idea-aws 4.4.1 → 4.4.2

package/dist/src/attachments.d.ts

@@ -0,0 +1,27 @@
+import { SignedURL } from 'idea-toolbox';
+import { DynamoDB } from './dynamoDB';
+import { S3 } from './s3';
+/**
+ * A custom class that takes advantage of DynamoDB and S3 to easily manage attachments.
+ */
+export declare class Attachments {
+    protected ddb: DynamoDB;
+    protected s3: S3;
+    /**
+     * The bucket where from to retrieve the attachments. Fallback to IDEA's default one.
+     */
+    protected S3_ATTACHMENTS_BUCKET: string;
+    /**
+     * The prefix for attachment IDs. Fallback to IDEA's default one.
+     */
+    protected IUID_ATTACHMENTS_PREFIX: string;
+    constructor(ddb: DynamoDB, s3: S3);
+    /**
+     * Get a signedURL to put an attachment.
+     */
+    put(project: string, teamId: string): Promise<SignedURL>;
+    /**
+     * Get a signedURL to retrieve an attachment.
+     */
+    get(attachmentId: string): Promise<SignedURL>;
+}

package/dist/src/attachments.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Attachments = void 0;
+/**
+ * A custom class that takes advantage of DynamoDB and S3 to easily manage attachments.
+ */
+class Attachments {
+    constructor(ddb, s3) {
+        this.ddb = ddb;
+        this.s3 = s3;
+        /**
+         * The bucket where from to retrieve the attachments. Fallback to IDEA's default one.
+         */
+        this.S3_ATTACHMENTS_BUCKET = process.env.S3_ATTACHMENTS_BUCKET ?? 'idea-attachments';
+        /**
+         * The prefix for attachment IDs. Fallback to IDEA's default one.
+         */
+        this.IUID_ATTACHMENTS_PREFIX = process.env.IUID_ATTACHMENTS_PREFIX ?? 'ATT';
+    }
+    /**
+     * Get a signedURL to put an attachment.
+     */
+    async put(project, teamId) {
+        const attachmentIdPrefix = this.IUID_ATTACHMENTS_PREFIX.concat('_', project, '_', teamId);
+        const attachmentId = await this.ddb.IUNID(attachmentIdPrefix);
+        const signedURL = await this.s3.signedURLPut(this.S3_ATTACHMENTS_BUCKET, attachmentId);
+        signedURL.id = attachmentId;
+        return signedURL;
+    }
+    /**
+     * Get a signedURL to retrieve an attachment.
+     */
+    async get(attachmentId) {
+        const signedURL = await this.s3.signedURLGet(this.S3_ATTACHMENTS_BUCKET, attachmentId);
+        signedURL.id = attachmentId;
+        return signedURL;
+    }
+}
+exports.Attachments = Attachments;

package/dist/src/cognito.d.ts

@@ -0,0 +1,177 @@
+import * as CognitoIP from '@aws-sdk/client-cognito-identity-provider';
+import { CognitoUser } from 'idea-toolbox';
+/**
+ * A wrapper for AWS Cognito.
+ */
+export declare class Cognito {
+    protected cognito: CognitoIP.CognitoIdentityProviderClient;
+    constructor(options?: {
+        region?: string;
+    });
+    /**
+     * Change the region in which to find the user pool.
+     * Default: the runner's (e.g. Lambda function) region.
+     */
+    setRegion(region: string): void;
+    /**
+     * Get the attributes of the user, from the authorizer claims.
+     * @param claims authorizer claims
+     * @return user's data
+     * @deprecated use idea-toolbox's CognitoUser instead
+     */
+    getUserByClaims(claims: Record<string, any>): CognitoUserGeneric;
+    /**
+     * Map the complex structure returned by Cognito for a user's attributes in a simple key-value object.
+     */
+    private mapCognitoUserAttributesAsPlainObject;
+    /**
+     * Identify a user by its email address, returning its attributes.
+     */
+    getUserByEmail(email: string, userPoolId: string): Promise<CognitoUserGeneric>;
+    /**
+     * Identify a user by its userId (sub), returning its attributes.
+     */
+    getUserBySub(sub: string, userPoolId: string): Promise<CognitoUserGeneric>;
+    /**
+     * List all the users of the pool.
+     */
+    listUsers(userPoolId: string, options?: {
+        pagination?: string;
+        users: CognitoUser[];
+    }): Promise<CognitoUser[]>;
+    /**
+     * List all the users of the pool, including the information about the groups they're in.
