From d86928f1b4b5feda8c330ed8ee0bf9de0fc12ae7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karol=20S=C3=B3jko?= Date: Wed, 6 Jul 2022 11:24:08 +0200 Subject: [PATCH] feat: add security package --- packages/api-gateway/package.json | 2 +- .../src/Controller/AuthMiddleware.ts | 2 +- .../SubscriptionTokenAuthMiddleware.ts | 2 +- packages/auth/package.json | 2 +- packages/auth/src/Bootstrap/Container.ts | 2 +- .../ApiGatewayAuthMiddleware.spec.ts | 2 +- .../Controller/ApiGatewayAuthMiddleware.ts | 2 +- .../ApiGatewayOfflineAuthMiddleware.spec.ts | 2 +- .../ApiGatewayOfflineAuthMiddleware.ts | 2 +- .../src/Controller/OfflineController.spec.ts | 2 +- .../auth/src/Controller/OfflineController.ts | 2 +- .../src/Controller/SessionsController.spec.ts | 2 +- .../auth/src/Controller/SessionsController.ts | 2 +- .../SubscriptionInvitesController.ts | 2 +- .../SubscriptionTokensController.spec.ts | 2 +- .../SubscriptionTokensController.ts | 2 +- .../Auth/AuthResponseFactory20161215.spec.ts | 2 +- .../Auth/AuthResponseFactory20161215.ts | 2 +- .../Auth/AuthResponseFactory20190520.spec.ts | 2 +- .../Auth/AuthResponseFactory20200115.spec.ts | 2 +- .../Auth/AuthResponseFactory20200115.ts | 2 +- .../Auth/AuthenticationMethodResolver.spec.ts | 2 +- .../Auth/AuthenticationMethodResolver.ts | 2 +- .../src/Domain/Feature/FeatureService.spec.ts | 2 +- .../ExtensionKeyGrantedEventHandler.ts | 2 +- .../SubscriptionSyncRequestedEventHandler.ts | 2 +- .../CreateValetToken/CreateValetToken.spec.ts | 2 +- .../CreateValetToken/CreateValetToken.ts | 2 +- .../auth/src/Domain/UseCase/VerifyMFA.spec.ts | 2 +- packages/auth/src/Domain/UseCase/VerifyMFA.ts | 2 +- .../src/Domain/User/KeyParamsFactory.spec.ts | 2 +- .../auth/src/Domain/User/KeyParamsFactory.ts | 2 +- packages/domain-events/package.json | 2 +- packages/files/package.json | 2 +- packages/files/src/Bootstrap/Container.ts | 2 +- .../ValetTokenAuthMiddleware.spec.ts | 2 +- .../Controller/ValetTokenAuthMiddleware.ts | 2 +- packages/security/.eslintignore | 1 + packages/security/.eslintrc | 6 + packages/security/CHANGELOG.md | 365 ++++++++++++++++++ packages/security/jest.config.js | 11 + packages/security/linter.tsconfig.json | 4 + packages/security/package.json | 41 ++ .../src/Domain/Decoder/TokenDecoder.spec.ts | 31 ++ .../src/Domain/Decoder/TokenDecoder.ts | 16 + .../Domain/Decoder/TokenDecoderInterface.ts | 3 + .../src/Domain/Encoder/TokenEncoder.spec.ts | 25 ++ .../src/Domain/Encoder/TokenEncoder.ts | 15 + .../Domain/Encoder/TokenEncoderInterface.ts | 4 + packages/security/src/Domain/Role/Role.ts | 6 + .../Selection/DeterministicSelector.spec.ts | 41 ++ .../Domain/Selection/DeterministicSelector.ts | 16 + .../src/Domain/Selection/SelectorInterface.ts | 3 + .../src/Domain/Subscription/Subscription.ts | 9 + .../src/Domain/Token/CrossServiceTokenData.ts | 23 ++ .../Domain/Token/OfflineFeaturesTokenData.ts | 4 + .../src/Domain/Token/OfflineUserTokenData.ts | 4 + .../src/Domain/Token/SessionTokenData.ts | 1 + .../src/Domain/Token/ValetTokenData.ts | 14 + packages/security/src/Domain/index.ts | 13 + packages/security/src/index.ts | 1 + packages/security/tsconfig.json | 11 + packages/syncing-server/package.json | 2 +- .../src/Controller/AuthMiddleware.ts | 2 +- tsconfig.json | 3 + 65 files changed, 710 insertions(+), 39 deletions(-) create mode 100644 packages/security/.eslintignore create mode 100644 packages/security/.eslintrc create mode 100644 packages/security/CHANGELOG.md create mode 100644 packages/security/jest.config.js create mode 100644 packages/security/linter.tsconfig.json create mode 100644 packages/security/package.json create mode 100644 packages/security/src/Domain/Decoder/TokenDecoder.spec.ts create mode 100644 packages/security/src/Domain/Decoder/TokenDecoder.ts create mode 100644 packages/security/src/Domain/Decoder/TokenDecoderInterface.ts create mode 100644 packages/security/src/Domain/Encoder/TokenEncoder.spec.ts create mode 100644 packages/security/src/Domain/Encoder/TokenEncoder.ts create mode 100644 packages/security/src/Domain/Encoder/TokenEncoderInterface.ts create mode 100644 packages/security/src/Domain/Role/Role.ts create mode 100644 packages/security/src/Domain/Selection/DeterministicSelector.spec.ts create mode 100644 packages/security/src/Domain/Selection/DeterministicSelector.ts create mode 100644 packages/security/src/Domain/Selection/SelectorInterface.ts create mode 100644 packages/security/src/Domain/Subscription/Subscription.ts create mode 100644 packages/security/src/Domain/Token/CrossServiceTokenData.ts create mode 100644 packages/security/src/Domain/Token/OfflineFeaturesTokenData.ts create mode 100644 packages/security/src/Domain/Token/OfflineUserTokenData.ts create mode 100644 packages/security/src/Domain/Token/SessionTokenData.ts create mode 100644 packages/security/src/Domain/Token/ValetTokenData.ts create mode 100644 packages/security/src/Domain/index.ts create mode 100644 packages/security/src/index.ts create mode 100644 packages/security/tsconfig.json diff --git a/packages/api-gateway/package.json b/packages/api-gateway/package.json index 55bfb297d..044068b73 100644 --- a/packages/api-gateway/package.json +++ b/packages/api-gateway/package.json @@ -25,7 +25,7 @@ "@newrelic/winston-enricher": "^2.1.0", "@sentry/node": "^7.3.0", "@standardnotes/analytics": "workspace:*", - "@standardnotes/auth": "3.19.4", + "@standardnotes/security": "workspace:*", "@standardnotes/domain-events": "workspace:*", "@standardnotes/domain-events-infra": "workspace:*", "@standardnotes/time": "^1.7.1", diff --git a/packages/api-gateway/src/Controller/AuthMiddleware.ts b/packages/api-gateway/src/Controller/AuthMiddleware.ts index 065cf31f6..38a51753a 100644 --- a/packages/api-gateway/src/Controller/AuthMiddleware.ts +++ b/packages/api-gateway/src/Controller/AuthMiddleware.ts @@ -1,4 +1,4 @@ -import { CrossServiceTokenData } from '@standardnotes/auth' +import { CrossServiceTokenData } from '@standardnotes/security' import { TimerInterface } from '@standardnotes/time' import { NextFunction, Request, Response } from 'express' import { inject, injectable } from 'inversify' diff --git a/packages/api-gateway/src/Controller/SubscriptionTokenAuthMiddleware.ts b/packages/api-gateway/src/Controller/SubscriptionTokenAuthMiddleware.ts index 7a081ff22..2eab34931 100644 --- a/packages/api-gateway/src/Controller/SubscriptionTokenAuthMiddleware.ts +++ b/packages/api-gateway/src/Controller/SubscriptionTokenAuthMiddleware.ts @@ -1,4 +1,4 @@ -import { OfflineUserTokenData, CrossServiceTokenData } from '@standardnotes/auth' +import { OfflineUserTokenData, CrossServiceTokenData } from '@standardnotes/security' import { NextFunction, Request, Response } from 'express' import { inject, injectable } from 'inversify' import { BaseMiddleware } from 'inversify-express-utils' diff --git a/packages/auth/package.json b/packages/auth/package.json index a3f69bbce..9738654af 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -35,7 +35,7 @@ "@sentry/node": "^7.3.0", "@standardnotes/analytics": "workspace:*", "@standardnotes/api": "^1.1.19", - "@standardnotes/auth": "^3.19.4", + "@standardnotes/security": "workspace:*", "@standardnotes/common": "^1.23.1", "@standardnotes/domain-events": "workspace:*", "@standardnotes/domain-events-infra": "workspace:*", diff --git a/packages/auth/src/Bootstrap/Container.ts b/packages/auth/src/Bootstrap/Container.ts index a0c83f35c..d2cb2e5b7 100644 --- a/packages/auth/src/Bootstrap/Container.ts +++ b/packages/auth/src/Bootstrap/Container.ts @@ -143,7 +143,7 @@ import { TokenEncoder, TokenEncoderInterface, ValetTokenData, -} from '@standardnotes/auth' +} from '@standardnotes/security' import { FileUploadedEventHandler } from '../Domain/Handler/FileUploadedEventHandler' import { CreateValetToken } from '../Domain/UseCase/CreateValetToken/CreateValetToken' import { CreateListedAccount } from '../Domain/UseCase/CreateListedAccount/CreateListedAccount' diff --git a/packages/auth/src/Controller/ApiGatewayAuthMiddleware.spec.ts b/packages/auth/src/Controller/ApiGatewayAuthMiddleware.spec.ts index 