quidproquo-actionprocessor-awslambda 0.0.231 → 0.0.232
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/getActionProcessor/core/event/apiGatwayEvent/api/getEventGetStorySessionActionProcessor.js +24 -2
- package/lib/commonjs/getActionProcessor/core/event/apiGatwayEvent/api/getEventMatchStoryActionProcessor.js +3 -2
- package/lib/commonjs/getActionProcessor/core/event/apiGatwayEvent/api/types.d.ts +2 -2
- package/lib/commonjs/getActionProcessor/core/system/getSystemExecuteStoryActionProcessor.js +1 -1
- package/lib/commonjs/getActionProcessor/core/userDirectory/getUserDirectoryDecodeAccessTokenActionProcessor.js +2 -5
- package/lib/commonjs/getActionProcessor/core/userDirectory/getUserDirectoryReadAccessTokenActionProcessor.js +11 -12
- package/lib/commonjs/getActionProcessor/core/userDirectory/getUserDirectoryRefreshTokenActionProcessor.js +2 -4
- package/lib/commonjs/getActionProcessor/core/userDirectory/getUserDirectorySetAccessTokenActionProcessor.js +5 -2
- package/lib/commonjs/index.d.ts +1 -0
- package/lib/commonjs/index.js +2 -0
- package/lib/commonjs/lambdaHandlers/getApiGatewayEventHandler.js +0 -3
- package/lib/commonjs/logic/cognito/decodeAccessToken.d.ts +2 -0
- package/lib/commonjs/logic/cognito/decodeAccessToken.js +28 -0
- package/lib/commonjs/logic/cognito/decodeValidJwt.d.ts +2 -5
- package/lib/commonjs/logic/cognito/decodeValidJwt.js +4 -1
- package/lib/commonjs/logic/cognito/index.d.ts +2 -0
- package/lib/commonjs/logic/cognito/index.js +18 -0
- package/lib/commonjs/logic/index.d.ts +1 -0
- package/lib/commonjs/logic/index.js +17 -0
- package/lib/esm/getActionProcessor/core/event/apiGatwayEvent/api/getEventGetStorySessionActionProcessor.js +29 -2
- package/lib/esm/getActionProcessor/core/event/apiGatwayEvent/api/getEventMatchStoryActionProcessor.js +3 -2
- package/lib/esm/getActionProcessor/core/event/apiGatwayEvent/api/types.d.ts +2 -2
- package/lib/esm/getActionProcessor/core/system/getSystemExecuteStoryActionProcessor.js +1 -1
- package/lib/esm/getActionProcessor/core/userDirectory/getUserDirectoryDecodeAccessTokenActionProcessor.js +3 -3
- package/lib/esm/getActionProcessor/core/userDirectory/getUserDirectoryReadAccessTokenActionProcessor.js +12 -13
- package/lib/esm/getActionProcessor/core/userDirectory/getUserDirectoryRefreshTokenActionProcessor.js +2 -4
- package/lib/esm/getActionProcessor/core/userDirectory/getUserDirectorySetAccessTokenActionProcessor.js +5 -2
- package/lib/esm/index.d.ts +1 -0
- package/lib/esm/index.js +2 -0
- package/lib/esm/lambdaHandlers/getApiGatewayEventHandler.js +0 -3
- package/lib/esm/logic/cognito/decodeAccessToken.d.ts +2 -0
- package/lib/esm/logic/cognito/decodeAccessToken.js +19 -0
- package/lib/esm/logic/cognito/decodeValidJwt.d.ts +2 -5
- package/lib/esm/logic/cognito/decodeValidJwt.js +4 -1
- package/lib/esm/logic/cognito/index.d.ts +2 -0
- package/lib/esm/logic/cognito/index.js +2 -0
- package/lib/esm/logic/index.d.ts +1 -0
- package/lib/esm/logic/index.js +1 -0
- package/package.json +5 -5
|
@@ -11,9 +11,31 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.getEventGetStorySessionActionProcessor = void 0;
|
|
13
13
|
const quidproquo_core_1 = require("quidproquo-core");
|
|
14
|
+
const quidproquo_webserver_1 = require("quidproquo-webserver");
|
|
15
|
+
const cognito_1 = require("../../../../../logic/cognito");
|
|
14
16
|
const getProcessGetStorySession = (qpqConfig) => {
|
|
15
|
-
return ({
|
|
16
|
-
|
|
17
|
+
return ({ matchStoryResult, qpqEventRecord }, session) => __awaiter(void 0, void 0, void 0, function* () {
|
|
18
|
+
var _a, _b;
|
|
19
|
+
const accessToken = quidproquo_webserver_1.qpqWebServerUtils.getAccessTokenFromHeaders(qpqEventRecord.headers);
|
|
20
|
+
if (!accessToken) {
|
|
21
|
+
return (0, quidproquo_core_1.actionResult)(void 0);
|
|
22
|
+
}
|
|
23
|
+
// if this endpoint has no auth settings, BUT we do have an access token
|
|
24
|
+
// then we want to just attempt to extract info for logs, but we will say that its
|
|
25
|
+
// wasValid = false
|
|
26
|
+