+     * Note: it's slower than the alternative `getAllUsers`: use it only when needed.
+     */
+    listUsersWithGroupsDetail(cognitoUserPoolId: string): Promise<CognitoUser[]>;
+    /**
+     * Create a new user (by its email) in the pool specified.
+     * @return userId of the new user
+     */
+    createUser(cognitoUserOrEmail: CognitoUser | string, userPoolId: string, options?: CreateUserOptions): Promise<string>;
+    /**
+     * Resend the password to a user who never logged in.
+     */
+    resendPassword(email: string, userPoolId: string, options?: CreateUserOptions): Promise<void>;
+    /**
+     * Set a new password for a specific user identified by its email (admin-only).
+     * If not specified, the password is generated randomly, and the user must change it at the first login.
+     */
+    setPassword(email: string, userPoolId: string, options?: {
+        password?: string;
+        permanent?: boolean;
+    }): Promise<void>;
+    /**
+     * Delete a user by its email (username), in the pool specified.
+     */
+    deleteUser(email: string, userPoolId: string): Promise<void>;
+    /**
+     * Sign in a user of a specific pool through username and password.
+     */
+    signIn(email: string, password: string, userPoolId: string, userPoolClientId: string): Promise<CognitoIP.AuthenticationResultType>;
+    /**
+     * Given a username and a refresh token (and pool data), refresh the session and return the new tokens.
+     */
+    refreshSession(email: string, refreshToken: string, userPoolId: string, userPoolClientId: string): Promise<CognitoIP.AuthenticationResultType>;
+    /**
+     * Change the email address (== username) associated to a user.
+     */
+    updateEmail(email: string, newEmail: string, userPoolId: string): Promise<void>;
+    /**
+     * Change the password to sign in for a user.
+     */
+    updatePassword(email: string, oldPassword: string, newPassword: string, userPoolId: string, userPoolClientId: string): Promise<void>;
+    /**
+     * Send to a user the instructions to change the password.
+     */
+    forgotPassword(email: string, userPoolClientId: string): Promise<CognitoIP.CodeDeliveryDetailsType>;
+    /**
+     * Complete the flow of a password forgot.
+     */
+    confirmForgotPassword(email: string, newPassword: string, confirmationCode: string, userPoolClientId: string): Promise<void>;
+    /**
+     * Update a (Cognito)User's attributes, excluding the attributes that require specific methods.
+     */
+    updateUser(user: CognitoUser, userPoolId: string): Promise<void>;
+    /**
+     * Sign out the user from all devices.
+     */
+    globalSignOut(email: string, userPoolId: string): Promise<void>;
+    /**
+     * Confirm and conclude a registration, usign a confirmation code.
+     */
+    confirmSignUp(email: string, confirmationCode: string, userPoolClientId: string): Promise<void>;
+    /**
+     * List the groups of the user pool.
+     */
+    listGroups(userPoolId: string, options?: {
+        pagination?: string;
+        groups: CognitoGroup[];
+    }): Promise<CognitoGroup[]>;
+    /**
+     * Create a new group in the user pool.
+     */
+    createGroup(groupName: string, userPoolId: string): Promise<void>;
+    /**
+     * Delete a group from the user pool.
+     */
+    deleteGroup(groupName: string, userPoolId: string): Promise<void>;
+    /**
+     * List the users part of a group in the user pool.
+     */
+    listUsersInGroup(group: string, userPoolId: string, options?: {
+        pagination?: string;
+        users: CognitoUser[];
+    }): Promise<CognitoUser[]>;
+    /**
+     * Add a user (by email) to a group in the user pool.
+     */
+    addUserToGroup(email: string, group: string, userPoolId: string): Promise<void>;
+    /**
+     * Remove a user (by email) from a group in the user pool.
+     */
+    removeUserFromGroup(email: string, group: string, userPoolId: string): Promise<void>;
+}
+/**
+ * The attributes of a generic Cognito user of which we don't know the custom attributes.
+ */
+export interface CognitoUserGeneric {
+    /**
+     * The user id (sub).
+     */
+    userId: string;
+    /**
+     * The email (=== username).
+     */
+    email: string;
+    /**
+     * Cognito can have custom attributes.
+     */
+    [attribute: string]: string;
+}
+/**
+ * Options when creating a new user.