9dab8a992..f21c71d48 100644 --- a/packages/auth/src/Controller/ApiGatewayAuthMiddleware.spec.ts +++ b/packages/auth/src/Controller/ApiGatewayAuthMiddleware.spec.ts @@ -3,7 +3,7 @@ import 'reflect-metadata' import { ApiGatewayAuthMiddleware } from './ApiGatewayAuthMiddleware' import { NextFunction, Request, Response } from 'express' import { Logger } from 'winston' -import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/auth' +import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/security' import { RoleName } from '@standardnotes/common' describe('ApiGatewayAuthMiddleware', () => { diff --git a/packages/auth/src/Controller/ApiGatewayAuthMiddleware.ts b/packages/auth/src/Controller/ApiGatewayAuthMiddleware.ts index 17fbd5e5c..2665df1c3 100644 --- a/packages/auth/src/Controller/ApiGatewayAuthMiddleware.ts +++ b/packages/auth/src/Controller/ApiGatewayAuthMiddleware.ts @@ -1,4 +1,4 @@ -import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/auth' +import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/security' import { NextFunction, Request, Response } from 'express' import { inject, injectable } from 'inversify' import { BaseMiddleware } from 'inversify-express-utils' diff --git a/packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.spec.ts b/packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.spec.ts index f3727b0b9..bde9d9d61 100644 --- a/packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.spec.ts +++ b/packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.spec.ts @@ -3,7 +3,7 @@ import 'reflect-metadata' import { ApiGatewayOfflineAuthMiddleware } from './ApiGatewayOfflineAuthMiddleware' import { NextFunction, Request, Response } from 'express' import { Logger } from 'winston' -import { OfflineUserTokenData, TokenDecoderInterface } from '@standardnotes/auth' +import { OfflineUserTokenData, TokenDecoderInterface } from '@standardnotes/security' describe('ApiGatewayOfflineAuthMiddleware', () => { let tokenDecoder: TokenDecoderInterface diff --git a/packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.ts b/packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.ts index 7ce834814..44c2543d0 100644 --- a/packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.ts +++ b/packages/auth/src/Controller/ApiGatewayOfflineAuthMiddleware.ts @@ -1,4 +1,4 @@ -import { OfflineUserTokenData, TokenDecoderInterface } from '@standardnotes/auth' +import { OfflineUserTokenData, TokenDecoderInterface } from '@standardnotes/security' import { NextFunction, Request, Response } from 'express' import { inject, injectable } from 'inversify' import { BaseMiddleware } from 'inversify-express-utils' diff --git a/packages/auth/src/Controller/OfflineController.spec.ts b/packages/auth/src/Controller/OfflineController.spec.ts index f0fb00c60..9c6266083 100644 --- a/packages/auth/src/Controller/OfflineController.spec.ts +++ b/packages/auth/src/Controller/OfflineController.spec.ts @@ -11,7 +11,7 @@ import { CreateOfflineSubscriptionTokenResponse } from '../Domain/UseCase/Create import { AuthenticateOfflineSubscriptionToken } from '../Domain/UseCase/AuthenticateOfflineSubscriptionToken/AuthenticateOfflineSubscriptionToken' import { OfflineUserSubscription } from '../Domain/Subscription/OfflineUserSubscription' import { GetUserOfflineSubscription } from '../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription' -import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/security' import { SubscriptionName } from '@standardnotes/common' import { Logger } from 'winston' diff --git a/packages/auth/src/Controller/OfflineController.ts b/packages/auth/src/Controller/OfflineController.ts index 3793e8088..42f264f8c 100644 --- a/packages/auth/src/Controller/OfflineController.ts +++ b/packages/auth/src/Controller/OfflineController.ts @@ -14,7 +14,7 @@ import { AuthenticateOfflineSubscriptionToken } from '../Domain/UseCase/Authenti import { CreateOfflineSubscriptionToken } from '../Domain/UseCase/CreateOfflineSubscriptionToken/CreateOfflineSubscriptionToken' import { GetUserOfflineSubscription } from '../Domain/UseCase/GetUserOfflineSubscription/GetUserOfflineSubscription' import { Logger } from 'winston' -import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { OfflineUserTokenData, TokenEncoderInterface } from '@standardnotes/security' @controller('/offline') export class OfflineController extends BaseHttpController { diff --git a/packages/auth/src/Controller/SessionsController.spec.ts b/packages/auth/src/Controller/SessionsController.spec.ts index aa2359705..f54cb747f 100644 --- a/packages/auth/src/Controller/SessionsController.spec.ts +++ b/packages/auth/src/Controller/SessionsController.spec.ts @@ -10,7 +10,7 @@ import { GetActiveSessionsForUser } from '../Domain/UseCase/GetActiveSessionsFor import { AuthenticateRequest } from '../Domain/UseCase/AuthenticateRequest' import { User } from '../Domain/User/User' import { Role } from '../Domain/Role/Role' -import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security' import { GetUserAnalyticsId } from '../Domain/UseCase/GetUserAnalyticsId/GetUserAnalyticsId' describe('SessionsController', () => { diff --git a/packages/auth/src/Controller/SessionsController.ts b/packages/auth/src/Controller/SessionsController.ts index 29a08d031..71bb5039e 100644 --- a/packages/auth/src/Controller/SessionsController.ts +++ b/packages/auth/src/Controller/SessionsController.ts @@ -16,7 +16,7 @@ import { Role } from '../Domain/Role/Role' import { User } from '../Domain/User/User' import { ProjectorInterface } from '../Projection/ProjectorInterface' import { SessionProjector } from '../Projection/SessionProjector' -import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security' import { RoleName } from '@standardnotes/common' import { GetUserAnalyticsId } from '../Domain/UseCase/GetUserAnalyticsId/GetUserAnalyticsId' diff --git a/packages/auth/src/Controller/SubscriptionInvitesController.ts b/packages/auth/src/Controller/SubscriptionInvitesController.ts index 222c6decf..027cdfe45 100644 --- a/packages/auth/src/Controller/SubscriptionInvitesController.ts +++ b/packages/auth/src/Controller/SubscriptionInvitesController.ts @@ -1,4 +1,4 @@ -import { Role } from '@standardnotes/auth' +import { Role } from '@standardnotes/security' import { Request, Response } from 'express' import { inject } from 'inversify' import { diff --git a/packages/auth/src/Controller/SubscriptionTokensController.spec.ts b/packages/auth/src/Controller/SubscriptionTokensController.spec.ts index 53cbf1c79..95e25fe22 100644 --- a/packages/auth/src/Controller/SubscriptionTokensController.spec.ts +++ b/packages/auth/src/Controller/SubscriptionTokensController.spec.ts @@ -12,7 +12,7 @@ import { ProjectorInterface } from '../Projection/ProjectorInterface' import { Role } from '../Domain/Role/Role' import { SettingServiceInterface } from '../Domain/Setting/SettingServiceInterface' import { Setting } from '../Domain/Setting/Setting' -import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security' import { GetUserAnalyticsId } from '../Domain/UseCase/GetUserAnalyticsId/GetUserAnalyticsId' describe('SubscriptionTokensController', () => { diff --git a/packages/auth/src/Controller/SubscriptionTokensController.ts b/packages/auth/src/Controller/SubscriptionTokensController.ts index aae67194e..2742cd977 100644 --- a/packages/auth/src/Controller/SubscriptionTokensController.ts +++ b/packages/auth/src/Controller/SubscriptionTokensController.ts @@ -1,4 +1,4 @@ -import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { CrossServiceTokenData, TokenEncoderInterface } from '@standardnotes/security' import { ErrorTag, RoleName } from '@standardnotes/common' import { SettingName } from '@standardnotes/settings' import { Request, Response } from 'express' diff --git a/packages/auth/src/Domain/Auth/AuthResponseFactory20161215.spec.ts b/packages/auth/src/Domain/Auth/AuthResponseFactory20161215.spec.ts index 1488132a1..e5e2a3254 100644 --- a/packages/auth/src/Domain/Auth/AuthResponseFactory20161215.spec.ts +++ b/packages/auth/src/Domain/Auth/AuthResponseFactory20161215.spec.ts @@ -1,6 +1,6 @@ import 'reflect-metadata' -import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/security' import { Logger } from 'winston' import { ProjectorInterface } from '../../Projection/ProjectorInterface' diff --git a/packages/auth/src/Domain/Auth/AuthResponseFactory20161215.ts b/packages/auth/src/Domain/Auth/AuthResponseFactory20161215.ts index 109e2d932..73dd57f64 100644 --- a/packages/auth/src/Domain/Auth/AuthResponseFactory20161215.ts +++ b/packages/auth/src/Domain/Auth/AuthResponseFactory20161215.ts @@ -1,4 +1,4 @@ -import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/security' import { Uuid } from '@standardnotes/common' import * as crypto from 'crypto' diff --git a/packages/auth/src/Domain/Auth/AuthResponseFactory20190520.spec.ts b/packages/auth/src/Domain/Auth/AuthResponseFactory20190520.spec.ts index b7a9ab7dc..280fad018 100644 --- a/packages/auth/src/Domain/Auth/AuthResponseFactory20190520.spec.ts +++ b/packages/auth/src/Domain/Auth/AuthResponseFactory20190520.spec.ts @@ -1,4 +1,4 @@ -import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/security' import 'reflect-metadata' import { Logger } from 'winston' diff --git a/packages/auth/src/Domain/Auth/AuthResponseFactory20200115.spec.ts b/packages/auth/src/Domain/Auth/AuthResponseFactory20200115.spec.ts index fd4872bd0..b203c5937 100644 --- a/packages/auth/src/Domain/Auth/AuthResponseFactory20200115.spec.ts +++ b/packages/auth/src/Domain/Auth/AuthResponseFactory20200115.spec.ts @@ -1,6 +1,6 @@ import 'reflect-metadata' -import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/auth' +import { SessionTokenData, TokenEncoderInterface } from '@standardnotes/security' import { SessionBody } from '@standardnotes/responses' import { Logger } from 'winston' diff --git a/packages/auth/src/Domain/Auth/AuthResponseFactory20200115.ts b/packages/auth/src/Domain/Auth/AuthResponseFactory20200115.ts index e8845b109..a99ba5715 100644 --- a/packages/auth/src/Domain/Auth/AuthResponseFactory20200115.ts +++ b/packages/auth/src/Domain/Auth/AuthResponseFactory20200115.ts @@ -2,7 +2,7 @@ import { // eslint-disable-next-line @typescript-eslint/no-unused-vars SessionTokenData, TokenEncoderInterface, -} from '@standardnotes/auth' +} from '@standardnotes/security' import { Uuid } from '@standardnotes/common' import { SessionBody } from '@standardnotes/responses' import { inject, injectable } from 'inversify' diff --git a/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.spec.ts b/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.spec.ts index ecbed4a8f..9ad7e2fba 100644 --- a/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.spec.ts +++ b/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.spec.ts @@ -1,6 +1,6 @@ import 'reflect-metadata' -import { SessionTokenData, TokenDecoderInterface } from '@standardnotes/auth' +import { SessionTokenData, TokenDecoderInterface } from '@standardnotes/security' import { RevokedSession } from '../Session/RevokedSession' import { Session } from '../Session/Session' diff --git a/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.ts b/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.ts index 33dcdb704..feabcb333 100644 --- a/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.ts +++ b/packages/auth/src/Domain/Auth/AuthenticationMethodResolver.ts @@ -1,4 +1,4 @@ -import { SessionTokenData, TokenDecoderInterface } from '@standardnotes/auth' +import { SessionTokenData, TokenDecoderInterface } from '@standardnotes/security' import { inject, injectable } from 'inversify' import TYPES from '../../Bootstrap/Types' import { SessionServiceInterface } from '../Session/SessionServiceInterface' diff --git a/packages/auth/src/Domain/Feature/FeatureService.spec.ts b/packages/auth/src/Domain/Feature/FeatureService.spec.ts index dbd400152..0a1128598 100644 --- a/packages/auth/src/Domain/Feature/FeatureService.spec.ts +++ b/packages/auth/src/Domain/Feature/FeatureService.spec.ts @@ -1,6 +1,6 @@ import 'reflect-metadata' -import { Role } from '@standardnotes/auth' +import { Role } from '@standardnotes/security' import { RoleName, SubscriptionName } from '@standardnotes/common' import { RoleToSubscriptionMapInterface } from '../Role/RoleToSubscriptionMapInterface' diff --git a/packages/auth/src/Domain/Handler/ExtensionKeyGrantedEventHandler.ts b/packages/auth/src/Domain/Handler/ExtensionKeyGrantedEventHandler.ts index 3ac588be7..07c94d729 100644 --- a/packages/auth/src/Domain/Handler/ExtensionKeyGrantedEventHandler.ts +++ b/packages/auth/src/Domain/Handler/ExtensionKeyGrantedEventHandler.ts @@ -1,6 +1,6 @@ import { DomainEventHandlerInterface, ExtensionKeyGrantedEvent } from '@standardnotes/domain-events' import { SettingName } from '@standardnotes/settings' -import { OfflineFeaturesTokenData } from '@standardnotes/auth' +import { OfflineFeaturesTokenData } from '@standardnotes/security' import { ContentDecoderInterface } from '@standardnotes/common' import { inject, injectable } from 'inversify' import { Logger } from 'winston' diff --git a/packages/auth/src/Domain/Handler/SubscriptionSyncRequestedEventHandler.ts b/packages/auth/src/Domain/Handler/SubscriptionSyncRequestedEventHandler.ts index fe87ae329..d889b59b1 100644 --- a/packages/auth/src/Domain/Handler/SubscriptionSyncRequestedEventHandler.ts +++ b/packages/auth/src/Domain/Handler/SubscriptionSyncRequestedEventHandler.ts @@ -1,4 +1,4 @@ -import { OfflineFeaturesTokenData } from '@standardnotes/auth' +import { OfflineFeaturesTokenData } from '@standardnotes/security' import { DomainEventHandlerInterface, SubscriptionSyncRequestedEvent } from '@standardnotes/domain-events' import { inject, injectable } from 'inversify' import { Logger } from 'winston' diff --git a/packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.spec.ts b/packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.spec.ts index 3780658c5..f2ad8e6e7 100644 --- a/packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.spec.ts +++ b/packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.spec.ts @@ -1,6 +1,6 @@ import 'reflect-metadata' -import { TokenEncoderInterface, ValetTokenData } from '@standardnotes/auth' +import { TokenEncoderInterface, ValetTokenData } from '@standardnotes/security' import { CreateValetToken } from './CreateValetToken' import { TimerInterface } from '@standardnotes/time' import { UserSubscription } from '../../Subscription/UserSubscription' diff --git a/packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.ts b/packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.ts index d94a2d63a..0d58ff935 100644 --- a/packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.ts +++ b/packages/auth/src/Domain/UseCase/CreateValetToken/CreateValetToken.ts @@ -1,7 +1,7 @@ import { inject, injectable } from 'inversify' import { SubscriptionName } from '@standardnotes/common' import { TimerInterface } from '@standardnotes/time' -import { TokenEncoderInterface, ValetTokenData } from '@standardnotes/auth' +import { TokenEncoderInterface, ValetTokenData } from '@standardnotes/security' import { CreateValetTokenPayload, CreateValetTokenResponseData } from '@standardnotes/responses' import { SubscriptionSettingName } from '@standardnotes/settings' diff --git a/packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts b/packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts index 7aab91540..a2a8f19be 100644 --- a/packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts +++ b/packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts @@ -7,7 +7,7 @@ import { VerifyMFA } from './VerifyMFA' import { Setting } from '../Setting/Setting' import { SettingServiceInterface } from '../Setting/SettingServiceInterface' import { SettingName } from '@standardnotes/settings' -import { SelectorInterface } from '@standardnotes/auth' +import { SelectorInterface } from '@standardnotes/security' import { LockRepositoryInterface } from '../User/LockRepositoryInterface' describe('VerifyMFA', () => { diff --git a/packages/auth/src/Domain/UseCase/VerifyMFA.ts