wirejs-deploy-amplify-basic 0.0.29 → 0.0.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.ts +2 -1
  2. package/dist/index.js +5 -8
  3. package/dist/resource-collector.d.ts +1 -0
  4. package/dist/resource-collector.js +7 -0
  5. package/dist/services/authentication.d.ts +19 -0
  6. package/dist/services/authentication.js +491 -0
  7. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { Resource } from 'wirejs-resources';
2
- export { AuthenticationService, withContext, requiresContext, Context, CookieJar, Resource, overrides, } from 'wirejs-resources';
2
+ export { withContext, requiresContext, Context, CookieJar, Resource, overrides, } from 'wirejs-resources';
3
+ export { AuthenticationService } from './services/authentication.js';
3
4
  export declare class FileService extends Resource {
4
5
  constructor(scope: Resource | string, id: string);
5
6
  read(filename: string, encoding?: BufferEncoding): Promise<string>;
package/dist/index.js CHANGED
@@ -1,7 +1,10 @@
1
1
  import { env } from 'process';
2
2
  import { S3Client, ListObjectsCommand, PutObjectCommand, GetObjectCommand, DeleteObjectCommand } from '@aws-sdk/client-s3';
3
3
  import { overrides, Resource, } from 'wirejs-resources';
4
- export { AuthenticationService, withContext, requiresContext, Context, CookieJar, Resource, overrides, } from 'wirejs-resources';
4
+ export { withContext, requiresContext, Context, CookieJar, Resource, overrides, } from 'wirejs-resources';
5
+ import { addResource } from './resource-collector.js';
6
+ import { AuthenticationService } from './services/authentication.js';
7
+ export { AuthenticationService } from './services/authentication.js';
5
8
  const Bucket = env['BUCKET'];
6
9
  const s3 = new S3Client();
7
10
  export class FileService extends Resource {
@@ -61,10 +64,4 @@ export class FileService extends Resource {
61
64
  }
62
65
  // expose resources to other resources that might depend on it.
63
66
  overrides.FileService = FileService;
64
- globalThis.wirejsResources = [];
65
- function addResource(type, options) {
66
- globalThis.wirejsResources.push({
67
- type,
68
- options
69
- });
70
- }
67
+ overrides.AuthenticationService = AuthenticationService;
package/dist/resource-collector.d.ts ADDED
@@ -0,0 +1 @@
1
+ export declare function addResource(type: string, options: any): void;
package/dist/resource-collector.js ADDED
@@ -0,0 +1,7 @@
1
+ globalThis.wirejsResources = [];
2
+ export function addResource(type, options) {
3
+ globalThis.wirejsResources.push({
4
+ type,
5
+ options
6
+ });
7
+ }
package/dist/services/authentication.d.ts ADDED
@@ -0,0 +1,19 @@
1
+ import { Resource, ContextWrapped, CookieJar, AuthenticationError, AuthenticationService as AuthenticationServiceBase, AuthenticationMachineState, AuthenticationServiceOptions, AuthenticationMachineInput, User } from 'wirejs-resources';
2
+ export declare function hasNonEmptyString(o: any, k: string): boolean;
3
+ export declare class AuthenticationService extends AuthenticationServiceBase {
4
+ #private;
5
+ constructor(scope: Resource | string, id: string, options?: AuthenticationServiceOptions);
6
+ getMachineState(cookies: CookieJar): Promise<AuthenticationMachineState>;
7
+ missingFieldErrors<T extends Record<string, string | number | boolean>>(input: T, fields: (keyof T & string)[]): AuthenticationError[] | undefined;
8
+ setMachineState(cookies: CookieJar, form: AuthenticationMachineInput): Promise<AuthenticationMachineState | {
9
+ errors: AuthenticationError[];
10
+ }>;
11
+ buildApi(): ContextWrapped<{
12
+ getState: () => Promise<AuthenticationMachineState>;
13