if (!((_b = (_a = matchStoryResult.config) === null || _a === void 0 ? void 0 : _a.routeAuthSettings) === null || _b === void 0 ? void 0 : _b.userDirectoryName)) {
|
|
27
|
+
// If this endpoint is unauthenticated, then we will just decode it, and say it wasnt valid, for logs
|
|
28
|
+
const info = quidproquo_webserver_1.qpqWebServerUtils.decodeJWT(accessToken);
|
|
29
|
+
return (0, quidproquo_core_1.actionResult)(Object.assign(Object.assign({}, session), { decodedAccessToken: {
|
|
30
|
+
exp: (info === null || info === void 0 ? void 0 : info.exp) || 0,
|
|
31
|
+
userDirectory: '',
|
|
32
|
+
userId: (info === null || info === void 0 ? void 0 : info.sub) || (info === null || info === void 0 ? void 0 : info.id) || (info === null || info === void 0 ? void 0 : info.userId) || (info === null || info === void 0 ? void 0 : info.username) || '',
|
|
33
|
+
username: (info === null || info === void 0 ? void 0 : info.username) || (info === null || info === void 0 ? void 0 : info.userId) || (info === null || info === void 0 ? void 0 : info.sub) || (info === null || info === void 0 ? void 0 : info.id) || '',
|
|
34
|
+
wasValid: false,
|
|
35
|
+
} }));
|
|
36
|
+
}
|
|
37
|
+
const decodedAccessToken = yield (0, cognito_1.decodeAccessToken)(matchStoryResult.config.routeAuthSettings.userDirectoryName, qpqConfig, accessToken, true);
|
|
38
|
+
return (0, quidproquo_core_1.actionResult)(Object.assign(Object.assign({}, session), { decodedAccessToken }));
|
|
17
39
|
});
|
|
18
40
|
};
|
|
19
41
|
const getEventGetStorySessionActionProcessor = (qpqConfig) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -30,12 +30,13 @@ const getProcessMatchStory = (qpqConfig) => {
|
|
|
30
30
|
if (!matchedRoute) {
|
|
31
31
|
return (0, quidproquo_core_1.actionResultError)(quidproquo_core_1.ErrorTypeEnum.NotFound, `route not found [${qpqEventRecord.path}] - [${quidproquo_webserver_1.qpqWebServerUtils.getHeaderValue('user-agent', qpqEventRecord.headers)}]`);
|
|
32
32
|
}
|
|
33
|
-
|
|
33
|
+
const matchResult = {
|
|
34
34
|
runtime: matchedRoute.route.runtime,
|
|
35
35
|
runtimeOptions: matchedRoute.match.params || {},
|
|
36
36
|
// TODO: Make this aware of the API that we are eventing
|
|
37
37
|
config: quidproquo_webserver_1.qpqWebServerUtils.mergeAllRouteOptions('api', matchedRoute.route, qpqConfig),
|
|
38
|
-
}
|
|
38
|
+
};
|
|
39
|
+
return (0, quidproquo_core_1.actionResult)(matchResult);
|
|
39
40
|
});
|
|
40
41
|
};
|
|
41
42
|
const getEventMatchStoryActionProcessor = (qpqConfig) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import { HTTPEvent, HTTPEventResponse } from 'quidproquo-webserver';
|
|
1
|
+
import { HTTPEvent, HTTPEventResponse, RouteOptions } from 'quidproquo-webserver';
|
|
2
2
|
import { APIGatewayEvent, Context, APIGatewayProxyResult } from 'aws-lambda';
|
|
3
3
|
import { MatchStoryResult } from 'quidproquo-core';
|
|
4
4
|
export type EventInput = [APIGatewayEvent, Context];
|
|
5
5
|
export type EventOutput = APIGatewayProxyResult;
|
|
6
6
|
export type InternalEventRecord = HTTPEvent;
|
|
7
7
|
export type InternalEventOutput = HTTPEventResponse;
|
|
8
|
-
export type MatchResult = MatchStoryResult<
|
|
8
|
+
export type MatchResult = MatchStoryResult<Record<string, string>, RouteOptions>;
|
|
@@ -28,7 +28,7 @@ const getProcessExecuteStory = (qpqConfig) => {
|
|
|
28
28
|
const resolveStory = (0, quidproquo_core_1.createRuntime)(qpqConfig, {
|
|
29
29
|
context: ((_a = payload.storySession) === null || _a === void 0 ? void 0 : _a.context) || session.context,
|
|
30
30
|
depth: (((_b = payload.storySession) === null || _b === void 0 ? void 0 : _b.depth) || session.depth || 0) + 1,
|
|
31
|
-
|
|
31
|
+
decodedAccessToken: ((_c = payload.storySession) === null || _c === void 0 ? void 0 : _c.decodedAccessToken) || session.decodedAccessToken,
|
|
32
32
|
correlation: ((_d = payload.storySession) === null || _d === void 0 ? void 0 : _d.correlation) || session.correlation,
|
|
33
33
|
}, () => __awaiter(void 0, void 0, void 0, function* () { return actionProcessors; }), exports.getDateNow, logger,
|
|
34
34
|
// TODO: Share this logic.