b/packages/auth/src/Domain/UseCase/VerifyMFA.ts index 2b0778068..0a2a4f7c6 100644 --- a/packages/auth/src/Domain/UseCase/VerifyMFA.ts +++ b/packages/auth/src/Domain/UseCase/VerifyMFA.ts @@ -12,7 +12,7 @@ import { UseCaseInterface } from './UseCaseInterface' import { VerifyMFADTO } from './VerifyMFADTO' import { VerifyMFAResponse } from './VerifyMFAResponse' import { SettingServiceInterface } from '../Setting/SettingServiceInterface' -import { SelectorInterface } from '@standardnotes/auth' +import { SelectorInterface } from '@standardnotes/security' import { LockRepositoryInterface } from '../User/LockRepositoryInterface' @injectable() diff --git a/packages/auth/src/Domain/User/KeyParamsFactory.spec.ts b/packages/auth/src/Domain/User/KeyParamsFactory.spec.ts index 17e716f69..a81f74c38 100644 --- a/packages/auth/src/Domain/User/KeyParamsFactory.spec.ts +++ b/packages/auth/src/Domain/User/KeyParamsFactory.spec.ts @@ -1,6 +1,6 @@ import 'reflect-metadata' -import { SelectorInterface } from '@standardnotes/auth' +import { SelectorInterface } from '@standardnotes/security' import { ProtocolVersion } from '@standardnotes/common' import { KeyParamsFactory } from './KeyParamsFactory' diff --git a/packages/auth/src/Domain/User/KeyParamsFactory.ts b/packages/auth/src/Domain/User/KeyParamsFactory.ts index f7129c584..c65f76dbc 100644 --- a/packages/auth/src/Domain/User/KeyParamsFactory.ts +++ b/packages/auth/src/Domain/User/KeyParamsFactory.ts @@ -6,7 +6,7 @@ import { inject, injectable } from 'inversify' import TYPES from '../../Bootstrap/Types' import { KeyParamsFactoryInterface } from './KeyParamsFactoryInterface' import { User } from './User' -import { SelectorInterface } from '@standardnotes/auth' +import { SelectorInterface } from '@standardnotes/security' @injectable() export class KeyParamsFactory implements KeyParamsFactoryInterface { diff --git a/packages/domain-events/package.json b/packages/domain-events/package.json index f250a496e..05039dd54 100644 --- a/packages/domain-events/package.json +++ b/packages/domain-events/package.json @@ -24,7 +24,7 @@ "test:unit": "jest spec --coverage --passWithNoTests" }, "dependencies": { - "@standardnotes/auth": "^3.19.4", + "@standardnotes/security": "workspace:*", "@standardnotes/common": "^1.23.1", "@standardnotes/features": "^1.47.0", "@standardnotes/predicates": "workspace:*", diff --git a/packages/files/package.json b/packages/files/package.json index d4d895772..8e69eb21f 100644 --- a/packages/files/package.json +++ b/packages/files/package.json @@ -27,7 +27,7 @@ }, "dependencies": { "@sentry/node": "^7.3.0", - "@standardnotes/auth": "^3.19.4", + "@standardnotes/security": "workspace:*", "@standardnotes/common": "^1.23.1", "@standardnotes/domain-events": "workspace:*", "@standardnotes/domain-events-infra": "workspace:*", diff --git a/packages/files/src/Bootstrap/Container.ts b/packages/files/src/Bootstrap/Container.ts index e4592db9e..12234eed2 100644 --- a/packages/files/src/Bootstrap/Container.ts +++ b/packages/files/src/Bootstrap/Container.ts @@ -7,7 +7,7 @@ import { Env } from './Env' import TYPES from './Types' import { UploadFileChunk } from '../Domain/UseCase/UploadFileChunk/UploadFileChunk' import { ValetTokenAuthMiddleware } from '../Controller/ValetTokenAuthMiddleware' -import { TokenDecoder, TokenDecoderInterface, ValetTokenData } from '@standardnotes/auth' +import { TokenDecoder, TokenDecoderInterface, ValetTokenData } from '@standardnotes/security' import { Timer, TimerInterface } from '@standardnotes/time' import { DomainEventFactoryInterface } from '../Domain/Event/DomainEventFactoryInterface' import { DomainEventFactory } from '../Domain/Event/DomainEventFactory' diff --git a/packages/files/src/Controller/ValetTokenAuthMiddleware.spec.ts b/packages/files/src/Controller/ValetTokenAuthMiddleware.spec.ts index 8ca052493..984ac4472 100644 --- a/packages/files/src/Controller/ValetTokenAuthMiddleware.spec.ts +++ b/packages/files/src/Controller/ValetTokenAuthMiddleware.spec.ts @@ -3,7 +3,7 @@ import 'reflect-metadata' import { ValetTokenAuthMiddleware } from './ValetTokenAuthMiddleware' import { NextFunction, Request, Response } from 'express' import { Logger } from 'winston' -import { TokenDecoderInterface, ValetTokenData } from '@standardnotes/auth' +import { TokenDecoderInterface, ValetTokenData } from '@standardnotes/security' describe('ValetTokenAuthMiddleware', () => { let tokenDecoder: TokenDecoderInterface diff --git a/packages/files/src/Controller/ValetTokenAuthMiddleware.ts b/packages/files/src/Controller/ValetTokenAuthMiddleware.ts index 529b712d5..85c36ea3a 100644 --- a/packages/files/src/Controller/ValetTokenAuthMiddleware.ts +++ b/packages/files/src/Controller/ValetTokenAuthMiddleware.ts @@ -1,4 +1,4 @@ -import { TokenDecoderInterface, ValetTokenData } from '@standardnotes/auth' +import { TokenDecoderInterface, ValetTokenData } from '@standardnotes/security' import { NextFunction, Request, Response } from 'express' import { inject, injectable } from 'inversify' import { BaseMiddleware } from 'inversify-express-utils' diff --git a/packages/security/.eslintignore b/packages/security/.eslintignore new file mode 100644 index 000000000..1521c8b76 --- /dev/null +++ b/packages/security/.eslintignore @@ -0,0 +1 @@ +dist diff --git a/packages/security/.eslintrc b/packages/security/.eslintrc new file mode 100644 index 000000000..cb7136174 --- /dev/null +++ b/packages/security/.eslintrc @@ -0,0 +1,6 @@ +{ + "extends": "../../.eslintrc", + "parserOptions": { + "project": "./linter.tsconfig.json" + } +} diff --git a/packages/security/CHANGELOG.md b/packages/security/CHANGELOG.md new file mode 100644 index 000000000..f9bacfd12 --- /dev/null +++ b/packages/security/CHANGELOG.md @@ -0,0 +1,365 @@ +# Change Log + +All notable changes to this project will be documented in this file. +See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. + +## [3.19.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.4...@standardnotes/auth@3.19.5) (2022-07-04) + +### Bug Fixes + +* add missing reflect-metadata package to all packages ([ce3a5bb](https://github.com/standardnotes/snjs/commit/ce3a5bbf3f1d2276ac4abc3eec3c6a44c8c3ba9b)) + +## [3.19.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.3...@standardnotes/auth@3.19.4) (2022-06-27) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.19.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.2...@standardnotes/auth@3.19.3) (2022-06-15) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.19.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.1...@standardnotes/auth@3.19.2) (2022-05-30) + +### Bug Fixes + +* add session access and refresh expiration dates to cross service token data ([8ad0eee](https://github.com/standardnotes/snjs/commit/8ad0eee04acfbba03e62881e1c17e77baedbea04)) + +## [3.19.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.19.0...@standardnotes/auth@3.19.1) (2022-05-27) + +### Bug Fixes + +* make analytics id optional in the cross service token data ([f5445d4](https://github.com/standardnotes/snjs/commit/f5445d4fb69158de676c4f4d108dc675ded8b9a1)) + +# [3.19.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.17...@standardnotes/auth@3.19.0) (2022-05-24) + +### Features + +* add user analytics id to cross service token data ([046c951](https://github.com/standardnotes/snjs/commit/046c951cac4b1d9a80904da97d5fc279a629e965)) + +## [3.18.17](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.16...@standardnotes/auth@3.18.17) (2022-05-22) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.16](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.15...@standardnotes/auth@3.18.16) (2022-05-17) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.15](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.14...@standardnotes/auth@3.18.15) (2022-05-16) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.14](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.13...@standardnotes/auth@3.18.14) (2022-05-16) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.13](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.11...