+ setState: (options: AuthenticationMachineInput) => Promise<AuthenticationMachineState | {
14
+ errors: AuthenticationError[];
15
+ }>;
16
+ getCurrentUser: () => Promise<User | null>;
17
+ requireCurrentUser: () => Promise<User>;
18
+ }>;
19
+ }
package/dist/services/authentication.js ADDED
@@ -0,0 +1,491 @@
1
+ import { env } from 'process';
2
+ import * as jose from 'jose';
3
+ import { CognitoIdentityProviderClient, SignUpCommand, ForgotPasswordCommand, ConfirmForgotPasswordCommand, ConfirmSignUpCommand, ResendConfirmationCodeCommand, InitiateAuthCommand, ChangePasswordCommand, } from '@aws-sdk/client-cognito-identity-provider';
4
+ import { withContext, SignedCookie, Secret, AuthenticationService as AuthenticationServiceBase, } from 'wirejs-resources';
5
+ import { addResource } from '../resource-collector.js';
6
+ const ClientId = env['COGNITO_CLIENT_ID'];
7
+ const actions = {
8
+ changepassword: {
9
+ name: "Change Password",
10
+ fields: {
11
+ existingPassword: {
12
+ label: 'Old Password',
13
+ type: 'password',
14
+ },
15
+ newPassword: {
16
+ label: 'New Password',
17
+ type: 'password',
18
+ }
19
+ },
20
+ buttons: ['Change Password']
21
+ },
22
+ signin: {
23
+ name: "Sign In",
24
+ fields: {
25
+ email: {
26
+ label: 'Email',
27
+ type: 'text',
28
+ },
29
+ password: {
30
+ label: 'Password',
31
+ type: 'password',
32
+ },
33
+ },
34
+ buttons: ['Sign In']
35
+ },
36
+ startforgotpassword: {
37
+ name: "Forgot Password"
38
+ },
39
+ continueforgotpassword: {
40
+ name: "Forgot Password",
41
+ fields: {
42
+ email: {
43
+ label: "Email",
44
+ type: "text"
45
+ },
46
+ },
47
+ buttons: ["Send Reset Code"]
48
+ },
49
+ completeforgotpassword: {
50
+ name: "Reset Password",
51
+ fields: {
52
+ code: {
53
+ label: "Reset Code",
54
+ type: "text"
55
+ },
56
+ password: {
57
+ label: "New Password",
58
+ type: 'password'
59
+ },
60
+ },
61
+ buttons: ["Set Password"]
62
+ },
63
+ startsignup: {
64
+ name: "Sign Up",
65
+ fields: {
66
+ email: {
67
+ label: 'Email',
68
+ type: 'text',
69
+ },
70
+ password: {
71
+ label: 'Password',
72
+ type: 'password',
73
+ },
74
+ },
75
+ buttons: ['Sign Up']
76
+ },
77
+ completesignup: {
78
+ name: "Finish Signing Up",
79
+ fields: {
80
+ code: {
81
+ label: "Confirmation Code",
82
+ type: 'text'
83
+ },
84
+ },
85
+ buttons: ['Complete Sign-up']
86
+ },
87
+ resendsignupcode: {
88
+ name: "Resend Confirmation Code"
89
+ },
90
+ signout: {
91
+ name: "Sign out"
92
+ },
93
+ cancel: {
94
+ name: "Cancel"
95
+ },
96
+ };
97
+ function machineAction(key) {
98
+ return {
99
+ key,
100
+ ...actions[key]
101
+ };
102
+ }
103
+ function machineActions(...keys) {
104
+ const result = {};
105
+ for (const k of keys) {
106
+ result[k] = machineAction(k);
107
+ }
108
+ return result;
109
+ }
110
+ function isAction(input, action) {
111
+ return input.key === action;
112
+ }
113
+ export function hasNonEmptyString(o, k) {
114
+ return (typeof o === 'object' && k in o && typeof o[k] === 'string' && o[k].length > 0);
115
+ }
116
+ const ONE_WEEK = 7 * 24 * 60 * 60; // days * hours/day * minutes/hour * seconds/minute
117
+ const client = new CognitoIdentityProviderClient();
118
+ export class AuthenticationService extends AuthenticationServiceBase {
119
+ #cookie;
120
+ #keepalive;
121
+ constructor(scope, id, options = {}) {
122
+ super(scope, id, options);
123
+ const signingSecret = new Secret(this, 'jwt-signing-secret');
124
+ this.#keepalive = options.keepalive ?? false;
125
+ this.#cookie = new SignedCookie(this, options.cookie ?? 'identity', signingSecret, { maxAge: ONE_WEEK });
126