|
|
@@ -20,12 +20,9 @@ const getProcessDecodeAccessToken = (qpqConfig) => {
|
|
|
20
20
|
const userPoolId = yield (0, getExportedValue_1.getExportedValue)((0, awsNamingUtils_1.getCFExportNameUserPoolIdFromConfig)(userDirectoryName, qpqConfig), region);
|
|
21
21
|
const authInfo = yield (0, decodeValidJwt_1.decodeValidJwt)(userPoolId, region, ignoreExpiration, accessToken);
|
|
22
22
|
if (!authInfo || !(authInfo === null || authInfo === void 0 ? void 0 : authInfo.username)) {
|
|
23
|
-
return (0, quidproquo_core_1.actionResultError)(quidproquo_core_1.ErrorTypeEnum.Unauthorized, 'Invalid
|
|
23
|
+
return (0, quidproquo_core_1.actionResultError)(quidproquo_core_1.ErrorTypeEnum.Unauthorized, 'Invalid access token');
|
|
24
24
|
}
|
|
25
|
-
return (0, quidproquo_core_1.actionResult)({
|
|
26
|
-
userId: authInfo.userId,
|
|
27
|
-
username: authInfo.username,
|
|
28
|
-
});
|
|
25
|
+
return (0, quidproquo_core_1.actionResult)(Object.assign(Object.assign({}, authInfo), { userDirectory: userDirectoryName }));
|
|
29
26
|
});
|
|
30
27
|
};
|
|
31
28
|
const getUserDirectoryDecodeAccessTokenActionProcessor = (qpqConfig) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -11,21 +11,20 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.getUserDirectoryReadAccessTokenActionProcessor = void 0;
|
|
13
13
|
const quidproquo_core_1 = require("quidproquo-core");
|
|
14
|
-
const
|
|
15
|
-
const getExportedValue_1 = require("../../../logic/cloudformation/getExportedValue");
|
|
16
|
-
const decodeValidJwt_1 = require("../../../logic/cognito/decodeValidJwt");
|
|
14
|
+
const decodeAccessToken_1 = require("../../../logic/cognito/decodeAccessToken");
|
|
17
15
|
const getProcessReadAccessToken = (qpqConfig) => {
|
|
18
|
-
return ({ userDirectoryName, ignoreExpiration },
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
16
|
+
return ({ userDirectoryName, ignoreExpiration }, { decodedAccessToken, accessToken }) => __awaiter(void 0, void 0, void 0, function* () {
|
|
17
|
+
if (decodedAccessToken) {
|
|
18
|
+
if (!ignoreExpiration && decodedAccessToken.exp < Math.floor(Date.now() / 1000)) {
|
|
19
|
+
return (0, quidproquo_core_1.actionResultError)(quidproquo_core_1.ErrorTypeEnum.Invalid, 'Access has expired');
|
|
20
|
+
}
|
|
21
|
+
return (0, quidproquo_core_1.actionResult)(decodedAccessToken);
|
|
22
|
+
}
|
|
23
|
+
const decodedAuthToken = yield (0, decodeAccessToken_1.decodeAccessToken)(userDirectoryName, qpqConfig, accessToken, ignoreExpiration);
|
|
24
|
+
if (!decodedAuthToken || !decodedAuthToken.username) {
|
|
23
25
|
return (0, quidproquo_core_1.actionResultError)(quidproquo_core_1.ErrorTypeEnum.Unauthorized, 'Invalid accessToken');
|
|
24
26
|
}
|
|
25
|
-
return (0, quidproquo_core_1.actionResult)(
|
|
26
|
-
userId: authInfo.userId,
|
|
27
|
-
username: authInfo.username,
|
|
28
|
-
});
|
|
27
|
+
return (0, quidproquo_core_1.actionResult)(decodedAuthToken);
|
|
29
28
|
});
|
|
30
29
|
};
|
|
31
30
|
const getUserDirectoryReadAccessTokenActionProcessor = (qpqConfig) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -14,17 +14,15 @@ const quidproquo_core_1 = require("quidproquo-core");
|
|
|
14
14
|
const awsNamingUtils_1 = require("../../../awsNamingUtils");
|
|
15
15
|
const refreshToken_1 = require("../../../logic/cognito/refreshToken");
|
|
16
16
|
const getExportedValue_1 = require("../../../logic/cloudformation/getExportedValue");
|
|
17
|
-
const decodeValidJwt_1 = require("../../../logic/cognito/decodeValidJwt");
|
|
18
17
|
const getProcessRefreshToken = (qpqConfig) => {
|
|
19
18
|
return ({ userDirectoryName, refreshToken }, session) => __awaiter(void 0, void 0, void 0, function* () {
|
|
20
19
|
const region = quidproquo_core_1.qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig);
|
|
21
20
|
const userPoolId = yield (0, getExportedValue_1.getExportedValue)((0, awsNamingUtils_1.getCFExportNameUserPoolIdFromConfig)(userDirectoryName, qpqConfig), region);
|
|
22
21
|
const userPoolClientId = yield (0, getExportedValue_1.getExportedValue)((0, awsNamingUtils_1.getCFExportNameUserPoolClientIdFromConfig)(userDirectoryName, qpqConfig), region);
|
|
23
|
-
|
|
24
|
