From 8fc3b148040f88ed11f3e13b35c194ba661b911d Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 13:10:02 -0600 Subject: [PATCH 01/10] implement reading permissions from dynamodb --- src/api/functions/authorization.ts | 103 ++++++++++++++ src/api/index.ts | 2 + src/api/package.json | 3 +- src/api/plugins/auth.ts | 40 ++++-- src/api/types.d.ts | 2 + yarn.lock | 216 +++++++++++++++++++++++++++-- 6 files changed, 347 insertions(+), 19 deletions(-) create mode 100644 src/api/functions/authorization.ts diff --git a/src/api/functions/authorization.ts b/src/api/functions/authorization.ts new file mode 100644 index 0000000..6492ba1 --- /dev/null +++ b/src/api/functions/authorization.ts @@ -0,0 +1,103 @@ +import { + DynamoDBClient, + GetItemCommand, + QueryCommand, +} from "@aws-sdk/client-dynamodb"; +import { unmarshall } from "@aws-sdk/util-dynamodb"; +import { genericConfig } from "common/config.js"; +import { DatabaseFetchError } from "common/errors/index.js"; +import { allAppRoles, AppRoles } from "common/roles.js"; +import { FastifyInstance } from "fastify"; + +export const AUTH_DECISION_CACHE_SECONDS = 60; + +export async function getUserRoles( + dynamoClient: DynamoDBClient, + fastifyApp: FastifyInstance, + userId: string, +): Promise { + const cachedValue = fastifyApp.nodeCache.get(`userroles-${userId}`); + if (cachedValue) { + fastifyApp.log.info(`Returning cached auth decision for user ${userId}`); + return cachedValue as AppRoles[]; + } + const tableName = `${genericConfig["IAMTablePrefix"]}-userroles`; + const command = new GetItemCommand({ + TableName: tableName, + Key: { + userEmail: { S: userId }, + }, + }); + const response = await dynamoClient.send(command); + if (!response || !response.Item) { + throw new DatabaseFetchError({ + message: "Could not get user roles", + }); + } + const items = unmarshall(response.Item) as { roles: AppRoles[] | ["all"] }; + if (!("roles" in items)) { + return []; + } + if (items["roles"][0] === "all") { + fastifyApp.nodeCache.set( + `userroles-${userId}`, + allAppRoles, + AUTH_DECISION_CACHE_SECONDS, + ); + return allAppRoles; + } + fastifyApp.nodeCache.set( + `userroles-${userId}`, + items["roles"], + AUTH_DECISION_CACHE_SECONDS, + ); + return items["roles"] as AppRoles[]; +} + +export async function getGroupRoles( + dynamoClient: DynamoDBClient, + fastifyApp: FastifyInstance, + groupId: string, +) { + const cachedValue = fastifyApp.nodeCache.get(`grouproles-${groupId}`); + if (cachedValue) { + fastifyApp.log.info(`Returning cached auth decision for group ${groupId}`); + return cachedValue as AppRoles[]; + } + const tableName = `${genericConfig["IAMTablePrefix"]}-grouproles`; + const command = new GetItemCommand({ + TableName: tableName, + Key: { + groupUuid: { S: groupId }, + }, + }); + const response = await dynamoClient.send(command); + if (!response || !response.Item) { + throw new DatabaseFetchError({ + message: "Could not get group roles for user", + }); + } + const items = unmarshall(response.Item) as { roles: AppRoles[] | ["all"] }; + if (!("roles" in items)) { + fastifyApp.nodeCache.set( + `grouproles-${groupId}`, + [], + AUTH_DECISION_CACHE_SECONDS, + ); + return []; + } + if (items["roles"][0] === "all") { + fastifyApp.nodeCache.set( + `grouproles-${groupId}`, + allAppRoles, + AUTH_DECISION_CACHE_SECONDS, + ); + return allAppRoles; + } + fastifyApp.nodeCache.set( + `grouproles-${groupId}`, + items["roles"], + AUTH_DECISION_CACHE_SECONDS, + ); + return items["roles"] as AppRoles[]; +} diff --git a/src/api/index.ts b/src/api/index.ts index 8be0013..4fc737f 100644 --- a/src/api/index.ts +++ b/src/api/index.ts @@ -18,6 +18,7 @@ import * as dotenv from "dotenv"; import iamRoutes from "./routes/iam.js"; import ticketsPlugin from "./routes/tickets.js"; import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts"; +import NodeCache from "node-cache"; dotenv.config(); @@ -68,6 +69,7 @@ async function init() { app.runEnvironment = process.env.RunEnvironment as RunEnvironment; app.environmentConfig = environmentConfig[app.runEnvironment as RunEnvironment]; + app.nodeCache = new NodeCache({ checkperiod: 30 }); app.addHook("onRequest", (req, _, done) => { req.startTime = now(); const hostname = req.hostname; diff --git a/src/api/package.json b/src/api/package.json index 568ec13..1141ef6 100644 --- a/src/api/package.json +++ b/src/api/package.json @@ -15,6 +15,7 @@ "prettier:write": "prettier --write *.ts **/*.ts" }, "dependencies": { - "@aws-sdk/client-sts": "^3.726.0" + "@aws-sdk/client-sts": "^3.726.0", + "node-cache": "^5.1.2" } } diff --git a/src/api/plugins/auth.ts b/src/api/plugins/auth.ts index b615330..ab8f51e 100644 --- a/src/api/plugins/auth.ts +++ b/src/api/plugins/auth.ts @@ -14,6 +14,8 @@ import { UnauthorizedError, } from "../../common/errors/index.js"; import { genericConfig, SecretConfig } from "../../common/config.js"; +import { getGroupRoles, getUserRoles } from "api/functions/authorization.js"; +import { DynamoDBClient } from "@aws-sdk/client-dynamodb"; function intersection(setA: Set, setB: Set): Set { const _intersection = new Set(); @@ -55,6 +57,10 @@ const smClient = new SecretsManagerClient({ region: genericConfig.AwsRegion, }); +const dynamoClient = new DynamoDBClient({ + region: genericConfig.AwsRegion, +}); + export const getSecretValue = async ( secretId: string, ): Promise | null | SecretConfig> => { @@ -163,13 +169,18 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => { verifiedTokenData.groups && fastify.environmentConfig.GroupRoleMapping ) { - for (const group of verifiedTokenData.groups) { - if (fastify.environmentConfig["GroupRoleMapping"][group]) { - for (const role of fastify.environmentConfig["GroupRoleMapping"][ - group - ]) { + const groupRoles = await Promise.allSettled( + verifiedTokenData.groups.map((x) => + getGroupRoles(dynamoClient, fastify, x), + ), + ); + for (const result of groupRoles) { + if (result.status === "fulfilled") { + for (const role of result.value) { userRoles.add(role); } + } else { + request.log.warn(`Failed to get group roles: ${result.reason}`); } } } else { @@ -188,13 +199,24 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => { } } } + // add user-specific role overrides if (request.username && fastify.environmentConfig.UserRoleMapping) { if (fastify.environmentConfig["UserRoleMapping"][request.username]) { - for (const role of fastify.environmentConfig["UserRoleMapping"][ - request.username - ]) { - userRoles.add(role); + try { + const userAuth = await getUserRoles( + dynamoClient, + fastify, + request.username, + ); + for (const role of userAuth) { + userRoles.add(role); + } + } catch (e) { + request.log.warn( + `Failed to get user role mapping for ${request.username}`, + e, + ); } } } diff --git a/src/api/types.d.ts b/src/api/types.d.ts index 79b874c..7377098 100644 --- a/src/api/types.d.ts +++ b/src/api/types.d.ts @@ -2,6 +2,7 @@ import { FastifyRequest, FastifyInstance, FastifyReply } from "fastify"; import { AppRoles, RunEnvironment } from "../common/roles.js"; import { AadToken } from "./plugins/auth.js"; import { ConfigType } from "../common/config.js"; +import NodeCache from "node-cache"; declare module "fastify" { interface FastifyInstance { authenticate: ( @@ -20,6 +21,7 @@ declare module "fastify" { ) => Promise; runEnvironment: RunEnvironment; environmentConfig: ConfigType; + nodeCache: NodeCache; } interface FastifyRequest { startTime: number; diff --git a/yarn.lock b/yarn.lock index 40e3f98..a37bbe3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4089,6 +4089,11 @@ balanced-match@^2.0.0: resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-2.0.0.tgz#dc70f920d78db8b858535795867bf48f820633d9" integrity sha512-1ugUSr8BHXRnK23KfuYS+gVMC3LB8QGH9W1iGtDPsNWoQbgtXSExkBu2aDR4epiGWZOjZsj6lDl/N/AqqTC3UA== +base64-js@^1.3.1: + version "1.5.1" + resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" + integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== + bcrypt-pbkdf@^1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e" @@ -4103,6 +4108,15 @@ better-opn@^3.0.2: dependencies: open "^8.0.4" +bl@^4.0.3: + version "4.1.0" + resolved "https://registry.yarnpkg.com/bl/-/bl-4.1.0.tgz#451535264182bec2fbbc83a62ab98cf11d9f7b3a" + integrity sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w== + dependencies: + buffer "^5.5.0" + inherits "^2.0.4" + readable-stream "^3.4.0" + bowser@^2.11.0: version "2.11.0" resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.11.0.tgz#5ca3c35757a7aa5771500c70a73a9f91ef420a8f" @@ -4164,6 +4178,14 @@ buffer-equal-constant-time@1.0.1: resolved "https://registry.yarnpkg.