piper-utils 1.1.16 → 1.1.18

package/bin/main.js

@@ -53,55 +53,55 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));exports.runMigra
   \********************************************************************/
 /***/ ((__unused_webpack_module, exports, __webpack_require__) => {
 
-Object.defineProperty(exports, "__esModule", ({ value: true }));exports.userRoles = undefined;exports.isSystemUser = isSystemUser;exports.isSuperUser = isSuperUser;exports.checkIsSuper = checkIsSuper;exports.accessRightsUtils = accessRightsUtils;exports.userDefaultBid = userDefaultBid;exports.getRequestedBusinessIds = getRequestedBusinessIds;exports.getAccessRightsInfo = getAccessRightsInfo;exports.getDefaultBusinessIDInfo = getDefaultBusinessIDInfo;exports.getBusinessesInfo = getBusinessesInfo;exports.getModuleInfo = getModuleInfo;exports.checkModule = checkModule;exports.checkWriteAccess = checkWriteAccess;var _lodash = __webpack_require__(/*! lodash */ "lodash");var _lodash2 = _interopRequireDefault(_lodash);var _errorCodes = __webpack_require__(/*! ../../../requestResponse/errorCodes.js */ "./src/requestResponse/errorCodes.js");var _requestResponse = __webpack_require__(/*! ../../../requestResponse/requestResponse.js */ "./src/requestResponse/requestResponse.js");function _interopRequireDefault(e) {return e && e.__esModule ? e : { default: e };}function isSystemUser(event) {let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:SYSTEM') || _lodash2.default.get(event, 'requestContext.authorizer.custom:SYSTEM') || 'false';let isSys = false;try {isSys = JSON.parse(jsonToParse);return isSys;} catch (e) {console.error('error with system user:', e);return false;}}function isSuperUser(event) {console.log('>>>>HERE SUPER');let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:SUPER') || _lodash2.default.get(event, 'requestContext.authorizer.custom:SUPER') || 'false';let isSys = false;console.log('>>>>jsonToParse: ', jsonToParse);try {isSys = JSON.parse(jsonToParse);console.log('>>>>isSys: ', isSys);return isSys;} catch (e) {console.error('error with super user:', e);return false;}} /**
- * Throws unauthorized error if the user is not a super user.
- * Mirrors the behavior and style of checkModule but focused on SUPER role.
- *
- * @param {object} event - The lambda event passed in by a validated api request.
+Object.defineProperty(exports, "__esModule", ({ value: true }));exports.userRoles = undefined;exports.isSystemUser = isSystemUser;exports.isSuperUser = isSuperUser;exports.checkIsSuper = checkIsSuper;exports.accessRightsUtils = accessRightsUtils;exports.userDefaultBid = userDefaultBid;exports.getRequestedBusinessIds = getRequestedBusinessIds;exports.getAccessRightsInfo = getAccessRightsInfo;exports.getDefaultBusinessIDInfo = getDefaultBusinessIDInfo;exports.getBusinessesInfo = getBusinessesInfo;exports.getModuleInfo = getModuleInfo;exports.checkModule = checkModule;exports.checkWriteAccess = checkWriteAccess;var _lodash = __webpack_require__(/*! lodash */ "lodash");var _lodash2 = _interopRequireDefault(_lodash);var _errorCodes = __webpack_require__(/*! ../../../requestResponse/errorCodes.js */ "./src/requestResponse/errorCodes.js");var _requestResponse = __webpack_require__(/*! ../../../requestResponse/requestResponse.js */ "./src/requestResponse/requestResponse.js");function _interopRequireDefault(e) {return e && e.__esModule ? e : { default: e };}function isSystemUser(event) {let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:SYSTEM') || _lodash2.default.get(event, 'requestContext.authorizer.custom:SYSTEM') || 'false';let isSys = false;try {isSys = JSON.parse(jsonToParse);return isSys;} catch (e) {console.error('error with system user:', e);return false;}}function isSuperUser(event) {let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:SUPER') || _lodash2.default.get(event, 'requestContext.authorizer.custom:SUPER') || 'false';let isSys = false;try {isSys = JSON.parse(jsonToParse);console.log('>>>>isSys', isSys);return isSys;} catch (e) {return false;}} /**