+ */
+export interface CreateUserOptions {
+    /**
+     * Uf true, don't send the default Cognito email notification
+     */
+    skipNotification?: boolean;
+    /**
+     * If null, randomly generated
+     */
+    temporaryPassword?: string;
+}
+/**
+ * The attributes of a Cognito group.
+ */
+export interface CognitoGroup {
+    /**
+     * The name (and id) of the group.
+     */
+    name: string;
+    /**
+     * The description of the group.
+     */
+    description: string;
+}

package/dist/src/cognito.js

@@ -0,0 +1,412 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Cognito = void 0;
+const CognitoIP = __importStar(require("@aws-sdk/client-cognito-identity-provider"));
+const idea_toolbox_1 = require("idea-toolbox");
+/**
+ * A wrapper for AWS Cognito.
+ */
+class Cognito {
+    constructor(options = {}) {
+        this.cognito = new CognitoIP.CognitoIdentityProviderClient({ region: options.region });
+    }
+    /**
+     * Change the region in which to find the user pool.
+     * Default: the runner's (e.g. Lambda function) region.
+     */
+    setRegion(region) {
+        // there is no quick way to change the region without re-creating the object
+        this.cognito = new CognitoIP.CognitoIdentityProviderClient({ region });
+    }
+    /**
+     * Get the attributes of the user, from the authorizer claims.
+     * @param claims authorizer claims
+     * @return user's data
+     * @deprecated use idea-toolbox's CognitoUser instead
+     */
+    getUserByClaims(claims) {
+        if (!claims)
+            return null;
+        const user = {};
+        // add any additional cognito attribute available in cognito
+        for (const p in claims)
+            if (p.startsWith('cognito:'))
+                user[p.slice(8)] = claims[p];
+        // map the important attributes with reserved names
+        user.userId = claims.sub;
+        user.email = claims.email;
+        return user;
+    }
+    /**
+     * Map the complex structure returned by Cognito for a user's attributes in a simple key-value object.
+     */
+    mapCognitoUserAttributesAsPlainObject(user) {
+        const userAttributes = {};
+        (user.Attributes ?? user.UserAttributes ?? []).forEach((a) => (userAttributes[a.Name] = a.Value));
+        if (!userAttributes.userId)
+            userAttributes.userId = userAttributes.sub;
+        return userAttributes;
+    }
+    //
+    // ADMIN
+    //
+    /**
+     * Identify a user by its email address, returning its attributes.
+     */
+    async getUserByEmail(email, userPoolId) {
+        const command = new CognitoIP.AdminGetUserCommand({ UserPoolId: userPoolId, Username: email });
+        try {
+            const user = await this.cognito.send(command);
+            return this.mapCognitoUserAttributesAsPlainObject(user);
+        }
+        catch (error) {
+            if (error.name === 'UserNotFoundException')
+                throw new Error('User not found');
+            throw error;
+        }
+    }
+    /**
+     * Identify a user by its userId (sub), returning its attributes.
+     */
+    async getUserBySub(sub, userPoolId) {
+        // as of today, there is no a direct way to find a user by its sub: we need to run a query against the users base
+        const command = new CognitoIP.ListUsersCommand({ UserPoolId: userPoolId, Filter: `sub = "${sub}"`, Limit: 1 });
+        const { Users } = await this.cognito.send(command);
+        if (Users.length < 1)
+            throw new Error('User not found');
+        return this.mapCognitoUserAttributesAsPlainObject(Users[0]);
+    }
+    /**
+     * List all the users of the pool.
+     */
+    async listUsers(userPoolId, options = { users: [] }) {
+        const params = { UserPoolId: userPoolId };
+        if (options.pagination)
+            params.PaginationToken = options.pagination;
+        const { Users, PaginationToken: pagination } = await this.cognito.send(new CognitoIP.ListUsersCommand(params));
+        const users = options.users.concat(Users.map(u => new idea_toolbox_1.CognitoUser(this.mapCognitoUserAttributesAsPlainObject(u))));
+        if (pagination)
+            return await this.listUsers(userPoolId, { pagination, users });
+        else
+            return users;
+    }
+    /**
+     * List all the users of the pool, including the information about the groups they're in.
+     * Note: it's slower than the alternative `getAllUsers`: use it only when needed.