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz#f8e71132f7ffe6e01a5c9697a4c6f3e48d5cc819" integrity sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA== +buffer@^5.5.0: + version "5.7.1" + resolved "https://registry.yarnpkg.com/buffer/-/buffer-5.7.1.tgz#ba62e7c13133053582197160851a8f648e99eed0" + integrity sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ== + dependencies: + base64-js "^1.3.1" + ieee754 "^1.1.13" + bytes@3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048" @@ -4220,6 +4242,14 @@ caniuse-lite@^1.0.30001688: resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001690.tgz#f2d15e3aaf8e18f76b2b8c1481abde063b8104c8" integrity sha512-5ExiE3qQN6oF8Clf8ifIDcMRCRE/dMGcETG/XGMD8/XiXm6HXQgQTh1yZYLXXpSOsEUlJm1Xr7kGULZTuGtP/w== +canvas@^3.0.0-rc2: + version "3.1.0" + resolved "https://registry.yarnpkg.com/canvas/-/canvas-3.1.0.tgz#6cdf094b859fef8e39b0e2c386728a376f1727b2" + integrity sha512-tTj3CqqukVJ9NgSahykNwtGda7V33VLObwrHfzT0vqJXu7J4d4C/7kQQW3fOEGDfZZoILPut5H00gOjyttPGyg== + dependencies: + node-addon-api "^7.0.0" + prebuild-install "^7.1.1" + caseless@~0.12.0: version "0.12.0" resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc" @@ -4288,6 +4318,11 @@ check-error@^2.1.1: resolved "https://registry.yarnpkg.com/check-error/-/check-error-2.1.1.tgz#87eb876ae71ee388fa0471fe423f494be1d96ccc" integrity sha512-OAlb+T7V4Op9OwdkjmguYRqncdlx5JiofwOAUkmTF+jNdHwzTaTs4sRAGpzLF3oOz5xAyDGrPgeIDFQmDOTiJw== +chownr@^1.1.1: + version "1.1.4" + resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.1.4.tgz#6fc9d7b42d32a583596337666e7d08084da2cc6b" + integrity sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg== + cli-boxes@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-3.0.0.tgz#71a10c716feeba005e4504f36329ef0b17cf3145" @@ -4323,7 +4358,7 @@ cliui@^8.0.1: strip-ansi "^6.0.1" wrap-ansi "^7.0.0" -clone@^2.1.1: +clone@2.x, clone@^2.1.1: version "2.1.2" resolved "https://registry.yarnpkg.com/clone/-/clone-2.1.2.tgz#1b7f4b9f591f1e8f83670401600345a02887435f" integrity sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w== @@ -4612,6 +4647,13 @@ decimal.js@^10.4.3: resolved "https://registry.yarnpkg.com/decimal.js/-/decimal.js-10.4.3.tgz#1044092884d245d1b7f65725fa4ad4c6f781cc23" integrity sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA== +decompress-response@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-6.0.0.tgz#ca387612ddb7e104bd16d85aab00d5ecf09c66fc" + integrity sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ== + dependencies: + mimic-response "^3.1.0" + deep-eql@^5.0.1: version "5.0.2" resolved "https://registry.yarnpkg.com/deep-eql/-/deep-eql-5.0.2.tgz#4b756d8d770a9257300825d52a2c2cff99c3a341" @@ -4684,6 +4726,11 @@ dequal@^2.0.2, dequal@^2.0.3: resolved "https://registry.yarnpkg.com/dequal/-/dequal-2.0.3.tgz#2644214f1997d39ed0ee0ece72335490a7ac67be" integrity sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA== +detect-libc@^2.0.0: + version "2.0.3" + resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-2.0.3.tgz#f0cd503b40f9939b894697d19ad50895e30cf700" + integrity sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw== + detect-node-es@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/detect-node-es/-/detect-node-es-1.1.0.tgz#163acdf643330caa0b4cd7c21e7ee7755d6fa493" @@ -4833,6 +4880,13 @@ emoji-regex@^9.2.2: resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72" integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg== +end-of-stream@^1.1.0, end-of-stream@^1.4.1: + version "1.4.4" + resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.4.tgz#5ae64a5f45057baf3626ec14da0ca5e4b2431eb0" + integrity sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q== + dependencies: + once "^1.4.0" + enhanced-resolve@^5.15.0: version "5.18.0" resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.18.0.tgz#91eb1db193896b9801251eeff1c6980278b1e404" @@ -5492,6 +5546,11 @@ execa@^5.1.1: signal-exit "^3.0.3" strip-final-newline "^2.0.0" +expand-template@^2.0.3: + version "2.0.3" + resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c" + integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg== + expect-type@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/expect-type/-/expect-type-1.1.0.tgz#a146e414250d13dfc49eafcfd1344a4060fa4c75" @@ -5794,6 +5853,11 @@ forwarded@0.2.0: resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811" integrity sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow== +fs-constants@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/fs-constants/-/fs-constants-1.0.0.tgz#6be0de9be998ce16af8afc24497b9ee9b7ccd9ad" + integrity sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow== + fs.realpath@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f" @@ -5903,6 +5967,11 @@ getpass@^0.1.1: dependencies: assert-plus "^1.0.0" +github-from-package@0.0.0: + version "0.0.0" + resolved "https://registry.yarnpkg.com/github-from-package/-/github-from-package-0.0.0.tgz#97fb5d96bfde8973313f20e8288ef9a167fa64ce" + integrity sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw== + glob-parent@^5.0.0, glob-parent@^5.1.2: version "5.1.2" resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" @@ -6160,6 +6229,11 @@ identity-obj-proxy@^3.0.0: dependencies: harmony-reflect "^1.4.6" +ieee754@^1.1.13: + version "1.2.1" + resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" + integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== + ignore@^4.0.6: version "4.0.6" resolved "https://registry.yarnpkg.com/ignore/-/ignore-4.0.6.tgz#750e3db5862087b4737ebac8207ffd1ef27b25fc" @@ -6201,7 +6275,7 @@ inflight@^1.0.4: once "^1.3.0" wrappy "1" -inherits@2, inherits@^2.0.3: +inherits@2, inherits@^2.0.3, inherits@^2.0.4: version "2.0.4" resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== @@ -7045,6 +7119,11 @@ mimic-fn@^2.1.0: resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-2.1.0.tgz#7ed2c2ccccaf84d3ffcb7a69b57711fc2083401b" integrity sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg== +mimic-response@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-3.1.0.tgz#2d1d59af9c1b129815accc2c46a022a5ce1fa3c9" + integrity sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ== + min-indent@^1.0.0, min-indent@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/min-indent/-/min-indent-1.0.1.tgz#a63f681673b30571fbe8bc25686ae746eefa9869" @@ -7064,11 +7143,16 @@ minimatch@^9.0.4: dependencies: brace-expansion "^2.0.1" -minimist@^1.2.0, minimist@^1.2.6: +minimist@^1.2.0, minimist@^1.2.3, minimist@^1.2.6: version "1.2.8" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c" integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA== +mkdirp-classic@^0.5.2, mkdirp-classic@^0.5.3: + version "0.5.3" + resolved "https://registry.yarnpkg.com/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz#fa10c9115cc6d8865be221ba47ee9bed78601113" + integrity sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A== + mkdirp@^0.5.1: version "0.5.6" resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.6.tgz#7def03d2432dcae4ba1d611445c48396062255f6" @@ -7127,6 +7211,11 @@ nanoid@^3.3.7: resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf" integrity sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w== +napi-build-utils@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/napi-build-utils/-/napi-build-utils-2.0.0.tgz#13c22c0187fcfccce1461844136372a47ddc027e" + integrity sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA== + natural-compare@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7" @@ -7160,6 +7249,25 @@ nmtree@^1.0.6: dependencies: commander "^2.11.0" +node-abi@^3.3.0: + version "3.73.0" + resolved "https://registry.yarnpkg.com/node-abi/-/node-abi-3.73.0.tgz#4459ea77e71969edba8588387eecb05e2c2cff3b" + integrity sha512-z8iYzQGBu35ZkTQ9mtR8RqugJZ9RCLn8fv3d7LsgDBzOijGQP3RdKTX4LA7LXw03ZhU5z0l4xfhIMgSES31+cg== + dependencies: + semver "^7.3.5" + +node-addon-api@^7.0.0: + version "7.1.1" + resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-7.1.1.tgz#1aba6693b0f255258a049d621329329322aad558" + integrity sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ== + +node-cache@^5.1.2: + version "5.1.2" + resolved "https://registry.yarnpkg.com/node-cache/-/node-cache-5.1.2.tgz#f264dc2ccad0a780e76253a694e9fd0ed19c398d" + integrity sha512-t1QzWwnk4sjLWaQAS8CHgOJ+RAfmHpxFWmc36IWTiWHQfs0w5JDMBS1b1ZxQteo0vVVuWJvIUKHDkkeK7vIGCg== + dependencies: + clone "2.x" + node-ical@^0.18.0: version "0.18.0" resolved "https://registry.yarnpkg.com/node-ical/-/node-ical-0.18.0.tgz#919ab65f43cdfebb4ac9a1c2acca2b5e62cc003f" @@ -7290,7 +7398,7 @@ on-headers@~1.0.2: resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f" integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA== -once@^1.3.0, once@^1.4.0: +once@^1.3.0, once@^1.3.1, once@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" integrity sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w== @@ -7434,6 +7542,11 @@ path-type@^4.0.0: resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b" integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw== +path2d@^0.2.1: + version "0.2.2" + resolved "https://registry.yarnpkg.com/path2d/-/path2d-0.2.2.tgz#cc85d61ed7827e7863a2ee36713d4b5315a3d85d" + integrity sha512-+vnG6S4dYcYxZd+CZxzXCNKdELYZSKfohrk98yajCo1PtRoDgCTrrwOvK1GT0UoAdVszagDVllQc0U1vaX4NUQ== + pathe@^1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/pathe/-/pathe-1.1.2.tgz#6c4cb47a945692e48a1ddd6e4094d170516437ec" @@ -7444,7 +7557,15 @@ pathval@^2.0.0: resolved "https://registry.yarnpkg.com/pathval/-/pathval-2.0.0.tgz#7e2550b422601d4f6b8e26f1301bc8f15a741a25" integrity sha512-vE7JKRyES09KiunauX7nd2Q9/L7lhok4smP9RZTDeD4MVs72Dp2qNFVz39Nz5a0FVEW0BJR6C0DYrq6unoziZA== -pdfjs-dist@4.8.69, pdfjs-dist@^4.5.136, pdfjs-dist@^4.6.82, pdfjs-dist@^4.8.69: +pdfjs-dist@4.8.69: + version "4.8.69" + resolved "https://registry.yarnpkg.com/pdfjs-dist/-/pdfjs-dist-4.8.69.tgz#61ea5d66863d49b40e5eacbd4070341175bdda2e" + integrity sha512-IHZsA4T7YElCKNNXtiLgqScw4zPd3pG9do8UrznC757gMd7UPeHSL2qwNNMJo4r79fl8oj1Xx+1nh2YkzdMpLQ== + optionalDependencies: + canvas "^3.0.0-rc2" + path2d "^0.2.1" + +pdfjs-dist@^4.5.136, pdfjs-dist@^4.6.82: version "4.10.38" resolved "https://registry.yarnpkg.com/pdfjs-dist/-/pdfjs-dist-4.10.38.tgz#3ee698003790dc266cc8b55c0e662ccb9ae18f53" integrity sha512-/Y3fcFrXEAsMjJXeL9J8+ZG9U01LbuWaYypvDW2ycW1jL269L3js3DVBjDJ0Up9Np1uqDXsDrRihHANhZOlwdQ== @@ -7618,6 +7739,24 @@ postcss@^8.4.41, postcss@^8.4.43, postcss@^8.4.49: picocolors "^1.1.1" source-map-js "^1.2.1" +prebuild-install@^7.1.1: + version "7.1.3" + resolved "https://registry.yarnpkg.com/prebuild-install/-/prebuild-install-7.1.3.tgz#d630abad2b147443f20a212917beae68b8092eec" + integrity sha512-8Mf2cbV7x1cXPUILADGI3wuhfqWvtiLA1iclTDbFRZkgRQS0NqsPZphna9V+HyTEadheuPmjaJMsbzKQFOzLug== + dependencies: + detect-libc "^2.0.0" + expand-template "^2.0.3" + github-from-package "0.0.0" + minimist "^1.2.3" + mkdirp-classic "^0.5.3" + napi-build-utils "^2.0.0" + node-abi "^3.3.0" + pump "^3.0.0" + rc "^1.2.7" + simple-get "^4.0.0" + tar-fs "^2.0.0" + tunnel-agent "^0.6.0" + prelude-ls@^1.2.1: version "1.2.1" resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396" @@ -7693,6 +7832,14 @@ psl@^1.1.28, psl@^1.1.33: dependencies: punycode "^2.3.1" +pump@^3.0.0: + version "3.0.2" + resolved "https://registry.yarnpkg.com/pump/-/pump-3.0.2.tgz#836f3edd6bc2ee599256c924ffe0d88573ddcbf8" + integrity sha512-tUPXtzlGM8FE3P0ZL6DVs/3P58k9nk8/jZeQCurTJylQA8qFYzHFfhBJkuqyE0FifOsQ0uKWekiZ5g8wtr28cw== + dependencies: + end-of-stream "^1.1.0" + once "^1.3.1" + punycode@^2.1.0, punycode@^2.1.1, punycode@^2.3.1: version "2.3.1" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" @@ -7735,7 +7882,7 @@ range-parser@1.2.0: resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.0.tgz#f49be6b487894ddc40dcc94a322f611092e00d5e" integrity sha512-kA5WQoNVo4t9lNx2kQNFCxKeBl5IbbSNBl1M/tLkw9WCn+hxNBAW5Qh8gdhs63CJnhjJ2zQWFoqPJP2sK1AV5A== -rc@^1.0.1, rc@^1.1.6: +rc@^1.0.1, rc@^1.1.6, rc@^1.2.7: version "1.2.8" resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" integrity sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw== @@ -7893,6 +8040,15 @@ react-transition-group@4.4.5: dependencies: loose-envify "^1.1.0" +readable-stream@^3.1.1, readable-stream@^3.4.0: + version "3.6.2" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" + integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== + dependencies: + inherits "^2.0.3" + string_decoder "^1.1.1" + util-deprecate "^1.0.1" + real-require@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/real-require/-/real-require-0.2.0.tgz#209632dea1810be2ae063a6ac084fee7e33fba78" @@ -8168,7 +8324,7 @@ safe-buffer@5.1.2: resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d" integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== -safe-buffer@^5.0.1, safe-buffer@^5.1.2: +safe-buffer@^5.0.1, safe-buffer@^5.1.2, safe-buffer@~5.2.0: version "5.2.1" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6" integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== @@ -8236,7 +8392,7 @@ semver@^6.1.2, semver@^6.3.0, semver@^6.3.1: resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== -semver@^7.5.4, semver@^7.6.0, semver@^7.6.2, semver@^7.6.3: +semver@^7.3.5, semver@^7.5.4, semver@^7.6.0, semver@^7.6.2, semver@^7.6.3: version "7.6.3" resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143" integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A== @@ -8391,6 +8547,20 @@ signal-exit@^4.0.1: resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-4.1.0.tgz#952188c1cbd546070e2dd20d0f41c0ae0530cb04" integrity sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== +simple-concat@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/simple-concat/-/simple-concat-1.0.1.tgz#f46976082ba35c2263f1c8ab5edfe26c41c9552f" + integrity sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q== + +simple-get@^4.0.0: + version "4.0.1" + resolved "https://registry.yarnpkg.com/simple-get/-/simple-get-4.0.1.tgz#4a39db549287c979d352112fa03fd99fd6bc3543" + integrity sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA== + dependencies: + decompress-response "^6.0.0" + once "^1.3.1" + simple-concat "^1.0.0" + sinon@^18.0.1: version "18.0.1" resolved "https://registry.yarnpkg.com/sinon/-/sinon-18.0.1.tgz#464334cdfea2cddc5eda9a4ea7e2e3f0c7a91c5e" @@ -8621,6 +8791,13 @@ string.prototype.trimstart@^1.0.8: define-properties "^1.2.1" es-object-atoms "^1.0.0" +string_decoder@^1.1.1: + version "1.3.0" + resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.3.0.tgz#42f114594a46cf1a8e30b0a84f56c78c3edac21e" + integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== + dependencies: + safe-buffer "~5.2.0" + strip-ansi@^5.1.0, strip-ansi@^5.2.0: version "5.2.0" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-5.2.0.tgz#8c9a536feb6afc962bdfa5b104a5091c1ad9c0ae" @@ -8894,6 +9071,27 @@ tapable@^2.2.0: resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0" integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== +tar-fs@^2.0.0: + version "2.1.2" + resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.1.2.tgz#425f154f3404cb16cb8ff6e671d45ab2ed9596c5" + integrity sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA== + dependencies: + chownr "^1.1.1" + mkdirp-classic "^0.5.2" + pump "^3.0.0" + tar-stream "^2.1.4" + +tar-stream@^2.1.4: + version "2.2.0" + resolved "https://registry.yarnpkg.com/tar-stream/-/tar-stream-2.2.0.tgz#acad84c284136b060dc3faa64474aa9aebd77287" + integrity sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ== + dependencies: + bl "^4.0.3" + end-of-stream "^1.4.1" + fs-constants "^1.0.0" + inherits "^2.0.3" + readable-stream "^3.1.1" + text-table@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4" @@ -9290,7 +9488,7 @@ use-sidecar@^1.1.2: detect-node-es "^1.1.0" tslib "^2.0.0" -util-deprecate@^1.0.2: +util-deprecate@^1.0.1, util-deprecate@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== From 942f42983446289962de0edca36b40a9929335f0 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 13:42:55 -0600 Subject: [PATCH 02/10] fix imports --- src/api/functions/authorization.ts | 6 ++-- src/api/plugins/auth.ts | 40 +++++++++------------ src/common/config.ts | 58 +++++++++++------------------- 3 files changed, 41 insertions(+), 63 deletions(-) diff --git a/src/api/functions/authorization.ts b/src/api/functions/authorization.ts index 6492ba1..b201a2a 100644 --- a/src/api/functions/authorization.ts +++ b/src/api/functions/authorization.ts @@ -4,9 +4,9 @@ import { QueryCommand, } from "@aws-sdk/client-dynamodb"; import { unmarshall } from "@aws-sdk/util-dynamodb"; -import { genericConfig } from "common/config.js"; -import { DatabaseFetchError } from "common/errors/index.js"; -import { allAppRoles, AppRoles } from "common/roles.js"; +import { genericConfig } from "../../common/config.js"; +import { DatabaseFetchError } from "../../common/errors/index.js"; +import { allAppRoles, AppRoles } from "../../common/roles.js"; import { FastifyInstance } from "fastify"; export const AUTH_DECISION_CACHE_SECONDS = 60; diff --git a/src/api/plugins/auth.ts b/src/api/plugins/auth.ts index ab8f51e..c50203a 100644 --- a/src/api/plugins/auth.ts +++ b/src/api/plugins/auth.ts @@ -14,7 +14,7 @@ import { UnauthorizedError, } from "../../common/errors/index.js"; import { genericConfig, SecretConfig } from "../../common/config.js"; -import { getGroupRoles, getUserRoles } from "api/functions/authorization.js"; +import { getGroupRoles, getUserRoles } from "../functions/authorization.js"; import { DynamoDBClient } from "@aws-sdk/client-dynamodb"; function intersection(setA: Set, setB: Set): Set { @@ -165,10 +165,7 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => { request.tokenPayload = verifiedTokenData; request.username = verifiedTokenData.email || verifiedTokenData.sub; const expectedRoles = new Set(validRoles); - if ( - verifiedTokenData.groups && - fastify.environmentConfig.GroupRoleMapping - ) { + if (verifiedTokenData.groups) { const groupRoles = await Promise.allSettled( verifiedTokenData.groups.map((x) => getGroupRoles(dynamoClient, fastify, x), @@ -201,23 +198,20 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => { } // add user-specific role overrides - if (request.username && fastify.environmentConfig.UserRoleMapping) { - if (fastify.environmentConfig["UserRoleMapping"][request.username]) { - try { - const userAuth = await getUserRoles( - dynamoClient, - fastify, - request.username, - ); - for (const role of userAuth) { - userRoles.add(role); - } - } catch (e) { - request.log.warn( - `Failed to get user role mapping for ${request.username}`, - e, - ); + if (request.username) { + try { + const userAuth = await getUserRoles( + dynamoClient, + fastify, + request.username, + ); + for (const role of userAuth) { + userRoles.add(role); } + } catch (e) { + request.log.warn( + `Failed to get user role mapping for ${request.username}: ${e}`, + ); } } if ( @@ -238,13 +232,13 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => { }); } if (err instanceof Error) { - request.log.error(`Failed to verify JWT: ${err.toString()}`); + request.log.error(`Failed to verify JWT: ${err.toString()} `); } throw new UnauthenticatedError({ message: "Invalid token.", }); } - request.log.info(`authenticated request from ${request.username}`); + request.log.info(`authenticated request from ${request.username} `); return userRoles; }, ); diff --git a/src/common/config.ts b/src/common/config.ts index 893610f..d70d877 100644 --- a/src/common/config.ts +++ b/src/common/config.ts @@ -6,14 +6,10 @@ type ArrayOfValueOrArray = Array>; type OriginType = string | boolean | RegExp; type ValueOrArray = T | ArrayOfValueOrArray; -type GroupRoleMapping = Record; type AzureRoleMapping = Record; -type UserRoleMapping = Record; export type ConfigType = { - GroupRoleMapping: GroupRoleMapping; AzureRoleMapping: AzureRoleMapping; - UserRoleMapping: UserRoleMapping; ValidCorsOrigins: ValueOrArray | OriginFunction; AadValidClientId: string; }; @@ -60,18 +56,6 @@ const genericConfig: GenericConfigType = { const environmentConfig: EnvironmentConfigType = { dev: { - GroupRoleMapping: { - [infraChairsGroupId]: allAppRoles, // Infra Chairs - "940e4f9e-6891-4e28-9e29-148798495cdb": allAppRoles, // ACM Infra Team - "f8dfc4cf-456b-4da3-9053-f7fdeda5d5d6": allAppRoles, // Infra Leads - "0": allAppRoles, // Dummy Group for development only - "1": [], // Dummy Group for development only - "scanner-only": [AppRoles.TICKETS_SCANNER], - }, - UserRoleMapping: { - "infra-unit-test-nogrp@acm.illinois.edu": [AppRoles.TICKETS_SCANNER], - "kLkvWTYwNnJfBkIK7mBi4niXXHYNR7ygbV8utlvFxjw": allAppRoles - }, AzureRoleMapping: { AutonomousWriters: [AppRoles.EVENTS_MANAGER] }, ValidCorsOrigins: [ "http://localhost:3000", @@ -84,27 +68,27 @@ const environmentConfig: EnvironmentConfigType = { AadValidClientId: "39c28870-94e4-47ee-b4fb-affe0bf96c9f", }, prod: { - GroupRoleMapping: { - [infraChairsGroupId]: allAppRoles, // Infra Chairs - [officersGroupId]: allAppRoles, // Officers - [execCouncilGroupId]: [AppRoles.EVENTS_MANAGER, AppRoles.IAM_INVITE_ONLY], // Exec - }, - UserRoleMapping: { - "jlevine4@illinois.edu": allAppRoles, - "kaavyam2@illinois.edu": [AppRoles.TICKETS_SCANNER], - "hazellu2@illinois.edu": [AppRoles.TICKETS_SCANNER], - "cnwos@illinois.edu": [AppRoles.TICKETS_SCANNER], - "alfan2@illinois.edu": [AppRoles.TICKETS_SCANNER], - "naomil4@illinois.edu": [ - AppRoles.TICKETS_SCANNER, - AppRoles.TICKETS_MANAGER, - ], - "akori3@illinois.edu": [ - AppRoles.TICKETS_SCANNER, - AppRoles.TICKETS_MANAGER, - ], - "tarasha2@illinois.edu": [AppRoles.TICKETS_MANAGER, AppRoles.TICKETS_SCANNER] - }, + // GroupRoleMapping: { + // [infraChairsGroupId]: allAppRoles, // Infra Chairs + // [officersGroupId]: allAppRoles, // Officers + // [execCouncilGroupId]: [AppRoles.EVENTS_MANAGER, AppRoles.IAM_INVITE_ONLY], // Exec + // }, + // UserRoleMapping: { + // "jlevine4@illinois.edu": allAppRoles, + // "kaavyam2@illinois.edu": [AppRoles.TICKETS_SCANNER], + // "hazellu2@illinois.edu": [AppRoles.TICKETS_SCANNER], + // "cnwos@illinois.edu": [AppRoles.TICKETS_SCANNER], + // "alfan2@illinois.edu": [AppRoles.TICKETS_SCANNER], + // "naomil4@illinois.edu": [ + // AppRoles.TICKETS_SCANNER, + // AppRoles.TICKETS_MANAGER, + // ], + // "akori3@illinois.edu": [ + // AppRoles.TICKETS_SCANNER, + // AppRoles.TICKETS_MANAGER, + // ], + // "tarasha2@illinois.edu": [AppRoles.TICKETS_MANAGER, AppRoles.TICKETS_SCANNER] + // }, AzureRoleMapping: { AutonomousWriters: [AppRoles.EVENTS_MANAGER] }, ValidCorsOrigins: [ "https://acm.illinois.edu", From 713091450ce3f56cce47f20977f5cf77c182a8eb Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 14:11:33 -0600 Subject: [PATCH 03/10] fix unit tests --- package.json | 2 +- src/api/plugins/auth.ts | 1 + tests/unit/discordEvent.test.ts | 2 +- tests/unit/entraGroupManagement.test.ts | 4 ++-- tests/unit/entraInviteUser.test.ts | 2 +- tests/unit/vitest.config.ts | 7 ++++++ tests/unit/vitest.setup.ts | 31 +++++++++++++++++++++++++ 7 files changed, 44 insertions(+), 5 deletions(-) create mode 100644 tests/unit/vitest.config.ts create mode 100644 tests/unit/vitest.setup.ts diff --git a/package.json b/package.json index b89ba26..70e705d 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "lint": "yarn workspaces run lint", "prepare": "node .husky/install.mjs || true", "typecheck": "yarn workspaces run typecheck", - "test:unit": "vitest run tests/unit && yarn workspace infra-core-ui run test:unit", + "test:unit": "vitest run tests/unit --config tests/unit/vitest.config.ts && yarn workspace infra-core-ui run test:unit", "test:unit-ui": "yarn test:unit --ui", "test:unit-watch": "vitest tests/unit", "test:live": "vitest tests/live", diff --git a/src/api/plugins/auth.ts b/src/api/plugins/auth.ts index c50203a..2361f7a 100644 --- a/src/api/plugins/auth.ts +++ b/src/api/plugins/auth.ts @@ -233,6 +233,7 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => { } if (err instanceof Error) { request.log.error(`Failed to verify JWT: ${err.toString()} `); + throw err; } throw new UnauthenticatedError({ message: "Invalid token.", diff --git a/tests/unit/discordEvent.test.ts b/tests/unit/discordEvent.test.ts index c4e7efd..3d13829 100644 --- a/tests/unit/discordEvent.test.ts +++ b/tests/unit/discordEvent.test.ts @@ -87,7 +87,7 @@ describe("Test Events <-> Discord integration", () => { beforeEach(() => { ddbMock.reset(); smMock.reset(); - vi.resetAllMocks(); + vi.clearAllMocks(); vi.useFakeTimers(); }); }); diff --git a/tests/unit/entraGroupManagement.test.ts b/tests/unit/entraGroupManagement.test.ts index c838965..f1d4961 100644 --- a/tests/unit/entraGroupManagement.test.ts +++ b/tests/unit/entraGroupManagement.test.ts @@ -42,7 +42,7 @@ const app = await init(); describe("Test Modify Group and List Group Routes", () => { beforeEach(() => { - vi.resetAllMocks(); + vi.clearAllMocks(); smMock.on(GetSecretValueCommand).resolves({ SecretString: JSON.stringify({ jwt_key: "test_jwt_key" }), }); @@ -130,7 +130,7 @@ describe("Test Modify Group and List Group Routes", () => { await app.close(); }); beforeEach(() => { - vi.resetAllMocks(); + vi.clearAllMocks(); vi.useFakeTimers(); (getEntraIdToken as any).mockImplementation(async () => { return "ey.test.token"; diff --git a/tests/unit/entraInviteUser.test.ts b/tests/unit/entraInviteUser.test.ts index bc1505f..40e7e2c 100644 --- a/tests/unit/entraInviteUser.test.ts +++ b/tests/unit/entraInviteUser.test.ts @@ -95,7 +95,7 @@ describe("Test Microsoft Entra ID user invitation", () => { }); beforeEach(() => { - vi.resetAllMocks(); + vi.clearAllMocks(); vi.useFakeTimers(); // Re-implement the mock (getEntraIdToken as any).mockImplementation(async () => { diff --git a/tests/unit/vitest.config.ts b/tests/unit/vitest.config.ts new file mode 100644 index 0000000..94159d0 --- /dev/null +++ b/tests/unit/vitest.config.ts @@ -0,0 +1,7 @@ +import { defineConfig } from "vitest/config"; + +export default defineConfig({ + test: { + setupFiles: "./tests/unit/vitest.setup.ts", + }, +}); diff --git a/tests/unit/vitest.setup.ts b/tests/unit/vitest.setup.ts new file mode 100644 index 0000000..07e837f --- /dev/null +++ b/tests/unit/vitest.setup.ts @@ -0,0 +1,31 @@ +import { vi } from "vitest"; +import { allAppRoles, AppRoles } from "../../src/common/roles.js"; +import { group } from "console"; + +vi.mock( + import("../../src/api/functions/authorization.js"), + async (importOriginal) => { + const mod = await importOriginal(); + return { + ...mod, + getUserRoles: vi.fn(async (_, __, userEmail) => { + const mockUserRoles = { + "infra-unit-test-nogrp@acm.illinois.edu": [AppRoles.TICKETS_SCANNER], + kLkvWTYwNnJfBkIK7mBi4niXXHYNR7ygbV8utlvFxjw: allAppRoles, + }; + + return mockUserRoles[userEmail] || []; + }), + + getGroupRoles: vi.fn(async (_, __, groupId) => { + const mockGroupRoles = { + "0": allAppRoles, + "1": [], + "scanner-only": [AppRoles.TICKETS_SCANNER], + }; + + return mockGroupRoles[groupId] || []; + }), + }; + }, +); From b2a001f2f0a9cc4899f3d01a8a97fc0ad89ac14b Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 14:24:00 -0600 Subject: [PATCH 04/10] update paths --- src/api/routes/iam.ts | 6 +++--- src/common/types/iam.ts | 15 +++++++++------ 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/src/api/routes/iam.ts b/src/api/routes/iam.ts index 901a684..929632e 100644 --- a/src/api/routes/iam.ts +++ b/src/api/routes/iam.ts @@ -44,7 +44,7 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => { Body: undefined; Querystring: { groupId: string }; }>( - "/groupRoles/:groupId", + "/groups/:groupId/roles", { schema: { querystring: { @@ -90,7 +90,7 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => { Body: GroupMappingCreatePostRequest; Querystring: { groupId: string }; }>( - "/groupRoles/:groupId", + "/groups/:groupId/roles", { schema: { querystring: { @@ -140,7 +140,7 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => { reply.send({ message: "OK" }); request.log.info( { type: "audit", actor: request.username, target: groupId }, - `set group ID roles to ${request.body.roles.toString()}`, + `set target roles to ${request.body.roles.toString()}`, ); }, ); diff --git a/src/common/types/iam.ts b/src/common/types/iam.ts index c769988..86e932f 100644 --- a/src/common/types/iam.ts +++ b/src/common/types/iam.ts @@ -22,14 +22,17 @@ export const invitePostRequestSchema = z.object({ export type InviteUserPostRequest = z.infer; export const groupMappingCreatePostSchema = z.object({ - roles: z - .array(z.nativeEnum(AppRoles)) - .min(1) - .refine((items) => new Set(items).size === items.length, { - message: "All roles must be unique, no duplicate values allowed", - }), + roles: z.union([ + z.array(z.nativeEnum(AppRoles)) + .min(1) + .refine((items) => new Set(items).size === items.length, { + message: "All roles must be unique, no duplicate values allowed", + }), + z.tuple([z.literal("all")]), + ]), }); + export type GroupMappingCreatePostRequest = z.infer< typeof groupMappingCreatePostSchema >; From c4a0c8342dfa14c5cef859133f9abb19a8d50a54 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 14:34:02 -0600 Subject: [PATCH 05/10] update auth update endpoints --- src/api/functions/authorization.ts | 12 ++++++++++-- src/api/routes/iam.ts | 28 ++++++++++++++-------------- 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/src/api/functions/authorization.ts b/src/api/functions/authorization.ts index b201a2a..8bfecf2 100644 --- a/src/api/functions/authorization.ts +++ b/src/api/functions/authorization.ts @@ -9,7 +9,7 @@ import { DatabaseFetchError } from "../../common/errors/index.js"; import { allAppRoles, AppRoles } from "../../common/roles.js"; import { FastifyInstance } from "fastify"; -export const AUTH_DECISION_CACHE_SECONDS = 60; +export const AUTH_DECISION_CACHE_SECONDS = 180; export async function getUserRoles( dynamoClient: DynamoDBClient, @@ -72,11 +72,19 @@ export async function getGroupRoles( }, }); const response = await dynamoClient.send(command); - if (!response || !response.Item) { + if (!response) { throw new DatabaseFetchError({ message: "Could not get group roles for user", }); } + if (!response.Item) { + fastifyApp.nodeCache.set( + `grouproles-${groupId}`, + [], + AUTH_DECISION_CACHE_SECONDS, + ); + return []; + } const items = unmarshall(response.Item) as { roles: AppRoles[] | ["all"] }; if (!