+ * Throws unauthorized error if the user is not a super user.
+ * Mirrors the behavior and style of checkModule but focused on SUPER role.
+ *
+ * @param {object} event - The lambda event passed in by a validated api request.
  */function checkIsSuper(event) {// Super or System users are always allowed
   if (isSuperUser(event)) {return;}if (isSystemUser(event)) {return;} // In local builds allow bypass to ease development and tests
-  if (process.env.BUILD_ENV === 'local') {return;}throw _errorCodes.errorList.unauthorized;} /**
- * Get the allowed businessIds for a user from the lambda event, compare it to businessIds, return what user has access to.
- *
- * @param {object} event - The lambda event passed in by a validated api request.
- * @param {{useCognitoBid:boolean}} [options] - An object with options, useCognitoBid prefers the businessId set in cognito if set and does not return the local bid of 1 if a bid is in the claim.
- * @returns {array} A  list of businessIds that have been requested and are allowed to for some user.
- */function accessRightsUtils(event, options) {const useCognitoBid = _lodash2.default.get(options, 'useCognitoBid', false);const requestedBusinessIds = getRequestedBusinessIds(event);const allowedBusinessIds = getAllowedBusinessIds(event, useCognitoBid);if (isSuperUser(event)) {let v = requestedBusinessIds;if (_lodash2.default.isEmpty(requestedBusinessIds)) {v = allowedBusinessIds;}return v;}if (isSystemUser(event)) {return requestedBusinessIds;}if (requestedBusinessIds.length === 0) {return allowedBusinessIds;}return _lodash2.default.intersection(requestedBusinessIds, allowedBusinessIds);} /**
- * Get the businessID set in cognito as custom:DBI.
- *
- * @param {object} event - The lambda event passed in by a validated api request.
- * @returns {string} The businessID set in cognito as custom:DBI
- */function userDefaultBid(event) {let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:DBI') || _lodash2.default.get(event, 'requestContext.authorizer.custom:DBI') || '{}';const dbi = JSON.parse(jsonToParse);return _lodash2.default.get(dbi, 'defaultBid', '') || '1';} /**
- * Get  requested businessIds from the query string.
- *
- * @param {object} event - The lambda event passed in by a validated api request.
- * @returns {array} The businessID requested by the query string
- */function getRequestedBusinessIds(event) {let requestedBusinessIds = _lodash2.default.get(event, 'queryStringParameters.businessIds', null);const body = (0, _requestResponse.parseBody)(event);const bodyBid = body?.businessId;if (requestedBusinessIds) {return requestedBusinessIds ? requestedBusinessIds.split(',') : [];} else if (bodyBid) {return [bodyBid];} else {return [];}} /**
- * Get the allowed businessIds for a user from cognito custom:AR property.
- *
- * @param {object} event - The lambda event passed in by a validated api request.
- * @param useCognitoBid
- * @returns {array} The businessID requested by the query string
+  if (process.env.BUILD_ENV === 'local') {return;}throw _errorCodes.errorList.unauthorized;} /**
+ * Get the allowed businessIds for a user from the lambda event, compare it to businessIds, return what user has access to.
+ *
+ * @param {object} event - The lambda event passed in by a validated api request.
+ * @param {{useCognitoBid:boolean}} [options] - An object with options, useCognitoBid prefers the businessId set in cognito if set and does not return the local bid of 1 if a bid is in the claim.
+ * @returns {array} A  list of businessIds that have been requested and are allowed to for some user.