-
if (!authInfo || !(authInfo === null || authInfo === void 0 ? void 0 : authInfo.username)) {
|
|
22
|
+
if (!session.decodedAccessToken || !session.decodedAccessToken.username) {
|
|
25
23
|
return (0, quidproquo_core_1.actionResultError)(quidproquo_core_1.ErrorTypeEnum.Unauthorized, 'Invalid accessToken');
|
|
26
24
|
}
|
|
27
|
-
const authResponse = yield (0, refreshToken_1.refreshToken)(userPoolId, userPoolClientId, quidproquo_core_1.qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig),
|
|
25
|
+
const authResponse = yield (0, refreshToken_1.refreshToken)(userPoolId, userPoolClientId, quidproquo_core_1.qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig), session.decodedAccessToken.username, refreshToken);
|
|
28
26
|
return (0, quidproquo_core_1.actionResult)(authResponse);
|
|
29
27
|
});
|
|
30
28
|
};
|
|
@@ -11,12 +11,15 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.getUserDirectorySetAccessTokenActionProcessor = void 0;
|
|
13
13
|
const quidproquo_core_1 = require("quidproquo-core");
|
|
14
|
+
const cognito_1 = require("../../../logic/cognito");
|
|
14
15
|
const getProcessSetAccessToken = (qpqConfig) => {
|
|
15
|
-
return ({ accessToken }, session,
|
|
16
|
+
return ({ accessToken, userDirectoryName }, session, apl, logger, updateSession) => __awaiter(void 0, void 0, void 0, function* () {
|
|
17
|
+
const decodedAccessToken = yield (0, cognito_1.decodeAccessToken)(userDirectoryName, qpqConfig, accessToken, false);
|
|
16
18
|
updateSession({
|
|
19
|
+
decodedAccessToken: decodedAccessToken,
|
|
17
20
|
accessToken,
|
|
18
21
|
});
|
|
19
|
-
return (0, quidproquo_core_1.actionResult)(
|
|
22
|
+
return (0, quidproquo_core_1.actionResult)(decodedAccessToken);
|
|
20
23
|
});
|
|
21
24
|
};
|
|
22
25
|
const getUserDirectorySetAccessTokenActionProcessor = (qpqConfig) => __awaiter(void 0, void 0, void 0, function* () {
|
package/lib/commonjs/index.d.ts
CHANGED
|
@@ -5,5 +5,6 @@ export * from './runtimeConfig/QPQAWSResourceMap';
|
|
|
5
5
|
export * from './logic/parametersManager/getParameter';
|
|
6
6
|
export * from './logic/parametersManager/getParameters';
|
|
7
7
|
export * from './logic/cache/memoFunc';
|
|
8
|
+
export * from './logic';
|
|
8
9
|
export * from './lambdaHandlers';
|
|
9
10
|
export * from './getLambdaEntries';
|
package/lib/commonjs/index.js
CHANGED
|
@@ -31,8 +31,10 @@ __exportStar(require("./getActionProcessor"), exports);
|
|
|
31
31
|
exports.awsLambdaUtils = __importStar(require("./awsLambdaUtils"));
|
|
32
32
|
exports.awsNamingUtils = __importStar(require("./awsNamingUtils"));
|
|
33
33
|
__exportStar(require("./runtimeConfig/QPQAWSResourceMap"), exports);
|
|
34
|
+
// TODO EXPORT THIS BETTER..
|
|
34
35
|
__exportStar(require("./logic/parametersManager/getParameter"), exports);
|
|
35
36
|
__exportStar(require("./logic/parametersManager/getParameters"), exports);
|
|
36
37
|
__exportStar(require("./logic/cache/memoFunc"), exports);
|
|
38
|
+
__exportStar(require("./logic"), exports);
|
|
37
39
|
__exportStar(require("./lambdaHandlers"), exports);
|
|
38
40
|
__exportStar(require("./getLambdaEntries"), exports);
|
|
@@ -2,16 +2,13 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.getApiGatewayEventHandler = void 0;
|
|
4
4
|
const quidproquo_core_1 = require("quidproquo-core");
|
|
5
|
-
const quidproquo_webserver_1 = require("quidproquo-webserver");
|
|
6
5
|
const getActionProcessor_1 = require("../getActionProcessor");
|
|
7
6
|
const getQpqLambdaRuntimeForEvent_1 = require("./helpers/getQpqLambdaRuntimeForEvent");
|
|
8
7
|
const getApiGatewayEventHandler = (dynamicModuleLoader, qpqConfig) => (0, getQpqLambdaRuntimeForEvent_1.getQpqLambdaRuntimeForEvent)(quidproquo_core_1.QpqRuntimeType.API, (event) => {
|
|
9
8
|
console.log('event', JSON.stringify(event, null, 2));
|
|
10
9
|
console.log(event);
|
|
11
|
-
const accessToken = quidproquo_webserver_1.qpqWebServerUtils.getAccessTokenFromHeaders(event.headers);
|
|
12
10
|
return {
|
|
13
11
|
depth: 0,
|
|
14
|
-
accessToken: accessToken,
|
|
15
12
|
context: {},
|
|
16
13
|
};
|
|
17
14
|
}, getActionProcessor_1.getApiGatewayApiEventEventProcessor, dynamicModuleLoader, qpqConfig);