("roles" in items)) { fastifyApp.nodeCache.set( diff --git a/src/api/routes/iam.ts b/src/api/routes/iam.ts index 929632e..7989d64 100644 --- a/src/api/routes/iam.ts +++ b/src/api/routes/iam.ts @@ -1,5 +1,5 @@ import { FastifyPluginAsync } from "fastify"; -import { AppRoles } from "../../common/roles.js"; +import { allAppRoles, AppRoles } from "../../common/roles.js"; import { zodToJsonSchema } from "zod-to-json-schema"; import { addToTenant, @@ -34,6 +34,10 @@ import { EntraGroupActions, entraGroupMembershipListResponse, } from "../../common/types/iam.js"; +import { + AUTH_DECISION_CACHE_SECONDS, + getGroupRoles, +} from "api/functions/authorization.js"; const dynamoClient = new DynamoDBClient({ region: genericConfig.AwsRegion, @@ -61,19 +65,10 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => { }, }, async (request, reply) => { - const groupId = (request.params as Record).groupId; try { - const command = new GetItemCommand({ - TableName: `${genericConfig.IAMTablePrefix}-grouproles`, - Key: { groupUuid: { S: groupId } }, - }); - const response = await dynamoClient.send(command); - if (!response.Item) { - throw new NotFoundError({ - endpointName: `/api/v1/iam/groupRoles/${groupId}`, - }); - } - reply.send(unmarshall(response.Item)); + const groupId = (request.params as Record).groupId; + const roles = await getGroupRoles(dynamoClient, fastify, groupId); + return reply.send(roles); } catch (e: unknown) { if (e instanceof BaseError) { throw e; @@ -125,9 +120,14 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => { createdAt: timestamp, }), }); - await dynamoClient.send(command); + fastify.nodeCache.set( + `grouproles-${groupId}`, + request.body.roles, + AUTH_DECISION_CACHE_SECONDS, + ); } catch (e: unknown) { + fastify.nodeCache.del(`grouproles-${groupId}`); if (e instanceof BaseError) { throw e; } From f44390193eff9588699b5c6f26d8b5fd26dbed54 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 14:42:48 -0600 Subject: [PATCH 06/10] remove outdated config --- src/common/config.ts | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/src/common/config.ts b/src/common/config.ts index d70d877..b0609d6 100644 --- a/src/common/config.ts +++ b/src/common/config.ts @@ -68,27 +68,6 @@ const environmentConfig: EnvironmentConfigType = { AadValidClientId: "39c28870-94e4-47ee-b4fb-affe0bf96c9f", }, prod: { - // GroupRoleMapping: { - // [infraChairsGroupId]: allAppRoles, // Infra Chairs - // [officersGroupId]: allAppRoles, // Officers - // [execCouncilGroupId]: [AppRoles.EVENTS_MANAGER, AppRoles.IAM_INVITE_ONLY], // Exec - // }, - // UserRoleMapping: { - // "jlevine4@illinois.edu": allAppRoles, - // "kaavyam2@illinois.edu": [AppRoles.TICKETS_SCANNER], - // "hazellu2@illinois.edu": [AppRoles.TICKETS_SCANNER], - // "cnwos@illinois.edu": [AppRoles.TICKETS_SCANNER], - // "alfan2@illinois.edu": [AppRoles.TICKETS_SCANNER], - // "naomil4@illinois.edu": [ - // AppRoles.TICKETS_SCANNER, - // AppRoles.TICKETS_MANAGER, - // ], - // "akori3@illinois.edu": [ - // AppRoles.TICKETS_SCANNER, - // AppRoles.TICKETS_MANAGER, - // ], - // "tarasha2@illinois.edu": [AppRoles.TICKETS_MANAGER, AppRoles.TICKETS_SCANNER] - // }, AzureRoleMapping: { AutonomousWriters: [AppRoles.EVENTS_MANAGER] }, ValidCorsOrigins: [ "https://acm.illinois.edu", From cb2174218617d0953fc5850b447cf7b45ceb10c6 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 14:47:08 -0600 Subject: [PATCH 07/10] fix import --- src/api/routes/iam.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/routes/iam.ts b/src/api/routes/iam.ts index 7989d64..9a99caf 100644 --- a/src/api/routes/iam.ts +++ b/src/api/routes/iam.ts @@ -37,7 +37,7 @@ import { import { AUTH_DECISION_CACHE_SECONDS, getGroupRoles, -} from "api/functions/authorization.js"; +} from "../functions/authorization.js"; const dynamoClient = new DynamoDBClient({ region: genericConfig.AwsRegion, From 2b34c5c41ad6085ef455825d79cfbcfe77c4b873 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 14:51:50 -0600 Subject: [PATCH 08/10] fix cfn-lint issues --- Makefile | 2 + cloudformation/main.yml | 5 +- yarn.lock | 207 ++-------------------------------------- 3 files changed, 14 insertions(+), 200 deletions(-) diff --git a/Makefile b/Makefile index caec2c0..af53f38 100644 --- a/Makefile +++ b/Makefile @@ -66,6 +66,7 @@ deploy_dev: check_account_dev build install: yarn -D + pip install cfn-lint test_live_integration: install yarn test:live @@ -73,6 +74,7 @@ test_live_integration: install test_unit: install yarn typecheck yarn lint + cfn-lint cloudformation/**/* --ignore-templates cloudformation/phony-swagger.yml yarn prettier yarn test:unit diff --git a/cloudformation/main.yml b/cloudformation/main.yml index 2265006..84c5e02 100644 --- a/cloudformation/main.yml +++ b/cloudformation/main.yml @@ -25,7 +25,6 @@ Parameters: Conditions: IsProd: !Equals [!Ref RunEnvironment, 'prod'] - IsDev: !Equals [!Ref RunEnvironment, 'dev'] ShouldAttachVpc: !Equals [true, !Ref VpcRequired] @@ -149,6 +148,7 @@ Resources: IamGroupRolesTable: Type: 'AWS::DynamoDB::Table' DeletionPolicy: "Retain" + UpdateReplacePolicy: "Retain" Properties: BillingMode: 'PAY_PER_REQUEST' TableName: infra-core-api-iam-grouproles @@ -165,6 +165,7 @@ Resources: IamUserRolesTable: Type: 'AWS::DynamoDB::Table' DeletionPolicy: "Retain" + UpdateReplacePolicy: "Retain" Properties: BillingMode: 'PAY_PER_REQUEST' TableName: infra-core-api-iam-userroles @@ -181,6 +182,7 @@ Resources: EventRecordsTable: Type: 'AWS::DynamoDB::Table' DeletionPolicy: "Retain" + UpdateReplacePolicy: "Retain" Properties: BillingMode: 'PAY_PER_REQUEST' TableName: infra-core-api-events @@ -206,6 +208,7 @@ Resources: CacheRecordsTable: Type: 'AWS::DynamoDB::Table' DeletionPolicy: "Retain" + UpdateReplacePolicy: "Retain" Properties: BillingMode: 'PAY_PER_REQUEST' TableName: infra-core-api-cache diff --git a/yarn.lock b/yarn.lock index a37bbe3..f956643 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4089,11 +4089,6 @@ balanced-match@^2.0.0: resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-2.0.0.tgz#dc70f920d78db8b858535795867bf48f820633d9" integrity sha512-1ugUSr8BHXRnK23KfuYS+gVMC3LB8QGH9W1iGtDPsNWoQbgtXSExkBu2aDR4epiGWZOjZsj6lDl/N/AqqTC3UA== -base64-js@^1.3.1: - version "1.5.1" - resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" - integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== - bcrypt-pbkdf@^1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e" @@ -4108,15 +4103,6 @@ better-opn@^3.0.2: dependencies: open "^8.0.4" -bl@^4.0.3: - version "4.1.0" - resolved "https://registry.yarnpkg.com/bl/-/bl-4.1.0.tgz#451535264182bec2fbbc83a62ab98cf11d9f7b3a" - integrity sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w== - dependencies: - buffer "^5.5.0" - inherits "^2.0.4" - readable-stream "^3.4.0" - bowser@^2.11.0: version "2.11.0" resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.11.0.tgz#5ca3c35757a7aa5771500c70a73a9f91ef420a8f" @@ -4178,14 +4164,6 @@ buffer-equal-constant-time@1.0.1: resolved "https://registry.yarnpkg.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz#f8e71132f7ffe6e01a5c9697a4c6f3e48d5cc819" integrity sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA== -buffer@^5.5.0: - version "5.7.1" - resolved "https://registry.yarnpkg.com/buffer/-/buffer-5.7.1.tgz#ba62e7c13133053582197160851a8f648e99eed0" - integrity sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ== - dependencies: - base64-js "^1.3.1" - ieee754 "^1.1.13" - bytes@3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048" @@ -4242,14 +4220,6 @@ caniuse-lite@^1.0.30001688: resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001690.tgz#f2d15e3aaf8e18f76b2b8c1481abde063b8104c8" integrity sha512-5ExiE3qQN6oF8Clf8ifIDcMRCRE/dMGcETG/XGMD8/XiXm6HXQgQTh1yZYLXXpSOsEUlJm1Xr7kGULZTuGtP/w== -canvas@^3.0.0-rc2: - version "3.1.0" - resolved "https://registry.yarnpkg.com/canvas/-/canvas-3.1.0.tgz#6cdf094b859fef8e39b0e2c386728a376f1727b2" - integrity sha512-tTj3CqqukVJ9NgSahykNwtGda7V33VLObwrHfzT0vqJXu7J4d4C/7kQQW3fOEGDfZZoILPut5H00gOjyttPGyg== - dependencies: - node-addon-api "^7.0.0" - prebuild-install "^7.1.1" - caseless@~0.12.0: version "0.12.0" resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc" @@ -4318,11 +4288,6 @@ check-error@^2.1.1: resolved "https://registry.yarnpkg.com/check-error/-/check-error-2.1.1.tgz#87eb876ae71ee388fa0471fe423f494be1d96ccc" integrity sha512-OAlb+T7V4Op9OwdkjmguYRqncdlx5JiofwOAUkmTF+jNdHwzTaTs4sRAGpzLF3oOz5xAyDGrPgeIDFQmDOTiJw== -chownr@^1.1.1: - version "1.1.4" - resolved "https://registry.yarnpkg.com/chownr/-/chownr-1.1.4.tgz#6fc9d7b42d32a583596337666e7d08084da2cc6b" - integrity sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg== - cli-boxes@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-3.0.0.tgz#71a10c716feeba005e4504f36329ef0b17cf3145" @@ -4647,13 +4612,6 @@ decimal.js@^10.4.3: resolved "https://registry.yarnpkg.com/decimal.js/-/decimal.js-10.4.3.tgz#1044092884d245d1b7f65725fa4ad4c6f781cc23" integrity sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA== -decompress-response@^6.0.0: - version "6.0.0" - resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-6.0.0.tgz#ca387612ddb7e104bd16d85aab00d5ecf09c66fc" - integrity sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ== - dependencies: - mimic-response "^3.1.0" - deep-eql@^5.0.1: version "5.0.2" resolved "https://registry.yarnpkg.com/deep-eql/-/deep-eql-5.0.2.tgz#4b756d8d770a9257300825d52a2c2cff99c3a341" @@ -4726,11 +4684,6 @@ dequal@^2.0.2, dequal@^2.0.3: resolved "https://registry.yarnpkg.com/dequal/-/dequal-2.0.3.tgz#2644214f1997d39ed0ee0ece72335490a7ac67be" integrity sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA== -detect-libc@^2.0.0: - version "2.0.3" - resolved "https://registry.yarnpkg.com/detect-libc/-/detect-libc-2.0.3.tgz#f0cd503b40f9939b894697d19ad50895e30cf700" - integrity sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw== - detect-node-es@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/detect-node-es/-/detect-node-es-1.1.0.tgz#163acdf643330caa0b4cd7c21e7ee7755d6fa493" @@ -4880,13 +4833,6 @@ emoji-regex@^9.2.2: resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72" integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg== -end-of-stream@^1.1.0, end-of-stream@^1.4.1: - version "1.4.4" - resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.4.tgz#5ae64a5f45057baf3626ec14da0ca5e4b2431eb0" - integrity sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q== - dependencies: - once "^1.4.0" - enhanced-resolve@^5.15.0: version "5.18.0" resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.18.0.tgz#91eb1db193896b9801251eeff1c6980278b1e404" @@ -5546,11 +5492,6 @@ execa@^5.1.1: signal-exit "^3.0.3" strip-final-newline "^2.0.0" -expand-template@^2.0.3: - version "2.0.3" - resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c" - integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg== - expect-type@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/expect-type/-/expect-type-1.1.0.tgz#a146e414250d13dfc49eafcfd1344a4060fa4c75" @@ -5853,11 +5794,6 @@ forwarded@0.2.0: resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811" integrity sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow== -fs-constants@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/fs-constants/-/fs-constants-1.0.0.tgz#6be0de9be998ce16af8afc24497b9ee9b7ccd9ad" - integrity sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow== - fs.realpath@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f" @@ -5967,11 +5903,6 @@ getpass@^0.1.1: dependencies: assert-plus "^1.0.0" -github-from-package@0.0.0: - version "0.0.0" - resolved "https://registry.yarnpkg.com/github-from-package/-/github-from-package-0.0.0.tgz#97fb5d96bfde8973313f20e8288ef9a167fa64ce" - integrity sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw== - glob-parent@^5.0.0, glob-parent@^5.1.2: version "5.1.2" resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" @@ -6229,11 +6160,6 @@ identity-obj-proxy@^3.0.0: dependencies: harmony-reflect "^1.4.6" -ieee754@^1.1.13: - version "1.2.1" - resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" - integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== - ignore@^4.0.6: version "4.0.6" resolved "https://registry.yarnpkg.com/ignore/-/ignore-4.0.6.tgz#750e3db5862087b4737ebac8207ffd1ef27b25fc" @@ -6275,7 +6201,7 @@ inflight@^1.0.4: once "^1.3.0" wrappy "1" -inherits@2, inherits@^2.0.3, inherits@^2.0.4: +inherits@2, inherits@^2.0.3: version "2.0.4" resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== @@ -7119,11 +7045,6 @@ mimic-fn@^2.1.0: resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-2.1.0.tgz#7ed2c2ccccaf84d3ffcb7a69b57711fc2083401b" integrity sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg== -mimic-response@^3.1.0: - version "3.1.0" - resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-3.1.0.tgz#2d1d59af9c1b129815accc2c46a022a5ce1fa3c9" - integrity sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ== - min-indent@^1.0.0, min-indent@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/min-indent/-/min-indent-1.0.1.tgz#a63f681673b30571fbe8bc25686ae746eefa9869" @@ -7143,16 +7064,11 @@ minimatch@^9.0.4: dependencies: brace-expansion "^2.0.1" -minimist@^1.2.0, minimist@^1.2.3, minimist@^1.2.6: +minimist@^1.2.0, minimist@^1.2.6: version "1.2.8" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c" integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA== -mkdirp-classic@^0.5.2, mkdirp-classic@^0.5.3: - version "0.5.3" - resolved "https://registry.yarnpkg.com/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz#fa10c9115cc6d8865be221ba47ee9bed78601113" - integrity sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A== - mkdirp@^0.5.1: version "0.5.6" resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.6.tgz#7def03d2432dcae4ba1d611445c48396062255f6" @@ -7211,11 +7127,6 @@ nanoid@^3.3.7: resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf" integrity sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w== -napi-build-utils@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/napi-build-utils/-/napi-build-utils-2.0.0.tgz#13c22c0187fcfccce1461844136372a47ddc027e" - integrity sha512-GEbrYkbfF7MoNaoh2iGG84Mnf/WZfB0GdGEsM8wz7Expx/LlWf5U8t9nvJKXSp3qr5IsEbK04cBGhol/KwOsWA== - natural-compare@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7" @@ -7249,18 +7160,6 @@ nmtree@^1.0.6: dependencies: commander "^2.11.0" -node-abi@^3.3.0: - version "3.73.0" - resolved "https://registry.yarnpkg.com/node-abi/-/node-abi-3.73.0.tgz#4459ea77e71969edba8588387eecb05e2c2cff3b" - integrity sha512-z8iYzQGBu35ZkTQ9mtR8RqugJZ9RCLn8fv3d7LsgDBzOijGQP3RdKTX4LA7LXw03ZhU5z0l4xfhIMgSES31+cg== - dependencies: - semver "^7.3.5" - -node-addon-api@^7.0.0: - version "7.1.1" - resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-7.1.1.tgz#1aba6693b0f255258a049d621329329322aad558" - integrity sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ== - node-cache@^5.1.2: version "5.1.2" resolved "https://registry.yarnpkg.com/node-cache/-/node-cache-5.1.2.tgz#f264dc2ccad0a780e76253a694e9fd0ed19c398d" @@ -7398,7 +7297,7 @@ on-headers@~1.0.2: resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f" integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA== -once@^1.3.0, once@^1.3.1, once@^1.4.0: +once@^1.3.0, once@^1.4.0: version "1.4.0" resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" integrity sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w== @@ -7542,11 +7441,6 @@ path-type@^4.0.0: resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b" integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw== -path2d@^0.2.1: - version "0.2.2" - resolved "https://registry.yarnpkg.com/path2d/-/path2d-0.2.2.tgz#cc85d61ed7827e7863a2ee36713d4b5315a3d85d" - integrity sha512-+vnG6S4dYcYxZd+CZxzXCNKdELYZSKfohrk98yajCo1PtRoDgCTrrwOvK1GT0UoAdVszagDVllQc0U1vaX4NUQ== - pathe@^1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/pathe/-/pathe-1.1.2.tgz#6c4cb47a945692e48a1ddd6e4094d170516437ec" @@ -7557,15 +7451,7 @@ pathval@^2.0.0: resolved "https://registry.yarnpkg.com/pathval/-/pathval-2.0.0.tgz#7e2550b422601d4f6b8e26f1301bc8f15a741a25" integrity sha512-vE7JKRyES09KiunauX7nd2Q9/L7lhok4smP9RZTDeD4MVs72Dp2qNFVz39Nz5a0FVEW0BJR6C0DYrq6unoziZA== -pdfjs-dist@4.8.69: - version "4.8.69" - resolved "https://registry.yarnpkg.com/pdfjs-dist/-/pdfjs-dist-4.8.69.tgz#61ea5d66863d49b40e5eacbd4070341175bdda2e" - integrity sha512-IHZsA4T7YElCKNNXtiLgqScw4zPd3pG9do8UrznC757gMd7UPeHSL2qwNNMJo4r79fl8oj1Xx+1nh2YkzdMpLQ== - optionalDependencies: - canvas "^3.0.0-rc2" - path2d "^0.2.1" - -pdfjs-dist@^4.5.136, pdfjs-dist@^4.6.82: +pdfjs-dist@4.8.69, pdfjs-dist@^4.5.136, pdfjs-dist@^4.6.82, pdfjs-dist@^4.8.69: version "4.10.38" resolved "https://registry.yarnpkg.com/pdfjs-dist/-/pdfjs-dist-4.10.38.tgz#3ee698003790dc266cc8b55c0e662ccb9ae18f53" integrity sha512-/Y3fcFrXEAsMjJXeL9J8+ZG9U01LbuWaYypvDW2ycW1jL269L3js3DVBjDJ0Up9Np1uqDXsDrRihHANhZOlwdQ== @@ -7739,24 +7625,6 @@ postcss@^8.4.41, postcss@^8.4.43, postcss@^8.4.49: picocolors "^1.1.1" source-map-js "^1.2.1" -prebuild-install@^7.1.1: - version "7.1.3" - resolved "https://registry.yarnpkg.com/prebuild-install/-/prebuild-install-7.1.3.tgz#d630abad2b147443f20a212917beae68b8092eec" - integrity sha512-8Mf2cbV7x1cXPUILADGI3wuhfqWvtiLA1iclTDbFRZkgRQS0NqsPZphna9V+HyTEadheuPmjaJMsbzKQFOzLug== - dependencies: - detect-libc "^2.0.0" - expand-template "^2.0.3" - github-from-package "0.0.0" - minimist "^1.2.3" - mkdirp-classic "^0.5.3" - napi-build-utils "^2.0.0" - node-abi "^3.3.0" - pump "^3.0.0" - rc "^1.2.7" - simple-get "^4.0.0" - tar-fs "^2.0.0" - tunnel-agent "^0.6.0" - prelude-ls@^1.2.1: version "1.2.1" resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396" @@ -7832,14 +7700,6 @@ psl@^1.1.28, psl@^1.1.33: dependencies: punycode "^2.3.1" -pump@^3.0.0: - version "3.0.2" - resolved "https://registry.yarnpkg.com/pump/-/pump-3.0.2.tgz#836f3edd6bc2ee599256c924ffe0d88573ddcbf8" - integrity sha512-tUPXtzlGM8FE3P0ZL6DVs/3P58k9nk8/jZeQCurTJylQA8qFYzHFfhBJkuqyE0FifOsQ0uKWekiZ5g8wtr28cw== - dependencies: - end-of-stream "^1.1.0" - once "^1.3.1" - punycode@^2.1.0, punycode@^2.1.1, punycode@^2.3.1: version "2.3.1" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" @@ -7882,7 +7742,7 @@ range-parser@1.2.0: resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.0.tgz#f49be6b487894ddc40dcc94a322f611092e00d5e" integrity sha512-kA5WQoNVo4t9lNx2kQNFCxKeBl5IbbSNBl1M/tLkw9WCn+hxNBAW5Qh8gdhs63CJnhjJ2zQWFoqPJP2sK1AV5A== -rc@^1.0.1, rc@^1.1.6, rc@^1.2.7: +rc@^1.0.1, rc@^1.1.6: version "1.2.8" resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" integrity sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw== @@ -8040,15 +7900,6 @@ react-transition-group@4.4.5: dependencies: loose-envify "^1.1.0" -readable-stream@^3.1.1, readable-stream@^3.4.0: - version "3.6.2" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" - integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== - dependencies: - inherits "^2.0.3" - string_decoder "^1.1.1" - util-deprecate "^1.0.1" - real-require@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/real-require/-/real-require-0.2.0.tgz#209632dea1810be2ae063a6ac084fee7e33fba78" @@ -8324,7 +8175,7 @@ safe-buffer@5.1.2: resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d" integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== -safe-buffer@^5.0.1, safe-buffer@^5.1.2, safe-buffer@~5.2.0: +safe-buffer@^5.0.1, safe-buffer@^5.1.2: version "5.2.1" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6" integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== @@ -8392,7 +8243,7 @@ semver@^6.1.2, semver@^6.3.0, semver@^6.3.1: resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== -semver@^7.3.5, semver@^7.5.4, semver@^7.6.0, semver@^7.6.2, semver@^7.6.3: +semver@^7.5.4, semver@^7.6.0, semver@^7.6.2, semver@^7.6.3: version "7.6.3" resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143" integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A== @@ -8547,20 +8398,6 @@ signal-exit@^4.0.1: resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-4.1.0.tgz#952188c1cbd546070e2dd20d0f41c0ae0530cb04" integrity sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== -simple-concat@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/simple-concat/-/simple-concat-1.0.1.tgz#f46976082ba35c2263f1c8ab5edfe26c41c9552f" - integrity sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q== - -simple-get@^4.0.0: - version "4.0.1" - resolved "https://registry.yarnpkg.com/simple-get/-/simple-get-4.0.1.tgz#4a39db549287c979d352112fa03fd99fd6bc3543" - integrity sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA== - dependencies: - decompress-response "^6.0.0" - once "^1.3.1" - simple-concat "^1.0.0" - sinon@^18.0.1: version "18.0.1" resolved "https://registry.yarnpkg.com/sinon/-/sinon-18.0.1.tgz#464334cdfea2cddc5eda9a4ea7e2e3f0c7a91c5e" @@ -8791,13 +8628,6 @@ string.prototype.trimstart@^1.0.8: define-properties "^1.2.1" es-object-atoms "^1.0.0" -string_decoder@^1.1.1: - version "1.3.0" - resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.3.0.tgz#42f114594a46cf1a8e30b0a84f56c78c3edac21e" - integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== - dependencies: - safe-buffer "~5.2.0" - strip-ansi@^5.1.0, strip-ansi@^5.2.0: version "5.2.0" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-5.2.0.tgz#8c9a536feb6afc962bdfa5b104a5091c1ad9c0ae" @@ -9071,27 +8901,6 @@ tapable@^2.2.0: resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0" integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== -tar-fs@^2.0.0: - version "2.1.2" - resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-2.1.2.tgz#425f154f3404cb16cb8ff6e671d45ab2ed9596c5" - integrity sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA== - dependencies: - chownr "^1.1.1" - mkdirp-classic "^0.5.2" - pump "^3.0.0" - tar-stream "^2.1.4" - -tar-stream@^2.1.4: - version "2.2.0" - resolved "https://registry.yarnpkg.com/tar-stream/-/tar-stream-2.2.0.tgz#acad84c284136b060dc3faa64474aa9aebd77287" - integrity sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ== - dependencies: - bl "^4.0.3" - end-of-stream "^1.4.1" - fs-constants "^1.0.0" - inherits "^2.0.3" - readable-stream "^3.1.1" - text-table@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4" @@ -9488,7 +9297,7 @@ use-sidecar@^1.1.2: detect-node-es "^1.1.0" tslib "^2.0.0" -util-deprecate@^1.0.1, util-deprecate@^1.0.2: +util-deprecate@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== From 07ec5c03cb7e84f7c4274ee46ddde51e141c536d Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 14:58:55 -0600 Subject: [PATCH 09/10] fix dependencies --- package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 70e705d..5b5825c 100644 --- a/package.json +++ b/package.json @@ -44,6 +44,7 @@ "jwks-rsa": "^3.1.0", "moment": "^2.30.1", "moment-timezone": "^0.5.45", + "node-cache": "^5.1.2", "pluralize": "^8.0.0", "zod": "^3.23.8", "zod-to-json-schema": "^3.23.2", @@ -105,4 +106,4 @@ "resolutions": { "pdfjs-dist": "^4.8.69" } -} \ No newline at end of file +} From 98714eb9330fe127cf7b6a115d5c93b302c6d4f4 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Wed, 22 Jan 2025 15:20:14 -0600 Subject: [PATCH 10/10] fix excess erroring with user roles --- src/api/functions/authorization.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/api/functions/authorization.ts b/src/api/functions/authorization.ts index 8bfecf2..603ca2e 100644 --- a/src/api/functions/authorization.ts +++ b/src/api/functions/authorization.ts @@ -29,11 +29,14 @@ export async function getUserRoles( }, }); const response = await dynamoClient.send(command); - if (!response || !response.Item) { + if (!response) { throw new DatabaseFetchError({ message: "Could not get user roles", }); } + if (!response.Item) { + return []; + } const items = unmarshall(response.Item) as { roles: AppRoles[] | ["all"] }; if (!("roles" in items)) { return [];