@pagopa/io-spid-commons
Version:
Common code for integrating SPID authentication
103 lines (102 loc) • 4.63 kB
TypeScript
/// <reference types="qs" />
import * as express from "express";
import * as T from "fp-ts/lib/Task";
import * as t from "io-ts";
import { SamlConfig } from "passport-saml";
import { RedisClientType, RedisClusterType } from "redis";
import { DoneCallbackT, IExtraLoginRequestParamConfig } from "..";
import { PreValidateResponseT, SpidStrategy, XmlAuthorizeTamperer, XmlTamperer } from "../strategy/spid";
import { IDPEntityDescriptor } from "../types/IDPEntityDescriptor";
import { SamlAttributeT } from "./saml";
interface IServiceProviderOrganization {
readonly URL: string;
readonly displayName: string;
readonly name: string;
}
export declare enum ContactType {
OTHER = "other"
}
export declare enum EntityType {
AGGREGATOR = "spid:aggregator"
}
export declare enum AggregatorType {
PublicServicesFullOperator = "PublicServicesFullOperator"
}
declare const ContactPerson: t.IntersectionC<[t.TypeC<{
company: t.StringC;
contactType: t.LiteralC<ContactType>;
email: import("@pagopa/ts-commons/lib/types").Tagged<import("@pagopa/ts-commons/lib/strings").IEmailStringTag, string, string, unknown>;
entityType: t.LiteralC<EntityType>;
extensions: t.IntersectionC<[t.TypeC<{
aggregatorType: t.LiteralC<AggregatorType>;
}>, t.TypeC<{
FiscalCode: t.StringC;
IPACode: t.StringC;
VATNumber: t.StringC;
}>]>;
}>, t.PartialC<{
phone: t.StringC;
}>]>;
type ContactPerson = t.TypeOf<typeof ContactPerson>;
export interface IServiceProviderConfig {
readonly requiredAttributes: {
readonly attributes: ReadonlyArray<SamlAttributeT>;
readonly name: string;
};
readonly spidCieUrl?: string;
readonly spidCieTestUrl?: string;
readonly spidTestEnvUrl?: string;
readonly spidValidatorUrl?: string;
readonly IDPMetadataUrl: string;
readonly organization: IServiceProviderOrganization;
readonly contacts?: ReadonlyArray<ContactPerson>;
readonly publicCert: string;
readonly strictResponseValidation?: StrictResponseValidationOptions;
}
export type StrictResponseValidationOptions = Record<string, boolean | undefined>;
export interface ISpidStrategyOptions {
readonly idp: {
readonly [key: string]: IDPEntityDescriptor | undefined;
};
readonly sp: SamlConfig & {
readonly attributes: {
readonly attributes: {
readonly attributes: ReadonlyArray<SamlAttributeT>;
readonly name: string;
};
readonly name: string;
};
} & {
readonly organization: IServiceProviderOrganization;
};
}
/**
* This method create a Spid Strategy Options object
* extending the provided SamlOption with the service provider configuration
* and the idps Options
*/
export declare const makeSpidStrategyOptions: (samlConfig: SamlConfig, serviceProviderConfig: IServiceProviderConfig, idpOptionsRecord: Record<string, IDPEntityDescriptor>) => ISpidStrategyOptions;
/**
* Merge strategy configuration with metadata from IDP.
*
* This is used to pass options to the SAML client
* so it can discriminate between the IDP certificates.
*/
export declare const getSpidStrategyOptionsUpdater: (samlConfig: SamlConfig, serviceProviderConfig: IServiceProviderConfig) => () => T.Task<ISpidStrategyOptions>;
/**
* SPID strategy calls getSamlOptions() for every
* SAML request. It extracts the options from a
* shared variable set into the express app.
*/
export declare const getSpidStrategyOption: (app: express.Application) => ISpidStrategyOptions | undefined;
/**
* This method is called to set or update Spid Strategy Options.
* A selective update is performed to replace only new configurations provided,
* keeping the others already stored inside the express app.
*/
export declare const upsertSpidStrategyOption: (app: express.Application, newSpidStrategyOpts: ISpidStrategyOptions) => void;
/**
* SPID strategy factory function.
*/
export declare const makeSpidStrategy: <T extends Record<string, unknown>>(options: ISpidStrategyOptions, getSamlOptions: (req: express.Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, callback: import("passport-saml/multiSamlStrategy").SamlOptionsCallback) => void, redisClient: RedisClientType | RedisClusterType, tamperAuthorizeRequest?: XmlAuthorizeTamperer, tamperMetadata?: XmlTamperer, preValidateResponse?: PreValidateResponseT<T> | undefined, doneCb?: DoneCallbackT<T> | undefined, extraLoginRequestParamConfig?: IExtraLoginRequestParamConfig<T> | undefined) => SpidStrategy<T>;
export {};