+ */function accessRightsUtils(event, options) {const useCognitoBid = _lodash2.default.get(options, 'useCognitoBid', false);const requestedBusinessIds = getRequestedBusinessIds(event);const allowedBusinessIds = getAllowedBusinessIds(event, useCognitoBid);console.log('>>>>req BIDS', requestedBusinessIds);console.log('>>>>allowed BIDS', allowedBusinessIds);if (isSuperUser(event)) {console.log('>>>>IS SUPER');let v = requestedBusinessIds;if (_lodash2.default.isEmpty(requestedBusinessIds)) {console.log('>>>>Empty req bids');v = allowedBusinessIds;}console.log('>>>>BIDS', v);return v;}if (isSystemUser(event)) {return requestedBusinessIds;}if (requestedBusinessIds.length === 0) {return allowedBusinessIds;}return _lodash2.default.intersection(requestedBusinessIds, allowedBusinessIds);} /**
+ * Get the businessID set in cognito as custom:DBI.
+ *
+ * @param {object} event - The lambda event passed in by a validated api request.
+ * @returns {string} The businessID set in cognito as custom:DBI
+ */function userDefaultBid(event) {let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:DBI') || _lodash2.default.get(event, 'requestContext.authorizer.custom:DBI') || '{}';const dbi = JSON.parse(jsonToParse);return _lodash2.default.get(dbi, 'defaultBid', '') || '1';} /**
+ * Get  requested businessIds from the query string.
+ *
+ * @param {object} event - The lambda event passed in by a validated api request.
+ * @returns {array} The businessID requested by the query string
+ */function getRequestedBusinessIds(event) {let requestedBusinessIds = _lodash2.default.get(event, 'queryStringParameters.businessIds', null);const body = (0, _requestResponse.parseBody)(event);const bodyBid = body?.businessId;if (requestedBusinessIds) {return requestedBusinessIds ? requestedBusinessIds.split(',') : [];} else if (bodyBid) {return [bodyBid];} else {return [];}} /**
+ * Get the allowed businessIds for a user from cognito custom:AR property.
+ *
+ * @param {object} event - The lambda event passed in by a validated api request.
+ * @param useCognitoBid
+ * @returns {array} The businessID requested by the query string
  */function getAllowedBusinessIds(event, useCognitoBid) {const businesses = getBusinessesInfo(event, useCognitoBid);return Object.keys(businesses);}function getAccessRightsInfo(event) {let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:AR') || _lodash2.default.get(event, 'requestContext.authorizer.custom:AR') || '{}';const accessRights = JSON.parse(jsonToParse);return _lodash2.default.get(accessRights, 'businessIds', {});}function getDefaultBusinessIDInfo(event) {let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:DBI') || _lodash2.default.get(event, 'requestContext.authorizer.custom:DBI') || '{}';const dbi = JSON.parse(jsonToParse);return _lodash2.default.get(dbi, 'defaultBid', {});}function getBusinessesInfo(event, useCognitoBid = false) {const json = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:AR') || _lodash2.default.get(event, 'requestContext.authorizer.custom:AR') || '{}';let businessIds = _lodash2.default.get(JSON.parse(json), 'businessIds', {}); // Local environment tweaks
   if (process.env.BUILD_ENV === 'local') {let b;try {b = JSON.parse(event?.body);} catch (e) {}const bodyBid = b?.businessId; // Always inject the default local BID “1” unless the caller explicitly wants
     // what Cognito says **and** Cognito actually returned something.
     if (!useCognitoBid) {businessIds = { ...businessIds, '1': 'A' };} // If Cognito gave no BIDs at all, fall back to the local default.
     if ((0, _lodash.isEmpty)(businessIds)) {businessIds = { '1': 'A' };} // a businessId is found on the body for local allow it
-    if (bodyBid) {businessIds[bodyBid] = 'A';}}return businessIds;} /**
- * Get the modules listed in custom:MOD.
- *
- * @param {object} event - The lambda event passed in by a validated api request.
- * @returns {array} The Module access list
- */function getModuleInfo(event) {let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:MOD') || _lodash2.default.get(event, 'requestContext.authorizer.custom:MOD') || _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:AR') || _lodash2.default.get(event, 'requestContext.authorizer.custom:AR') || '{}';const moduleRights = JSON.parse(jsonToParse);return _lodash2.default.get(moduleRights, 'module', {});} /**
