valtech-components 4.0.34 → 4.0.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm2022/lib/services/auth/auth.service.mjs +28 -20
- package/esm2022/lib/services/auth/oauth-callback.component.mjs +13 -1
- package/esm2022/lib/services/auth/oauth.service.mjs +83 -8
- package/esm2022/lib/services/auth/storage.service.mjs +7 -11
- package/esm2022/lib/services/auth/types.mjs +1 -1
- package/esm2022/lib/services/link-processor.service.mjs +27 -5
- package/esm2022/lib/services/requests/request-visibility.mjs +41 -0
- package/esm2022/lib/services/requests/types.mjs +1 -1
- package/esm2022/lib/version.mjs +2 -2
- package/esm2022/public-api.mjs +2 -1
- package/fesm2022/valtech-components.mjs +195 -41
- package/fesm2022/valtech-components.mjs.map +1 -1
- package/lib/components/atoms/rights-footer/rights-footer.component.d.ts +2 -2
- package/lib/components/atoms/text/text.component.d.ts +1 -1
- package/lib/components/atoms/user-avatar/user-avatar.component.d.ts +1 -1
- package/lib/components/molecules/cta-card/cta-card.component.d.ts +1 -1
- package/lib/components/molecules/features-list/features-list.component.d.ts +1 -1
- package/lib/components/molecules/metric-card/metric-card.component.d.ts +1 -1
- package/lib/components/organisms/article/article.component.d.ts +6 -6
- package/lib/components/organisms/auth-cta/auth-cta.component.d.ts +1 -1
- package/lib/components/organisms/notification-preferences-view/notification-preferences-view.component.d.ts +1 -1
- package/lib/services/auth/oauth-callback.component.d.ts +6 -0
- package/lib/services/auth/oauth.service.d.ts +28 -0
- package/lib/services/auth/storage.service.d.ts +1 -1
- package/lib/services/auth/types.d.ts +6 -0
- package/lib/services/link-processor.service.d.ts +12 -0
- package/lib/services/requests/request-visibility.d.ts +35 -0
- package/lib/services/requests/types.d.ts +7 -2
- package/lib/version.d.ts +1 -1
- package/package.json +1 -1
- package/public-api.d.ts +1 -0
|
@@ -39,11 +39,11 @@ export declare class RightsFooterComponent {
|
|
|
39
39
|
/**
|
|
40
40
|
* Computed helper for align prop in template.
|
|
41
41
|
*/
|
|
42
|
-
propsAlign: import("@angular/core").Signal<"
|
|
42
|
+
propsAlign: import("@angular/core").Signal<"left" | "center" | "right">;
|
|
43
43
|
/**
|
|
44
44
|
* Computed helper for color prop in template.
|
|
45
45
|
*/
|
|
46
|
-
propsColor: import("@angular/core").Signal<"
|
|
46
|
+
propsColor: import("@angular/core").Signal<"success" | "medium" | "primary" | "secondary" | "tertiary" | "warning" | "danger" | "light" | "dark">;
|
|
47
47
|
/**
|
|
48
48
|
* Computed helper for withMargin prop in template.
|
|
49
49
|
*/
|
|
@@ -11,7 +11,7 @@ export declare class TextComponent {
|
|
|
11
11
|
*/
|
|
12
12
|
displayContent: import("@angular/core").Signal<string>;
|
|
13
13
|
propsColor: import("@angular/core").Signal<import("@ionic/core").Color>;
|
|
14
|
-
propsSize: import("@angular/core").Signal<"
|
|
14
|
+
propsSize: import("@angular/core").Signal<"small" | "medium" | "large" | "xlarge">;
|
|
15
15
|
propsBold: import("@angular/core").Signal<boolean>;
|
|
16
16
|
propsProcessLinks: import("@angular/core").Signal<boolean>;
|
|
17
17
|
propsAllowPartialBold: import("@angular/core").Signal<boolean>;
|
|
@@ -38,7 +38,7 @@ export declare class UserAvatarComponent {
|
|
|
38
38
|
readonly imageUrl: import("@angular/core").Signal<string>;
|
|
39
39
|
/** Iniciales — 1-2 chars derivados de name (preferred) o email prefix. */
|
|
40
40
|
readonly initials: import("@angular/core").Signal<string>;
