new Error('Invalid new email');
+        await this.cognito
+            .adminUpdateUserAttributes({
+            UserPoolId: cognitoUserPoolId,
+            Username: email,
+            UserAttributes: [
+                { Name: 'email', Value: newEmail },
+                { Name: 'email_verified', Value: 'true' }
+            ]
+        })
+            .promise();
+        // sign out the user from all its devices and resolve
+        await this.globalSignOut(newEmail, cognitoUserPoolId);
+    }
+    /**
+     * Change the password to sign in for a user.
+     */
+    async updatePassword(email, oldPassword, newPassword, cognitoUserPoolId, cognitoUserPoolClientId) {
+        if (newPassword.length < 8)
+            throw new Error('Invalid new password');
+        const tokensForPasswordChange = await this.signIn(email, oldPassword, cognitoUserPoolId, cognitoUserPoolClientId);
+        await this.cognito
+            .changePassword({
+            AccessToken: tokensForPasswordChange.AccessToken,
+            PreviousPassword: oldPassword,
+            ProposedPassword: newPassword
+        })
+            .promise();
+    }
+    /**
+     * Sign out the user from all devices.
+     */
+    async globalSignOut(email, cognitoUserPoolId) {
+        await this.cognito.adminUserGlobalSignOut({ Username: email, UserPoolId: cognitoUserPoolId }).promise();
+    }
+    /**
+     * Confirm and conclude a registration, usign a confirmation code.
+     */
+    async confirmSignUp(email, confirmationCode, cognitoUserPoolClientId) {
+        if (!email)
+            throw new Error('Invalid email');
+        if (!confirmationCode)
+            throw new Error('Invalid confirmation code');
+        if (!cognitoUserPoolClientId)
+            throw new Error('Invalid client ID');
+        await this.cognito
+            .confirmSignUp({ Username: email, ConfirmationCode: confirmationCode, ClientId: cognitoUserPoolClientId })
+            .promise();
+    }
+    /**
+     * List the groups of the user pool.
+     */
+    async listGroups(cognitoUserPoolId) {
+        const groupsList = await this.cognito.listGroups({ UserPoolId: cognitoUserPoolId }).promise();
+        const groups = groupsList.Groups.map(g => ({ name: g.GroupName, description: g.Description }));
+        return groups;
+    }
+    /**
+     * List the users part of a group in the user pool.
+     */
+    async listUsersInGroup(group, cognitoUserPoolId) {
+        const usersInGroupList = await this.cognito
+            .listUsersInGroup({ UserPoolId: cognitoUserPoolId, GroupName: group })
+            .promise();
+        const users = usersInGroupList.Users.map(u => new idea_toolbox_1.CognitoUser(this.mapCognitoUserAsPlainObject(u)));
+        return users;
+    }
+    /**
+     * Add a user (by email) to a group in the user pool.
+     */
+    async addUserToGroup(email, group, cognitoUserPoolId) {
+        const user = new idea_toolbox_1.CognitoUser(await this.getUserByEmail(email, cognitoUserPoolId));
+        await this.cognito
+            .adminAddUserToGroup({ UserPoolId: cognitoUserPoolId, GroupName: group, Username: user.userId })
+            .promise();
+    }
+    /**
+     * Remove a user (by email) from a group in the user pool.
+     */
+    async removeUserFromGroup(email, group, cognitoUserPoolId) {
+        const user = new idea_toolbox_1.CognitoUser(await this.getUserByEmail(email, cognitoUserPoolId));
+        await this.cognito
+            .adminRemoveUserFromGroup({ UserPoolId: cognitoUserPoolId, GroupName: group, Username: user.userId })
+            .promise();
+    }
+}
+exports.Cognito = Cognito;

package/dist/src/comprehend.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Comprehend = void 0;
+const aws_sdk_1 = require("aws-sdk");
+// declare libs as global vars to be reused in warm starts by the Lambda function
+let ideaWarmStart_comprehend = null;
+/**
+ * A wrapper for Amazon Comprehend.
