-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathbase.ts
More file actions
279 lines (250 loc) · 9.49 KB
/
base.ts
File metadata and controls
279 lines (250 loc) · 9.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
import axios, { AxiosError, AxiosResponse } from 'axios';
import { Logger } from 'pino';
import { FactsSyncTimeoutPolicy, IPermitConfig } from '../config';
import { APIKeysApi, Configuration } from '../openapi';
import { BASE_PATH } from '../openapi/base';
import { API_ACCESS_LEVELS, ApiContextLevel, ApiKeyLevel, PermitContextError } from './context';
interface FormattedAxiosError<T> {
code?: string;
message: string;
error?: T;
status?: number;
}
export class PermitApiError<T> extends Error {
constructor(message: string, public originalError: AxiosError<T>) {
super(message);
}
public get formattedAxiosError(): FormattedAxiosError<T> {
return {
code: this.originalError.code,
message: this.message,
error: this.originalError.response?.data,
status: this.originalError.status,
};
}
public get request(): any {
return this.originalError.request;
}
public get response(): AxiosResponse<T> | undefined {
return this.originalError.response;
}
}
export interface IPagination {
/**
* the page number to fetch (default: 1)
*/
page?: number;
/**
* how many items to fetch per page (default: 100)
*/
perPage?: number;
}
export interface IBasePaginationExtended {
/**
* the page number to fetch (default: 1)
*/
page?: number;
/**
* how many items to fetch per page (default: 100)
*/
perPage?: number;
/**
* the total number of items
*/
includeTotalCount?: boolean;
}
type IPaginationForceIncludeTotal = IBasePaginationExtended & { includeTotalCount: true };
export type IPaginationExtended = IBasePaginationExtended | IPaginationForceIncludeTotal;
export type ReturnPaginationType<
T extends IPaginationExtended,
Y,
Z,
> = T extends IPaginationForceIncludeTotal ? Y : Z;
export abstract class BasePermitApi {
protected openapiClientConfig: Configuration;
private scopeApi: APIKeysApi;
constructor(protected config: IPermitConfig, protected logger: Logger) {
const version = process.env.npm_package_version ?? 'unknown';
this.openapiClientConfig = new Configuration({
basePath: `${this.config.apiUrl}`,
accessToken: this.config.token,
baseOptions: {
headers: {
'X-Permit-SDK-Version': `node:${version}`,
},
},
});
this.scopeApi = new APIKeysApi(this.openapiClientConfig, BASE_PATH, this.config.axiosInstance);
}
/**
* Sets the API context and permitted access level based on the API key scope.
*/
private async setContextFromApiKey(): Promise<void> {
try {
this.logger.debug('Fetching api key scope');
const response = await this.scopeApi.getApiKeyScope();
if (response.data.organization_id !== undefined && response.data.organization_id !== null) {
this.config.apiContext._saveApiKeyAccessibleScope(
response.data.organization_id,
response.data.project_id,
response.data.environment_id,
);
if (response.data.project_id !== undefined && response.data.project_id !== null) {
if (response.data.environment_id !== undefined && response.data.environment_id !== null) {
// set environment level context
this.logger.debug(`setting: environment-level api context`);
this.config.apiContext.setEnvironmentLevelContext(
response.data.organization_id,
response.data.project_id,
response.data.environment_id,
);
return;
}
// set project level context
this.logger.debug(`setting: project-level api context`);
this.config.apiContext.setProjectLevelContext(
response.data.organization_id,
response.data.project_id,
);
return;
}
// set org level context
this.logger.debug(`setting: organization-level api context`);
this.config.apiContext.setOrganizationLevelContext(response.data.organization_id);
return;
}
throw new PermitContextError('could not set api context level');
} catch (err) {
if (axios.isAxiosError(err)) {
this.logger.error(
`[${err?.response?.status}] permit.api.getApiKeyScope(), err: ${JSON.stringify(
err?.response?.data,
)}`,
);
}
throw new PermitContextError(
'could not fetch the api key scope in order to set the api context level',
);
}
}
/**
* Ensure that the API Key has the necessary permissions to successfully call the API endpoint.
* Note that this check is not foolproof, and the API may still throw 401.
* @param requiredAccessLevel The required API Key Access level for the endpoint.
* @throws PermitContextError If the currently set API key access level does not match the required access level.