|
|
41
|
-
readonly sizeClass: import("@angular/core").Signal<"
|
|
41
|
+
readonly sizeClass: import("@angular/core").Signal<"small" | "medium" | "large" | "xlarge" | "xsmall">;
|
|
42
42
|
readonly shapeClass: import("@angular/core").Signal<"circle" | "square">;
|
|
43
43
|
/** Background — explicito o derivado deterministicamente del user. */
|
|
44
44
|
readonly bgColor: import("@angular/core").Signal<string>;
|
|
@@ -35,7 +35,7 @@ export declare class CtaCardComponent {
|
|
|
35
35
|
/** Emitted with the token of the clicked action button */
|
|
36
36
|
onAction: EventEmitter<string>;
|
|
37
37
|
/** Merged configuration with defaults */
|
|
38
|
-
config: import("@angular/core").Signal<CtaCardMetadata & Required<Pick<CtaCardMetadata, "
|
|
38
|
+
config: import("@angular/core").Signal<CtaCardMetadata & Required<Pick<CtaCardMetadata, "borderRadius" | "bordered" | "shadowed" | "align" | "padding">>>;
|
|
39
39
|
getBackground(): string;
|
|
40
40
|
getColor(): string | null;
|
|
41
41
|
static ɵfac: i0.ɵɵFactoryDeclaration<CtaCardComponent, never>;
|
|
@@ -41,7 +41,7 @@ export declare class FeaturesListComponent {
|
|
|
41
41
|
iconColor: string;
|
|
42
42
|
iconSize: number;
|
|
43
43
|
mode: "horizontal" | "vertical";
|
|
44
|
-
gap: "
|
|
44
|
+
gap: "small" | "medium" | "large";
|
|
45
45
|
alignment: "center" | "start";
|
|
46
46
|
imageShape: "circle" | "square";
|
|
47
47
|
maxVisible: number;
|
|
@@ -28,7 +28,7 @@ export declare class MetricCardComponent {
|
|
|
28
28
|
/** Emitted with the token of the clicked action */
|
|
29
29
|
onAction: EventEmitter<string>;
|
|
30
30
|
/** Merged configuration with defaults */
|
|
31
|
-
config: import("@angular/core").Signal<MetricCardMetadata & Required<Pick<MetricCardMetadata, "
|
|
31
|
+
config: import("@angular/core").Signal<MetricCardMetadata & Required<Pick<MetricCardMetadata, "borderRadius" | "bordered" | "shadowed" | "padding">>>;
|
|
32
32
|
static ɵfac: i0.ɵɵFactoryDeclaration<MetricCardComponent, never>;
|
|
33
33
|
static ɵcmp: i0.ɵɵComponentDeclaration<MetricCardComponent, "val-metric-card", never, { "props": { "alias": "props"; "required": false; "isSignal": true; }; }, { "onAction": "onAction"; }, never, never, true, never>;
|
|
34
34
|
}
|
|
@@ -45,7 +45,7 @@ export declare class ArticleComponent implements OnInit {
|
|
|
45
45
|
getVideoElement(element: ArticleElement): ArticleVideoElement;
|
|
46
46
|
getCustomElement(element: ArticleElement): ArticleCustomElement;
|
|
47
47
|
getQuoteTextProps(element: ArticleElement): {
|
|
48
|
-
size: "
|
|
48
|
+
size: "small" | "medium" | "large" | "xlarge";
|
|
49
49
|
color: import("@ionic/core").Color;
|
|
50
50
|
content?: string;
|
|
51
51
|
bold: boolean;
|
|
@@ -57,11 +57,11 @@ export declare class ArticleComponent implements OnInit {
|
|
|
57
57
|
linkConfig?: import("valtech-components").LinkProcessorConfig;
|
|
58
58
|
allowPartialBold?: boolean;
|
|
59
59
|
authorColor?: import("@ionic/core").Color;
|
|
60
|
-
alignment?: "
|
|
60
|
+
alignment?: "left" | "center" | "right";
|
|
61
61
|
showQuoteMark?: boolean;
|
|
62
62
|
};
|
|
63
63
|
getHighlightTextProps(element: ArticleElement): {
|
|
64
|
-
size: "
|
|
64
|
+
size: "small" | "medium" | "large" | "xlarge";
|
|
65
65
|
color: import("@ionic/core").Color;
|
|
66
66
|
content?: string;
|
|
67
67
|
bold: boolean;
|
|
@@ -76,7 +76,7 @@ export declare class ArticleComponent implements OnInit {
|
|
|
76
76
|
getHighlightColor(element: ArticleElement): string;
|
|
77
77
|