@standardnotes/auth@3.18.13) (2022-05-04) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.12](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.11...@standardnotes/auth@3.18.12) (2022-05-04) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.11](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.10...@standardnotes/auth@3.18.11) (2022-04-22) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.10](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.9...@standardnotes/auth@3.18.10) (2022-04-21) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.9](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.8...@standardnotes/auth@3.18.9) (2022-04-20) + +### Bug Fixes + +* valet token data optional property ([f926ecb](https://github.com/standardnotes/snjs/commit/f926ecbd5481e9cc98cbfadf57260e1d4a5e54fc)) + +## [3.18.8](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.7...@standardnotes/auth@3.18.8) (2022-04-20) + +### Bug Fixes + +* valet token data property name ([990fca7](https://github.com/standardnotes/snjs/commit/990fca7bdab43d06339ffa25b907c850fd0afb22)) + +## [3.18.7](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.6...@standardnotes/auth@3.18.7) (2022-04-15) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.6](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.5...@standardnotes/auth@3.18.6) (2022-04-15) + +### Bug Fixes + +* add subscription uuids to valet token and file removed events for cleanup purposes ([e05deb9](https://github.com/standardnotes/snjs/commit/e05deb9cd3fbc69e90fd2dbcae5a62582febe5fa)) + +## [3.18.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.4...@standardnotes/auth@3.18.5) (2022-04-11) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.3...@standardnotes/auth@3.18.4) (2022-04-01) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.2...@standardnotes/auth@3.18.3) (2022-03-31) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.1...@standardnotes/auth@3.18.2) (2022-03-31) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.18.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.18.0...@standardnotes/auth@3.18.1) (2022-03-30) + +**Note:** Version bump only for package @standardnotes/auth + +# [3.18.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.11...@standardnotes/auth@3.18.0) (2022-03-23) + +### Features + +* add deterministic value selector ([#671](https://github.com/standardnotes/snjs/issues/671)) ([570d2ae](https://github.com/standardnotes/snjs/commit/570d2aeae842540c64ae33bbcbef8242f2b85e5f)) + +## [3.17.11](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.10...@standardnotes/auth@3.17.11) (2022-03-22) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.17.10](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.9...@standardnotes/auth@3.17.10) (2022-03-21) + +### Bug Fixes + +* add readonly access information about the session in cross service token ([9363eeb](https://github.com/standardnotes/snjs/commit/9363eeb83dcc953b14b040e68045a6019f498e12)) + +## [3.17.9](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.8...@standardnotes/auth@3.17.9) (2022-03-21) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.17.8](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.7...@standardnotes/auth@3.17.8) (2022-03-18) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.17.7](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.5...@standardnotes/auth@3.17.7) (2022-03-16) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.17.6](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.5...@standardnotes/auth@3.17.6) (2022-03-16) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.17.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.4...@standardnotes/auth@3.17.5) (2022-03-11) + +### Bug Fixes + +* add unencrypted file size to valet token resources ([06b0a4a](https://github.com/standardnotes/snjs/commit/06b0a4a998980048b3b9e0e146321de0c198f069)) + +## [3.17.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.3...@standardnotes/auth@3.17.4) (2022-03-09) + +### Bug Fixes + +* add deleting as a valid operation in valet token ([13a22d9](https://github.com/standardnotes/snjs/commit/13a22d9734f898d0cd2475fbe53a021be2c20a5f)) + +## [3.17.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.1...@standardnotes/auth@3.17.3) (2022-02-28) + +### Bug Fixes + +* add pseudo change to get lerna to trigger ([41e6817](https://github.com/standardnotes/snjs/commit/41e6817bbf726b0932cdf16f58622328b9e42803)) + +## [3.17.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.1...@standardnotes/auth@3.17.2) (2022-02-28) + +### Bug Fixes + +* add pseudo change to get lerna to trigger ([41e6817](https://github.com/standardnotes/snjs/commit/41e6817bbf726b0932cdf16f58622328b9e42803)) + +## [3.17.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.17.0...@standardnotes/auth@3.17.1) (2022-02-27) + +**Note:** Version bump only for package @standardnotes/auth + +# [3.17.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.5...@standardnotes/auth@3.17.0) (2022-02-25) + +### Features + +* extract core functionalities to separate packages ([#610](https://github.com/standardnotes/snjs/issues/610)) ([801547a](https://github.com/standardnotes/snjs/commit/801547a71614ad51a92fb249eaa184ed46a44aac)) + +## [3.16.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.4...@standardnotes/auth@3.16.5) (2022-02-24) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.16.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.3...@standardnotes/auth@3.16.4) (2022-02-22) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.16.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.2...@standardnotes/auth@3.16.3) (2022-02-22) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.16.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.1...@standardnotes/auth@3.16.2) (2022-02-18) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.16.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.16.0...@standardnotes/auth@3.16.1) (2022-02-16) + +**Note:** Version bump only for package @standardnotes/auth + +# [3.16.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.5...@standardnotes/auth@3.16.0) (2022-02-10) + +### Features + +* remove role name and subscription name from auth in favor of common ([14ec74c](https://github.com/standardnotes/snjs/commit/14ec74c3d98febf1117073f32442504cfad428e8)) + +## [3.15.5](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.4...@standardnotes/auth@3.15.5) (2022-02-10) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.15.4](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.3...@standardnotes/auth@3.15.4) (2022-02-07) + +**Note:** Version bump only for package @standardnotes/auth + +## [3.15.3](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.2...@standardnotes/auth@3.15.3) (2022-01-19) + +### Bug Fixes + +* add upload bytes information to valet token ([6d35f2b](https://github.com/standardnotes/snjs/commit/6d35f2b3774b1d0dad60c3ad00d2a958b81a52cb)) + +## [3.15.2](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.1...@standardnotes/auth@3.15.2) (2022-01-17) + +### Bug Fixes + +* remove valet token valid until date in favor of jwt expiration ([7973fb1](https://github.com/standardnotes/snjs/commit/7973fb1695f3b02fa9b8888c6c5d0ff10b1979ee)) + +## [3.15.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.15.0...@standardnotes/auth@3.15.1) (2022-01-17) + +### Bug Fixes + +* token encoders ([e0be0f4](https://github.com/standardnotes/snjs/commit/e0be0f4f0677615c3e347843eea33f08e9920eae)) + +# [3.15.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.14.1...@standardnotes/auth@3.15.0) (2022-01-17) + +### Features + +* refactor token data names ([#559](https://github.com/standardnotes/snjs/issues/559)) ([2c615c9](https://github.com/standardnotes/snjs/commit/2c615c9b6f733195684163a58df606f5a8ffde59)) + +## [3.14.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.14.0...@standardnotes/auth@3.14.1) (2022-01-15) + +**Note:** Version bump only for package @standardnotes/auth + +# [3.14.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.13.1...