@crowdin/app-project-module/out/middlewares/integration-credentials.js

Module that generates for you all common endpoints for serving standalone Crowdin App

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = handle;
const users_1 = require("../modules/integration/handlers/users");
const storage_1 = require("../storage");
const util_1 = require("../util");
const connection_1 = require("../util/connection");
const integration_access_denied_1 = require("./integration-access-denied");
function handle({ config, integration, optional = false, isLogout = false, }) {
    return (0, util_1.runAsyncWrapper)((req, res, next) => __awaiter(this, void 0, void 0, function* () {
        const isApiCall = req === null || req === void 0 ? void 0 : req.isApiCall;
        req.logInfo(`Loading integration credentials for client ${req.crowdinContext.clientId}`);
        const { integrationCredentials: resolvedIntegrationCredentials, projectIntegrationCredentials, projectId, clientId: resolvedClientId, ownerIds, } = yield (0, connection_1.resolveIntegrationAccess)(req.crowdinContext.clientId);
        let integrationCredentials = resolvedIntegrationCredentials;
        let clientId = resolvedClientId;
        if (integrationCredentials) {
            req.crowdinContext.clientId = clientId;
        }
        let canForceLogout = null;
        const getCanForceLogout = () => __awaiter(this, void 0, void 0, function* () {
            if (canForceLogout === null) {
                canForceLogout = yield isCrowdinProjectManager({
                    req,
                    projectId,
                    memberId: req.crowdinContext.jwtPayload.context.user_id,
                });
            }
            return canForceLogout;
        });
        if (!integrationCredentials && isLogout && projectIntegrationCredentials.length) {
            if (yield getCanForceLogout()) {
                integrationCredentials = projectIntegrationCredentials[0];
                clientId = integrationCredentials.id;
                req.crowdinContext.clientId = clientId;
                req.canForceIntegrationLogout = true;
            }
        }
        if (!integrationCredentials) {
            const owners = yield (0, integration_access_denied_1.getIntegrationManagedBy)({
                ownerIds,
                crowdinApiClient: req.crowdinApiClient,
                clientId: req.crowdinContext.clientId,
            });
            if (optional && !owners.length) {
                return next();
            }
            return (0, integration_access_denied_1.renderIntegrationAccessDenied)({
                req,
                res,
                isApiCall,
                owners,
                debugLabel: 'integration-credentials',
                allowLogout: yield getCanForceLogout(),
            });
        }
        try {
            req.integrationCredentials = yield (0, connection_1.prepareIntegrationCredentials)(config, integration, integrationCredentials);
        }
        catch (e) {
            console.error(e);
            const message = 'Credentials to integration either expired or invalid';
            if (isApiCall) {
                return res.status(401).json({
                    error: {
                        message,
                    },
                });
            }
            else {
                throw new util_1.CodeError(message, 401);
            }
        }
        const integrationConfig = yield (0, storage_1.getStorage)().getIntegrationConfig(clientId);
        if (integrationConfig === null || integrationConfig === void 0 ? void 0 : integrationConfig.config) {
            let integrationSettings = JSON.parse(integrationConfig.config) || {};
            if (integration.normalizeSettings) {
                integrationSettings = yield integration.normalizeSettings({
                    settings: integrationSettings,
                    credentials: req.integrationCredentials,
                    client: req.crowdinApiClient,
                });
            }
            req.integrationSettings = integrationSettings;
        }
        next();
    }));
}
function isCrowdinProjectManager(_a) {
    return __awaiter(this, arguments, void 0, function* ({ req, projectId, memberId, }) {
        try {
            const canManageProject = yield (0, users_1.isManager)({
                client: req.crowdinApiClient,
                projectId,
                memberId,
            });
            return !!canManageProject;
        }
        catch (e) {
            console.warn('Failed to determine project manager role', e);
            return false;
        }
    });
}