+     */
+    async listUsersWithGroupsDetail(cognitoUserPoolId) {
+        const groups = await this.listGroups(cognitoUserPoolId);
+        const users = [];
+        for (const group of groups) {
+            const usersOfGroup = await this.listUsersInGroup(group.name, cognitoUserPoolId);
+            usersOfGroup.forEach(userInGroup => {
+                const userAlreadyInOutputList = users.find(u => u.userId === userInGroup.userId);
+                if (userAlreadyInOutputList)
+                    userAlreadyInOutputList.groups.push(group.name);
+                else {
+                    userInGroup.groups.push(group.name);
+                    users.push(userInGroup);
+                }
+            });
+        }
+        return users;
+    }
+    /**
+     * Create a new user (by its email) in the pool specified.
+     * @return userId of the new user
+     */
+    async createUser(cognitoUserOrEmail, userPoolId, options = {}) {
+        const email = typeof cognitoUserOrEmail === 'string'
+            ? cognitoUserOrEmail
+            : cognitoUserOrEmail.email;
+        if ((0, idea_toolbox_1.isEmpty)(email, 'email'))
+            throw new Error('INVALID_EMAIL');
+        const UserAttributes = [
+            { Name: 'email', Value: email },
+            { Name: 'email_verified', Value: 'true' }
+        ];
+        if (typeof cognitoUserOrEmail === 'object') {
+            const user = cognitoUserOrEmail;
+            UserAttributes.push({ Name: 'name', Value: user.name });
+            UserAttributes.push({ Name: 'picture', Value: user.picture || '' });
+            Object.keys(user.attributes).forEach(a => UserAttributes.push({ Name: 'custom:'.concat(a), Value: String(user.attributes[a]) }));
+        }
+        const params = { UserPoolId: userPoolId, Username: email, UserAttributes };
+        if (options.skipNotification)
+            params.MessageAction = 'SUPPRESS';
+        if (options.temporaryPassword)
+            params.TemporaryPassword = options.temporaryPassword;
+        const { User } = await this.cognito.send(new CognitoIP.AdminCreateUserCommand(params));
+        const userId = this.mapCognitoUserAttributesAsPlainObject(User).sub;
+        if (!userId)
+            throw new Error('Creation failed');
+        return userId;
+    }
+    /**
+     * Resend the password to a user who never logged in.
+     */
+    async resendPassword(email, userPoolId, options = {}) {
+        if ((0, idea_toolbox_1.isEmpty)(email, 'email'))
+            throw new Error('Invalid email');
+        const params = {
+            UserPoolId: userPoolId,
+            Username: email,
+            MessageAction: 'RESEND'
+        };
+        if (options.temporaryPassword)
+            params.TemporaryPassword = options.temporaryPassword;
+        await this.cognito.send(new CognitoIP.AdminCreateUserCommand(params));
+    }
+    /**
+     * Set a new password for a specific user identified by its email (admin-only).
+     * If not specified, the password is generated randomly, and the user must change it at the first login.
+     */
+    async setPassword(email, userPoolId, options = {}) {
+        if ((0, idea_toolbox_1.isEmpty)(email, 'email'))
+            throw new Error('Invalid email');
+        const RANDOM_PASSWORD_LENGTH = 8;
+        const password = options.password ??
+            Math.random()
+                .toString(36)
+                .slice(2, 2 + RANDOM_PASSWORD_LENGTH);
+        const params = {
+            UserPoolId: userPoolId,
+            Username: email,
+            Password: password,
+            Permanent: options.permanent
+        };
+        await this.cognito.send(new CognitoIP.AdminSetUserPasswordCommand(params));
+    }
+    /**
+     * Delete a user by its email (username), in the pool specified.
+     */
+    async deleteUser(email, userPoolId) {
+        if ((0, idea_toolbox_1.isEmpty)(email, 'email'))
+            throw new Error('Invalid email');
+        const command = new CognitoIP.AdminDeleteUserCommand({ UserPoolId: userPoolId, Username: email });
+        await this.cognito.send(command);
+    }
+    //
+    // USER
+    //
+    /**
+     * Sign in a user of a specific pool through username and password.
+     */
+    async signIn(email, password, userPoolId, userPoolClientId) {
+        const command = new CognitoIP.AdminInitiateAuthCommand({
+            UserPoolId: userPoolId,
+            ClientId: userPoolClientId,
+            AuthFlow: 'ADMIN_NO_SRP_AUTH',
+            AuthParameters: { USERNAME: email, PASSWORD: password }
+        });
+        const { AuthenticationResult } = await this.cognito.send(command);
+        if (!AuthenticationResult)
+            throw new Error('Sign-in failed');
+        return AuthenticationResult;
+    }
+    /**
+     * Given a username and a refresh token (and pool data), refresh the session and return the new tokens.