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.decodeAccessToken = void 0;
|
|
13
|
+
const quidproquo_core_1 = require("quidproquo-core");
|
|
14
|
+
const awsNamingUtils_1 = require("../../awsNamingUtils");
|
|
15
|
+
const getExportedValue_1 = require("../cloudformation/getExportedValue");
|
|
16
|
+
const decodeValidJwt_1 = require("./decodeValidJwt");
|
|
17
|
+
const decodeAccessToken = (userDirectoryName, qpqConfig, accessToken, ignoreExpiration = false) => __awaiter(void 0, void 0, void 0, function* () {
|
|
18
|
+
const region = quidproquo_core_1.qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig);
|
|
19
|
+
const userPoolId = yield (0, getExportedValue_1.getExportedValue)((0, awsNamingUtils_1.getCFExportNameUserPoolIdFromConfig)(userDirectoryName, qpqConfig), region);
|
|
20
|
+
const decodedAuthToken = yield (0, decodeValidJwt_1.decodeValidJwt)(userPoolId, region, ignoreExpiration, accessToken);
|
|
21
|
+
if (!decodedAuthToken || !(decodedAuthToken === null || decodedAuthToken === void 0 ? void 0 : decodedAuthToken.username)) {
|
|
22
|
+
throw new Error('Unable to decode access token');
|
|
23
|
+
}
|
|
24
|
+
const wasValid = !ignoreExpiration || decodedAuthToken.exp > Math.floor(Date.now() / 1000);
|
|
25
|
+
const decodedAccesToken = Object.assign(Object.assign({}, decodedAuthToken), { wasValid, userDirectory: userDirectoryName });
|
|
26
|
+
return decodedAccesToken;
|
|
27
|
+
});
|
|
28
|
+
exports.decodeAccessToken = decodeAccessToken;
|
|
@@ -1,5 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
username: string;
|
|
4
|
-
};
|
|
5
|
-
export declare const decodeValidJwt: (userPoolId: string, region: string, ignoreExpiration: boolean, accessToken?: string) => Promise<AuthInfo | null>;
|
|
1
|
+
import { DecodedAccessToken } from 'quidproquo-core';
|
|
2
|
+
export declare const decodeValidJwt: (userPoolId: string, region: string, ignoreExpiration: boolean, accessToken?: string) => Promise<Omit<DecodedAccessToken, 'userDirectory'> | null>;
|
|
@@ -33,10 +33,13 @@ const decodeValidJwt = (userPoolId, region, ignoreExpiration, accessToken) => __
|
|
|
33
33
|
algorithms: ['RS256'],
|
|
34
34
|
ignoreExpiration,
|
|
35
35
|
});
|
|
36
|
-
|
|
36
|
+
const decodedAccessToken = {
|
|
37
37
|
userId: payload.sub,
|
|
38
38
|
username: payload.username,
|
|
39
|
+
exp: payload.exp,
|
|
40
|
+
wasValid: true,
|
|
39
41
|
};
|
|
42
|
+
return decodedAccessToken;
|
|
40
43
|
}
|
|
41
44
|
catch (e) {
|
|
42
45
|
console.log('Failed to decode jwt token', e);
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./decodeValidJwt"), exports);
|
|
18
|
+
__exportStar(require("./decodeAccessToken"), exports);
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './cognito';
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./cognito"), exports);
|
|
@@ -1,7 +1,34 @@
|
|
|
1
1
|
import { EventActionType, actionResult, } from 'quidproquo-core';
|
|
2
|
+
import { qpqWebServerUtils } from 'quidproquo-webserver';
|
|
3
|
+
import { decodeAccessToken } from '../../../../../logic/cognito';
|
|
2
4
|
const getProcessGetStorySession = (qpqConfig) => {
|
|
3
|
-
return async ({
|
|
4
|
-
|
|
5
|
+
return async ({ matchStoryResult, qpqEventRecord }, session) => {
|
|
6
|
+
const accessToken = qpqWebServerUtils.getAccessTokenFromHeaders(qpqEventRecord.headers);
|
|
7
|
+
if (!accessToken) {
|
|
8
|
+
return actionResult(void 0);
|
|
9
|
+
}
|
|
10
|
+
// if this endpoint has no auth settings, BUT we do have an access token
|
|
11
|
+
// then we want to just attempt to extract info for logs, but we will say that its
|
|
12
|
+
// wasValid = false
|
|
13
|
+
if (!matchStoryResult.config?.routeAuthSettings?.userDirectoryName) {
|
|
14
|
+
// If this endpoint is unauthenticated, then we will just decode it, and say it wasnt valid, for logs
|
|
15
|
+
const info = qpqWebServerUtils.decodeJWT(accessToken);
|
|
16
|
+
return actionResult({
|
|
17
|
+
...session,
|
|
18
|
+
decodedAccessToken: {
|
|
19
|
+
exp: info?.exp || 0,
|
|
20
|
+
userDirectory: '',
|
|
21
|
+
userId: info?.sub || info?.id || info?.userId || info?.username || '',
|
|
22
|
+
