UNPKG

@allma/core-sdk

Version:

Core SDK with shared utilities (logging, auth, S3 utils) for building on the Allma serverless AI orchestration platform.

docs.allma.dev

ALLMA-dev/allma-core

55 lines 2.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
import type { APIGatewayProxyEventV2WithJWTAuthorizer } from 'aws-lambda'; import { AdminPermission, AdminRole } from '@allma/core-types'; export declare const ADMIN_COGNITO_GROUP_NAME = "Admins"; export declare const CUSTOM_ADMIN_ROLES_ATTRIBUTE = "custom:admin_roles"; export interface AuthContext { userId: string; username: string; cognitoGroups: string[]; adminPermissions: { roles: AdminRole[]; permissions: AdminPermission[]; }; isAuthenticated: boolean; isSuperAdmin: boolean; hasPermission: (permission: AdminPermission) => boolean; } /** * Options for configuring authentication behavior. */ export interface AuthOptions { /** * The name of the Cognito group that a user must be a member of. * @default 'Admins' */ requiredGroup?: string; /** * The name of the custom attribute in the JWT that contains user roles and permissions. * @default 'custom:admin_roles' */ customRolesAttribute?: string; } /** * Extracts and validates authentication and authorization information from an API Gateway event. * This function is now a pure context extractor and does not enforce group membership. * * @param event The APIGatewayProxyEventV2. * @param correlationId Optional correlation ID for logging. * @param options Optional configuration for the custom roles attribute. * @returns An AuthContext object. * @throws Error if unauthorized (e.g., missing claims). */ export declare function getAuthContext(event: APIGatewayProxyEventV2WithJWTAuthorizer, correlationId?: string, options?: { customRolesAttribute?: string; }): AuthContext; /** * Higher-order function to wrap Lambda handlers with authentication and authorization. * This middleware enforces membership in a specified Cognito group and provides an * AuthContext for granular permission checks within the handler. * * @param handler The original Lambda handler function, now receiving an `AuthContext` object. * @param options Optional configuration to specify the required group and custom roles attribute. * @returns A new Lambda handler function compatible with API Gateway. */ export declare function withAdminAuth(handler: (event: APIGatewayProxyEventV2WithJWTAuthorizer, authContext: AuthContext) => Promise<any>, options?: AuthOptions): (event: APIGatewayProxyEventV2WithJWTAuthorizer) => Promise<any>; //# sourceMappingURL=authUtils.d.ts.map