+ addResource('AuthenticationService', { absoluteId: this.absoluteId });
127
+ }
128
+ async getMachineState(cookies) {
129
+ const state = await this.#cookie.read(cookies);
130
+ if (state?.state === 'authenticated') {
131
+ if (this.#keepalive)
132
+ this.#cookie.write(cookies, state);
133
+ return {
134
+ ...state,
135
+ actions: machineActions('changepassword', 'signout')
136
+ };
137
+ }
138
+ else {
139
+ if (state?.substate === 'pending-completesignup') {
140
+ return {
141
+ state: 'unauthenticated',
142
+ user: undefined,
143
+ actions: machineActions('completesignup', 'cancel')
144
+ };
145
+ }
146
+ else if (state?.substate === 'pending-continueforgotpassword') {
147
+ return {
148
+ state: 'unauthenticated',
149
+ user: undefined,
150
+ actions: machineActions('continueforgotpassword', 'cancel')
151
+ };
152
+ }
153
+ else if (state?.substate === 'pending-completeforgotpassword') {
154
+ return {
155
+ state: 'unauthenticated',
156
+ user: undefined,
157
+ actions: machineActions('completeforgotpassword', 'cancel')
158
+ };
159
+ }
160
+ else {
161
+ return {
162
+ state: 'unauthenticated',
163
+ user: undefined,
164
+ actions: machineActions('signin', 'startsignup')
165
+ };
166
+ }
167
+ }
168
+ }
169
+ missingFieldErrors(input, fields) {
170
+ const errors = [];
171
+ for (const field of fields) {
172
+ if (!input[field])
173
+ errors.push({
174
+ field,
175
+ message: "Field is required."
176
+ });
177
+ }
178
+ return errors.length > 0 ? errors : undefined;
179
+ }
180
+ async setMachineState(cookies, form) {
181
+ if (isAction(form, 'signout')) {
182
+ this.#cookie.clear(cookies);
183
+ return this.getMachineState(cookies);
184
+ }
185
+ else if (isAction(form, 'cancel')) {
186
+ const state = await this.#cookie.read(cookies);
187
+ if (!state)
188
+ return this.getMachineState(cookies);
189
+ state.metadata = undefined;
190
+ state.substate = undefined;
191
+ return this.getMachineState(cookies);
192
+ }
193
+ else if (isAction(form, 'startsignup')) {
194
+ const errors = this.missingFieldErrors(form.inputs, ['email', 'password']);
195
+ if (errors) {
196
+ return { errors };
197
+ }
198
+ try {
199
+ const command = new SignUpCommand({
200
+ ClientId,
201
+ Username: form.inputs.email,
202
+ Password: form.inputs.password,
203
+ UserAttributes: [
204
+ { Name: 'email', Value: form.inputs.email }
205
+ ]
206
+ });
207
+ const result = await client.send(command);
208
+ this.#cookie.write(cookies, {
209
+ state: 'unauthenticated',
210
+ user: undefined,
211
+ substate: 'pending-completesignup',
212
+ metadata: JSON.stringify({
213
+ email: form.inputs.email,
214
+ sub: result.UserSub,
215
+ })
216
+ });
217
+ return this.getMachineState(cookies);
218
+ }
219
+ catch (error) {
220
+ return {
221
+ errors: [{
222
+ message: error.message
223
+ }]
224
+ };
225
+ }
226
+ }
227
+ else if (isAction(form, 'resendsignupcode')) {
228
+ const state = await this.#cookie.read(cookies);
229
+ if (!state) {
230
+ this.#cookie.clear(cookies);
231
+ return this.getMachineState(cookies);
232
+ }
233
+ // bad state ...
234
+ if (state?.state === 'authenticated'
235
+ || state?.substate !== 'pending-completesignup'
236
+ || !state?.metadata) {
237
+ this.#cookie.write(cookies, {
238
+ ...state,
239
+ substate: undefined,
240
+ metadata: undefined,
241
+ });
242
+ return this.getMachineState(cookies);
243
+ }
244
+ try {
245
+ const command = new ResendConfirmationCodeCommand({
246
+ ClientId,
247
+ Username: state.metadata
248
+ });
249
+ await client.send(command);
250
+ return {
251
+ ...this.getMachineState(cookies),
252
+ message: 'Your code has been sent again.'