username: info?.username || info?.userId || info?.sub || info?.id || '',
|
|
23
|
+
wasValid: false,
|
|
24
|
+
},
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
const decodedAccessToken = await decodeAccessToken(matchStoryResult.config.routeAuthSettings.userDirectoryName, qpqConfig, accessToken, true);
|
|
28
|
+
return actionResult({
|
|
29
|
+
...session,
|
|
30
|
+
decodedAccessToken,
|
|
31
|
+
});
|
|
5
32
|
};
|
|
6
33
|
};
|
|
7
34
|
export const getEventGetStorySessionActionProcessor = async (qpqConfig) => ({
|
|
@@ -18,12 +18,13 @@ const getProcessMatchStory = (qpqConfig) => {
|
|
|
18
18
|
if (!matchedRoute) {
|
|
19
19
|
return actionResultError(ErrorTypeEnum.NotFound, `route not found [${qpqEventRecord.path}] - [${qpqWebServerUtils.getHeaderValue('user-agent', qpqEventRecord.headers)}]`);
|
|
20
20
|
}
|
|
21
|
-
|
|
21
|
+
const matchResult = {
|
|
22
22
|
runtime: matchedRoute.route.runtime,
|
|
23
23
|
runtimeOptions: matchedRoute.match.params || {},
|
|
24
24
|
// TODO: Make this aware of the API that we are eventing
|
|
25
25
|
config: qpqWebServerUtils.mergeAllRouteOptions('api', matchedRoute.route, qpqConfig),
|
|
26
|
-
}
|
|
26
|
+
};
|
|
27
|
+
return actionResult(matchResult);
|
|
27
28
|
};
|
|
28
29
|
};
|
|
29
30
|
export const getEventMatchStoryActionProcessor = async (qpqConfig) => ({
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import { HTTPEvent, HTTPEventResponse } from 'quidproquo-webserver';
|
|
1
|
+
import { HTTPEvent, HTTPEventResponse, RouteOptions } from 'quidproquo-webserver';
|
|
2
2
|
import { APIGatewayEvent, Context, APIGatewayProxyResult } from 'aws-lambda';
|
|
3
3
|
import { MatchStoryResult } from 'quidproquo-core';
|
|
4
4
|
export type EventInput = [APIGatewayEvent, Context];
|
|
5
5
|
export type EventOutput = APIGatewayProxyResult;
|
|
6
6
|
export type InternalEventRecord = HTTPEvent;
|
|
7
7
|
export type InternalEventOutput = HTTPEventResponse;
|
|
8
|
-
export type MatchResult = MatchStoryResult<
|
|
8
|
+
export type MatchResult = MatchStoryResult<Record<string, string>, RouteOptions>;
|
|
@@ -14,7 +14,7 @@ const getProcessExecuteStory = (qpqConfig) => {
|
|
|
14
14
|
const resolveStory = createRuntime(qpqConfig, {
|
|
15
15
|
context: payload.storySession?.context || session.context,
|
|
16
16
|
depth: (payload.storySession?.depth || session.depth || 0) + 1,
|
|
17
|
-
|
|
17
|
+
decodedAccessToken: payload.storySession?.decodedAccessToken || session.decodedAccessToken,
|
|
18
18
|
correlation: payload.storySession?.correlation || session.correlation,
|
|
19
19
|
}, async () => actionProcessors, getDateNow, logger,
|
|
20
20
|
// TODO: Share this logic.
|
|
@@ -8,11 +8,11 @@ const getProcessDecodeAccessToken = (qpqConfig) => {
|
|
|
8
8
|
const userPoolId = await getExportedValue(getCFExportNameUserPoolIdFromConfig(userDirectoryName, qpqConfig), region);
|
|
9
9
|
const authInfo = await decodeValidJwt(userPoolId, region, ignoreExpiration, accessToken);
|
|
10
10
|
if (!authInfo || !authInfo?.username) {
|
|
11
|
-
return actionResultError(ErrorTypeEnum.Unauthorized, 'Invalid
|
|
11
|
+
return actionResultError(ErrorTypeEnum.Unauthorized, 'Invalid access token');
|
|
12
12
|
}
|
|
13
13
|
return actionResult({
|
|
14
|
-
|
|
15
|
-
|
|
14
|
+
...authInfo,
|
|
15
|
+
userDirectory: userDirectoryName,
|
|
16
16
|
});
|
|
17
17
|
};
|
|
18
18
|
};
|
|
@@ -1,19 +1,18 @@
|
|
|
1
|
-
import { actionResult,
|
|
2
|
-
import {
|
|
3
|
-
import { getExportedValue } from '../../../logic/cloudformation/getExportedValue';
|
|
4
|
-
import { decodeValidJwt } from '../../../logic/cognito/decodeValidJwt';
|
|
1
|
+
import { actionResult, UserDirectoryActionType, actionResultError, ErrorTypeEnum, } from 'quidproquo-core';
|
|
2
|
+
import { decodeAccessToken } from '../../../logic/cognito/decodeAccessToken';
|
|
5
3
|
const getProcessReadAccessToken = (qpqConfig) => {
|
|
6
|
-
return async ({ userDirectoryName, ignoreExpiration },
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
4
|
+
return async ({ userDirectoryName, ignoreExpiration }, { decodedAccessToken, accessToken }) => {
|
|
5
|
+
if (decodedAccessToken) {
|
|
6
|
+