+ */
+class Comprehend {
+    constructor() {
+        if (!ideaWarmStart_comprehend)
+            ideaWarmStart_comprehend = new aws_sdk_1.Comprehend({ apiVersion: '2017-11-27' });
+        this.comprehend = ideaWarmStart_comprehend;
+    }
+    /**
+     * Inspects text and returns an inference of the prevailing sentiment (POSITIVE, NEUTRAL, MIXED, or NEGATIVE).
+     */
+    async detectSentiment(params) {
+        if (!params.language || !params.text)
+            throw new Error('Missing some parameters');
+        const result = await this.comprehend
+            .detectSentiment({ LanguageCode: params.language, Text: params.text })
+            .promise();
+        return result.Sentiment;
+    }
+}
+exports.Comprehend = Comprehend;

package/dist/{dynamoDB.d.ts → src/dynamoDB.d.ts}

@@ -4,9 +4,6 @@ import { DynamoDB as DDB } from 'aws-sdk';
  */
 export declare class DynamoDB {
     protected dynamo: DDB.DocumentClient;
-    /**
-     * Initialize a new DynamoDB helper object.
-     */
     constructor();
     /**
      * Convert a JSON object from dynamoDB format to simple JSON.
@@ -23,7 +20,6 @@ export declare class DynamoDB {
      * @return the IUID
      */
     IUID(project: string): Promise<string>;
-    protected iuidHelper(project: string, attempt: number, maxAttempts: number, resolve: any, reject: any): void;
     /**
      * Returns an IUNID: IDEA's Unique Nano IDentifier, which is an id unique through all IDEA's projects.
      * Note: no need of an auth check for external uses: the permissions depend from the context in which it's executed.
@@ -31,7 +27,6 @@ export declare class DynamoDB {
      * @return the IUNID
      */
     IUNID(project: string): Promise<string>;
-    protected iunidHelper(project: string, attempt: number, maxAttempts: number, resolve: any, reject: any): void;
     /**
      * Returns an ISID: IDEA's Short IDentifier, which is a short, unique id through a single project.
      * Note: there's no need of an authorization check for extrernal uses: the permissions depend
@@ -40,7 +35,7 @@ export declare class DynamoDB {
      * @return the ISID
      */
     ISID(project: string): Promise<string>;
-    protected isidHelper(project: string, attempt: number, maxAttempts: number, resolve: any, reject: any): void;
+    protected identifiersGeneratorHelper(project: string, type: 'IUNID' | 'IUID' | 'ISID', attempt: number, maxAttempts: number): Promise<string>;
     /**
      * Manage atomic counters (atomic autoincrement values) in IDEA's projects.
      * They key of an atomic counter should be composed as the following: `DynamoDBTableName_uniqueKey`.
@@ -67,41 +62,43 @@ export declare class DynamoDB {
      * Get group of items based on their keys from DynamoDb table, avoiding the limits of DynamoDB's BatchGetItem.
      * @param ignoreErr if set, ignore the errors and continue the bulk op.
      */
-    batchGet(table: string, keys: DDB.DocumentClient.Key[], ignoreErr?: boolean): Promise<(DDB.DocumentClient.AttributeMap | any)[]>;
-    protected batchGetHelper(t: string, keys: DDB.DocumentClient.Key[], elements: DDB.DocumentClient.AttributeMap[], iErr: boolean, curr: number, size: number, resolve: any, reject: any): void;
+    batchGet(table: string, keys: DDB.DocumentClient.Key[], ignoreErr?: boolean): Promise<DDB.DocumentClient.AttributeMap[]>;
+    protected batchGetHelper(table: string, keys: DDB.DocumentClient.Key[], resultElements: DDB.DocumentClient.AttributeMap[], ignoreErr: boolean, currentChunk?: number, chunkSize?: number): Promise<DDB.DocumentClient.AttributeMap[]>;
     /**
      * Put an array of items in a DynamoDb table, avoiding the limits of DynamoDB's BatchWriteItem.