@standardnotes/auth@3.14.0) (2022-01-15) + +### Features + +* add crypter, decoder and encoder to auth package ([#553](https://github.com/standardnotes/snjs/issues/553)) ([940e0a5](https://github.com/standardnotes/snjs/commit/940e0a56a84e5f057a94a526289ae79e1ea46f70)) + +## [3.13.1](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.13.0...@standardnotes/auth@3.13.1) (2022-01-14) + +### Bug Fixes + +* cross-package dependencies and content type imports ([#556](https://github.com/standardnotes/snjs/issues/556)) ([26ba1e0](https://github.com/standardnotes/snjs/commit/26ba1e0c38e7e0ae572996125150a4c3d27f1c0a)) + +# [3.13.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.12.0...@standardnotes/auth@3.13.0) (2022-01-13) + +### Bug Fixes + +* correct gitignore paths ([cefc0cf](https://github.com/standardnotes/snjs/commit/cefc0cfcf98e3e5378e055b8c46931b53b23195e)) +* include dist in static components ([d17ce0f](https://github.com/standardnotes/snjs/commit/d17ce0f67045c6e4c97bf4577709aa58794e72e6)) + +### Features + +* add token decoder ([#551](https://github.com/standardnotes/snjs/issues/551)) ([7240588](https://github.com/standardnotes/snjs/commit/724058864be08d0d78d4d8c232864aed125ea6e0)) + +# [3.12.0](https://github.com/standardnotes/snjs/compare/@standardnotes/auth@3.11.0...@standardnotes/auth@3.12.0) (2021-12-23) + +### Features + +* remove not used AuthMethods type ([98cb8e2](https://github.com/standardnotes/snjs/commit/98cb8e2bdf152c2b9e4f349fb77b537f8ac416e3)) + +# 3.11.0 (2021-12-23) + +### Features + +* rename email backup setting to email backup frequency ([25e7b46](https://github.com/standardnotes/snjs/commit/25e7b4620834711ac7f513ae893898c5eab1af53)) + +## 3.10.3 (2021-12-23) + +### Bug Fixes + +* lock package versions ([8aa2ce6](https://github.com/standardnotes/snjs/commit/8aa2ce676b57598ab72840adf851869d8e769022)) + +## 3.10.2 (2021-12-23) + +### Bug Fixes + +* add publishing from package version by lerna ([80433d0](https://github.com/standardnotes/snjs/commit/80433d044f258095753482b8322d73aba3d9a9e4)) + +## 3.10.1 (2021-12-23) + +### Bug Fixes + +* remove the ammend commit from lerna versioning ([f0400d9](https://github.com/standardnotes/snjs/commit/f0400d9a2f5a04eaece2e4c16da71166a2ddb251)) + +# 3.10.0 (2021-12-23) + +### Features + +* add one drive backup frequency setting ([#522](https://github.com/standardnotes/snjs/issues/522)) ([c27827f](https://github.com/standardnotes/snjs/commit/c27827f8c7969dd32511c9c75122ece372132c83)) + +## 3.9.4 (2021-12-23) + +### Bug Fixes + +* remove running tests upon deployment - ensured on PR status checks ([#523](https://github.com/standardnotes/snjs/issues/523)) ([5c795d1](https://github.com/standardnotes/snjs/commit/5c795d17b583d02955773576384e622c3ef7f418)) + +## 3.9.3 (2021-12-23) + +### Bug Fixes + +* pr template ([#518](https://github.com/standardnotes/snjs/issues/518)) ([b445bb6](https://github.com/standardnotes/snjs/commit/b445bb64841217ae27c2514887629235be95d2a3)) + +## 3.9.2 (2021-12-23) + +### Bug Fixes + +* checkout with personal access token ([773c1ef](https://github.com/standardnotes/snjs/commit/773c1ef91c4452ad411e928342060dcb59428e3c)) + +## 3.9.1 (2021-12-22) + +### Bug Fixes + +* gpg signing with CI StandardNotes user ([d72f61c](https://github.com/standardnotes/snjs/commit/d72f61c23cd15b31d37340cc756d16526634b9ee)) + +# 3.9.0 (2021-12-22) + +### Bug Fixes + +* add another missing export ([e219511](https://github.com/standardnotes/snjs/commit/e219511bfd361ac7e785c8ef407fd3323c3f6d08)) +* add missing export ([887a37e](https://github.com/standardnotes/snjs/commit/887a37ece3c6a266894ab5e54c96c7b45c1c8d68)) +* change user changed email event name ([#409](https://github.com/standardnotes/snjs/issues/409)) ([84efd16](https://github.com/standardnotes/snjs/commit/84efd161574d98a368201c7afcc1eff8ef916631)) +* create start task for auth package ([eb51014](https://github.com/standardnotes/snjs/commit/eb51014dcd94cf4a8be7db4ed7494f07dd7a4040)) +* fix lint problems and permission name export ([d303c06](https://github.com/standardnotes/snjs/commit/d303c06a0bda0d44a01d67c3fdb3a495a6a9148c)) +* forgot to bump Auth SDK version ([5fde641](https://github.com/standardnotes/snjs/commit/5fde64112cf09bdd309ad8f89e07edaf199db5fd)) +* format ([1d7d8a7](https://github.com/standardnotes/snjs/commit/1d7d8a7e39e83c858a5174db174e6f6f67a4f440)) +* format ([89705ae](https://github.com/standardnotes/snjs/commit/89705ae4d0e18b8672f2bd6e33681d38201ad56e)) +* format ([c3ee41b](https://github.com/standardnotes/snjs/commit/c3ee41b1ced73301600ead8cd70e20f0b1ca1d75)) +* linter errors ([51dee46](https://github.com/standardnotes/snjs/commit/51dee46ff8ebe13e43e7c5ca3e00a48dc25cdd54)) +* make session optional in the authentication token - legacy clients support ([e1b7e3e](https://github.com/standardnotes/snjs/commit/e1b7e3e846cf775009eb59bfbe526addf7848798)) +* naming on offline user token data ([0ebbfaa](https://github.com/standardnotes/snjs/commit/0ebbfaa7682ec0fdbccd698b6e9d13fb4dd39836)) +* remove comma ([328d2ca](https://github.com/standardnotes/snjs/commit/328d2ca19d4f9e813ad3f8ff27b2bab64a0036e4)) +* remove features dependency from auth ([4ae24b6](https://github.com/standardnotes/snjs/commit/4ae24b69cbd1df62e036666218f5961cc81e91aa)) +* replace permissions with features in auth token ([#373](https://github.com/standardnotes/snjs/issues/373)) ([739c956](https://github.com/standardnotes/snjs/commit/739c95604bd119a893d0d43dd2b35794cb5cb770)) +* versioning and package dependencies ([#509](https://github.com/standardnotes/snjs/issues/509)) ([fe1df94](https://github.com/standardnotes/snjs/commit/fe1df94eff3e90bcf9ba0cf45bdc44ac49204c71)) + +### Features + +* add Auth SDK package ([#214](https://github.com/standardnotes/snjs/issues/214)) ([ae855ed](https://github.com/standardnotes/snjs/commit/ae855ed74081d7b3dbbcde30ddcd173ed41bf018)) +* add Auth Token DTO ([#218](https://github.com/standardnotes/snjs/issues/218)) ([c5a7509](https://github.com/standardnotes/snjs/commit/c5a750945fc368430ed2bdf7bc2f1c95061fdc2a)) +* add email events ([#250](https://github.com/standardnotes/snjs/issues/250)) ([fe4b444](https://github.com/standardnotes/snjs/commit/fe4b4442bd1c88e8c3e51806629c95153343b92a)) +* add extension key to auth token ([fc1b732](https://github.com/standardnotes/snjs/commit/fc1b7322825ebc3553dc8ce0c298e68baf0004c3)) +* add feature type ([0a8e2ec](https://github.com/standardnotes/snjs/commit/0a8e2ecc9f3cc527e615d9a12125ac8d5b32643b)) +* add get user subscription api call ([#411](https://github.com/standardnotes/snjs/issues/411)) ([83a8518](https://github.com/standardnotes/snjs/commit/83a8518f9232ca3d84dd5ddb102fb6f8b5448654)) +* add KeyParams model to auth package ([#248](https://github.com/standardnotes/snjs/issues/248)) ([cd9f74e](https://github.com/standardnotes/snjs/commit/cd9f74e119e670e3de47b245a6197d4a25340df4)) +* add offline user token data model ([6623498](https://github.com/standardnotes/snjs/commit/6623498690c74e547b32788b8866424e439ef794)) +* add subscription names and extract role names ([#359](https://github.com/standardnotes/snjs/issues/359)) ([df6356c](https://github.com/standardnotes/snjs/commit/df6356ccb8975b39a95c143e064f3e32f0006580)) +* added AuthMethods and extracted Uuid to auth SDK ([cffb5bf](https://github.com/standardnotes/snjs/commit/cffb5bfc4e99ab7186f57257aeba7e346a1c7c08)) +* adjust Auth SDK to the MFA implementation in Auth ([ca2f89a](https://github.com/standardnotes/snjs/commit/ca2f89a1645cad0fcf9f16bdb321773379692c03)) +* change permission and role types ([2722270](https://github.com/standardnotes/snjs/commit/27222706e4c37fa7337ddf44c2a2b1be3c96fea2)) +* extract common error tags to Auth SDK ([7df999e](https://github.com/standardnotes/snjs/commit/7df999eca44a48a74ecf3359ae1f6b914de942b6)) +* extract MFA payload to Auth SDK ([ab28d5c](https://github.com/standardnotes/snjs/commit/ab28d5ceb18e34f944362784105f0c2681667dbe)) +* extract settings and common package ([#372](https://github.com/standardnotes/snjs/issues/372)) ([4f89688](https://github.com/standardnotes/snjs/commit/4f89688054cdae88c001287c9fb3431debd0136c)) +* features instead of