getButtonProps(element: ArticleElement): {
|
|
78
78
|
actionType?: import("valtech-components").ActionType;
|
|
79
|
-
expand?: "
|
|
79
|
+
expand?: "full" | "block";
|
|
80
80
|
link?: string;
|
|
81
81
|
href?: string;
|
|
82
82
|
routerLink?: string | any[];
|
|
@@ -92,8 +92,8 @@ export declare class ArticleComponent implements OnInit {
|
|
|
92
92
|
icon?: import("valtech-components").IconMetada;
|
|
93
93
|
shape?: "round";
|
|
94
94
|
size?: "default" | "small" | "large";
|
|
95
|
-
fill?: "default" | "
|
|
96
|
-
type: "
|
|
95
|
+
fill?: "default" | "clear" | "outline" | "solid";
|
|
96
|
+
type: "reset" | "submit" | "button";
|
|
97
97
|
token?: string;
|
|
98
98
|
ref?: any;
|
|
99
99
|
handler?: (value: any) => any;
|
|
@@ -35,7 +35,7 @@ export declare class AuthCtaComponent {
|
|
|
35
35
|
onRegister: EventEmitter<void>;
|
|
36
36
|
constructor();
|
|
37
37
|
/** Merged configuration with defaults */
|
|
38
|
-
config: import("@angular/core").Signal<AuthCtaMetadata & Required<Pick<AuthCtaMetadata, "
|
|
38
|
+
config: import("@angular/core").Signal<AuthCtaMetadata & Required<Pick<AuthCtaMetadata, "borderRadius" | "align" | "padding">>>;
|
|
39
39
|
loginLabel: import("@angular/core").Signal<string>;
|
|
40
40
|
registerLabel: import("@angular/core").Signal<string>;
|
|
41
41
|
resolvedBg: import("@angular/core").Signal<string>;
|
|
@@ -90,7 +90,7 @@ export declare class NotificationPreferencesViewComponent implements OnInit, OnD
|
|
|
90
90
|
readonly busyLabel: import("@angular/core").Signal<string>;
|
|
91
91
|
readonly contextMessage: import("@angular/core").Signal<string>;
|
|
92
92
|
readonly alertVariant: import("@angular/core").Signal<"warning" | "danger" | "info">;
|
|
93
|
-
readonly alertIcon: import("@angular/core").Signal<"
|
|
93
|
+
readonly alertIcon: import("@angular/core").Signal<"alert-circle-outline" | "close-circle-outline">;
|
|
94
94
|
readonly toggleProps: import("@angular/core").Signal<ToggleInputMetadata>;
|
|
95
95
|
readonly retryButtonProps: import("@angular/core").Signal<Partial<ButtonMetadata>>;
|
|
96
96
|
readonly tokenPreview: import("@angular/core").Signal<string>;
|
|
@@ -25,6 +25,12 @@ import * as i0 from "@angular/core";
|
|
|
25
25
|
*/
|
|
26
26
|
export declare class OAuthCallbackComponent implements OnInit {
|
|
27
27
|
message: string;
|
|
28
|
+
/**
|
|
29
|
+
* Nonce que el opener generó y pasó por el flujo (round-trip backend). Se
|
|
30
|
+
* reenvía al opener en cada mensaje para que verifique el origen del callback
|
|
31
|
+
* y rechace un oauth_callback_data forjado en localStorage por XSS (M-07).
|
|
32
|
+
*/
|
|
33
|
+
private clientNonce;
|
|
28
34
|
ngOnInit(): void;
|
|
29
35
|
private processCallback;
|
|
30
36
|
private sendToParent;
|
|
@@ -44,6 +44,13 @@ export declare class OAuthService {
|
|
|
44
44
|
private popup;
|
|
45
45
|
private messageHandler;
|
|
46
46
|
private checkClosedInterval;
|
|
47
|
+
/**
|
|
48
|
+
* Nonce del flujo OAuth en curso (M-07). Vive SOLO en memoria — un XSS no lo
|
|
49
|
+
* puede leer de localStorage/sessionStorage. Viaja al backend (client_nonce),
|
|
50
|
+
* vuelve en el callback, y se verifica acá → rechaza un oauth_callback_data
|
|
51
|
+
* forjado por XSS.
|
|
52
|
+
*/
|
|
53
|
+
private expectedNonce;
|
|
47
54
|
constructor(config: ValtechAuthConfig | null, http: HttpClient, ngZone: NgZone);
|
|
48
55
|
/**
|
|
49
56
|
* Inicia flujo OAuth en popup.
|
|
@@ -94,6 +101,27 @@ export declare class OAuthService {
|
|
|
94
101
|
* Limpia recursos del popup.
