UNPKG

@pagopa/io-spid-commons

Version:

Common code for integrating SPID authentication

103 lines (102 loc) 4.63 kB
/// <reference types="qs" /> import * as express from "express"; import * as T from "fp-ts/lib/Task"; import * as t from "io-ts"; import { SamlConfig } from "passport-saml"; import { RedisClientType, RedisClusterType } from "redis"; import { DoneCallbackT, IExtraLoginRequestParamConfig } from ".."; import { PreValidateResponseT, SpidStrategy, XmlAuthorizeTamperer, XmlTamperer } from "../strategy/spid"; import { IDPEntityDescriptor } from "../types/IDPEntityDescriptor"; import { SamlAttributeT } from "./saml"; interface IServiceProviderOrganization { readonly URL: string; readonly displayName: string; readonly name: string; } export declare enum ContactType { OTHER = "other" } export declare enum EntityType { AGGREGATOR = "spid:aggregator" } export declare enum AggregatorType { PublicServicesFullOperator = "PublicServicesFullOperator" } declare const ContactPerson: t.IntersectionC<[t.TypeC<{ company: t.StringC; contactType: t.LiteralC<ContactType>; email: import("@pagopa/ts-commons/lib/types").Tagged<import("@pagopa/ts-commons/lib/strings").IEmailStringTag, string, string, unknown>; entityType: t.LiteralC<EntityType>; extensions: t.IntersectionC<[t.TypeC<{ aggregatorType: t.LiteralC<AggregatorType>; }>, t.TypeC<{ FiscalCode: t.StringC; IPACode: t.StringC; VATNumber: t.StringC; }>]>; }>, t.PartialC<{ phone: t.StringC; }>]>; type ContactPerson = t.TypeOf<typeof ContactPerson>; export interface IServiceProviderConfig { readonly requiredAttributes: { readonly attributes: ReadonlyArray<SamlAttributeT>; readonly name: string; }; readonly spidCieUrl?: string; readonly spidCieTestUrl?: string; readonly spidTestEnvUrl?: string; readonly spidValidatorUrl?: string; readonly IDPMetadataUrl: string; readonly organization: IServiceProviderOrganization; readonly contacts?: ReadonlyArray<ContactPerson>; readonly publicCert: string; readonly strictResponseValidation?: StrictResponseValidationOptions; } export type StrictResponseValidationOptions = Record<string, boolean | undefined>; export interface ISpidStrategyOptions { readonly idp: { readonly [key: string]: IDPEntityDescriptor | undefined; }; readonly sp: SamlConfig & { readonly attributes: { readonly attributes: { readonly attributes: ReadonlyArray<SamlAttributeT>; readonly name: string; }; readonly name: string; }; } & { readonly organization: IServiceProviderOrganization; }; } /** * This method create a Spid Strategy Options object * extending the provided SamlOption with the service provider configuration * and the idps Options */ export declare const makeSpidStrategyOptions: (samlConfig: SamlConfig, serviceProviderConfig: IServiceProviderConfig, idpOptionsRecord: Record<string, IDPEntityDescriptor>) => ISpidStrategyOptions; /** * Merge strategy configuration with metadata from IDP. * * This is used to pass options to the SAML client * so it can discriminate between the IDP certificates. */ export declare const getSpidStrategyOptionsUpdater: (samlConfig: SamlConfig, serviceProviderConfig: IServiceProviderConfig) => () => T.Task<ISpidStrategyOptions>; /** * SPID strategy calls getSamlOptions() for every * SAML request. It extracts the options from a * shared variable set into the express app. */ export declare const getSpidStrategyOption: (app: express.Application) => ISpidStrategyOptions | undefined; /** * This method is called to set or update Spid Strategy Options. * A selective update is performed to replace only new configurations provided, * keeping the others already stored inside the express app. */ export declare const upsertSpidStrategyOption: (app: express.Application, newSpidStrategyOpts: ISpidStrategyOptions) => void; /** * SPID strategy factory function. */ export declare const makeSpidStrategy: <T extends Record<string, unknown>>(options: ISpidStrategyOptions, getSamlOptions: (req: express.Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, callback: import("passport-saml/multiSamlStrategy").SamlOptionsCallback) => void, redisClient: RedisClientType | RedisClusterType, tamperAuthorizeRequest?: XmlAuthorizeTamperer, tamperMetadata?: XmlTamperer, preValidateResponse?: PreValidateResponseT<T> | undefined, doneCb?: DoneCallbackT<T> | undefined, extraLoginRequestParamConfig?: IExtraLoginRequestParamConfig<T> | undefined) => SpidStrategy<T>; export {};