+     */
+    async refreshSession(email, refreshToken, userPoolId, userPoolClientId) {
+        const command = new CognitoIP.AdminInitiateAuthCommand({
+            UserPoolId: userPoolId,
+            ClientId: userPoolClientId,
+            AuthFlow: 'REFRESH_TOKEN_AUTH',
+            AuthParameters: { USERNAME: email, REFRESH_TOKEN: refreshToken }
+        });
+        const { AuthenticationResult } = await this.cognito.send(command);
+        if (!AuthenticationResult)
+            throw new Error('Refresh failed');
+        return AuthenticationResult;
+    }
+    /**
+     * Change the email address (== username) associated to a user.
+     */
+    async updateEmail(email, newEmail, userPoolId) {
+        if ((0, idea_toolbox_1.isEmpty)(newEmail, 'email'))
+            throw new Error('Invalid new email');
+        const command = new CognitoIP.AdminUpdateUserAttributesCommand({
+            UserPoolId: userPoolId,
+            Username: email,
+            UserAttributes: [
+                { Name: 'email', Value: newEmail },
+                { Name: 'email_verified', Value: 'true' }
+            ]
+        });
+        await this.cognito.send(command);
+        // sign out the user from all its devices and resolve
+        await this.globalSignOut(newEmail, userPoolId);
+    }
+    /**
+     * Change the password to sign in for a user.
+     */
+    async updatePassword(email, oldPassword, newPassword, userPoolId, userPoolClientId) {
+        if (newPassword.length < 8)
+            throw new Error('Invalid new password');
+        const tokensForPasswordChange = await this.signIn(email, oldPassword, userPoolId, userPoolClientId);
+        const command = new CognitoIP.ChangePasswordCommand({
+            AccessToken: tokensForPasswordChange.AccessToken,
+            PreviousPassword: oldPassword,
+            ProposedPassword: newPassword
+        });
+        await this.cognito.send(command);
+    }
+    /**
+     * Send to a user the instructions to change the password.
+     */
+    async forgotPassword(email, userPoolClientId) {
+        const command = new CognitoIP.ForgotPasswordCommand({ Username: email, ClientId: userPoolClientId });
+        const { CodeDeliveryDetails } = await this.cognito.send(command);
+        return CodeDeliveryDetails;
+    }
+    /**
+     * Complete the flow of a password forgot.
+     */
+    async confirmForgotPassword(email, newPassword, confirmationCode, userPoolClientId) {
+        const command = new CognitoIP.ConfirmForgotPasswordCommand({
+            ClientId: userPoolClientId,
+            Username: email,
+            ConfirmationCode: confirmationCode,
+            Password: newPassword
+        });
+        await this.cognito.send(command);
+    }
+    /**
+     * Update a (Cognito)User's attributes, excluding the attributes that require specific methods.
+     */
+    async updateUser(user, userPoolId) {
+        const UserAttributes = [
+            { Name: 'name', Value: user.name },
+            { Name: 'picture', Value: user.picture ?? '' }
+        ];
+        Object.keys(user.attributes).forEach(customAttribute => UserAttributes.push({
+            Name: 'custom:'.concat(customAttribute),
+            Value: String(user.attributes[customAttribute])
+        }));
+        const command = new CognitoIP.AdminUpdateUserAttributesCommand({
+            UserPoolId: userPoolId,
+            Username: user.email,
+            UserAttributes
+        });
+        await this.cognito.send(command);
+    }
+    /**
+     * Sign out the user from all devices.
+     */
+    async globalSignOut(email, userPoolId) {
+        const command = new CognitoIP.AdminUserGlobalSignOutCommand({ Username: email, UserPoolId: userPoolId });
+        await this.cognito.send(command);
+    }
+    /**
+     * Confirm and conclude a registration, usign a confirmation code.
+     */
+    async confirmSignUp(email, confirmationCode, userPoolClientId) {
+        if (!email)
+            throw new Error('Invalid email');
+        if (!confirmationCode)
+            throw new Error('Invalid confirmation code');
+        if (!userPoolClientId)
+            throw new Error('Invalid client ID');
+        const command = new CognitoIP.ConfirmSignUpCommand({
+            Username: email,
+            ConfirmationCode: confirmationCode,
+            ClientId: userPoolClientId
+        });
+        await this.cognito.send(command);
+    }
+    /**
+     * List the groups of the user pool.