|
|
95
102
|
*/
|
|
96
103
|
private cleanup;
|
|
104
|
+
/**
|
|
105
|
+
* Genera un nonce aleatorio (CSPRNG) url-safe para el flujo OAuth (M-07).
|
|
106
|
+
*/
|
|
107
|
+
private generateNonce;
|
|
108
|
+
/**
|
|
109
|
+
* Verifica que el callback traiga el nonce del flujo actual (M-07).
|
|
110
|
+
*
|
|
111
|
+
* Estricto: si el opener generó un nonce (siempre, en clientes nuevos) exige
|
|
112
|
+
* que el callback lo traiga y coincida. Un payload forjado en localStorage por
|
|
113
|
+
* XSS no conoce el nonce (vive solo en memoria) → se rechaza.
|
|
114
|
+
*
|
|
115
|
+
* ⚠️ Requiere que el backend ya eche `client_nonce` en el callback. Deploy:
|
|
116
|
+
* backend ANTES que el frontend, si no este check rechaza callbacks legítimos
|
|
117
|
+
* (sin nonce) durante la ventana de transición.
|
|
118
|
+
*/
|
|
119
|
+
private isNonceValid;
|
|
120
|
+
/**
|
|
121
|
+
* Valida la forma del payload del callback (M-07): debe ser un error o tokens
|
|
122
|
+
* como objeto. Bloquea inyecciones malformadas (primitivos, shapes basura).
|
|
123
|
+
*/
|
|
124
|
+
private isCallbackShapeValid;
|
|
97
125
|
static ɵfac: i0.ɵɵFactoryDeclaration<OAuthService, [{ optional: true; }, null, null]>;
|
|
98
126
|
static ɵprov: i0.ɵɵInjectableDeclaration<OAuthService>;
|
|
99
127
|
}
|
|
@@ -852,6 +852,12 @@ export interface OAuthCallbackData {
|
|
|
852
852
|
tokens?: OAuthResult;
|
|
853
853
|
/** Error (si falló) */
|
|
854
854
|
error?: OAuthError;
|
|
855
|
+
/**
|
|
856
|
+
* Nonce del opener (M-07). El popup lo recibe del backend (round-trip por el
|
|
857
|
+
* OAuthState firmado) y lo reenvía; el opener lo verifica contra el que generó
|
|
858
|
+
* en memoria → rechaza un oauth_callback_data forjado en localStorage por XSS.
|
|
859
|
+
*/
|
|
860
|
+
nonce?: string;
|
|
855
861
|
}
|
|
856
862
|
/**
|
|
857
863
|
* Proveedor OAuth vinculado al usuario.
|
|
@@ -65,6 +65,18 @@ export declare class LinkProcessorService {
|
|
|
65
65
|
* ```
|
|
66
66
|
*/
|
|
67
67
|
processLinks(text: string, config?: LinkProcessorConfig): SafeHtml | string;
|
|
68
|
+
/**
|
|
69
|
+
* Devuelve un valor seguro para el atributo href. Como processLinks usa
|
|
70
|
+
* bypassSecurityTrustHtml (desactiva la sanitización automática de Angular),
|
|
71
|
+
* cada URL se valida explícitamente: el sanitizador de Angular neutraliza
|
|
72
|
+
* esquemas peligrosos (javascript:, data:, vbscript:) prefijándolos con
|
|
73
|
+
* `unsafe:`, y luego se escapa el resultado para el contexto de atributo —
|
|
74
|
+
* evitando que una URL como `[x](javascript:alert(1))` o `http://a" onx="..."`
|
|
75
|
+
* inyecte script o atributos.
|
|
76
|
+
*/
|
|
77
|
+
private safeHref;
|
|
78
|
+
/** Escapa los caracteres especiales de HTML (texto y valores de atributo). */
|
|
79
|
+
private escapeHtml;
|
|
68
80
|
/**
|
|
69
81
|
* Detecta si un texto contiene enlaces (URLs, rutas internas o enlaces Markdown).
|
|
70
82
|
*
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import { RequestTypeConfig } from './types';
|
|
2
|
+
/**
|
|
3
|
+
* Contexto del viewer para decidir qué tipos de solicitud puede ver/enviar.
|
|
4
|
+
* Lo arma la app desde su estado de auth (AuthService).
|
|
5
|
+
*/
|
|
6
|
+
export interface RequestViewerContext {
|
|
7
|
+
/** Hay sesión activa. */
|
|
8
|
+
isAuthenticated: boolean;
|
|
9
|
+
/**
|
|
10
|
+
* Usuario activo/verificado (claim `verified` del token = Status ACTIVE).
