diff --git a/apps/armory/src/orchestration/core/type/domain.type.ts b/apps/armory/src/orchestration/core/type/domain.type.ts index 384cea6f0..d1b76578c 100644 --- a/apps/armory/src/orchestration/core/type/domain.type.ts +++ b/apps/armory/src/orchestration/core/type/domain.type.ts @@ -1,11 +1,5 @@ import { Json } from '@narval/nestjs-shared' -import { - Action, - EvaluationMetadata, - JwtString, - SerializedTransactionRequest, - TransactionRequest -} from '@narval/policy-engine-shared' +import { Action, JwtString, SerializedTransactionRequest, TransactionRequest } from '@narval/policy-engine-shared' import { z } from 'zod' export const AuthorizationRequestStatus = { @@ -80,6 +74,12 @@ export const AuthorizationRequestError = z.object({ }) export type AuthorizationRequestError = z.infer +export const AuthorizationRequestMetadata = z.object({ + audience: z.union([z.string(), z.array(z.string())]).optional(), + expiresIn: z.number().optional() +}) +export type AuthorizationRequestMetadata = z.infer + export const AuthorizationRequest = z.object({ approvals: z.array(JwtString), authentication: JwtString, @@ -89,7 +89,7 @@ export const AuthorizationRequest = z.object({ evaluations: z.array(Evaluation), id: z.string(), idempotencyKey: z.string().nullish(), - metadata: EvaluationMetadata.optional(), + metadata: AuthorizationRequestMetadata.optional(), request: Request, status: z.nativeEnum(AuthorizationRequestStatus), updatedAt: z.date() diff --git a/apps/armory/src/orchestration/http/rest/dto/authorization-request.dto.ts b/apps/armory/src/orchestration/http/rest/dto/authorization-request.dto.ts index 90d76ce67..4be8fa4a1 100644 --- a/apps/armory/src/orchestration/http/rest/dto/authorization-request.dto.ts +++ b/apps/armory/src/orchestration/http/rest/dto/authorization-request.dto.ts @@ -5,7 +5,8 @@ export class AuthorizationRequestDto extends createZodDto( AuthorizationRequest.pick({ authentication: true, request: true, - approvals: true, metadata: true + }).extend({ + approvals: AuthorizationRequest.shape.approvals.optional() }) ) {} diff --git a/apps/armory/src/orchestration/http/rest/util.ts b/apps/armory/src/orchestration/http/rest/util.ts index dc3d96332..ec1018188 100644 --- a/apps/armory/src/orchestration/http/rest/util.ts +++ b/apps/armory/src/orchestration/http/rest/util.ts @@ -1,4 +1,3 @@ -import { EvaluationMetadata } from '@narval/policy-engine-shared' import { nowSeconds } from '@narval/signature' import { plainToInstance } from 'class-transformer' import { CreateAuthorizationRequest } from '../../core/type/domain.type' @@ -14,14 +13,16 @@ export const toCreateAuthorizationRequest = ( body: AuthorizationRequestDto ): CreateAuthorizationRequest => { const dto = plainToInstance(AuthorizationRequestDto, body) - const authentication: string = dto.authentication - const approvals: string[] = dto.approvals - const metadata: EvaluationMetadata = { - ...dto.metadata, + const request = body.request + const authentication = dto.authentication + const approvals = dto.approvals || [] + const audience = dto.metadata?.audience + const metadata = { + ...(audience && { audience }), expiresIn: dto.metadata?.expiresIn || TEN_MINUTES, - issuedAt: nowSeconds() + issuedAt: nowSeconds(), + issuer: `${clientId}.armory.narval.xyz` } - const request = body.request return { clientId, diff --git a/apps/devtool/src/app/api/data-store/route.ts b/apps/devtool/src/app/api/data-store/route.ts index 84d4ce9de..899b6bcd1 100644 --- a/apps/devtool/src/app/api/data-store/route.ts +++ b/apps/devtool/src/app/api/data-store/route.ts @@ -1,4 +1,4 @@ -import { EntityStore, FIXTURE, PolicyStore } from '@narval/policy-engine-shared' +import { Entities, EntityStore, FIXTURE, Policy, PolicyStore } from '@narval/policy-engine-shared' import { existsSync } from 'fs' import { JSONFilePreset } from 'lowdb/node' import { NextRequest, NextResponse } from 'next/server' @@ -36,20 +36,20 @@ export const GET = async (req: NextRequest, res: NextResponse) => { } export const POST = async (req: NextRequest, res: NextResponse) => { - const { entity: newEntity, policy: newPolicy } = await req.json() + const body = await req.json() + const signature = body.signature as string + const data = body.data as Entities | Policy[] const db = await JSONFilePreset('./storage.json', { - entity: { signature: '', data: {} }, - policy: { signature: '', data: [] } + entity: { signature: '', data: {} as Entities }, + policy: { signature: '', data: [] as Policy[] } }) - const savedEntity = db.data.entity - const savedPolicy = db.data.policy - - const entity = newEntity ? { ...savedEntity, ...newEntity } : savedEntity - const policy = newPolicy ? { ...savedPolicy, ...newPolicy } : savedPolicy + const newDataStore = !Array.isArray(data) + ? { entity: { signature, data: data as Entities } } + : { policy: { signature, data: data as Policy[] } } - db.data = { entity, policy } + db.data = { ...db.data, ...newDataStore } await db.write() diff --git a/apps/vault/src/client/http/rest/controller/client.controller.ts b/apps/vault/src/client/http/rest/controller/client.controller.ts index 7e06e24b4..b6d3acf4d 100644 --- a/apps/vault/src/client/http/rest/controller/client.controller.ts +++ b/apps/vault/src/client/http/rest/controller/client.controller.ts @@ -25,11 +25,12 @@ export class ClientController { const now = new Date() const engineJwk = body.engineJwk ? publicKeySchema.parse(body.engineJwk) : undefined // Validate the JWK, instead of in DTO const clientId = body.clientId || uuid() + const client = await this.clientService.save({ clientId, engineJwk, audience: body.audience, - issuer: body.issuer || `${clientId}.armory.narval.xyz`, + issuer: body.issuer, maxTokenAge: body.maxTokenAge, allowKeyExport: body.allowKeyExport, backupPublicKey: body.backupPublicKey,