permissions ([#385](https://github.com/standardnotes/snjs/issues/385)) ([b53e967](https://github.com/standardnotes/snjs/commit/b53e967297bc472ed11aed79af79d0ae5b36d101)) +* Offline features token ([#452](https://github.com/standardnotes/snjs/issues/452)) ([b04d71b](https://github.com/standardnotes/snjs/commit/b04d71b62d9c6cd408c460c1458a8f14ef6f1948)) +* return array of feature ids instead of features in token ([2e2ac7b](https://github.com/standardnotes/snjs/commit/2e2ac7bae707915adcd01b35c98022720caa834c)) +* revert to returning just user role on event and auth token ([8f9341e](https://github.com/standardnotes/snjs/commit/8f9341eb49910a91a2ccaf2d70843a3ead97b707)) +* upgrade node engine versions to latest active LTS ([#462](https://github.com/standardnotes/snjs/issues/462)) ([686fc15](https://github.com/standardnotes/snjs/commit/686fc15030d302b474ebb7ef1cd4dcc48ec42359)) diff --git a/packages/security/jest.config.js b/packages/security/jest.config.js new file mode 100644 index 000000000..e62343845 --- /dev/null +++ b/packages/security/jest.config.js @@ -0,0 +1,11 @@ +// eslint-disable-next-line @typescript-eslint/no-var-requires +const base = require('../../jest.config'); + +module.exports = { + ...base, + globals: { + 'ts-jest': { + tsconfig: 'tsconfig.json', + }, + } +}; diff --git a/packages/security/linter.tsconfig.json b/packages/security/linter.tsconfig.json new file mode 100644 index 000000000..c1a7d22c5 --- /dev/null +++ b/packages/security/linter.tsconfig.json @@ -0,0 +1,4 @@ +{ + "extends": "./tsconfig.json", + "exclude": ["dist"] +} diff --git a/packages/security/package.json b/packages/security/package.json new file mode 100644 index 000000000..b2307039a --- /dev/null +++ b/packages/security/package.json @@ -0,0 +1,41 @@ +{ + "name": "@standardnotes/security", + "version": "1.0.0", + "engines": { + "node": ">=16.0.0 <17.0.0" + }, + "description": "Security SDK for Standard Notes projects", + "main": "dist/src/index.js", + "author": "Standard Notes", + "types": "dist/src/index.d.ts", + "files": [ + "dist/src/**/*.js", + "dist/src/**/*.d.ts" + ], + "publishConfig": { + "access": "public" + }, + "license": "AGPL-3.0-or-later", + "scripts": { + "clean": "rm -fr dist", + "prestart": "yarn clean", + "start": "tsc -p tsconfig.json --watch", + "prebuild": "yarn clean", + "build": "tsc -p tsconfig.json", + "lint": "eslint . --ext .ts", + "test:unit": "jest spec --coverage" + }, + "dependencies": { + "@standardnotes/common": "^1.23.1", + "jsonwebtoken": "^8.5.1", + "reflect-metadata": "^0.1.13" + }, + "devDependencies": { + "@types/jest": "^27.4.1", + "@types/jsonwebtoken": "^8.5.8", + "@typescript-eslint/eslint-plugin": "^5.30.0", + "eslint-plugin-prettier": "^4.2.1", + "jest": "^27.5.1", + "ts-jest": "^27.1.3" + } +} diff --git a/packages/security/src/Domain/Decoder/TokenDecoder.spec.ts b/packages/security/src/Domain/Decoder/TokenDecoder.spec.ts new file mode 100644 index 000000000..7a6039225 --- /dev/null +++ b/packages/security/src/Domain/Decoder/TokenDecoder.spec.ts @@ -0,0 +1,31 @@ +import 'reflect-metadata' + +import { TokenDecoder } from './TokenDecoder' + +describe('TokenDecoder', () => { + const jwtSecret = 'secret' + + const createDecoder = () => + new TokenDecoder<{ iat: number; pw_hash: string; sub: string; user_uuid: string }>(jwtSecret) + + it('should decode a token', () => { + expect( + createDecoder().decodeToken( + 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwidXNlcl91dWlkIjoiMTIzIiwicHdfaGFzaCI6IjlmODZkMDgxODg0YzdkNjU5YTJmZWFhMGM1NWFkMDE1YTNiZjRmMWIyYjBiODIyY2QxNWQ2YzE1YjBmMDBhMDgiLCJpYXQiOjE1MTYyMzkwMjJ9.TXDPCbCAITDjcUUorHsF4S5Nxkz4eFE4F3TPCsKI89A', + ), + ).toEqual({ + iat: 1516239022, + pw_hash: '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08', + sub: '1234567890', + user_uuid: '123', + }) + }) + + it('should not decode a session token with wrong encoding', () => { + expect( + createDecoder().decodeToken( + 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyqeqwJzdWIiOiIxMjM0NTY3ODkwIiwidXNlcl91dWlkIjoiMTIzIiwicHdfaGFzaCI6IjlmODZkMDgxODg0YzdkNjU5YTJmZWFhMGM1NWFkMDE1YTNiZjRmMWIyYjBiODIyY2QxNWQ2YzE1YjBmMDBhMDgiLCJpYXQiOjE1MTYyMzkwMjJ9.g32nbZ046pRwSe1iHwWEfsNNBRnAKqXshQKRtCuX1Zw', + ), + ).toBeUndefined() + }) +}) diff --git a/packages/security/src/Domain/Decoder/TokenDecoder.ts b/packages/security/src/Domain/Decoder/TokenDecoder.ts new file mode 100644 index 000000000..1f6d94501 --- /dev/null +++ b/packages/security/src/Domain/Decoder/TokenDecoder.ts @@ -0,0 +1,16 @@ +import { verify } from 'jsonwebtoken' + +import { TokenDecoderInterface } from './TokenDecoderInterface' +export class TokenDecoder implements TokenDecoderInterface { + constructor(private jwtSecret: string) {} + + decodeToken(token: string): T | undefined { + try { + return verify(token, this.jwtSecret, { + algorithms: ['HS256'], + }) + } catch (error) { + return undefined + } + } +} diff --git a/packages/security/src/Domain/Decoder/TokenDecoderInterface.ts b/packages/security/src/Domain/Decoder/TokenDecoderInterface.ts new file mode 100644 index 000000000..33372bb6e --- /dev/null +++ b/packages/security/src/Domain/Decoder/TokenDecoderInterface.ts @@ -0,0 +1,3 @@ +export interface TokenDecoderInterface { + decodeToken(token: string): T | undefined +} diff --git a/packages/security/src/Domain/Encoder/TokenEncoder.spec.ts b/packages/security/src/Domain/Encoder/TokenEncoder.spec.ts new file mode 100644 index 000000000..a2c51d325 --- /dev/null +++ b/packages/security/src/Domain/Encoder/TokenEncoder.spec.ts @@ -0,0 +1,25 @@ +import 'reflect-metadata' + +import { JwtPayload, verify } from 'jsonwebtoken' + +import { TokenEncoder } from './TokenEncoder' + +describe('TokenEncoder', () => { + const jwtSecret = 'secret' + + const createEncoder = () => new TokenEncoder<{ user_uuid: string }>(jwtSecret) + + it('should encode a token', () => { + const encodedToken = createEncoder().encodeToken({ user_uuid: '123' }) + + expect((verify(encodedToken, jwtSecret) as JwtPayload).user_uuid).toEqual('123') + expect((verify(encodedToken, jwtSecret) as JwtPayload).exp).toBeUndefined() + }) + + it('should encode an expirable token', () => { + const encodedToken = createEncoder().encodeExpirableToken({ user_uuid: '123' }, 123) + + expect((verify(encodedToken, jwtSecret) as JwtPayload).user_uuid).toEqual('123') + expect((verify(encodedToken, jwtSecret) as JwtPayload).exp).toBeGreaterThan(0) + }) +}) diff --git a/packages/security/src/Domain/Encoder/TokenEncoder.ts b/packages/security/src/Domain/Encoder/TokenEncoder.ts new file mode 100644 index 000000000..7dcebf0f8 --- /dev/null +++ b/packages/security/src/Domain/Encoder/TokenEncoder.ts @@ -0,0 +1,15 @@ +import { sign } from 'jsonwebtoken' + +import { TokenEncoderInterface } from './TokenEncoderInterface' + +export class TokenEncoder implements TokenEncoderInterface { + constructor(private jwtSecret: string) {} + + encodeExpirableToken(data: T, expiresIn: string | number | undefined): string { + return sign(data as Record, this.jwtSecret, { algorithm: 'HS256', expiresIn }) + } + + encodeToken(data: T): string { + return sign(data as Record, this.jwtSecret, { algorithm: 'HS256' }) + } +} diff --git a/packages/security/src/Domain/Encoder/TokenEncoderInterface.ts b/packages/security/src/Domain/Encoder/TokenEncoderInterface.ts new file mode 100644 index 000000000..d7f17947c --- /dev/null +++ b/packages/security/src/Domain/Encoder/TokenEncoderInterface.ts @@ -0,0 +1,4 @@ +export interface TokenEncoderInterface { + encodeToken(data: T): string + encodeExpirableToken(data: T, expiresIn: number): string +} diff --git a/packages/security/src/Domain/Role/Role.ts b/packages/security/src/Domain/Role/Role.ts new file mode 100644 index 000000000..acf63f59a --- /dev/null +++ b/packages/security/src/Domain/Role/Role.ts @@ -0,0 +1,6 @@ +import { Uuid, RoleName } from '@standardnotes/common' + +export type Role = { + uuid: Uuid + name: RoleName +} diff --git a/packages/security/src/Domain/Selection/DeterministicSelector.spec.ts b/packages/security/src/Domain/Selection/DeterministicSelector.spec.ts new file mode 100644 index 