|
|
11
|
+
* Solo relevante si isAuthenticated. Si se omite, se asume verificado
|
|
12
|
+
* (en la práctica el signin solo emite tokens a cuentas ACTIVE).
|
|
13
|
+
*/
|
|
14
|
+
isVerified?: boolean;
|
|
15
|
+
/** Org activa del usuario (para tipos ORG/INTERNAL). */
|
|
16
|
+
activeOrg?: string;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* ¿Este viewer puede ENVIAR una solicitud de este tipo? Espeja el gate
|
|
20
|
+
* server-side (`backend/.../request: submissionTargetOrg`). Es solo UX — el
|
|
21
|
+
* backend siempre valida —, pero evita que cada app reimplemente (mal) el filtro:
|
|
22
|
+
*
|
|
23
|
+
* - PUBLIC → cualquiera (anónimo solo si allowAnonymous).
|
|
24
|
+
* - AUTHENTICATED → logueado + verificado (cross-org).
|
|
25
|
+
* - ORG/INTERNAL → miembro de la org dueña (activeOrg === type.orgId).
|
|
26
|
+
*/
|
|
27
|
+
export declare function canSubmitRequestType(type: RequestTypeConfig, ctx: RequestViewerContext): boolean;
|
|
28
|
+
/** Filtra el catálogo a los tipos que el viewer puede enviar. */
|
|
29
|
+
export declare function selectableRequestTypes(types: RequestTypeConfig[], ctx: RequestViewerContext): RequestTypeConfig[];
|
|
30
|
+
/**
|
|
31
|
+
* Modo de envío a usar: `'anonymous'` solo para tipos PUBLIC + allowAnonymous sin
|
|
32
|
+
* sesión; en el resto `'authenticated'`. Mapea a
|
|
33
|
+
* `RequestService.createAnonymousRequest` vs `createRequest`.
|
|
34
|
+
*/
|
|
35
|
+
export declare function requestSubmitMode(type: RequestTypeConfig, ctx: RequestViewerContext): 'anonymous' | 'authenticated';
|
|
@@ -49,7 +49,7 @@ export interface FieldSchemaDef {
|
|
|
49
49
|
order: number;
|
|
50
50
|
}
|
|
51
51
|
/** Quién puede leer un tipo de solicitud (y sus solicitudes públicas). */
|
|
52
|
-
export type RequestVisibility = 'PUBLIC' | 'ORG' | 'INTERNAL';
|
|
52
|
+
export type RequestVisibility = 'PUBLIC' | 'AUTHENTICATED' | 'ORG' | 'INTERNAL';
|
|
53
53
|
export interface RequestTypeConfig {
|
|
54
54
|
typeId: string;
|
|
55
55
|
appId: string;
|
|
@@ -58,7 +58,12 @@ export interface RequestTypeConfig {
|
|
|
58
58
|
labelEn: string;
|
|
59
59
|
fieldSchema: FieldSchemaDef[];
|
|
60
60
|
allowAnonymous: boolean;
|
|
61
|
-
/**
|
|
61
|
+
/**
|
|
62
|
+
* Quién puede leer/enviar este tipo (debe coincidir con el backend):
|
|
63
|
+
* - PUBLIC cualquiera, incluso sin login (anónimo si allowAnonymous).
|
|
64
|
+
* - AUTHENTICATED cualquier usuario logueado + verificado, cross-org.
|
|
65
|
+
* - ORG/INTERNAL solo miembros de la org dueña. Default ORG.
|
|
66
|
+
*/
|
|
62
67
|
visibility?: RequestVisibility;
|
|
63
68
|
createdAt: string;
|
|
64
69
|
updatedAt: string;
|
package/lib/version.d.ts
CHANGED
package/package.json
CHANGED
package/public-api.d.ts
CHANGED
|
@@ -429,6 +429,7 @@ export * from './lib/services/requests/types';
|
|
|
429
429
|
export * from './lib/services/requests/request.service';
|
|
430
430
|
export * from './lib/services/requests/request-form-builder.service';
|
|
431
431
|
export * from './lib/services/requests/request-firestore.service';
|
|
432
|
+
export * from './lib/services/requests/request-visibility';
|
|
432
433
|
export * from './lib/components/organisms/article-strip/article-strip.component';
|
|
433
434
|
export * from './lib/components/organisms/article-strip/types';
|
|
434
435
|
export * from './lib/components/molecules/metric-card/metric-card.component';
|