- * Get the modules listed in custom:MOD.
- *
- * @param {string} moduleName - A sting name for a module.
- * @param {object} event - The lambda event passed in by a validated api request.
- * @returns {array} The Module access list
- */function checkModule(moduleName, event) {const moduleRights = getModuleInfo(event);let allowAccess = _lodash2.default.get(moduleRights, moduleName, false);if (isSuperUser(event)) {return;}if (isSystemUser(event)) {return;}if (process.env.BUILD_ENV === 'local') {return;}if (!allowAccess) {throw _errorCodes.errorList.unauthorized;}}const userRoles = exports.userRoles = { admin: 'A', read: 'R', write: 'W' }; /**
- * @param {{body: string}} event
- * @param {{useCognitoBid:boolean}} [options] - An object with options, useCognitoBid prefers the businessId set in cognito if set and does not return the local bid of 1 if a bid is in the claim.
- * @returns {string} businessId
+    if (bodyBid) {businessIds[bodyBid] = 'A';}}return businessIds;} /**
+ * Get the modules listed in custom:MOD.
+ *
+ * @param {object} event - The lambda event passed in by a validated api request.
+ * @returns {array} The Module access list
+ */function getModuleInfo(event) {let jsonToParse = _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:MOD') || _lodash2.default.get(event, 'requestContext.authorizer.custom:MOD') || _lodash2.default.get(event, 'requestContext.authorizer.claims.custom:AR') || _lodash2.default.get(event, 'requestContext.authorizer.custom:AR') || '{}';const moduleRights = JSON.parse(jsonToParse);return _lodash2.default.get(moduleRights, 'module', {});} /**
+ * Get the modules listed in custom:MOD.
+ *
+ * @param {string} moduleName - A sting name for a module.
+ * @param {object} event - The lambda event passed in by a validated api request.
+ * @returns {array} The Module access list
+ */function checkModule(moduleName, event) {const moduleRights = getModuleInfo(event);let allowAccess = _lodash2.default.get(moduleRights, moduleName, false);if (isSuperUser(event)) {return;}if (isSystemUser(event)) {return;}if (process.env.BUILD_ENV === 'local') {return;}if (!allowAccess) {throw _errorCodes.errorList.unauthorized;}}const userRoles = exports.userRoles = { admin: 'A', read: 'R', write: 'W' }; /**
+ * @param {{body: string}} event
+ * @param {{useCognitoBid:boolean}} [options] - An object with options, useCognitoBid prefers the businessId set in cognito if set and does not return the local bid of 1 if a bid is in the claim.
+ * @returns {string} businessId
  */function checkWriteAccess(event, options) {const eventBody = (0, _requestResponse.parseBody)(event);const businessIds = accessRightsUtils(event, options) || [];const businessId = businessIds.find((id) => id === eventBody.businessId);const raw = getBusinessesInfo(event);const userRight = raw[businessId];if (isSystemUser(event)) {return eventBody.businessId;}if (process.env.BUILD_ENV === 'local') {return eventBody.businessId;}if (userRight !== userRoles.admin && userRight !== userRoles.write || !userRight) {throw _errorCodes.errorList.unauthorized;}return businessId;}
 
 /***/ }),
@@ -1033,6 +1033,7 @@ var _defaultFilters = __webpack_require__(/*! ./database/dbUtils/queryStringUtil
 
 
 
+
 const handleFile = exports.handleFile = _handleFile.handleFile;
 const watchBucket = exports.watchBucket = _watchBucket.watchBucket;
 const publishEvents = exports.publishEvents = _publishEvents.publishEvents;
@@ -1059,7 +1060,7 @@ const getBusinessesInfo = exports.getBusinessesInfo = _accessRightsUtils.getBusi
 const userDefaultBid = exports.userDefaultBid = _accessRightsUtils.userDefaultBid;
 const checkWriteAccess = exports.checkWriteAccess = _accessRightsUtils.checkWriteAccess;
 const isSystemUser = exports.isSystemUser = _accessRightsUtils.isSystemUser;
-const isSuperUser = exports.isSuperUser = _accessRightsUtils.isSystemUser;
+const isSuperUser = exports.isSuperUser = _accessRightsUtils.isSuperUser;
 })();
 
 var __webpack_export_target__ = exports;