253
+ };
254
+ }
255
+ catch (error) {
256
+ return {
257
+ errors: [{
258
+ message: error.message
259
+ }]
260
+ };
261
+ }
262
+ }
263
+ else if (isAction(form, 'completesignup')) {
264
+ const errors = this.missingFieldErrors(form.inputs, ['code']);
265
+ if (errors) {
266
+ return { errors };
267
+ }
268
+ const state = await this.#cookie.read(cookies);
269
+ if (!state || state.substate !== 'pending-completesignup') {
270
+ this.#cookie.clear(cookies);
271
+ return this.getMachineState(cookies);
272
+ }
273
+ try {
274
+ const { email, sub } = JSON.parse(state.metadata);
275
+ if (!email || !sub) {
276
+ this.#cookie.clear(cookies);
277
+ return this.getMachineState(cookies);
278
+ }
279
+ const command = new ConfirmSignUpCommand({
280
+ ClientId,
281
+ Username: state.metadata,
282
+ ConfirmationCode: form.inputs.code
283
+ });
284
+ await client.send(command);
285
+ this.#cookie.write(cookies, {
286
+ state: 'authenticated',
287
+ user: {
288
+ id: sub,
289
+ displayName: email,
290
+ username: email,
291
+ }
292
+ });
293
+ return this.getMachineState(cookies);
294
+ }
295
+ catch (error) {
296
+ return {
297
+ errors: [{
298
+ message: error.message
299
+ }]
300
+ };
301
+ }
302
+ }
303
+ else if (isAction(form, 'signin')) {
304
+ const errors = this.missingFieldErrors(form.inputs, ['email', 'password']);
305
+ if (errors) {
306
+ return { errors };
307
+ }
308
+ try {
309
+ const command = new InitiateAuthCommand({
310
+ ClientId,
311
+ AuthFlow: 'USER_PASSWORD_AUTH',
312
+ AuthParameters: {
313
+ USERNAME: form.inputs.email,
314
+ PASSWORD: form.inputs.password,
315
+ }
316
+ });
317
+ const result = await client.send(command);
318
+ const jwtPayload = jose.decodeJwt(
319
+ // assuming for now, until we support challenges like OTP, Email code, etc.
320
+ result.AuthenticationResult?.IdToken);
321
+ this.#cookie.write(cookies, {
322
+ state: 'authenticated',
323
+ user: {
324
+ id: jwtPayload.sub,
325
+ username: jwtPayload['cognito:username'],
326
+ displayName: jwtPayload['cognito:username'],
327
+ },
328
+ });
329
+ return this.getMachineState(cookies);
330
+ }
331
+ catch (error) {
332
+ return {
333
+ errors: [{
334
+ message: error.message
335
+ }]
336
+ };
337
+ }
338
+ }
339
+ else if (isAction(form, 'changepassword')) {
340
+ const errors = this.missingFieldErrors(form.inputs, ['existingPassword', 'newPassword']);
341
+ if (errors) {
342
+ return { errors };
343
+ }
344
+ const state = await this.#cookie.read(cookies);
345
+ if (state?.state !== 'authenticated') {
346
+ this.#cookie.clear(cookies);
347
+ return this.getMachineState(cookies);
348
+ }
349
+ try {
350
+ // change password requires an access token, which we don't actually store.
351
+ // so, first step is to actually authenticate.
352
+ const authCommand = new InitiateAuthCommand({
353
+ ClientId,
354
+ AuthFlow: 'USER_PASSWORD_AUTH',
355
+ AuthParameters: {
356
+ USERNAME: state.user.username,
357
+ PASSWORD: form.inputs.existingPassword,
358
+ }
359
+ });
360
+ const authResult = await client.send(authCommand);
361
+ const changePassCommand = new ChangePasswordCommand({
362
+ AccessToken: authResult.AuthenticationResult?.AccessToken,
363
+ PreviousPassword: form.inputs.existingPassword,
364
+ ProposedPassword: form.inputs.newPassword
365
+ });
366
+ await client.send(changePassCommand);
367
+ return {
368
+ ...this.getMachineState(cookies),
369
+ message: 'Password changed.'