*/
public async ensureAccessLevel(requiredAccessLevel: ApiKeyLevel): Promise<void> {
// should only happen once in the lifetime of the SDK
if (
this.config.apiContext.contextLevel === ApiContextLevel.WAIT_FOR_INIT ||
this.config.apiContext.permittedAccessLevel === ApiKeyLevel.WAIT_FOR_INIT
) {
await this.setContextFromApiKey();
}
if (requiredAccessLevel !== this.config.apiContext.permittedAccessLevel) {
if (
API_ACCESS_LEVELS.indexOf(requiredAccessLevel) <
API_ACCESS_LEVELS.indexOf(this.config.apiContext.permittedAccessLevel)
) {
throw new PermitContextError(
`You're trying to use an SDK method that requires an API Key with access level: ${requiredAccessLevel}, ` +
`however the SDK is running with an API key with level ${this.config.apiContext.permittedAccessLevel}.`,
);
}
}
}
/**
* Ensure that the API context matches the required endpoint context.
* @param requiredContext The required API context level for the endpoint.
* @throws PermitContextError If the currently set API context level does not match the required context level.
*/
public async ensureContext(requiredContext: ApiContextLevel): Promise<void> {
// should only happen once in the lifetime of the SDK
if (
this.config.apiContext.contextLevel === ApiContextLevel.WAIT_FOR_INIT ||
this.config.apiContext.permittedAccessLevel === ApiKeyLevel.WAIT_FOR_INIT
) {
await this.setContextFromApiKey();
}
if (
this.config.apiContext.contextLevel < requiredContext ||
this.config.apiContext.contextLevel === ApiContextLevel.WAIT_FOR_INIT
) {
throw new PermitContextError(
`You're trying to use an SDK method that requires an API context of ${ApiContextLevel[requiredContext]}, ` +
`however the SDK is running in a less specific context level: ${
ApiContextLevel[this.config.apiContext.contextLevel]
}.`,
);
}
}
protected handleApiError(err: unknown): never {
if (axios.isAxiosError(err)) {
// this is an http response with an error status code
const logMessage = `Got error status code: ${err.response?.status}, err: ${JSON.stringify(
err?.response?.data,
)}`;
const apiMessage = err.response?.data.message;
// log this to the SDK logger
this.logger.error(logMessage);
// and throw a permit error exception
throw new PermitApiError(apiMessage, err);
} else {
// unexpected error, just throw
throw err;
}
}
}
export interface IWaitForSync {
/**
* Wait for the facts to be synchronized with the PDP. Available only when `proxyFactsViaPdp` is set to `true`.
* @param timeout - The maximum number of seconds to wait for the synchronization to complete.
* Set to null to wait indefinitely.
* @param policy - Controls what happens when the timeout is reached during synchronization.
* - 'ignore': Respond immediately when data update did not apply within the timeout period
* - 'fail': Respond with 424 status code when data update did not apply within the timeout period
*/
waitForSync(timeout: number | null, policy?: FactsSyncTimeoutPolicy): this;
}
export abstract class BaseFactsPermitAPI extends BasePermitApi implements IWaitForSync {
constructor(protected config: IPermitConfig, protected logger: Logger) {
super(config, logger);
if (config.proxyFactsViaPdp) {
this.openapiClientConfig = new Configuration({
basePath: `${this.config.pdp}`,
accessToken: this.config.token,
baseOptions: {
headers: {
...this.openapiClientConfig.baseOptions.headers,
...(this.config.factsSyncTimeout !== null && {
'X-Wait-Timeout': this.config.factsSyncTimeout.toString(),
}),
...(this.config.factsSyncTimeoutPolicy && {
'X-Timeout-Policy': this.config.factsSyncTimeoutPolicy,
}),
},
},
});
}
}
protected clone(): this {
return new (this.constructor as any)(this.config, this.logger);
}
public waitForSync(timeout: number | null, policy?: FactsSyncTimeoutPolicy): this {
if (this.config.proxyFactsViaPdp) {
const clone = this.clone();
clone.openapiClientConfig.baseOptions.headers['X-Wait-Timeout'] =
timeout === null ? '' : timeout.toString();
const timeoutPolicy = policy || this.config.factsSyncTimeoutPolicy;
if (timeoutPolicy) {
clone.openapiClientConfig.baseOptions.headers['X-Timeout-Policy'] = timeoutPolicy;
}
return clone;
} else {
this.logger.warn(
"Attempted to wait for sync, but 'proxyFactsViaPdp' is not enabled. Ignoring.",
);
return this;
}
}
}