000000000..fb039d376 --- /dev/null +++ b/packages/security/src/Domain/Selection/DeterministicSelector.spec.ts @@ -0,0 +1,41 @@ +import { DeterministicSelector } from './DeterministicSelector' + +describe('DeterministicSelector', () => { + const createSelector = () => new DeterministicSelector() + + it('should choose always the same value based on the same input', () => { + const selector = createSelector() + + const inputString = '875a31ce95365904ef0e0a8e6cefc1f5e99adfef81bbdb6d4499eeb10ae0ff67' + + const allowedValues = ['a', 'b', 'c', 'd', 'e'] + + const firstValue = selector.select(inputString, allowedValues) + + const secondValue = selector.select(inputString, allowedValues) + + expect(firstValue).toEqual('d') + + expect(firstValue).toEqual(secondValue) + }) + + it('should choose different values on different input', () => { + const selector = createSelector() + + const allowedValues = ['a', 'b', 'c', 'd', 'e'] + + const firstValue = selector.select( + '875a31ce95365904ef0e0a8e6cefc1f5e99adfef81bbdb6d4499eeb10ae0ff67', + allowedValues, + ) + + const secondValue = selector.select( + 'a75a31ce95365904ef0e0a8e6cefc1f5e99adfef81bbdb6d4499eeb10ae0ff67', + allowedValues, + ) + + expect(firstValue).toEqual('d') + + expect(secondValue).toEqual('e') + }) +}) diff --git a/packages/security/src/Domain/Selection/DeterministicSelector.ts b/packages/security/src/Domain/Selection/DeterministicSelector.ts new file mode 100644 index 000000000..48589f12f --- /dev/null +++ b/packages/security/src/Domain/Selection/DeterministicSelector.ts @@ -0,0 +1,16 @@ +import { SelectorInterface } from './SelectorInterface' + +export class DeterministicSelector implements SelectorInterface { + private readonly CHAR_0_CODE = 48 + + select(inputKey: string, values: T[]): T { + const firstChar = inputKey[0] + const firstCharCode = firstChar.charCodeAt(0) + + const normalizedCode = firstCharCode - this.CHAR_0_CODE + + const index = normalizedCode % values.length + + return values[index] + } +} diff --git a/packages/security/src/Domain/Selection/SelectorInterface.ts b/packages/security/src/Domain/Selection/SelectorInterface.ts new file mode 100644 index 000000000..272c08b62 --- /dev/null +++ b/packages/security/src/Domain/Selection/SelectorInterface.ts @@ -0,0 +1,3 @@ +export interface SelectorInterface { + select(inputKey: string, values: Array): T +} diff --git a/packages/security/src/Domain/Subscription/Subscription.ts b/packages/security/src/Domain/Subscription/Subscription.ts new file mode 100644 index 000000000..c645a3e44 --- /dev/null +++ b/packages/security/src/Domain/Subscription/Subscription.ts @@ -0,0 +1,9 @@ +import { SubscriptionName } from '@standardnotes/common' + +export type Subscription = { + planName: SubscriptionName + endsAt: number + createdAt: number + updatedAt: number + cancelled: boolean +} diff --git a/packages/security/src/Domain/Token/CrossServiceTokenData.ts b/packages/security/src/Domain/Token/CrossServiceTokenData.ts new file mode 100644 index 000000000..660a4d8cb --- /dev/null +++ b/packages/security/src/Domain/Token/CrossServiceTokenData.ts @@ -0,0 +1,23 @@ +import { Uuid } from '@standardnotes/common' + +import { Role } from '../Role/Role' + +export type CrossServiceTokenData = { + user: { + uuid: Uuid + email: string + } + roles: Array + session?: { + uuid: Uuid + api_version: string + created_at: string + updated_at: string + device_info: string + readonly_access: boolean + access_expiration: string + refresh_expiration: string + } + extensionKey?: string + analyticsId?: number +} diff --git a/packages/security/src/Domain/Token/OfflineFeaturesTokenData.ts b/packages/security/src/Domain/Token/OfflineFeaturesTokenData.ts new file mode 100644 index 000000000..6535ade8b --- /dev/null +++ b/packages/security/src/Domain/Token/OfflineFeaturesTokenData.ts @@ -0,0 +1,4 @@ +export type OfflineFeaturesTokenData = { + featuresUrl: string + extensionKey: string +} diff --git a/packages/security/src/Domain/Token/OfflineUserTokenData.ts b/packages/security/src/Domain/Token/OfflineUserTokenData.ts new file mode 100644 index 000000000..f6174f46e --- /dev/null +++ b/packages/security/src/Domain/Token/OfflineUserTokenData.ts @@ -0,0 +1,4 @@ +export type OfflineUserTokenData = { + userEmail: string + featuresToken: string +} diff --git a/packages/security/src/Domain/Token/SessionTokenData.ts b/packages/security/src/Domain/Token/SessionTokenData.ts new file mode 100644 index 000000000..849dc9f64 --- /dev/null +++ b/packages/security/src/Domain/Token/SessionTokenData.ts @@ -0,0 +1 @@ +export type SessionTokenData = Record diff --git a/packages/security/src/Domain/Token/ValetTokenData.ts b/packages/security/src/Domain/Token/ValetTokenData.ts new file mode 100644 index 000000000..95aac189f --- /dev/null +++ b/packages/security/src/Domain/Token/ValetTokenData.ts @@ -0,0 +1,14 @@ +import { Uuid } from '@standardnotes/common' + +export type ValetTokenData = { + userUuid: Uuid + sharedSubscriptionUuid: Uuid | undefined + regularSubscriptionUuid: Uuid + permittedOperation: 'read' | 'write' | 'delete' + permittedResources: Array<{ + remoteIdentifier: string + unencryptedFileSize?: number + }> + uploadBytesUsed: number + uploadBytesLimit: number +} diff --git a/packages/security/src/Domain/index.ts b/packages/security/src/Domain/index.ts new file mode 100644 index 000000000..fb9f3e23d --- /dev/null +++ b/packages/security/src/Domain/index.ts @@ -0,0 +1,13 @@ +export * from './Decoder/TokenDecoder' +export * from './Decoder/TokenDecoderInterface' +export * from './Encoder/TokenEncoder' +export * from './Encoder/TokenEncoderInterface' +export * from './Role/Role' +export * from './Selection/DeterministicSelector' +export * from './Selection/SelectorInterface' +export * from './Subscription/Subscription' +export * from './Token/CrossServiceTokenData' +export * from './Token/OfflineFeaturesTokenData' +export * from './Token/OfflineUserTokenData' +export * from './Token/SessionTokenData' +export * from './Token/ValetTokenData' diff --git a/packages/security/src/index.ts b/packages/security/src/index.ts new file mode 100644 index 000000000..920deacdb --- /dev/null +++ b/packages/security/src/index.ts @@ -0,0 +1 @@ +export * from './Domain' diff --git a/packages/security/tsconfig.json b/packages/security/tsconfig.json new file mode 100644 index 000000000..8d2588d39 --- /dev/null +++ b/packages/security/tsconfig.json @@ -0,0 +1,11 @@ +{ + "extends": "../../tsconfig.json", + "compilerOptions": { + "composite": true, + "outDir": "./dist", + }, + "include": [ + "src/**/*" + ], + "references": [] +} diff --git a/packages/syncing-server/package.json b/packages/syncing-server/package.json index 60c97e0d6..713b7b5f4 100644 --- a/packages/syncing-server/package.json +++ b/packages/syncing-server/package.json @@ -27,7 +27,7 @@ "@newrelic/winston-enricher": "^2.1.0", "@sentry/node": "^7.3.0", "@standardnotes/analytics": "workspace:*", - "@standardnotes/auth": "^3.19.4", + "@standardnotes/security": "workspace:*", "@standardnotes/common": "^1.23.1", "@standardnotes/domain-events": "workspace:*", "@standardnotes/domain-events-infra": "workspace:*", diff --git a/packages/syncing-server/src/Controller/AuthMiddleware.ts b/packages/syncing-server/src/Controller/AuthMiddleware.ts index 5790b6862..67bb528f5 100644 --- a/packages/syncing-server/src/Controller/AuthMiddleware.ts +++ b/packages/syncing-server/src/Controller/AuthMiddleware.ts @@ -2,7 +2,7 @@ import { NextFunction, Request, Response } from 'express' import { inject, injectable } from 'inversify' import { BaseMiddleware } from 'inversify-express-utils' import { verify } from 'jsonwebtoken' -import { CrossServiceTokenData } from '@standardnotes/auth' +import { CrossServiceTokenData } from '@standardnotes/security' import * as winston from 'winston' import TYPES from '../Bootstrap/Types' diff --git a/tsconfig.json b/tsconfig.json index adf59a674..fe8f9e745 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -46,6 +46,9 @@ { "path": "./packages/scheduler" }, + { + "path": "./packages/security" + }, { "path": "./packages/syncing-server" }