370
+ };
371
+ }
372
+ catch (error) {
373
+ return {
374
+ errors: [{
375
+ message: error.message
376
+ }]
377
+ };
378
+ }
379
+ }
380
+ else if (isAction(form, 'startforgotpassword')) {
381
+ const state = await this.#cookie.read(cookies);
382
+ if (state?.state === 'authenticated') {
383
+ // user is already signed in ... this is *probably* a rogue request?
384
+ return this.getMachineState(cookies);
385
+ }
386
+ await this.#cookie.write(cookies, {
387
+ state: 'unauthenticated',
388
+ user: undefined,
389
+ substate: 'pending-continueforgotpassword'
390
+ });
391
+ return this.getMachineState(cookies);
392
+ }
393
+ else if (isAction(form, 'continueforgotpassword')) {
394
+ const state = await this.#cookie.read(cookies);
395
+ if (state?.state === 'authenticated') {
396
+ // user is already signed in ... this is *probably* a rogue request?
397
+ return this.getMachineState(cookies);
398
+ }
399
+ const errors = this.missingFieldErrors(form.inputs, ['email']);
400
+ if (errors) {
401
+ return { errors };
402
+ }
403
+ try {
404
+ const command = new ForgotPasswordCommand({
405
+ ClientId,
406
+ Username: form.inputs.email
407
+ });
408
+ await client.send(command);
409
+ this.#cookie.write(cookies, {
410
+ state: 'unauthenticated',
411
+ user: undefined,
412
+ substate: 'pending-completeforgotpassword',
413
+ metadata: form.inputs.email,
414
+ });
415
+ return this.getMachineState(cookies);
416
+ }
417
+ catch (error) {
418
+ return {
419
+ errors: [{
420
+ message: error.message
421
+ }]
422
+ };
423
+ }
424
+ }
425
+ else if (isAction(form, 'completeforgotpassword')) {
426
+ const state = await this.#cookie.read(cookies);
427
+ if (state?.state === 'authenticated') {
428
+ // user is already signed in ... this is *probably* a rogue request?
429
+ return this.getMachineState(cookies);
430
+ }
431
+ const errors = this.missingFieldErrors(form.inputs, ['code', 'password']);
432
+ if (errors) {
433
+ return { errors };
434
+ }
435
+ try {
436
+ const command = new ConfirmForgotPasswordCommand({
437
+ ClientId,
438
+ ConfirmationCode: form.inputs.code,
439
+ Password: form.inputs.password,
440
+ Username: state?.metadata
441
+ });
442
+ await client.send(command);
443
+ this.#cookie.write(cookies, {
444
+ state: 'unauthenticated',
445
+ user: undefined,
446
+ });
447
+ return {
448
+ ...this.getMachineState(cookies),
449
+ message: `Password set. Please try signing in with your new password.`
450
+ };
451
+ }
452
+ catch (error) {
453
+ return {
454
+ errors: [{
455
+ message: error.message
456
+ }]
457
+ };
458
+ }
459
+ }
460
+ else {
461
+ return { errors: [{
462
+ message: 'Unrecognized authentication action.'
463
+ }]
464
+ };
465
+ }
466
+ }
467
+ buildApi() {
468
+ return withContext(context => ({
469
+ getState: () => this.getMachineState(context.cookies),
470
+ setState: (options) => this.setMachineState(context.cookies, options),
471
+ getCurrentUser: async () => {
472
+ const state = await this.#cookie.read(context.cookies);
473
+ if (state?.state === 'authenticated') {
474
+ return state.user;
475
+ }
476
+ else {
477
+ return null;
478
+ }
479
+ },
480
+ requireCurrentUser: async () => {
481
+ const state = await this.#cookie.read(context.cookies);
482
+ if (state?.state === 'authenticated') {
483
+ return state.user;
484
+ }
485
+ else {
486
+ throw new Error("Unauthorized.");
487
+ }
488
+ }
489
+ }));
490
+ }
491
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wirejs-deploy-amplify-basic",
3
- "version": "0.0.29",
3
+ "version": "0.0.30",
4
4
  "type": "module",
5
5
  "main": "./dist/index.js",
6
6
  "types": "./dist/index.d.ts",