if (!ignoreExpiration && decodedAccessToken.exp < Math.floor(Date.now() / 1000)) {
|
|
7
|
+
return actionResultError(ErrorTypeEnum.Invalid, 'Access has expired');
|
|
8
|
+
}
|
|
9
|
+
return actionResult(decodedAccessToken);
|
|
10
|
+
}
|
|
11
|
+
const decodedAuthToken = await decodeAccessToken(userDirectoryName, qpqConfig, accessToken, ignoreExpiration);
|
|
12
|
+
if (!decodedAuthToken || !decodedAuthToken.username) {
|
|
11
13
|
return actionResultError(ErrorTypeEnum.Unauthorized, 'Invalid accessToken');
|
|
12
14
|
}
|
|
13
|
-
return actionResult(
|
|
14
|
-
userId: authInfo.userId,
|
|
15
|
-
username: authInfo.username,
|
|
16
|
-
});
|
|
15
|
+
return actionResult(decodedAuthToken);
|
|
17
16
|
};
|
|
18
17
|
};
|
|
19
18
|
export const getUserDirectoryReadAccessTokenActionProcessor = async (qpqConfig) => ({
|
package/lib/esm/getActionProcessor/core/userDirectory/getUserDirectoryRefreshTokenActionProcessor.js
CHANGED
|
@@ -2,17 +2,15 @@ import { actionResult, qpqCoreUtils, UserDirectoryActionType, actionResultError,
|
|
|
2
2
|
import { getCFExportNameUserPoolIdFromConfig, getCFExportNameUserPoolClientIdFromConfig } from '../../../awsNamingUtils';
|
|
3
3
|
import { refreshToken as cognitoRefreshToken } from '../../../logic/cognito/refreshToken';
|
|
4
4
|
import { getExportedValue } from '../../../logic/cloudformation/getExportedValue';
|
|
5
|
-
import { decodeValidJwt } from '../../../logic/cognito/decodeValidJwt';
|
|
6
5
|
const getProcessRefreshToken = (qpqConfig) => {
|
|
7
6
|
return async ({ userDirectoryName, refreshToken }, session) => {
|
|
8
7
|
const region = qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig);
|
|
9
8
|
const userPoolId = await getExportedValue(getCFExportNameUserPoolIdFromConfig(userDirectoryName, qpqConfig), region);
|
|
10
9
|
const userPoolClientId = await getExportedValue(getCFExportNameUserPoolClientIdFromConfig(userDirectoryName, qpqConfig), region);
|
|
11
|
-
|
|
12
|
-
if (!authInfo || !authInfo?.username) {
|
|
10
|
+
if (!session.decodedAccessToken || !session.decodedAccessToken.username) {
|
|
13
11
|
return actionResultError(ErrorTypeEnum.Unauthorized, 'Invalid accessToken');
|
|
14
12
|
}
|
|
15
|
-
const authResponse = await cognitoRefreshToken(userPoolId, userPoolClientId, qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig),
|
|
13
|
+
const authResponse = await cognitoRefreshToken(userPoolId, userPoolClientId, qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig), session.decodedAccessToken.username, refreshToken);
|
|
16
14
|
return actionResult(authResponse);
|
|
17
15
|
};
|
|
18
16
|
};
|
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
import { actionResult, UserDirectoryActionType, } from 'quidproquo-core';
|
|
2
|
+
import { decodeAccessToken } from '../../../logic/cognito';
|
|
2
3
|
const getProcessSetAccessToken = (qpqConfig) => {
|
|
3
|
-
return async ({ accessToken }, session,
|
|
4
|
+
return async ({ accessToken, userDirectoryName }, session, apl, logger, updateSession) => {
|
|
5
|
+
const decodedAccessToken = await decodeAccessToken(userDirectoryName, qpqConfig, accessToken, false);
|
|
4
6
|
updateSession({
|
|
7
|
+
decodedAccessToken: decodedAccessToken,
|
|
5
8
|
accessToken,
|
|
6
9
|
});
|
|
7
|
-
return actionResult(
|
|
10
|
+
return actionResult(decodedAccessToken);
|
|
8
11
|
};
|
|
9
12
|
};
|
|
10
13
|
export const getUserDirectorySetAccessTokenActionProcessor = async (qpqConfig) => ({
|
package/lib/esm/index.d.ts
CHANGED
|
@@ -5,5 +5,6 @@ export * from './runtimeConfig/QPQAWSResourceMap';
|
|
|
5
5
|
export * from './logic/parametersManager/getParameter';
|
|
6
6
|
export * from './logic/parametersManager/getParameters';
|
|
7
7
|
export * from './logic/cache/memoFunc';
|
|
8
|
+
export * from './logic';
|
|
8
9
|
export * from './lambdaHandlers';
|
|
9
10
|
export * from './getLambdaEntries';
|
package/lib/esm/index.js
CHANGED
|
@@ -2,8 +2,10 @@ export * from './getActionProcessor';
|
|
|
2
2
|
export * as awsLambdaUtils from './awsLambdaUtils';
|
|
3
3
|
export * as awsNamingUtils from './awsNamingUtils';
|
|
4
4
|
export * from './runtimeConfig/QPQAWSResourceMap';
|
|
5
|
+
// TODO EXPORT THIS BETTER..