+     */
+    async listGroups(userPoolId, options = { groups: [] }) {
+        const params = { UserPoolId: userPoolId };
+        if (options.pagination)
+            params.NextToken = options.pagination;
+        const res = await this.cognito.send(new CognitoIP.ListGroupsCommand(params));
+        const pagination = res.NextToken;
+        const groups = options.groups.concat(res.Groups.map(g => ({ name: g.GroupName, description: g.Description })));
+        if (pagination)
+            return await this.listGroups(userPoolId, { pagination, groups });
+        else
+            return groups;
+    }
+    /**
+     * Create a new group in the user pool.
+     */
+    async createGroup(groupName, userPoolId) {
+        const command = new CognitoIP.CreateGroupCommand({ GroupName: groupName, UserPoolId: userPoolId });
+        await this.cognito.send(command);
+    }
+    /**
+     * Delete a group from the user pool.
+     */
+    async deleteGroup(groupName, userPoolId) {
+        const command = new CognitoIP.DeleteGroupCommand({ GroupName: groupName, UserPoolId: userPoolId });
+        await this.cognito.send(command);
+    }
+    /**
+     * List the users part of a group in the user pool.
+     */
+    async listUsersInGroup(group, userPoolId, options = { users: [] }) {
+        const params = {
+            UserPoolId: userPoolId,
+            GroupName: group
+        };
+        if (options.pagination)
+            params.NextToken = options.pagination;
+        const res = await this.cognito.send(new CognitoIP.ListUsersInGroupCommand(params));
+        const pagination = res.NextToken;
+        const users = options.users.concat(res.Users.map(u => new idea_toolbox_1.CognitoUser(this.mapCognitoUserAttributesAsPlainObject(u))));
+        if (pagination)
+            return await this.listUsersInGroup(group, userPoolId, { pagination, users });
+        else
+            return users;
+    }
+    /**
+     * Add a user (by email) to a group in the user pool.
+     */
+    async addUserToGroup(email, group, userPoolId) {
+        const user = new idea_toolbox_1.CognitoUser(await this.getUserByEmail(email, userPoolId));
+        const command = new CognitoIP.AdminAddUserToGroupCommand({
+            UserPoolId: userPoolId,
+            GroupName: group,
+            Username: user.userId
+        });
+        await this.cognito.send(command);
+    }
+    /**
+     * Remove a user (by email) from a group in the user pool.
+     */
+    async removeUserFromGroup(email, group, userPoolId) {
+        const user = new idea_toolbox_1.CognitoUser(await this.getUserByEmail(email, userPoolId));
+        const command = new CognitoIP.AdminRemoveUserFromGroupCommand({
+            UserPoolId: userPoolId,
+            GroupName: group,
+            Username: user.userId
+        });
+        await this.cognito.send(command);
+    }
+}
+exports.Cognito = Cognito;

package/dist/src/comprehend.d.ts

@@ -0,0 +1,34 @@
+import * as AmazonComprehend from '@aws-sdk/client-comprehend';
+import { Sentiment } from 'idea-toolbox';
+/**
+ * A wrapper for Amazon Comprehend.
+ */
+export declare class Comprehend {
+    protected comprehend: AmazonComprehend.ComprehendClient;
+    constructor(options?: {
+        region?: string;
+    });
+    /**
+     * Inspects text and returns an inference of the prevailing sentiment (POSITIVE, NEUTRAL, MIXED, or NEGATIVE).
+     */
+    detectSentiment(params: DetectSentimentParameters): Promise<Sentiment>;
+    /**
+     * Determines the dominant language of the input text.
+     */
+    detectDominantLanguage(params: {
+        text: string;
+    }): Promise<string>;
+}
+export interface DetectSentimentParameters {
+    /**
+     * The language of the input contents. You can specify any of the primary languages supported by Amazon Comprehend.
+     * All contents must be in the same language. Required.
+     * Valid Values: en | es | fr | de | it | pt | ar | hi | ja | ko | zh | zh-TW
+     */
+    language: string;
+    /**
+     * The text to analyze. Required.
+     * A UTF-8 text string. Each string must contain fewer that 5,000 bytes of UTF-8 encoded characters.
+     */
+    text: string;
+}