@boostercloud/rocket-auth-aws-infrastructure

import { Stack } from '@aws-cdk/core'; import { UserPool, UserPoolTriggers } from '@aws-cdk/aws-cognito'; import { Resource, CorsOptions } from '@aws-cdk/aws-apigateway'; import { BoosterConfig } from '@boostercloud/framework-types'; export interface AWSAuthRocketParams { passwordPolicy?: { minLength?: number; requireDigits: boolean; requireLowercase: boolean; requireSymbols: boolean; requireUppercase: boolean; }; mode: 'Passwordless' | 'UserPassword'; } declare type TokenVerifier = { issuer: string; jwksUri: string; rolesClaim: string; }; declare type ResourceParams = { params: AWSAuthRocketParams; stack: Stack; config: BoosterConfig; rocketStackPrefixId: string; rootResource?: Resource; userPool?: UserPool; userPoolClientId?: string; defaultCorsPreflightOptions?: CorsOptions; tokenVerifier?: TokenVerifier; }; export declare class AuthStack { static mountStack(params: AWSAuthRocketParams, stack: Stack, config: BoosterConfig): void; static unmountStack?(): void; static rocketArtifactsPrefix(config: BoosterConfig): string; private static createUserPoolAndUserPoolClient; /** * It creates auth challenges only for OTP flow based. More info: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html * The createAuthChallenge will send an SMS to the user using its phone number. * @param resourceParams: current resource params * @returns UserPoolTriggers: define, create and verify triggers) */ static createAuthChallenges(resourceParams: ResourceParams): UserPoolTriggers | undefined; /** * It creates a REST API with all the endpoints needed to support auth flows * @param resourceParams current resource params * @returns RestApi */ private static createAuthResources; /** * It creates /sign-in endpoint * @param resourceParams current resource params * @returns void */ private static createSignInResources; /** * It creates /sign-up, /sign-up/confirm, /sign-up/resend-code endpoints * @param resourceParams current resource params * @returns void */ private static createSignUpResources; /** * It creates /token, /token/refresh, /token/revoke endpoints * @param resourceParams current resource params * @returns void */ private static createTokenResources; /** * It creates /password, /password/forgot, /password/change endpoints * @param resourceParams current resource params * @returns void */ private static createPasswordResources; /** * It creates an integration between the API and a lambda * @param resourceParams current resource params * @param name lambda name * @param resource the entry endpoint which call the lambda * @param handler main lambda function name * @param actions lambda Cognito permissions * @param env lambda environment variables * @returns void */ private static addIntegration; /** * It prints the following Cloud Formation output vars: * AuthApiURL: Base auth entpoint * AuthApiIssuer: Issuer which sign jwt tokens * AuthApiJwksUri: Uri with the public rsa keys to validate signed tokens * AuthUserPoolId: User pool id, useful for integration tests * AuthUserPoolClientId: User pool client id, useful for integration tests * @param resourceParams current resource params */ private static printOutput; /** * Helper to generate a tokenVerifier object based on the generated UserPool and the current Stack * @param resourceParams current resource params * @returns TokenVerifier object, containing the issuer and jwksUri */ private static tokenVerifier; /** * It will setup the issuer and jwksUri in the core lambas where token verification is needed * @param resourceParams current resource params */ private static createEnvVars; /** * It will create all the groups based on roles definitions * @param resourceParams current resource params */ private static createGroups; } export {};