-     * @param ignoreErr if true, ignore the errors and continue the bulk op
+     * In case of errors, it will retry with a random back-off mechanism until the timeout.
+     * Therefore, in case of timeout, there may be some elements written and some not.
      */
-    batchPut(table: string, items: DDB.DocumentClient.AttributeMap[], ignoreErr?: boolean): Promise<void>;
+    batchPut(table: string, items: DDB.DocumentClient.AttributeMap[]): Promise<void>;
     /**
      * Delete an array of items from a DynamoDb table, avoiding the limits of DynamoDB's BatchWriteItem.
-     * @param ignoreErr if true, ignore the errors and continue the bulk op.
+     * In case of errors, it will retry with a random back-off mechanism until the timeout.
+     * Therefore, in case of timeout, there may be some elements deleted and some not.
      */
-    batchDelete(table: string, keys: DDB.DocumentClient.Key[], ignoreErr?: boolean): Promise<void>;
-    protected batchWriteHelper(t: string, items: DDB.DocumentClient.AttributeMap[], isPut: boolean, iErr: boolean, curr: number, size: number, resolve: any, reject: any): void;
+    batchDelete(table: string, keys: DDB.DocumentClient.Key[]): Promise<void>;
+    protected batchWriteHelper(table: string, itemsOrKeys: DDB.DocumentClient.AttributeMap[] | DDB.DocumentClient.Key[], isPut: boolean, currentChunk?: number, chunkSize?: number): Promise<void>;
+    protected batchWriteChunkWithRetries(table: string, params: DDB.DocumentClient.BatchWriteItemInput): Promise<void>;
     /**
      * Query a DynamoDb table, avoiding the limits of DynamoDB's Query.
      * @param params the params to apply to DynamoDB's function
      */
-    query(params: DDB.DocumentClient.QueryInput): Promise<(DDB.DocumentClient.AttributeMap | any)[]>;
+    query(params: DDB.DocumentClient.QueryInput): Promise<DDB.DocumentClient.AttributeMap[]>;
     /**
      * Scan a DynamoDb table, avoiding the limits of DynamoDB's Query.
      * @param params the params to apply to DynamoDB's function
      */
-    scan(params: DDB.DocumentClient.ScanInput): Promise<(DDB.DocumentClient.AttributeMap | any)[]>;
-    protected queryScanHelper(params: DDB.DocumentClient.QueryInput | DDB.DocumentClient.ScanInput, items: DDB.DocumentClient.AttributeMap[], isQuery: boolean, resolve: any, reject: any): void;
+    scan(params: DDB.DocumentClient.QueryInput): Promise<DDB.DocumentClient.AttributeMap[]>;
+    protected queryScanHelper(params: DDB.DocumentClient.QueryInput | DDB.DocumentClient.ScanInput, items: DDB.DocumentClient.AttributeMap[], isQuery: boolean): Promise<DDB.DocumentClient.AttributeMap[]>;
     /**
      * Query a DynamoDb table in the traditional way (no pagination or data mapping).
      * @param params the params to apply to DynamoDB's function
      */
-    queryClassic(params: DDB.DocumentClient.QueryInput): Promise<DDB.DocumentClient.QueryOutput[]>;
+    queryClassic(params: DDB.DocumentClient.QueryInput): Promise<DDB.DocumentClient.QueryOutput>;
     /**
      * Scan a DynamoDb table in the traditional way (no pagination or data mapping).
      * @param params the params to apply to DynamoDB's function
      */
-    scanClassic(params: DDB.DocumentClient.ScanInput): Promise<DDB.DocumentClient.ScanOutput[]>;
-    protected queryScanClassicHelper(params: DDB.DocumentClient.QueryInput | DDB.DocumentClient.ScanInput, isQuery: boolean, resolve: any, reject: any): void;
+    scanClassic(params: DDB.DocumentClient.ScanInput): Promise<DDB.DocumentClient.ScanOutput>;
     /**
      * Execute a series of max 10 write operations in a single transaction.
      * @param ops the operations to execute in the transaction