|
|
5
6
|
export * from './logic/parametersManager/getParameter';
|
|
6
7
|
export * from './logic/parametersManager/getParameters';
|
|
7
8
|
export * from './logic/cache/memoFunc';
|
|
9
|
+
export * from './logic';
|
|
8
10
|
export * from './lambdaHandlers';
|
|
9
11
|
export * from './getLambdaEntries';
|
|
@@ -1,14 +1,11 @@
|
|
|
1
1
|
import { QpqRuntimeType } from 'quidproquo-core';
|
|
2
|
-
import { qpqWebServerUtils } from 'quidproquo-webserver';
|
|
3
2
|
import { getApiGatewayApiEventEventProcessor } from '../getActionProcessor';
|
|
4
3
|
import { getQpqLambdaRuntimeForEvent } from './helpers/getQpqLambdaRuntimeForEvent';
|
|
5
4
|
export const getApiGatewayEventHandler = (dynamicModuleLoader, qpqConfig) => getQpqLambdaRuntimeForEvent(QpqRuntimeType.API, (event) => {
|
|
6
5
|
console.log('event', JSON.stringify(event, null, 2));
|
|
7
6
|
console.log(event);
|
|
8
|
-
const accessToken = qpqWebServerUtils.getAccessTokenFromHeaders(event.headers);
|
|
9
7
|
return {
|
|
10
8
|
depth: 0,
|
|
11
|
-
accessToken: accessToken,
|
|
12
9
|
context: {},
|
|
13
10
|
};
|
|
14
11
|
}, getApiGatewayApiEventEventProcessor, dynamicModuleLoader, qpqConfig);
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { qpqCoreUtils } from 'quidproquo-core';
|
|
2
|
+
import { getCFExportNameUserPoolIdFromConfig } from '../../awsNamingUtils';
|
|
3
|
+
import { getExportedValue } from '../cloudformation/getExportedValue';
|
|
4
|
+
import { decodeValidJwt } from './decodeValidJwt';
|
|
5
|
+
export const decodeAccessToken = async (userDirectoryName, qpqConfig, accessToken, ignoreExpiration = false) => {
|
|
6
|
+
const region = qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig);
|
|
7
|
+
const userPoolId = await getExportedValue(getCFExportNameUserPoolIdFromConfig(userDirectoryName, qpqConfig), region);
|
|
8
|
+
const decodedAuthToken = await decodeValidJwt(userPoolId, region, ignoreExpiration, accessToken);
|
|
9
|
+
if (!decodedAuthToken || !decodedAuthToken?.username) {
|
|
10
|
+
throw new Error('Unable to decode access token');
|
|
11
|
+
}
|
|
12
|
+
const wasValid = !ignoreExpiration || decodedAuthToken.exp > Math.floor(Date.now() / 1000);
|
|
13
|
+
const decodedAccesToken = {
|
|
14
|
+
...decodedAuthToken,
|
|
15
|
+
wasValid,
|
|
16
|
+
userDirectory: userDirectoryName,
|
|
17
|
+
};
|
|
18
|
+
return decodedAccesToken;
|
|
19
|
+
};
|
|
@@ -1,5 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
username: string;
|
|
4
|
-
};
|
|
5
|
-
export declare const decodeValidJwt: (userPoolId: string, region: string, ignoreExpiration: boolean, accessToken?: string) => Promise<AuthInfo | null>;
|
|
1
|
+
import { DecodedAccessToken } from 'quidproquo-core';
|
|
2
|
+
export declare const decodeValidJwt: (userPoolId: string, region: string, ignoreExpiration: boolean, accessToken?: string) => Promise<Omit<DecodedAccessToken, 'userDirectory'> | null>;
|
|
@@ -18,10 +18,13 @@ export const decodeValidJwt = async (userPoolId, region, ignoreExpiration, acces
|
|
|
18
18
|
algorithms: ['RS256'],
|
|
19
19
|
ignoreExpiration,
|
|
20
20
|
});
|
|
21
|
-
|
|
21
|
+
const decodedAccessToken = {
|
|
22
22
|
userId: payload.sub,
|
|
23
23
|
username: payload.username,
|
|
24
|
+
exp: payload.exp,
|
|
25
|
+
wasValid: true,
|
|
24
26
|
};
|
|
27
|
+
return decodedAccessToken;
|
|
25
28
|
}
|
|
26
29
|
catch (e) {
|
|
27
30
|
console.log('Failed to decode jwt token', e);
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './cognito';
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './cognito';
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "quidproquo-actionprocessor-awslambda",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.232",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "./lib/commonjs/index.js",
|
|
6
6
|
"module": "./lib/esm/index.js",
|
|
@@ -52,9 +52,9 @@
|
|
|
52
52
|
"lodash": "^4.17.21",
|
|
53
53
|
"node-cache": "^5.1.2",
|
|
54
54
|
"node-match-path": "^0.6.3",
|
|
55
|
-
"quidproquo-config-aws": "0.0.
|
|
56
|
-
"quidproquo-core": "0.0.
|
|
57
|
-
"quidproquo-webserver": "0.0.
|
|
55
|
+
"quidproquo-config-aws": "0.0.232",
|
|
56
|
+
"quidproquo-core": "0.0.232",
|
|
57
|
+
"quidproquo-webserver": "0.0.232"
|
|
58
58
|
},
|
|
59
59
|
"devDependencies": {
|
|
60
60
|
"@types/aws-lambda": "^8.10.109",
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"@types/jsonwebtoken": "^9.0.2",
|
|
63
63
|
"@types/lodash": "^4.14.194",
|
|
64
64
|
"@types/node": "^18.11.9",
|
|
65
|
-
"quidproquo-tsconfig": "0.0.
|
|
65
|
+
"quidproquo-tsconfig": "0.0.232",
|
|
66
66
|
"typescript": "^4.9.3"
|
|
67
67
|
}
|
|
68
68
|
}
|